From 6d94dbf94ae032569aa335ebf4d1e7cc53217cac Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Sat, 6 Jan 2024 20:37:17 -0700 Subject: [PATCH] Update Servers/Linux/iRedMail.md --- Servers/Linux/iRedMail.md | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/Servers/Linux/iRedMail.md b/Servers/Linux/iRedMail.md index 49beef8..924dede 100644 --- a/Servers/Linux/iRedMail.md +++ b/Servers/Linux/iRedMail.md @@ -15,12 +15,10 @@ sudo su # Define some deployment variables. VERSION="1.6.8" # (1) MAIL_DOMAIN="bunny-lab.io" # (2) -POSTMASTER_PASSWORD="VerySecurePassword101" # (3) ``` 1. This is the version of iRedMail you are deploying. You can find the newest version on the [iRedMail Download Page](https://www.iredmail.org/download.html). 2. This is the domain suffix that appears after mailbox names. e.g. `first.last@bunny-lab.io` would use a domain value of `bunny-lab.io`. -3. For the purposes of the installation, you cannot use symbols in your password here. Keep it to letters and numbers. You will then proceed to bootstrap a silent unattended installation of iRedMail. (I've automated as much as I can to make this as turn-key as possible). ``` sh @@ -36,26 +34,36 @@ curl https://codeload.github.com/iredmail/iRedMail/tar.gz/refs/tags/$VERSION -o tar zxf iRedMail-$VERSION.tar.gz # Create the unattend config file for silent deployment. This will automatically generate random 32-character passwords for all of the databases. -(echo "export STORAGE_BASE_DIR='/var/vmail'"; echo "export WEB_SERVER='NGINX'"; echo "export BACKEND_ORIG='PGSQL'"; echo "export BACKEND='PGSQL'"; for var in VMAIL_DB_BIND_PASSWD VMAIL_DB_ADMIN_PASSWD MLMMJADMIN_API_AUTH_TOKEN NETDATA_DB_PASSWD AMAVISD_DB_PASSWD IREDADMIN_DB_PASSWD RCM_DB_PASSWD SOGO_DB_PASSWD SOGO_SIEVE_MASTER_PASSWD IREDAPD_DB_PASSWD FAIL2BAN_DB_PASSWD PGSQL_ROOT_PASSWD; do echo "export $var='$(openssl rand -base64 48 | tr -d '+/=' | head -c 32)'"; done; echo "export DOMAIN_ADMIN_PASSWD_PLAIN='$POSTMASTER_PASSWORD'"; echo "export FIRST_DOMAIN='$MAIL_DOMAIN'"; echo "export USE_IREDADMIN='YES'"; echo "export USE_SOGO='YES'"; echo "export USE_NETDATA='YES'"; echo "export USE_FAIL2BAN='YES'") > /root/iRedMail-$VERSION/config +(echo "export STORAGE_BASE_DIR='/var/vmail'"; echo "export WEB_SERVER='NGINX'"; echo "export BACKEND_ORIG='PGSQL'"; echo "export BACKEND='PGSQL'"; for var in VMAIL_DB_BIND_PASSWD VMAIL_DB_ADMIN_PASSWD MLMMJADMIN_API_AUTH_TOKEN NETDATA_DB_PASSWD AMAVISD_DB_PASSWD IREDADMIN_DB_PASSWD RCM_DB_PASSWD SOGO_DB_PASSWD SOGO_SIEVE_MASTER_PASSWD IREDAPD_DB_PASSWD FAIL2BAN_DB_PASSWD PGSQL_ROOT_PASSWD DOMAIN_ADMIN_PASSWD_PLAIN; do echo "export $var='$(openssl rand -base64 48 | tr -d '+/=' | head -c 32)'"; done; echo "export FIRST_DOMAIN='$MAIL_DOMAIN'"; echo "export USE_IREDADMIN='YES'"; echo "export USE_SOGO='YES'"; echo "export USE_NETDATA='YES'"; echo "export USE_FAIL2BAN='YES'") > /root/iRedMail-$VERSION/config # Set Environment Variables for Silent Deployment -AUTO_USE_EXISTING_CONFIG_FILE=y -AUTO_INSTALL_WITHOUT_CONFIRM=y -AUTO_CLEANUP_REMOVE_SENDMAIL=y -AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y -AUTO_CLEANUP_RESTART_FIREWALL=n -AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y +AUTO_USE_EXISTING_CONFIG_FILE=y # (1) +AUTO_INSTALL_WITHOUT_CONFIRM=y # (2) +AUTO_CLEANUP_REMOVE_SENDMAIL=y # (3) +AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y # (4) +AUTO_CLEANUP_RESTART_FIREWALL=n # (5) +AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y # (6) # Deploy iRedMail via the Install Script cd /root/iRedMail-1.6.8 bash iRedMail.sh ``` +1. Use existing `config` file without asking for confirmation. +2. Start the installation without asking for confirmation. +3. Remove `sendmail` package without asking for confirmation. +4. Copy and use the firewall rules shipped in iRedMail installer. +5. Restart firewall service without asking for confirmation. +6. Copy and use the MySQL (server) config file shipped in iRedMail installer. + When the installation is completed, take note of any output it gives you for future reference. Then reboot the server to finalize the server installation. ``` reboot ``` +!!! warning "Automatically-Generated Postmaster Password" + When you deploy iRedMail, it will give you a username and password for the postmaster account. If you accidentally forget to document this, you can log back into the server via SSH and see the credentials at `/root/iRedMail-$VERSION/iRedMail.tips`. This file is critical and contains passwords and DKIM information as well. + ## Nested Reverse Proxy Configuration In my homelab environment, I run Traefik reverse proxy in front of everything, which includes the NGINX reverse proxy that iRedMail creates. In my scenario, I have to make some custom adjustments to the reverse proxy dynamic configuration data to ensure it will allow self-signed certificates from iRedMail to communicate with the Traefik reverse proxy successfully. You will see an example Traefik configuration file below. ```