iredmail-docker
iredmail-docker copied to clipboard
cema-sp
iRedMail Docker image
iRedMail Docker Container
Disclaimer
Unfortunately this docker image is far from being truly persistent and docker-way. It is more like Ubuntu VM but inside a container.
To improve it one should use separate DB container w/ or w/o mounted volume/data-container for persistence, create setup and startup scripts and start all services inside container with startup script, not Ubuntu init.
Information
This project uses iRedMail-0.9.0 (as on 02/2015) with:
- iRedAdmin-0.4.1
- iRedAPD-1.4.4
- roundcubemail-1.0.4
What is inside
Image builds with:
- Debian Wheezy
- OpenLDAP
- Apache
- Roundcube
- SOGo
- MySQL
Building image
1. Editing iRedMail config file
You have to edit files/config.example file:
-
Replace "example.com" with your domain (lines marked with "!")
-
repalce dc=example,dc=com with dc=test,dc=com:
dn=dc=test,dc=com && sed -ri 's/^!(export .*)(dc=example,dc=com)/\1'"$dn"'/' files/config.example -
repalce example.com_ with test.com:
fqdn=test.com && sed -ri 's/^!(export .*)(example.com)/\1'"$fqdn"'/' files/config.example -
repalce example_ with test:
domain=test && sed -ri 's/^!(export .*)(example)/\1'"$domain"'/' files/config.example
-
-
Replace "password_pm", "password_ldap", "password_db" with postmaster password, ldap manager password, DBA password (lines marked with "!!")*
-
replace password_ldap with ldap_password:
pass=ldap_password && sed -ri 's/^!!(export .*)(password_ldap)/\1'"$pass"'/' files/config.example -
replace password_db with db_password:
pass=db_password && sed -ri 's/^!!(export .*)(password_db)/\1'"$pass"'/' files/config.example -
replace password_pm with pm_password:
pass=pm_password && sed -ri 's/^!!(export .*)(password_pm)/\1'"$pass"'/' files/config.example
-
-
Replace "password_random" with line from
date | sha256sum | base64 | head -c 30 ; echoorcat /dev/urandom | head -n 1 | tr -dc 'a-z0-9' | sha256sum | base64 | head -c 30(lines marked with "!!!")-
replace password_random with random passwords:
for i in {1..10}; do sed -ri '0,/^!!!(export .*)(password_random)/s/^!!!(export .*)(password_random)/\1'"$(cat /dev/urandom | head -n 1 | tr -dc 'a-z0-9' | sha256sum | base64 | head -c 30)"'/' files/config.example done
-
-
Remove all "!" signs from file and make sure everything configured
-
Rename files/config.example to files/config
* - It is strongly recommended to use random passwords
2. Editing hostname & uname fakes
You have to edit files/hostname.example and files/uname.example files by changing hostnames in them and renaming files (removing .example from their names):
fqdn=test.com && sed -ri 's/example.com/'"$fqdn"'/' files/uname.example files/hostname.example files/mail_users.csv.example
3. Editing Dockerfile
You have to edit Dockerfile.example:
- Rename Dockerfile.example to Dockerfile
- Replace hostname and passwords near TODO comments with yours
4. (Optional) Configure mail users
You can add initial mail users to OpenLDAP:
- Rename mail_users.csv.example to mail_users.csv
- Fill this file with data (see below)
- For passwords please use
date | sha256sum | base64 | head -c 8 ; echo
CSV file format:
domain name, username, password, [common name], [quota_in_bytes], [groups]Example:
iredmail.org, zhang, plain_password, Zhang Huangbin, 104857600, group1:group2
iredmail.org, zhang, plain_password, Zhang Huangbin, ,
iredmail.org, zhang, plain_password, , 104857600, group1:group2Note:
- Domain name, username and password are REQUIRED, others are optional:
- common name.
- It will be the same as username if it's empty.
- Non-ascii character is allowed in this field, they will be
encoded automaticly. Such as Chinese, Korea, Japanese, etc.- quota. It will be 0 (unlimited quota) if it's empty.
- groups.
- valid group name ([email protected]): hr
- incorrect group name: [email protected]
- Do NOT include domain name in group name, it will be
appended automaticly.- Multiple groups must be seperated by colon.
- Leading and trailing Space will be ignored.
5. (Optional) Configure mail lists, modify users, tool
You can add mail lists by placing your *.ldif files
into files/ldifs directory and naming them like 10_any_name.ldif.
