1). 這個favicon 圖片 ,大約 4k多 ;
# ll /var/www/iredadmin/static/

總計 32
dr-xr-xr-x 4 iredadmin iredadmin   41  9月 19 16:57 default
-r-xr-xr-x 1 iredadmin iredadmin 4286  9月 29 18:33 favicon.ico
-r-xr-xr-x 1 iredadmin iredadmin 4286  9月 28 14:06 favicon.png
dr-xr-xr-x 2 iredadmin iredadmin 4096  9月 19 16:57 js
-r-xr-xr-x 1 iredadmin iredadmin 3119  9月 19 16:57 logo.png
-r-xr-xr-x 1 root      root      5082  9月 19 16:59 roundcube_logo.png

favicon.ico  favicon.png 兩個為互相複制的檔案 ,只是改副檔名.

2).
/var/www/iredadmin/static]# vi ../settings.py
BRAND_LOGO = 'roundcube_logo.png'
BRAND_FAVICON = 'favicon.png'
#BRAND_FAVICON = 'favicon.ico'

上面是正常顯示的設定;

3).
若改為 如下則無法顯示出來
BRAND_FAVICON = 'favicon.ico'

檢視網頁原始碼:

    <link rel="stylesheet" type="text/css" href="/iredadminl/static/default/css/reset.css" />
    <link rel="stylesheet" type="text/css" href="/iredadmin/static/default/css/screen.css" />
    <link rel="icon" type="image/x-icon" href="/iredadmin/static/favicon.ico" />

使用chrome 或 firefox 一樣無法顯示 ; 再改為步驟 2). 則又正常
OS使用 Winxp 及 Win7.

ZhangHuangbin 写道:

BRAND_LOGO = '' BRAND_FAVICON = ''

#BRAND_LOGO = 'logo.png'                     # 使用iRedmail 的logo
BRAND_LOGO = 'roundcube_logo.png'    #同我roundcubemail 的logo
上面皆正常;

但BRAND_FAVICON的副檔名, 使用 .ico 則無法顯現分頁的logo
要改為 .png 或 jpg 才可正常顯現, 這倒是奇怪?
先前測試多次皆不行,這次最後成了.

#BRAND_FAVICON = 'favicon.ico'            #無法顯示
BRAND_FAVICON = 'favicon.png'             #可顯示
#BRAND_FAVICON = 'logo.png'                #iredmail 的logo ,可顯示

ZhangHuangbin 写道:

# Product name, short description.
BRAND_NAME = 'iRedAdmin-Pro' BRAND_DESC = 'iRedMail Admin Panel'

此兩參數我倒是在 templates/default/layout.html(及layout_user.html) 裡設定修改
大約 66 行:

                        <span class="textlogo">
                            <!-- span class="title">{{ brand_name }}</span> -->
                            <!-- span class="text">{{ brand_desc }}</span> -->
                            <span style="position:relative;top:0px;left:150px;font-size:20px" class="title">    測 試 公 司 - Test  Corp. Ltd. </span> 
                        </span>

此方法是可調顯示位置 ; 唯一不便是 版更時須手動複製檔案(laylou.html ,layout_user.html ,login.html )到新目錄,或爾後iRedAdmin 主控台有大改版,需再自己修正.

感謝版主回覆.

ZhangHuangbin 写道:

iredapd throttle 设置导致

倒忘記以前的設定了!
更改: 主控台/Profile of domain/Throttling/Number of max inbound emails
把20加大 即可.

感謝回覆.

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):
- 使用的 Linux/BSD 发行版名称及版本号:
- 与您的问题相关的日志信息:
====
請問版主 , iRedAdmin 主控台要如何加入自己公司logo 的favicon.ico 檔?

roundcubemail 是可自行更改加入的.

像附檔的"網易云課堂" 那樣的效果.

感謝.

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.7
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):Pro-LDAP-3.0
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7
- 与您的问题相关的日志信息:
====

web server 重起fail2ban ; 在mail server 端得到
"REJECT Quota exceeded (number of mails in total)"

1).
web server  fail2ban 啟動的jail 有12個 ; fail2ban 重新啟動會寄出通知信給 mail server 的 alert@ 帳號 .
剛寄出信件, 會被mail server bounce 掉 ;

maillog

11456:Sep 26 16:03:31 web postfix/smtp[15687]: 94A14248062: to=<alert@mydoamin.com>, orig_to=<root>, relay=mail.mydomain.com[xx.xx.xx.59]:25, conn_use=3, delay=0.06, delays=0/0/0/0.05, dsn=5.7.1, status=bounced (host mail.mydomain.com[xx.xx.xx.59] said: 554 5.7.1 <alert@mydomain.com>: Recipient address rejected: Quota exceeded (number of mails in total) (in reply to RCPT TO command))

大約5秒 系統自動重新連線傳送, 則可正常傳送.
這算正常嗎?
若是外部網域一次傳送20多個內部網域的接收者,
是否會照成以上結果?

iRedApd  max_msgs default 為20 , current: 21  才造成的?

