1. 项目介绍
项目网站:iRedMail – Free, Open Source Mail Server Solution
iRedMail是一个集成了邮件服务器、管理控制面板和备份工具的开源软件。通过项目提供的脚本工具,可以快速部署多个开源组件。项目提供免费版本的web管理界面,可以对用户和域名做基本管理。如需在web界面上进行更多管理操作,则需要付费购买iRedAdmin-Pro。
项目涉及的套件如下:
参考:Major open source software used in iRedMail
| 名称 | 说明 |
| Postfix | 提供MTA服务 |
| Dovecot | 提供POP3、IMAP等服务 |
| Nginx | 提供WEB服务 |
| OpenLDAP | 提供目录服务,主要用于用户账号存储(可选) |
| MySQL, MariaDB, PostgreSQL | 提供数据库服务,用于存储程序数据。也可以用来存储用户账号数据。 |
| mlmmj | 提供邮件列表管理。iRedMail-0.9.8 及之后版本支持。 |
| Amavisd-new | Postfix与Clamav、SpamAssassin之间的桥梁。简单理解由该模块调用Clamav和SpamAssassin进行反病毒、反垃圾检查。 |
| SpamAssassin | 提供基于内容的反垃圾过滤。 |
| ClamAV | 提供病毒扫描。 |
| Roundcube webmail | 提供WebMail,基于PHP开发。 |
| SOGo Groupware | 一组提供CalDAV、CardDAV、ActiveSync服务的套件。 |
| Fail2ban | 基于日志扫描并对IP进行阻止的工具。简单理解可以用来防止暴力破解密码攻击。 |
| iRedAPD | 由iRedMail团队开发的Postfix策略管理软件 |
2. 准备工作
参考:Install iRedMail on Red Hat Enterprise Linux, CentOS
2.1 注意事项
- iRedMail被设计为部署在全新服务器系统上,该系统没有安装与邮件相关的组件, 例如 MySQL、OpenLDAP、Postfix、Dovecot、Amavisd等。iRedMail 将安装并自动为您配置它们。否则,它可能会覆盖您的现有文件/配置,尽管它会备份文件之前修改,它可能无法按预期工作。
- 低流量生产邮件服务器启用垃圾邮件/病毒扫描至少需要4GB内存。
- 确保操作系统上3个UID/GID未被其他用户/组使用:2000、2001、2002。
2.2 操作系统基本配置
提示:本文操作系统以 Rocky Linux 9.4 为例。
# 主机名设置
(1)设置主机名FQDN(fully qualified domain name):
hostnamectl hostname mail.mailabc.cn
(2)修改/etc/hosts,将上面设置的主机名添加到解析列表
127.0.0.1 mail.mailabc.cn localhost
(3)确认主机名修改正确,如果没有生效则可能需要重启操作系统。
hostname -f
# selinux配置
# vi /etc/selinux/config
SELINUX=disabled
上述配置需要重启操作系统生效。
# YUM源配置
Rocky Linux9默认提供的yum源已启用appstream,使用默认配置即可。
额外安装EPEL yum源:
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
2.3 下载安装包
# 下载
wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.6.8.tar.gz
最新版请前往官网主页下载:https://www.iredmail.org/download.html
3. 安装iRedMail
3.1 解压缩安装包
tar -zxvf iRedMail-1.6.8.tar.gz cd iRedMail-1.6.8
3.2 执行安装
执行命令:
sh iRedMail.sh
根据下面提示界面进行配置:
下一步,设置邮件存储目录:
下一步,设置web服务器:
下一步,选择后台数据库,这里我使用的是MariaDB:
下一步,设置数据库root用户密码:
下一步,设置邮箱域名,注意不是主机名,这里以mailabc.cn为例:
下一步,设置postmaster管理员密码,该账号可以登录webmail和IRedAdmin管理后台:
下一步,选择需要安装的套件。SOGo慎重选择,需要额外配置yum源,并且下载很慢,如果确有需要,可以考虑通过其他手段先把安装包下载到本地:
汇总上面的选择信息:
输入y继续,下面即开始进行安装包的下载和校验。此时,上面所作的配置选择会被保存到iRedMail-1.6.8/config文件中,如果此时中断安装,下次重新执行安装脚本则会直接跳过上述的选择向导。
后续将下载软件包,首先下载的是下面5个安装包(注意:这是1.6.8版本所需的软件包,其他版本可能略有不同),下载目录位置为iRedMail-1.6.8/pkgs/misc:
iRedAdmin-2.5.tar.gz mlmmjadmin-3.1.9.tar.gz iRedAPD-5.3.3.tar.gz netdata-v1.44.1.gz.run roundcubemail-1.6.5-complete.tar.gz
如果下载很慢,可以通过其他手段到这里下载:https://dl.iredmail.org/yum/misc/
如果选择了安装SOGo,下载也会非常慢,需要另行处理。
3.3 安装后注意事项
安装完成后,查看iRedMail-1.6.8/iRedMail.tips 该文件,这里记录了如下信息:
- URLs、基于Web的应用程序的用户名和密码。
- 邮件服务相关软件配置文件的位置。
- 其他一些重要和敏感的信息。
这里给出一份示例:
Admin of domain mailabc.cn:
* Account: postmaster@mailabc.cn
* Password: admin123
You can login to iRedAdmin with this account, login name is full email address.
