1

Topic: iRedMail-0.9.0-rc1 - nginx vs Apache

- iRedMail version: 0.9.0-rc1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySql
- Linux/BSD distribution name and version: Debian Wheezy, 7.7

Install iRedMail on the fresh system, select "Apache" as a default engine. After installation, nginx is used as a www server, not apache.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

Thanks for your feedback, i will try to reproduce this issue and fix it later.

3

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

Confirmed and fixed, here's patch:

diff -r 8a96039e7791 iRedMail/dialog/config_via_dialog.sh
--- a/iRedMail/dialog/config_via_dialog.sh    Fri Oct 24 14:30:57 2014 +0800
+++ b/iRedMail/dialog/config_via_dialog.sh    Sat Oct 25 19:48:13 2014 +0800
@@ -118,7 +118,7 @@
     [ X"${web_servers}" != X"" ] && break
 done
 
-if grep 'APACHE' /tmp/web_servers &>/dev/null; then
+if [ X"${web_servers}" == X'APACHE' ]; then
     export DEFAULT_WEB_SERVER='APACHE'
     echo "export DEFAULT_WEB_SERVER='APACHE'" >>${IREDMAIL_CONFIG_FILE}
 else

4

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

No problems, checking again.
Another one: during installation, when choosing "preferred backed used to store mail accounts", in all descriptions spaces are replaced by "_"  -> would be nice to fix.
E.g. "An_open_source_implementation_of_LDAP_protocol"
This is on Debian 7.7

5

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

And another one:
- iRedMail version: 0.9.0-rc1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySql
- Linux/BSD distribution name and version: Debian Wheezy, 7.7
When trying to reach ".../awstats", it asks for username/password. The ones which are provided in the initial e-mail (for postadmin) do not work.

6

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

mimish wrote:

When trying to reach ".../awstats", it asks for username/password. The ones which are provided in the initial e-mail (for postadmin) do not work.

Could you please show me the password? just first several characters inside {} block. Apache doesn't support SSHA/SSHA512 password hash.

7

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

Access to /cluebringer does not work neither.
I think this will not work for any password, and not only my specific one.
Problem, probably, is in the way password is stored.
Does Apache understand "{SSHA512}Dn0IF.." syntax?

8

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

Apache doesn't support SSHA512, so please set your password to MD5 and it should work.

We know Apache doesn't work with SSHA/SSHA512, but MD5 should not be considered as secure password hash anymore, so we prefer to use SSHA512 instead. The inconvenience is you have to set password to MD5 if you want to login to Awstats and Cluebringer.

9

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

Thanks. I guess this should be made clear during installation.
The default setup now then does not fully work.

10 (edited by bartoruiz 2014-10-29 11:31:27)

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

ZhangHuangbin wrote:

Apache doesn't support SSHA512, so please set your password to MD5 and it should work.

We know Apache doesn't work with SSHA/SSHA512, but MD5 should not be considered as secure password hash anymore, so we prefer to use SSHA512 instead. The inconvenience is you have to set password to MD5 if you want to login to Awstats and Cluebringer.

You should probably consider removing mysql_auth at all, that module just drags security and maintainers doesn't seem to care.

AuthUserFile is just fine to secure awstats and cluebringer, is not in sync but meh....I did sacrifice that in order to use BCRYPT.

11

Re: iRedMail-0.9.0-rc1 - nginx vs Apache

Hi @bartoruiz,

I understand your concern. So i will use SSHA512 as default password hash for SQL backends in next iRedMail release.
For FreeBSD and OpenBSD (5.6), it will be BCRYPT.