This project uses iRedMail-0.9.0 (as on 02/2015) with:
- iRedAdmin-0.4.1
- iRedAPD-1.4.4
- roundcubemail-1.0.4
Image builds with:
- Debian Wheezy
- OpenLDAP
- Apache
- Roundcube
- SOGo
- MySQL
You have to edit files/config.example file:
- Rename files/config.example to files/config
- Replace "example.com" with your domain (lines marked with "!")
- Replace "password_pm", "password_ldap", "password_db" with postmaster password, ldap manager password, DBA password (lines marked with "!!")*
- Replace "password_random" with line from
date | sha256sum | base64 | head -c 30 ; echo(lines marked with "!!!") - Remove all "!" signs from file
* - It is strongly recommended to use random passwords
You have to edit files/hostname.example and files/uname.example files by changing hostnames in them and renaming files (removing .example from their names).
You have to edit Dockerfile.example:
- Rename Dockerfile.example to Dockerfile
- Replace hostname and passwords near TODO comments with yours
You can add initial mail users to OpenLDAP:
- Rename mail_users.csv.example to mail_users.csv
- Fill this file with data (see below)
- For passwords please use
date | sha256sum | base64 | head -c 8 ; echo
CSV file format:
domain name, username, password, [common name], [quota_in_bytes], [groups]Example:
iredmail.org, zhang, plain_password, Zhang Huangbin, 104857600, group1:group2
iredmail.org, zhang, plain_password, Zhang Huangbin, ,
iredmail.org, zhang, plain_password, , 104857600, group1:group2Note:
- Domain name, username and password are REQUIRED, others are optional:
- common name.
- It will be the same as username if it's empty.
- Non-ascii character is allowed in this field, they will be
encoded automaticly. Such as Chinese, Korea, Japanese, etc.- quota. It will be 0 (unlimited quota) if it's empty.
- groups.
- valid group name ([email protected]): hr
- incorrect group name: [email protected]
- Do NOT include domain name in group name, it will be
appended automaticly.- Multiple groups must be seperated by colon.
- Leading and trailing Space will be ignored.
You can add mail lists by placing your *.ldif files
into files/ldifs directory and naming them like 10_any_name.ldif.
Moreover, you can place there any *.ldif you like naming it 30_name.ldif.
To prepare your ldif files read corresponding iRedMail docs.
You can copy any necessary tools to files/tools directory to be added to image.
File sources.list.ru contains sources list for Russia, you could replace it with more adequate fro your region.
To build image, run:
sudo docker build -t cema/iredmail:latest .To run image use command:
sudo docker run -d -P -h mail.example.com \
-v /opt/containers/iredmail/backups/:/backups \
--name iredmail cema/iredmail:latest /sbin/init 2Where /opt/containers/iredmail/backups/ is backups path in which containers /var/vmail/ directory copied.
To run image with docker-compose you have to modify docker-compose.yml.example file:
- Rename file to docker-compose.yml
- Replace image name if you have changed it
- Replace hostname and domainname in file
After all run sudo docker-compose up -d
After starting up container:
-
Set up DNS records (A, MX, SPF and DKIM) (see docs).
To get DKIM use:sudo docker exec docker_mailserver_1 amavisd-new showkeys
To check it use:
```bash
sudo docker exec docker_mailserver_1 amavisd-new testkeys
```
-
(Optional) if you use jwilder/nginx-proxy, copy container certs with commands:
sudo docker cp docker_mailserver_1:/etc/ssl/certs/iRedMail.crt \ /opt/docker/mail-server/certs/ sudo docker cp docker_mailserver_1:/etc/ssl/private/iRedMail.key \ /opt/docker/mail-server/certs/ sudo mv /opt/docker/mail-server/certs/{iRedMail,mx.example.com}.crt sudo mv /opt/docker/mail-server/certs/{iRedMail,mx.example.com}.key
Enter container:
sudo docker exec -it iredmail /bin/bashCheck Manager password
ldapwhoami -x -D 'cn=Manager,dc=example,dc=com' -W
Check added domains
ldapsearch -D 'cn=Manager,dc=example,dc=com' -b 'o=domains,dc=example,dc=com' -W
See users of domain
ldapsearch -D 'cn=Manager,dc=example,dc=com' \
-b 'ou=Users,domainName=example.com,o=domains,dc=example,dc=com' -WCheck user password
ldapsearch -D '[email protected],ou=Users,\
domainName=example.com,o=domains,dc=example,dc=com' \
-b 'ou=Users,domainName=example.com,o=domains,dc=example,dc=com' -WCheck LDAP
curl ldap://0.0.0.0:49258 -v
or
curl -u uid=postmaster:password \
ldap://0.0.0.0:49258/ou=Users,domainName=example.com,\
o=domains,dc=example,dc=com -vCheck SMTP
curl smtp://0.0.0.0:49251 --ssl -k \
-u [email protected]:password
-v --mail-rcpt "[email protected]" --anyauthEnter container:
sudo docker exec -it iredmail /bin/bashThen use tail -f -n30 /var/log/logfilename to read logfilename.
Run:
sudo docker cp iredmail:/var/vmail/* /opt/containers/iredmail/backups/
Create SSHA password (w/o slap utils)
#!/bin/sh
# http://wiki.nginx.org/Faq#How_do_I_generate_an_htpasswd_file_without_having_Apache_tools_installed.3F
PASSWORD=$1;
SALT="$(openssl rand -base64 3)"
SHA1=$(printf "$PASSWORD$SALT" | openssl dgst -binary -sha1 | sed 's#$#'"$SALT"'#' | base64);
printf "{SSHA}$SHA1\n"Create SSHA password (w slap utils)
slappasswd -s passphraseCreate SSHA password (w iRedMail tools)
python /opt/itools/generate_password_hash.py SSHA passphraseEncrypt/Decrypt iRedMail.tips file
echo 'passphrase' | openssl enc \
-in /opt/iredmail/iRedMail.tips \
-out /opt/iRedMail.tips.enc \
-e -aes256 -pass stdin
echo 'passphrase' | openssl enc \
-in /opt/iRedMail.tips.enc \
-out /opt/iRedMail.tips \
-d -aes256 -pass stdin