2).
mail server 端
iredapd.log:

2017-09-26 16:03:31 DEBUG [SQL] Query result:
[(190L, 1L, 'alert@mydomain.com', 21, 11895L, 1506413000L, 1506413011L)]
2017-09-26 16:03:31 DEBUG Tracking IDs: {(1L, 'alert@mydomain.com'): 190L}
2017-09-26 16:03:31 INFO [xx.xx.xx.60] [alert@mydomain.com] Exceeds recipient throttle for max_msgs, current: 21. (msg_size=100000000 (bytes)/id=1/account=@mydomain.com; max_msgs=20/id=1/account=@mydomain.com; )
2017-09-26 16:03:31 DEBUG <-- Result: REJECT Quota exceeded (number of mails in total)
2017-09-26 16:03:31 DEBUG Session ended.

maillog

15092:Sep 26 16:03:31 mail postfix/smtpd[16436]: NOQUEUE: reject: RCPT from xx-xx-xx-60.HINET-IP.hinet.net[xx.xx.xx.60]: 554 5.7.1 <alert@mydomain.com>: Recipient address rejected: Quota exceeded (number of mails in total); from=<Fail2Ban_Web@web.mydomain.com> to=<alert@mydomain.com> proto=ESMTP helo=<web.mydomain.com>
15093:Sep 26 16:03:31 mail postfix/smtpd[16440]: NOQUEUE: reject: RCPT from xx-xx-xx-60.HINET-IP.hinet.net[xx.xx.xx.60]: 554 5.7.1 <alert@mydomain.com>: Recipient address rejected: Quota exceeded (number of mails in total); from=<Fail2Ban_Web@web.mydomain.com> to=<alert@mydomain.com> proto=ESMTP helo=<web.mydomain.com>

81

(0 篇回复,发表在 iRedMail 技术支持)

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.7
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):LDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====
系統手動更新 出現如下錯誤:

# yum update

Loaded plugins: fastestmirror
base                                                                          | 3.6 kB  00:00:00
epel/x86_64/metalink                                                          | 5.1 kB  00:00:00
epel                                                                          | 4.3 kB  00:00:00
extras                                                                        | 3.4 kB  00:00:00
iRedMail                                                                      | 7.2 kB  00:00:00
http://iredmail.org/yum/rpms/7/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for iRedMail: Damaged repomd.xml file
Trying other mirror.


 One of the configured repositories failed (iRedMail),
 and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=iRedMail ...

     4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it  again or use --enablerepo for temporary usage:

            yum-config-manager --disable iRedMail
        or
            subscription-manager repos --disable=iRedMail

     5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise:

            yum-config-manager --save  --setopt=iRedMail.skip_if_unavailable=true

failure: repodata/repomd.xml from iRedMail: [Errno 256] No more mirrors to try.
http://iredmail.org/yum/rpms/7/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for iRedMail: Damaged repomd.xml file

yum clean all 再執行 yum update 錯誤一樣。


ps: http://www.iredmail.org/forum/ 網站也無法連結

ZhangHuangbin 写道:

*) 使用相同的 dkim key 则只有一个 DKIM record(默认是 dkim._domainkey.mydomain.com)。

所以共用同一個dkim key (master mx key) ,就如同iredmail 安裝預設值.

ZhangHuangbin 写道:

DKIM signature 里只记录 dkim 的 domain,不是 server hostname。所以你的  mail._domainkey.mydomain.com 和 mx._domainkey.mydomain.com 都是错的。

在分別使用不同dkim key值時(master mx 及 backup mx 各自獨立使用自己key值時)
master mx設定

dkim_key("mydomain", "mail", "/var/lib/dkim/mydomain.com.pem");
    "mail. mydomain.com"  => { d => "mail.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

backup mx設定

 dkim_key("mydomain.com", "mx", "/var/lib/dkim/mydomain.com.pem");
    "mx.mydomain.com"  => { d => "mx.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

dns: 分別使用不同的select name區分,此處使用host name 來區分

@               IN      MX      10  mail. mydomain.com.
@               IN      MX      20  mx. mydomain.com.
mydomain.com.   IN      TXT     "v=spf1 a mx ip4:xx.xx.xx.59 -all"
mydomain.com.   IN      TXT     "v=spf1 a mx ip4:xx.xx.xx.58 -all"

mail._domainkey.mydomain.com.   3600    TXT     ("v=DKIM1; p=MIIAA ….. ")
mx._domainkey.mydomain.com.    3600    TXT     ("v=DKIM1; p=MIIBIjA…..")

當master mx 當掉, backup mx 自動ready ,接收下來新到的信件; 當master mx 重新setup 起來,在使用rsync 把新到的信件倒回去master mx .
backup mx是有先做 restore master ldif 檔及做單向的ldap 同步,參考
http://www.iredmail.org/docs/backup.restore.html
http://www.iredmail.org/docs/migrate.to … erver.html
http://www.iredmail.org/forum/topic6306 … -only.html

版主認為以上amavisd 及dns 設定正確?
還是只使用單一dkim key 值設定即可?

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.7
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):LDAP
- 使用的 Linux/BSD 发行版名称及版本号:Centos 7
- 与您的问题相关的日志信息:
====
請教版主 備援機 dkim 的設定如下  ,是否正確?

