Sync iRedMail upgrade tutorial.
This commit is contained in:
parent
cf70f099e1
commit
a4de3175ed
|
@ -5,15 +5,16 @@
|
|||
## Summary
|
||||
|
||||
Since iRedAdmin-Pro-SQL-2.5.0 and iRedAdmin-Pro-LDAP-2.7.0, it's able to grant
|
||||
permission to normal domain admin to create new mail domains. All new domains
|
||||
added by normal domain admin requires domain ownership verification, to ensure:
|
||||
normal domain admin permission to create new mail domains. All new domains
|
||||
added by normal domain admin require domain ownership verification by deafult,
|
||||
to ensure:
|
||||
|
||||
* the newly added mail domain is an valid domain
|
||||
* the newly added mail domain name is an valid domain name on internet
|
||||
* the domain admin have the required privileges in the domain to manage the
|
||||
email services.
|
||||
email services
|
||||
|
||||
Mail services are disabled for pending domains, and will be activated
|
||||
automatically after verified.
|
||||
automatically after admin verified the ownership.
|
||||
|
||||
## How to enable or disable domain ownership verification
|
||||
|
||||
|
@ -24,7 +25,8 @@ iRedAdmin-Pro config file `settings.py`, set proper value, then restart
|
|||
Apache or uwsgi (if you're running Nginx) service to reload the changes.
|
||||
|
||||
```
|
||||
# Require domain ownership verification if it was added by normal domain admin.
|
||||
# Require domain ownership verification if it's added by normal domain admin:
|
||||
# True, False.
|
||||
REQUIRE_DOMAIN_OWNERSHIP_VERIFICATION = True
|
||||
|
||||
# How long should we remove verified or (inactive) unverified domain ownerships.
|
||||
|
@ -32,14 +34,14 @@ REQUIRE_DOMAIN_OWNERSHIP_VERIFICATION = True
|
|||
# iRedAdmin-Pro stores verified ownership in SQL database, if (same) admin
|
||||
# removed the domain and re-adds it, no verification required.
|
||||
#
|
||||
# Usually normal domain admin won't frequently remove and re-add same domain
|
||||
# name, so it's ok to remove saved ownership after X days.
|
||||
# Admin won't frequently remove and re-add same domain name, so it's ok to
|
||||
# remove saved ownership after X days.
|
||||
DOMAIN_OWNERSHIP_EXPIRE_DAYS = 30
|
||||
|
||||
# The string prefixed to verify code. Must be shorter than than 60 characters.
|
||||
DOMAIN_OWNERSHIP_VERIFY_CODE_PREFIX = 'iredmail-domain-verification-'
|
||||
|
||||
# Timeout while performing each verification.
|
||||
# Timeout (in seconds) while performing each verification.
|
||||
DOMAIN_OWNERSHIP_VERIFY_TIMEOUT = 10
|
||||
```
|
||||
|
||||
|
@ -48,9 +50,11 @@ DOMAIN_OWNERSHIP_VERIFY_TIMEOUT = 10
|
|||
There're several ways to verify domain ownership:
|
||||
|
||||
* Create a text file under top directory of the web site of new domain, both
|
||||
file name and file content must be same as verify code. For example, for
|
||||
pending domain `example.com` with verify code
|
||||
`iredmail-domain-verification-5tzh5gHjU688yyWK7cSV`, we will verify 2 URLs:
|
||||
file name and file content must be same as verify code.
|
||||
|
||||
For example, for pending domain `example.com` with verify code
|
||||
`iredmail-domain-verification-5tzh5gHjU688yyWK7cSV`, iRedAdmin-Pro will
|
||||
verify 2 URLs:
|
||||
|
||||
* http: `http://example.com/iredmail-domain-verification-5tzh5gHjU688yyWK7cSV`
|
||||
* https: `https://example.com/iredmail-domain-verification-5tzh5gHjU688yyWK7cSV`
|
||||
|
@ -59,28 +63,26 @@ There're several ways to verify domain ownership:
|
|||
code as page content.
|
||||
|
||||
* Create a TXT type DNS record of the domain name, use the verify code as its
|
||||
value. For example, for pending domain `example.com` with verify code
|
||||
`iredmail-domain-verification-5tzh5gHjU688yyWK7cSV`, DNS query by command
|
||||
`nslookup -type=txt example.com` should return a record which is same as
|
||||
verify code.
