Project

General

Profile

Support #537

Install a Mail Server With iRedMail 0.9.0 on FreeBSD

Added by Daniel Curtis about 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Mail Server
Target version:
Start date:
11/12/2014
Due date:
% Done:

100%

Estimated time:
3.00 h
Spent time:

Description

One of the core services of the Internet is email, and as such I needed to setup a mail server for one of my projects. Rather than setting up postfix, dovecot, spamassassin, etc. by hand, I found the useful open source project iRedMail. Unfortunately, this project currently is not in the port tree, however the install script uses the ports tree to install each of the necessary packages. This guide uses a FreeBSD 9.2 jail created using FreeNAS, so it should work on a bare metal setup as well; also this guide assumes that SSH has been enabled and a separate user used to run administrative commands has been created.

Update the system

  • Login as root:
    su -
    
  • Update the ports tree
    portsnap fetch extract
    
  • Install portmaster
    pkg install portmaster
    
  • Upgrade the base system
    pkg update && pkg upgrade
    
  • Check the current hostname:
    hostname -f
    
    • The output should look similar to the following:
      mx.example.com
      

On FreeBSD, hostname is set in two files: /etc/rc.conf, /etc/hosts.

  • Add or modify the /etc/rc.conf file:
    hostname="mx.example.com" 
    
  • Add or modify the /etc/hosts file:
    127.0.0.1   mx.example.com mx localhost localhost.localdomain
    

Install iRedMail

  • Install bash
    pkg install shells/bash
    
  • Fetch and extract the iRedMail stable installer:
    cd
    fetch https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.0.tar.bz2
    tar xjf iRedMail-0.9.0.tar.bz2
    cd iRedMail-0.9.0
    
  • Run the iRedMail Installer:
    bash iRedMail.sh
    

Configure iRedMail

The install process will pull in all the required packages during installation. Since each mail server is a little different, my setup uses the following parameters:
  • Default mail storage path: /var/vmail
  • Default web server: nginx
  • Preferred backend used to store mail accounts: MariaDB
  • First virtual domain name: example.com
  • Optional components:
    • DKIM signing/verification
    • iRedAdmin
    • Roundcubemail
    • phpMyAdmin
    • Awstats

When the installation finishes, all the login information and URLs will be placed in the iRedMail.tips file.


Securing iRedMail with SSL/TLS

The default location for the self-signed certificate is in /etc/ssl/certs/iRedMail.crt and the key is in /etc/ssl/private/iRedMail.key; I am going to change these to /usr/local/etc/ssl/mx.example.com.crt and /usr/local/etc/ssl/mx.example.com.key, respectively.

  • Start by create a dhparam file:
    cd /usr/local/etc/ssl
    openssl openssl dhparam -out dhparams.pem 2048
    
  • Next, generate a nice strong SSL key and CSR:
    openssl req -sha512 -out mx.example.com.csr -new -newkey rsa:4096 -nodes -keyout mx.example.com.key
    
  • When the SSL certificate is signed, copy it securely to /usr/local/etc/ssl/mx.example.com.crt
  • Edit the default nginx server block config:
    vi /usr/local/etc/nginx/conf.d/default.conf
    
    • And change the ssl_certificate_key, ssl_certificate, and ssl_dhparam paths:
      ssl_certificate_key /usr/local/etc/ssl/mx.example.com.key
      ssl_certificate /usr/local/etc/ssl/mx.example.com.crt
      ssl_dhparam /usr/local/etc/ssl/dhparams.pem;
      
  • Edit the main postfix config:
    vi /usr/local/etc/postfix/main.cf
    
    • And change the smtpd_tls_key_file, smtpd_tls_cert_file, smtpd_tls_CAfile, and smtpd_tls_dh1024_param_file paths:
      smtpd_tls_key_file = /usr/local/etc/ssl/mx.example.com.key
      smtpd_tls_cert_file = /usr/local/etc/ssl/mx.example.com.crt
      smtpd_tls_CAfile = /usr/local/etc/ssl/mx.example.com.crt
      smtpd_tls_dh1024_param_file = /usr/local/etc/ssl/dhparams.pem
      
  • Edit the dovecot config:
    vi /usr/local/etc/dovecot/dovecot.conf
    
    • And change the paths:
      ssl_cert = </usr/local/etc/ssl/mx.example.com.crt
      ssl_key = </usr/local/etc/ssl/mx.example.com.key
      

