elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update iRedMail-0.9.7 upgrade tutorial: add missed Fail2ban jail 'nginx-http-auth'.

This commit is contained in:
Zhang Huangbin 2017-11-12 20:53:33 +08:00
parent 7ed37c2c60
commit 4388e08577
3 changed files with 115 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
en_US/upgrade/0-upgrade.iredmail.0.9.6-0.9.7.md
View File

@ -9,6 +9,7 @@
## ChangeLog
* Nov 12, 2017: Add Fail2ban jail `nginx-http-auth`.
* Jul 3, 2017: Mention how to upgrade uwsgi (OpenBSD only), iRedAdmin and iRedAPD.
* Jul 2, 2017: Mention Roundcube 1.3.0 requires PHP 5.4.
* Jul 1, 2017: Initial publish.
@ -179,6 +180,30 @@ wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/fi
Restarting Fail2ban service is required.
### Fail2ban: Add new jail for Nginx
!!! attention
This is applicable if you run Nginx as web server.
Let's add a new jail to stop bad clients which tried to perform http basic auth
but failed.
Create file `/etc/fail2ban/jail.d/nginx-http-auth.local` with content below:
If directory `/etc/fail2ban/jail.d/` doesn't exist, you can append content
below in file `/etc/fail2ban/jail.local` instead.
```
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
action = iptables-multiporti[name=nginx, port="80,443", protocol=tcp]
logpath = /var/log/nginx/error.log
```
Restarting Fail2ban service is required.
### NEW: New backup script for SOGo
!!! attention

138
html/index.html
View File

@ -64,82 +64,82 @@
</ul>
</div>
<ul>
<li><a href="activesync.android.html">Exchange ActiveSync: Setup Android devices</a></li>
<li><a href="activesync.bb10.html">Exchange ActiveSync: Setup BlackBerry 10 devices</a></li>
<li><a href="activesync.ios.html">Exchange ActiveSync: Setup iOS devices</a></li>
<li><a href="activesync.outlook.html">Exchange ActiveSync: Setup Outlook 2013 for Windows</a></li>
<li><a href="configure.thunderbird.html">Setup Thunderbird: POP3/IMAP, SMTP and global ldap address book</a></li>
<li><a href="thunderbird.sogo.html">Setup Thunderbird: SOGo Address Book and Calendar synchronization with CardDAV and CalDAV</a></li>
<li><a href="sogo.macosx.contacts.html">Mac OS X: Add contact service (CardDAV) in Contacts.app</a></li>
<li><a href="thunderbird.sogo.html">Setup Thunderbird: SOGo Address Book and Calendar synchronization with CardDAV and CalDAV</a></li>
<li><a href="activesync.android.html">Exchange ActiveSync: Setup Android devices</a></li>
<li><a href="activesync.ios.html">Exchange ActiveSync: Setup iOS devices</a></li>
<li><a href="activesync.bb10.html">Exchange ActiveSync: Setup BlackBerry 10 devices</a></li>
<li><a href="sogo.macosx.icalendar.html">Mac OS X: Add calendar (CalDAV) and task (Reminders) service in iCalendar.app</a></li>
<li><a href="configure.thunderbird.html">Setup Thunderbird: POP3/IMAP, SMTP and global ldap address book</a></li>
</ul>
<h3 id="upgrade">Release notes and upgrade tutorials</h3>
<ul>
<li><a href="iredmail.releases.html">iRedMail release notes and upgrade tutorials</a></li>
<li><a href="iredadmin-pro.releases.html">iRedAdmin-Pro (web-based admin panel) release notes and upgrade tutorials</a></li>
<li><a href="iredapd.releases.html">iRedAPD (Postfix Access Policy Daemon) release notes and upgrade tutorials</a></li>
<li><a href="iredadmin-pro.releases.html">iRedAdmin-Pro (web-based admin panel) release notes and upgrade tutorials</a></li>
<li><a href="iredmail.releases.html">iRedMail release notes and upgrade tutorials</a></li>
</ul>
<h3 id="migration">Migrations</h3>
<ul>
<li><a href="migrate.to.new.iredmail.server.html">Migrate old iRedMail server to the latest stable release</a></li>
<li><a href="password.hashes.html">Password hashes</a></li>
<li><a href="cluebringer.to.iredapd.html">Migrate from Cluebringer to iRedAPD</a></li>