1). 當共用同一個 mydomain.com.pem 檔

dkim_key("mydomain", "dkim", "/var/lib/dkim/mydomain.com.pem");
    "mydomain.com"      => { d =>  "mydomain.com" , a => 'rsa-sha256' , ttl =>  10*24*3600 },
#   "mail.mydomain.com"  => { d => "mail.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
#   "mx.mydomain.com"  => { d => "mx.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

DNS:

@               IN      MX      10  mail. mydomain.com.
@               IN      MX      20  mx. mydomain.com.
mydomain.com.   IN      TXT     "v=spf1 a mx ip4:xx.xx.xx.59 -all"
mydomain.com.   IN      TXT     "v=spf1 a mx ip4:xx.xx.xx.58 -all"

dkim._domainkey.mydomain.com.   3600    TXT     ("v=DKIM1; p=MIIAAOCAQ8AMIIBCgKC .. ")

2).分別使用本機的pem 檔時

dkim_key("mydomain", "mail", "/var/lib/dkim/mydomain.com.pem");
#   "mydomain"      => { d =>  "mydomain.com" , a => 'rsa-sha256' , ttl =>  10*24*3600 },
    "mail. mydomain.com"  => { d => "mail.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    "mx. mydomain.com"  => { d => "mx.mydoamin.com", a => 'rsa-sha256', ttl => 10*24*3600 },

備援機:

dkim_key("mydomain.com", "mx", "/var/lib/dkim/mydomain.com.pem");
#  "mydomain.com"      => { d =>  "mydomain.com" , a => 'rsa-sha256' , ttl =>  10*24*3600 },
    "mail.mydomain.com"  => { d => "mail.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    "mx.mydomain.com"  => { d => "mx.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

DNS:

@               IN      MX      10  mail. mydomain.com.
@               IN      MX      20  mx. mydomain.com.
mydomain.com.   IN      TXT     "v=spf1 a mx ip4:xx.xx.xx.59 -all"
mysomain.com.   IN      TXT     "v=spf1 a mx ip4:xx.xx.xx.58 -all"

mail._domainkey.mydomain.com.   3600    TXT     ("v=DKIM1; p=MIIAA ….. ")
mx._domainkey.mydomain.com.    3600    TXT     ("v=DKIM1; p=MIIBIjA…..")

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.97
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):0.8 & LDAP-2.8.0
- 使用的 Linux/BSD 发行版名称及版本号:CentOS 7
- 与您的问题相关的日志信息:
====
iRedAdmin 0.8 ,
最小密碼長度無法變更,只能default 8 位來管控.
設為9位10位或4位數來管控皆不行.

iRedAdmin-Pro-LDAP-2.8.0
最小管控密碼長度可設為大於8位數以上,但小於8則不行.
如管控最小10位 ,12位 皆可以; 但管控小於8位 ,如6位或4位則不可.

設定如下: (LDAP-2.8.8 是無效)
/var/www/iredadmin/settings.py
min_passwd_length = 7
max_passwd_length = 0

PASSWORD_HAS_LETTER = False
PASSWORD_HAS_UPPERCASE = False
PASSWORD_HAS_NUMBER = False
PASSWORD_HAS_SPECIAL_CHAR = False

85

(1 篇回复,发表在 iRedMail 技术支持)

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.7
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):LDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS 7
- 与您的问题相关的日志信息:
====

# ls -la .my.cnf*
-r--------. 1 root root 212  7月  4 11:29 .my.cnf
-rw-r--r--. 1 root root  91  7月  4 11:29 .my.cnf-iredadmin
-rw-r--r--. 1 root root  89  7月  4 11:29 .my.cnf-iredapd
-rw-r--r--. 1 root root  91  7月  4 11:29 .my.cnf-roundcube
-rw-r--r--. 1 root root  86  7月  4 11:29 .my.cnf-sogo
-rw-r--r--. 1 root root  87  7月  4 11:29 .my.cnf-vmail
-rw-r--r--. 1 root root  92  7月  4 11:29 .my.cnf-vmailadmin

權限皆改為 0400 是不是較好?

經查看 iRedMail 安裝檔,
0.9.7版 把 jail.local  拆解到 jail.d 下的各個檔案去了
# ll /etc/fail2ban/jail.d/
總計 40
-rw-r--r--. 1 root root 270  2月 16 02:37 00-firewalld.conf
-rw-r--r--. 1 root root 221  7月  4 11:29 apache-auth.local
-rw-r--r--. 1 root root 321  7月  4 11:29 dovecot.local
-rw-r--r--. 1 root root 228  7月  4 11:29 nginx-http-auth.local
-rw-r--r--. 1 root root 224  7月  4 11:29 postfix.local
-rw-r--r--. 1 root root 216  7月  4 11:29 postfix-sasl.local
-rw-r--r--. 1 root root 249  7月  4 11:29 roundcube.local
-rw-r--r--. 1 root root 217  7月  4 11:29 sogo.local
-rw-r--r--. 1 root root 159  7月  4 11:29 sshd-ddos.local
-rw-r--r--. 1 root root 144  7月  4 11:29 sshd.local

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.7
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):ldap
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7
- 与您的问题相关的日志信息:
====
iRedMail 0.9.7 安裝後 fail2ban 的 jail.local檔內容只有:

[DEFAULT]
# time is in seconds. 3600 = 1 hour, 86400 = 24 hours (1 day)
findtime    = 3600
bantime     = 3600
maxretry    = 5
ignoreip    = 127.0.0.1 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

只有上述字段 ,下無資料

但  fail2ban-client status
Status
|- Number of jail:      8
`- Jail list:   dovecot-iredmail, nginx-http-auth, postfix-iredmail, postfix-sasl, roundcube-iredmail, sogo-iredmail, sshd, sshd-ddos

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):LDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7
- 与您的问题相关的日志信息:
====

bash iRedMail.sh
[ INFO ] Checking new version of iRedMail ...