|
||||
value.
|
||||
|
||||
For example, for pending domain `example.com` with verify code
|
||||
`iredmail-domain-verification-5tzh5gHjU688yyWK7cSV`, DNS query by command
|
||||
`nslookup -type=txt example.com` should return a record which is same as
|
||||
verify code.
|
||||
|
||||
Sample DNS query with `nslookup`:
|
||||
|
||||
Sample DNS query with `nslookup`:
|
||||
```
|
||||
$ nslookup -type=txt example.com
|
||||
|
||||
Non-authoritative answer:
|
||||
...
|
||||
example.com text = "iredmail-domain-verification-5tzh5gHjU688yyWK7cSV"
|
||||
example.com text = "v=spf1 ..."
|
||||
example.com text = "..."
|
||||
...
|
||||
```
|
||||
|
||||
Sample DNS query with `dig`:
|
||||
Sample DNS query with `dig`:
|
||||
```
|
||||
$ dig -t txt example.com
|
||||
|
||||
...
|
||||
;; ANSWER SECTION:
|
||||
iredmail.org. 4173 IN TXT "iredmail-domain-verification-5tzh5gHjU688yyWK7cSV"
|
||||
iredmail.org. 4173 IN TXT "v=spf1 ..."
|
||||
iredmail.org. 4173 IN TXT "..."
|
||||
...
|
||||
```
|
||||
|
|
|
@ -438,36 +438,53 @@ $banned_namepath_re = new_RE(
|
|||
|
||||
## OpenLDAP backend special
|
||||
|
||||
### Fixed: mail accounts (user, alias, list) are still active when domain is disabled
|
||||
### Use the latest iRedMail LDAP schema file
|
||||
|
||||
> This fix is applicable to OpenBSD ldapd backend also.
|
||||
iRedMail-0.9.6 introduces 2 new LDAP attributes:
|
||||
|
||||
In iRedMail-0.9.5-1 and all earlier releases, if we disable a mail domain,
|
||||
all mail accounts (mail users, aliases, lists) are still active and Postfix
|
||||
will accept emails sent to them. Steps below fix the issue.
|
||||
* `domainPendingAliasName`: used by mail domain account, to store new alias
|
||||
domain names which is pending for domain ownership verification. Required by
|
||||
iRedAdmin-Pro.
|
||||
* `domainStatus`: used by mail user/alias/list accounts, to indicate domain
|
||||
status.
|
||||
|
||||
#### Update OpenLDAP config file to index new attribute name: `domainStatus`
|
||||
#### Update OpenLDAP config file to index new attributes
|
||||
|
||||
* Please open OpenLDAP config file `slapd.conf`, find line below:
|
||||
* Please open OpenLDAP config file `slapd.conf`:
|
||||
* On RHEL/CentOS, it's `/etc/openldap/slapd.conf`
|
||||
* On Debian/Ubuntu, it's `/etc/ldap/slapd.conf`
|
||||
* On FreeBSD, it's `/usr/local/etc/openldap/slapd.conf`
|
||||
* On OpenBSD, it's `/etc/openldap/slapd.conf`. If you're running ldapd as
|
||||
LDAP server, please add a new line `index domainStats` in the `namespace
|
||||
xxx {}` block.
|
||||
* On OpenBSD:
|
||||
* if you're running OpenLDAP, it's `/etc/openldap/slapd.conf`.
|
||||
* if you're running ldapd(8) LDAP server, please add a new line
|
||||
`index domainStats` in the `namespace xxx {}` block.
|
||||
|
||||
* for new attribute `domainPendingAliasName`, please find line below:
|
||||
|
||||
```
|
||||
access to attrs="objectclass,domainName,mtaTransport,..."
|
||||
```
|
||||
|
||||
Add new attribute name `domainPendingAliasName` in this line (__WARNING__:
|
||||
don't leave any whitespace between attribute names and comma):
|
||||
|
||||
```
|
||||
access to attrs="domainPendingAliasName,objectclass,domainName,mtaTransport,..."
