iredmail-doc/html/upgrade.iredmail.0.9.1-0.9....

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 0.9.1 to 0.9.2</title>
        <link href="./css/markdown.css" rel="stylesheet"></head>
    </head>
    <body>
    
    <div id="navigation">
        <a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
    
        // <a href="./index.html">Document Index</a>
    </div><h1 id="upgrade-iredmail-from-091-to-092">Upgrade iRedMail from 0.9.1 to 0.9.2</h1>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-091-to-092">Upgrade iRedMail from 0.9.1 to 0.9.2</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#dont-ban-applicationoctet-stream-dat-files-in-amavisd">Don't ban 'application/octet-stream, dat' files in Amavisd</a></li>
<li><a href="#optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<h2 id="changelog">ChangeLog</h2>
<blockquote>
<p>We provide remote upgrade service, check <a href="../support.html">the price</a> and <a href="../contact.html">contact us</a>.</p>
</blockquote>
<ul>
<li>2015-05-16: [All backends][RHEL/CentOS] Don't ban 'application/octet-stream,
              dat' files in Amavisd. It catches too many normal file types.</li>
<li>2015-05-16: [OPTIONAL][All backends] Update one Fail2ban filter regular
              expressio to help catch DoS attacks to SMTP service</li>
</ul>
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code># File: /etc/iredmail-release

0.9.2
</code></pre>

<h3 id="dont-ban-applicationoctet-stream-dat-files-in-amavisd">Don't ban 'application/octet-stream, dat' files in Amavisd</h3>
<p>Note: This is only applicable to RHEL/CentOS.</p>
<ul>
<li>Find below lines in Amavisd config file <code>/etc/amavisd/amavisd.conf</code>:</li>
</ul>
<pre><code>$banned_namepath_re = new_RE(
    # Unknown binary files.
    [qr'M=application/(zip|rar|arc|arj|zoo|gz|bz2|octet-stream)(,|\t).*T=dat(,|\t)'xmi =&gt; 'DISCARD'],
    ...
);
</code></pre>

<ul>
<li>Remove <code>|octet-stream</code> in 3rd line. After modified, it's:</li>
</ul>
<pre><code>$banned_namepath_re = new_RE(
    # Unknown binary files.
    [qr'M=application/(zip|rar|arc|arj|zoo|gz|bz2)(,|\t).*T=dat(,|\t)'xmi =&gt; 'DISCARD'],
    ...
);
</code></pre>

<ul>
<li>Restart Amavisd service.</li>
</ul>
<pre><code># service amavisd restart
</code></pre>

<h3 id="optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</h3>
<ol>
<li>Open file <code>/etc/fail2ban/filters.d/postfix.iredmail.conf</code> or
<code>/usr/local/etc/fail2ban/filters.d/postfix.iredmail.conf</code> (on FreeBSD), find
below line under <code>[Definition]</code> section:</li>
</ol>
<pre><code>            lost connection after AUTH from (.*)\[&lt;HOST&gt;\]
</code></pre>

<p>Update above line to below one:</p>
<pre><code>            lost connection after (AUTH|UNKNOWN|EHLO) from (.*)\[&lt;HOST&gt;\]
</code></pre>

<p>Restarting Fail2ban service is required.</p><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-3293801-21', 'auto');
  ga('send', 'pageview');
</script>
</body></html>
Draft: upgrade/0-upgrade.iredmail.0.9.1-0.9.2.md. Fixed: broken link in howto/2-sign.dkim.signature.for.new.domain.md. 2015-05-15 19:58:44 -05:00			`<html>`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<title>Upgrade iRedMail from 0.9.1 to 0.9.2</title>`
			`<link href="./css/markdown.css" rel="stylesheet"></head>`
			`</head>`
			`<body>`

			`<div id="navigation">`
			`<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>`

