HowTo Mail Backup - Ikujam » Historique » Version 4
iku jam, 30/01/2012 10:55
1 | 3 | iku jam | {{>toc}} |
---|---|---|---|
2 | 1 | iku jam | |
3 | 1 | iku jam | h2. Presentation |
4 | 1 | iku jam | |
5 | 1 | iku jam | several projects with mail servers |
6 | 1 | iku jam | request of certain stability, needed documentation |
7 | 1 | iku jam | free software user, activist and contributor |
8 | 1 | iku jam | idea is to produce a complete test environment with vms on a single machine |
9 | 1 | iku jam | |
10 | 1 | iku jam | CC-NC-SA |
11 | 1 | iku jam | |
12 | 1 | iku jam | |
13 | 1 | iku jam | h2. Requirements |
14 | 1 | iku jam | |
15 | 2 | iku jam | to follow you need some linux admin skills: |
16 | 2 | iku jam | |
17 | 2 | iku jam | * basic shell (bash) |
18 | 2 | iku jam | * at least basic knowledge of debian package system (install & setup packages with apt-get, manage services) |
19 | 2 | iku jam | * able to setup ssh public key authentication |
20 | 2 | iku jam | * i don't like nano, feel free to use it - or another editor - instead of vi |
21 | 2 | iku jam | |
22 | 2 | iku jam | |
23 | 1 | iku jam | h3. Host system |
24 | 1 | iku jam | |
25 | 1 | iku jam | * debian |
26 | 1 | iku jam | * qemu-kvm |
27 | 1 | iku jam | * bind |
28 | 1 | iku jam | |
29 | 2 | iku jam | This howto uses |
30 | 1 | iku jam | |
31 | 1 | iku jam | # cat /etc/debian_version |
32 | 1 | iku jam | wheezy/sid |
33 | 1 | iku jam | # uname -a |
34 | 1 | iku jam | Linux master 3.1.0-1-amd64 #1 SMP Sun Dec 11 20:36:41 UTC 2011 x86_64 GNU/Linux |
35 | 1 | iku jam | |
36 | 1 | iku jam | h3. Mail Server VMs |
37 | 1 | iku jam | |
38 | 1 | iku jam | * debian |
39 | 1 | iku jam | * debian packages for the different software |
40 | 1 | iku jam | |
41 | 1 | iku jam | |
42 | 1 | iku jam | root@mail1:~# echo "mail1" > /etc/hostname |
43 | 1 | iku jam | root@mail1:~# apt-get install inotify-tools rsync openssh-server pgpool javascript-common apache2 libapache2-mod-php5 roundcube postgresql postfix postfix-pgsql mailman roundcube-pgsql libc-client2007e mlock php5-imap postgrey courier-authlib-postgresql sasl2-bin courier-authdaemon libsasl2-modules-sql courier-imap-ssl --no-install-recommends |
44 | 1 | iku jam | |
45 | 1 | iku jam | * use default options for roundcube, courier & mailman for now |
46 | 1 | iku jam | ** ident authentication |
47 | 1 | iku jam | ** dbconfig |
48 | 1 | iku jam | ** pgsql as database choice |
49 | 1 | iku jam | ** mailman language as you prefer |
50 | 1 | iku jam | |
51 | 1 | iku jam | * install postfixadmin : |
52 | 1 | iku jam | |
53 | 1 | iku jam | root@mail1:~# lynx 'http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.4/postfixadmin_2.3.4_all.deb' |
54 | 1 | iku jam | |
55 | 1 | iku jam | * use default options for now |
56 | 1 | iku jam | |
57 | 1 | iku jam | |
58 | 1 | iku jam | * just as of personal habit, some tools i use |
59 | 1 | iku jam | |
60 | 1 | iku jam | root@mail1:~# apt-get install lynx less mc vim |
61 | 1 | iku jam | |
62 | 1 | iku jam | |