<li><a href="password.hashes.html">Password hashes</a></li>
<li><a href="migrate.to.new.iredmail.server.html">Migrate old iRedMail server to the latest stable release</a></li>
</ul>
<h3 id="howto">How to</h3>
<ul>
<li><a href="allow.certain.users.to.send.email.as.different.user.html">Allow certain users to send email as another user</a></li>
<li><a href="change.mail.attachment.size.html">Change mail attachment size</a></li>
<li><a href="completely.disable.amavisd.clamav.spamassassin.html">Completely disable Amavisd + ClamAV + SpamAssassin</a></li>
<li><a href="enable.smtp.auth.on.port.25.html">Enable SMTP SASL AUTH on port 25</a></li>
<li><a href="enable.smtps.html">Enable SMTPS service (SMTP over SSL, port 465)</a></li>
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">Disable spam virus scanning for outgoing mails</a></li>
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</a></li>
<li><a href="quarantine.clean.mails.per-user.html">Quarantine clean emails sent from/to certain local user</a></li>
<li><a href="quarantining.html">Quarantining</a></li>
<li><a href="sign.dkim.signature.for.new.domain.html">Sign DKIM signature on outgoing emails for new mail domain</a></li>
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
<li><a href="additional.smtp.port.html">Allow internal network devices to send email with insecure connection</a></li>
<li><a href="allow.member.to.send.email.as.mail.list.html">Allow member to send email as mailing list or mail alias</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without smtp authentication</a></li>
<li><a href="amavisd.per-recipient.policy.lookup.html">Amavisd: Enable per-recipient policy lookup</a></li>
<li><a href="amavisd.wblist.html">Whitelists and Blacklists</a></li>
<li><a href="authenticate.without.domain.name.html">Authenticate without domain part in email address</a></li>
<li><a href="backupmx.html">How to mark a mail domain as backup MX</a></li>
<li><a href="change.server.hostname.html">Change server hostname</a></li>
<li><a href="concurrent.processing.html">Process more emails concurrently</a></li>
<li><a href="dovecot.master.user.html">Dovecot Master User: Access user's mailbox without owner's password.</a></li>
<li><a href="enable.dnsbl.html">Enable DNSBL service in Postfix to reduce spam</a></li>
<li><a href="enable.postscreen.html">Enable postscreen service</a></li>
<li><a href="force.user.to.change.password.html">Force mail user to change password in 90 days</a></li>
<li><a href="ignore.trash.folder.in.quota.html">Ignore Trash folder in mailbox quota</a></li>
<li><a href="ldap.add.alias.domain.html">LDAP: Add an alias domain</a></li>
<li><a href="ldap.add.catch-all.html">LDAP: Add per-domain catch-all account</a></li>
<li><a href="ldap.add.mail.alias.html">LDAP: Add a mail alias account</a></li>
<li><a href="ldap.add.mail.list.html">LDAP: Add a mail list account</a></li>
<li><a href="ldap.bulk.create.mail.users.html">LDAP: Bulk create mail users</a></li>
<li><a href="ldap.user.mail.forwarding.html">LDAP: User mail forwarding</a></li>
<li><a href="mailbox.sharing.html">Mailbox sharing (Sharing IMAP folder with other users)</a></li>
<li><a href="manage.iredapd.html">Manage iRedAPD (white/blacklists, greylisting, and more)</a></li>
<li><a href="monitor.incoming.and.outgoing.mails.with.bcc.html">Monitor incoming and outgoing mails with BCC</a></li>
<li><a href="move.detected.spam.to.junk.folder.html">Move detected spam to Junk folder</a></li>
<li><a href="per-account.transport.html">Per-domain or per-user transport (relay)</a></li>
<li><a href="pipe.incoming.email.for.certain.user.to.external.script.html">Pipe incoming email for certain user to external script </a></li>
<li><a href="promote.user.to.be.global.admin.html">Promote a mail user to be global admin</a></li>
