iredmail-doc/html/upgrade.iredmail.0.9.9-1.0.html

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 0.9.9 to 1.0</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-099-to-10">Upgrade iRedMail from 0.9.9 to 1.0</h1>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-099-to-10">Upgrade iRedMail from 0.9.9 to 1.0</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release">Upgrade iRedAPD (Postfix policy server) to the latest stable release</a></li>
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-096">Upgrade iRedAdmin (open source edition) to the latest stable release (0.9.6)</a></li>
<li><a href="#upgrade-mlmmjadmin-to-the-latest-stable-release-21">Upgrade mlmmjadmin to the latest stable release (2.1)</a></li>
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</a></li>
<li><a href="#upgrade-netdata-to-the-latest-stable-release-1150">Upgrade netdata to the latest stable release (1.15.0)</a></li>
<li><a href="#fixed-improper-order-of-postfix-smtpd_sender_restriction-rules">Fixed: improper order of Postfix smtpd_sender_restriction rules</a></li>
<li><a href="#fail2ban-slightly-loose-filter-rule-for-postfix">Fail2ban: slightly loose filter rule for postfix</a></li>
</ul>
</li>
<li><a href="#for-openldap-backend">For OpenLDAP backend</a><ul>
<li><a href="#optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</a><ul>
<li><a href="#add-required-ldap-attributevalue-pair-for-all-mail-users">Add required LDAP attribute/value pair for all mail users</a></li>
<li><a href="#enable-quota-status-service-in-dovecot">Enable quota-status service in Dovecot</a></li>
<li><a href="#enable-quota-status-check-in-postfix">Enable quota status check in Postfix</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#for-mysqlmariadb-backends">For MySQL/MariaDB backends</a><ul>
<li><a href="#optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix_1">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</a><ul>
<li><a href="#add-new-sql-column-in-vmailmailbox-table">Add new SQL column in vmail.mailbox table</a></li>
<li><a href="#enable-quota-status-service-in-dovecot_1">Enable quota-status service in Dovecot</a></li>
<li><a href="#enable-quota-status-check-in-postfix_1">Enable quota status check in Postfix</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#for-postgresql-backend">For PostgreSQL backend</a><ul>
<li><a href="#optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix_2">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</a><ul>
<li><a href="#add-new-sql-column-in-vmailmailbox-table_1">Add new SQL column in vmail.mailbox table</a></li>
<li><a href="#enable-quota-status-service-in-dovecot_2">Enable quota-status service in Dovecot</a></li>
<li><a href="#enable-quota-status-check-in-postfix_2">Enable quota status check in Postfix</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>This is still a <strong>DRAFT</strong> document, do <strong>NOT</strong> apply it.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Paid Remote Upgrade Support</p>
<p>We offer remote upgrade support if you don't want to get your hands dirty,
check <a href="https://www.iredmail.org/support.html">the details</a> and
<a href="https://www.iredmail.org/contact.html">contact us</a>.</p>
</div>
<h2 id="changelog">ChangeLog</h2>
<p>TODO</p>
<h2 id="general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code>1.0
</code></pre>

