2020-05-05 10:59:01 -05:00
<!DOCTYPE html>
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Upgrade iRedMail from 1.2.1 to 1.3< / title >
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
< / head >
< body >
< div id = "navigation" >
< a href = "https://www.iredmail.org" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "upgrade-iredmail-from-121-to-13" > Upgrade iRedMail from 1.2.1 to 1.3< / h1 >
< div class = "toc" >
< ul >
< li > < a href = "#upgrade-iredmail-from-121-to-13" > Upgrade iRedMail from 1.2.1 to 1.3< / a > < ul >
< li > < a href = "#changelog" > ChangeLog< / a > < / li >
< li > < a href = "#general-all-backends-should-apply-these-changes" > General (All backends should apply these changes)< / a > < ul >
< li > < a href = "#update-etciredmail-release-with-new-iredmail-version-number" > Update /etc/iredmail-release with new iRedMail version number< / a > < / li >
2020-06-29 23:37:55 -05:00
< li > < a href = "#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release" > Upgrade iRedAPD (Postfix policy server) to the latest stable release< / a > < / li >
< li > < a href = "#upgrade-mlmmjadmin-to-the-latest-stable-release" > Upgrade mlmmjadmin to the latest stable release< / a > < / li >
2020-06-08 20:03:25 -05:00
< li > < a href = "#upgrade-roundcube-webmail-to-the-latest-stable-release-146" > Upgrade Roundcube webmail to the latest stable release (1.4.6)< / a > < / li >
2020-06-12 11:00:25 -05:00
< li > < a href = "#fixed-can-not-manage-mail-filters-with-roundcube-on-centos-7" > Fixed: can not manage mail filters with Roundcube on CentOS 7< / a > < / li >
2020-05-05 10:59:01 -05:00
< li > < a href = "#fixed-inconsistent-fail2ban-jail-names" > Fixed: inconsistent Fail2ban jail names< / a > < / li >
< / ul >
< / li >
2020-05-25 21:38:49 -05:00
< li > < a href = "#openldap-backend-special" > OpenLDAP backend special< / a > < ul >
< li > < a href = "#add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database" > Add missing index for SQL column msgs.time_iso in amavisd database< / a > < / li >
2020-05-31 21:30:32 -05:00
< li > < a href = "#improvement-store-more-info-in-fail2ban-sql-db" > Improvement: Store more info in Fail2ban SQL db< / a > < / li >
2020-05-25 21:38:49 -05:00
< / ul >
< / li >
< li > < a href = "#mysqlmariadb-backend-special" > MySQL/MariaDB backend special< / a > < ul >
< li > < a href = "#add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database_1" > Add missing index for SQL column msgs.time_iso in amavisd database< / a > < / li >
2020-05-31 21:30:32 -05:00
< li > < a href = "#improvement-store-more-info-in-fail2ban-sql-db_1" > Improvement: Store more info in Fail2ban SQL db< / a > < / li >
< / ul >
< / li >
< li > < a href = "#postgresql-backend-special" > PostgreSQL backend special< / a > < ul >
< li > < a href = "#improvement-store-more-info-in-fail2ban-sql-db_2" > Improvement: Store more info in Fail2ban SQL db< / a > < / li >
2020-05-25 21:38:49 -05:00
< / ul >
< / li >
2020-05-05 10:59:01 -05:00
< / ul >
< / li >
< / ul >
< / div >
< div class = "admonition note" >
< p class = "admonition-title" > Paid Remote Upgrade Support< / p >
< p > We offer remote upgrade support if you don't want to get your hands dirty,
check < a href = "https://www.iredmail.org/support.html" > the details< / a > and
< a href = "https://www.iredmail.org/contact.html" > contact us< / a > .< / p >
< / div >
< h2 id = "changelog" > ChangeLog< / h2 >
< ul >
2020-06-29 01:29:42 -05:00
< li > Jun 29, 2020: initial release.< / li >
2020-05-05 10:59:01 -05:00
< / ul >
< h2 id = "general-all-backends-should-apply-these-changes" > General (All backends should apply these changes)< / h2 >
< h3 id = "update-etciredmail-release-with-new-iredmail-version-number" > Update < code > /etc/iredmail-release< / code > with new iRedMail version number< / h3 >