63 | 1 | iku jam | root@mail1:~# cat /etc/debian_version |
64 | 1 | iku jam | wheezy/sid |
65 | 1 | iku jam | root@mail1:~# uname -a |
66 | 1 | iku jam | Linux mail1.test 3.1.0-1-amd64 #1 SMP Tue Jan 10 05:01:58 UTC 2012 x86_64 GNU/Linux |
67 | 1 | iku jam | |
68 | 1 | iku jam | |
69 | 1 | iku jam | root@mail2:~# cat /etc/debian_version |
70 | 1 | iku jam | wheezy/sid |
71 | 1 | iku jam | root@mail2:~# uname -a |
72 | 1 | iku jam | Linux mail2 3.1.0-1-amd64 #1 SMP Fri Dec 23 16:37:11 UTC 2011 x86_64 GNU/Linux |
73 | 1 | iku jam | |
74 | 1 | iku jam | root@mail2:~# cat /etc/network/interfaces |
75 | 1 | iku jam | # This file describes the network interfaces available on your system |
76 | 1 | iku jam | # and how to activate them. For more information, see interfaces(5). |
77 | 1 | iku jam | |
78 | 1 | iku jam | # The loopback network interface |
79 | 1 | iku jam | auto lo |
80 | 1 | iku jam | iface lo inet loopback |
81 | 1 | iku jam | |
82 | 1 | iku jam | # The primary network interface |
83 | 1 | iku jam | allow-hotplug eth0 |
84 | 1 | iku jam | iface eth0 inet static |
85 | 1 | iku jam | address 192.168.122.3 |
86 | 1 | iku jam | netmask 255.255.255.0 |
87 | 1 | iku jam | network 192.168.122.0 |
88 | 1 | iku jam | broadcast 192.168.122.255 |
89 | 1 | iku jam | gateway 192.168.122.1 |
90 | 1 | iku jam | |
91 | 1 | iku jam | |
92 | 1 | iku jam | h2. dns setup on host |
93 | 1 | iku jam | |
94 | 1 | iku jam | |
95 | 1 | iku jam | root@quadebian:/etc/bind# cat db.192.168.122 |
96 | 1 | iku jam | ; |
97 | 1 | iku jam | ; BIND reverse data file for test |
98 | 1 | iku jam | ; |
99 | 1 | iku jam | $TTL 604800 |
100 | 1 | iku jam | @ IN SOA master.test. root.master.test. ( |
101 | 1 | iku jam | 1 ; Serial |
102 | 1 | iku jam | 604800 ; Refresh |
103 | 1 | iku jam | 86400 ; Retry |
104 | 1 | iku jam | 2419200 ; Expire |
105 | 1 | iku jam | 604800 ) ; Negative Cache TTL |
106 | 1 | iku jam | ; |
107 | 1 | iku jam | @ IN NS master.test. |
108 | 1 | iku jam | 1 IN PTR master.test. |
109 | 1 | iku jam | 2 IN PTR mail1.test. |
110 | 1 | iku jam | 3 IN PTR mail2.test. |
111 | 1 | iku jam | |
112 | 1 | iku jam | |
113 | 1 | iku jam | root@quadebian:/etc/bind# cat db.test |
114 | 1 | iku jam | ; |
115 | 1 | iku jam | ; BIND data file for test |
116 | 1 | iku jam | ; |
117 | 1 | iku jam | $TTL 604800 |
118 | 1 | iku jam | @ IN SOA master.test. info.master.test. ( |
119 | 1 | iku jam | 2 ; Serial |
120 | 1 | iku jam | 604800 ; Refresh |
121 | 1 | iku jam | 86400 ; Retry |
122 | 1 | iku jam | 2419200 ; Expire |
123 | 1 | iku jam | 604800 ) ; Negative Cache TTL |
124 | 1 | iku jam | ; |
125 | 1 | iku jam | @ IN NS master.test. |
126 | 1 | iku jam | test. IN MX 10 mail1.test. |
127 | 1 | iku jam | test. IN MX 20 mail2.test. |
128 | 1 | iku jam | |
129 | 1 | iku jam | master IN A 192.168.122.1 |
130 | 1 | iku jam | mail1 IN A 192.168.122.2 |
131 | 1 | iku jam | mail2 IN A 192.168.122.3 |
132 | 1 | iku jam | |
133 | 1 | iku jam | root@quadebian:/etc/bind# named-checkzone test db.test |