|
||||
```
|
||||
|
||||
* for new attribute `domainStatus`, please find line below:
|
||||
|
||||
```
|
||||
access to attrs="employeeNumber,mail,..."
|
||||
```
|
||||
|
||||
* Add new attribute name `domainStatus` in this line (__WARNING__: don't leave
|
||||
any whitespace between attribute names and comma):
|
||||
Add new attribute name `domainStatus` in this line (__WARNING__: don't leave
|
||||
any whitespace between attribute names and comma):
|
||||
|
||||
```
|
||||
access to attrs="domainStatus,employeeNumber,mail,..."
|
||||
```
|
||||
|
||||
#### Use the latest iRedMail LDAP schema file
|
||||
#### Download the latest iRedMail LDAP schema file
|
||||
|
||||
* On RHEL/CentOS:
|
||||
|
||||
|
@ -523,12 +540,20 @@ cp -f /tmp/iredmail.schema /etc/openldap/schema/
|
|||
rcctl restart slapd
|
||||
```
|
||||
|
||||
### Fixed: mail accounts (user, alias, list) are still active when domain is disabled
|
||||
|
||||
> This fix is applicable to OpenBSD ldapd backend also.
|
||||
|
||||
In iRedMail-0.9.5-1 and all earlier releases, if we disable a mail domain,
|
||||
all mail accounts (mail users, aliases, lists) are still active and Postfix
|
||||
will accept emails sent to them. Steps below fix the issue.
|
||||
|
||||
#### Update Postfix/Dovecot LDAP lookup files
|
||||
|
||||
* On Linux and OpenBSD, run commands:
|
||||
|
||||
```
|
||||
cp -rf /etc/postfix/ldap /etc/postfix/ldap.$(date +%Y%m%d)
|
||||
cp -rf /etc/postfix/ldap /etc/postfix/ldap.bak
|
||||
cd /etc/postfix/ldap/
|
||||
perl -pi -e 's#\(accountStatus=active\)#(accountStatus=active)(!(domainStatus=disabled))#g' catchall_maps.cf recipient_bcc_maps_user.cf sender_bcc_maps_user.cf sender_dependent_relayhost_maps_user.cf sender_login_maps.cf transport_maps_user.cf virtual_alias_maps.cf virtual_group_maps.cf virtual_group_members_maps.cf virtual_mailbox_maps.cf
|
||||
|
||||
|
@ -539,7 +564,7 @@ perl -pi -e 's#\(accountStatus=active\)#(accountStatus=active)(!(domainStatus=di
|
|||
* On FreeBSD, run commands:
|
||||
|
||||
```
|
||||
cp -rf /usr/local/etc/postfix/ldap /usr/local/etc/postfix/ldap.$(date +%Y%m%d)
|
||||
cp -rf /usr/local/etc/postfix/ldap /usr/local/etc/postfix/ldap.bak
|
||||
cd /usr/local/etc/postfix/ldap/
|
||||
perl -pi -e 's#\(accountStatus=active\)#(accountStatus=active)(!(domainStatus=disabled))#g' catchall_maps.cf recipient_bcc_maps_user.cf sender_bcc_maps_user.cf sender_dependent_relayhost_maps_user.cf sender_login_maps.cf transport_maps_user.cf virtual_alias_maps.cf virtual_group_maps.cf virtual_group_members_maps.cf virtual_mailbox_maps.cf
|
||||
|
||||
|
|
|
@ -28,22 +28,24 @@
|
|||
</div>
|
||||
<h2 id="summary">Summary</h2>
|
||||
<p>Since iRedAdmin-Pro-SQL-2.5.0 and iRedAdmin-Pro-LDAP-2.7.0, it's able to grant
|
||||
permission to normal domain admin to create new mail domains. All new domains
|
||||
added by normal domain admin requires domain ownership verification, to ensure:</p>
|
||||
normal domain admin permission to create new mail domains. All new domains
|
||||
added by normal domain admin require domain ownership verification by deafult,
|
||||
to ensure:</p>
|
||||
<ul>
|
||||
<li>the newly added mail domain is an valid domain</li>
|
||||
<li>the newly added mail domain name is an valid domain name on internet</li>
|
||||
<li>the domain admin have the required privileges in the domain to manage the
|
||||
email services.</li>
|
||||
email services</li>
|
||||
</ul>
|
||||
<p>Mail services are disabled for pending domains, and will be activated
|
||||
automatically after verified.</p>
|
||||
automatically after admin verified the ownership.</p>
|
||||
<h2 id="how-to-enable-or-disable-domain-ownership-verification">How to enable or disable domain ownership verification</h2>
|
||||
<p>There're few parameters used to control domain ownership verifivation, you can
|
||||
find default settings in file <code>libs/default_settings.py</code> under iRedAdmin-Pro
|
||||
directory. If you want to change any of them, please copy the parameter to
|
||||
iRedAdmin-Pro config file <code>settings.py</code>, set proper value, then restart
|
||||
Apache or uwsgi (if you're running Nginx) service to reload the changes.</p>
|
||||
<pre><code># Require domain ownership verification if it was added by normal domain admin.
