iRedMail stores the release version in /etc/iredmail-release after
+installation, it's recommended to update this file after you upgraded iRedMail,
+so that you can know which version of iRedMail you're running. For example:
# File: /etc/iredmail-release
+
+0.8.0
+Please follow Roundcube official tutorial to upgrade Roundcube webmail to the +latest stable release immediately: How to upgrade Roundcube
+Please follow below tutorial to upgrade iRedAPD to the latest stable release: +How to upgrade iRedAPD-1.4.1 or later versions to the latest stable release
+Please follow this tutorial to upgrade iRedAdmin open source edition to the +latest stable release: Upgrade iRedAdmin to the latest stable release
+There's one world-readable Dovecot config file, we should set strict file +owner and permission on it so that it won't leak SQL server infomation.
+Please execute below command to fix it, then restart Dovecot service:
+NOTE: The file name on different Linux/BSD distributions may be different,
+it should be dovecot-used-quota.conf or used-quota.conf.
# chown dovecot:dovecot /etc/dovecot-used-quota.conf
+# chmod 0500 /etc/dovecot-used-quota.conf
+# chown dovecot:dovecot /etc/dovecot/used-quota.conf
+# chmod 0500 /etc/dovecot/used-quota.conf
+# chown dovecot:dovecot /usr/local/etc/dovecot-used-quota.conf
+# chmod 0500 /usr/local/etc/dovecot-used-quota.conf
+Note: If you're running Ubuntu 11.10 or later releases, there's no Policyd +(v1.8) installed at all, it's replaced by Cluebringer, a.k.a. Policyd v2. So +it's safe to skip this step.
+Some people are fairly irate when it comes to mail and +refuse wanting to have any type of delay. this feature +enables each and every person the ability to not subject +themselves to greylisting. this feature is also VERY +usefull when you dont want to subject EVERY person to +greylisting at once but instead allows you to enable +it in batches/groups of users so you get a feel on the +type of complaints or praise from your users.
+Please update Policyd setting OPTINOUT and OPTINOUTALL=1 to 1 to enable
+greylist opt-in/opt-out:
* On RHEL/CentOS/Scientific Linux, it's set in file `/etc/policyd.conf`.
+* On Debian/Ubuntu, it's set in file `/etc/postfix-policyd.conf`.
+* On openSUSE, it's set in file `/etc/policyd.conf`.
+* On FreeBSD, it's set in file `/usr/local/etc/postfix-policyd-sf.conf`.
+# Part of file: policyd.conf
+
+OPTINOUT=1
+OPTINOUTALL=1
+Restarting Policyd service is required to make it work.
+Notes:
+Advanced.Please change below setting to true in Roundcube webmail config file
+'config/main.inc.php' to enable case insensitive user authentication. The
+config file should be:
* `/var/www/roundcubemail/config/main.inc.php` on RHEL/CentOS/Scientific Linux
+* `/usr/share/apache2/roundcubemail/config.inc.php` on Debian/Ubuntu
+* `/srv/www/roundcubemail/config/main.inc.php` on openSUSE
+* `/usr/local/www/roundcubemail/config/main.inc.php` on FreeBSD
+# Part of file: config/main.inc.php
+
+$rcmail_config['login_lc'] = false;
+Open /etc/logrotate.d/dovecot and /etc/logrotate.d/sieve, update postrotate commands:
# Part of file: /etc/logrotate.d/dovecot and /etc/logrotate.d/sieve
+
+postrotate
+ /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true
+endscript
+postrotate + doveadm log reopen +endscript
+
+### [OPTIONAL] Enforce connections over HTTPS in Roundcube webmail
+
+This step is optional but highly recommended for better security.
+
+Please update below parameter in Roundcube config file
+`roundcubemail/config/main.inc.php` to enforce connections over https for
+better security. With this option enabled, all non-secure connections will be
+redirected to httpS://.
+
+ * On RHEL/CentOS/Scientific Linux, Gentoo, OpenBSD, it's `/var/www/roundcubemail/config/main.inc.php`.
+ * On Debian/Ubuntu, it's `/usr/share/apache2/roundcubemail/config/main.inc.php`.
+ * On openSUSE, it's `/srv/www/roundcubemail/config/main.inc.php`.
+ * On FreeBSD, it's `/usr/local/www/roundcubemail/config/main.inc.php`.
+
+$rcmail_config['force_https'] = true;
+
+Restarting Apache web server is required.
+
+### [OPTIONAL] Enforce connections over POP3S/IMAPS in Dovecot
+
+This step is OPTIONAL but highly recommended for better security. Since it may
+requires update on your mail users' MUA (e.g. Thunderbird, Outlook), please
+notify your mail users before this change.
+
+Since iRedMail-0.8.0, all clients are forced to use IMAPS and POPS (via
+STARTTLS) for better security by default. To enable this feature, please update
+below parameters in your Dovecot config file, `dovecot.conf`.
+
+ * On RHEL/CentOS/Scientific Linux 5.x, it's `/etc/dovecot.conf`.
+ * On RHEL/CentOS/Scientific Linux 6.x, it's `/etc/dovecot/dovecot.conf`.
+ * On Debian/Ubuntu, it's `/etc/dovecot/dovecot.conf`.
+ * On openSUSE, it's `/etc/dovecot/dovecot.conf`.
+ * On FreeBSD, it's `/usr/local/etc/dovecot/dovecot.conf`.
+
+ssl = required +disable_plaintext_auth = yes
+
+Restarting Dovecot service is required.
+
+## OpenLDAP backend special
+
+### Add internal service required by Doveadm
+
+__NOTE__: This step is applicable to both Dovecot-1.x and Dovecot-2.x.
+
+To use `doveadm` command provided by Dovecot-2, please add one more value of
+attribute 'enabledService' for mail user.
+
+* Download python script used to adding missing values.
+
+* Open `updateLDAPValues_074_to_080.py`, config LDAP server related settings in
+ file head. e.g.
+
+uri = 'ldap://127.0.0.1:389' +basedn = 'o=domains,dc=example,dc=com' +bind_dn = 'cn=vmailadmin,dc=example,dc=com' +bind_pw = 'passwd'
+
+You can find required LDAP credential in iRedAdmin config file or `iRedMail.tips`
+file under your iRedMail installation directory. Using either
+`cn=Manager,dc=xx,dc=xx` or `cn=vmailadmin,dc=xx,dc=xx` as bind dn is ok.
+
+* Execute this script, it will add missing values for mail accounts:
+
+It will print progress message in the terminal, just be patient.
+
+If you're running Dovecot-2, please add below lines in `dovecot-ldap.conf` to
+make command `doveadm mailbox` work as expected:
+
+iterate_attrs = mail=user +iterate_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))
+
+## MySQL backend special
+
+### Add internal service required by Doveadm
+
+To use doveadm command provided by Dovecot-2, please add one more column in
+MySQL table `vmail.mailbox` with below command:
+mysql> USE vmail; +mysql> ALTER TABLE mailbox ADD COLUMN enabledoveadm TINYINT(1) NOT NULL DEFAULT 1; +```
Document published under a CC BY-ND 3.0 license. If you found something wrong, please do contact us to fix it. + + +