< p > iRedMail stores the release version in < code > /etc/iredmail-release< / code > after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:< / p >
< pre > < code > 1.3
< / code > < / pre >
2020-06-29 23:37:55 -05:00
< h3 id = "upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release" > Upgrade iRedAPD (Postfix policy server) to the latest stable release< / h3 >
< p > Please follow below tutorial to upgrade iRedAPD to the latest stable release:
< a href = "./upgrade.iredapd.html" > Upgrade iRedAPD to the latest stable release< / a > < / p >
< h3 id = "upgrade-mlmmjadmin-to-the-latest-stable-release" > Upgrade mlmmjadmin to the latest stable release< / h3 >
< p > Please follow below tutorial to upgrade mlmmjadmin to the latest stable release:
< a href = "./upgrade.mlmmjadmin.html" > Upgrade mlmmjadmin to the latest stable release< / a > < / p >
2020-06-08 20:03:25 -05:00
< h3 id = "upgrade-roundcube-webmail-to-the-latest-stable-release-146" > Upgrade Roundcube webmail to the latest stable release (1.4.6)< / h3 >
< div class = "admonition warning" >
< p class = "admonition-title" > Roundcube 1.4< / p >
< p > Since Roundcube 1.3, at least < strong > PHP 5.4< / strong > is required. If your server is
running PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube
the latest 1.2 branch instead.< / p >
< / div >
< p > Roundcube 1.4.6 fixes few security issues, all users are encouraged to upgrade
< em > as soon as possible< / em > .< / p >
< ul >
< li > < a href = "https://github.com/roundcube/roundcubemail/wiki/Upgrade" > How to upgrade Roundcube< / a > .< / li >
< / ul >
< p > References:< / p >
< ul >
2020-07-05 23:47:59 -05:00
< li > 07 June 2020, < a href = "https://roundcube.net/news/2020/06/07/updates-1.4.6-and-1.3.13-released" > Updates 1.4.6 and 1.3.13 released< / a > < / li >
< li > 02 June 2020, < a href = "https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12" > Security updates 1.4.5 and 1.3.12 released< / a > < / li >
2020-06-08 20:03:25 -05:00
< / ul >
2020-06-12 11:00:25 -05:00
< h3 id = "fixed-can-not-manage-mail-filters-with-roundcube-on-centos-7" > Fixed: can not manage mail filters with Roundcube on CentOS 7< / h3 >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< p > This is only application to CentOS 7.< / p >
< / div >
< p > On CentOS 7, the Roundcube official plugin < code > managesieve< / code > doesn't work with
TLSv1.1 and TLSv1.2, so we have to re-enable TLSv1 in Dovecot, otherwise you
can not manage mail filters with Roundcube.< / p >
< p > Open file < code > /etc/dovecot/dovecot.conf< / code > , find the < code > ssl_protocols< / code > parameter like
below:< / p >
< pre > < code > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
< / code > < / pre >
< p > Remove < code > !TLSv1< / code > and restart Dovecot service:< / p >
< pre > < code > ssl_protocols = !SSLv2 !SSLv3 !TLSv1.1
< / code > < / pre >
< p > Note: TLSv1 and TLSv1.2 are supported with this change.< / p >
2020-05-05 10:59:01 -05:00
< h3 id = "fixed-inconsistent-fail2ban-jail-names" > Fixed: inconsistent Fail2ban jail names< / h3 >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< p > This is applicable to Linux and OpenBSD.< / p >
< / div >
< p > iRedMail-1.2 and 1.2.1 introduced < a href = "./fail2ban.sql.html" > SQL integration in
Fail2ban< / a > , but there're few inconsistent jail names which
caused unbanning IP from iRedAdmin-Pro doesn't work. Please run commands below
to fix them.< / p >
< pre > < code > cd /etc/fail2ban/jail.d/
perl -pi -e 's#dovecot-iredmail#dovecot#g' dovecot.local
perl -pi -e 's#postfix-pregreet-iredmail#postfix-pregreet#g' postfix-pregreet.local
perl -pi -e 's#name=postfix,#name=postfix-pregreet,#g' postfix-pregreet.local
perl -pi -e 's#postfix-iredmail#postfix#g' postfix.local
perl -pi -e 's#roundcube-iredmail#roundcube#g' roundcube.local
