iredmail-doc/html/upgrade.iredmail.0.9.7-0.9.8.html

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 0.9.7 to 0.9.8</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>
    
    <div id="navigation">
    <a href="http://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-097-to-098">Upgrade iRedMail from 0.9.7 to 0.9.8</h1>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-097-to-098">Upgrade iRedMail from 0.9.7 to 0.9.8</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-22">Upgrade iRedAPD (Postfix policy server) to the latest stable release (2.2)</a></li>
<li><a href="#fixed-sogo-backup-script-contains-3-issues">Fixed: SOGo backup script contains 3 issues</a></li>
<li><a href="#optional-fix-improper-expected-dnsbl-filter-for-site-bbarracudacentralorg">[OPTIONAL] Fix improper expected DNSBL filter for site b.barracudacentral.org</a></li>
<li><a href="#optional-log-mail-subject-sender-size-in-mail-deliver-log">[OPTIONAL] Log mail subject, sender, size in mail deliver log</a></li>
</ul>
</li>
<li><a href="#mysqlmariadb-backends">MySQL/MariaDB backends</a><ul>
<li><a href="#fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol">Fixed: User under disabled domain is able to send email with smtp protocol</a></li>
</ul>
</li>
<li><a href="#postgresql-backend">PostgreSQL backend</a><ul>
<li><a href="#fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol_1">Fixed: User under disabled domain is able to send email with smtp protocol</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="admonition warning">
<p class="admonition-title">DO NOT APPLY THIS UPGRADE TUTORIAL</p>
<p>This document is still a <strong>DRAFT</strong>, do NOT apply it.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Paid Remote Upgrade Support</p>
<p>We offer remote upgrade support if you don't want to get your hands dirty,
check <a href="../support.html">the details</a> and <a href="../contact.html">contact us</a>.</p>
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>TODO [LDAP backends] Update LDAP schema and slapd.conf<ul>
<li>slapd.conf:<ul>
<li>add new index for <code>member</code> and <code>uniqueMember</code></li>
</ul>
</li>
</ul>
</li>
<li>TODO [SQL backends] Update SQL structure:<ul>
<li>New column: <code>domain.maillists</code></li>
<li>New column: <code>forwardings.is_maillist</code></li>
<li>New table: <code>vmail.maillists</code></li>
<li>New doc: how to add a standalone (mlmmj) mailing list account</li>
<li>New doc: how to deploy mlmmj + mlmmj-admin</li>
</ul>
</li>
<li>Oct 6, 2017: Fixed: SOGo backup script contains 3 issues</li>
<li>Oct 6, 2017: [OPTIONAL] Fix improper expected DNSBL filter for site <code>b.barracudacentral.org</code></li>
<li>Oct 6, 2017: [OPTIONAL] Log mail subject, sender, size in mail deliver log.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code>0.9.7
</code></pre>

<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-22">Upgrade iRedAPD (Postfix policy server) to the latest stable release (2.2)</h3>
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
<h3 id="fixed-sogo-backup-script-contains-3-issues">Fixed: SOGo backup script contains 3 issues</h3>
<p>SOGo backup script <code>/var/vmail/backup/backup_sogo.sh</code> shipped in iRedMail-0.9.7
and earlier releases contains 3 issues:</p>
<ul>
<li>it cannot remove old backup files</li>
<li>it doesn't set correct owner and permission on backup files</li>
<li>it cannot find command <code>sogo-tool</code> on FreeBSD. This issue causes our script
  didn't backup any sogo data at all.</li>
</ul>
<p>To fix them, please download the latest version and override the one on your
system:</p>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Script <code>backup_sogo.sh</code> uses <code>/var/vmail/backup</code> to store backup files by
default, if you use a different directory, please edit this file and modify
parameter <code>BACKUP_ROOTDIR=</code> to use the correct one.</p>
</div>
<pre><code>cd /var/vmail/backup/
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/tools/backup_sogo.sh
chown root backup_sogo.sh
chmod 0400 backup_sogo.sh
</code></pre>

<h3 id="optional-fix-improper-expected-dnsbl-filter-for-site-bbarracudacentralorg">[OPTIONAL] Fix improper expected DNSBL filter for site <code>b.barracudacentral.org</code></h3>
<p>Postfix config file generated by iRedMail enables DNSBL service for postscreen
service like below:</p>
<pre><code>postscreen_dnsbl_sites =
    zen.spamhaus.org=127.0.0.[2..11]*3
    b.barracudacentral.org=127.0.0.[2..11]*2
</code></pre>

