elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sync iRedMail upgrade tutorial.

This commit is contained in:
Zhang Huangbin 2017-03-17 00:16:45 +08:00
parent 9c39dfc763
commit d098bf37cd
4 changed files with 167 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
en_US/installation/0-install.iredmail.on.freebsd.with.jail.md
View File

@ -26,7 +26,7 @@ and configure them for you automatically. Otherwise it may override your
existing files/configurations althought it will backup files before modifying,
and it may not be working as expected.
* The latest stable release of iRedMail. You can download it here: http://www.iredmail.org/download.html
* The latest stable release of iRedMail. You can download it here: <http://www.iredmail.org/download.html>
* Port `sysutils/ezjail` for FreeBSD.
* Make sure 3 UID/GID are not used by other user/group: 2000, 2001, 2002.
@ -62,7 +62,7 @@ ezjail_enable="YES"
# ezjail-admin install -p
```
* Create Jail
* Create a new jail
* hostname `mx.example.com`
* bound IP address `172.16.244.254` to network interface `em0`
@ -105,11 +105,11 @@ nameserver 172.16.244.2
* In Jail, install binary package `bash-static`, it's required by iRedMail.
```
# -- For FreeBSD 9 or earlier releases --
# pkg_add -r bash-static
# -- For FreeBSD 10 or later releases --
# pkg install bash-static
# -- For FreeBSD 9 or earlier releases --
# pkg_add -r bash-static
```
## Start iRedMail installer

74
en_US/upgrade/0-upgrade.iredmail.0.9.6-0.9.7.md
View File

@ -13,8 +13,9 @@
## ChangeLog
* Mar 8, 2017: [RHEL/CentOS][Nginx] Fix incorrect session.save_path in php-fpm pool config file.
* Feb 9, 2017: Fixed improper Fail2ban filter for Dovecot.
* Mar 16, 2017: Fixed: Avoid possible backdooring mysqldump backups
* Mar 8, 2017: [RHEL/CentOS][Nginx] Fix incorrect `session.save_path` in php-fpm pool config file.
* Feb 9, 2017: Fixed improper Fail2ban filter for Dovecot.
## General (All backends should apply these steps)
@ -28,6 +29,17 @@ so that you can know which version of iRedMail you're running. For example:
0.9.7
```
### Upgrade Roundcube webmail to the latest stable release (1.2.4)
> Roundcube 1.2.4 fixes a security issue, all users are encouraged to upgrade
> it as soon as possible. For more details about this release, please check
> Roundcube [release note](https://github.com/roundcube/roundcubemail/releases/tag/1.2.4).
Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
latest stable release immediately:
* [How to upgrade Roundcube](https://github.com/roundcube/roundcubemail/wiki/Upgrade).
### Fixed: incorrect session.save_path in php-fpm pool config file on RHEL/CentOS
!!! attention
@ -66,3 +78,61 @@ below:
```
Then restart or reload Fail2ban service.
## OpenLDAP backend special
### Fixed: Avoid possible backdooring mysqldump backups
For more details about this backdooring mysqldump backup issue, please read
blog post:
* [[CVE-2016-5483] Backdooring mysqldump backups](https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/).
Steps to fix it:
* Open the daily MySQL backup script, it's `/var/vmail/backup/backup_mysql.sh`
by default. if you use different storage directory during iRedMail
installation, you can find the base directory with command `postconf virtual_mailbox_base`.
* Find variable name `CMD_MYSQLDUMP` like below:
```
export CMD_MYSQLDUMP="mysqldump ..."
```
* Make sure it has argument `--skip-comments` like below:
```
export CMD_MYSQLDUMP="mysqldump ... --skip-comments"
```
* Save your change. That's it.
## MySQL/MariaDB backend special
### Fixed: Avoid possible backdooring mysqldump backups
For more details about this backdooring mysqldump backup issue, please read
blog post:
* [[CVE-2016-5483] Backdooring mysqldump backups](https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/).
Steps to fix it:
* Open the daily MySQL backup script, it's `/var/vmail/backup/backup_mysql.sh`
by default. if you use different storage directory during iRedMail
installation, you can find the base directory with command `postconf virtual_mailbox_base`.
* Find variable name `CMD_MYSQLDUMP` like below:
```
export CMD_MYSQLDUMP="mysqldump ..."
```
* Make sure it has argument `--skip-comments` like below:
```
export CMD_MYSQLDUMP="mysqldump ... --skip-comments"
```
* Save your change. That's it.

