Project

General

Profile

Support #537

Install a Mail Server With iRedMail 0.9.0 on FreeBSD

Added by Daniel Curtis almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Mail Server
Target version:
FreeBSD 9
Start date:
11/12/2014
Due date:
% Done:

100%

Estimated time:
3.00 h
Spent time:
7.00 h

Description

One of the core services of the Internet is email, and as such I needed to setup a mail server for one of my projects. Rather than setting up postfix, dovecot, spamassassin, etc. by hand, I found the useful open source project iRedMail. Unfortunately, this project currently is not in the port tree, however the install script uses the ports tree to install each of the necessary packages. This guide uses a FreeBSD 9.2 jail created using FreeNAS, so it should work on a bare metal setup as well; also this guide assumes that SSH has been enabled and a separate user used to run administrative commands has been created.

Update the system

  • Login as root:
    su -
  • Update the ports tree
    portsnap fetch extract
  • Install portmaster
    pkg install portmaster
  • Upgrade the base system
    pkg update && pkg upgrade
  • Check the current hostname:
    hostname -f
    • The output should look similar to the following:
      mx.example.com

On FreeBSD, hostname is set in two files: /etc/rc.conf, /etc/hosts.

  • Add or modify the /etc/rc.conf file:
    hostname="mx.example.com"
  • Add or modify the /etc/hosts file:
    127.0.0.1   mx.example.com mx localhost localhost.localdomain

Install iRedMail

  • Install bash
    pkg install shells/bash
  • Fetch and extract the iRedMail stable installer:
    cd
fetch https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.0.tar.bz2
tar xjf iRedMail-0.9.0.tar.bz2
cd iRedMail-0.9.0
  • Run the iRedMail Installer:
    bash iRedMail.sh

Configure iRedMail

The install process will pull in all the required packages during installation. Since each mail server is a little different, my setup uses the following parameters:
  • Default mail storage path: /var/vmail
  • Default web server: nginx
  • Preferred backend used to store mail accounts: MariaDB
  • First virtual domain name: example.com
  • Optional components:
    • DKIM signing/verification
    • iRedAdmin
    • Roundcubemail
    • phpMyAdmin
    • Awstats

When the installation finishes, all the login information and URLs will be placed in the iRedMail.tips file.

Securing iRedMail with SSL/TLS

The default location for the self-signed certificate is in /etc/ssl/certs/iRedMail.crt and the key is in /etc/ssl/private/iRedMail.key; I am going to change these to /usr/local/etc/ssl/mx.example.com.crt and /usr/local/etc/ssl/mx.example.com.key, respectively.

  • Start by create a dhparam file:
    cd /usr/local/etc/ssl
openssl openssl dhparam -out dhparams.pem 2048
  • Next, generate a nice strong SSL key and CSR:
    openssl req -sha512 -out mx.example.com.csr -new -newkey rsa:4096 -nodes -keyout mx.example.com.key
  • When the SSL certificate is signed, copy it securely to /usr/local/etc/ssl/mx.example.com.crt
  • Edit the default nginx server block config:
    vi /usr/local/etc/nginx/conf.d/default.conf
    • And change the ssl_certificate_key, ssl_certificate, and ssl_dhparam paths:
      ssl_certificate_key /usr/local/etc/ssl/mx.example.com.key
ssl_certificate /usr/local/etc/ssl/mx.example.com.crt
ssl_dhparam /usr/local/etc/ssl/dhparams.pem;
  • Edit the main postfix config:
    vi /usr/local/etc/postfix/main.cf
    • And change the smtpd_tls_key_file, smtpd_tls_cert_file, smtpd_tls_CAfile, and smtpd_tls_dh1024_param_file paths:
      smtpd_tls_key_file = /usr/local/etc/ssl/mx.example.com.key
smtpd_tls_cert_file = /usr/local/etc/ssl/mx.example.com.crt
smtpd_tls_CAfile = /usr/local/etc/ssl/mx.example.com.crt
smtpd_tls_dh1024_param_file = /usr/local/etc/ssl/dhparams.pem
  • Edit the dovecot config:
    vi /usr/local/etc/dovecot/dovecot.conf
    • And change the paths:
      ssl_cert = </usr/local/etc/ssl/mx.example.com.crt
ssl_key = </usr/local/etc/ssl/mx.example.com.key

