Adjust order of restriction rules in Postfix smtpd_helo_restrictions.
This commit is contained in:
parent
84bbc0a49a
commit
d7e43d2997
|
@ -31,17 +31,53 @@ so that you can know which version of iRedMail you're running. For example:
|
|||
0.9.7
|
||||
```
|
||||
|
||||
### Upgrade Roundcube webmail to the latest stable release (1.2.4)
|
||||
### Upgrade Roundcube webmail to the latest stable release (1.2.5)
|
||||
|
||||
> Roundcube 1.2.4 fixes a security issue, all users are encouraged to upgrade
|
||||
> it as soon as possible. For more details about this release, please check
|
||||
> Roundcube [release note](https://github.com/roundcube/roundcubemail/releases/tag/1.2.4).
|
||||
> There're several security fixes in Roundcube 1.2.4 and 1.2.5, all users are
|
||||
> encouraged to upgrade it as soon as possible. For more details about this
|
||||
> release, please check Roundcube release notes:
|
||||
>
|
||||
> * [1.2.4](https://github.com/roundcube/roundcubemail/releases/tag/1.2.4)
|
||||
> * [1.2.5](https://github.com/roundcube/roundcubemail/releases/tag/1.2.5)
|
||||
|
||||
Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
|
||||
latest stable release immediately:
|
||||
|
||||
* [How to upgrade Roundcube](https://github.com/roundcube/roundcubemail/wiki/Upgrade).
|
||||
|
||||
### Fixed: improper order of restriction rules in Postfix smtpd_helo_restrictions
|
||||
|
||||
iRedMail-0.9.6 and earlier releases didn't configure Postfix to apply custom
|
||||
HELO restriction rule before FQDN helo hostname check and DNS verification,
|
||||
this way you cannot whitelist some bad HELO hostnames. Please follow steps
|
||||
below to fix it.
|
||||
|
||||
* Open file `/etc/postfix/main.cf` (Linux/OpenBSD) or
|
||||
`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
|
||||
`smtpd_helo_restrictions` like below:
|
||||
|
||||
```
|
||||
smtpd_helo_restrictions =
|
||||
permit_mynetworks
|
||||
permit_sasl_authenticated
|
||||
reject_non_fqdn_helo_hostname
|
||||
reject_unknown_helo_hostname
|
||||
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||
```
|
||||
|
||||
* Move the `check_helo_access` line after `permit_sasl_authenticated`:
|
||||
|
||||
```
|
||||
smtpd_helo_restrictions =
|
||||
permit_mynetworks
|
||||
permit_sasl_authenticated
|
||||
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||
reject_non_fqdn_helo_hostname
|
||||
reject_unknown_helo_hostname
|
||||
```
|
||||
|
||||
* Reloading or restarting Postfix service is required.
|
||||
|
||||
### Fixed: incorrect owner and permission for rotated Dovecot log files
|
||||
|
||||
iRedMail-0.9.6 and earlier releases have an incorrect logrotate setting for
|
||||
|
|
|
@ -22,7 +22,8 @@
|
|||
<li><a href="#changelog">ChangeLog</a></li>
|
||||
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
|
||||
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
|
||||
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-124">Upgrade Roundcube webmail to the latest stable release (1.2.4)</a></li>
|
||||
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-125">Upgrade Roundcube webmail to the latest stable release (1.2.5)</a></li>
|
||||
<li><a href="#fixed-improper-order-of-restriction-rules-in-postfix-smtpd_helo_restrictions">Fixed: improper order of restriction rules in Postfix smtpd_helo_restrictions</a></li>
|
||||
<li><a href="#fixed-incorrect-owner-and-permission-for-rotated-dovecot-log-files">Fixed: incorrect owner and permission for rotated Dovecot log files</a></li>
|
||||
<li><a href="#fixed-incorrect-sessionsave_path-in-php-fpm-pool-config-file-on-rhelcentos">Fixed: incorrect session.save_path in php-fpm pool config file on RHEL/CentOS</a></li>
|
||||
<li><a href="#fixed-improper-fail2ban-filter-which-causes-incorrect-ban">Fixed: Improper Fail2ban filter which causes incorrect ban</a></li>
|
||||
|
@ -66,17 +67,53 @@ so that you can know which version of iRedMail you're running. For example:</p>
|
|||
<pre><code>0.9.7
|
||||
</code></pre>
|
||||
|
||||
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release-124">Upgrade Roundcube webmail to the latest stable release (1.2.4)</h3>
|
||||
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release-125">Upgrade Roundcube webmail to the latest stable release (1.2.5)</h3>
|
||||
<blockquote>
|
||||
<p>Roundcube 1.2.4 fixes a security issue, all users are encouraged to upgrade
|
||||
it as soon as possible. For more details about this release, please check
|
||||
Roundcube <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.2.4">release note</a>.</p>
|
||||
<p>There're several security fixes in Roundcube 1.2.4 and 1.2.5, all users are
|
||||
encouraged to upgrade it as soon as possible. For more details about this
|
||||
release, please check Roundcube release notes:</p>
|
||||
<ul>
|
||||
<li><a href="https://github.com/roundcube/roundcubemail/releases/tag/1.2.4">1.2.4</a></li>
|
||||
<li><a href="https://github.com/roundcube/roundcubemail/releases/tag/1.2.5">1.2.5</a></li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
|
||||
latest stable release immediately:</p>
|
||||
<ul>
|
||||
<li><a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</li>
|
||||
</ul>
|
||||
<h3 id="fixed-improper-order-of-restriction-rules-in-postfix-smtpd_helo_restrictions">Fixed: improper order of restriction rules in Postfix smtpd_helo_restrictions</h3>
|
||||
<p>iRedMail-0.9.6 and earlier releases didn't configure Postfix to apply custom
|
||||
HELO restriction rule before FQDN helo hostname check and DNS verification,
|
||||
this way you cannot whitelist some bad HELO hostnames. Please follow steps
|
||||
below to fix it.</p>
|
||||
<ul>
|
||||
<li>Open file <code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or
|
||||
<code>/usr/local/etc/postfix/main.cf</code> (FreeBSD), find parameter
|
||||
<code>smtpd_helo_restrictions</code> like below:</li>
|
||||
</ul>
|
||||
<pre><code>smtpd_helo_restrictions =
|
||||
permit_mynetworks
|
||||
permit_sasl_authenticated
|
||||
reject_non_fqdn_helo_hostname
|
||||
reject_unknown_helo_hostname
|
||||
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Move the <code>check_helo_access</code> line after <code>permit_sasl_authenticated</code>:</li>
|
||||
</ul>
|
||||
<pre><code>smtpd_helo_restrictions =
|
||||
permit_mynetworks
|
||||
permit_sasl_authenticated
|
||||
check_helo_access pcre:/etc/postfix/helo_access.pcre
|
||||
reject_non_fqdn_helo_hostname
|
||||
reject_unknown_helo_hostname
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Reloading or restarting Postfix service is required.</li>
|
||||
</ul>
|
||||
<h3 id="fixed-incorrect-owner-and-permission-for-rotated-dovecot-log-files">Fixed: incorrect owner and permission for rotated Dovecot log files</h3>
|
||||
<p>iRedMail-0.9.6 and earlier releases have an incorrect logrotate setting for
|
||||
Dovecot log file, it causes all Dovecot log files are empty due to no required
|
||||
|
|
Loading…
Reference in New Issue