elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sync upgrade tutorial: [OpenBSD] Add script and daily cron job to backup ldapd database.

This commit is contained in:
Zhang Huangbin 2016-05-02 21:47:42 +08:00
parent bec6c73e16
commit c2cd016b29
2 changed files with 221 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
en_US/upgrade/0-upgrade.iredmail.0.9.4-0.9.5.md
View File

@ -9,7 +9,7 @@
## ChangeLog
* May 1, 2016: Initial publish.
* May 3, 2016: Initial publish.
## General (All backends should apply these steps)
@ -70,33 +70,6 @@ action = iptables-multiport[name=sshd-ddos, port="http,https,smtp,submissio
Restarting Fail2ban service is required.
### [RHEL/CentOS] Fixed: Not enable cron job to update SpamAssassin rules
Note: this is applicable to only RHEL and CentOS.
In iRedMail-0.9.4 and earlier releases, iRedMail didn't enable cron job to
update SpamAssassin rules. Please run commands below to fix it.
```shell
perl -pi -e 's/^(SAUPDATE=yes)/#${1}/' /etc/sysconfig/sa-update
echo 'SAUPDATE=yes' >> /etc/sysconfig/sa-update
```
### [RHEL/CentOS] Fixed: Not create required directory used to store PHP session files
Note: this is applicable to only RHEL and CentOS if you're __running Nginx + php-fpm__.
In iRedMail-0.9.4 and earlier releases, iRedMail didn't create directory used
to store PHP session files, it will cause error when your PHP application tries
to create session file. Please fix it with commands below:
```shell
mkdir /var/lib/php/session
chown root:root /var/lib/php/session
chmod 0773 /var/lib/php/session
chmod o+t /var/lib/php/session
```
### Fixed: Not perform banned file types checking on RHEL/CentOS/OpenBSD/FreeBSD
!!! attention
@ -135,7 +108,7 @@ $policy_bank{'ORIGINATING'} = {
Save the change. Restarting amavisd service is required.
### Fixed: not add alias for `virusalert` on non-Debian/Ubuntu OSes
### Fixed: not add alias for `virusalert` on RHEL/CentOS/OpenBSD/FreeBSD
!!! attention
@ -216,6 +189,115 @@ location ^~ /SOGo/Microsoft-Server-ActiveSync {
* Restarting Nginx service is required.
### [RHEL/CentOS] Fixed: Not enable cron job to update SpamAssassin rules
Note: this is applicable to only RHEL and CentOS.
In iRedMail-0.9.4 and earlier releases, iRedMail didn't enable cron job to
update SpamAssassin rules. Please run commands below to fix it.
```shell
perl -pi -e 's/^(SAUPDATE=yes)/#${1}/' /etc/sysconfig/sa-update
echo 'SAUPDATE=yes' >> /etc/sysconfig/sa-update
```
### [RHEL/CentOS] Fixed: Not create required directory used to store PHP session files
Note: this is applicable to only RHEL and CentOS if you're __running Nginx + php-fpm__.
In iRedMail-0.9.4 and earlier releases, iRedMail didn't create directory used
to store PHP session files, it will cause error when your PHP application tries
to create session file. Please fix it with commands below:
```shell
mkdir /var/lib/php/session
chown root:root /var/lib/php/session
chmod 0773 /var/lib/php/session
chmod o+t /var/lib/php/session
```
### [OpenBSD] Add script and daily cron job to backup ldapd database
!!! attention
This is applicable to only OpenBSD with ldapd backend (not OpenLDAP, MySQL, PostgreSQL).
In iRedMail-0.9.4 and early releases, iRedMail incorrectly used script for
backing up OpenLDAP to backup ldapd, this causes empty backup. Please fix it with
steps below.
* Download script used to backup ldapd and copy it to `/var/vmail/backup` (this
is default backup directory, it might be changed during iRedMail installation,
so please copy to the correct directory on your server):
```
cd /var/vmail/backup/
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/tools/backup_ldapd.sh
chown root:wheel backup_ldapd.sh
chmod 0500 backup_ldapd.sh
```
* Edit file `/var/vmail/backup/backup_ldapd.sh`, update parameters with proper
values:
* You should use LDAP suffix as value of `LDAP_BASE_DN` to backup whole
LDAP tree.
