Version 1 - Historique - HowTo Mail Backup - Ikujam - tetaneutral.net

1

iku jam

h1. HowTo Mail Backup - Ikujam

2

1

iku jam

3

1

iku jam

{{>toc}}

4

1

iku jam

5

1

iku jam

*WIP...*

6

1

iku jam

7

1

iku jam

# Presentation

8

1

iku jam

# Requirements

9

1

iku jam

# dns setup on host

10

1

iku jam

## master for tld .test

11

1

iku jam

## static IPs for vms

12

1

iku jam

# 2 vms mail1.test mail2.test

13

1

iku jam

## postfix

14

1

iku jam

## postfixadmin

15

1

iku jam

## postgresql

16

1

iku jam

## pgpool for postgres replication

17

1

iku jam

## inotify-based sync on maildir

18

1

iku jam

## roundcube as mail client

19

1

iku jam

## mailman as list manager

20

1

iku jam

# test setup

21

1

iku jam

## default case

22

1

iku jam

## failover scenario

23

1

iku jam

24

1

iku jam

25

1

iku jam

h2. Presentation

26

1

iku jam

27

1

iku jam

several projects with mail servers

28

1

iku jam

request of certain stability, needed documentation

29

1

iku jam

free software user, activist and contributor

30

1

iku jam

idea is to produce a complete test environment with vms on a single machine

31

1

iku jam

32

1

iku jam

CC-NC-SA

33

1

iku jam

34

1

iku jam

35

1

iku jam

h2. Requirements

36

1

iku jam

37

1

iku jam

h3. Host system

38

1

iku jam

39

1

iku jam

* debian

40

1

iku jam

* qemu-kvm

41

1

iku jam

* bind

42

1

iku jam

43

1

iku jam

This hwtoo uses

44

1

iku jam

45

1

iku jam

 # cat /etc/debian_version

46

1

iku jam

 wheezy/sid

47

1

iku jam

 # uname -a

48

1

iku jam

 Linux master 3.1.0-1-amd64 #1 SMP Sun Dec 11 20:36:41 UTC 2011 x86_64 GNU/Linux

49

1

iku jam

50

1

iku jam

h3. Mail Server VMs

51

1

iku jam

52

1

iku jam

* debian

53

1

iku jam

* debian packages for the different software

54

1

iku jam

55

1

iku jam

56

1

iku jam

 root@mail1:~# echo "mail1" > /etc/hostname

57

1

iku jam

 root@mail1:~# apt-get install inotify-tools rsync openssh-server pgpool  javascript-common apache2 libapache2-mod-php5  roundcube postgresql postfix postfix-pgsql mailman roundcube-pgsql libc-client2007e mlock php5-imap postgrey courier-authlib-postgresql sasl2-bin courier-authdaemon  libsasl2-modules-sql courier-imap-ssl --no-install-recommends

58

1

iku jam

59

1

iku jam

* use default options for roundcube, courier & mailman  for now

60

1

iku jam

** ident authentication

61

1

iku jam

** dbconfig

62

1

iku jam

** pgsql as database choice

63

1

iku jam

** mailman language as you prefer

64

1

iku jam

65

1

iku jam

* install postfixadmin :

66

1

iku jam

67

1

iku jam

 root@mail1:~# lynx 'http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.4/postfixadmin_2.3.4_all.deb'

68

1

iku jam

69

1

iku jam

* use default options for now

70

1

iku jam

71

1

iku jam

72

1

iku jam

* just as of personal habit, some tools i use

73

1

iku jam

74

1

iku jam

 root@mail1:~# apt-get install lynx less mc vim

75

1

iku jam

76

1

iku jam

77

1

iku jam

 root@mail1:~# cat /etc/debian_version

78

1

iku jam

 wheezy/sid

79

1

iku jam

 root@mail1:~# uname -a

80

1

iku jam

 Linux mail1.test 3.1.0-1-amd64 #1 SMP Tue Jan 10 05:01:58 UTC 2012 x86_64 GNU/Linux