NOTE: To use an intermediate CA certificate nginx requires all SSL certificate be attached all in a single file. This can be done by running:

cat mx.example.com.crt ca.cert.bundle.pem > mx.example.com.bundle.crt

Install Getmail

  • Install getmail
    pkg install mail/getmail

Configuring Getmail

  • Unlock the vmail user
    chsh -s /bin/sh vmail
  • Switch to the vmail user
    su - vmail
  • Set up the getmail configuration
    cd
mkdir .getmail
cp /usr/local/share/examples/getmail/getmailrc-examples .getmail/getmailrc
  • Edit the getmailrc file:
    vi .getmail/getmailrc
    • For user john, with an email address of , email user name john, a password of 1234, and an ISP whose pop server name is pop.example.com, we would like our getmailrc to look like this.
      [options]
verbose = 0
read_all = false
delete = false 

[retriever]
type = SimplePOP3Retriever
server = pop.example.com
username = john
password = 1234

[destination]
type = MDA_external
path = /usr/local/libexec/dovecot/deliver
arguments = ("-e", "-f", "%(sender)", "-d", "john@example.com")

Testing Getmail

  • To test getmail simply type at a command prompt
    getmail -v

If all is set up successfully, you should see it polling your pop server and retrieving your mail.

Automate Getmail

  • Of course, it's really easy to script this for a large number of rc-* files. Create a script:
    vi /usr/local/bin/run-getmail.sh
    • And add the following containing:
      #!/bin/sh
set -e
cd /var/vmail
rcfiles="" 
for file in `ls /var/vmail/.getmail/*.getmailrc` ; do
  rcfiles="$rcfiles --rcfile $file" 
done
exec /usr/local/bin/getmail $rcfiles $@
  • Make the script executable:
    chmod +x /usr/local/bin/run-getmail.sh
  • Edit the vmail crontab:
    su - vmail
crontab -e
    • And add the following to run the run-getmail.sh script every 2 minutes.
      */2 * * * * /usr/local/bin/run-getmail.sh

Resources

Files

iRedMail-0.8.7.tar.bz2 (110 KB) iRedMail-0.8.7.tar.bz2 iRedMail Installer Daniel Curtis, 11/12/2014 11:52 AM

Related issues

Copied from FreeBSD Administration - Support #474: Installing iRedMail 0.8.7 Mail Server on FreeBSDClosedDaniel Curtis11/12/2014

Actions
Copied to FreeBSD Administration - Support #776: Install a Mail Server With iRedMail 0.9.5 on FreeBSDClosedDaniel Curtis11/12/2014

Actions
#1

Updated by Daniel Curtis almost 10 years ago

  • Copied from Support #474: Installing iRedMail 0.8.7 Mail Server on FreeBSD added
#2

Updated by Daniel Curtis almost 10 years ago

  • Description updated (diff)
#3

Updated by Daniel Curtis almost 10 years ago

  • % Done changed from 10 to 80
#4

Updated by Daniel Curtis almost 10 years ago

  • Status changed from New to Resolved
#5

Updated by Daniel Curtis almost 10 years ago

  • Description updated (diff)
  • % Done changed from 80 to 100
#6

Updated by Daniel Curtis almost 10 years ago

  • Status changed from Resolved to Closed
#7

Updated by Daniel Curtis almost 10 years ago

  • Subject changed from Installing iRedMail 0.9.0 Mail Server on FreeBSD 9.2 to Installing iRedMail 0.9.0 Mail Server on FreeBSD
  • Target version set to FreeBSD 9
#8

Updated by Daniel Curtis almost 10 years ago

  • Category set to Mail Server
#9

Updated by Daniel Curtis almost 10 years ago

  • Description updated (diff)
#10

Updated by Daniel Curtis over 9 years ago

  • Description updated (diff)
#11

Updated by Daniel Curtis over 9 years ago

  • Subject changed from Installing iRedMail 0.9.0 Mail Server on FreeBSD to Install a Mail Server With iRedMail 0.9.0 on FreeBSD
  • Description updated (diff)
#12

Updated by Daniel Curtis over 9 years ago

  • Description updated (diff)
#13

Updated by Daniel Curtis about 9 years ago

  • Description updated (diff)
#14

Updated by Daniel Curtis about 9 years ago

  • Description updated (diff)
#15

Updated by Daniel Curtis almost 9 years ago

  • Copied to Support #776: Install a Mail Server With iRedMail 0.9.5 on FreeBSD added

Also available in: Atom PDF