Thanks for your reply

h) Why can't these be done from with in the iRedMail interface?
    my question 'a)' was done from with-in iRedMail, and i think it is a fetchmail or postfix settings? (not 2 sure)

    h1) my bad on question 'c)', that is out of your hands, but thank you for your answer.

i) Ho  i just remember, there is a call to move from SMTP port 25 to DSMTP port 5##, can't recall the port number, will  iRedMail be using this?

"Oops, did you try iRedMail ever?"

yes, but not live, just with virtualbox on a network of 3 win-pc & outlook.
i want to try with a real network and real people, thats when you get to know what is needed and whats not?
We use kerio 6.x, but we have exchange lic&cd for 150 users, but never use it, because we want to go full open-source.
we remove about 42 win-pc and put-in ubuntu-pc, we still have win2003sbs for terminal-services (i don't think that one will change, but looking at zero-client box to save on energy).

"It's recommended to use the one you're familiar with"

and if i am not familiar with any of them, then?

@fbifido

Ehm... not to be "picky", but this thread is about a wishlist for iRedmail 0.8.0, and you are flooding it with questions about the presence or not of features in the current version.
You can find 90% of the answers to your doubts just by reading the docs, FAQ, this forum and testing iRedmail.

I think you should:
1) Try to install and fiddle with all the features and configurations as with every open source software. Even if it is on a testing environment/server, you'll learn a lot.
2) Open a NEW thread in the appropriate category.
3) After you'll have done a bit of research on your setup and you're stuck on something I'm sure Zhang and all of us will be more than happy to help you out.

Nothing against you of course, but I think this is really becoming thread hi-jacking

Regards

Alberto

maybe include stats on postfix-queue (output of "postqueue -p" ?)
so we can see on dashboard how many mails are stuck

maybe also some kind of button "try to send all mails in queue = flush NOW" using

postqueue -f

Not this moment.
Still no plan to make iRedAdmin access file system directly.

done :  http://www.iredmail.org/forum/post9303.html

iRedCal? A calendar server? Sorry, no plan for this.

SOGo is considered as a great groupware, you can give it a try.

hi,

sorry for the long delay, catched a cold. twice. and then had a bunch of work to do, which got stockpiled because of the cold.

# iredmail wishlist

## more hardening

### fail2ban

happy to read that fail2ban is integrated.
would be great to add fail2ban easy configurable so it is easy to setup with shorewall

### extra secure flag

if "extra secure" is selected from the install wizard, non-encrypted protocolls are disabled by default, higher key values are choosen, ...

### ip login whitelist for (admin) accounts

option for preventing super-admin logins from other ips than specified in a special whitelist.
allowing customers to access his own admin account from every/his own ip but locking down the super admin account to my own ips (commer seperated list would help).

why? because this can't be managed on firewall layer, i want to allow logins for all user in the admin but the super-admin must not be accessible from there. maybe also add a seperation on domain layer:
https://admin.mailserver.com the only virtualhost wherefrom superadmin login is possible. https://customeradmin.mailserver.com allows only non-superadmin logins.

### phpmyadmin & phpldap with stronger security

as a other user posted before, apache aliases like phpmyadmin and phpldapadmin should not (must not) be accessible by from the public.

i understand your argument that you want to keep the installer simple, but especially servers from unexpierienced users, who don't know how to secure a server (or even know that they should do that) are likley hacked, because of not secured phpmyadmins and similar.

a good goal would be to provide a secure default setting (blocking all ips but a comma seperated list defined by the user) and add a wiki page how to disable it, not the way you mention it.
it is a good pracitce to first be secure and open up the gates later.

also a domain and a ip layer would be nice. it would be good for all critical services to lock them to specific domains and ports. if you add different ports for different services then the firewall of the users choice can also be used.

### apache server signature

set apache server signature to prod.
debian: /etc/apache2/conf.d/security

ServerTokens Prod

its allways good to prevent sniffing

### install php5-suhosin package

good thing for the php software is this small extra package for some extra security.

### key size

>It will check 'default_bits' in openssl.cnf first, if it's greater or equal to 2048, iRedMail will use it. Otherwise, uses 2048.
thank you very much!