81

1

iku jam

82

1

iku jam

83

1

iku jam

 root@mail2:~# cat /etc/debian_version

84

1

iku jam

 wheezy/sid

85

1

iku jam

 root@mail2:~# uname -a

86

1

iku jam

 Linux mail2 3.1.0-1-amd64 #1 SMP Fri Dec 23 16:37:11 UTC 2011 x86_64 GNU/Linux

87

1

iku jam

88

1

iku jam

root@mail2:~# cat /etc/network/interfaces

89

1

iku jam

# This file describes the network interfaces available on your system

90

1

iku jam

# and how to activate them. For more information, see interfaces(5).

91

1

iku jam

92

1

iku jam

# The loopback network interface

93

1

iku jam

auto lo

94

1

iku jam

iface lo inet loopback

95

1

iku jam

96

1

iku jam

# The primary network interface

97

1

iku jam

allow-hotplug eth0

98

1

iku jam

iface eth0 inet static

99

1

iku jam

        address 192.168.122.3

100

1

iku jam

        netmask 255.255.255.0

101

1

iku jam

        network 192.168.122.0

102

1

iku jam

        broadcast 192.168.122.255

103

1

iku jam

        gateway 192.168.122.1

104

1

iku jam

105

1

iku jam

106

1

iku jam

h2. dns setup on host

107

1

iku jam

108

1

iku jam

109

1

iku jam

root@quadebian:/etc/bind# cat  db.192.168.122

110

1

iku jam

111

1

iku jam

; BIND reverse data file for test

112

1

iku jam

113

1

iku jam

$TTL	604800

114

1

iku jam

@	IN	SOA	master.test. root.master.test. (

115

1

iku jam

			      1		; Serial

116

1

iku jam

			 604800		; Refresh

117

1

iku jam

			  86400		; Retry

118

1

iku jam

			2419200		; Expire

119

1

iku jam

			 604800 )	; Negative Cache TTL

120

1

iku jam

121

1

iku jam

@	IN	NS	master.test.

122

1

iku jam

1	IN	PTR	master.test.

123

1

iku jam

2	IN	PTR	mail1.test.

124

1

iku jam

3	IN	PTR	mail2.test.

125

1

iku jam

126

1

iku jam

127

1

iku jam

root@quadebian:/etc/bind# cat  db.test

128

1

iku jam

129

1

iku jam

; BIND data file for test

130

1

iku jam

131

1

iku jam

$TTL	604800

132

1

iku jam

@	IN	SOA	master.test. info.master.test. (

133

1

iku jam

			      2		; Serial

134

1

iku jam

			 604800		; Refresh

135

1

iku jam

			  86400		; Retry

136

1

iku jam

			2419200		; Expire

137

1

iku jam

			 604800 )	; Negative Cache TTL

138

1

iku jam

139

1

iku jam

@	IN	NS	master.test.

140

1

iku jam

test.	IN	MX	10	mail1.test.

141

1

iku jam

test.	IN	MX	20	mail2.test.

142

1

iku jam

143

1

iku jam

master	IN	A	192.168.122.1

144

1

iku jam

mail1	IN	A	192.168.122.2

145

1

iku jam

mail2	IN	A	192.168.122.3

146

1

iku jam

147

1

iku jam

root@quadebian:/etc/bind# named-checkzone test db.test

148

1

iku jam

zone test/IN: loaded serial 2

149

1

iku jam

OK

150

1

iku jam

151

1

iku jam

152

1

iku jam

* pass kvm dns server in forward mode on host node (default net config)

153

1

iku jam

154

1

iku jam

root@quadebian:/etc/bind# virsh

155

1

iku jam

Welcome to virsh, the virtualization interactive terminal.

