// <ahref="./index.html">Document Index</a></div><h1id="upgrade-iredmail-from-097-to-098">Upgrade iRedMail from 0.9.7 to 0.9.8</h1>
<divclass="toc">
<ul>
<li><ahref="#upgrade-iredmail-from-097-to-098">Upgrade iRedMail from 0.9.7 to 0.9.8</a><ul>
<li><ahref="#changelog">ChangeLog</a></li>
<li><ahref="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><ahref="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><ahref="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-22">Upgrade iRedAPD (Postfix policy server) to the latest stable release (2.2)</a></li>
<li><ahref="#optional-fix-improper-expected-dnsbl-filter-for-site-bbarracudacentralorg">[OPTIONAL] Fix improper expected DNSBL filter for site b.barracudacentral.org</a></li>
<li><ahref="#optional-log-mail-subject-sender-size-in-mail-deliver-log">[OPTIONAL] Log mail subject, sender, size in mail deliver log</a></li>
<li><ahref="#fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol">Fixed: User under disabled domain is able to send email with smtp protocol</a></li>
<li><ahref="#fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol_1">Fixed: User under disabled domain is able to send email with smtp protocol</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<divclass="admonition warning">
<pclass="admonition-title">DO NOT APPLY THIS UPGRADE TUTORIAL</p>
<p>This document is still a <strong>DRAFT</strong>, do NOT apply it.</p>
<h3id="optional-fix-improper-expected-dnsbl-filter-for-site-bbarracudacentralorg">[OPTIONAL] Fix improper expected DNSBL filter for site <code>b.barracudacentral.org</code></h3>
<p>Postfix config file generated by iRedMail enables DNSBL service for postscreen
service like below:</p>
<pre><code>postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[2..11]*3
b.barracudacentral.org=127.0.0.[2..11]*2
</code></pre>
<p>but site <code>b.barracudacentral.org</code> returns only domain <code>127.0.0.2</code> (instead of
a range from <code>127.0.0.2</code> to <code>127.0.0.11</code>), so we should change the
<code>b.barracudacentral.org=127.0.0.[2..11]*2</code> line to:</p>
<pre><code>postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[2..11]*3
b.barracudacentral.org=127.0.0.2*2
</code></pre>
<p>Reloading or restarting Postfix is required.</p>
<h3id="optional-log-mail-subject-sender-size-in-mail-deliver-log">[OPTIONAL] Log mail subject, sender, size in mail deliver log</h3>
<p>If you may need to get more info of (locally) delivered mail messages,
Dovecot setting <code>deliver_log_format</code> can log extra mail subject, sender, and
message size in mail deliver log. Please append this setting in Dovecot config
file <code>dovecot.conf</code>, then restart or reload Dovecot service.
<em> On Linux/OpenBSD, it's <code>/etc/dovecot/dovecot.conf</code>
</em> On FreeBSD, it's <code>/usr/local/etc/dovecot/dovecot.conf</code></p>
<h3id="fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol">Fixed: User under disabled domain is able to send email with smtp protocol</h3>
<p>Dovecot is IMAP/POP3/Managesieve server, also a SASL auth server for Postfix.
If mail domain is disabled, users under this domain are not able to use
IMAP/POP3/Managesieve services, but there's a bug in Dovecot SQL query, it
doesn't check domain status while performing smtp sasl auth.
Please follow steps below to fix it.</p>
<ul>
<li>Open file <code>/etc/dovecot/dovecot-mysql.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot-mysql.conf</code> (FreeBSD), find the
<code>password_query</code> line like below:</li>
</ul>
<pre><code>password_query = SELECT password, allow_nets FROM mailbox WHERE username='%u' AND enable%Ls%Lc=1 AND active=1
<h3id="fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol_1">Fixed: User under disabled domain is able to send email with smtp protocol</h3>
<p>Dovecot is IMAP/POP3/Managesieve server, also a SASL auth server for Postfix.
If mail domain is disabled, users under this domain are not able to use
IMAP/POP3/Managesieve services, but there's a bug in Dovecot SQL query, it
doesn't check domain status while performing smtp sasl auth.
Please follow steps below to fix it.</p>
<ul>
<li>Open file <code>/etc/dovecot/dovecot-pgsql.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot-pgsql.conf</code> (FreeBSD), find the
<code>password_query</code> line like below:</li>
</ul>
<pre><code>password_query = SELECT password, allow_nets FROM mailbox WHERE username='%u' AND enable%Ls%Lc=1 AND active=1
<li>Save your change and restart Dovecot service.</li>
</ul><divclass="footer">
<pstyle="text-align: center; color: grey;">All documents are available in <ahref="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <ahref="http://creativecommons.org/licenses/by-nd/3.0/us/"target="_blank">Creative Commons</a> license. You can <ahref="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <ahref="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>