134 | 1 | iku jam | zone test/IN: loaded serial 2 |
135 | 1 | iku jam | OK |
136 | 1 | iku jam | |
137 | 1 | iku jam | |
138 | 1 | iku jam | * pass kvm dns server in forward mode on host node (default net config) |
139 | 1 | iku jam | |
140 | 1 | iku jam | root@quadebian:/etc/bind# virsh |
141 | 1 | iku jam | Welcome to virsh, the virtualization interactive terminal. |
142 | 1 | iku jam | |
143 | 1 | iku jam | Type: 'help' for help with commands |
144 | 1 | iku jam | 'quit' to quit |
145 | 1 | iku jam | |
146 | 1 | iku jam | virsh # net-dumpxml default |
147 | 1 | iku jam | <network> |
148 | 1 | iku jam | <name>default</name> |
149 | 1 | iku jam | <uuid>0529cc34-c2ad-9663-0f42-5b338b14a6e4</uuid> |
150 | 1 | iku jam | <forward mode='nat'/> |
151 | 1 | iku jam | <bridge name='virbr0' stp='on' delay='0' /> |
152 | 1 | iku jam | <mac address='52:54:00:37:85:D8'/> |
153 | 1 | iku jam | <ip address='192.168.122.1' netmask='255.255.255.0'> |
154 | 1 | iku jam | <dhcp> |
155 | 1 | iku jam | <range start='192.168.122.2' end='192.168.122.254' /> |
156 | 1 | iku jam | </dhcp> |
157 | 1 | iku jam | </ip> |
158 | 1 | iku jam | </network> |
159 | 1 | iku jam | |
160 | 1 | iku jam | |
161 | 1 | iku jam | h3. vm dns config |
162 | 1 | iku jam | |
163 | 1 | iku jam | * change requires to reaffect NICs via virt-manager |
164 | 1 | iku jam | ** remove nic (and /etc/udev/rules.d/70-persistent-net.rules - it keeps track of different nics on the system, avoids getting eth2/3/4...) |
165 | 1 | iku jam | ** create new nic on default network |
166 | 1 | iku jam | ** reboot vm |
167 | 1 | iku jam | ** test connectivity & bind (set nameserver to 192.168.122.1 in /etc/resolv.conf) |
168 | 1 | iku jam | |
169 | 1 | iku jam | h3. tests to do |
170 | 1 | iku jam | |
171 | 1 | iku jam | * open http://mail1.test/roundcube & http://mail1.test/postfixadmin in a browser |
172 | 1 | iku jam | ** roundcube -> 404 |
173 | 1 | iku jam | ** postfixadmin -> ok |
174 | 1 | iku jam | * dns |
175 | 1 | iku jam | |
176 | 1 | iku jam | root@quadebian:/etc/bind# dig mx test |
177 | 1 | iku jam | |
178 | 1 | iku jam | ; <<>> DiG 9.7.3 <<>> mx test |
179 | 1 | iku jam | ;; global options: +cmd |
180 | 1 | iku jam | ;; Got answer: |
181 | 1 | iku jam | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26405 |
182 | 1 | iku jam | ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3 |
183 | 1 | iku jam | |
184 | 1 | iku jam | ;; QUESTION SECTION: |
185 | 1 | iku jam | ;test. IN MX |
186 | 1 | iku jam | |
187 | 1 | iku jam | ;; ANSWER SECTION: |
188 | 1 | iku jam | test. 604800 IN MX 20 mail2.test. |
189 | 1 | iku jam | test. 604800 IN MX 10 mail1.test. |
190 | 1 | iku jam | |
191 | 1 | iku jam | ;; AUTHORITY SECTION: |
192 | 1 | iku jam | test. 604800 IN NS master.test. |
193 | 1 | iku jam | |
194 | 1 | iku jam | ;; ADDITIONAL SECTION: |
195 | 1 | iku jam | mail1.test. 604800 IN A 192.168.122.2 |
196 | 1 | iku jam | mail2.test. 604800 IN A 192.168.122.3 |
197 | 1 | iku jam | master.test. 604800 IN A 192.168.122.1 |
198 | 1 | iku jam | |
