iredmail-doc/html/upgrade.iredmail.0.9.1-0.9.2.html

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 0.9.1 to 0.9.2</title>
        <link href="./css/markdown.css" rel="stylesheet"></head>
    </head>
    <body>
    
    <div id="navigation">
        <a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
    
        // <a href="./index.html">Document Index</a>
    </div><h1 id="upgrade-iredmail-from-091-to-092">Upgrade iRedMail from 0.9.1 to 0.9.2</h1>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-091-to-092">Upgrade iRedMail from 0.9.1 to 0.9.2</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#rhelcentos-7-update-cluebringer-package-to-avoid-database-connection-failure">[RHEL/CentOS 7] Update Cluebringer package to avoid database connection failure</a></li>
<li><a href="#rhelcentos-dont-ban-applicationoctet-stream-dat-file-types-in-amavisd">[RHEL/CentOS] Don't ban application/octet-stream, dat file types in Amavisd</a></li>
<li><a href="#optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<h2 id="changelog">ChangeLog</h2>
<blockquote>
<p>We provide remote upgrade service, check <a href="../support.html">the price</a> and <a href="../contact.html">contact us</a>.</p>
</blockquote>
<ul>
<li>2015-05-16: [All backends][RHEL/CentOS] Don't ban 'application/octet-stream,
              dat' files in Amavisd. It catches too many normal file types.</li>
<li>2015-05-16: [OPTIONAL][All backends] Update one Fail2ban filter regular
              expressio to help catch DoS attacks to SMTP service</li>
</ul>
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code># File: /etc/iredmail-release

0.9.2
</code></pre>

<h3 id="rhelcentos-7-update-cluebringer-package-to-avoid-database-connection-failure">[RHEL/CentOS 7] Update Cluebringer package to avoid database connection failure</h3>
<p>Note: This is applicable to only RHEL/CentOS 7.</p>
<p>With old Cluebringer RPM package, Cluebringer starts before SQL database starts,
this causes Cluebringer cannot connect to SQL database, and all your Cluebringer
settings is not applied at all. Updating Cluebringer package to version
<code>2.0.14-5</code> fixes this issue.</p>
<p>How to update package:</p>
<pre><code># yum clean metadata
# yum update cluebringer
# systemctl enable cbpolicyd
</code></pre>

<p>New package will remove old SysV script <code>/etc/init.d/cbpolicyd</code>, and install
<code>/usr/lib/systemd/system/cbpolicyd.service</code> for service control. You have to
manage it (start, stop, restart) with <code>systemctl</code> command.</p>
<h3 id="rhelcentos-dont-ban-applicationoctet-stream-dat-file-types-in-amavisd">[RHEL/CentOS] Don't ban <code>application/octet-stream, dat</code> file types in Amavisd</h3>
<p>Note: This is applicable to only RHEL/CentOS.</p>
<ul>
<li>Find below lines in Amavisd config file <code>/etc/amavisd/amavisd.conf</code>:</li>
</ul>
<pre><code>$banned_namepath_re = new_RE(
    # Unknown binary files.
    [qr'M=application/(zip|rar|arc|arj|zoo|gz|bz2|octet-stream)(,|\t).*T=dat(,|\t)'xmi =&gt; 'DISCARD'],
    ...
);
</code></pre>

<ul>
<li>Remove <code>|octet-stream</code> in 3rd line. After modified, it's:</li>
</ul>
<pre><code>$banned_namepath_re = new_RE(
    # Unknown binary files.
    [qr'M=application/(zip|rar|arc|arj|zoo|gz|bz2)(,|\t).*T=dat(,|\t)'xmi =&gt; 'DISCARD'],
    ...
);
</code></pre>

<ul>
<li>Restart Amavisd service.</li>
</ul>
<pre><code># service amavisd restart
</code></pre>

<h3 id="optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</h3>
<ol>
<li>Open file <code>/etc/fail2ban/filters.d/postfix.iredmail.conf</code> or
<code>/usr/local/etc/fail2ban/filters.d/postfix.iredmail.conf</code> (on FreeBSD), find
below line under <code>[Definition]</code> section:</li>
</ol>
<pre><code>            lost connection after AUTH from (.*)\[&lt;HOST&gt;\]
</code></pre>

<p>Update above line to below one:</p>
<pre><code>            lost connection after (AUTH|UNKNOWN|EHLO) from (.*)\[&lt;HOST&gt;\]
</code></pre>

<p>Restarting Fail2ban service is required.</p><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-3293801-21', 'auto');
  ga('send', 'pageview');
</script>
</body></html>