diff --git a/en_US/integrations/0-integration.opendmarc.md b/en_US/integrations/0-integration.opendmarc.md
index 52ddd317..567254d3 100644
--- a/en_US/integrations/0-integration.opendmarc.md
+++ b/en_US/integrations/0-integration.opendmarc.md
@@ -22,8 +22,11 @@ specification. Source code hosted on [GitHub](https://github.com/trusteddomainpr
## Requirements
-* OpenDMARC-1.3.1 is buggy, only the latest OpenDMARC-1.3.2 is required.
-* Supported OS Linux/BSD distributions:
+!!! warning
+
+ OpenDMARC version __1.3.1__ is buggy, hence the latest __1.3.2__ is required.
+
+Supported OS Linux/BSD distributions:
Distribution | Releases | Comment
---|---|---
@@ -35,4 +38,28 @@ FreeBSD | 11.x, 12.x | Port `mail/opendmarc`.
## Install OpenDMARC
+* RHEL/CentOS (again, with `epel` repo enabled):
+
+```
+yum clean metadata && yum install opendmarc
+```
+
+* Debian/Ubuntu:
+
+```
+apt-get update && apt-get install opendmarc
+```
+
+* OpenBSD:
+
+```
+pkg_add opendmarc
+```
+
+* FreeBSD:
+
+```
+cd /usr/ports/mail/opendmarc && make install clean
+```
+
## Configure OpenDMARC
diff --git a/en_US/upgrade/0-upgrade.debian.9-10.md b/en_US/upgrade/0-upgrade.debian.9-10.md
new file mode 100644
index 00000000..b34ba6b2
--- /dev/null
+++ b/en_US/upgrade/0-upgrade.debian.9-10.md
@@ -0,0 +1,46 @@
+# Fixes you need after upgrading Debian from 9 to 10
+
+[TOC]
+
+!!! warning
+
+ This is still a DRAFT document, it may miss some other important changes.
+
+## Dovecot
+
+* Remove parameter `ssl_protocols =`.
+* Add new parameter `ssl_min_protocols` like this:
+
+```
+ssl_min_protocols = TLSv1.2
+```
+
+Note: if you need to support old mail client applications which don't support
+`TLSv1.2`, you may need to set it to `TLSv1.1`. Please use `TLSv1.2` if possible.
+
+* If you have plugin `stats` enabled, you need to rename it:
+
+Old | New
+---|---
+`mail_plugins = ... stats` | `mail_plugins = ... old_stats`
+`protocol imap { mail_plugins = ... imap_stats }` | `protocol imap { mail_plugins = ... imap_old_stats}`
+`service stats {}` | `service old-stats {}`
Warning: It's a dash (`-`), not underscore (`_`).
+`fifo_listener stats-mail` | `fifo_listener old-stats-mail`
Warning: It's a dash (`-`), not underscore (`_`).
+`fifo_listener stats-user` | `fifo_listener old-stats-user`
Warning: It's a dash (`-`), not underscore (`_`).
+`unix_listener stats` | `unix_listener old-stats`
Warning: It's a dash (`-`), not underscore (`_`).
+`plugin { stats_refresh = ... }` | `plugin { old_stats_refresh = ...}`
+`plugin { stats_track_cmds = ...}` | `plugin { old_stats_track_cmds = ...}`
+
+## SOGo Groupware
+
+SOGo packages were removed during upgrading Debian, but SOGo team doesn't
+offer nightly build binary packages for Debian 10. We have to remove the
+old apt repo (`/etc/apt/sources.list.d/sogo-nightly.list`) and use the sogo
+packages offered in Debian 10 official apt repo.
+
+```
+rm -f /etc/apt/sources.list.d/sogo-nightly.repo
+apt update
+apt install sogo
+service sogo restart
+```
diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md b/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
index dcd3451e..6b0c4c35 100644
--- a/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
+++ b/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
@@ -157,3 +157,64 @@ Reloading or restarting Postfix service is required.
* Postfix will use rewritten address in the `Return-Path:` header, if you
have any sieve rules based on `Return-Path:`, it MAY not work anymore and
please update your sieve rules to match rewritten address.
+
+### [OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.
+
+With default iRedMail settings, Postfix accepts email without checking whether
+user's mailbox is over quota, then pipes email to Dovecot LDA for local
+delivery. If mailbox is over quota, Dovecot can not save message to mailbox
+and generates a "sender non-delivery notification" to sender.
+
+With the change below, Postfix will query mailbox quota status from Dovecot
+directly, then reject email if it's over quota. It saves system resource used
+to process this email like spam/virus scanning, and avoids bounce message.
+
+#### Enable quota-status service in Dovecot
+
+Open Dovecot config file `/etc/dovecot/dovecot.conf` (Linux/OpenBSD) or
+`/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), find the `plugin {}` block
+and add 3 new parameters:
+
+```
+plugin {
+ ...
+ # Used by quota-status service.