199 | 1 | iku jam | ;; Query time: 2 msec |
200 | 1 | iku jam | ;; SERVER: 10.11.12.126#53(10.11.12.126) |
201 | 1 | iku jam | ;; WHEN: Tue Jan 24 09:55:25 2012 |
202 | 1 | iku jam | ;; MSG SIZE rcvd: 135 |
203 | 1 | iku jam | |
204 | 1 | iku jam | |
205 | 1 | iku jam | |
206 | 1 | iku jam | |
207 | 1 | iku jam | h2. Server configuration |
208 | 1 | iku jam | |
209 | 1 | iku jam | h3. postfix |
210 | 1 | iku jam | |
211 | 1 | iku jam | root@mail2:/etc/postfix# mv main.cf main.cf.debian |
212 | 1 | iku jam | root@mail2:/etc/postfix# vi main.cf |
213 | 1 | iku jam | root@mail2:/etc/postfix# mkdir pgsql |
214 | 1 | iku jam | root@mail2:/etc/postfix# vi pgsql/virtual_alias_maps.cf |
215 | 1 | iku jam | root@mail2:/etc/postfix# vi pgsql/virtual_domain_maps.cf |
216 | 1 | iku jam | root@mail2:/etc/postfix# vi pgsql/relay_domains.cf |
217 | 1 | iku jam | root@mail2:/etc/postfix# vi pgsql/virtual_mailbox_limits.cf |
218 | 1 | iku jam | root@mail2:/etc/postfix# vi pgsql/virtual_mailbox_maps.cf |
219 | 1 | iku jam | root@mail2:/etc/courier# vi /etc/mailname |
220 | 1 | iku jam | root@mail2:/etc/courier# cat /etc/postfix/transport |
221 | 1 | iku jam | lists.test mailman: |
222 | 1 | iku jam | root@mail2:/etc/courier# postmap /etc/postfix/transport |
223 | 1 | iku jam | root@mail2:/etc/postfix# scp -r . mail1.test:/etc/postfix/ |
224 | 1 | iku jam | |
225 | 1 | iku jam | |
226 | 1 | iku jam | root@mail1:/etc/postfix# vi main.cf |
227 | 1 | iku jam | # change following line : |
228 | 1 | iku jam | mydestination = test,mail1.test,localhost.test, localhost |
229 | 1 | iku jam | |
230 | 1 | iku jam | h3. saslauthd |
231 | 1 | iku jam | |
232 | 1 | iku jam | * change /etc/default/saslauthd |
233 | 1 | iku jam | |
234 | 1 | iku jam | START=yes |
235 | 1 | iku jam | MECHANISMS="rimap" |
236 | 1 | iku jam | OPTIONS="-c -r -O localhost -m /var/run/saslauthd" |
237 | 1 | iku jam | |
238 | 1 | iku jam | |
239 | 1 | iku jam | h3. postfixadmin |
240 | 1 | iku jam | |
241 | 2 | iku jam | *Only on mail1* : mail2 will be synced through logshipping/PITR ;) |
242 | 1 | iku jam | |
243 | 1 | iku jam | * open |
244 | 1 | iku jam | |
245 | 1 | iku jam | http://mail1.test/postfixadmin/setup.php |
246 | 1 | iku jam | |
247 | 1 | iku jam | * set password and replace specified line in /etc/postfixadmin/config.inc.php : |
248 | 1 | iku jam | |
249 | 1 | iku jam | $CONF['setup_password'] = 'changeme'; |
250 | 1 | iku jam | |
251 | 1 | iku jam | * create superadmin account using a local or valid email address (if you have internet access) |
252 | 1 | iku jam | |
253 | 1 | iku jam | * modify /usr/share/postfixadmin/functions.inc.php |
254 | 1 | iku jam | ** this is in order to allow local domains, e.g. @.test@ |
255 | 1 | iku jam | |
256 | 1 | iku jam | _lignes 232++_ |
257 | 1 | iku jam | |
258 | 1 | iku jam | <pre> |
259 | 1 | iku jam | if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,6}$/i', ($domain))) |
260 | 1 | iku jam | { |
261 | 1 | iku jam | if (!preg_match ('/^([-0-9A-Z]){3,16}$/i', ($domain))) |