NOTE: To use an intermediate CA certificate nginx requires all SSL certificate be attached all in a single file. This can be done by running:

cat mx.example.com.crt ca.cert.bundle.pem > mx.example.com.bundle.crt


Install Getmail

  • Install getmail
    pkg install mail/getmail
    

Configuring Getmail

  • Unlock the vmail user
    chsh -s /bin/sh vmail
    
  • Switch to the vmail user
    su - vmail
    
  • Set up the getmail configuration
    cd
    mkdir .getmail
    cp /usr/local/share/examples/getmail/getmailrc-examples .getmail/getmailrc
    
  • Edit the getmailrc file:
    vi .getmail/getmailrc
    
    • For user john, with an email address of , email user name john, a password of 1234, and an ISP whose pop server name is pop.example.com, we would like our getmailrc to look like this.
      [options]
      verbose = 0
      read_all = false
      delete = false 
      
      [retriever]
      type = SimplePOP3Retriever
      server = pop.example.com
      username = john
      password = 1234
      
      [destination]
      type = MDA_external
      path = /usr/local/libexec/dovecot/deliver
      arguments = ("-e", "-f", "%(sender)", "-d", "john@example.com")
      

Testing Getmail

  • To test getmail simply type at a command prompt
    getmail -v
    

If all is set up successfully, you should see it polling your pop server and retrieving your mail.

Automate Getmail

  • Of course, it's really easy to script this for a large number of rc-* files. Create a script:
    vi /usr/local/bin/run-getmail.sh
    
    • And add the following containing:
      #!/bin/sh
      set -e
      cd /var/vmail
      rcfiles="" 
      for file in `ls /var/vmail/.getmail/*.getmailrc` ; do
        rcfiles="$rcfiles --rcfile $file" 
      done
      exec /usr/local/bin/getmail $rcfiles $@
      
  • Make the script executable:
    chmod +x /usr/local/bin/run-getmail.sh
    
  • Edit the vmail crontab:
    su - vmail
    crontab -e
    
    • And add the following to run the run-getmail.sh script every 2 minutes.
      */2 * * * * /usr/local/bin/run-getmail.sh
      

Resources


Files

iRedMail-0.8.7.tar.bz2 (110 KB) iRedMail-0.8.7.tar.bz2 iRedMail Installer Daniel Curtis, 11/12/2014 11:52 AM

Related issues

Copied from FreeBSD Administration - Support #474: Installing iRedMail 0.8.7 Mail Server on FreeBSDClosedDaniel Curtis11/12/2014

Actions
Copied to FreeBSD Administration - Support #776: Install a Mail Server With iRedMail 0.9.5 on FreeBSDClosedDaniel Curtis11/12/2014

Actions
#1

Updated by Daniel Curtis about 9 years ago

  • Copied from Support #474: Installing iRedMail 0.8.7 Mail Server on FreeBSD added
#2

Updated by Daniel Curtis about 9 years ago

  • Description updated (diff)
#3

Updated by Daniel Curtis about 9 years ago

  • % Done changed from 10 to 80
#4

Updated by Daniel Curtis about 9 years ago

  • Status changed from New to Resolved
#5

Updated by Daniel Curtis about 9 years ago

  • Description updated (diff)
  • % Done changed from 80 to 100
#6

Updated by Daniel Curtis about 9 years ago

  • Status changed from Resolved to Closed
#7

Updated by Daniel Curtis about 9 years ago

  • Subject changed from Installing iRedMail 0.9.0 Mail Server on FreeBSD 9.2 to Installing iRedMail 0.9.0 Mail Server on FreeBSD
  • Target version set to FreeBSD 9
#8

Updated by Daniel Curtis about 9 years ago

  • Category set to Mail Server
#9

Updated by Daniel Curtis about 9 years ago

  • Description updated (diff)
#10

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
#11

Updated by Daniel Curtis almost 9 years ago

  • Subject changed from Installing iRedMail 0.9.0 Mail Server on FreeBSD to Install a Mail Server With iRedMail 0.9.0 on FreeBSD
  • Description updated (diff)
#12

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
#13

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#14

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#15

Updated by Daniel Curtis about 8 years ago

  • Copied to Support #776: Install a Mail Server With iRedMail 0.9.5 on FreeBSD added

Also available in: Atom PDF