Support #537
Updated by Daniel Curtis about 9 years ago
{{>toc}}
One of the core services of the Internet is email, and as such I needed to setup a mail server for one of my projects. Rather than setting up postfix, dovecot, spamassassin, etc. by hand, I found the useful open source project iRedMail. Unfortunately, this project currently is not in the port tree, however the install script uses the ports tree to install each of the necessary packages. This guide uses a FreeBSD 9.2 jail created using FreeNAS, so it should work on a bare metal setup as well; also this guide assumes that SSH has been enabled and a separate user used to run administrative commands has been created.
h2. Update the system
* Login as root:
<pre>
su -
</pre>
* Update the ports tree
<pre>
portsnap fetch extract
</pre>
* Install portmaster
<pre>
cd /usr/ports/ports-mgmt/portmaster
make install clean
</pre>
* Upgrade the base system
<pre>
portmaster -a
</pre>
* Check the current hostname:
<pre>
hostname -f
</pre>
#* The output should look similar to the following:
<pre>
mx.example.com
</pre>
On FreeBSD, hostname is set in two files: *@/etc/rc.conf@*, *@/etc/hosts@*.
* Add or modify the /etc/rc.conf file:
<pre>
hostname="mx.example.com"
</pre>
* Add or modify the /etc/hosts file:
<pre>
127.0.0.1 mx.example.com mx localhost localhost.localdomain
</pre>
---
h2. Install iRedMail
* Install bash
<pre>
portmaster shells/bash
</pre>
* Fetch and extract the iRedMail stable installer:
<pre>
cd
fetch https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.0.tar.bz2
tar xjf iRedMail-0.9.0.tar.bz2
cd iRedMail-0.9.0
</pre>
* Run the iRedMail Installer:
<pre>
bash iRedMail.sh
</pre>
h3. Configure iRedMail
The install process will pull in all the required packages during installation. Since each mail server is a little different, my setup uses the following parameters:
* Default mail storage path: */var/vmail*
* Default web server: *nginx*
* Preferred backend used to store mail accounts: *MariaDB*
* First virtual domain name: *example.com*
* Optional components:
#* DKIM signing/verification
#* iRedAdmin
#* Roundcubemail
#* phpMyAdmin
#* Awstats
When the installation finishes, all the login information and URLs will be placed in the *iRedMail.tips* file.
---
h2. Securing iRedMail with SSL/TLS
The default location for the self-signed certificate is in @/etc/ssl/certs/iRedMail.crt@ and the key is in @/etc/ssl/private/iRedMail.key@; I am going to change these to @/usr/local/etc/ssl/mx.example.com.crt@ and @/usr/local/etc/ssl/mx.example.com.key@, respectively.
* First, generate a nice strong SSL key and CSR:
<pre>
cd /usr/local/etc/ssl
openssl req -sha512 -out mx.example.com.csr -new -newkey rsa:4096 -nodes -keyout mx.example.com.key
</pre>
* When the SSL certificate is signed, copy it securely to /usr/local/etc/ssl/
* Now locate every file with *iRedMail.key* and replace the configuration parameter with the path of the newly created SSL key
grep -R "iRedMail.key" /usr/local/etc
*# */usr/local/etc/nginx/conf.d/default.conf*: ssl_certificate_key /etc/ssl/private/iRedMail.key;
*# */usr/local/etc/postfix/main.cf*: smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
*# */usr/local/etc/apache24/extra/httpd-ssl.conf*: SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
*# */usr/local/etc/dovecot/dovecot.conf*: ssl_key = </etc/ssl/private/iRedMail.key
* Next locate every file with *iRedMail.crt*
*# */usr/local/etc/nginx/conf.d/default.conf*: ssl_certificate /etc/ssl/certs/iRedMail.crt;
*# */usr/local/etc/postfix/main.cf*: smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
*# */usr/local/etc/postfix/main.cf*: smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
*# */usr/local/etc/apache24/extra/httpd-ssl.conf*: SSLCertificateFile /etc/ssl/certs/iRedMail.crt
*# */usr/local/etc/dovecot/dovecot.conf*: ssl_cert = </etc/ssl/certs/iRedMail.crt
*NOTE*: To use an intermediate CA certificate nginx requires all SSL certificate be attached all in a single file. This can be done by running:
<pre>
cat mx.example.com.crt ca.cert.example.com.crt > mx.example.com.bundle.crt
</pre>
---
h2. Install Getmail
* Install getmail
<pre>
portmaster mail/getmail
</pre>
h3. Configuring Getmail
* Unlock the vmail user
<pre>
chsh -s /bin/sh vmail
</pre>
* Switch to the vmail user
<pre>
su - vmail
</pre>
* Set up the getmail configuration
<pre>
cd
mkdir .getmail
cp /usr/local/share/examples/getmail/getmailrc-examples .getmail/getmailrc
</pre>
* Edit the getmailrc file:
<pre>
vi .getmail/getmailrc
</pre>
#* For user john, with an email address of john@example.com, email user name john, a password of 1234, and an ISP whose pop server name is pop.example.com, we would like our getmailrc to look like this.
<pre>
[options]
verbose = 0
read_all = false
delete = false
[retriever]
type = SimplePOP3Retriever
server = pop.example.com
username = john
password = 1234
[destination]
type = MDA_external
path = /usr/local/libexec/dovecot/deliver
arguments = ("-e", "-f", "%(sender)", "-d", "john@example.com")
</pre>
h3. Testing Getmail
* To test getmail simply type at a command prompt
<pre>
getmail -v
</pre>
If all is set up successfully, you should see it polling your pop server and retrieving your mail.
h3. Automate Automating Getmail
* Of course, it's really easy Unlike fetchmail, getmail doesn't have a daemon option, so if you want it to script this for poll your server at regular intervals, you will have to add a large number of rc-* files. Create crontab entry. The man 5 crontab page explains things rather clearly, but a script:
<pre>
vi /usr/local/bin/run-getmail.sh
</pre>
#* And add the following containing:
<pre>
#!/bin/sh
set -e
cd /var/vmail
rcfiles=""
for file in `ls /var/vmail/.getmail/*.getmailrc` ; do
rcfiles="$rcfiles --rcfile $file"
done
exec /usr/local/bin/getmail $rcfiles $@
</pre> quick example.
* Make the script executable: On most systems, a user can edit his own crontab. So as user john you would do
<pre>
chmod +x /usr/local/bin/run-getmail.sh
</pre>
* Edit the vmail crontab:
<pre>
su - vmail
crontab -e
</pre>
#* And add the following to run the run-getmail.sh script every 2 minutes.
<pre>
*/2 * * * * /usr/local/bin/run-getmail /usr/local/bin/getmail
</pre>
#* This will run getmail every 2 minutes.
h2. Resources
* http://www.iredmail.org/docs/install.iredmail.on.freebsd.html
* http://www.iredmail.org/download.html
* https://bitbucket.org/zhb/iredmail