262 | 1 | iku jam | { |
263 | 1 | iku jam | flash_error(sprintf($PALANG['pInvalidDomainRegex'], htmlentities($domain))); |
264 | 1 | iku jam | return false; |
265 | 1 | iku jam | } |
266 | 1 | iku jam | } |
267 | 1 | iku jam | </pre> |
268 | 1 | iku jam | |
269 | 1 | iku jam | |
270 | 1 | iku jam | |
271 | 1 | iku jam | h3. courier |
272 | 1 | iku jam | |
273 | 1 | iku jam | root@mail1:/etc/courier# vi authdaemonrc |
274 | 1 | iku jam | root@mail2:/etc/courier# mv authpgsqlrc authpgsqlrc.debian |
275 | 1 | iku jam | root@mail2:/etc/courier# vi authpgsqlrc |
276 | 1 | iku jam | root@mail2:/etc/courier# mv imapd imapd.debian |
277 | 1 | iku jam | root@mail2:/etc/courier# vi imapd |
278 | 1 | iku jam | root@mail2:/etc/courier# mv imapd-ssl imapd-ssl.debian |
279 | 1 | iku jam | root@mail2:/etc/courier# vi imapd-ssl |
280 | 1 | iku jam | |
281 | 1 | iku jam | |
282 | 1 | iku jam | h3. roundcube |
283 | 1 | iku jam | |
284 | 1 | iku jam | * activate webapp |
285 | 1 | iku jam | ** uncomment two alias directives inside /etc/apache2/conf.d/roundcube |
286 | 1 | iku jam | ** adapt config : |
287 | 1 | iku jam | |
288 | 1 | iku jam | $rcmail_config['default_host'] = 'localhost'; |
289 | 1 | iku jam | $rcmail_config['smtp_server'] = 'localhost'; |
290 | 1 | iku jam | |
291 | 1 | iku jam | * /etc/init.d/apache2 reload |
292 | 1 | iku jam | |
293 | 1 | iku jam | h3. ssh |
294 | 1 | iku jam | |
295 | 1 | iku jam | * generate pair of keys on mail1 & mail2 |
296 | 1 | iku jam | |
297 | 1 | iku jam | # su mail |
298 | 1 | iku jam | $ bash |
299 | 1 | iku jam | mail@mail2:/etc/postfix$ ssh-keygen |
300 | 1 | iku jam | Generating public/private rsa key pair. |
301 | 1 | iku jam | Enter file in which to save the key (/var/mail/.ssh/id_rsa): |
302 | 1 | iku jam | Created directory '/var/mail/.ssh'. |
303 | 1 | iku jam | Enter passphrase (empty for no passphrase): |
304 | 1 | iku jam | Enter same passphrase again: |
305 | 1 | iku jam | Your identification has been saved in /var/mail/.ssh/id_rsa. |
306 | 1 | iku jam | Your public key has been saved in /var/mail/.ssh/id_rsa.pub. |
307 | 1 | iku jam | The key fingerprint is: |
308 | 1 | iku jam | b9:bf:63:05:c0:9f:4f:07:82:d9:fd:79:99:cf:20:20 mail@mail2 |
309 | 1 | iku jam | The key's randomart image is: |
310 | 1 | iku jam | +--[ RSA 2048]----+ |
311 | 1 | iku jam | | . + . | |
312 | 1 | iku jam | | E + o | |
313 | 1 | iku jam | | + + o .o| |
314 | 1 | iku jam | | .+ o =o.| |
315 | 1 | iku jam | | S + o +.| |
316 | 1 | iku jam | | . o o| |
317 | 1 | iku jam | | . . | |
318 | 1 | iku jam | | .o | |
319 | 1 | iku jam | | .oo | |
320 | 1 | iku jam | +-----------------+ |
321 | 1 | iku jam | |
322 | 1 | iku jam | * add mail1's public key to mail1's authorized keys |
323 | 1 | iku jam | |
324 | 1 | iku jam | mail@mail1:/$ cp /var/mail/.ssh/id_rsa.pub /var/mail/.ssh/authorized_keys |
325 | 1 | iku jam | |
326 | 1 | iku jam | * add mail1's public key to mail2's authorized keys |
327 | 1 | iku jam | |
328 | 1 | iku jam | mail@mail2:/$ vi /var/mail/.ssh/authorized_keys |
