This project uses iRedMail-0.9.0 (as on 02/2015) with:

• iRedAdmin-0.4.1
• iRedAPD-1.4.4
• roundcubemail-1.0.4

Image builds with:

• Debian Wheezy
• OpenLDAP
• Apache
• Roundcube
• SOGo
• MySQL

You have to edit files/config.example file:

1. Rename files/config.example to files/config
2. Replace "example.com" with your domain (lines marked with "!")
3. Replace "password_pm", "password_ldap", "password_db" with postmaster password, ldap manager password, DBA password (lines marked with "!!")*
4. Replace "password_random" with line from date | sha256sum | base64 | head -c 30 ; echo (lines marked with "!!!")
5. Remove all "!" signs from file

* - It is strongly recommended to use random passwords

You have to edit files/hostname.example and files/uname.example files by changing hostnames in them and renaming files (removing .example from their names).

You have to edit Dockerfile.example:

1. Rename Dockerfile.example to Dockerfile
2. Replace hostname and passwords near TODO comments with yours

You can add initial mail users to OpenLDAP:

1. Rename mail_users.csv.example to mail_users.csv
2. Fill this file with data (see below)
3. For passwords please use date | sha256sum | base64 | head -c 8 ; echo

CSV file format:
domain name, username, password, [common name], [quota_in_bytes], [groups]

Example:

iredmail.org, zhang, plain_password, Zhang Huangbin, 104857600, group1:group2
iredmail.org, zhang, plain_password, Zhang Huangbin, ,
iredmail.org, zhang, plain_password, , 104857600, group1:group2

Note:

• Domain name, username and password are REQUIRED, others are optional:
  • common name.
    • It will be the same as username if it's empty.
    • Non-ascii character is allowed in this field, they will be
      encoded automaticly. Such as Chinese, Korea, Japanese, etc.
  • quota. It will be 0 (unlimited quota) if it's empty.
  • groups.
    • valid group name ([email protected]): hr
    • incorrect group name: [email protected]
    • Do NOT include domain name in group name, it will be
      appended automaticly.
    • Multiple groups must be seperated by colon.
• Leading and trailing Space will be ignored.

You can add mail lists by placing your *.ldif files into files/ldifs directory and naming them like 10_any_name.ldif.
Moreover, you can place there any *.ldif you like naming it 30_name.ldif.
To prepare your ldif files read corresponding iRedMail docs.
You can copy any necessary tools to files/tools directory to be added to image.

File sources.list.ru contains sources list for Russia, you could replace it with more adequate fro your region.

To build image, run:

sudo docker build -t cema/iredmail:latest .

To run image use command:

sudo docker run -d -P -h mail.example.com \
  -v /opt/containers/iredmail/backups/:/backups \
  --name iredmail cema/iredmail:latest /sbin/init 2

Where /opt/containers/iredmail/backups/ is backups path in which containers /var/vmail/ directory copied.

To run image with docker-compose you have to modify docker-compose.yml.example file:

1. Rename file to docker-compose.yml
2. Replace image name if you have changed it
3. Replace hostname and domainname in file

After all run sudo docker-compose up -d

After starting up container:

1. Set up DNS records (A, MX, SPF and DKIM) (see docs).
   To get DKIM use:

   sudo docker exec docker_mailserver_1 amavisd-new showkeys

To check it use:

```bash
sudo docker exec docker_mailserver_1 amavisd-new testkeys
```

2. (Optional) if you use jwilder/nginx-proxy, copy container certs with commands:

   sudo docker cp docker_mailserver_1:/etc/ssl/certs/iRedMail.crt \
     /opt/docker/mail-server/certs/
   sudo docker cp docker_mailserver_1:/etc/ssl/private/iRedMail.key \
     /opt/docker/mail-server/certs/
   sudo mv /opt/docker/mail-server/certs/{iRedMail,mx.example.com}.crt
   sudo mv /opt/docker/mail-server/certs/{iRedMail,mx.example.com}.key

Enter container:

sudo docker exec -it iredmail /bin/bash

Check Manager password
ldapwhoami -x -D 'cn=Manager,dc=example,dc=com' -W

Check added domains
ldapsearch -D 'cn=Manager,dc=example,dc=com' -b 'o=domains,dc=example,dc=com' -W

See users of domain

ldapsearch -D 'cn=Manager,dc=example,dc=com' \
  -b 'ou=Users,domainName=example.com,o=domains,dc=example,dc=com' -W

Check user password

ldapsearch -D '[email protected],ou=Users,\
  domainName=example.com,o=domains,dc=example,dc=com' \
  -b 'ou=Users,domainName=example.com,o=domains,dc=example,dc=com' -W

Check LDAP
curl ldap://0.0.0.0:49258 -v
or

curl -u uid=postmaster:password \
  ldap://0.0.0.0:49258/ou=Users,domainName=example.com,\
  o=domains,dc=example,dc=com -v

Check SMTP

curl smtp://0.0.0.0:49251 --ssl -k \
  -u [email protected]:password 
  -v --mail-rcpt "[email protected]" --anyauth

Enter container:

sudo docker exec -it iredmail /bin/bash

Then use tail -f -n30 /var/log/logfilename to read logfilename.

Run:
sudo docker cp iredmail:/var/vmail/* /opt/containers/iredmail/backups/

Create SSHA password (w/o slap utils)

#!/bin/sh
# http://wiki.nginx.org/Faq#How_do_I_generate_an_htpasswd_file_without_having_Apache_tools_installed.3F
 
PASSWORD=$1;
SALT="$(openssl rand -base64 3)"
SHA1=$(printf "$PASSWORD$SALT" | openssl dgst -binary -sha1 | sed 's#$#'"$SALT"'#' | base64);
 
printf "{SSHA}$SHA1\n"

Create SSHA password (w slap utils)

slappasswd -s passphrase

Create SSHA password (w iRedMail tools)

python /opt/itools/generate_password_hash.py SSHA passphrase

Encrypt/Decrypt iRedMail.tips file

echo 'passphrase' | openssl enc \
  -in /opt/iredmail/iRedMail.tips \
  -out /opt/iRedMail.tips.enc \
  -e -aes256 -pass stdin
echo 'passphrase' | openssl enc \
  -in /opt/iRedMail.tips.enc \
  -out /opt/iRedMail.tips \
  -d -aes256 -pass stdin