Install/iRedMail/FreeBSD/Jail

From iRedMail

[h]Chapter 0: Before You start[/h] [b]Our specification[/b] Domain: Mail.example.com Network Interface (which is connected to internet): em0 Host IP (public IP): 188.256.256.256 Jail IP (private IP): 192.168.1.1 OS: FreeBSD 8.1 Ports tree from: 10-11-2010

[b]What You must know about jail?[/b] Before install read FreeBSD Handbook and Wiki: [url]http://www.freebsd.org/doc/handbook/jails.html[/url] [url]http://en.wikipedia.org/wiki/FreeBSD_jail[/url]

[b]System requirement[/b] 1. pf (firewall) compiled in kernel. If You haven't pf then add this lines to Your kernel configuration: [code]device pf options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build[/code]

More about kernel configration, building and installation You can read here: [url]http://www.freebsd.org/doc/handbook/kernelconfig-building.html[/url] 2. Installed ezjail. 3. Created jail enviroment, read this tutorial: [url]http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail[/url] Don't forget enter correct jail IP (192.168.1.1) and correct hostname (mail.example.com) on creating jail.

[h]Chapter 1: Setup network[/h] 1. We start from settings network on host (not jail), edit rc.conf with command: [code]ee /etc/rc.conf[/code]

2. Add lines which You haven't in rc.conf [code]# Network Interface settings ifconfig_em0="inet 188.256.256.256 netmask 255.255.255.0" # Main host - connect to Internet ifconfig_em0_alias0="inet 192.168.1.1 netmask 255.255.255.255" # Our Jail for iRedMail ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line. ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line.

gateway_enable="YES"

1. Enabling services ezjail and pf on system start

ezjail_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf"[/code] Lines: [code]ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line. ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line.[/code] Are don't needed if You haven't two or three jails. You can comment or delete this lines.

3. Reboot machine or enter this command: [code]# ifconfig em0 inet 192.168.1.1 alias[/code]

4. Check settings with command: [code]ifconfig[/code]

Results: [code]em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

       options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
       ether 00:25:90:12:37:a0
       inet 188.256.256.256 netmask 0xffffff00 broadcast 188.256.256.255
       inet 192.168.1.1 netmask 0xffffffff broadcast 192.168.1.1
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active

em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500

       options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
       ether 00:25:90:12:37:a1
       media: Ethernet autoselect
       status: no carrier

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384

       options=3<RXCSUM,TXCSUM>
       inet 127.0.0.1 netmask 0xff000000[/code]

5. Setup pf rules. If You haven't /etc/pf.conf file then create file with command: [code]touch /etc/pf.conf[/code]

And now edit pf.conf file: [code]ee /etc/pf.conf[/code]

6. Add this lines to Your pf.conf: [code]# Ports forwarding. Uncomment services which You will be using. rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.1 port 80 # Apache (Roundcube, phpMyAdmin, PostfixAdmin) rdr pass on em0 proto tcp from any to em0 port 443 -> 192.168.1.1 port 443 # Apache SSL (Roundcube, phpMyAdmin, PostfixAdmin) rdr pass on em0 proto tcp from any to em0 port 25 -> 192.168.1.1 port 25 # SMTP rdr pass on em0 proto tcp from any to em0 port 587 -> 192.168.1.1 port 587 # SMTP SSL, Submission rdr pass on em0 proto tcp from any to em0 port 110 -> 192.168.1.1 port 110 # POP3 rdr pass on em0 proto tcp from any to em0 port 995 -> 192.168.1.1 port 995 # POP3 SSL

1. rdr pass on em0 proto tcp from any to em0 port 143 -> 192.168.1.1 port 143 # IMAP
2. rdr pass on em0 proto tcp from any to em0 port 993 -> 192.168.1.1 port 993 # IMAP SSL

1. NAT

nat on em0 from 192.168.1.0/24 to any -> 188.256.256.256[/code]

7. Start/restart pf with command: [code]/etc/rc.d/pf restart[/code]

8. Edit jail's rc.conf file with command: [code]ee /path/to/your/jail/etc/rc.conf[/code] Path to Your jail You added on jail install with ezjail.