* You should use find LDAP root dn and password as `LDAP_BIND_DN` and
`LDAP_BIND_PASSWORD`, so that it has required privilege to query whole
LDAP tree.
* You can find all required values in `iRedMail.tips` file under iRedMail
installation directory. for example, `/root/iRedMail-0.9.4/iRedMail.tips`.
```
# LDAP base dn, bind dn and password.
export LDAP_BASE_DN='dc=example,dc=com'
export LDAP_BIND_DN='cn=Manager,dc=example,dc=com'
export LDAP_BIND_PASSWORD='password'
# Where to store backup copies.
export BACKUP_ROOTDIR='/var/vmail/backup'
# Keep backup for how many days. Default is 90 days.
export KEEP_DAYS='90'
```
If you want to store backup status in SQL database `iredadmin` (so that you
can check backup status in iRedAdmin), please set correct SQL username and
password in parameters `MYSQL_USER` and `MYSQL_PASSWD` in
file `/var/vmail/backup/backup_ldapd.sh`:
```
# MySQL user and password, used to log backup status to sql table `iredadmin.log`.
# You can find password of SQL user 'iredadmin' in iRedAdmin config file 'settings.py'.
export MYSQL_USER='iredadmin'
export MYSQL_PASSWD='passwd'
```
* Run this script manually to backup ldapd immediately, check whether or not
it works: make sure the backup file contains valid/correct LDIF data, and
SQL table `iredadmin.log` contains a record of this backup.
* Edit root's cron job with command:
```
crontab -e -u root
```
* Find the daily cron job used to run script `backup_openldap.sh` like below:
```
0 3 * * * /usr/local/bin/bash /var/vmail/backup/backup_openldap.sh
```
* Rename `backup_openldap.sh` to `backup_ldapd.sh`, and make sure the absolute
path of this script is correct:
```
0 3 * * * /usr/local/bin/bash /var/vmail/backup/backup_ldapd.sh
```
* Save your changes.
### [OPTIONAL] Add custom Amavisd log template to always log SpamAssassin testing result
!!! attention

134
html/upgrade.iredmail.0.9.4-0.9.5.html
View File

@ -24,11 +24,12 @@
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-190">Upgrade iRedAPD (Postfix policy server) to the latest stable release (1.9.0)</a></li>
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-06">Upgrade iRedAdmin (open source edition) to the latest stable release (0.6)</a></li>
<li><a href="#linux-fixed-not-add-ssh-port-number-in-fail2ban-config-file-jaillocal">[Linux] Fixed: not add ssh port number in Fail2ban config file (jail.local)</a></li>
<li><a href="#fixed-not-perform-banned-file-types-checking-on-rhelcentosopenbsdfreebsd">Fixed: Not perform banned file types checking on RHEL/CentOS/OpenBSD/FreeBSD</a></li>
<li><a href="#fixed-not-add-alias-for-virusalert-on-rhelcentosopenbsdfreebsd">Fixed: not add alias for virusalert on RHEL/CentOS/OpenBSD/FreeBSD</a></li>
<li><a href="#fixed-improper-nginx-proxy-timeout-setting-for-sogo">Fixed: Improper Nginx proxy timeout setting for SOGo</a></li>
<li><a href="#rhelcentos-fixed-not-enable-cron-job-to-update-spamassassin-rules">[RHEL/CentOS] Fixed: Not enable cron job to update SpamAssassin rules</a></li>
<li><a href="#rhelcentos-fixed-not-create-required-directory-used-to-store-php-session-files">[RHEL/CentOS] Fixed: Not create required directory used to store PHP session files</a></li>
<li><a href="#fixed-not-perform-banned-file-types-checking-on-rhelcentosopenbsdfreebsd">Fixed: Not perform banned file types checking on RHEL/CentOS/OpenBSD/FreeBSD</a></li>
<li><a href="#fixed-not-add-alias-for-virusalert-on-non-debianubuntu-oses">Fixed: not add alias for virusalert on non-Debian/Ubuntu OSes</a></li>
<li><a href="#fixed-improper-nginx-proxy-timeout-setting-for-sogo">Fixed: Improper Nginx proxy timeout setting for SOGo</a></li>