<< ERROR >> Your iRedMail version (0.9.6) is out of date, please
<< ERROR >> download the latest version and try again:
<< ERROR >> http://www.iredmail.org/download.html

以後皆無法安裝舊版的iRedmail?

89

(2 篇回复,发表在 iRedMail 技术支持)

從phpmyadmin 看,
message_size_limit = 30000000
直接改為100M

UPDATE `amavisd`.`policy` SET `message_size_limit` = '100000000' WHERE `policy`.`id` = 1;

ok , 可寄原本30M 的信件 , 50M 也可以.

原本在測試時 .Pro 主控台 : Max size of single email設為30M , 
再改為100M 或設定為不管制 ; 似乎是 Pro 版主控台,沒有修改資料庫為最後的設定值.

現已解決, 感謝回覆

90

(2 篇回复,发表在 iRedMail 技术支持)

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6  + Ngix
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):Pro(LDAP)2.8.0
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====

網域 Throttling 未設定管制

按照 http://www.iredmail.com/docs/change.mai … .size.html

winxp:
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Preferences]
"MaximumAttachmentSize"=dword:00000000

設定 100M , client 使用outlook2003 或 TB 或 outook Express , 附件為30多MB ,

會出現 "Undelivered Mail Returned to Sender"


退信內容:

This is the mail system at host mail.mydomain.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system /<test@mydomain.com>//: /host 127.0.0.1[127.0.0.1] said: 552 5.3.4 Message size (37536103 B) exceeds size limit (in reply to end of DATA command)


maillog:

Apr 19 10:36:43 mail postfix/submission/smtpd[2225]: connect from unknown[192.168.1.66]
Apr 19 10:36:43 mail opendmarc[1494]: ignoring connection from [192.168.1.66]
Apr 19 10:36:43 mail postfix/submission/smtpd[2225]: Anonymous TLS connection established from unknown[192.168.1.66]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Apr 19 10:36:44 mail postfix/submission/smtpd[2225]: 33894C001B520: client=unknown[192.168.1.66], sasl_method=PLAIN, sasl_username=aaa@mydomain.com
Apr 19 10:36:44 mail postfix/cleanup[2229]: 33894C001B520: message-id=<a4c1ef72-3fbf-c220-6a5d-f7711f3ef538@mydomain.com>
Apr 19 10:36:51 mail postfix/qmgr[1462]: 33894C001B520: from=<aaa@mydomain.com>, size=37536137, nrcpt=1 (queue active)
Apr 19 10:36:51 mail postfix/smtp-amavis/smtp[2230]: 33894C001B520: to=<test@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=7.4, delays=7.3/0.01/0/0.17, dsn=5.3.4, status=bounced (host 127.0.0.1[127.0.0.1] said: 552 5.3.4 Message size (37536103 B) exceeds size limit (in reply to end of DATA command))
Apr 19 10:36:51 mail postfix/cleanup[2229]: A1823C001B521: message-id=<20170419023651.A1823C001B521@mail.mydomain.com>
Apr 19 10:36:51 mail postfix/bounce[2231]: 33894C001B520: sender non-delivery notification: A1823C001B521
Apr 19 10:36:51 mail postfix/qmgr[1462]: A1823C001B521: from=<>, size=2676, nrcpt=1 (queue active)
Apr 19 10:36:51 mail postfix/qmgr[1462]: 33894C001B520: removed
Apr 19 10:36:51 mail postfix/pipe[2232]: A1823C001B521: to=<aaa@mydomain.com>, relay=dovecot, delay=0.18, delays=0.03/0.01/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 19 10:36:51 mail postfix/qmgr[1462]: A1823C001B521: removed
Apr 19 10:37:01 mail postfix/submission/smtpd[2225]: disconnect from unknown[192.168.1.66]


amavisd.log:

Apr 19 10:36:51 mail.domain.com /usr/sbin/amavisd[1843]: (01843-02) ESMTP REJECT: 552 5.3.4 Message size (37536103 B) exceeds size limit

zhbzhbzhbz199102 写道:

设置了SSL+465端口)都是能收不能发

郵件伺服器的防火牆 , 465 port 開了沒?