Moreover, you can place there any *.ldif you like naming it 30_name.ldif.
To prepare your ldif files read corresponding iRedMail docs.
You can copy any necessary tools to files/tools directory to be added to image.
6. (Optional) Replacing sources.list
File sources.list.ru contains sources list for Russia, you could replace it with more adequate fro your region.
7. Building image
To build image, run:
sudo docker build -t cema/iredmail:latest .
Running image
Running with docker run
To run image use command:
sudo docker run -d -P -h mail.example.com \
-v /opt/containers/iredmail/backups/:/backups \
--name iredmail cema/iredmail:latest /sbin/init 2
Where /opt/containers/iredmail/backups/ is backups path in which containers /var/vmail/ directory copied.
Running with docker-compose
To run image with docker-compose you have to modify docker-compose.yml.example file:
- Rename file to docker-compose.yml
- Replace image name if you have changed it
- Replace hostname and domainname in file
After all run sudo docker-compose up -d
Postinstall
After starting up container:
-
Set up DNS records (A, MX, SPF and DKIM) (see docs).
To get DKIM use:sudo docker exec docker_mailserver_1 amavisd-new showkeys
To check it use:
```bash
sudo docker exec docker_mailserver_1 amavisd-new testkeys
```
-
(Optional) if you use jwilder/nginx-proxy, copy container certs with commands:
sudo docker cp docker_mailserver_1:/etc/ssl/certs/iRedMail.crt \ /opt/docker/mail-server/certs/ sudo docker cp docker_mailserver_1:/etc/ssl/private/iRedMail.key \ /opt/docker/mail-server/certs/ sudo mv /opt/docker/mail-server/certs/{iRedMail,mx.example.com}.crt sudo mv /opt/docker/mail-server/certs/{iRedMail,mx.example.com}.key
Testing container
From inside container
Enter container:
sudo docker exec -it iredmail /bin/bash
Check Manager password
ldapwhoami -x -D 'cn=Manager,dc=example,dc=com' -W
Check added domains
ldapsearch -D 'cn=Manager,dc=example,dc=com' -b 'o=domains,dc=example,dc=com' -W
See users of domain
ldapsearch -D 'cn=Manager,dc=example,dc=com' \
-b 'ou=Users,domainName=example.com,o=domains,dc=example,dc=com' -W
Check user password
ldapsearch -D '[email protected],ou=Users,\
domainName=example.com,o=domains,dc=example,dc=com' \
-b 'ou=Users,domainName=example.com,o=domains,dc=example,dc=com' -W
From outside container
Check LDAP
curl ldap://0.0.0.0:49258 -v
or
curl -u uid=postmaster:password \
ldap://0.0.0.0:49258/ou=Users,domainName=example.com,\
o=domains,dc=example,dc=com -v
Check SMTP
curl smtp://0.0.0.0:49251 --ssl -k \
-u [email protected]:password
-v --mail-rcpt "[email protected]" --anyauth
Maintaining container
Reading log files
Enter container:
sudo docker exec -it iredmail /bin/bash
Then use tail -f -n30 /var/log/logfilename to read logfilename.
Geting backups from container manualy
Run:
sudo docker cp iredmail:/var/vmail/* /opt/containers/iredmail/backups/
May be useful
Creating SSHA password
Create SSHA password (w/o slap utils)
#!/bin/sh
# http://wiki.nginx.org/Faq#How_do_I_generate_an_htpasswd_file_without_having_Apache_tools_installed.3F
PASSWORD=$1;
SALT="$(openssl rand -base64 3)"
SHA1=$(printf "$PASSWORD$SALT" | openssl dgst -binary -sha1 | sed 's#$#'"$SALT"'#' | base64);
printf "{SSHA}$SHA1\n"
Create SSHA password (w slap utils)
slappasswd -s passphrase
Create SSHA password (w iRedMail tools)
python /opt/itools/generate_password_hash.py SSHA passphrase
Encrypting/Decrypting files
Encrypt/Decrypt iRedMail.tips file
echo 'passphrase' | openssl enc \
-in /opt/iredmail/iRedMail.tips \
-out /opt/iRedMail.tips.enc \
-e -aes256 -pass stdin
echo 'passphrase' | openssl enc \
-in /opt/iRedMail.tips.enc \
-out /opt/iRedMail.tips \
-d -aes256 -pass stdin
cema-sp