329 | 1 | iku jam | mail@mail2:/$ chmod 0600 /var/mail/.ssh/authorized_keys |
330 | 1 | iku jam | |
331 | 1 | iku jam | * test connection |
332 | 1 | iku jam | |
333 | 1 | iku jam | mail@mail1:/etc/courier$ ssh mail2.test |
334 | 1 | iku jam | The authenticity of host 'mail2.test (192.168.122.3)' can't be established. |
335 | 1 | iku jam | ECDSA key fingerprint is cb:a6:dd:64:03:ba:45:61:a3:b8:14:3a:05:89:ab:b3. |
336 | 1 | iku jam | Are you sure you want to continue connecting (yes/no)? yes |
337 | 1 | iku jam | Warning: Permanently added 'mail2.test,192.168.122.3' (ECDSA) to the list of known hosts. |
338 | 1 | iku jam | Linux mail2 3.1.0-1-amd64 #1 SMP Fri Dec 23 16:37:11 UTC 2011 x86_64 |
339 | 1 | iku jam | |
340 | 1 | iku jam | The programs included with the Debian GNU/Linux system are free software; |
341 | 1 | iku jam | the exact distribution terms for each program are described in the |
342 | 1 | iku jam | individual files in /usr/share/doc/*/copyright. |
343 | 1 | iku jam | |
344 | 1 | iku jam | Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent |
345 | 1 | iku jam | permitted by applicable law. |
346 | 1 | iku jam | $ hostname |
347 | 1 | iku jam | mail2 |
348 | 1 | iku jam | $ logout |
349 | 1 | iku jam | |
350 | 1 | iku jam | |
351 | 1 | iku jam | h3. inotify/rsync |
352 | 1 | iku jam | |
353 | 2 | iku jam | # gen ssh key for user @mail@ on mail1 & copy public key to mail2 |
354 | 2 | iku jam | |
355 | 1 | iku jam | * create sync script |
356 | 1 | iku jam | |
357 | 1 | iku jam | mail@mail1:/etc/courier$ vi ~/sync.sh |
358 | 1 | iku jam | |
359 | 1 | iku jam | <pre> |
360 | 1 | iku jam | #!/bin/sh |
361 | 1 | iku jam | BASEDIR="$1" |
362 | 1 | iku jam | REMOTE_HOST="$2" |
363 | 1 | iku jam | RSYNC_OPTIONS="-rtlavz -e ssh --delete" |
364 | 1 | iku jam | |
365 | 2 | iku jam | |
366 | 1 | iku jam | # Initial sync |
367 | 1 | iku jam | rsync ${RSYNC_OPTIONS} ${BASEDIR}/ ${REMOTE_HOST}:${BASEDIR} |
368 | 2 | iku jam | |
369 | 1 | iku jam | # Wait for events to trigger rsync |
370 | 4 | iku jam | inotifywait --format '%w' -e close_write -e move -e create -e delete -qmr $BASEDIR | while read EVENT_DIR |
371 | 1 | iku jam | do |
372 | 1 | iku jam | # Fork off rsync proc to do sync |
373 | 4 | iku jam | rsync ${RSYNC_OPTIONS} ${EVENT_DIR} ${REMOTE_HOST}:${EVENT_DIR} & |
374 | 1 | iku jam | done |
375 | 1 | iku jam | |
376 | 1 | iku jam | </pre> |
377 | 2 | iku jam | root@mail1:/etc/courier# mkdir /var/log/mail |
378 | 2 | iku jam | root@mail1:/etc/courier# chown mail:mail /var/log/mail |
379 | 2 | iku jam | root@mail1:/etc/courier# vi /etc/rc.local |
380 | 1 | iku jam | |
381 | 2 | iku jam | ## ajout de la ligne : |
382 | 1 | iku jam | |
383 | 1 | iku jam | su mail -l -c " nohup sh ~/sync.sh /var/mail/ mail2.test 2>&1 >> /var/log/mail/sync.log &" |
384 | 1 | iku jam | |
385 | 1 | iku jam | |
386 | 2 | iku jam | |
387 | 1 | iku jam | root@mail1:/etc/courier# sh /etc/rc.local |
388 | 1 | iku jam | nohup: ignoring input and redirecting stderr to stdout |
