Vyacheslav Gapon – personal blog, manuals, articles, notes, development
Suppose we have a signed SSL certificate, or we will receive it from Let’s Encrypt, as I described in this article:
Installing Certbot in Ubuntu
To install an SSL certificate for iRedMail, you need to specify it in the Dovecot, Postfix and Apache2 configuration.
Continue reading “Install SSL Certificate for iRedMail”Installed iRedMail on Ubuntu Server in February 2016 and noticed an error when trying to send a message via Roundcube:
SMTP error (451): Unable to add recipient “Email” (4.3.5 Server configuration problem)
I checked if iredapd is running:
telnet localhost 7777
It turned out that it was not running because the response from telnet was displayed:
Unable to connect to remote host: Connection refused
Tried to run:
sudo /etc/init.d/iredapd start
To which he received the answer:
ImportError: No module named ldap
I installed the module with the command:
sudo apt-get install python-ldap
Execute the commands:
sudo -i
cd /opt/iredapd/
find . -name '*pyc' | xargs rm -f {}
Now restart the service:
sudo service iredapd restart
Done, there is no error.
On the test I will use Zabbix 3.0.3 and iRedMail 0.9.4 installed in Ubuntu Server 14.04.4 LTS.
First, in the Zabbix panel, activate the action by opening the tab “Configuration” – “Actions” and activate “Report problems to Zabbix administrators“. In it I also, to see the names of the hosts, changed both topics of the letter with:
{TRIGGER.STATUS}: {TRIGGER.NAME}
on
{TRIGGER.STATUS}: {HOST.NAME1} {TRIGGER.NAME}
In Zabbix, the email notification method was initially added, but depending on the settings of the mail server it can work or not work. You can find it by going to Zabbix under the administrator and opening the tab “Administration” – “Media types” – “Email“.
When configuring with iRedMail, I specified the following parameters:
Name: Email
Type: Email
SMTP server: mail.example.com
SMTP server port: 25
SMTP helo: example.com
SMTP email: user@example.com
Connection security: STARTTLS
Checkboxes for “SSL verify peer” and “SSL verify host” did not put
Authentication: Username and password
Username: user@example.com
Password: PASSWORD
check for “Enabled”
If the mail server is in the same system as the Zabbix server, you can try to configure both the above, but where “Connection security” and “Authentication” select “None”.
Also in the user profile, in the tab “Media” need to add:
Type: Email
Send to: mail for notifications
When active: time when it is allowed to be alerted
Use if severity: what importance of notification to send
check for “Enabled”
Done.
To allow the sending of messages on the mail server without encryption via port 25, you need to open the Postfix configuration file, for example, in the nano editor (in which Ctrl+X to exit, y/n to save or cancel changes):
sudo nano /etc/postfix/main.cf
And uncomment two lines:
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous
And leave the commented line:
#smtpd_tls_auth_only=yes
Reload Postfix to apply the changes:
sudo service postfix restart
After that it will be possible to send messages via SMTP through port 25 without SSL, and as usual through 587 with SSL.
See also:
Allow insecure connections to POP3 / IMAP iRedMail
Here are examples of viewing and working with iRedAdmin white and black lists.
Switch to the root user:
sudo -i
Let’s go to the directory with the script and execute it without options to see a brief help:
cd /opt/iredapd/tools/ python wblist_admin.py
To add the sender to the white list or black list, execute the following commands:
python wblist_admin.py --add --whitelist 192.168.25.2 info@example.com @test.com @.abc.com python wblist_admin.py --add --blacklist 192.168.25.2 info@example.com @test.com @.abc.com
Example of deletion:
python wblist_admin.py --delete --whitelist 192.168.25.2
Adding a sender to the white or black list for a particular domain or user:
python wblist_admin.py --account mydomain.com --add --whitelist 192.168.25.2 python wblist_admin.py --account user@mydomain.com --add --blacklist 192.168.25.2
For outgoing messages:
python wblist_admin.py --outbound --account mydomain.com --add --whitelist 192.168.25.2
Commands for viewing lists:
python wblist_admin.py --list --whitelist python wblist_admin.py --list --blacklist python wblist_admin.py --account mydomain.com --list --whitelist python wblist_admin.py --account user@mydomain.com --list --blacklist
In the iRedAdmin-Pro version, lists can be managed via the web interface.
See also:
Troubleshooting “Recipient address rejected: Intentional policy rejection, please try again later”
Here is an example of removing iRedMail.
On the test, delete the installed iRedMail 0.9.7 with Ubuntu Server 16.04 using the uninstall script – clear_iredmail.
Let’s go to the tools directory of the iRedMail installer, save the script in it, in my case it’s:
cd /root/iRedMail-0.9.7/tools/ wget https://ixnfo.com/wp-content/uploads/2017/08/clear_iredmail.zip unzip clear_iredmail.zip
Let’s make it executable:
chmod +x clear_iredmail.sh
And run:
bash clear_iredmail.sh
The script will remove mysql, ssl, amavisd, clamav, spamassassin, dovecot, postfix, iredapd, users, etc., you need to be careful if there is something else on the server besides iRedMail.
In the script code, you can see the step-by-step process of removing iRedMail.
I will give an example of updating a self-signed certificate on Ubuntu Server with iRedMail installed.
Switch to the root user:
Continue reading “How to renew SSL certificate on iRedMail”In order to be able to connect to POP3 / IMAP without STARTTLS, you need to open the Dovecot configuration file:
sudo nano /etc/dovecot/dovecot.conf
Edit the two parameters listed below:
disable_plaintext_auth=no ssl=yes
To return the parameters of the secure connection to POP3S / IMAPS back:
disable_plaintext_auth=yes ssl=required
After the changes in the Dovecot configuration, you need to restart it:
sudo /etc/init.d/dovecot restart
See also:
How to enable SMTP without SSL on port 25 in iRedMail / Postfix