diff --git a/en_US/howto/enable.dnsbl.md b/en_US/howto/enable.dnsbl.md index bc303c4e..2419630d 100644 --- a/en_US/howto/enable.dnsbl.md +++ b/en_US/howto/enable.dnsbl.md @@ -12,21 +12,26 @@ You can enable additional DNSBL services in Postfix to reduce spam. We use `zen.spamhaus.org` for example below. * Open Postfix config file `/etc/postfix/main.cf` or -`/usr/local/etc/postfix/main.cf` (on FreeBSD), append -`reject_rbl_client zen.spamhaus.org` to parameter `smtpd_recipient_restrictions`. -Final setting looks like below: + `/usr/local/etc/postfix/main.cf` (on FreeBSD), append + `reject_rbl_client zen.spamhaus.org` to parameter `smtpd_recipient_restrictions`. + Final setting looks like below: ``` smtpd_recipient_restrictions = ... reject_unauth_destination - reject_rbl_client zen.spamhaus.org + reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]*3 ``` It must be placed after `reject_unauth_destination`. You can add more DNSBL services after `reject_unauth_destination`, and they will be queried in the specified order. +Postfix will perform DNS query against `zen.spamhaus.org`, and wait for the +response code, only `127.0.0.2` to `127.0.0.11` are meaningful, so we use +`=127.0.0.[2..11]` to tell Postfix only reject clients when we get those +response code. + * Restart or reload Postfix service is required. !!! note "Another popular DNSBL server" diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.6-0.9.7.md b/en_US/upgrade/0-upgrade.iredmail.0.9.6-0.9.7.md new file mode 100644 index 00000000..70382bbc --- /dev/null +++ b/en_US/upgrade/0-upgrade.iredmail.0.9.6-0.9.7.md @@ -0,0 +1,39 @@ +# Upgrade iRedMail from 0.9.6 to 0.9.7 + +[TOC] + +!!! warning + + THIS IS A DRAFT, DO NOT APPLY ANY STEPS MENTIONED IN THIS TUTORIAL. + +!!! note "Paid Remote Upgrade Support" + + We offer remote upgrade support if you don't want to get your hands dirty, + check [the details](../support.html) and [contact us](../contact.html). + +## ChangeLog + +* Feb 9, 2016: Fixed improper Fail2ban filter for Dovecot. + +## General (All backends should apply these steps) + +### Update `/etc/iredmail-release` with new iRedMail version number + +iRedMail stores the release version in `/etc/iredmail-release` after +installation, it's recommended to update this file after you upgraded iRedMail, +so that you can know which version of iRedMail you're running. For example: + +``` +0.9.7 +``` + +### Fixed: Improper Fail2ban filter which causes incorrect ban + +Please open file `/etc/fail2ban/filter.d/dovecot.iredmail.conf`, remove line +below: + +``` + \(no auth attempts in .* rip= +``` + +Then restart or reload Fail2ban service. diff --git a/html/enable.dnsbl.html b/html/enable.dnsbl.html index 447a75b5..7f4c4249 100644 --- a/html/enable.dnsbl.html +++ b/html/enable.dnsbl.html @@ -28,19 +28,23 @@ DNS server speeds up the mail flow.

zen.spamhaus.org for example below.

smtpd_recipient_restrictions =
     ...
     reject_unauth_destination
-    reject_rbl_client zen.spamhaus.org
+    reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]*3

It must be placed after reject_unauth_destination. You can add more DNSBL services after reject_unauth_destination, and they will be queried in the specified order.

+

Postfix will perform DNS query against zen.spamhaus.org, and wait for the +response code, only 127.0.0.2 to 127.0.0.11 are meaningful, so we use +=127.0.0.[2..11] to tell Postfix only reject clients when we get those +response code.

diff --git a/html/upgrade.iredmail.0.9.6-0.9.7.html b/html/upgrade.iredmail.0.9.6-0.9.7.html new file mode 100644 index 00000000..e5d5c5de --- /dev/null +++ b/html/upgrade.iredmail.0.9.6-0.9.7.html @@ -0,0 +1,71 @@ + + + + + Upgrade iRedMail from 0.9.6 to 0.9.7 + + + + +

Upgrade iRedMail from 0.9.6 to 0.9.7

+
+ +
+
+

Warning

+

THIS IS A DRAFT, DO NOT APPLY ANY STEPS MENTIONED IN THIS TUTORIAL.

+
+
+

Paid Remote Upgrade Support

+

We offer remote upgrade support if you don't want to get your hands dirty, +check the details and contact us.

+
+

ChangeLog

+ +

General (All backends should apply these steps)

+

Update /etc/iredmail-release with new iRedMail version number

+

iRedMail stores the release version in /etc/iredmail-release after +installation, it's recommended to update this file after you upgraded iRedMail, +so that you can know which version of iRedMail you're running. For example:

+
0.9.7
+
+ +

Fixed: Improper Fail2ban filter which causes incorrect ban

+

Please open file /etc/fail2ban/filter.d/dovecot.iredmail.conf, remove line +below:

+
            \(no auth attempts in .* rip=<HOST>
+
+ +

Then restart or reload Fail2ban service.

+

All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.

+
+ + \ No newline at end of file