## major integrated backup system

### backup & restore

i think, for production useage an integrated backup solution is nessesary. it sould work out of the box and not be a extra to configure feature. cron jobs should be activated by the install script and the backup scripts shoud be also correctly setup by the wizard (right connection parameter).
integrety checking would also be very good.

backup is absolutly nessesary, also for not expierienced user. it should just work and not be optional. if you make a backup optional it will be like no backup.

the restore feature should also be easy and work out of the box.

if i have a servercrash but have my single backup file (containing: iredmail config, vmaildirectory, mysqldb, ldapdb) it could look like that (fresh server):

bash iRedMail.sh --restore-backup=backupfilename.tar.gz

to get the exact state of the mailserver as before.

see also http://www.iredmail.org/forum/topic1989 … cript.html

### integrated backup panel (iredmailadmin(pro))

backups are really important. so you should see in the admin if the backups worked or not.
http://www.activecollab.com/docs/manual … ta-backup)
see also http://www.iredmail.org/forum/topic1989 … cript.html

### import & export

as i was confronted with a ldap problems see http://www.iredmail.org/forum/topic1990 … -work.html i would be happy to have a generic import & export mechanism. as a user i don't care about which db is used or what command is used for backup. as long as it works. in the moment i can't export my user and all the domains and accounts. so i will have to reenter them again by hand if the copy of the ldap dir don't work. for such cases a generic xml export of all the data would be perfect.

<xml...
<iredmail>
    <superusers>
        ...
    </superusers>
    <domains>
        <domain>
            <name>bla.foo</name>
            <users>
                <user>
                    ...
                    <aliases>
                        <alias>....</alias>
                    </aliases>
                </user>
            </users>
    </domains>
</iredmail>

why that? because massimport and export is then possible, you can migrate from ldap to mysql version or the otherway round. you have a generic, human readable backup of all your users, you don't have to deal with databases you don't know.

## database abstraction

don't stick with mysql. i started to code php 1998, my first php project had a database abstaction layer for mysql and postgres. i would really be happy, if not all opensource projects stick to mysql in a time where really enough good database abstaction layers and orms are available.

http://adodb.sourceforge.net/
http://www.doctrine-project.org/
http://sqlrelay.sourceforge.net/
http://www.propelorm.org/

why postgres? because its major database which supports assyncron syncing in 9.0 and has syncron syncing features in 9.1
this is future oriented, loadbalanceable and clusterable.

## +1

+1 for dspam
+1 for nginx
+1 for custom database server selection (inside the wizard)
+1 Users can maintain their own whitelists and blacklists
+1 Users can manage their own content filtering settings
+1 for outgoing mail
+1 lockdown "by IP/hostname" of phpmyadmin and phpldapadmin-directories would be nice
+1 calendar functions

## replies

>I prefer to keep installation wizard as simple as possible, then provide additions FAQs to help admins achieve other features.
make two wizard modes, a simple one and an advanced one but always choose the auto-secure option in the simple wizard.

## puppet installation "support"

puppet recipe to get the mailserver up and running (i am trying to write one)

edit:
some of the backup features are implemented (missed to subscribe my own topic http://www.iredmail.org/forum/topic1989 … ript.html) see the answers from ZhangHuangbin there

I was working on Gentoo  support sometime ago. In fact I still have the iredmail build running on my main Gentoo email server now and it's never gone wrong.

To be honest I haven't worked on it for a while my family recently became +1. I'll dig out what I did and let other people improve it. A way of dealing with use flags would help, I had to manually add them before install.

I'd love to see Gentoo officially supported. I'll help has much as I can.

I am still trying to perfect my install before going live, love the simplicity of iRedmail 0.71 on CentOS 5.6. However, what I would dearly like to see in an upcoming version is:

Nginx support out of the box with PHP 5.6 with PHP-FPM
MariaDB support out of the box - total, unobtursive, out-of-the-box replacement for MySQL and faster as a bonus.

I am currently testing a customised version of the centmin script from BTCentral - http://www.btcentral.org.uk/projects/centmin/ - , customised by a vBulletin guru: http://vbtechsupport.com/920/

It is this script that I am using to attempt to install iRedmail in concert with. Having Nginx and MariaDB support already in iRedmail would make things alot easier.....

Cheers
Bruce

I wish these upgrades on FreeBSD port;

Postfix 2.8
Python 2.7 (works very well on FreeBSD)
MySQL 5.5 (but MariaDB is an other good option)
amavisd-new 2.7 (new release offers a lot of changes. Just now FreeBSD amavisd-new 2.7 update released but can not reconfigure out by myself. May be a update procedure is necessary for this.
Dovecot 2.0

and others.

FreeBSD mostly offers more recent versions of softwares.

Sorry about my English.

Best Regards.

Hasan Alp iNAN