感謝版主回覆
我是參考:
https://sys4.de/en/blog/2015/03/04/dove … e-sichern/
https://wiki.dovecot.org/SSL/DovecotConfiguration

Thanks

==== ==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):LDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====
outlook 2003 或 outlook express 啟用
POP3 : 995 ;     打勾 此伺服器需要加密連線(SSL)

會出現:
您的伺服器意外地終止連線。可能的原因包括伺服器問題、網路問題或長時間閒置。 帳戶: 'user@mydomain.com ', 伺服器: 'mail.mydomain.com ', 通訊協定: POP3, 連接埠: 995, 安全(SSL): 是, 錯誤碼: 0x800CCC0F

在dovecot.conf 需更改如下:
#iRedMail 預設安裝 .(第一行預設值 , 第二行可正常運作)
#ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!EXPORT

這樣設定,會有什麼問題? 因公司內部需求 , 才不得不如此設定.

Ps: 其他設定 , 內部網段允許明碼
disable_plaintext_auth = yes
#disable_plaintext_auth=no
ssl=required
#ssl=yes

# Allow plain text password per IP address/net
remote 192.168.1.0/24 {
   disable_plaintext_auth = no
   ssl=yes
}

94

(1 篇回复,发表在 iRedMail 技术支持)

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):OpenLDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====
安裝iredMail 時,選擇安裝sogo
現如不想使用, 應如何停止sogo? 不移除.
下面我使用步驟:
#systemctl disable sogod
#systemctl stop sogod
#vi /etc/yum.repos.d/sogo.repo
enabled=0

# ps aux|grep -i sogo
root      2531  0.0  0.0 112664   972 pts/0    S+   18:49   0:00 grep --color=auto -i sogo

但/var/log/messages
每一分鐘出現一次 下面log:
Mar 28 18:51:01 mail systemd: Created slice user-991.slice.
Mar 28 18:51:01 mail systemd: Starting user-991.slice.
Mar 28 18:51:01 mail systemd: Started Session 37 of user sogo.
Mar 28 18:51:01 mail systemd: Starting Session 37 of user sogo.
Mar 28 18:51:01 mail systemd: Removed slice user-991.slice.
Mar 28 18:51:01 mail systemd: Stopping user-991.slice.
Mar 28 18:52:01 mail systemd: Created slice user-991.slice.
Mar 28 18:52:01 mail systemd: Starting user-991.slice.
Mar 28 18:52:01 mail systemd: Started Session 38 of user sogo.
Mar 28 18:52:01 mail systemd: Starting Session 38 of user sogo.
Mar 28 18:52:01 mail systemd: Removed slice user-991.slice.
Mar 28 18:52:01 mail systemd: Stopping user-991.slice.

95

(1 篇回复,发表在 iRedMail 技术支持)

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):OpenLDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====

ssh 使用 12345 port  ,ssh 遠端安裝完iredMail 0.9.6 ,
重開機後無法 ssh 登入
本機查看 /etc/firewalld/zones/iredmail.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Mail services</short>
  <description>Allow access to mail services from external network.</description>
  <service name="http"/>
  <service name="submission"/>
  <service name="pop3s"/>
  <service name="smtp"/>
  <service name="imaps"/>
  <service name="pop3"/>
  <service name="ssh"/>
  <service name="https"/>
  <service name="imap"/>
</zone>

沒有原先的port   <port protocol="tcp" port="12345"/>
需手動加入 12345port , 重啟sshd 及防火牆,  才可再重遠端ssh 登入

在0.9.5 沒有此問題 , 0.9.6 有此問題

PS: public.xml 內容
/etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <port protocol="tcp" port="12345"/>
</zone>

試了一個星期 , 終於搞定了 ; 太太太感謝版主 .
我的iRedMail 終可使用 Nginx了.
Phpldapadmin ,PhpMyadmin , Letsencrypt 皆可在nginx 執行;
最後再try Dspam 及Crm114 和 OpenDmarc 看看 ,若可以,那可是"功德圓滿".

Thanks.

97

(10 篇回复,发表在 iRedMail 技术支持)

了解.

感謝回覆.

Thanks.

98

(10 篇回复,发表在 iRedMail 技术支持)

# bash -xv backup_openldap.sh
#!/usr/bin/env bash

# Author:   Zhang Huangbin (zhb@iredmail.org)
# Date:     Mar 15, 2012
# Purpose:  Dump whole LDAP tree with command 'slapcat'.
# License:  This shell script is part of iRedMail project, released under
#           GPL v2.

###########################
# REQUIREMENTS
###########################
#
#   * Required commands:
#       + slapcat
#       + du
#       + bzip2 # If bzip2 is not available, change 'CMD_COMPRESS' to use 'gzip'.
#

###########################
# USAGE
###########################
#
#   * It stores all backup copies in directory '/var/vmail/backup' by default,
#     You can change it with variable $BACKUP_ROOTDIR below.
#
#   * Set correct values for below variables:
#
#       BACKUP_ROOTDIR
#
#   * Add crontab job for root user (or whatever user you want):
#
#       # crontab -e -u root
#       1   4   *   *   *   bash /path/to/backup_openldap.sh
#
#   * Make sure 'crond' service is running, and will start automatically when
#     system startup:
#
#       # ---- On RHEL/CentOS ----
#       # chkconfig --level 345 crond on
#       # /etc/init.d/crond status
#
#       # ---- On Debian/Ubuntu ----
#       # update-rc.d cron defaults
#       # /etc/init.d/cron status
#