12
html/install.iredmail.on.freebsd.with.jail.html
View File

@ -64,7 +64,7 @@ and configure them for you automatically. Otherwise it may override your
existing files/configurations althought it will backup files before modifying,
and it may not be working as expected.</p>
<ul>
<li>The latest stable release of iRedMail. You can download it here: http://www.iredmail.org/download.html</li>
<li>The latest stable release of iRedMail. You can download it here: <a href="http://www.iredmail.org/download.html">http://www.iredmail.org/download.html</a></li>
<li>Port <code>sysutils/ezjail</code> for FreeBSD.</li>
<li>Make sure 3 UID/GID are not used by other user/group: 2000, 2001, 2002.</li>
</ul>
@ -99,7 +99,7 @@ ezjail_enable=&quot;YES&quot;
<ul>
<li>
<p>Create Jail</p>
<p>Create a new jail</p>
<ul>
<li>hostname <code>mx.example.com</code></li>
<li>bound IP address <code>172.16.244.254</code> to network interface <code>em0</code></li>
@ -140,11 +140,11 @@ nameserver 172.16.244.2
<ul>
<li>In Jail, install binary package <code>bash-static</code>, it's required by iRedMail.</li>
</ul>
<pre><code># -- For FreeBSD 9 or earlier releases --
# pkg_add -r bash-static
# -- For FreeBSD 10 or later releases --
<pre><code># -- For FreeBSD 10 or later releases --
# pkg install bash-static
# -- For FreeBSD 9 or earlier releases --
# pkg_add -r bash-static
</code></pre>
<h2 id="start-iredmail-installer">Start iRedMail installer</h2>

87
html/upgrade.iredmail.0.9.6-0.9.7.html
View File

@ -22,10 +22,19 @@
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-124">Upgrade Roundcube webmail to the latest stable release (1.2.4)</a></li>
<li><a href="#fixed-incorrect-sessionsave_path-in-php-fpm-pool-config-file-on-rhelcentos">Fixed: incorrect session.save_path in php-fpm pool config file on RHEL/CentOS</a></li>
<li><a href="#fixed-improper-fail2ban-filter-which-causes-incorrect-ban">Fixed: Improper Fail2ban filter which causes incorrect ban</a></li>
</ul>
</li>
<li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
<li><a href="#fixed-avoid-possible-backdooring-mysqldump-backups">Fixed: Avoid possible backdooring mysqldump backups</a></li>
</ul>
</li>
<li><a href="#mysqlmariadb-backend-special">MySQL/MariaDB backend special</a><ul>
<li><a href="#fixed-avoid-possible-backdooring-mysqldump-backups_1">Fixed: Avoid possible backdooring mysqldump backups</a></li>
</ul>
</li>
</ul>
</li>
</ul>
@ -41,8 +50,9 @@ check <a href="../support.html">the details</a> and <a href="../contact.html">co
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>Mar 8, 2017: [RHEL/CentOS][Nginx] Fix incorrect session.save_path in php-fpm pool config file.</li>
<li>Feb 9, 2017: Fixed improper Fail2ban filter for Dovecot.</li>
<li>Mar 16, 2017: Fixed: Avoid possible backdooring mysqldump backups</li>
<li>Mar 8, 2017: [RHEL/CentOS][Nginx] Fix incorrect <code>session.save_path</code> in php-fpm pool config file.</li>
<li>Feb 9, 2017: Fixed improper Fail2ban filter for Dovecot.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
@ -52,6 +62,17 @@ so that you can know which version of iRedMail you're running. For example:</p>
<pre><code>0.9.7
</code></pre>
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release-124">Upgrade Roundcube webmail to the latest stable release (1.2.4)</h3>
<blockquote>
<p>Roundcube 1.2.4 fixes a security issue, all users are encouraged to upgrade
it as soon as possible. For more details about this release, please check
Roundcube <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.2.4">release note</a>.</p>
</blockquote>
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
latest stable release immediately:</p>
<ul>
<li><a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</li>
</ul>
<h3 id="fixed-incorrect-sessionsave_path-in-php-fpm-pool-config-file-on-rhelcentos">Fixed: incorrect session.save_path in php-fpm pool config file on RHEL/CentOS</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
@ -84,7 +105,67 @@ below:</p>
<pre><code> \(no auth attempts in .* rip=&lt;HOST&gt;
</code></pre>
<p>Then restart or reload Fail2ban service.</p><div class="footer">
<p>Then restart or reload Fail2ban service.</p>
<h2 id="openldap-backend-special">OpenLDAP backend special</h2>
<h3 id="fixed-avoid-possible-backdooring-mysqldump-backups">Fixed: Avoid possible backdooring mysqldump backups</h3>
<p>For more details about this backdooring mysqldump backup issue, please read
blog post:</p>
<ul>
<li><a href="https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/">[CVE-2016-5483] Backdooring mysqldump backups</a>.</li>
</ul>
<p>Steps to fix it:</p>
<ul>
<li>
<p>Open the daily MySQL backup script, it's <code>/var/vmail/backup/backup_mysql.sh</code>
by default. if you use different storage directory during iRedMail
installation, you can find the base directory with command <code>postconf virtual_mailbox_base</code>.</p>
</li>
<li>
<p>Find variable name <code>CMD_MYSQLDUMP</code> like below:</p>
</li>
</ul>
<pre><code>export CMD_MYSQLDUMP=&quot;mysqldump ...&quot;
</code></pre>
<ul>
<li>Make sure it has argument <code>--skip-comments</code> like below:</li>
</ul>
<pre><code>export CMD_MYSQLDUMP=&quot;mysqldump ... --skip-comments&quot;
</code></pre>
<ul>
<li>Save your change. That's it.</li>
</ul>
<h2 id="mysqlmariadb-backend-special">MySQL/MariaDB backend special</h2>
<h3 id="fixed-avoid-possible-backdooring-mysqldump-backups_1">Fixed: Avoid possible backdooring mysqldump backups</h3>
<p>For more details about this backdooring mysqldump backup issue, please read
blog post:</p>
<ul>
<li><a href="https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/">[CVE-2016-5483] Backdooring mysqldump backups</a>.</li>
</ul>
<p>Steps to fix it:</p>
<ul>
<li>
<p>Open the daily MySQL backup script, it's <code>/var/vmail/backup/backup_mysql.sh</code>
by default. if you use different storage directory during iRedMail
installation, you can find the base directory with command <code>postconf virtual_mailbox_base</code>.</p>
</li>
<li>
<p>Find variable name <code>CMD_MYSQLDUMP</code> like below:</p>
</li>
</ul>
<pre><code>export CMD_MYSQLDUMP=&quot;mysqldump ...&quot;
</code></pre>
<ul>
<li>Make sure it has argument <code>--skip-comments</code> like below:</li>
</ul>
<pre><code>export CMD_MYSQLDUMP=&quot;mysqldump ... --skip-comments&quot;
</code></pre>
<ul>
<li>Save your change. That's it.</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<script type="text/javascript">