Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

Virtual Mail And Jabber Server (xmpp) With iRedMail And Ejabberd On Ubuntu 9.10


iRedMail is a shell script that lets you quickly deploy a full-featured mail solution in less than 2 minutes. Since iRedMail 0.5, it supports CentOS 5.x, Debian 5.x, Ubuntu 8.04, 9.04 and 9.10 (both i386 and x86_64). iRedMail supports both OpenLDAP and MySQL as backends for storing virtual domains and users.

This tutorial shows you how to integrate Ejabberd into iredmail’s ldap backend on Ubuntu 9.10, passwords will be stored in ldap and you can change the password through webmail.

This tutorial is based on Ubuntu 9.10, so I suggest set up a minimum Ubuntu 9.10 system, install iredmail 0.60 and choose openldap as the backend, as shown in these tutorials:

  • iRedMail: Mail Server With LDAP, Postfix, RoundCube/SquirrelMail, Dovecot, ClamAV, SpamAssassin, Amavisd (Debian 5.0.1)
  • iRedMail 0.6: Full-Featured Mail Server With OpenLDAP/Postfix/Dovecot/Amavisd/ClamAV/SpamAssassin/RoundCube/iRedAdmin On FreeBSD

Thanks to yrjc2004 for sharing and helping.

 

1 Install Ejabberd

Install ejabberd:

apt-get install ejabberd

 

2 Find cn=vmail password

The vmail password was randomly created during iredmail install. You can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf:

cat /etc/postfix/ldap_virtual_mailbox_domains.cf

bind_dn         = cn=vmail,dc=example,dc=com
bind_pw         = KxR6AAj2EutXjhcRcK2AHPWCqiA3Ym #cn=vmail password

 

3 Configure ejabberd

Ejabberd’s configuration files are written in Erlang syntax, which might be difficult to comprehend. Thankfully, the modifications we need to make are relatively minor and straightforward. The main ejabberd configuration file is located at /etc/ejabberd/ejabberd.cfg. We’ll cover each relevant option in turn.

In Erlang, comments begin with the % sign.

Edit /etc/ejabberd/ejabberd.cfg.

Setting admin and domain, now we set www@example.com as admin.

%% Admin user
{acl, admin, {user, "www", "example.com"}}.
%% Hostname
{hosts, ["example.com"]}.

Comment the line, Auth not use internal.

%%{auth_method, internal}.

Add the below at the bottom.

%%% Authenticate against LDAP.
{auth_method, ldap}.
{ldap_servers, ["127.0.0.1"]}.
%%% {ldap_encrypt, tls}.
{ldap_port, 389}.
{ldap_base, "o=domains,dc=example,dc=com"}.
{ldap_rootdn, "cn=vmail,dc=example,dc=com"}.
{ldap_password, "KxR6AAj2EutXjhcRcK2AHPWCqiA3Ym"}.  #cn=vmail password
%%% Enable both normal mail user and mail admin.
{ldap_filter, "(&(objectClass=mailUser)(accountStatus=active)(enabledService=jabber))"}.
{ldap_uids, [{"mail", "%u@%d"}]}.

Start ejabberd and check the status:

# /etc/init.d/ejabberd start

Starting jabber server: ejabberd.

# ejabberdctl status

Node ejabberd@u910 is started. Status: started
ejabberd is running

 

4 Enable jabber service for mail user

Use phpLDAPadmin or other tools to add sample LDAP attributes and values for existing mail users.

Log into phpLDAPadmin:cn=manager,dc=example,dc=com

Find the existing mail user www@example.com:

phpldapadmin_02

Enable the jabber service for the user www@example.com:

phpldapadmin_03

5 Configure iptables

Standard ports:

5222 Main client port
5223 Obsolete secure jabber port
5269 Server to server port
5280 Web administration

vi /etc/default/iptables

# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,5222,5223,5269,5280 -j ACCEPT # <-- Add 5222 5223 5269 5280

Restart the iptables service:

/etc/init.d/iptables restart

 

6 Web Access Admin Console

Now you can access http://192.168.1.10:5280/admin/

Log in as the ejabberd web admin; we have set www@example.com as the admin for the ejabberd server:

ejabberd_01

This is how it looks after the login:

ejabberd_02

Check the virtual host user:

ejabberd_03

You cannot create a user in webadmin. If you want to create a user, you first need to add the user in iRedAdmin, then enable the jabber service for the user in phpldapadmin.