<li><a href="#openbsd-add-script-and-daily-cron-job-to-backup-ldapd-database">[OpenBSD] Add script and daily cron job to backup ldapd database</a></li>
<li><a href="#optional-add-custom-amavisd-log-template-to-always-log-spamassassin-testing-result">[OPTIONAL] Add custom Amavisd log template to always log SpamAssassin testing result</a></li>
</ul>
</li>
@ -80,7 +81,7 @@ check <a href="../support.html">the details</a> and <a href="../contact.html">co
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>May 1, 2016: Initial publish.</li>
<li>May 3, 2016: Initial publish.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
@ -129,25 +130,6 @@ action = iptables-multiport[name=sshd-ddos, port=&quot;http,https,smtp,subm
</code></pre>
<p>Restarting Fail2ban service is required.</p>
<h3 id="rhelcentos-fixed-not-enable-cron-job-to-update-spamassassin-rules">[RHEL/CentOS] Fixed: Not enable cron job to update SpamAssassin rules</h3>
<p>Note: this is applicable to only RHEL and CentOS.</p>
<p>In iRedMail-0.9.4 and earlier releases, iRedMail didn't enable cron job to
update SpamAssassin rules. Please run commands below to fix it.</p>
<pre><code class="shell">perl -pi -e 's/^(SAUPDATE=yes)/#${1}/' /etc/sysconfig/sa-update
echo 'SAUPDATE=yes' &gt;&gt; /etc/sysconfig/sa-update
</code></pre>
<h3 id="rhelcentos-fixed-not-create-required-directory-used-to-store-php-session-files">[RHEL/CentOS] Fixed: Not create required directory used to store PHP session files</h3>
<p>Note: this is applicable to only RHEL and CentOS if you're <strong>running Nginx + php-fpm</strong>.</p>
<p>In iRedMail-0.9.4 and earlier releases, iRedMail didn't create directory used
to store PHP session files, it will cause error when your PHP application tries
to create session file. Please fix it with commands below:</p>
<pre><code class="shell">mkdir /var/lib/php/session
chown root:root /var/lib/php/session
chmod 0773 /var/lib/php/session
chmod o+t /var/lib/php/session
</code></pre>
<h3 id="fixed-not-perform-banned-file-types-checking-on-rhelcentosopenbsdfreebsd">Fixed: Not perform banned file types checking on RHEL/CentOS/OpenBSD/FreeBSD</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
@ -180,7 +162,7 @@ below:</p>
</code></pre>
<p>Save the change. Restarting amavisd service is required.</p>
<h3 id="fixed-not-add-alias-for-virusalert-on-non-debianubuntu-oses">Fixed: not add alias for <code>virusalert</code> on non-Debian/Ubuntu OSes</h3>
<h3 id="fixed-not-add-alias-for-virusalert-on-rhelcentosopenbsdfreebsd">Fixed: not add alias for <code>virusalert</code> on RHEL/CentOS/OpenBSD/FreeBSD</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This is <strong>NOT</strong> applicable to Debian and Ubuntu.</p>
@ -263,6 +245,110 @@ location ^~ /SOGo/Microsoft-Server-ActiveSync {
<ul>
<li>Restarting Nginx service is required.</li>
</ul>
<h3 id="rhelcentos-fixed-not-enable-cron-job-to-update-spamassassin-rules">[RHEL/CentOS] Fixed: Not enable cron job to update SpamAssassin rules</h3>
<p>Note: this is applicable to only RHEL and CentOS.</p>
<p>In iRedMail-0.9.4 and earlier releases, iRedMail didn't enable cron job to
update SpamAssassin rules. Please run commands below to fix it.</p>
<pre><code class="shell">perl -pi -e 's/^(SAUPDATE=yes)/#${1}/' /etc/sysconfig/sa-update
echo 'SAUPDATE=yes' &gt;&gt; /etc/sysconfig/sa-update
</code></pre>
<h3 id="rhelcentos-fixed-not-create-required-directory-used-to-store-php-session-files">[RHEL/CentOS] Fixed: Not create required directory used to store PHP session files</h3>
<p>Note: this is applicable to only RHEL and CentOS if you're <strong>running Nginx + php-fpm</strong>.</p>
<p>In iRedMail-0.9.4 and earlier releases, iRedMail didn't create directory used
to store PHP session files, it will cause error when your PHP application tries
