WRITEME

I have decided to use iredmail which basically is a set of shell scripts that automates the install of things like Postfix, dovecot, clamav, etc.

• http://code.google.com/p/iredmail/
• http://www.iredmail.org/forum/
• http://www.iredmail.org/forum/topic87-iredadmin-feature-requests-webbased-iredmail-admin-console.html
• http://myamavis.kapott.org/
• aptitude install mercurial bzip2 acl wget dialog mktemp

  After installation has finished:

• Read file iRedMail-x.y.z/iRedMail.tips first, it contains:
  • User password and related sensitive information.
  • Location of mail serve related software configuration files and other important information.
• http://code.google.com/p/iredmail/wiki/DNS_SPF
• http://code.google.com/p/iredmail/wiki/DNS_DKIM
• http://code.google.com/p/iredmail/wiki/Admin_Guide
• http://howtoforge.com/virtual-mail-and-ftp-hosting-with-iredmail-and-pure-ftpd
• http://www.iredmail.org/forum/topic98-mailman.html
• iptables
• implication of not enabling acl
  • as it seems, issuing mount -o remount,rw,acl / is mandatory
  • http://www.iredmail.org/forum/topic97-debian-openvz-iredmail.html

- storage: Quota limit in kilobytes, 0 means unlimited. - bytes: Quota limit in bytes, 0 means unlimited. - messages: Quota limit in number of messages, 0 means unlimited. This probably isn't very useful. - backend: Quota backend-specific limit configuration. - ignore: Don't inclu

• Mailbox quota: see ../tools/dovecot-quota-warning.sh
  • /etc/dovecot/dovecot.conf
• backup: ../tools/backup_iRedMail.sh
• Advanced message Search option in webmail; example: some one search message like: subject, attachment, to, cc, bcc, flaged, domain, messege size, as like zimbra advance search
  • Roundcube already has this feature, but it's not so user-friendly. You can type 'body: search_string' in search field, or 'to: [email protected]' etc.
• blocking extensions: .xls, .doc, .pdf, .com, .exe, .rar, .zip, etc.
  • Amavisd-new has this feature, please read its document: http://www.ijs.si/software/amavisd/ Again: issue tracker is not used for tech support, please post them to our forum: http://www.iredmail.org/forum/
• http://wiki.dovecot.org/PostLoginScripting
• disclaimer http://www.iredmail.org/forum/topic210-faq-how-to-enable-signing-disclaimer-on-outgoing-mails.html

Introduction

Components

• http://code.google.com/p/iredmail/wiki/Main_Components
• http://www.ijs.si/software/amavisd/
  • http://myamavis.kapott.org/ -
• http://www.policyd.org/tiki-index.php
• https://woozle.org/~neale/src/pysieved/

Upgrade

• http://www.iredmail.org/forum/topic177-general-way-to-upgrade.html

Security

- testing http://www.gfi.com/emailsecuritytest/

SPAM

Domainkeys

• http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
• http://code.google.com/p/iredmail/wiki/DNS_DKIM
• http://www.iredmail.org/forum/topic130-dkim-signing-for-multiple-virtual-domains.html

Sender Policy Framework

• http://en.wikipedia.org/wiki/Sender_Policy_Framework
• http://code.google.com/p/iredmail/wiki/DNS_SPF

Greylisting

• how do you turn off greylisting?
  • in /etc/policyd.conf set GREYLISTING=0 and then restart policyd
  • or try to make the interval time shorter: TRIPLET_TIME=1m; 1m is 1 minute.

Netfilter

- http://www.iredmail.org/forum/topic209-faq-iredmail-opens-which-service-ports.html - how can I disable the IPTables that was shipped with iredmail on

startup?

• /etc/init.d/iptables stop or
• If you want do disable it on system startup, run: chkconfig --level 345 iptables off

TCP ports to open: 80,443,25,587,465,110,995,143,993,389,636,21,20

# http/https INPUT -p tcp -m multiport —dport 80,443 -j ACCEPT

# smtp/smtps INPUT -p tcp -m multiport —dport 25,587,465 -j ACCEPT

# pop3/pop3s INPUT -p tcp -m multiport —dport 110,995 -j ACCEPT

# imap/imaps INPUT -p tcp -m multiport —dport 143,993 -j ACCEPT

# ldap/ldaps INPUT -p tcp -m multiport —dport 389,636 -j ACCEPT

# ftp. INPUT -p tcp -m multiport —dport 21,20 -j ACCEPT

# ssh INPUT -p tcp —dport 22 -j ACCEPT