###############################
# How to restore backup file:
###############################
# Please refer to wiki tutorial for detail steps:
# http://www.iredmail.org/docs/backup.restore.html
#

#########################################################
# Modify below variables to fit your need ----
#########################################################
# Where to store backup copies.
export BACKUP_ROOTDIR="/var/vmail/backup"
+ export BACKUP_ROOTDIR=/var/vmail/backup
+ BACKUP_ROOTDIR=/var/vmail/backup

# Keep backup for how many days. Default is 90 days.
export KEEP_DAYS='90'
+ export KEEP_DAYS=90
+ KEEP_DAYS=90

#########################################################
# You do *NOT* need to modify below lines.
#########################################################

export PATH="$PATH:/usr/sbin:/usr/local/sbin/"
+ export PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cc/.local/bin:/home/cc/bin:/usr/sbin:/usr/local/sbin/
+ PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cc/.local/bin:/home/cc/bin:/usr/sbin:/usr/local/sbin/

# Commands.
export CMD_DATE='/bin/date'
+ export CMD_DATE=/bin/date
+ CMD_DATE=/bin/date
export CMD_DU='du -sh'
+ export 'CMD_DU=du -sh'
+ CMD_DU='du -sh'
export CMD_COMPRESS='bzip2 -9'
+ export 'CMD_COMPRESS=bzip2 -9'
+ CMD_COMPRESS='bzip2 -9'
export COMPRESS_SUFFIX='bz2'
+ export COMPRESS_SUFFIX=bz2
+ COMPRESS_SUFFIX=bz2
export CMD_MYSQL='mysql'
+ export CMD_MYSQL=mysql
+ CMD_MYSQL=mysql

# MySQL user and password, used to log backup status to sql table `iredadmin.log`.
# You can find password of SQL user 'iredadmin' in iRedAdmin config file 'settings.py'.
#
# If MYSQL_PASSWD is empty, read password from /root/.my.cnf instead.
export MYSQL_USER="iredadmin"
+ export MYSQL_USER=iredadmin
+ MYSQL_USER=iredadmin
export MYSQL_PASSWD="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ export MYSQL_PASSWD=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ MYSQL_PASSWD=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
export MYSQL_DOT_MY_CNF='/root/.my.cnf'
+ export MYSQL_DOT_MY_CNF=/root/.my.cnf
+ MYSQL_DOT_MY_CNF=/root/.my.cnf

if [ -f /etc/ldap/slapd.conf ]; then
    export CMD_SLAPCAT='slapcat -f /etc/ldap/slapd.conf'
elif [ -f /etc/openldap/slapd.conf ]; then
    export CMD_SLAPCAT='slapcat -f /etc/openldap/slapd.conf'
elif [ -f /usr/local/etc/openldap/slapd.conf ]; then
    export CMD_SLAPCAT='slapcat -f /usr/local/etc/openldap/slapd.conf'
else
    export CMD_SLAPCAT='slapcat'
fi
+ '[' -f /etc/ldap/slapd.conf ']'
+ '[' -f /etc/openldap/slapd.conf ']'
+ export 'CMD_SLAPCAT=slapcat -f /etc/openldap/slapd.conf'
+ CMD_SLAPCAT='slapcat -f /etc/openldap/slapd.conf'

# Date.
export YEAR="$(${CMD_DATE} +%Y)"
++ /bin/date +%Y
+ export YEAR=2017
+ YEAR=2017
export MONTH="$(${CMD_DATE} +%m)"
++ /bin/date +%m
+ export MONTH=03
+ MONTH=03
export DAY="$(${CMD_DATE} +%d)"
++ /bin/date +%d
+ export DAY=20
+ DAY=20
export TIME="$(${CMD_DATE} +%H-%M-%S)"
++ /bin/date +%H-%M-%S
+ export TIME=09-45-42
+ TIME=09-45-42
export TIMESTAMP="${YEAR}-${MONTH}-${DAY}-${TIME}"
+ export TIMESTAMP=2017-03-20-09-45-42
+ TIMESTAMP=2017-03-20-09-45-42

# Pre-defined backup status
export BACKUP_SUCCESS='NO'
+ export BACKUP_SUCCESS=NO
+ BACKUP_SUCCESS=NO

#########
# Define, check, create directories.
#
# Backup directory.
export BACKUP_DIR="${BACKUP_ROOTDIR}/ldap/${YEAR}/${MONTH}"
+ export BACKUP_DIR=/var/vmail/backup/ldap/2017/03
+ BACKUP_DIR=/var/vmail/backup/ldap/2017/03
export BACKUP_FILE="${BACKUP_DIR}/${TIMESTAMP}.ldif"
+ export BACKUP_FILE=/var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif
+ BACKUP_FILE=/var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif

# Find the old backup which should be removed.
export REMOVE_OLD_BACKUP='NO'
+ export REMOVE_OLD_BACKUP=NO
+ REMOVE_OLD_BACKUP=NO
if which python &>/dev/null; then
    export REMOVE_OLD_BACKUP='YES'
    py_cmd="import time; import datetime; t=time.localtime(); print datetime.date(t.tm_year, t.tm_mon, t.tm_mday) - datetime.timedelta(days=${KEEP_DAYS})"
    shift_date=$(python -c "${py_cmd}")
    shift_year="$(echo ${shift_date} | awk -F'-' '{print $1}')"
    shift_month="$(echo ${shift_date} | awk -F'-' '{print $2}')"
    shift_day="$(echo ${shift_date} | awk -F'-' '{print $3}')"
    export REMOVED_BACKUP_DIR="${BACKUP_ROOTDIR}/ldap/${shift_year}/${shift_month}"
    export REMOVED_BACKUPS="${BACKUP_ROOTDIR}/ldap/${shift_year}/${shift_month}/${shift_date}*"
fi
+ which python
+ export REMOVE_OLD_BACKUP=YES
+ REMOVE_OLD_BACKUP=YES
+ py_cmd='import time; import datetime; t=time.localtime(); print datetime.date(t.tm_year, t.tm_mon, t.tm_mday) - datetime.timedelta(days=90)'
++ python -c 'import time; import datetime; t=time.localtime(); print datetime.date(t.tm_year, t.tm_mon, t.tm_mday) - datetime.timedelta(days=90)'
+ shift_date=2016-12-20
++ echo 2016-12-20
++ awk -F- '{print $1}'
+ shift_year=2016
++ echo 2016-12-20
++ awk -F- '{print $2}'
+ shift_month=12
++ echo 2016-12-20
++ awk -F- '{print $3}'
+ shift_day=20
+ export REMOVED_BACKUP_DIR=/var/vmail/backup/ldap/2016/12
+ REMOVED_BACKUP_DIR=/var/vmail/backup/ldap/2016/12
+ export 'REMOVED_BACKUPS=/var/vmail/backup/ldap/2016/12/2016-12-20*'
+ REMOVED_BACKUPS='/var/vmail/backup/ldap/2016/12/2016-12-20*'

# Log file
export LOGFILE="${BACKUP_DIR}/${TIMESTAMP}.log"
+ export LOGFILE=/var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.log
+ LOGFILE=/var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.log

# Check and create directories.
[ -d ${BACKUP_DIR} ] || mkdir -p ${BACKUP_DIR}
+ '[' -d /var/vmail/backup/ldap/2017/03 ']'
chown root ${BACKUP_DIR}
+ chown root /var/vmail/backup/ldap/2017/03
chmod 0700 ${BACKUP_DIR}
+ chmod 0700 /var/vmail/backup/ldap/2017/03

# Initialize log file.
echo "* Starting backup at ${TIMESTAMP}" >> ${LOGFILE}
+ echo '* Starting backup at 2017-03-20-09-45-42'
echo "* Backup directory: ${BACKUP_DIR}." >> ${LOGFILE}
+ echo '* Backup directory: /var/vmail/backup/ldap/2017/03.'

# Backup
echo "* Dumping LDAP data into file: ${BACKUP_FILE}..." >> ${LOGFILE}
+ echo '* Dumping LDAP data into file: /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif...'
${CMD_SLAPCAT} > ${BACKUP_FILE}
+ slapcat -f /etc/openldap/slapd.conf
58cf3446 mdb_monitor_db_open: monitoring disabled; configure monitor database to enable

if [ X"$?" == X"0" ]; then
    export BACKUP_SUCCESS='YES'

    # Get original backup file size
    original_size="$(${CMD_DU} ${BACKUP_FILE} | awk '{print $1}')"

    # Compress backup file.
    echo "* Compressing LDIF file with command: '${CMD_COMPRESS}' ..." >> ${LOGFILE}
    ${CMD_COMPRESS} ${BACKUP_FILE} >> ${LOGFILE} 2>&1

    echo "* [DONE]" >>${LOGFILE}

    # Get compressed file size
    compressed_file_name="${BACKUP_FILE}.${COMPRESS_SUFFIX}"
    compressed_size="$(${CMD_DU} ${compressed_file_name} | awk '{print $1}')"

    echo -n "* Removing plain LDIF file: ${BACKUP_FILE}..." >>${LOGFILE}
    rm -f ${BACKUP_FILE} >> ${LOGFILE} 2>&1
    [ X"$?" == X"0" ] && echo -e "\t[DONE]" >>${LOGFILE}

    sql_log_msg="INSERT INTO log (event, loglevel, msg, admin, ip, timestamp) VALUES ('backup', 'info', 'Backup LDAP data, size: ${original_size}, compressed: ${compressed_size}', 'cron_backup_ldap', '127.0.0.1', UTC_TIMESTAMP());"
else
    # Log failure
    sql_log_msg="INSERT INTO log (event, loglevel, msg, admin, ip, timestamp) VALUES ('backup', 'info', 'Backup LDAP data failed, check log file ${LOGFILE} for more details.', 'cron_backup_ldap', '127.0.0.1', UTC_TIMESTAMP());"
fi
+ '[' X0 == X0 ']'
+ export BACKUP_SUCCESS=YES
+ BACKUP_SUCCESS=YES
++ du -sh /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif
++ awk '{print $1}'
+ original_size=16K
+ echo '* Compressing LDIF file with command: '\''bzip2 -9'\'' ...'
+ bzip2 -9 /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif
+ echo '* [DONE]'
+ compressed_file_name=/var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif.bz2
++ du -sh /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif.bz2
++ awk '{print $1}'
+ compressed_size=4.0K
+ echo -n '* Removing plain LDIF file: /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif...'
+ rm -f /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif
+ '[' X0 == X0 ']'
+ echo -e '\t[DONE]'
+ sql_log_msg='INSERT INTO log (event, loglevel, msg, admin, ip, timestamp) VALUES ('\''backup'\'', '\''info'\'', '\''Backup LDAP data, size: 16K, compressed: 4.0K'\'', '\''cron_backup_ldap'\'', '\''127.0.0.1'\'', UTC_TIMESTAMP());'