389 | 2 | iku jam | root@mail1:/etc/courier# su mail |
390 | 1 | iku jam | mail@mail1:/etc/courier$ chmod 0700 ~/sync.sh |
391 | 1 | iku jam | |
392 | 1 | iku jam | |
393 | 1 | iku jam | |
394 | 2 | iku jam | h3. postgresql PITR |
395 | 1 | iku jam | |
396 | 2 | iku jam | # gen ssh key for user @postgres@ on mail1 & copy public key to mail2 |
397 | 1 | iku jam | |
398 | 2 | iku jam | |
399 | 2 | iku jam | http://www.postgresql.org/docs/8.4/static/continuous-archiving.html |
400 | 2 | iku jam | http://wiki.postgresql.org/wiki/Warm_Standby |
401 | 2 | iku jam | |
402 | 2 | iku jam | * stop postresql on mail2.test |
403 | 2 | iku jam | * do a full sync of the database |
404 | 2 | iku jam | |
405 | 2 | iku jam | # su postgres |
406 | 2 | iku jam | $ rsync -a /var/lib/postgresql/9.1/main/ postgres@mail2.test://var/lib/postgresql/9.1/main/ |
407 | 2 | iku jam | |
408 | 2 | iku jam | |
409 | 2 | iku jam | on mail1 : |
410 | 2 | iku jam | |
411 | 2 | iku jam | archive_command = 'rsync -a /var/lib/postgresql/9.1/main/%p postgres@mail2.test://var/lib/postgresql/9.1/wal/pg_xlog/%f' |
412 | 2 | iku jam | |
413 | 2 | iku jam | * restart postgresql |
414 | 2 | iku jam | |
415 | 2 | iku jam | on mail2 : |
416 | 2 | iku jam | |
417 | 2 | iku jam | root@mail2:~# mkdir /var/lib/postgresql/9.1/wal |
418 | 2 | iku jam | root@mail2:~# chown postgres:postgres /var/lib/postgresql/9.1/wal |
419 | 2 | iku jam | root@mail2:/var/lib/postgresql/9.1/main# vi recovery.conf |
420 | 2 | iku jam | restore_command = 'cp /var/lib/postgresql/9.1/wal/pg_xlog/%f "%p"' |
421 | 2 | iku jam | |
422 | 2 | iku jam | * on first startup, |
423 | 2 | iku jam | * recovery.conf will be renamed to recovery.done after recovery |
424 | 2 | iku jam | ** rename recovery.done to recovery.conf and restart postgresql to sync with latest logs from master. |
425 | 2 | iku jam | |
426 | 2 | iku jam | |
427 | 1 | iku jam | h2. putting pieces together |
428 | 1 | iku jam | |
429 | 2 | iku jam | * recover postfixadmin on mail1 password from @/etc/postfixadmin/config.inc.php@ : |
430 | 1 | iku jam | |
431 | 1 | iku jam | $CONF['database_password'] = 'GENERATED PASSWORD'; |
432 | 1 | iku jam | |
433 | 2 | iku jam | * apply it to @/etc/postfixadmin/config.inc.php@ on mail2 |
434 | 1 | iku jam | |
435 | 2 | iku jam | * apply it to the different files (mail1 & mail2): |
436 | 2 | iku jam | |
437 | 1 | iku jam | for i in /etc/postfix/pgsql/virtual_alias_maps.cf /etc/postfix/pgsql/virtual_domain_maps.cf /etc/postfix/pgsql/relay_domains.cf /etc/postfix/pgsql/virtual_mailbox_limits.cf /etc/postfix/pgsql/virtual_mailbox_maps.cf ; do sed -i "s/PASSWORD/GENERATED PASSWORD/" $i ; done |
438 | 1 | iku jam | |
439 | 1 | iku jam | vi /etc/courier/authpgsqlrc |
440 | 1 | iku jam | |
441 | 1 | iku jam | * restart courier authdaemon : |
442 | 1 | iku jam | |
443 | 1 | iku jam | /etc/init.d/courier-authdaemon restart |
444 | 1 | iku jam | |
445 | 1 | iku jam | * create account via postfixadmin |
446 | 1 | iku jam | |
