2015-12-03 20:13:59 -06:00
|
|
|
# Migrate from Cluebringer to iRedAPD
|
|
|
|
|
|
|
|
[TOC]
|
|
|
|
|
|
|
|
## Summary
|
|
|
|
|
|
|
|
iRedMail-0.9.3 and later releases drop Cluebringer, and replace it by iRedAPD,
|
|
|
|
because:
|
|
|
|
|
|
|
|
* Cluebringer is not under active development anymore.
|
|
|
|
* No new Cluebringer release since 2013 (the latest stable release doesn't
|
|
|
|
support IPv6).
|
|
|
|
* Cluebringer is not available in Debian (jessie) official repositories
|
|
|
|
anymore, developers didn't bring it back.
|
|
|
|
|
|
|
|
Not all Cluebringer features are implemented in iRedAPD, but the most important
|
|
|
|
2 features have been implemented:
|
|
|
|
|
|
|
|
* throttling
|
|
|
|
* greylisting
|
|
|
|
|
|
|
|
If you need other Cluebringer features, please stay with Cluebringer and let
|
|
|
|
us know which features you need, so that we can implement it in future release
|
|
|
|
of iRedAPD.
|
|
|
|
|
|
|
|
## Migrate to iRedAPD
|
|
|
|
|
|
|
|
### Upgrade iRedAPD to 1.7.0 or later releases
|
|
|
|
|
|
|
|
Please Make sure you're running iRedAPD-1.7.0 or later release, you can check
|
|
|
|
the version number with command below:
|
|
|
|
|
|
|
|
```
|
|
|
|
grep '__version__' /opt/iredapd/libs/__init__.py
|
|
|
|
```
|
|
|
|
|
|
|
|
If you're not running iRedAPD-1.7.0 or later release, please follow our
|
|
|
|
tutorial to upgrade it: [Upgrade iRedAPD](./upgrade.iredapd.html).
|
|
|
|
|
|
|
|
### Migrate Cluebringer to iRedAPD
|
|
|
|
|
|
|
|
iRedAPD-1.7.0 and later release ship two scripts to migrate greylisting and
|
|
|
|
throttling settings from Cluebringer:
|
|
|
|
|
|
|
|
* `/opt/iredapd/tools/migrate_cluebringer_greylisting.py`: used to migrate
|
|
|
|
greylisting settings.
|
|
|
|
* `/opt/iredapd/tools/migrate_cluebringer_throttle.py`: used to migrate
|
|
|
|
throttling settings.
|
|
|
|
|
|
|
|
Please open above two files, update below parameters with correct SQL server
|
|
|
|
address, port, database name, username and password for your existing
|
|
|
|
Cluebringer database. You can find them in files below:
|
|
|
|
|
|
|
|
* On RHEL/CentOS, it's `/etc/policyd/cluebringer.conf`.
|
|
|
|
* Debian/Ubuntu: it's `/etc/cluebringer/cluebringer.conf`.
|
|
|
|
* FreeBSD: it's `/usr/local/etc/cluebringer.conf`.
|
|
|
|
* OpenBSD: Not applicable, cluebringer is not available on OpenBSD.
|
|
|
|
|
|
|
|
```
|
|
|
|
cluebringer_db_host = '127.0.0.1'
|
|
|
|
cluebringer_db_port = 3306
|
|
|
|
cluebringer_db_name = 'cluebringer'
|
|
|
|
cluebringer_db_user = 'root'
|
|
|
|
cluebringer_db_password = ''
|
|
|
|
```
|
|
|
|
|
|
|
|
Then run below commands to migrate greylisting and throttling settings:
|
|
|
|
|
|
|
|
```
|
|
|
|
# cd /opt/iredapd/tools/
|
|
|
|
# python migrate_cluebringer_greylisting.py
|
|
|
|
# python migrate_cluebringer_throttle.py
|
|
|
|
```
|
|
|
|
|
|
|
|
That's it.
|
|
|
|
|
2015-12-16 01:07:57 -06:00
|
|
|
## After migration
|
2015-12-03 20:13:59 -06:00
|
|
|
|
2015-12-16 08:46:54 -06:00
|
|
|
### Enable required plugins, remove old plugins
|
|
|
|
|
|
|
|
> Restarting iRedAPD service is required if you changed its config file.