to create session file. Please fix it with commands below:</p>
<pre><code class="shell">mkdir /var/lib/php/session
chown root:root /var/lib/php/session
chmod 0773 /var/lib/php/session
chmod o+t /var/lib/php/session
</code></pre>
<h3 id="openbsd-add-script-and-daily-cron-job-to-backup-ldapd-database">[OpenBSD] Add script and daily cron job to backup ldapd database</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This is applicable to only OpenBSD with ldapd backend (not OpenLDAP, MySQL, PostgreSQL).</p>
</div>
<p>In iRedMail-0.9.4 and early releases, iRedMail incorrectly used script for
backing up OpenLDAP to backup ldapd, this causes empty backup. Please fix it with
steps below.</p>
<ul>
<li>Download script used to backup ldapd and copy it to <code>/var/vmail/backup</code> (this
is default backup directory, it might be changed during iRedMail installation,
so please copy to the correct directory on your server):</li>
</ul>
<pre><code>cd /var/vmail/backup/
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/tools/backup_ldapd.sh
chown root:wheel backup_ldapd.sh
chmod 0500 backup_ldapd.sh
</code></pre>
<ul>
<li>
<p>Edit file <code>/var/vmail/backup/backup_ldapd.sh</code>, update parameters with proper
values:</p>
<ul>
<li>You should use LDAP suffix as value of <code>LDAP_BASE_DN</code> to backup whole
LDAP tree.</li>
<li>You should use find LDAP root dn and password as <code>LDAP_BIND_DN</code> and
<code>LDAP_BIND_PASSWORD</code>, so that it has required privilege to query whole
LDAP tree.</li>
<li>You can find all required values in <code>iRedMail.tips</code> file under iRedMail
installation directory. for example, <code>/root/iRedMail-0.9.4/iRedMail.tips</code>.</li>
</ul>
</li>
</ul>
<pre><code># LDAP base dn, bind dn and password.
export LDAP_BASE_DN='dc=example,dc=com'
export LDAP_BIND_DN='cn=Manager,dc=example,dc=com'
export LDAP_BIND_PASSWORD='password'
# Where to store backup copies.
export BACKUP_ROOTDIR='/var/vmail/backup'
# Keep backup for how many days. Default is 90 days.
export KEEP_DAYS='90'
</code></pre>
<p>If you want to store backup status in SQL database <code>iredadmin</code> (so that you
can check backup status in iRedAdmin), please set correct SQL username and
password in parameters <code>MYSQL_USER</code> and <code>MYSQL_PASSWD</code> in
file <code>/var/vmail/backup/backup_ldapd.sh</code>:</p>
<pre><code># MySQL user and password, used to log backup status to sql table `iredadmin.log`.
# You can find password of SQL user 'iredadmin' in iRedAdmin config file 'settings.py'.
export MYSQL_USER='iredadmin'
export MYSQL_PASSWD='passwd'
</code></pre>
<ul>
<li>
<p>Run this script manually to backup ldapd immediately, check whether or not
it works: make sure the backup file contains valid/correct LDIF data, and
SQL table <code>iredadmin.log</code> contains a record of this backup.</p>
</li>
<li>
<p>Edit root's cron job with command:</p>
</li>
</ul>
<pre><code>crontab -e -u root
</code></pre>
<ul>
<li>Find the daily cron job used to run script <code>backup_openldap.sh</code> like below:</li>
</ul>
<pre><code>0 3 * * * /usr/local/bin/bash /var/vmail/backup/backup_openldap.sh
</code></pre>
<ul>
<li>Rename <code>backup_openldap.sh</code> to <code>backup_ldapd.sh</code>, and make sure the absolute
path of this script is correct:</li>
</ul>
<pre><code>0 3 * * * /usr/local/bin/bash /var/vmail/backup/backup_ldapd.sh
</code></pre>
<ul>
<li>Save your changes.</li>
</ul>
<h3 id="optional-add-custom-amavisd-log-template-to-always-log-spamassassin-testing-result">[OPTIONAL] Add custom Amavisd log template to always log SpamAssassin testing result</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>