447 | 1 | iku jam | ** login to http://mail1.test/postfixadmin/login.php |
448 | 1 | iku jam | ** add domain (Domain list -> new domain) |
449 | 1 | iku jam | *** domain name : "test" |
450 | 1 | iku jam | ** add mailbox (Virtual list -> add mailbox) |
451 | 1 | iku jam | * verify domain & mailbox creation |
452 | 1 | iku jam | * send testmail in commandline on master (apt-get install bsd-mailx) |
453 | 1 | iku jam | * verify replication of maildir on mail2 |
454 | 1 | iku jam | |
455 | 1 | iku jam | * roundcube |
456 | 1 | iku jam | ** connect on http://mail1.test/roundcube with test@test |
457 | 2 | iku jam | ** send test mail to outside (may be rejected/filtered as spam since "test" emaildomain isn't valid, should work with a public MX DNS entry) |
458 | 1 | iku jam | |
459 | 1 | iku jam | |
460 | 2 | iku jam | h3. vacation/responder |
461 | 1 | iku jam | |
462 | 2 | iku jam | root@mail1:~# apt-get install git-core --no-install-recommends |
463 | 2 | iku jam | root@mail1:~# cd /usr/share/roundcube/plugins/ && git clone https://github.com/bhuisgen/rc-vacation.git vacation |
464 | 2 | iku jam | |
465 | 2 | iku jam | root@mail1:/usr/share/roundcube/plugins# mkdir /etc/roundcube/plugins/vacation |
466 | 2 | iku jam | root@mail1:/usr/share/roundcube/plugins# ln -s /usr/share/roundcube/plugins/vacation/config.inc.php /etc/roundcube/plugins/vacation/ |
467 | 2 | iku jam | root@mail1:/usr/share/roundcube/plugins# cd vacation/ |
468 | 2 | iku jam | root@mail1:/usr/share/roundcube/plugins/vacation# cp config.inc.php.dist config.inc.php |
469 | 2 | iku jam | root@mail1:/usr/share/roundcube/plugins/vacation# vi config.inc.php |
470 | 2 | iku jam | root@mail1:/usr/share/roundcube/plugins/vacation# ln -s /usr/share/roundcube/plugins/vacation/ /var/lib/roundcube/plugins/ |
471 | 2 | iku jam | |
472 | 2 | iku jam | * edit /etc/roundcube/main.inc.php |
473 | 2 | iku jam | |
474 | 2 | iku jam | $rcmail_config['vacation_sql_dsn'] = |
475 | 2 | iku jam | 'pgsql://postfixadmin:PASSWORD@localhost/postfixadmin'; |
476 | 2 | iku jam | |
477 | 2 | iku jam | * test in roundcube settings, you should have a new tab "vacation/répondeur" |
478 | 2 | iku jam | |
479 | 2 | iku jam | |
480 | 2 | iku jam | h2. failover |
481 | 2 | iku jam | |
482 | 2 | iku jam | * in case of a failover of mail1, mail2 should be available to receive mails and provide access to all the mails that were on mail1 |
483 | 2 | iku jam | ** when mail1 comes back up online, it needs to synchronize with mail2 before |
484 | 2 | iku jam | * in case of a failover of mail2, mail1 should not be impacted |
485 | 2 | iku jam | |
486 | 2 | iku jam | |
487 | 1 | iku jam | h2. References |
488 | 1 | iku jam | |
489 | 1 | iku jam | http://chiliproject.tetaneutral.net/projects/tetaneutral/wiki/Serveur_Mail_tetalab |
490 | 1 | iku jam | |
491 | 1 | iku jam | http://www.kutukupret.com/2011/06/28/postfix-one-way-maildir-replication-backup-using-inotify-and-rsync/ |
492 | 1 | iku jam | |
493 | 2 | iku jam | http://www.postgresql.org/docs/9.1/interactive/continuous-archiving.html |