# Log to SQL table `iredadmin.log`, so that global domain admins can
# check backup status (System -> Admin Log)
if [[ -n ${MYSQL_USER} ]]; then
    if [[ -n ${MYSQL_PASSWD} ]]; then
        export CMD_MYSQL_ROOT="${CMD_MYSQL} -u'${MYSQL_USER}' -p'${MYSQL_PASSWD}'"
    else
        export CMD_MYSQL_ROOT="${CMD_MYSQL} --defaults-file=${MYSQL_DOT_MY_CNF} -u'${MYSQL_USER}'"
    fi
fi
+ [[ -n iredadmin ]]
+ [[ -n xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ]]
+ export 'CMD_MYSQL_ROOT=mysql -u'\''iredadmin'\'' -p'\''xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'\'''
+ CMD_MYSQL_ROOT='mysql -u'\''iredadmin'\'' -p'\''xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'\'''

${CMD_MYSQL_ROOT} iredadmin -e "${sql_log_msg}" >>${LOGFILE} 2>&1
+ mysql '-u'\''iredadmin'\''' '-p'\''xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'\''' iredadmin -e 'INSERT INTO log (event, loglevel, msg, admin, ip, timestamp) VALUES ('\''backup'\'', '\''info'\'', '\''Backup LDAP data, size: 16K, compressed: 4.0K'\'', '\''cron_backup_ldap'\'', '\''127.0.0.1'\'', UTC_TIMESTAMP());'

# Append file size of backup files to log file.
echo "* File size:" >>${LOGFILE}
+ echo '* File size:'
echo "=================" >>${LOGFILE}
+ echo =================
${CMD_DU} ${BACKUP_FILE}* >>${LOGFILE}
+ du -sh /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif.bz2
echo "=================" >>${LOGFILE}
+ echo =================

# Print some message. It will cause cron generates an email to root user.
if [ X"${BACKUP_SUCCESS}" == X'YES' ]; then
    echo "* [ OK ] Backup completes successfully." >> ${LOGFILE}
else
    echo "* <<< ERROR >>> Backup not successfully complete." >> ${LOGFILE}
fi
+ '[' XYES == XYES ']'
+ echo '* [ OK ] Backup completes successfully.'

if [ X"${REMOVE_OLD_BACKUP}" == X'YES' -a -d ${REMOVED_BACKUP_DIR} ]; then
    echo -e "* Delete old backup under ${REMOVED_BACKUP_DIR}." >> ${LOGFILE}
    echo -e "* Suppose to delete: ${REMOVED_BACKUPS}" >> ${LOGFILE}
    rm -rf ${REMOVED_BACKUPS} >> ${LOGFILE} 2>&1

    if [ -n ${MYSQL_USER} ] && [ -n ${MYSQL_PASSWD} ]; then
        sql_log_msg="INSERT INTO log (event, loglevel, msg, admin, ip, timestamp) VALUES ('backup', 'info', 'Remove old backup: ${REMOVED_BACKUPS}.', 'cron_backup_sql', '127.0.0.1', UTC_TIMESTAMP());"
        ${CMD_MYSQL_ROOT} iredadmin -e "${sql_log_msg}"
    fi
fi
+ '[' XYES == XYES -a -d /var/vmail/backup/ldap/2016/12 ']'

cat ${LOGFILE}
+ cat /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.log
* Starting backup at 2017-03-20-09-45-42
* Backup directory: /var/vmail/backup/ldap/2017/03.
* Dumping LDAP data into file: /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif...
* Compressing LDIF file with command: 'bzip2 -9' ...
* [DONE]
* Removing plain LDIF file: /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif...  [DONE]
ERROR 1045 (28000): Access denied for user 'iredadmin'@'localhost' (using password: YES)
* File size:
=================
4.0K    /var/vmail/backup/ldap/2017/03/2017-03-20-09-45-42.ldif.bz2
=================
* [ OK ] Backup completes successfully.

99

(10 篇回复,发表在 iRedMail 技术支持)

]# mysql -uiredadmin -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6816
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> quit
Bye

100

(10 篇回复,发表在 iRedMail 技术支持)

# vi /var/vmail/backup/backup_openldap.sh
export MYSQL_USER="iredadmin"
export MYSQL_PASSWD="xxxxxxxxxxxxxxxxxxx"
export MYSQL_DOT_MY_CNF='/root/.my.cnf'

它使用的是 iredadmin

# vi /root/.my.cnf
[client]
user=root
password="zzzzzzzzzz"

安裝iRedMail 產生的 .my.cnf
passwoed 會加上 " " , 這會有問題?

Thanks.