|
|
|
|
|
|
|
|
* To enable whitelists, blacklists, greylisting and throttling offered by
|
|
|
|
iRedAPD, please enable plugins `amavisd_wblist`, `greylisting` and `throttle`
|
|
|
|
in iRedAPD config file like below:
|
|
|
|
|
|
|
|
```
|
|
|
|
# File: /opt/iredapd/settings.py
|
|
|
|
|
|
|
|
plugins = [..., 'amavisd_wblist', 'greylisting', 'throttle']
|
|
|
|
```
|
|
|
|
|
|
|
|
The order of plugin names doesn't matter.
|
|
|
|
|
|
|
|
* Several plugins in old iRedAPD have been removed, you should remove them
|
|
|
|
from parameter `plugins =` in iRedAPD config file:
|
|
|
|
|
|
|
|
* ldap_amavisd_block_blacklisted_senders
|
|
|
|
* ldap_recipient_restrictions
|
|
|
|
* sql_user_restrictions
|
|
|
|
* amavisd_message_size_limit
|
|
|
|
|
2016-04-03 08:20:59 -05:00
|
|
|
First 3 plugins are replaced by `amavisd_wblist`, last one is replaced by
|
2015-12-16 08:46:54 -06:00
|
|
|
plugin `throttle`.
|
|
|
|
|
2015-12-16 01:07:57 -06:00
|
|
|
### Disable Cluebringer in Postfix
|
2015-12-14 08:24:20 -06:00
|
|
|
|
2015-12-03 20:13:59 -06:00
|
|
|
After migrated to iRedAPD, we need to update Postfix config file
|
|
|
|
`/etc/postfix/main.cf` (Linux) or `/usr/local/etc/postfix/main.cf` (FreeBSD)
|
|
|
|
to remove Cluebringer settings:
|
|
|
|
|
|
|
|
* Remove all `check_policy_service inet:127.0.0.1:10031` in `main.cf`, like below:
|
|
|
|
|
|
|
|
```
|
|
|
|
smtpd_recipient_restrictions =
|
2015-12-14 22:56:35 -06:00
|
|
|
...
|
2015-12-03 20:13:59 -06:00
|
|
|
check_policy_service inet:127.0.0.1:10031 # <- Remove this line
|
2015-12-14 22:56:35 -06:00
|
|
|
...
|
2015-12-03 20:13:59 -06:00
|
|
|
|
|
|
|
smtpd_end_of_data_restrictions =
|
2015-12-14 22:56:35 -06:00
|
|
|
...
|
2015-12-03 20:13:59 -06:00
|
|
|
check_policy_service inet:127.0.0.1:10031 # <- Remove this line
|
2015-12-14 22:56:35 -06:00
|
|
|
...
|
2015-12-03 20:13:59 -06:00
|
|
|
```
|
|
|
|
|
2016-02-04 02:58:33 -06:00
|
|
|
### Enable iRedAPD in Postfix
|
2015-12-03 20:13:59 -06:00
|
|
|
|
2016-02-04 02:58:33 -06:00
|
|
|
Make sure iRedAPD are enabled in __BOTH__ `smtpd_recipient_restrictions`
|
|
|
|
and `smtpd_end_of_data_restrictions` like below:
|
2015-12-03 20:13:59 -06:00
|
|
|
|
2016-02-04 02:58:33 -06:00
|
|
|
```
|
|
|
|
smtpd_recipient_restrictions =
|
|
|
|
...
|
|
|
|
check_policy_service inet:127.0.0.1:7777
|
|
|
|
permit_mynetworks
|
|
|
|
...
|
|
|
|
|
|
|
|
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
|
|
|
|
```
|
|
|
|
|
2016-03-03 02:21:53 -06:00
|
|
|
!!! note
|
|
|
|
|
|
|
|
If you have additional IP addresses/networks listed in Postfix setting
|
|
|
|
"mynetworks =", you have to list them all in iRedAPD config file
|
|
|
|
(`/opt/iredapd/settings.py`) too, like below:
|
|
|
|
|
|
|
|
```MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]```
|
|
|
|
|
2016-02-04 02:58:33 -06:00
|
|
|
### Restart Postfix service
|
|
|
|
|
|
|
|
Reloading or restarting Postfix service is required after changed `main.cf`.
