elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

New optional upgrade item: Fixed: return receipt response rejected by iRedAPD plugin reject_null_sender.

This commit is contained in:
Zhang Huangbin 2015-02-04 13:19:12 +08:00
parent 1bee33653d
commit afe09f3c82
2 changed files with 66 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
html/upgrade.iredmail.0.9.0-0.9.1.html
View File

@ -16,6 +16,7 @@
<li><a href="#upgrade-iredmail-from-090-to-091">Upgrade iRedMail from 0.9.0 to 0.9.1</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><a href="#optional-fixed-return-receipt-response-rejected-by-iredapd-plugin-reject_null_sender">[OPTIONAL] Fixed: return receipt response rejected by iRedAPD plugin reject_null_sender</a></li>
<li><a href="#fixed-incorrect-path-of-command-sogo-tool-on-openbsd">Fixed: Incorrect path of command sogo-tool on OpenBSD</a></li>
</ul>
</li>
@ -40,11 +41,39 @@
<p>WARNING: This is still a working in progress draft document, do <strong>NOT</strong> apply it.</p>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>2015-02-02: [All backends] Fixed: Not backup SOGo database. Note: this step is not applicable if you don't use SOGo groupware.</li>
<li>2015-02-04: [All backends] [<strong>OPTIONAL</strong>] Fixed: return receipt response rejected
by iRedAPD plugin <code>reject_null_sender</code>.</li>
<li>2015-02-02: [All backends] Fixed: Not backup SOGo database. Note: this step
is not applicable if you don't use SOGo groupware.</li>
<li>2015-01-13: [All backends] Fixed: Incorrect path of command 'sogo-tool` on OpenBSD.</li>
<li>2015-01-12: [SQL backends] Fixed: Not apply service restriction in Dovecot SQL query file while acting as SASL server.</li>
<li>2015-01-12: [SQL backends] Fixed: Not apply service restriction in Dovecot
SQL query file while acting as SASL server.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
<h3 id="optional-fixed-return-receipt-response-rejected-by-iredapd-plugin-reject_null_sender">[OPTIONAL] Fixed: return receipt response rejected by iRedAPD plugin <code>reject_null_sender</code></h3>
<p>Note: this is applicable if you want to keep iRedAPD plugin <code>reject_null_sender</code>
but still able to send return receipt with Roundcube webmail.</p>
<p>According to RFC2298, return receipt envelope sender address must be empty. If
you have iRedAPD plugin <code>reject_null_sender</code> enabled, it will reject return
receipt response. To particularly solve this issue, you can set below setting
in Roundcube config file <code>config/config.inc.php</code>:</p>
<ul>
<li>on RHEL/CentOS/OpenBSD, it's <code>/var/www/roundcubemail/config/config.inc.php</code>.</li>
<li>on Debian/Ubuntu, it's <code>/usr/share/apache2/roundcubemail/config/config.inc.php</code>.</li>
<li>on FreeBSD, it's <code>/usr/local/www/roundcube/config/config.inc.php</code>.</li>
</ul>
<pre><code>$config['mdn_use_from'] = true;
</code></pre>
<p>Note: if other mail client applications don't set smtp authentication user as
envelope sender of return receipt, same issue will occurs. You must disable
iRedAPD plugin <code>reject_null_sender</code> in <code>/opt/iredapd/settings.py</code> to make all
mail clients work.</p>
<p>iRedAPD plugin <code>reject_null_sender</code> rejects message submitted by sasl
authenticated user but with null sender in <code>From:</code> header (<code>from=&lt;&gt;</code> in Postfix
log). If your user's password was cracked by spammer, spammer can use this
account to bypass smtp authentication, but with a null sender in <code>From:</code>
header, throttling won't be triggered.</p>
<h3 id="fixed-incorrect-path-of-command-sogo-tool-on-openbsd">Fixed: Incorrect path of command <code>sogo-tool</code> on OpenBSD</h3>
<p>Note: this step is applicable to only OpenBSD.</p>
<p>Please check user <code>_sogo</code>'s cron job, make sure path to <code>sogo-tool</code> command is

37
upgrade/0-upgrade.iredmail.0.9.0-0.9.1.md
View File

@ -8,12 +8,45 @@ WARNING: This is still a working in progress draft document, do __NOT__ apply it
## ChangeLog
* 2015-02-02: [All backends] Fixed: Not backup SOGo database. Note: this step is not applicable if you don't use SOGo groupware.
* 2015-02-04: [All backends] [__OPTIONAL__] Fixed: return receipt response rejected
by iRedAPD plugin `reject_null_sender`.
* 2015-02-02: [All backends] Fixed: Not backup SOGo database. Note: this step
is not applicable if you don't use SOGo groupware.
* 2015-01-13: [All backends] Fixed: Incorrect path of command 'sogo-tool` on OpenBSD.
* 2015-01-12: [SQL backends] Fixed: Not apply service restriction in Dovecot SQL query file while acting as SASL server.
* 2015-01-12: [SQL backends] Fixed: Not apply service restriction in Dovecot
SQL query file while acting as SASL server.
## General (All backends should apply these steps)
### [OPTIONAL] Fixed: return receipt response rejected by iRedAPD plugin `reject_null_sender`
Note: this is applicable if you want to keep iRedAPD plugin `reject_null_sender`
but still able to send return receipt with Roundcube webmail.
According to RFC2298, return receipt envelope sender address must be empty. If
you have iRedAPD plugin `reject_null_sender` enabled, it will reject return
receipt response. To particularly solve this issue, you can set below setting
in Roundcube config file `config/config.inc.php`:
* on RHEL/CentOS/OpenBSD, it's `/var/www/roundcubemail/config/config.inc.php`.
* on Debian/Ubuntu, it's `/usr/share/apache2/roundcubemail/config/config.inc.php`.
* on FreeBSD, it's `/usr/local/www/roundcube/config/config.inc.php`.
```
$config['mdn_use_from'] = true;
```
Note: if other mail client applications don't set smtp authentication user as
envelope sender of return receipt, same issue will occurs. You must disable
iRedAPD plugin `reject_null_sender` in `/opt/iredapd/settings.py` to make all
mail clients work.
iRedAPD plugin `reject_null_sender` rejects message submitted by sasl
authenticated user but with null sender in `From:` header (`from=<>` in Postfix
log). If your user's password was cracked by spammer, spammer can use this
account to bypass smtp authentication, but with a null sender in `From:`
header, throttling won't be triggered.
### Fixed: Incorrect path of command `sogo-tool` on OpenBSD
Note: this step is applicable to only OpenBSD.