|
||||
<pre><code># Require domain ownership verification if it's added by normal domain admin:
|
||||
# True, False.
|
||||
REQUIRE_DOMAIN_OWNERSHIP_VERIFICATION = True
|
||||
|
||||
# How long should we remove verified or (inactive) unverified domain ownerships.
|
||||
|
@ -51,14 +53,14 @@ REQUIRE_DOMAIN_OWNERSHIP_VERIFICATION = True
|
|||
# iRedAdmin-Pro stores verified ownership in SQL database, if (same) admin
|
||||
# removed the domain and re-adds it, no verification required.
|
||||
#
|
||||
# Usually normal domain admin won't frequently remove and re-add same domain
|
||||
# name, so it's ok to remove saved ownership after X days.
|
||||
# Admin won't frequently remove and re-add same domain name, so it's ok to
|
||||
# remove saved ownership after X days.
|
||||
DOMAIN_OWNERSHIP_EXPIRE_DAYS = 30
|
||||
|
||||
# The string prefixed to verify code. Must be shorter than than 60 characters.
|
||||
DOMAIN_OWNERSHIP_VERIFY_CODE_PREFIX = 'iredmail-domain-verification-'
|
||||
|
||||
# Timeout while performing each verification.
|
||||
# Timeout (in seconds) while performing each verification.
|
||||
DOMAIN_OWNERSHIP_VERIFY_TIMEOUT = 10
|
||||
</code></pre>
|
||||
|
||||
|
@ -67,9 +69,10 @@ DOMAIN_OWNERSHIP_VERIFY_TIMEOUT = 10
|
|||
<ul>
|
||||
<li>
|
||||
<p>Create a text file under top directory of the web site of new domain, both
|
||||
file name and file content must be same as verify code. For example, for
|
||||
pending domain <code>example.com</code> with verify code
|
||||
<code>iredmail-domain-verification-5tzh5gHjU688yyWK7cSV</code>, we will verify 2 URLs:</p>
|
||||
file name and file content must be same as verify code.</p>
|
||||
<p>For example, for pending domain <code>example.com</code> with verify code
|
||||
<code>iredmail-domain-verification-5tzh5gHjU688yyWK7cSV</code>, iRedAdmin-Pro will
|
||||
verify 2 URLs:</p>
|
||||
<ul>
|
||||
<li>http: <code>http://example.com/iredmail-domain-verification-5tzh5gHjU688yyWK7cSV</code></li>
|
||||
<li>https: <code>https://example.com/iredmail-domain-verification-5tzh5gHjU688yyWK7cSV</code></li>
|
||||
|
@ -79,30 +82,25 @@ code as page content.</p>
|
|||
</li>
|
||||
<li>
|
||||
<p>Create a TXT type DNS record of the domain name, use the verify code as its
|
||||
value. For example, for pending domain <code>example.com</code> with verify code
|
||||
<code>iredmail-domain-verification-5tzh5gHjU688yyWK7cSV</code>, DNS query by command
|
||||
<code>nslookup -type=txt example.com</code> should return a record which is same as
|
||||
verify code.</p>
|
||||
<p>Sample DNS query with <code>nslookup</code>:</p>
|
||||
value.</p>
|
||||
<p>For example, for pending domain <code>example.com</code> with verify code
|
||||
<code>iredmail-domain-verification-5tzh5gHjU688yyWK7cSV</code>, DNS query by command
|
||||
<code>nslookup -type=txt example.com</code> should return a record which is same as
|
||||
verify code.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>Sample DNS query with <code>nslookup</code>:</p>
|
||||
<pre><code>$ nslookup -type=txt example.com
|
||||
|
||||
Non-authoritative answer:
|
||||
example.com text = "iredmail-domain-verification-5tzh5gHjU688yyWK7cSV"
|
||||
example.com text = "v=spf1 ..."