<li><a href="public.folder.html">How to create and manage public folder</a></li>
<li><a href="recalculate.mailbox.quota.html">Force Dovecot to recalculate mailbox quota</a></li>
<li><a href="enable.smtps.html">Enable SMTPS service (SMTP over SSL, port 465)</a></li>
<li><a href="change.server.hostname.html">Change server hostname</a></li>
<li><a href="sql.create.mail.user.html">SQL: Create new mail user</a></li>
<li><a href="store.spamassassin.bayes.in.sql.html">Store SpamAssassin bayes in SQL</a></li>
<li><a href="relayhost.html">Setup relayhost</a></li>
<li><a href="reset.user.password.html">Reset user password</a></li>
<li><a href="restrict.mail.user.to.login.from.specified.ip.or.networks.html">Restrict mail user to login from specified IP addresses or networks</a></li>
<li><a href="quarantine.clean.mails.per-user.html">Quarantine clean emails sent from/to certain local user</a></li>
<li><a href="sign.dkim.signature.for.new.domain.html">Sign DKIM signature on outgoing emails for new mail domain</a></li>
<li><a href="sql.user.mail.forwarding.html">SQL: User mail forwarding</a></li>
<li><a href="use.openldap.as.address.book.in.outlook.html">Use OpenLDAP as address book in Microsoft Outlook</a></li>
<li><a href="send.out.email.from.specified.ip.addresses.html">Send out email from specified IP address</a></li>
<li><a href="allow.certain.users.to.send.email.as.different.user.html">Allow certain users to send email as another user</a></li>
<li><a href="ldap.add.alias.domain.html">LDAP: Add an alias domain</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without smtp authentication</a></li>
<li><a href="ldap.add.mail.list.html">LDAP: Add a mail list account</a></li>
<li><a href="sql.create.mail.alias.html">SQL: Add a mail alias account</a></li>
<li><a href="public.folder.html">How to create and manage public folder</a></li>
<li><a href="amavisd.wblist.html">Whitelists and Blacklists</a></li>
<li><a href="recalculate.mailbox.quota.html">Force Dovecot to recalculate mailbox quota</a></li>
<li><a href="force.user.to.change.password.html">Force mail user to change password in 90 days</a></li>
<li><a href="promote.user.to.be.global.admin.html">Promote a mail user to be global admin</a></li>
<li><a href="additional.smtp.port.html">Allow internal network devices to send email with insecure connection</a></li>
<li><a href="restrict.mail.user.to.login.from.specified.ip.or.networks.html">Restrict mail user to login from specified IP addresses or networks</a></li>
<li><a href="use.a.bought.ssl.certificate.html">Use a SSL certificate</a></li>
<li><a href="enable.smtp.auth.on.port.25.html">Enable SMTP SASL AUTH on port 25</a></li>
<li><a href="per-account.transport.html">Per-domain or per-user transport (relay)</a></li>
<li><a href="backupmx.html">How to mark a mail domain as backup MX</a></li>
<li><a href="manage.iredapd.html">Manage iRedAPD (white/blacklists, greylisting, and more)</a></li>
<li><a href="ldap.add.mail.alias.html">LDAP: Add a mail alias account</a></li>
<li><a href="pipe.incoming.email.for.certain.user.to.external.script.html">Pipe incoming email for certain user to external script </a></li>
<li><a href="change.mail.attachment.size.html">Change mail attachment size</a></li>
<li><a href="user.alias.address.html">Per-user alias address</a></li>
<li><a href="quarantining.html">Quarantining</a></li>
<li><a href="reset.user.password.html">Reset user password</a></li>
<li><a href="concurrent.processing.html">Process more emails concurrently</a></li>
<li><a href="amavisd.per-recipient.policy.lookup.html">Amavisd: Enable per-recipient policy lookup</a></li>
<li><a href="allow.member.to.send.email.as.mail.list.html">Allow member to send email as mailing list or mail alias</a></li>
<li><a href="ldap.bulk.create.mail.users.html">LDAP: Bulk create mail users</a></li>