156

1

iku jam

157

1

iku jam

Type:  'help' for help with commands

158

1

iku jam

       'quit' to quit

159

1

iku jam

160

1

iku jam

virsh # net-dumpxml default

161

1

iku jam

<network>

162

1

iku jam

  <name>default</name>

163

1

iku jam

  <uuid>0529cc34-c2ad-9663-0f42-5b338b14a6e4</uuid>

164

1

iku jam

  <forward mode='nat'/>

165

1

iku jam

  <bridge name='virbr0' stp='on' delay='0' />

166

1

iku jam

  <mac address='52:54:00:37:85:D8'/>

167

1

iku jam

  <ip address='192.168.122.1' netmask='255.255.255.0'>

168

1

iku jam

    <dhcp>

169

1

iku jam

      <range start='192.168.122.2' end='192.168.122.254' />

170

1

iku jam

    </dhcp>

171

1

iku jam

  </ip>

172

1

iku jam

</network>

173

1

iku jam

174

1

iku jam

175

1

iku jam

h3. vm dns config

176

1

iku jam

177

1

iku jam

* change requires to reaffect NICs via virt-manager

178

1

iku jam

** remove nic (and /etc/udev/rules.d/70-persistent-net.rules - it keeps track of different nics on the system, avoids getting eth2/3/4...)

179

1

iku jam

** create new nic on default network

180

1

iku jam

** reboot vm

181

1

iku jam

** test connectivity & bind (set nameserver to 192.168.122.1 in /etc/resolv.conf)

182

1

iku jam

183

1

iku jam

h3. tests to do

184

1

iku jam

185

1

iku jam

* open http://mail1.test/roundcube & http://mail1.test/postfixadmin in a browser

186

1

iku jam

** roundcube -> 404

187

1

iku jam

** postfixadmin -> ok

188

1

iku jam

* dns

189

1

iku jam

190

1

iku jam

root@quadebian:/etc/bind# dig mx test

191

1

iku jam

192

1

iku jam

; <<>> DiG 9.7.3 <<>> mx test

193

1

iku jam

;; global options: +cmd

194

1

iku jam

;; Got answer:

195

1

iku jam

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26405

196

1

iku jam

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3

197

1

iku jam

198

1

iku jam

;; QUESTION SECTION:

199

1

iku jam

;test.				IN	MX

200

1

iku jam

201

1

iku jam

;; ANSWER SECTION:

202

1

iku jam

test.			604800	IN	MX	20 mail2.test.

203

1

iku jam

test.			604800	IN	MX	10 mail1.test.

204

1

iku jam

205

1

iku jam

;; AUTHORITY SECTION:

206

1

iku jam

test.			604800	IN	NS	master.test.

207

1

iku jam

208

1

iku jam

;; ADDITIONAL SECTION:

209

1

iku jam

mail1.test.		604800	IN	A	192.168.122.2

210

1

iku jam

mail2.test.		604800	IN	A	192.168.122.3

211

1

iku jam

master.test.		604800	IN	A	192.168.122.1

212

1

iku jam

213

1

iku jam

;; Query time: 2 msec

214

1

iku jam

;; SERVER: 10.11.12.126#53(10.11.12.126)

215

1

iku jam

;; WHEN: Tue Jan 24 09:55:25 2012

216

1

iku jam

;; MSG SIZE  rcvd: 135

217

1

iku jam

218

1

iku jam

219

1

iku jam

220

1

iku jam

221

1

iku jam

h2. Server configuration

222

1

iku jam

223

1

iku jam

h3. postfix

224

1

iku jam

225

1

iku jam

root@mail2:/etc/postfix# mv main.cf main.cf.debian

226

1

iku jam

root@mail2:/etc/postfix# vi  main.cf

227

1

iku jam

root@mail2:/etc/postfix# mkdir pgsql

228

1

iku jam

root@mail2:/etc/postfix# vi pgsql/virtual_alias_maps.cf

229

1

iku jam

root@mail2:/etc/postfix# vi pgsql/virtual_domain_maps.cf

230

1

iku jam

root@mail2:/etc/postfix# vi pgsql/relay_domains.cf

231

1

iku jam

root@mail2:/etc/postfix# vi pgsql/virtual_mailbox_limits.cf

232

1

iku jam

root@mail2:/etc/postfix# vi pgsql/virtual_mailbox_maps.cf

233

1

iku jam

root@mail2:/etc/courier# vi /etc/mailname

234

1

iku jam

root@mail2:/etc/courier# cat /etc/postfix/transport

235

1

iku jam

lists.test mailman:

236

1

iku jam

root@mail2:/etc/courier# postmap  /etc/postfix/transport

237

1

iku jam

root@mail2:/etc/postfix# scp -r . mail1.test:/etc/postfix/

238

1

iku jam

239

1

iku jam

240

1

iku jam

root@mail1:/etc/postfix# vi  main.cf

241

1

iku jam

# change following line :

242

1

iku jam

mydestination = test,mail1.test,localhost.test, localhost

243

1

iku jam

244

1

iku jam

h3. saslauthd

245

1

iku jam

246

1

iku jam

* change /etc/default/saslauthd

247

1

iku jam

248

1

iku jam

 START=yes

249

1

iku jam

 MECHANISMS="rimap"

250

1

iku jam

 OPTIONS="-c -r -O localhost -m /var/run/saslauthd"

251

1

iku jam

252

1

iku jam

253

1

iku jam

h3. postfixadmin

254

1

iku jam

255

1

iku jam

*Only on mail1* : mail2 will be synced through slony ;)

256

1

iku jam

257

1

iku jam

* open

258

1

iku jam

259

1

iku jam

http://mail1.test/postfixadmin/setup.php

260

1

iku jam

261

1

iku jam

* set password and replace specified line in /etc/postfixadmin/config.inc.php :

262

1

iku jam

263

1

iku jam

 $CONF['setup_password'] = 'changeme';

264

1

iku jam

265

1

iku jam

* create superadmin account using a local or valid email address (if you have internet access)

266

1

iku jam

267

1

iku jam

* modify /usr/share/postfixadmin/functions.inc.php

268

1

iku jam

** this is in order to allow local domains, e.g. @.test@

269

1

iku jam

270

1

iku jam

_lignes 232++_

271

1

iku jam

272

1

iku jam

<pre>

273

1

iku jam

    if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,6}$/i', ($domain)))

274

1

iku jam

275

1

iku jam

    if (!preg_match ('/^([-0-9A-Z]){3,16}$/i', ($domain)))

276

1

iku jam

277

1

iku jam

        flash_error(sprintf($PALANG['pInvalidDomainRegex'], htmlentities($domain)));

278

1

iku jam

        return false;

279

1

iku jam

280

1

iku jam

281

1

iku jam

</pre>

282

1

iku jam

283

1

iku jam

284

1

iku jam

285

1

iku jam

h3. courier

286

1

iku jam

287

1

iku jam

root@mail1:/etc/courier# vi authdaemonrc

288

1

iku jam

root@mail2:/etc/courier# mv authpgsqlrc authpgsqlrc.debian

289

1

iku jam

root@mail2:/etc/courier# vi authpgsqlrc

290

1

iku jam

root@mail2:/etc/courier# mv imapd imapd.debian

291

1

iku jam

root@mail2:/etc/courier# vi  imapd

292

1

iku jam

root@mail2:/etc/courier# mv imapd-ssl imapd-ssl.debian

293

1

iku jam

root@mail2:/etc/courier# vi  imapd-ssl

294

1

iku jam

295

1

iku jam

296

1

iku jam

h3. roundcube

297

1

iku jam

298

1

iku jam

* activate webapp

299

1

iku jam

** uncomment two alias directives inside /etc/apache2/conf.d/roundcube

300

1

iku jam

** adapt config :

301

1

iku jam

302

1

iku jam

 $rcmail_config['default_host'] = 'localhost';

303

1

iku jam

 $rcmail_config['smtp_server'] = 'localhost';

304

1

iku jam

305

1

iku jam

* /etc/init.d/apache2 reload

306

1

iku jam

307

1

iku jam

h3. ssh

308

1

iku jam

309

1

iku jam

* generate pair of keys on mail1 & mail2

310

1

iku jam

311

1

iku jam

# su mail

312

1

iku jam

$ bash

313

1

iku jam

mail@mail2:/etc/postfix$ ssh-keygen

314

1

iku jam

Generating public/private rsa key pair.