If you want to add the second virtual domain, you first need to create a new domain in iRedAdmin, then modify /etc/ejabberd/ejabberd.cfg.

%% Hostname 
{hosts, ["example.com","test.com"]}.

7 XMPP Client: Pidgin

You can choose your favourite XMPP client, now I use Pidgin for testing. Download the newest version of Pidgin and install it. The setting are simple.

Basic settings:

ejabberd_04

Advanced settings:

ejabberd_05

Proxy settings:

ejabberd_03

Login:

ejabberd_07

To ensure that your ejabberd instance will federate properly with the rest of the XMPP network, particularly with Google’s “GTalk” service (i.e. the “@gmail.com” chat tool), we must set the SRV records for the domain to point to the server where the ejabberd instance is running. We need three records, which can be created in the DNS Management tool of your choice:

  • 1. Service: _xmpp-server Protocol: TCP Port: 5269
  • 2. Service: _xmpp-client Protocol: TCP Port: 5222
  • 3. Service: _jabber Protocol: TCP Port: 5269

The “target” of the SRV record should point to the publicly routable hostname for that machine (e.g. “mail.example.com”). The priority and weight should both be set to 0.

 

9 Troubleshooting

Enable logging in ldap:

vi /etc/ldap/slapd.conf

loglevel    256 # <-- change from 0 to 256 

Restart the openldap service:

/etc/init.d/slapd restart

Monitor /var/log/ejabberd/ejabberd.log and /var/log/openldap.log for troubleshooting.

tail -0f /var/log/openldap.log

root@mail:~# tail -0f /var/log/openldap.log
Mar 10 16:51:33 u910 slapd[3643]: conn=125 op=12 SRCH

base=”o=domains,dc=example,dc=com” scope=2 deref=0

filter=”(&(mail=www@example.com)(&(objectClass=mailUser)(accountStatus=active)(enabledService=jabber)))”
Mar 10 16:51:33 u910 slapd[3643]: conn=125 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND anonymous mech=implicit ssf=0
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND

dn=”mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com” method=128
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND

dn=”mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com” mech=SIMPLE ssf=0
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 RESULT tag=97 err=0 text=

tail -0f /var/log/ejabberd/ejabberd.log

# tail -0f /var/log/ejabberd/ejabberd.log
=INFO REPORT==== 2010-03-10 16:53:18 ===
I(<0.257.0>:ejabberd_listener:116) : (#Port<0.2811>) Accepted connection

{{192,168,1,147},59815} -> {{192,168,1,10},5222}

=INFO REPORT==== 2010-03-10 16:53:19 ===
I(<0.474.0>:ejabberd_c2s:559) : ({socket_state,tls,{tlssock,#Port<0.2811>

,#Port<0.2813>},<0.473.0>}) Accepted authentication for www

=INFO REPORT==== 2010-03-10 16:53:19 ===
I(<0.474.0>:ejabberd_c2s:804) : ({socket_state,tls,{tlssock,#Port<0.2811>,

#Port<0.2813>},<0.473.0>}) Opened session for www@example.com/15964533191268211199203489

=INFO REPORT==== 2010-03-10 16:53:30 ===
I(<0.474.0>:ejabberd_c2s:1306) : ({socket_state,tls,{tlssock,#Port<0.2811>,

#Port<0.2813>},<0.473.0>}) Close session for www@example.com/15964533191268211199203489

 

  • Discussion forum: http://www.iredmail.org/forum/topic536-how-to-ejabberd-integration-with-iredmailschema.html
  • Project home page: http://code.google.com/p/iredmail/
  • Install ejabberd on Ubuntu 9.04: http://library.linode.com/real-time-messaging/xmpp-servers/install-ejabberd-ubuntu-9.04-jaunty

 

Comments

comments