First mail user:
* Username: postmaster@mailabc.cn
* Password: admin123
* SMTP/IMAP auth type: login
* Connection security: STARTTLS or SSL/TLS
You can login to webmail with this account, login name is full email address.
* Enabled services: rsyslog firewalld postfix mariadb nginx php-fpm dovecot clamd@amavisd amavisd clamav-freshclam fail2ban crond
SSL cert keys (size: 4096):
- /etc/pki/tls/certs/iRedMail.crt
- /etc/pki/tls/private/iRedMail.key
Mail Storage:
- Mailboxes: /var/vmail/vmail1
- Mailbox indexes:
- Global sieve filters: /var/vmail/sieve
- Backup scripts and backup copies: /var/vmail/backup
MySQL:
* Root user: root, Password: "admin@123" (without quotes)
* Bind account (read-only):
- Username: vmail, Password: m69iWEZlS2H5BTmd3Vp4v5VbSBtFiesp
* Vmail admin account (read-write):
- Username: vmailadmin, Password: qyIHTj6ntVi4qMDu3ha44wRRi4H9bTcK
* Config file: /etc/my.cnf
* RC script: /etc/init.d/mariadb
Virtual Users:
- /root/iRedMail-1.6.8/samples/iredmail/iredmail.mysql
- /root/iRedMail-1.6.8/runtime/*.sql
Backup MySQL database:
* Script: /var/vmail/backup/backup_mysql.sh
* See also:
# crontab -l -u root
Postfix:
* Configuration files:
- /etc/postfix
- /etc/postfix/aliases
- /etc/postfix/main.cf
- /etc/postfix/master.cf
* SQL/LDAP lookup config files:
- /etc/postfix/mysql
Dovecot:
* Configuration files:
- /etc/dovecot/dovecot.conf
- /etc/dovecot/dovecot-ldap.conf (For OpenLDAP backend)
- /etc/dovecot/dovecot-mysql.conf (For MySQL backend)
- /etc/dovecot/dovecot-pgsql.conf (For PostgreSQL backend)
- /etc/dovecot/dovecot-used-quota.conf (For real-time quota usage)
- /etc/dovecot/dovecot-share-folder.conf (For IMAP sharing folder)
* Syslog config file:
- /etc/rsyslog.d/1-iredmail-dovecot.conf (present if rsyslog >= 8.x)
* RC script: /etc/init.d/dovecot
* Log files:
- /var/log/dovecot/dovecot.log
- /var/log/dovecot/sieve.log
- /var/log/dovecot/lmtp.log
- /var/log/dovecot/lda.log (present if rsyslog >= 8.x)
- /var/log/dovecot/imap.log (present if rsyslog >= 8.x)
- /var/log/dovecot/pop3.log (present if rsyslog >= 8.x)
- /var/log/dovecot/sieve.log (present if rsyslog >= 8.x)
* See also:
- /var/vmail/sieve/dovecot.sieve
- Logrotate config file: /etc/logrotate.d/dovecot
Nginx:
* Configuration files:
- /etc/nginx/nginx.conf
- /etc/nginx/sites-available/00-default.conf
- /etc/nginx/sites-available/00-default-ssl.conf
* Directories:
- /etc/nginx
- /var/www/html
* See also:
- /var/www/html/index.html
php-fpm:
* Configuration files: /etc/php-fpm.d/www.conf
PHP:
* PHP config file for Nginx:
* Disabled functions: posix_uname,eval,pcntl_wexitstatus,posix_getpwuid,xmlrpc_entity_decode,pcntl_wifstopped,pcntl_wifexited,pcntl_wifsignaled,phpAds_XmlRpc,pcntl_strerror,ftp_exec,pcntl_wtermsig,mysql_pconnect,proc_nice,pcntl_sigtimedwait,posix_kill,pcntl_sigprocmask,fput,phpinfo,system,phpAds_remoteInfo,ftp_login,inject_code,posix_mkfifo,highlight_file,escapeshellcmd,show_source,pcntl_wifcontinued,fp,pcntl_alarm,pcntl_wait,ini_alter,posix_setpgid,parse_ini_file,ftp_raw,pcntl_waitpid,pcntl_getpriority,ftp_connect,pcntl_signal_dispatch,pcntl_wstopsig,ini_restore,ftp_put,passthru,proc_terminate,posix_setsid,pcntl_signal,pcntl_setpriority,phpAds_xmlrpcEncode,pcntl_exec,ftp_nb_fput,ftp_get,phpAds_xmlrpcDecode,pcntl_sigwaitinfo,shell_exec,pcntl_get_last_error,ftp_rawlist,pcntl_fork,posix_setuid
ClamAV:
* Configuration files:
- /etc/clamd.d/amavisd.conf
- /etc/freshclam.conf
- /etc/logrotate.d/clamav
* RC scripts:
+ /etc/init.d/clamd@amavisd
+ /etc/init.d/freshclamd
Amavisd-new:
* Configuration files:
- /etc/amavisd/amavisd.conf
- /etc/postfix/master.cf
- /etc/postfix/main.cf
* RC script:
- /etc/init.d/amavisd
* SQL Database:
- Database name: amavisd
- Database user: amavisd
- Database password: nm5GQ4NcNERpMPfOGtmYkRyGS1ptTQpc
DNS record for DKIM support:
; key#1 2048 bits, s=dkim, d=mailabc.cn, /var/lib/dkim/mailabc.cn.pem
dkim._domainkey.mailabc.cn. 3600 TXT (
"v=DKIM1; p="
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqDwKcOUovXQab1htrjk"
"46yt9lqtYOyqgf0rPviw/X2MSVyDh12WlGe3hSLTgavdeyvUB5T7QPJ+WlvNoO8S"
"B7QGCJnty3zIgxPKZKpVfelWTFa2vubv+vV0Xqc/wfSWIi2qBDv92alCPYtzCsGc"
"B/kIYHJrN6rZKyo1m5DlVHSt6EqdbBbWFUIzJN8vsgd/EbpoPOCSyOdqJHdwFN/j"
"W5s8SbDDUPCkn28t/Fyumy6h5hri5qsK9rwSOsT09h5yCfOM9keyB5fGggg0aGtO"
"GPjHqXZHjx6Fgu/jXtU/ggrH6fCcjtnJcYFNQU2F+tI8QabUNeVjkj8bq2eiWV50"
"JQIDAQAB")
SpamAssassin:
* Configuration files and rules:
- /etc/mail/spamassassin
- /etc/mail/spamassassin/local.cf
iRedAPD - Postfix Policy Server:
* Version: 5.3.3
* Listen address: 127.0.0.1, port: 7777
* SQL database account:
- Database name: iredapd
- Username: iredapd
- Password: NiMXyBOQn83zV6mvxhqAOBQw363CyGeI
* Configuration file:
- /opt/iredapd/settings.py
* Related files:
- /opt/iRedAPD-5.3.3
- /opt/iredapd (symbol link to /opt/iRedAPD-5.3.3
iRedAdmin - official web-based admin panel:
* Version: 2.5
* Root directory: /opt/www/iRedAdmin-2.5
* Config file: /opt/www/iRedAdmin-2.5/settings.py
* Web access:
- URL: https://mail.mailabc.cn/iredadmin/
- Username: postmaster@mailabc.cn
- Password: admin123
* SQL database:
- Database name: iredadmin
- Username: iredadmin
- Password: OYagG9UkBRble5lK2FE5y79cFqNDUJ4U
Roundcube webmail: /opt/www/roundcubemail-1.6.5
* Config file: /opt/www/roundcubemail-1.6.5/config
* Web access:
- URL: http://mail.mailabc.cn/mail/ (will be redirected to https:// site)
- URL: https://mail.mailabc.cn/mail/ (secure connection)
- Username: postmaster@mailabc.cn
- Password: admin123
* SQL database account:
- Database name: roundcubemail
- Username: roundcube
- Password: f4xKyFgYVbL5B9gXiF66NkBqIUbmEWoV
* Cron job:
- Command: "crontab -l -u root"
netdata (monitor):
- Config files:
- All config files: /opt/netdata/etc/netdata
- Main config file: /opt/netdata/etc/netdata/netdata.conf
- Modified modular config files:
- /opt/netdata/etc/netdata/go.d
- /opt/netdata/etc/netdata/python.d
- HTTP auth file (if you need a new account to access netdata, please
update this file with command like 'htpasswd' or edit manually):
- /etc/nginx/netdata.users
- Log directory: /opt/netdata/var/log/netdata
- SQL:
- Username: netdata
- Password: SaWFClrRLUdzAbEOXjd3kdeEzRsSNOQZ
- NOTE: No database required by netdata.
Admin of domain mailabc.cn:
* Account: postmaster@mailabc.cn
* Password: admin123
You can login to iRedAdmin with this account, login name is full email address.
First mail user:
* Username: postmaster@mailabc.cn
* Password: admin123
* SMTP/IMAP auth type: login
* Connection security: STARTTLS or SSL/TLS
You can login to webmail with this account, login name is full email address.
至此,部署工作结束。后续我们再探讨这套系统的具体使用方法。
未标注来源的文章均为原创作品,版权所有,转载请注明出处。非原创文章均已标注来源,如有侵权请告知。
如您喜欢本站,可以收藏加关注(扫码关注右上角微信公众号mailabc)。