perl -pi -e 's#sogo-iredmail#sogo#g' sogo.local
2020-05-25 21:38:49 -05:00
< / code > < / pre >
< h2 id = "openldap-backend-special" > OpenLDAP backend special< / h2 >
< h3 id = "add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database" > Add missing index for SQL column < code > msgs.time_iso< / code > in < code > amavisd< / code > database< / h3 >
< p > Please run SQL commands below as MySQL root user:< / p >
< pre > < code > USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
< / code > < / pre >
2020-05-31 21:30:32 -05:00
< h3 id = "improvement-store-more-info-in-fail2ban-sql-db" > Improvement: Store more info in Fail2ban SQL db< / h3 >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< p > Since iRedMail-1.2, Fail2ban is configured to < a href = "./fail2ban.sql.html" > store banned IP addresses in
SQL database< / a > , if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: < a href = "./iredmail.releases.html" > iRedMail release notes and upgrade tutorials< / a > .< / p >
< / div >
2020-06-05 12:15:41 -05:00
< p > With changes below, we now store more info in Fail2ban SQL database:< / p >
< ul >
< li > Matched log lines which triggerred the ban< / li >
< li > Number of times the failure occurred until ban< / li >
< li > Reverse DNS name of banned IP address< / li >
< / ul >
2020-05-31 21:30:32 -05:00
< p > Please run SQL commands below as MySQL root user:< / p >
< pre > < code > USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
2020-06-05 12:03:19 -05:00
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
2020-05-31 21:30:32 -05:00
< / code > < / pre >
< p > Now open file < code > /etc/fail2ban/action.d/banned_db.conf< / code > , find the < code > actionban =< / code >
line like below:< / p >
< pre > < code > actionban = /usr/local/bin/fail2ban_banned_db ban < ip> < port> < protocol> < name>
< / code > < / pre >
< p > Replace it by:< / p >
< pre > < code > actionban = /usr/local/bin/fail2ban_banned_db ban < ip> < port> < protocol> < name> < ipjailfailures> < ipjailmatches>
< / code > < / pre >
< p > Download improved shell script and replace the existing one:< / p >
2020-07-20 00:41:01 -05:00
< pre > < code > cd /usr/local/bin
wget -O fail2ban_banned_db https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
chmod 0550 fail2ban_banned_db
2020-05-31 21:30:32 -05:00
< / code > < / pre >
< p > Now restart Fail2ban service.< / p >
2020-05-25 21:38:49 -05:00
< h2 id = "mysqlmariadb-backend-special" > MySQL/MariaDB backend special< / h2 >
< h3 id = "add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database_1" > Add missing index for SQL column < code > msgs.time_iso< / code > in < code > amavisd< / code > database< / h3 >
< p > Please run SQL commands below as MySQL root user:< / p >
< pre > < code > USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
2020-05-31 21:30:32 -05:00
< / code > < / pre >
< h3 id = "improvement-store-more-info-in-fail2ban-sql-db_1" > Improvement: Store more info in Fail2ban SQL db< / h3 >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< p > Since iRedMail-1.2, Fail2ban is configured to < a href = "./fail2ban.sql.html" > store banned IP addresses in
SQL database< / a > , if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: < a href = "./iredmail.releases.html" > iRedMail release notes and upgrade tutorials< / a > .< / p >
< / div >
2020-06-05 12:15:41 -05:00
< p > With changes below, we now store more info in Fail2ban SQL database:< / p >
< ul >
< li > Matched log lines which triggerred the ban< / li >
< li > Number of times the failure occurred until ban< / li >
< li > Reverse DNS name of banned IP address< / li >
< / ul >
2020-05-31 21:30:32 -05:00
< p > Please run SQL commands below as MySQL root user:< / p >
< pre > < code > USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
2020-06-05 12:03:19 -05:00