9. You must make some changes in jail's rc.conf file: [code]# Network settings defaultrouter="188.256.256.256" early_late_divider="NETWORKING" ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.255 alias" hostname="mail.example.com"[/code]

10. Restart iRedMail jail with command: [code]/usr/local/etc/rc.d/ezjail restart mail.example.com[/code]

11. Make some test of network connection. In first step You must connect to jail. Check jails installed on Your machine with command: [code]jls[/code] Results: [code]JID IP Address Hostname Path

    2  192.168.1.1     mail.example.com         /home/jails/mail.example.com
    3  192.168.1.3     dupa.com           /home/jails/dupa.com
    6  192.168.1.2     duza-dupa.com                /home/jails/duza-dupa.com[/code]

iRedMail jail have JID 2, so we run command: [code]jexec 2 csh[/code]

12. Test connection on jail with pinging host FreeBSD.org and IP adress of this host (if DNS don't working) with commands: [code]ping 69.147.83.40[/code] Results: [code]PING 69.147.83.40 (69.147.83.40): 56 data bytes 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=151.446 ms 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=148.320 ms 64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=148.181 ms

--- 69.147.83.40 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 148.181/149.316/151.446/1.507 ms[/code]

Network is working. Now we check our DNS with command: [code]ping freebsd.org[/code]

Results: [code]PING freebsd.org (69.147.83.40): 56 data bytes 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=150.721 ms 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=149.631 ms 64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=152.862 ms

--- freebsd.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 149.631/151.071/152.862/1.342 ms[/code]

All is working. Now we quit from jail with command: [code]exit[/code] Results: [code]mail# exit exit

1. [/code]

If all is okay You can go to next chapter, if don't then setup Your network correctly.

[h]Chapter 2: Installing iRedMail in jail.[/h]

1. List, and enter to correct jail with commands: [code]jls[/code] Results: [code]JID IP Address Hostname Path

    2  192.168.1.1     mail.example.com         /home/jails/mail.example.com
    3  192.168.1.3     dupa.com           /home/jails/dupa.com
    6  192.168.1.2     duza-dupa.com                /home/jails/duza-dupa.com[/code]

iRedMail jail have JID 2, so we run command: [code]jexec 2 csh[/code]

Result: [code]mail#[/code]

2. Install bash shell with command: [code]cd /usr/ports/shells/bash && make install clean[/code] Run bash with command: [code]/usr/local/bin/bash[/code]

3. Download and unpack iRedMail (enter link to current stable version) with command: [code]cd /root && fetch http://iredmail.googlecode.com/files/iRedMail-0.6.1.tar.bz2 && tar zxvf iRedMail-0.6.1.tar.bz2[/code]

4. Start installation script, with command: [code]cd iRedMail-0.6.1/pkgs/ && bash get_all.sh && cd .. && bash iRedMail.sh[/code]

5. Congurate and install iRedMail with tutorial: [url]http://code.google.com/p/iredmail/wiki/Installation_on_FreeBSD[/url]

I had some errors on compilation postfix26 on FreeBSD 8.1: [code][src/util] cc -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" -DDEF_COMMAND_DIR=\"/usr/local/sbin\" -DDEF_SENDMAIL_PATH=\"/usr/local/sbin/sendmail\" -DDEF_NEWALIAS_PATH=\"/usr/local/bin/newaliases\" -DDEF_MAILQ_PATH=\"/usr/local/bin/mailq\" -DDEF_MANPAGE_DIR=\"/usr/local/man\" -DDEF_README_DIR=\"/usr/local/share/doc/postfix\" -DDEF_HTML_DIR=\"/usr/local/share/doc/postfix\" -DDEF_QUEUE_DIR=\"/var/spool/postfix\" -DDEF_DATA_DIR=\"/var/db/postfix\" -DDEF_MAIL_OWNER=\"postfix\" -DDEF_SGID_GROUP=\"maildrop\" -DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS -I/usr/include -I/usr/local/include/db46 -DHAS_MYSQL -I/usr/local/include/mysql -DHAS_LDAP -I/usr/local/include -DHAS_CDB -I/usr/local/include NO -O2 -fno-strict-aliasing -pipe -DLDAP_DEPRECATED -I. -DFREEBSD8 -c alldig.c cc: NO: No such file or directory

• • • Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/src/util.

• • • Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7.

• • • Error code 1

Stop in /basejail/usr/ports/mail/postfix26.

• • • Error code 1

Stop in /basejail/usr/ports/mail/postfix26.[/code]

But it's easy to fix, run command: [code]cd /usr/ports/mail/postfix26 && make clean && make install clean - ===> Installing for postfix-2.6.7,1 ===> postfix-2.6.7,1 depends on executable: dovecot - found ===> postfix-2.6.7,1 depends on shared library: pcre.0 - found ===> postfix-2.6.7,1 depends on shared library: ldap-2.4.7 - found ===> postfix-2.6.7,1 depends on shared library: mysqlclient.15 - found ===> postfix-2.6.7,1 depends on shared library: db-4.6.0 - found ===> Generating temporary packing list ===> Checking if mail/postfix26 already installed Added group "postfix". Added group "maildrop". Added user "postfix". You need user "postfix" added to group "mail". Would you like me to add it [y]?[/code]

Enter "y" key on keyboard and wait for next question:

[code]- install -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/rmail/rmail /usr/local/bin/rmail install -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/qshape/qshape.pl /usr/local/bin/qshape install -o root -g wheel -m 444 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/man/man1/qshape.1 /usr/local/man/man1 Would you like to activate Postfix in /etc/mail/mailer.conf [n]?[/code]

Enter "y" key on keyboard and wait for finish installation of postfix. Next step is edit .iRedMail.installation.status file with command: [code]ee /root/iRedMail-0.6.1/.iRedMail.installation.status[/code]

Add below line at end of file [code]export status_install_port_mailpostfix26='DONE'[/code]

Start installation script again: [code]bash /root/iRedMail-0.6.1/iRedMail.sh[/code]

6. When installation is finished don't start postfix: [code]*************************************************************************

• iRedMail-0.6.1 installation and configuration complete.

< Question > Would you like to start postfix now? [y|N][/code]

Enter "n" key on Your keyboard.

7. Edit apache22/Includes/phpmyadmin.conf file with command: [code]ee /usr/local/apache22/Includes/phpmyadmin.conf[/code]

Uncomment lines: [code]Alias /phpmyadmin "/usr/local/www/phpMyAdmin" Alias /mysql "/usr/local/www/phpMyAdmin"[/code]

8. Start apache22 and mysql-server with commands: [code]/usr/local/etc/rc.d/apache22 start[/code] [code]/usr/local/etc/rc.d/mysql-server start[/code]

9. Open phpMyAdmin in web browser with url: [url]http://mail.example.com/mysql[/url] and log in.

10. Go to MySQL Permissions (I haven't eng version I dont know how its called) and add IP 192.168.1.1 to user 'vmail'.

11. Edit postfix26/master.cf file with command: [code]ee /usr/local/etc/postfix26/master.cf[/code]

Change one line for jail ip: [code] -o mynetworks=192.168.1.1[/code]

12. Edit amavisd.conf with command: [code]ee /usr/local/etc/amavisd.conf [/code]

Add this line: [code]@inet_acl = qw( 192.168.1.1 );[/code]

13. If You want using awstats edit awstats.conf: [code]ee /usr/local/etc/apache22/Includes/awstats.conf[/code]

You must make some changes (installation script have errors) on first lines: [code]#

1. File generated by iRedMail (2010.11.09.12.00.01):
3. Version: 0.6.1
4. Project: [url]http://www.iredmail.org/[/url]
6. Community: [url]http://www.iredmail.org/forum/[/url]

1. Note: Please refer to /usr/local/etc/apache22/extra/httpd-ssl.conf for SSL/TLS setting.

Alias /awstatsicons /usr/local/www/awstats/icons/ Alias /css /usr/local/www/awstats/css/ Alias /js /usr/local/www/awstats/js/ ScriptAlias /awstats /usr/local/www/awstats/cgi-bin/awstats.pl <Directory /usr/local/www/awstats/cgi-bin/>

   DirectoryIndex awstats.pl
   Options ExecCGI
   order deny,allow
   allow from all
   #allow from 127.0.0.1

   AuthName "Authorization Required"
   AuthType Basic[/code]

Now go to web browser: [url]http://mail.example.com/awstats,[/url] it's should be working.

[h]Chapter 3: Moving iRedMail to jail.[/h] First Install iRedMail as Chapter 1 and 2. Next step - update only this what You need.

[b]What You must update?[/b] 1. Copy old vmail dir to new vmail dir in JAIL 2. Check permission in vmail dir (/var/mail for me) [code]ls -l /var/vmail/ total 4 drwx------ 4 vmail vmail 512 Nov 12 22:18 sieve drwx------ 10 vmail vmail 512 Nov 9 16:06 vmail1[/code] If You haven't owner vmail:vmail then setup this with command: [code]# chown -R vmail:vmail /var/vmail[/code]

3. Export from older MySQL tables in vmail database and import to newer. If You changing dir of vmail run this command in phpMyAdmin: [code]UPDATE mailbox SET storagebasedirectory='/var/vmail' WHERE storagebasedirectory='/home/vmail';[/code] /var/vmail - my new vmail dir /home/vmail - my old vmail dir

[h]Disclaimer[/h] Don't public this article on other pages than iredmail without agree of me please :) Its beta version of tutorial, if You found errors please write this on forum or edit on wiki.