diff --git a/en_US/iredadmin/2-iredadmin-pro.restful.api.md b/en_US/iredadmin/2-iredadmin-pro.restful.api.md index 2f8b2a7a..6675ff7a 100644 --- a/en_US/iredadmin/2-iredadmin-pro.restful.api.md +++ b/en_US/iredadmin/2-iredadmin-pro.restful.api.md @@ -284,6 +284,7 @@ Notes: !!! api "`DELETE`{: .delete } `/api/user/`{: .url } `Delete an existing mail user`{: .comment }" +!!! api "`DELETE`{: .delete } `/api/user//keep_mailbox_days/`{: .url } `Delete an existing mail user, and keep the mailbox for given days. Defaults to 100 years.`{: .comment } `upcoming`{: .upcoming }" !!! api "`PUT`{: .put } `/api/user/`{: .url } `Update profile of an existing mail user`{: .comment } `Parameters`{: .has_params} "
diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md b/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md index ec94a176..e5e43ddb 100644 --- a/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md +++ b/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md @@ -13,6 +13,7 @@ ## ChangeLog +* Jan 22, 2016: Fixed: Postfix allows email sent through port 587 without smtp authentication from trusted clients * Jan 13, 2016: Fixed: Awstats is world-accessible with Apache. * Jan 8, 2016: Fixed: missing cron job used to clean up old Roundcube temporary files. * Dec 27, 2016: Add more banned file types/extensions in Amavisd. @@ -133,6 +134,35 @@ location ~ ^/.well-known/ { Save your change and reload Nginx service. +### Fixed: Postfix allows email sent through port 587 without smtp authentication from trusted clients + +iRedMail-0.9.5 and iRedMail-0.9.5-1 allows trusted clients (listed in parameter +`mynetworks=`) to send email through port 587 without smtp authentication, this +is not strict enough and may be used by spammers. All users should be forced +to send email through port 587 with smtp authentication. Please follow steps +below to fix it. + +* Open Postfix config file `master.cf`, find the transport `submission` like + below: + * on Linux and OpenBSD, it's `/etc/postfix/master.cf` + * on FreeBSD, it's `/usr/local/etc/postfix/master.cf` + +``` +submission ... + ... + -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject +``` + +* