注:这只是针对邮件服务器的一个迁移实践,并不适用于所有iredmail邮件服务器迁移,思路仅供参考
一、操作系统配置
参考
1)、待迁移目标服务器操作系统版本(本人实践过在centos上安装iredmail,相比较而言ubuntu更友好更少出错)
root@mail:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
2)、解决root用户不能直接登录问题
sed -i 's@PermitRootLogin without-password@#&\nPermitRootLogin yes@' /etc/ssh/sshd_config
3)、解决ssh登录慢问题
echo "UseDNS no" >>/etc/ssh/sshd_config
4)、修改/etc/sysctl.conf文件,如果已经有以下内容则修改为以下内容,如果没有则添加。
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
修改完后执行:
sysctl -p
5)、修改主机名
>/etc/hostname
echo "mail" >>/etc/hostname
echo "127.0.0.1 mail.xxoo.cn mail localhost localhost.localdomain" >>/etc/hosts
6)、修改/etc/resolv.conf
echo "nameserver 114.114.114.114" >> /etc/resolvconf/resolv.conf.d/base
echo "nameserver 202.96.128.166" >> /etc/resolvconf/resolv.conf.d/base
echo "nameserver 8.8.8.8" >> /etc/resolvconf/resolv.conf.d/base
7)、reboot
8)、卸载MySQL, OpenLDAP, Postfix, Dovecot, Amavisd(如果操作系统默认安装了就卸载,没安装的话不用管)
root@ubuntu:~# dpkg -l|grep -i OpenLDAP
root@ubuntu:~# dpkg -l|grep -i MySQL
root@ubuntu:~# dpkg -l|grep -i Postfix
root@ubuntu:~# dpkg -l|grep -i Dovecot
root@ubuntu:~# dpkg -l|grep -i Amavisd
举例如下:
root@mail:~/iRedMail-0.9.4# dpkg -l|grep -i Dovecot
ii dovecot-core 1:2.2.9-1ubuntu2.1 amd64 secure POP3/IMAP server - core files
ii dovecot-imapd 1:2.2.9-1ubuntu2.1 amd64 secure POP3/IMAP server - IMAP daemon
ii dovecot-pop3d 1:2.2.9-1ubuntu2.1 amd64 secure POP3/IMAP server - POP3 daemon
root@mail:~/iRedMail-0.9.4# apt-get remove dovecot-core
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
dovecot-core dovecot-imapd dovecot-pop3d
0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
After this operation, 8,425 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 57576 files and directories currently installed.)
Removing dovecot-imapd (1:2.2.9-1ubuntu2.1) ...
Removing dovecot-pop3d (1:2.2.9-1ubuntu2.1) ...
Removing dovecot-core (1:2.2.9-1ubuntu2.1) ...
dovecot stop/waiting
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
root@mail:~/iRedMail-0.9.4# apt-get remove dovecot-imapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'dovecot-imapd' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@mail:~/iRedMail-0.9.4# apt-get remove dovecot-pop3d
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'dovecot-pop3d' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@mail:~/iRedMail-0.9.4#
root@mail:~/iRedMail-0.9.4# dpkg -l|grep -i Dovecot
rc dovecot-core 1:2.2.9-1ubuntu2.1 amd64 secure POP3/IMAP server - core files
rc dovecot-imapd 1:2.2.9-1ubuntu2.1 amd64 secure POP3/IMAP server - IMAP daemon
rc dovecot-pop3d 1:2.2.9-1ubuntu2.1 amd64 secure POP3/IMAP server - POP3 daemon
root@mail:~/iRedMail-0.9.4# dpkg -l | grep ^rc | cut -d' ' -f3 |xargs dpkg --purge
(Reading database ... 57108 files and directories currently installed.)
Removing dovecot-core (1:2.2.9-1ubuntu2.1) ...
Purging configuration files for dovecot-core (1:2.2.9-1ubuntu2.1) ...
userdel: user 'dovecot' does not exist
userdel: user 'dovenull' does not exist
dpkg: warning: while removing dovecot-core, directory '/etc/dovecot/conf.d' not empty so not removed
Removing dovecot-imapd (1:2.2.9-1ubuntu2.1) ...
Purging configuration files for dovecot-imapd (1:2.2.9-1ubuntu2.1) ...
Removing dovecot-pop3d (1:2.2.9-1ubuntu2.1) ...
Purging configuration files for dovecot-pop3d (1:2.2.9-1ubuntu2.1) ...
Removing libcurl3:amd64 (7.35.0-1ubuntu2.6) ...
Purging configuration files for libcurl3:amd64 (7.35.0-1ubuntu2.6) ...
Removing libcurl3-gnutls:amd64 (7.35.0-1ubuntu2.6) ...
Purging configuration files for libcurl3-gnutls:amd64 (7.35.0-1ubuntu2.6) ...
Removing libldap-2.4-2:amd64 (2.4.31-1+nmu2ubuntu8.2) ...
Purging configuration files for libldap-2.4-2:amd64 (2.4.31-1+nmu2ubuntu8.2) ...
Removing software-properties-common (0.92.37.7) ...
Purging configuration files for software-properties-common (0.92.37.7) ...
root@mail:~/iRedMail-0.9.4# dpkg -l|grep -i Dovecot
root@mail:~/iRedMail-0.9.4#
二、安装iredmail
apt-get install bzip2
cd /root
wget
tar xjf /root/iRedMail-0.9.4.tar.bz2
cd /root/iRedMail-0.9.4/
IREDMAIL_MIRROR='' bash iRedMail.sh
安装日志路径 /root/iRedMail-0.9.4/runtime/install.log
iredmail常用的运行日志
/var/log/dovecot.log
/var/log/dovecot-sieve.log
/var/log/mail.log
三、数据库迁移
参考
我对比了下iredmail0.8.6和iredmail0.9.4发现主要有如下表有差别
vmail库的alias表和mailbox表新旧版本的字段稍有变化
roundcubemail库的identities表新旧版本的字段稍有变化
详细字段变化可用desc 表名进行对比
在我已知的需要迁移一些数据库表如下:
vmail库------------------------alias表 (别名信息)
mailbox表 (邮箱用户名密码信息)
used_quota表(用户邮箱容量信息)
roundcubemail库----------------contactgroupmembers
contactgroups
contacts(这三个表应该是邮件地址列表信息,我猜的。。)
users
identities(这两个表和个性签名信息相关)
我迁移数据库表的思路是在旧库上建一个和新库上表结构一样但名字不一样的表,然后在旧库上把现有的数据导入,最后把这个新建的表导出再导入到新库去
举例操作如下:
迁移alias表
旧库上新建表alias_test0413(这种create语句你在新库上导出表的sql文件里就有,你要做的只是改个表名而已)
CREATE TABLE `alias_test0413` (
`address` varchar(255) NOT NULL DEFAULT '',
`goto` text,
`name` varchar(255) NOT NULL DEFAULT '',
`moderators` text,
`accesspolicy` varchar(30) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`islist` tinyint(1) NOT NULL DEFAULT '0',
`is_alias` tinyint(1) NOT NULL DEFAULT '0',
`alias_to` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`address`),
KEY `domain` (`domain`),
KEY `islist` (`islist`),
KEY `is_alias` (`is_alias`),
KEY `alias_to` (`alias_to`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
旧库上将alias表的数据插入到alias_test0413
insert into alias_test0413(address,goto,name,moderators,accesspolicy,domain,created,modified,expired,active) select * from alias
旧库上导出alias_test0413表
mysqldump -uroot -pengine -h127.0.0.1 -P3306 --tables vmail alias_test0413> alias.sql
修改alias.sql
sed -i 's/alias_test0413/alias/g' alias.sql
将alias.sql传到新库所在的服务器并在新库上导入
use vmail
source alias.sql
我的实际操作:
旧库导出表
delete from alias_test0413
insert into alias_test0413(address,goto,name,moderators,accesspolicy,domain,created,modified,expired,active) select * from alias
delete from mailbox_test0413
insert into mailbox_test0413(username,password,name,language,storagebasedirectory,storagenode,maildir,quota,domain,transport,department,rank,employeeid,isadmin,isglobaladmin,enablesmtp,enablesmtpsecured,enablepop3,enablepop3secured,enableimap,enableimapsecured,enabledeliver,enablelda,enablemanagesieve,enablemanagesievesecured,enablesieve,enablesievesecured,enableinternal,enabledoveadm,`enablelib-storage`,lastlogindate,lastloginipv4,lastloginprotocol,disclaimer,allowedsenders,rejectedsenders,allowedrecipients,rejectedrecipients,passwordlastchange,created,modified,expired,active,`local_part`) select username,password,name,language,storagebasedirectory,storagenode,maildir,quota,domain,transport,department,rank,employeeid,isadmin,isglobaladmin,enablesmtp,enablesmtpsecured,enablepop3,enablepop3secured,enableimap,enableimapsecured,enabledeliver,enablelda,enablemanagesieve,enablemanagesievesecured,enablesieve,enablesievesecured,enableinternal,enabledoveadm,`enablelib-storage`,lastlogindate,lastloginipv4,lastloginprotocol,disclaimer,allowedsenders,rejectedsenders,allowedrecipients,rejectedrecipients,passwordlastchange,created,modified,expired,active,`local_part` from mailbox
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --tables vmail alias_test0413> alias.sql
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --tables vmail mailbox_test0413> mailbox.sql
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --tables vmail used_quota> used_quota.sql
sed -i 's/alias_test0413/alias/g' alias.sql
sed -i 's/mailbox_test0413/mailbox/g' mailbox.sql
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --tables roundcubemail contactgroupmembers> contactgroupmembers.sql
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --tables roundcubemail contactgroups> contactgroups.sql
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --tables roundcubemail contacts> contacts.sql
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --no-create-db --no-create-info --tables roundcubemail users> users.sql
[root@mail 0415]# mysqldump -uroot -pengine -h127.0.0.1 -P3306 --no-create-db --no-create-info --tables roundcubemail identities> identities.sql
新库导入表
use vmail
source alias.sql
source mailbox.sql
source used_quota.sql
use roundcubemail
source contactgroupmembers.sql
source contactgroups.sql
source contacts.sql
delete from users
source users.sql
delete from identities
source identities.sql
四、邮件目录迁移
rsync -avzP --delete --port 2873 --password-file=/root/.rsyncPw vmail@192.168.1.99::mail/data /home/xxoo/
五、SSL证书拷贝(具体路径可参考iRedMail.tips文件)
0.8.6版本 0.9.4版本
- /etc/pki/tls/certs/iRedMail_CA.pem - /etc/ssl/certs/iRedMail.crt
- /etc/pki/tls/private/iRedMail.key - /etc/ssl/private/iRedMail.key
scp /etc/pki/tls/certs/iRedMail_CA.pem 192.168.1.100:/etc/ssl/certs/iRedMail.crt
scp /etc/pki/tls/private/iRedMail.key 192.168.1.100:/etc/ssl/private/iRedMail.key
配置 Postfix/Dovecot 使用SSL证书
Postfix (SMTP 服务器)
直接使用 postconf 命令来更新 SSL 证书相关的设置:
postconf -e smtpd_use_tls='yes'
postconf -e smtpd_tls_cert_file='/etc/ssl/certs/iRedMail.crt'
postconf -e smtpd_tls_key_file='/etc/ssl/private/iRedMail.key'
修改后需重启 Postfix 服务。
Dovecot (POP3/IMAP 服务器)
Dovecot 的 SSL 证书设置定义在主配置文件 /etc/dovecot/dovecot.conf
ssl = required
ssl_cert =
ssl_key =
修改后需重启 Dovecot 服务。
六、开启smtps(465端口)
参考
cat <
465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
EOF
sed -i 's/-A INPUT -p tcp --dport 587 -j ACCEPT/-A INPUT -p tcp --dport 587 -j ACCEPT\n-A INPUT -p tcp --dport 465 -j ACCEPT/' /etc/default/iptables