<li><a href="enable.dnsbl.html">Enable DNSBL service in Postfix to reduce spam</a></li>
<li><a href="ldap.user.mail.forwarding.html">LDAP: User mail forwarding</a></li>
<li><a href="ldap.add.catch-all.html">LDAP: Add per-domain catch-all account</a></li>
<li><a href="authenticate.without.domain.name.html">Authenticate without domain part in email address</a></li>
<li><a href="move.detected.spam.to.junk.folder.html">Move detected spam to Junk folder</a></li>
<li><a href="sign.disclaimer.html">Sign disclaimer on outgoing mails</a></li>
<li><a href="sql.create.catch-all.html">SQL: Add per-domain catch-all account</a></li>
<li><a href="sql.create.mail.alias.html">SQL: Add a mail alias account</a></li>
<li><a href="sql.create.mail.user.html">SQL: Create new mail user</a></li>
<li><a href="sql.user.mail.forwarding.html">SQL: User mail forwarding</a></li>
<li><a href="store.spamassassin.bayes.in.sql.html">Store SpamAssassin bayes in SQL</a></li>
<li><a href="use.a.bought.ssl.certificate.html">Use a SSL certificate</a></li>
<li><a href="use.openldap.as.address.book.in.outlook.html">Use OpenLDAP as address book in Microsoft Outlook</a></li>
<li><a href="user.alias.address.html">Per-user alias address</a></li>
<li><a href="completely.disable.amavisd.clamav.spamassassin.html">Completely disable Amavisd + ClamAV + SpamAssassin</a></li>
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</a></li>
<li><a href="ignore.trash.folder.in.quota.html">Ignore Trash folder in mailbox quota</a></li>
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">Disable spam virus scanning for outgoing mails</a></li>
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
<li><a href="mailbox.sharing.html">Mailbox sharing (Sharing IMAP folder with other users)</a></li>
<li><a href="enable.postscreen.html">Enable postscreen service</a></li>
</ul>
<p>Documents contributed by iRedMail users:</p>
<ul>
@ -177,32 +177,32 @@
</ul>
<h3 id="iredadmin">iRedAdmin-Pro</h3>
<ul>
<li><a href="iredadmin-pro.custom.logo.html">iRedAdmin-Pro: Custom logo image, brand name, short product description</a></li>
<li><a href="iredadmin-pro.default.password.policy.html">iRedAdmin-Pro: Default password restrictions</a></li>
<li><a href="iredadmin-pro.domain.ownership.verification.html">iRedAdmin-Pro: Domain ownership verification</a></li>
<li><a href="iredadmin-pro.restful.api.html">iRedAdmin-Pro: RESTful API</a></li>
<li><a href="translate.iredadmin.html">iRedAdmin: Translate iRedAdmin to your local language</a></li>
<li><a href="iredadmin-pro.default.password.policy.html">iRedAdmin-Pro: Default password restrictions</a></li>
<li><a href="iredadmin-pro.self-service.html">iRedAdmin-Pro: Enable self-service to allow users to manage their own preferences and more</a></li>
<li><a href="iredadmin-pro.spam.policy.priority.html">iRedAdmin-Pro: Priority of spam policy used in iRedMail &amp; iRedAdmin-Pro</a></li>
<li><a href="translate.iredadmin.html">iRedAdmin: Translate iRedAdmin to your local language</a></li>
<li><a href="iredadmin-pro.custom.logo.html">iRedAdmin-Pro: Custom logo image, brand name, short product description</a></li>
<li><a href="iredadmin-pro.domain.ownership.verification.html">iRedAdmin-Pro: Domain ownership verification</a></li>
</ul>
<h3 id="troubleshooting">Troubleshooting and Debug</h3>
<ul>
<li><a href="debug.amavisd.html">Turn on debug mode in Amavisd and SpamAssassin</a></li>
<li><a href="debug.dovecot.html">Turn on debug mode in Dovecot</a></li>
<li><a href="debug.iredapd.html">Turn on debug mode in iRedAPD</a></li>
<li><a href="debug.mysql.html">Log executed SQL commands in MySQL/MariaDB</a></li>
<li><a href="debug.openldap.html">Turn on debug mode in OpenLDAP</a></li>
<li><a href="debug.postfix.html">Turn on debug mode in Postfix</a></li>