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
2020-05-31 21:30:32 -05:00
< / code > < / pre >
< p > Now open file < code > /etc/fail2ban/action.d/banned_db.conf< / code > , find the < code > actionban =< / code >
line like below:< / p >
< pre > < code > actionban = /usr/local/bin/fail2ban_banned_db ban < ip> < port> < protocol> < name>
< / code > < / pre >
< p > Replace it by:< / p >
< pre > < code > actionban = /usr/local/bin/fail2ban_banned_db ban < ip> < port> < protocol> < name> < ipjailfailures> < ipjailmatches>
< / code > < / pre >
< p > Download improved shell script and replace the existing one:< / p >
< pre > < code > wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
< / code > < / pre >
< p > Now restart Fail2ban service.< / p >
< h2 id = "postgresql-backend-special" > PostgreSQL backend special< / h2 >
< h3 id = "improvement-store-more-info-in-fail2ban-sql-db_2" > Improvement: Store more info in Fail2ban SQL db< / h3 >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< p > Since iRedMail-1.2, Fail2ban is configured to < a href = "./fail2ban.sql.html" > store banned IP addresses in
SQL database< / a > , if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: < a href = "./iredmail.releases.html" > iRedMail release notes and upgrade tutorials< / a > .< / p >
< / div >
2020-06-05 12:15:41 -05:00
< p > With changes below, we now store more info in Fail2ban SQL database:< / p >
< ul >
< li > Matched log lines which triggerred the ban< / li >
< li > Number of times the failure occurred until ban< / li >
< li > Reverse DNS name of banned IP address< / li >
< / ul >
2020-05-31 21:30:32 -05:00
< p > Please follow steps below to apply required changes.< / p >
< ul >
< li > Connect to PostgreSQL server as < code > postgres< / code > user and connect to < code > vmail< / code > database:< ul >
< li > on Linux, it's < code > postgres< / code > user< / li >
< li > on FreeBSD, it's < code > pgsql< / code > user< / li >
< li > on OpenBSD, it's < code > _postgresql< / code > user< / li >
< / ul >
< / li >
< / ul >
< pre > < code > su - postgres
psql -d fail2ban
< / code > < / pre >
< ul >
< li > Run SQL commands below:< / li >
< / ul >
< pre > < code > \c fail2ban;
ALTER TABLE banned ADD COLUMN failures SMALLINT NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
2020-06-05 12:03:19 -05:00
ALTER TABLE banned ADD COLUMN rdns VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX idx_banned_rdns ON banned (rdns);
2020-05-31 21:30:32 -05:00
< / code > < / pre >
< ul >
< li > Open file < code > /etc/fail2ban/action.d/banned_db.conf< / code > , find the < code > actionban =< / code >
line like below:< / li >
< / ul >
< pre > < code > actionban = /usr/local/bin/fail2ban_banned_db ban < ip> < port> < protocol> < name>
< / code > < / pre >
< p > Replace it by:< / p >
< pre > < code > actionban = /usr/local/bin/fail2ban_banned_db ban < ip> < port> < protocol> < name> < ipjailfailures> < ipjailmatches>
< / code > < / pre >
< ul >
< li > Download improved shell script and replace the existing one:< / li >
< / ul >
< pre > < code > wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
< / code > < / pre >
< ul >
< li > Now restart Fail2ban service.< / li >
< / ul > < div class = "footer" >
2020-05-05 10:59:01 -05:00
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://github.com/iredmail/docs/" > GitHub repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://github.com/iredmail/docs/archive/master.zip" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "https://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
<!-- Global site tag (gtag.js) - Google Analytics -->
< script async src = "https://www.googletagmanager.com/gtag/js?id=UA-3293801-21" > < / script >
< script >
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3293801-21');
< / script >
< / body > < / html >