七、DKIM更换
参考
新服务器上查看DKIM_KEY
root@mail:~# amavisd-new showkey
; key#1, domain xxoo.cn, /var/lib/dkim/xxoo.cn.pem
dkim._domainkey.xxoo.cn. 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0iRU1UnPR0xgVaqfjxZsoao8i"
"xBxsNvLbUd9vQlURoVI03cqyRqnMIZunLGxUic56bHVE49HnkKe1GKz2zgWGa5Fo"
"vVXWyuBBcdZooYbu5UREiXoUiWOX+psaHeuJcK0fgu1YgiCr+Ki9afTU6JvJXxBM"
"j0aNFAJRtnu0UAbK1QIDAQAB")
root@mail:~#
老服务器上查看DKIM_KEY
[root@mail ~]# amavisd -c /etc/amavisd/amavisd.conf showkeys
; key#1, domain xxoo.cn, /var/lib/dkim/xxoo.cn.pem
dkim._domainkey.xxoo.cn. 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0iRU1UnPR0xgVaqfjxZsoao8i"
"xBxsNvLbUd9vQlURoVI03cqyRqnMIZunLGxUic56bHVE49HnkKe1GKz2zgWGa5Fo"
"vVXWyuBBcdZooYbu5UREiXoUiWOX+psaHeuJcK0fgu1YgiCr+Ki9afTU6JvJXxBM"
"j0aNFAJRtnu0UAbK1QIDAQAB")
[root@mail ~]#
直接用老服务器上的dkim_key替换新服务器上的key
scp /var/lib/dkim/xxoo.cn.pem 192.168.1.100:/var/lib/dkim/xxoo.cn.pem
并再次查看dkim_key是否更新
amavisd-new showkey
条件具备时进行验证
amavisd-new testkeys 或者amavisd -c /etc/amavisd/amavisd.conf testkeys
[root@mail ~]# amavisd -c /etc/amavisd/amavisd.conf testkeys
TESTING#1: dkim._domainkey.xxoo.cn => pass
八、更换LOGO
cp /opt/www/roundcubemail-1.1.4/skins/larry/images/roundcube_logo.png /opt/www/roundcubemail-1.1.4/skins/larry/images/roundcube_logo.png.bak
用老版本服务器上的LOGO文件/var/www/roundcubemail-0.9.5/skins/larry/images/roundcube_logo.png
替换新版本服务器上的LOGO文件/opt/www/roundcubemail-1.1.4/skins/larry/images/roundcube_logo.png
scp /var/www/roundcubemail-0.9.5/skins/larry/images/roundcube_logo.png 192.168.1.100:/opt/www/roundcubemail-1.1.4/skins/larry/images/roundcube_logo.png
九、解决用户名登录邮箱默认显示域名为127.0.0.1问题
cp /opt/www/roundcubemail-1.1.4/config/config.inc.php /opt/www/roundcubemail-1.1.4/config/config.inc.php.bak
sed -ri 's#//(\$config\['"'"'username_domain'"'"'])#\1#g' /opt/www/roundcubemail-1.1.4/config/config.inc.php
十、解决多次错误登录后ip被封问题
脚本在192.168.1.100 /root/fail2ban_unban_ip.sh
执行./fail2ban_unban_ip.sh 183.62.15.118即可
如果希望某个IP永远不被封掉,可修改/etc/fail2ban/jail.conf(/etc/fail2ban/jail.local这个文件存在的话就是改它)
如:ignoreip = 127.0.0.1/8 183.62.15.118
十一、设置邮件附件限额为100M
sed -i 's/post_max_size = 12M/post_max_size = 100M/' /etc/php5/apache2/php.ini
sed -i 's/upload_max_filesize = 10M/upload_max_filesize = 100M/' /etc/php5/apache2/php.ini
sed -i 's/message_size_limit = 15728640/mailbox_size_limit = 0\nmessage_size_limit = 104857600/' /etc/postfix/main.cf
sed -i 's/php_value upload_max_filesize 10M/php_value upload_max_filesize 100M/' /opt/www/roundcubemail/.htaccess
sed -i 's/php_value post_max_size 12M/php_value post_max_size 100M/' /opt/www/roundcubemail/.htaccess
重启httpd服务:service apache2 restart
重启postfix服务:service postfix restart
十二、解决调用sendEmail发送邮件失败问题
参考http://www.iredmail.com/docs/allow.insecure.pop3.imap.smtp.connections.html
sendEmail 不指定邮件服务器端口时默认是用25端口,因此邮件服务器需要开通非安全的smtp连接
修改/etc/postfix/main.cf配置文件注释smtpd_tls_auth_only=yes行,并重启postfix服务
十三、163,QQ等邮箱发邮件到公司邮箱时禁用灰名单
参考
cd /opt/iredapd/tools/
python greylisting_admin.py --disable --from '@qq.com'
python greylisting_admin.py --disable --from '@163.com'