|
2015-12-03 20:13:59 -06:00
|
|
|
|
2016-02-04 02:58:33 -06:00
|
|
|
* On Linux/FreeBSD:
|
|
|
|
|
|
|
|
```
|
|
|
|
# service postfix restart
|
|
|
|
```
|
|
|
|
|
|
|
|
* On OpenBSD:
|
|
|
|
|
|
|
|
```
|
|
|
|
# /etc/rc.d/postfix restart
|
|
|
|
```
|
|
|
|
|
|
|
|
### Stop Cluebringer service, and remove Cluebringer packages
|
|
|
|
|
|
|
|
We don't need Cluebringer anymore, so it's ok to stop cluebringer service and
|
|
|
|
remove the packages:
|
|
|
|
|
|
|
|
* On RHEL/CentOS:
|
|
|
|
|
|
|
|
```
|
|
|
|
# service cbpolicyd stop && yum remove cluebringer
|
|
|
|
```
|
|
|
|
|
|
|
|
* On Debian/Ubuntu:
|
|
|
|
|
|
|
|
```
|
|
|
|
# service postfix-cluebringer stop && apt-get remove --purge postfix-cluebringer
|
|
|
|
```
|
|
|
|
|
|
|
|
* On FreeBSD:
|
|
|
|
|
|
|
|
```
|
|
|
|
# service policyd2 stop && cd /usr/ports/mail/policyd2/ && make deinstall
|
|
|
|
```
|
2015-12-03 20:13:59 -06:00
|
|
|
|
|
|
|
* Edit root user's cron job, remove the one used to clean up Cluebringer SQL
|
|
|
|
database:
|
|
|
|
|
2016-02-04 02:58:33 -06:00
|
|
|
1. Run command to edit root user's cron job: ```# crontab -e -u root```
|
|
|
|
1. Find cron job like below, remove it or comment out it:
|
2015-12-03 20:13:59 -06:00
|
|
|
|
|
|
|
```
|
|
|
|
3 3 * * * /usr/sbin/cbpadmin --config=/etc/policyd/cluebringer.conf --cleanup >/dev/null
|
|
|
|
```
|
|
|
|
|
|
|
|
* Optionally, you can drop its SQL database `cluebringer` also.
|
2015-12-14 08:24:20 -06:00
|
|
|
|
2015-12-16 01:07:57 -06:00
|
|
|
### Disable Cluebringer in iRedAdmin-Pro
|
2015-12-14 08:24:20 -06:00
|
|
|
|
|
|
|
To disable Cluebringer integration in iRedAdmin-Pro, please set
|
|
|
|
`policyd_enabled = False` in iRedAdmin-Pro config file, then restart Apache
|
|
|
|
or uwsgi (if you're running Nginx) service.
|
2015-12-14 09:00:43 -06:00
|
|
|
|
2015-12-22 09:00:16 -06:00
|
|
|
> After you have upgraded to the latest iRedAdmin-Pro release (at least
|
2015-12-16 01:07:57 -06:00
|
|
|
> iRedAdmin-Pro-LDAP-2.4.0, or iRedAdmin-Pro-SQL-2.2.0, both released on Dec 14,
|
|
|
|
> 2015), you can either __COMMENT OUT__ or __REMOVE__ all parameters which start
|
|
|
|
> with `policyd_` in iRedAdmin-Pro config file, for example:
|
2019-06-06 02:36:43 -05:00
|
|
|
|
2015-12-14 09:00:43 -06:00
|
|
|
```
|
2016-02-04 02:58:33 -06:00
|
|
|
policyd_enabled =
|
|
|
|
policyd_db_host =
|
|
|
|
policyd_db_port =
|
|
|
|
policyd_db_name =
|
|
|
|
policyd_db_user =
|
|
|
|
policyd_db_password =
|
2015-12-14 09:00:43 -06:00
|
|
|
```
|