			`// <a href="./index.html">Document Index</a>`
			`</div><h1 id="upgrade-iredmail-from-091-to-092">Upgrade iRedMail from 0.9.1 to 0.9.2</h1>`
			`<div class="toc">`
			`<ul>`
			`<li><a href="#upgrade-iredmail-from-091-to-092">Upgrade iRedMail from 0.9.1 to 0.9.2</a><ul>`
			`<li><a href="#changelog">ChangeLog</a></li>`
			`<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>`
Mention to update /etc/iredmail-release. 2015-05-21 11:36:31 -05:00			`<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>`
Don't ban 'application/octet-stream, dat' file in Amavisd. It catches too many normal file types. 2015-05-21 03:18:22 -05:00			`<li><a href="#dont-ban-applicationoctet-stream-dat-files-in-amavisd">Don't ban 'application/octet-stream, dat' files in Amavisd</a></li>`
Draft: upgrade/0-upgrade.iredmail.0.9.1-0.9.2.md. Fixed: broken link in howto/2-sign.dkim.signature.for.new.domain.md. 2015-05-15 19:58:44 -05:00			`<li><a href="#optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</a></li>`
			`</ul>`
			`</li>`
			`</ul>`
			`</li>`
			`</ul>`
			`</div>`
			`<h2 id="changelog">ChangeLog</h2>`
Typo 2015-05-16 20:56:21 -05:00			`<blockquote>`
			`<p>We provide remote upgrade service, check <a href="../support.html">the price</a> and <a href="../contact.html">contact us</a>.</p>`
			`</blockquote>`
Draft: upgrade/0-upgrade.iredmail.0.9.1-0.9.2.md. Fixed: broken link in howto/2-sign.dkim.signature.for.new.domain.md. 2015-05-15 19:58:44 -05:00			`<ul>`
Don't ban 'application/octet-stream, dat' file in Amavisd. It catches too many normal file types. 2015-05-21 03:18:22 -05:00			`<li>2015-05-16: [All backends][RHEL/CentOS] Don't ban 'application/octet-stream,`
			`dat' files in Amavisd. It catches too many normal file types.</li>`
			`<li>2015-05-16: [OPTIONAL][All backends] Update one Fail2ban filter regular`
			`expressio to help catch DoS attacks to SMTP service</li>`
Draft: upgrade/0-upgrade.iredmail.0.9.1-0.9.2.md. Fixed: broken link in howto/2-sign.dkim.signature.for.new.domain.md. 2015-05-15 19:58:44 -05:00			`</ul>`
			`<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>`
Mention to update /etc/iredmail-release. 2015-05-21 11:36:31 -05:00			`<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>`
			`<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after`
			`installation, it's recommended to update this file after you upgraded iRedMail,`
			`so that you can know which version of iRedMail you're running. For example:</p>`
			`<pre><code># File: /etc/iredmail-release`

			`0.9.2`
			`</code></pre>`

Don't ban 'application/octet-stream, dat' file in Amavisd. It catches too many normal file types. 2015-05-21 03:18:22 -05:00			`<h3 id="dont-ban-applicationoctet-stream-dat-files-in-amavisd">Don't ban 'application/octet-stream, dat' files in Amavisd</h3>`
			`<p>Note: This is only applicable to RHEL/CentOS.</p>`
			`<ul>`
			`<li>Find below lines in Amavisd config file <code>/etc/amavisd/amavisd.conf</code>:</li>`
			`</ul>`
			`<pre><code>$banned_namepath_re = new_RE(`
			`# Unknown binary files.`
			`[qr'M=application/(zip\|rar\|arc\|arj\|zoo\|gz\|bz2\|octet-stream)(,\|\t).*T=dat(,\|\t)'xmi => 'DISCARD'],`
			`...`
			`);`
			`</code></pre>`

			`<ul>`
			`<li>Remove <code>\|octet-stream</code> in 3rd line. After modified, it's:</li>`
			`</ul>`
			`<pre><code>$banned_namepath_re = new_RE(`
			`# Unknown binary files.`
			`[qr'M=application/(zip\|rar\|arc\|arj\|zoo\|gz\|bz2)(,\|\t).*T=dat(,\|\t)'xmi => 'DISCARD'],`
			`...`
			`);`
			`</code></pre>`

			`<ul>`
			`<li>Restart Amavisd service.</li>`
			`</ul>`
			`<pre><code># service amavisd restart`
			`</code></pre>`

Draft: upgrade/0-upgrade.iredmail.0.9.1-0.9.2.md. Fixed: broken link in howto/2-sign.dkim.signature.for.new.domain.md. 2015-05-15 19:58:44 -05:00			`<h3 id="optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</h3>`
			`<ol>`
			`<li>Open file <code>/etc/fail2ban/filters.d/postfix.iredmail.conf</code> or`
			`<code>/usr/local/etc/fail2ban/filters.d/postfix.iredmail.conf</code> (on FreeBSD), find`
			`below line under <code>[Definition]</code> section:</li>`
			`</ol>`
			`<pre><code> lost connection after AUTH from (.*)\[<HOST>\]`
			`</code></pre>`

			`<p>Update above line to below one:</p>`
			`<pre><code> lost connection after (AUTH\|UNKNOWN\|EHLO) from (.*)\[<HOST>\]`
			`</code></pre>`

			`<p>Restarting Fail2ban service is required.</p><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>`
			`(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]\|\|function(){`
			`(i[r].q=i[r].q\|\|[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),`
			`m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)`
			`})(window,document,'script','//www.google-analytics.com/analytics.js','ga');`

			`ga('create', 'UA-3293801-21', 'auto');`
			`ga('send', 'pageview');`
			`</script>`
			`</body></html>`