Ubuntu 24.04
Install iRedMail : https://docs.iredmail.org/install.iredmail.on.debian.ubuntu.html
Check : Important things you MUST know after installation
Conf : https://docs.iredmail.org/file.locations.html
Addtion: https://spiderd.io/
- Roundcube webmail: https://your_server/mail/
- SOGo Groupware: https://your_server/SOGo
- Web admin panel (iRedAdmin): https://your_server/iredadmin/
Ubuntu:
- sudo systemctl enable ufw
- sudo ufw allow smtps pop3s
- sudo reboot
Use old dkim : https://docs.iredmail.org/sign.dkim.signature.for.new.domain.html#use-existing-dkim-key-for-new-mail-domain
- copy pem from oldsvr, path /var/lib/dkim/domain.pem to newsvr(use:sudo su)
- modify newsvr /etc/amavis/conf.d/50-user before # Disclaimer settings(see oldsvr /etc/amavisd/amavisd.conf)
dkim_key('domain.com', 'dkim', '/var/lib/dkim/domain.com.pem');
@dkim_signature_options_bysender_maps = ({
# 'd' defaults to a domain of an author/sender address,
# 's' defaults to whatever selector is offered by a matching key
# Per-domain dkim key
#"domain.com" => { d => "domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
# catch-all (one dkim key for all domains)
'.' => {d => 'domain.com',
a => 'rsa-sha256',
c => 'relaxed/simple',
ttl => 30*24*3600 },
}); - sudo reboot
- sudo amavisd testkeys (=>pass)
Fail2Ban
- modify /etc/fail2ban/jail.local
- modify /etc/postfix/helo_access.pcre
- sudo su, cd /opt/iredapd/tools
python wblist_admin.py --list --whitelist for oldsvr to list....
sudo python3 wblist_admin.py --list --whitelist for newsvr ....
>> sudo python3 wblist_admin.py --add --whitelist ip or domain from oldsvr
Create Cert
Let's Encrypt offers FREE SSL certificate.
https://docs.iredmail.org/letsencrypt.html
- sudo apt install -y certbot
- sudo certbot certonly --webroot --dry-run -w /var/www/html -d mail.domain.com
- sudo certbot certonly --webroot -w /var/www/html -d mail.domain.com
Backup Cert
- mv /etc/ssl/certs/iRedMail.crt /etc/ssl/certs/iRedMail.crt.bak
- mv /etc/ssl/private/iRedMail.key /etc/ssl/private/iRedMail.key.bak
Use New Cert
- ln -s /etc/letsencrypt/live/mail.domain.com/fullchain.pem /etc/ssl/certs/iRedMail.crt
- ln -s /etc/letsencrypt/live/mail.domain.com/privkey.pem /etc/ssl/private/iRedMail.key
Restart Service
- sudo systemctl restart postfix dovecot nginx
沒有留言:
張貼留言