+ quota_status_success = DUNNO
+ quota_status_nouser = DUNNO
+ quota_status_overquota = "552 5.2.2 Mailbox is full"
+ ...
+}
+```
+
+In same `dovecot.conf`, append settings below __at the end of file__:
+
+* With settings below, Dovecot quota-status service will listen on `127.0.0.1:12340`.
+* You can change the port number `12340` to any other spare one if you want.
+
+```
+service quota-status {
+ executable = quota-status -p postfix
+ client_limit = 1
+ inet_listener {
+ address = 127.0.0.1
+ port = 12340
+ }
+}
+```
+
+Restarting Dovecot service is required.
+
+#### Enable quota status check in Postfix
+
+Open Postfix config file `/etc/postfix/main.cf` (Linux/OpenBSD) or
+`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
+`smtpd_recipient_restrictions` and append a new `check_policy_service` setting
+__at the end__ like below:
+
+```
+smtpd_recipient_restrictions =
+ ...
+ check_policy_service inet:127.0.0.1:12340
+```
+
+Restarting Postfix service is required.
diff --git a/html/integration.opendmarc.html b/html/integration.opendmarc.html
index 5a5f64bb..07420575 100644
--- a/html/integration.opendmarc.html
+++ b/html/integration.opendmarc.html
@@ -44,10 +44,11 @@ improve and monitor protection of the domain from fraudulent email.
OpenDMARC is a free open source software implementation of the DMARC specification. Source code hosted on GitHub.
Warning
+OpenDMARC version 1.3.1 is buggy, hence the latest 1.3.2 is required.
+Supported OS Linux/BSD distributions:
Old | +New | +
---|---|
mail_plugins = ... stats |
+mail_plugins = ... old_stats |
+
protocol imap { mail_plugins = ... imap_stats } |
+protocol imap { mail_plugins = ... imap_old_stats} |
+
service stats {} |
+service old-stats {} Warning: It's a dash ( - ), not underscore (_ ). |
+
fifo_listener stats-mail |
+fifo_listener old-stats-mail Warning: It's a dash ( - ), not underscore (_ ). |
+
fifo_listener stats-user |
+fifo_listener old-stats-user Warning: It's a dash ( - ), not underscore (_ ). |
+
unix_listener stats |
+unix_listener old-stats Warning: It's a dash ( - ), not underscore (_ ). |
+
plugin { stats_refresh = ... } |
+plugin { old_stats_refresh = ...} |
+
plugin { stats_track_cmds = ...} |
+plugin { old_stats_track_cmds = ...} |
+
SOGo packages were removed during upgrading Debian, but SOGo team doesn't
+offer nightly build binary packages for Debian 10. We have to remove the
+old apt repo (/etc/apt/sources.list.d/sogo-nightly.list
) and use the sogo
+packages offered in Debian 10 official apt repo.
rm -f /etc/apt/sources.list.d/sogo-nightly.repo
+apt update
+apt install sogo
+service sogo restart
+
+
+
+
+
\ No newline at end of file
diff --git a/html/upgrade.iredmail.0.9.9-1.0.html b/html/upgrade.iredmail.0.9.9-1.0.html
index 16c61a38..3488810c 100644
--- a/html/upgrade.iredmail.0.9.9-1.0.html
+++ b/html/upgrade.iredmail.0.9.9-1.0.html
@@ -30,6 +30,11 @@
With default iRedMail settings, Postfix accepts email without checking whether +user's mailbox is over quota, then pipes email to Dovecot LDA for local +delivery. If mailbox is over quota, Dovecot can not save message to mailbox +and generates a "sender non-delivery notification" to sender.
+With the change below, Postfix will query mailbox quota status from Dovecot +directly, then reject email if it's over quota. It saves system resource used +to process this email like spam/virus scanning, and avoids bounce message.
+Open Dovecot config file /etc/dovecot/dovecot.conf
(Linux/OpenBSD) or
+/usr/local/etc/dovecot/dovecot.conf
(FreeBSD), find the plugin {}
block
+and add 3 new parameters:
plugin {
+ ...
+ # Used by quota-status service.
+ quota_status_success = DUNNO
+ quota_status_nouser = DUNNO
+ quota_status_overquota = "552 5.2.2 Mailbox is full"
+ ...
+}
+
+
+In same dovecot.conf
, append settings below at the end of file:
127.0.0.1:12340
.12340
to any other spare one if you want.service quota-status {
+ executable = quota-status -p postfix
+ client_limit = 1
+ inet_listener {
+ address = 127.0.0.1
+ port = 12340
+ }
+}
+
+
+Restarting Dovecot service is required.
+Open Postfix config file /etc/postfix/main.cf
(Linux/OpenBSD) or
+/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
+smtpd_recipient_restrictions
and append a new check_policy_service
setting
+at the end like below:
smtpd_recipient_restrictions =
+ ...
+ check_policy_service inet:127.0.0.1:12340
+
+
+Restarting Postfix service is required.