<li><a href="debug.roundcubemail.html">Turn on debug mode in Roundcube webmail</a></li>
<li><a href="debug.sogo.html">Turn on debug mode in SOGo</a></li>
<li><a href="debug.postfix.html">Turn on debug mode in Postfix</a></li>
<li><a href="debug.dovecot.html">Turn on debug mode in Dovecot</a></li>
<li><a href="debug.openldap.html">Turn on debug mode in OpenLDAP</a></li>
<li><a href="debug.amavisd.html">Turn on debug mode in Amavisd and SpamAssassin</a></li>
<li><a href="debug.roundcubemail.html">Turn on debug mode in Roundcube webmail</a></li>
<li><a href="debug.mysql.html">Log executed SQL commands in MySQL/MariaDB</a></li>
</ul>
<h3 id="faq">Frequently Asked Questions</h3>
<ul>
<li><a href="errors.html">Errors you may see while maintaining iRedMail server</a></li>
<li><a href="why.append.timestamp.in.maildir.path.html">Why append timestamp in maildir path</a></li>
<li><a href="amavisd.sql.db.html">Explanation of Amavisd SQL database</a></li>
<li><a href="backup.restore.html">Backup and restore</a></li>
<li><a href="customize.maildir.path.html">Customize maildir path</a></li>
<li><a href="why.append.timestamp.in.maildir.path.html">Why append timestamp in maildir path</a></li>
<li><a href="backup.restore.html">Backup and restore</a></li>
<li><a href="amavisd.sql.db.html">Explanation of Amavisd SQL database</a></li>
<li><a href="file.locations.html">Locations of configuration and log files of major components</a></li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>

21
html/upgrade.iredmail.0.9.6-0.9.7.html
View File

@ -30,6 +30,7 @@
<li><a href="#fixed-incorrect-sessionsave_path-in-php-fpm-pool-config-file-on-rhelcentos">Fixed: incorrect session.save_path in php-fpm pool config file on RHEL/CentOS</a></li>
<li><a href="#fixed-incorrect-freshclam-setting-updatelogfile">Fixed: incorrect freshclam setting UpdateLogFile</a></li>
<li><a href="#fail2ban-fixes-an-improper-filter-and-add-new-filter-rule">Fail2ban: fixes an improper filter and add new filter rule</a></li>
<li><a href="#fail2ban-add-new-jail-for-nginx">Fail2ban: Add new jail for Nginx</a></li>
<li><a href="#new-new-backup-script-for-sogo">NEW: New backup script for SOGo</a></li>
<li><a href="#openbsd-upgrade-uwsgi-to-the-latest-2015">OpenBSD: Upgrade uwsgi to the latest 2.0.15</a></li>
</ul>
@ -70,6 +71,7 @@ check <a href="../support.html">the details</a> and <a href="../contact.html">co
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>Nov 12, 2017: Add Fail2ban jail <code>nginx-http-auth</code>.</li>
<li>Jul 3, 2017: Mention how to upgrade uwsgi (OpenBSD only), iRedAdmin and iRedAPD.</li>
<li>Jul 2, 2017: Mention Roundcube 1.3.0 requires PHP 5.4.</li>
<li>Jul 1, 2017: Initial publish.</li>
@ -218,6 +220,25 @@ wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/fi
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/roundcube.iredmail.conf
</code></pre>
<p>Restarting Fail2ban service is required.</p>
<h3 id="fail2ban-add-new-jail-for-nginx">Fail2ban: Add new jail for Nginx</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This is applicable if you run Nginx as web server.</p>
</div>
<p>Let's add a new jail to stop bad clients which tried to perform http basic auth
but failed.</p>
<p>Create file <code>/etc/fail2ban/jail.d/nginx-http-auth.local</code> with content below:</p>
<pre><code>If directory `/etc/fail2ban/jail.d/` doesn't exist, you can append content
below in file `/etc/fail2ban/jail.local` instead.
</code></pre>
<pre><code>[nginx-http-auth]
enabled = true
filter = nginx-http-auth
action = iptables-multiporti[name=nginx, port=&quot;80,443&quot;, protocol=tcp]
logpath = /var/log/nginx/error.log
</code></pre>
<p>Restarting Fail2ban service is required.</p>
<h3 id="new-new-backup-script-for-sogo">NEW: New backup script for SOGo</h3>
<div class="admonition attention">