<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release">Upgrade iRedAPD (Postfix policy server) to the latest stable release</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>iRedAPD offers SRS (Sender Rewriting Scheme) support in this release, but
it's disabled by default, please read our tutorial to understand known
issues and how to enable it: <a href="./srs.html">Enable SRS (Sender Rewriting Scheme) support</a>.</p>
</div>
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
<h3 id="upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-096">Upgrade iRedAdmin (open source edition) to the latest stable release (0.9.6)</h3>
<p>Please follow this tutorial to upgrade iRedAdmin open source edition to the
latest stable release:
<a href="./migrate.or.upgrade.iredadmin.html">Upgrade iRedAdmin to the latest stable release</a></p>
<h3 id="upgrade-mlmmjadmin-to-the-latest-stable-release-21">Upgrade mlmmjadmin to the latest stable release (2.1)</h3>
<p>Please follow below tutorial to upgrade mlmmjadmin to the latest stable release:
<a href="./upgrade.mlmmjadmin.html">Upgrade mlmmjadmin to the latest stable release</a></p>
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</h3>
<div class="admonition warning">
<p class="admonition-title">Roundcube 1.3</p>
<ul>
<li>Roundcube 1.3 requires at least <strong>PHP 5.4</strong>. If your server is still running
  PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube to the latest
  1.2 branch (1.2.5) instead.</li>
<li>Roundcube 1.3 no longer supports IE &lt; 10 and old versions of Firefox,
  Chrome and Safari.</li>
<li>Roundcube 1.3 uses jQuery 3.2 and will not work with current jQuery
  mobile plugin. If you use any third-party plugin, please check its
  website to make sure it's compatible with Roundcube 1.3 before upgrading.</li>
</ul>
<p>With the release of Roundcube 1.3.0, the previous stable release branches
1.2.x and 1.1.x will switch in to LTS low maintenance mode which means
they will only receive important security updates but no longer any regular
improvement updates.</p>
</div>
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
latest stable release immediately:</p>
<ul>
<li><a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</li>
</ul>
<h3 id="upgrade-netdata-to-the-latest-stable-release-1150">Upgrade netdata to the latest stable release (1.15.0)</h3>
<p>If you have netdata installed, you can upgrade it by following this tutorial: <a href="./upgrade.netdata.html">Upgrade netdata</a>.</p>
<h3 id="fixed-improper-order-of-postfix-smtpd_sender_restriction-rules">Fixed: improper order of Postfix smtpd_sender_restriction rules</h3>
<p>iRedMail-0.9.9 and earlier releases didn't configure Postfix to apply custom
restriction rule before querying DNS records of sender domain,
this way you cannot whitelist some sender mail domains which don't have
DNS records (especially your internal mail domains used in LAN). Please follow
steps below to fix it.</p>
<ul>
<li>Open file <code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/postfix/main.cf</code> (FreeBSD), find parameter
<code>smtpd_sender_restrictions</code> like below:</li>
</ul>
<pre><code>smtpd_sender_restrictions =
    reject_unknown_sender_domain
    ...
    check_sender_access pcre:...
</code></pre>

<ul>
<li>Move the <code>reject_unknown_sender_domain</code> line after <code>check_sender_access</code> line
  like below:</li>
</ul>
<pre><code>smtpd_sender_restrictions =
    ...
    check_sender_access pcre:...
    reject_unknown_sender_domain
</code></pre>

<ul>
<li>Reloading or restarting Postfix service is required.</li>
</ul>
<h3 id="fail2ban-slightly-loose-filter-rule-for-postfix">Fail2ban: slightly loose filter rule for postfix</h3>
<p>We received few reports from clients that Outlook for macOS may trigger some
unexpected smtp errors, and caught by the Fail2ban filter rules shipped by
iRedMail, so we decide to remove the filter rule used to match Postfix log
<code>lost connection after EHLO</code>.</p>
<p>Please follow commands below to get the updated filter rules.</p>
<ul>
<li>On Linux:</li>
</ul>
<pre><code>cd /etc/fail2ban/filter.d/
wget -O postfix.iredmail.conf https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/postfix.iredmail.conf
wget -O dovecot.iredmail.conf https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/dovecot.iredmail.conf
</code></pre>

<p>Restarting Fail2ban service is required.</p>
<h2 id="for-openldap-backend">For OpenLDAP backend</h2>
<h3 id="optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</h3>
<p>With default iRedMail settings, Postfix accepts email without checking whether
user's mailbox is over quota, then pipes email to Dovecot LDA for local
delivery. If mailbox is over quota, Dovecot can not save message to mailbox
and generates a "sender non-delivery notification" to sender.</p>
<p>With the change below, Postfix will query mailbox quota status from Dovecot
directly, then reject email if it's over quota. It saves system resource used
to process this email (e.g. spam/virus scanning), and avoids bounce message.</p>
<h4 id="add-required-ldap-attributevalue-pair-for-all-mail-users">Add required LDAP attribute/value pair for all mail users</h4>
<p>According to the Dovecot settings configured by iRedMail, all mail users
should have LDAP attribute/value pair <code>enabledService=quota-status</code> to use
this service.</p>
<ul>
<li>Download script used to update existing mail accounts:</li>
</ul>
<pre><code>cd /root/
wget https://bitbucket.org/zhb/iredmail/raw/default/extra/update/updateLDAPValues_099_to_1.py
</code></pre>