|
||||
example.com text = "..."
|
||||
</code></pre>
|
||||
|
||||
<pre><code>Sample DNS query with `dig`:
|
||||
</code></pre>
|
||||
<pre><code>$ dig -t txt example.com
|
||||
|
||||
...
|
||||
;; ANSWER SECTION:
|
||||
example.com text = "iredmail-domain-verification-5tzh5gHjU688yyWK7cSV"
|
||||
...
|
||||
</code></pre>
|
||||
|
||||
<p>Sample DNS query with <code>dig</code>:</p>
|
||||
<pre><code>$ dig -t txt example.com
|
||||
...
|
||||
iredmail.org. 4173 IN TXT "iredmail-domain-verification-5tzh5gHjU688yyWK7cSV"
|
||||
iredmail.org. 4173 IN TXT "v=spf1 ..."
|
||||
iredmail.org. 4173 IN TXT "..."
|
||||
...
|
||||
</code></pre><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div>
|
||||
|
|
|
@ -44,9 +44,12 @@
|
|||
</ul>
|
||||
</li>
|
||||
<li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
|
||||
<li><a href="#use-the-latest-iredmail-ldap-schema-file">Use the latest iRedMail LDAP schema file</a><ul>
|
||||
<li><a href="#update-openldap-config-file-to-index-new-attributes">Update OpenLDAP config file to index new attributes</a></li>
|
||||
<li><a href="#download-the-latest-iredmail-ldap-schema-file">Download the latest iRedMail LDAP schema file</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="#fixed-mail-accounts-user-alias-list-are-still-active-when-domain-is-disabled">Fixed: mail accounts (user, alias, list) are still active when domain is disabled</a><ul>
|
||||
<li><a href="#update-openldap-config-file-to-index-new-attribute-name-domainstatus">Update OpenLDAP config file to index new attribute name: domainStatus</a></li>
|
||||
<li><a href="#use-the-latest-iredmail-ldap-schema-file">Use the latest iRedMail LDAP schema file</a></li>
|
||||
<li><a href="#update-postfixdovecot-ldap-lookup-files">Update Postfix/Dovecot LDAP lookup files</a></li>
|
||||
<li><a href="#add-required-ldap-attributevalue-for-existing-mail-accounts-under-disabled-domains">Add required LDAP attribute/value for existing mail accounts under disabled domains</a></li>
|
||||
</ul>
|
||||
|
@ -470,36 +473,55 @@ your Amavisd config file.</p>
|
|||
<li>Restart Amavisd service is required.</li>
|
||||
</ul>
|
||||
<h2 id="openldap-backend-special">OpenLDAP backend special</h2>
|
||||
<h3 id="fixed-mail-accounts-user-alias-list-are-still-active-when-domain-is-disabled">Fixed: mail accounts (user, alias, list) are still active when domain is disabled</h3>
|
||||
<blockquote>
|
||||
<p>This fix is applicable to OpenBSD ldapd backend also.</p>
|
||||
</blockquote>
|
||||
<p>In iRedMail-0.9.5-1 and all earlier releases, if we disable a mail domain,
|
||||
all mail accounts (mail users, aliases, lists) are still active and Postfix
|
||||
will accept emails sent to them. Steps below fix the issue.</p>
|
||||
<h4 id="update-openldap-config-file-to-index-new-attribute-name-domainstatus">Update OpenLDAP config file to index new attribute name: <code>domainStatus</code></h4>
|
||||
<h3 id="use-the-latest-iredmail-ldap-schema-file">Use the latest iRedMail LDAP schema file</h3>
|
||||
<p>iRedMail-0.9.6 introduces 2 new LDAP attributes:</p>
|
||||
<ul>
|
||||
<li><code>domainPendingAliasName</code>: used by mail domain account, to store new alias
|
||||
domain names which is pending for domain ownership verification. Required by
|
||||
iRedAdmin-Pro.</li>
|
||||
<li><code>domainStatus</code>: used by mail user/alias/list accounts, to indicate domain
|
||||
status.</li>
|
||||
</ul>
|
||||
