// <ahref="./index.html">Document Index</a></div><h1id="upgrade-iredmail-from-095-1-to-096">Upgrade iRedMail from 0.9.5-1 to 0.9.6</h1>
<divclass="toc">
<ul>
<li><ahref="#upgrade-iredmail-from-095-1-to-096">Upgrade iRedMail from 0.9.5-1 to 0.9.6</a><ul>
<li><ahref="#todo">TODO</a></li>
<li><ahref="#changelog">ChangeLog</a></li>
<li><ahref="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><ahref="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><ahref="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-192">Upgrade iRedAPD (Postfix policy server) to the latest stable release (1.9.2)</a></li>
<li><ahref="#fixed-one-incorrect-helo-restriction-rule-in-postfix">Fixed: one incorrect HELO restriction rule in Postfix</a></li>
<li><ahref="#fixed-incorrect-file-owner-and-permission-of-config-file-of-roundcube-password-plugin">Fixed: incorrect file owner and permission of config file of Roundcube password plugin</a></li>
<li><ahref="#fixed-sogo-313-and-later-releases-changed-argument-used-by-sogo-tool-command">Fixed: SOGo-3.1.3 (and later releases) changed argument used by sogo-tool command</a></li>
<li><ahref="#fixed-memcached-listens-on-all-available-ip-addresses-instead-of-127001">Fixed: Memcached listens on all available IP addresses instead of 127.0.0.1</a></li>
<li><ahref="#fixed-mail-accounts-user-alias-list-are-still-active-when-domain-is-disabled">Fixed: mail accounts (user, alias, list) are still active when domain is disabled</a><ul>
<li><ahref="#update-openldap-config-file-to-index-new-attribute-name-domainstatus">Update OpenLDAP config file to index new attribute name: domainStatus</a></li>
<li><ahref="#use-the-latest-iredmail-ldap-schema-file">Use the latest iRedMail LDAP schema file</a></li>
<li><ahref="#add-required-ldap-attributevalue-for-existing-mail-accounts-under-disabled-domains">Add required LDAP attribute/value for existing mail accounts under disabled domains</a></li>
<li><ahref="#fix-invalid-default-datetime-value-for-some-sql-columns-in-vmail-database">Fix invalid default (datetime) value for some SQL columns in 'vmail' database</a></li>
<p>It will match HELO identity like <code>[192.168.1.1]</code> which is legal.</p>
<pre><code>/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
</code></pre>
<p>Please replace it by the correct one below (it matches the IP address with
<code>/^IP$/</code> strictly):</p>
<pre><code>/^(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
</code></pre>
<h3id="fixed-incorrect-file-owner-and-permission-of-config-file-of-roundcube-password-plugin">Fixed: incorrect file owner and permission of config file of Roundcube password plugin</h3>
<p>iRedMail-0.9.5-1 and earlier versions didn't correct set file owner and
permission of config file of Roundcube password plugin, other system users may
be able to see the SQL/LDAP username and password in the config file. Please
<h3id="fixed-sogo-313-and-later-releases-changed-argument-used-by-sogo-tool-command">Fixed: SOGo-3.1.3 (and later releases) changed argument used by <code>sogo-tool</code> command</h3>
<p>SOGo-3.1.3 (and late releases) changed <code>sogo-tool</code> argument <code>expire-autoreply</code>
to <code>update-autoreply</code>, and it's used in a daily cron job. Please update SOGo
cron job to fix it.</p>
<ul>
<li>
<p>Edit SOGo deamon user's cron job with command.</p>
<h3id="fixed-memcached-listens-on-all-available-ip-addresses-instead-of-127001">Fixed: Memcached listens on all available IP addresses instead of <code>127.0.0.1</code></h3>
<blockquote>
<p>This step is only applicable when you have SOGo installed, otherwise
memcached was not installed and running on your server.</p>
</blockquote>
<p><ahref="http://memcached.org">Memcached</a> is an open-source distributed memory object caching system
which is generic in nature but often used for speeding up dynamic web
applications. Memcached does not support any forms of authorization.
Thus, anyone who can connect to the memcached server has unrestricted
access to the data stored in it. This allows attackers e.g. to steal
sensitive data like login credentials for web applications or any other
kind of content stored with memcached.</p>
<p>iRedMail-0.9.5-1 and earlier releases didn't configure Memcached to listen on
only <code>127.0.0.1</code>, steps below fix this issue.</p>
<ul>
<li>On RHEL/CentOS, please open file <code>/etc/sysconfig/memcached</code> and update
parameter <code>OPTIONS=</code> with <code>-l 127.0.0.1</code> option like below:</li>
</ul>
<pre><code>OPTIONS="-l 127.0.0.1"
</code></pre>
<p>Then restart memcached service:</p>
<pre><code>service memcached restart
</code></pre>
<ul>
<li>On Debian/Ubuntu, please make sure you have setting below in config file
<code>/etc/memcached.conf</code></li>
</ul>
<pre><code>-l 127.0.0.1
</code></pre>
<p>Then restart memcached service:</p>
<pre><code>service memcached restart
</code></pre>
<ul>
<li>
<p>On FreeBSD, please append line below in <code>/etc/rc.conf</code>:</p>
<divclass="admonition note">
<pclass="admonition-title">Note</p>
<p>If you're updating a jailed FreeBSD system, please change <code>127.0.0.1</code>
to the IP address of your jail.</p>
</div>
</li>
</ul>
<pre><code>memcached_flags='-l 127.0.0.1'
</code></pre>
<p>Then restart memcached service:</p>
<pre><code>service memcached restart
</code></pre>
<ul>
<li>On OpenBSD, please append line below in <code>/etc/rc.conf.local</code>:</li>
<h3id="fixed-mail-accounts-user-alias-list-are-still-active-when-domain-is-disabled">Fixed: mail accounts (user, alias, list) are still active when domain is disabled</h3>
<blockquote>
<p>This fix is applicable to OpenBSD ldapd backend also.</p>
</blockquote>
<p>In iRedMail-0.9.5-1 and all earlier releases, if we disable a mail domain,
all mail accounts (mail users, aliases, lists) are still active and Postfix
will accept emails sent to them. Steps below fix the issue.</p>
<h4id="update-openldap-config-file-to-index-new-attribute-name-domainstatus">Update OpenLDAP config file to index new attribute name: <code>domainStatus</code></h4>
<ul>
<li>Please open OpenLDAP config file <code>slapd.conf</code>, find line below:<ul>
<h4id="add-required-ldap-attributevalue-for-existing-mail-accounts-under-disabled-domains">Add required LDAP attribute/value for existing mail accounts under disabled domains</h4>
<ul>
<li>Download script to update existing mail accounts:</li>
<h3id="fix-invalid-default-datetime-value-for-some-sql-columns-in-vmail-database">Fix invalid default (datetime) value for some SQL columns in 'vmail' database</h3>
<p>If you're going to upgrade MySQL/MariaDB to MySQL 5.7, or already upgraded,
please run SQL commands below as SQL root user to fix invalid default value
for some SQL columns in <code>vmail</code> database.</p>
<pre><code>USE vmail;
ALTER TABLE admin \
MODIFY passwordlastchange DATETIME NOT NULL DEFAULT '1970-01-01 01:01:01', \
MODIFY created DATETIME NOT NULL DEFAULT '1970-01-01 01:01:01', \
<pstyle="text-align: center; color: grey;">All documents are available in <ahref="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <ahref="http://creativecommons.org/licenses/by-nd/3.0/us/"target="_blank">Creative Commons</a> license. You can <ahref="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <ahref="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>