<ul>
<li>Open downloaded file <code>updateLDAPValues_099_to_1.py</code>, set LDAP server
  related settings in this file. For example:</li>
</ul>
<pre><code># Part of file: updateLDAPValues_099_to_1.py

uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'
</code></pre>

<p>You can find required LDAP credential in iRedAdmin config file or
<code>iRedMail.tips</code> file under your iRedMail installation directory. Using either
<code>cn=Manager,dc=xx,dc=xx</code> or <code>cn=vmailadmin,dc=xx,dc=xx</code> as bind dn is ok, both
of them have read-write privilege to update mail accounts.</p>
<ul>
<li>Execute this script, it will add required data:</li>
</ul>
<pre><code># python updateLDAPValues_099_to_1.py
</code></pre>

<h4 id="enable-quota-status-service-in-dovecot">Enable quota-status service in Dovecot</h4>
<p>Open Dovecot config file <code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), find the <code>plugin {}</code> block
and add 3 new parameters:</p>
<pre><code>plugin {
    ...
    # Used by quota-status service.
    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = &quot;552 5.2.2 Mailbox is full&quot;
    ...
}
</code></pre>

<p>In same <code>dovecot.conf</code>, append settings below <strong>at the end of file</strong>:</p>
<ul>
<li>With settings below, Dovecot quota-status service will listen on <code>127.0.0.1:12340</code>.</li>
<li>You can change the port number <code>12340</code> to any other spare one if you want.</li>
</ul>
<pre><code>service quota-status {
    executable = quota-status -p postfix
    client_limit = 1
    inet_listener {
        address = 127.0.0.1
        port = 12340
    }
}
</code></pre>

<p>Restarting Dovecot service is required.</p>
<h4 id="enable-quota-status-check-in-postfix">Enable quota status check in Postfix</h4>
<p>Open Postfix config file <code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/postfix/main.cf</code> (FreeBSD), find parameter
<code>smtpd_recipient_restrictions</code> and append a new <code>check_policy_service</code> setting
<strong>at the end</strong> like below:</p>
<pre><code>smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:12340
</code></pre>

<p>Restarting Postfix service is required.</p>
<h2 id="for-mysqlmariadb-backends">For MySQL/MariaDB backends</h2>
<h3 id="optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix_1">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</h3>
<p>With default iRedMail settings, Postfix accepts email without checking whether
user's mailbox is over quota, then pipes email to Dovecot LDA for local
delivery. If mailbox is over quota, Dovecot can not save message to mailbox
and generates a "sender non-delivery notification" to sender.</p>
<p>With the change below, Postfix will query mailbox quota status from Dovecot
directly, then reject email if it's over quota. It saves system resource used
to process this email (e.g. spam/virus scanning), and avoids bounce message.</p>
<h4 id="add-new-sql-column-in-vmailmailbox-table">Add new SQL column in <code>vmail.mailbox</code> table</h4>
<p>According to the Dovecot settings configured by iRedMail, a new SQL column
<code>mailbox.enablequota-status</code> is required.</p>
<p>Download plain SQL file used to create required column and index, then import
it directly as MySQL root user (Please run commands below as <code>root</code> user):</p>
<pre><code>wget -O /tmp/iredmail.mysql https://bitbucket.org/zhb/iredmail/raw/default/extra/update/1.0/iredmail.mysql
mysql vmail &lt; /tmp/iredmail.mysql
rm -f /tmp/iredmail.mysql
</code></pre>

<h4 id="enable-quota-status-service-in-dovecot_1">Enable quota-status service in Dovecot</h4>
<p>Open Dovecot config file <code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), find the <code>plugin {}</code> block
and add 3 new parameters:</p>
<pre><code>plugin {
    ...
    # Used by quota-status service.
    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = &quot;552 5.2.2 Mailbox is full&quot;
    ...
}
</code></pre>