315

1

iku jam

Enter file in which to save the key (/var/mail/.ssh/id_rsa):

316

1

iku jam

Created directory '/var/mail/.ssh'.

317

1

iku jam

Enter passphrase (empty for no passphrase):

318

1

iku jam

Enter same passphrase again:

319

1

iku jam

Your identification has been saved in /var/mail/.ssh/id_rsa.

320

1

iku jam

Your public key has been saved in /var/mail/.ssh/id_rsa.pub.

321

1

iku jam

The key fingerprint is:

322

1

iku jam

b9:bf:63:05:c0:9f:4f:07:82:d9:fd:79:99:cf:20:20 mail@mail2

323

1

iku jam

The key's randomart image is:

324

1

iku jam

+--[ RSA 2048]----+

325

1

iku jam

|       . + .     |

326

1

iku jam

|        E + o    |

327

1

iku jam

|         + + o .o|

328

1

iku jam

|         .+ o =o.|

329

1

iku jam

|        S  + o +.|

330

1

iku jam

|         .  o   o|

331

1

iku jam

|        .  .     |

332

1

iku jam

|         .o      |

333

1

iku jam

|         .oo     |

334

1

iku jam

+-----------------+

335

1

iku jam

336

1

iku jam

* add mail1's public key to mail1's authorized keys

337

1

iku jam

338

1

iku jam

 mail@mail1:/$ cp /var/mail/.ssh/id_rsa.pub /var/mail/.ssh/authorized_keys

339

1

iku jam

340

1

iku jam

* add mail1's public key to mail2's authorized keys

341

1

iku jam

342

1

iku jam

 mail@mail2:/$ vi /var/mail/.ssh/authorized_keys

343

1

iku jam

 mail@mail2:/$ chmod 0600 /var/mail/.ssh/authorized_keys

344

1

iku jam

345

1

iku jam

* test connection

346

1

iku jam

347

1

iku jam

mail@mail1:/etc/courier$ ssh mail2.test

348

1

iku jam

The authenticity of host 'mail2.test (192.168.122.3)' can't be established.

349

1

iku jam

ECDSA key fingerprint is cb:a6:dd:64:03:ba:45:61:a3:b8:14:3a:05:89:ab:b3.

350

1

iku jam

Are you sure you want to continue connecting (yes/no)? yes

351

1

iku jam

Warning: Permanently added 'mail2.test,192.168.122.3' (ECDSA) to the list of known hosts.

352

1

iku jam

Linux mail2 3.1.0-1-amd64 #1 SMP Fri Dec 23 16:37:11 UTC 2011 x86_64

353

1

iku jam

354

1

iku jam

The programs included with the Debian GNU/Linux system are free software;

355

1

iku jam

the exact distribution terms for each program are described in the

356

1

iku jam

individual files in /usr/share/doc/*/copyright.

357

1

iku jam

358

1

iku jam

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

359

1

iku jam

permitted by applicable law.

360

1

iku jam

$ hostname

361

1

iku jam

mail2

362

1

iku jam

$ logout

363

1

iku jam

364

1

iku jam

365

1

iku jam

h3. inotify/rsync

366

1

iku jam

367

1

iku jam

* create sync script

368

1

iku jam

369

1

iku jam

mail@mail1:/etc/courier$ vi ~/sync.sh

370

1

iku jam

371

1

iku jam

<pre>

372

1

iku jam

#!/bin/sh

373

1

iku jam

BASEDIR="$1"

374

1

iku jam

REMOTE_HOST="$2"

375

1

iku jam

RSYNC_OPTIONS="-rtlavz -e ssh --delete"

376

1

iku jam

377

1

iku jam

378

1

iku jam

# Initial sync

379

1

iku jam

rsync ${RSYNC_OPTIONS} ${BASEDIR}/ ${REMOTE_HOST}:${BASEDIR}

380

1

iku jam

381

1

iku jam

# Wait for events to trigger rsync

382

1

iku jam

inotifywait --format '%e %w' -e close_write -e move -e create -e delete -qmr $BASEDIR | while read EVENT