<p>but site <code>b.barracudacentral.org</code> returns only domain <code>127.0.0.2</code> (instead of
a range from <code>127.0.0.2</code> to <code>127.0.0.11</code>), so we should change the
<code>b.barracudacentral.org=127.0.0.[2..11]*2</code> line to:</p>
<pre><code>postscreen_dnsbl_sites =
    zen.spamhaus.org=127.0.0.[2..11]*3
    b.barracudacentral.org=127.0.0.2*2
</code></pre>

<p>Reloading or restarting Postfix is required.</p>
<h3 id="optional-log-mail-subject-sender-size-in-mail-deliver-log">[OPTIONAL] Log mail subject, sender, size in mail deliver log</h3>
<p>If you may need to get more info of (locally) delivered mail messages,
Dovecot setting <code>deliver_log_format</code> can log extra mail subject, sender, and
message size in mail deliver log. Please append this setting in Dovecot config
file <code>dovecot.conf</code>, then restart or reload Dovecot service.
<em> On Linux/OpenBSD, it's <code>/etc/dovecot/dovecot.conf</code>
</em> On FreeBSD, it's <code>/usr/local/etc/dovecot/dovecot.conf</code></p>
<pre><code>deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, %$
</code></pre>

<h2 id="mysqlmariadb-backends">MySQL/MariaDB backends</h2>
<h3 id="fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol">Fixed: User under disabled domain is able to send email with smtp protocol</h3>
<p>Dovecot is IMAP/POP3/Managesieve server, also a SASL auth server for Postfix.
If mail domain is disabled, users under this domain are not able to use
IMAP/POP3/Managesieve services, but there's a bug in Dovecot SQL query, it
doesn't check domain status while performing smtp sasl auth.
Please follow steps below to fix it.</p>
<ul>
<li>Open file <code>/etc/dovecot/dovecot-mysql.conf</code> (Linux/OpenBSD) or
  <code>/usr/local/etc/dovecot/dovecot-mysql.conf</code> (FreeBSD), find the
  <code>password_query</code> line like below:</li>
</ul>
<pre><code>password_query = SELECT password, allow_nets FROM mailbox WHERE username='%u' AND enable%Ls%Lc=1 AND active=1
</code></pre>

<ul>
<li>Replace it by lines below:</li>
</ul>
<pre><code>password_query = SELECT mailbox.password, mailbox.allow_nets \
        FROM mailbox,domain \
       WHERE mailbox.username='%u' \
             AND mailbox.`enable%Ls%Lc`=1 \
             AND mailbox.active=1 \
             AND mailbox.domain=domain.domain \
             AND domain.backupmx=0 \
             AND domain.active=1
</code></pre>

<ul>
<li>Save your change and restart Dovecot service.</li>
</ul>
<h2 id="postgresql-backend">PostgreSQL backend</h2>
<h3 id="fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol_1">Fixed: User under disabled domain is able to send email with smtp protocol</h3>
<p>Dovecot is IMAP/POP3/Managesieve server, also a SASL auth server for Postfix.
If mail domain is disabled, users under this domain are not able to use
IMAP/POP3/Managesieve services, but there's a bug in Dovecot SQL query, it
doesn't check domain status while performing smtp sasl auth.
Please follow steps below to fix it.</p>
<ul>
<li>Open file <code>/etc/dovecot/dovecot-pgsql.conf</code> (Linux/OpenBSD) or
  <code>/usr/local/etc/dovecot/dovecot-pgsql.conf</code> (FreeBSD), find the
  <code>password_query</code> line like below:</li>
</ul>
<pre><code>password_query = SELECT password, allow_nets FROM mailbox WHERE username='%u' AND enable%Ls%Lc=1 AND active=1
</code></pre>

<ul>
<li>Replace it by lines below:</li>
</ul>
<pre><code>password_query = SELECT mailbox.password, mailbox.allow_nets \
        FROM mailbox,domain \
       WHERE mailbox.username='%u' \
             AND mailbox.&quot;enable%Ls%Lc&quot;=1 \
             AND mailbox.active=1 \
             AND mailbox.domain=domain.domain \
             AND domain.backupmx=0 \
             AND domain.active=1
</code></pre>

<ul>
<li>Save your change and restart Dovecot service.</li>
</ul><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-3293801-21');
</script>
</body></html>