<h4 id="update-openldap-config-file-to-index-new-attributes">Update OpenLDAP config file to index new attributes</h4>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Please open OpenLDAP config file <code>slapd.conf</code>:</p>
|
||||
<ul>
|
||||
<li>Please open OpenLDAP config file <code>slapd.conf</code>, find line below:<ul>
|
||||
<li>On RHEL/CentOS, it's <code>/etc/openldap/slapd.conf</code></li>
|
||||
<li>On Debian/Ubuntu, it's <code>/etc/ldap/slapd.conf</code></li>
|
||||
<li>On FreeBSD, it's <code>/usr/local/etc/openldap/slapd.conf</code></li>
|
||||
<li>On OpenBSD, it's <code>/etc/openldap/slapd.conf</code>. If you're running ldapd as
|
||||
LDAP server, please add a new line <code>index domainStats</code> in the <code>namespace
|
||||
xxx {}</code> block.</li>
|
||||
<li>On OpenBSD:<ul>
|
||||
<li>if you're running OpenLDAP, it's <code>/etc/openldap/slapd.conf</code>.</li>
|
||||
<li>if you're running ldapd(8) LDAP server, please add a new line
|
||||
<code>index domainStats</code> in the <code>namespace xxx {}</code> block.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<p>for new attribute <code>domainPendingAliasName</code>, please find line below:</p>
|
||||
</li>
|
||||
</ul>
|
||||
<pre><code>access to attrs="objectclass,domainName,mtaTransport,..."
|
||||
</code></pre>
|
||||
|
||||
<p>Add new attribute name <code>domainPendingAliasName</code> in this line (<strong>WARNING</strong>:
|
||||
don't leave any whitespace between attribute names and comma):</p>
|
||||
<pre><code>access to attrs="domainPendingAliasName,objectclass,domainName,mtaTransport,..."
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>for new attribute <code>domainStatus</code>, please find line below:</li>
|
||||
</ul>
|
||||
<pre><code>access to attrs="employeeNumber,mail,..."
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Add new attribute name <code>domainStatus</code> in this line (<strong>WARNING</strong>: don't leave
|
||||
any whitespace between attribute names and comma):</li>
|
||||
</ul>
|
||||
<p>Add new attribute name <code>domainStatus</code> in this line (<strong>WARNING</strong>: don't leave
|
||||
any whitespace between attribute names and comma):</p>
|
||||
<pre><code>access to attrs="domainStatus,employeeNumber,mail,..."
|
||||
</code></pre>
|
||||
|
||||
<h4 id="use-the-latest-iredmail-ldap-schema-file">Use the latest iRedMail LDAP schema file</h4>
|
||||
<h4 id="download-the-latest-iredmail-ldap-schema-file">Download the latest iRedMail LDAP schema file</h4>
|
||||
<ul>
|
||||
<li>On RHEL/CentOS:</li>
|
||||
</ul>
|
||||
|
@ -558,6 +580,13 @@ cp -f /tmp/iredmail.schema /etc/openldap/schema/
|
|||
rcctl restart slapd
|
||||
</code></pre>
|
||||
|
||||
<h3 id="fixed-mail-accounts-user-alias-list-are-still-active-when-domain-is-disabled">Fixed: mail accounts (user, alias, list) are still active when domain is disabled</h3>
|
||||
<blockquote>
|
||||
<p>This fix is applicable to OpenBSD ldapd backend also.</p>
|
||||
</blockquote>
|
||||
<p>In iRedMail-0.9.5-1 and all earlier releases, if we disable a mail domain,
|
||||
all mail accounts (mail users, aliases, lists) are still active and Postfix
|
||||
will accept emails sent to them. Steps below fix the issue.</p>
|
||||
<h4 id="update-postfixdovecot-ldap-lookup-files">Update Postfix/Dovecot LDAP lookup files</h4>
|
||||
<ul>
|
||||
<li>On Linux and OpenBSD, run commands:</li>
|
||||
|
|
Loading…
Reference in New Issue