383

1

iku jam

do

384

1

iku jam

  # Fork off rsync proc to do sync

385

1

iku jam

rsync  ${RSYNC_OPTIONS} ${BASEDIR}/ ${REMOTE_HOST}:${BASEDIR} &

386

1

iku jam

done

387

1

iku jam

388

1

iku jam

</pre>

389

1

iku jam

390

1

iku jam

391

1

iku jam

392

1

iku jam

393

1

iku jam

 su mail -l  -c " nohup sh ~/sync.sh /var/mail/ mail2.test  2>&1 >> /var/log/mail/sync.log &"

394

1

iku jam

395

1

iku jam

396

1

iku jam

root@mail1:/etc/courier# sh  /etc/rc.local

397

1

iku jam

nohup: ignoring input and redirecting stderr to stdout

398

1

iku jam

399

1

iku jam

mail@mail1:/etc/courier$ chmod 0700 ~/sync.sh

400

1

iku jam

mail@mail1:~$ sh sync.sh /var/mail/ mail2.test

401

1

iku jam

402

1

iku jam

root@mail1:/etc/courier# mkdir /var/log/mail

403

1

iku jam

root@mail1:/etc/courier# chown mail:mail  /var/log/mail

404

1

iku jam

root@mail1:/etc/courier# vi   /etc/rc.local

405

1

iku jam

406

1

iku jam

407

1

iku jam

h3. pgpool

408

1

iku jam

409

1

iku jam

TODO

410

1

iku jam

411

1

iku jam

h2. putting pieces together

412

1

iku jam

413

1

iku jam

* recover postfixadmin password from  /etc/postfixadmin/config.inc.php :

414

1

iku jam

415

1

iku jam

 $CONF['database_password'] = 'GENERATED PASSWORD';

416

1

iku jam

417

1

iku jam

* apply it to the different files :

418

1

iku jam

419

1

iku jam

 for i in /etc/postfix/pgsql/virtual_alias_maps.cf /etc/postfix/pgsql/virtual_domain_maps.cf /etc/postfix/pgsql/relay_domains.cf /etc/postfix/pgsql/virtual_mailbox_limits.cf /etc/postfix/pgsql/virtual_mailbox_maps.cf ; do   sed -i "s/PASSWORD/GENERATED PASSWORD/"  $i ;  done

420

1

iku jam

421

1

iku jam

 vi  /etc/courier/authpgsqlrc

422

1

iku jam

423

1

iku jam

* restart courier authdaemon :

424

1

iku jam

425

1

iku jam

 /etc/init.d/courier-authdaemon restart

426

1

iku jam

427

1

iku jam

* create account via postfixadmin

428

1

iku jam

429

1

iku jam

** login to http://mail1.test/postfixadmin/login.php

430

1

iku jam

** add domain (Domain list -> new domain)

431

1

iku jam

*** domain name : "test"

432

1

iku jam

** add mailbox (Virtual list -> add mailbox)

433

1

iku jam

* verify domain & mailbox creation

434

1

iku jam

* send testmail in commandline on master (apt-get install bsd-mailx)

435

1

iku jam

* verify replication of maildir on mail2

436

1

iku jam

437

1

iku jam

* roundcube

438

1

iku jam

** connect on http://mail1.test/roundcube with test@test

439

1

iku jam

** send test mail to outside

440

1

iku jam

441

1

iku jam

442

1

iku jam

443

1

iku jam

h2. References

444

1

iku jam

445

1

iku jam

http://chiliproject.tetaneutral.net/projects/tetaneutral/wiki/Serveur_Mail_tetalab

446

1

iku jam

447

1

iku jam

http://www.kutukupret.com/2011/06/28/postfix-one-way-maildir-replication-backup-using-inotify-and-rsync/

448

1

iku jam

449

1

iku jam

http://www.pgpool.net/pgpool-web/contrib_docs/pgpool-II_for_beginners.pdf

Projet

Général

Profil

HowTo Mail Backup - Ikujam » Historique » Version 1