<p>In same <code>dovecot.conf</code>, append settings below <strong>at the end of file</strong>:</p>
<ul>
<li>With settings below, Dovecot quota-status service will listen on <code>127.0.0.1:12340</code>.</li>
<li>You can change the port number <code>12340</code> to any other spare one if you want.</li>
</ul>
<pre><code>service quota-status {
    executable = quota-status -p postfix
    client_limit = 1
    inet_listener {
        address = 127.0.0.1
        port = 12340
    }
}
</code></pre>

<p>Restarting Dovecot service is required.</p>
<h4 id="enable-quota-status-check-in-postfix_1">Enable quota status check in Postfix</h4>
<p>Open Postfix config file <code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/postfix/main.cf</code> (FreeBSD), find parameter
<code>smtpd_recipient_restrictions</code> and append a new <code>check_policy_service</code> setting
<strong>at the end</strong> like below:</p>
<pre><code>smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:12340
</code></pre>

<p>Restarting Postfix service is required.</p>
<h2 id="for-postgresql-backend">For PostgreSQL backend</h2>
<h3 id="optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix_2">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</h3>
<p>With default iRedMail settings, Postfix accepts email without checking whether
user's mailbox is over quota, then pipes email to Dovecot LDA for local
delivery. If mailbox is over quota, Dovecot can not save message to mailbox
and generates a "sender non-delivery notification" to sender.</p>
<p>With the change below, Postfix will query mailbox quota status from Dovecot
directly, then reject email if it's over quota. It saves system resource used
to process this email (e.g. spam/virus scanning), and avoids bounce message.</p>
<h4 id="add-new-sql-column-in-vmailmailbox-table_1">Add new SQL column in <code>vmail.mailbox</code> table</h4>
<p>According to the Dovecot settings configured by iRedMail, a new SQL column
<code>mailbox.enablequota-status</code> is required.</p>
<ul>
<li>Download plain SQL file used to create required column and index:</li>
</ul>
<pre><code>wget -O /tmp/iredmail.pgsql https://bitbucket.org/zhb/iredmail/raw/default/extra/update/1.0/iredmail.pgsql
</code></pre>

<ul>
<li>Connect to PostgreSQL server as <code>postgres</code> user and import the SQL file:<ul>
<li>on Linux, it's <code>postgres</code> user</li>
<li>on FreeBSD, it's <code>pgsql</code> user</li>
<li>on OpenBSD, it's <code>_postgresql</code> user</li>
</ul>
</li>
</ul>
<pre><code>su - postgres
psql -d vmail &lt; /tmp/iredmail.pgsql
</code></pre>

<ul>
<li>Remove downloaded file as root user:</li>
</ul>
<pre><code>rm -f /tmp/iredmail.pgsql
</code></pre>

<h4 id="enable-quota-status-service-in-dovecot_2">Enable quota-status service in Dovecot</h4>
<p>Open Dovecot config file <code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), find the <code>plugin {}</code> block
and add 3 new parameters:</p>
<pre><code>plugin {
    ...
    # Used by quota-status service.
    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = &quot;552 5.2.2 Mailbox is full&quot;
    ...
}
</code></pre>

<p>In same <code>dovecot.conf</code>, append settings below <strong>at the end of file</strong>:</p>
<ul>
<li>With settings below, Dovecot quota-status service will listen on <code>127.0.0.1:12340</code>.</li>
<li>You can change the port number <code>12340</code> to any other spare one if you want.</li>
</ul>
<pre><code>service quota-status {
    executable = quota-status -p postfix
    client_limit = 1
    inet_listener {
        address = 127.0.0.1
        port = 12340
    }
}
</code></pre>

<p>Restarting Dovecot service is required.</p>
<h4 id="enable-quota-status-check-in-postfix_2">Enable quota status check in Postfix</h4>
<p>Open Postfix config file <code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/postfix/main.cf</code> (FreeBSD), find parameter
<code>smtpd_recipient_restrictions</code> and append a new <code>check_policy_service</code> setting
<strong>at the end</strong> like below:</p>
<pre><code>smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:12340
</code></pre>

<p>Restarting Postfix service is required.</p><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-3293801-21');
</script>
</body></html>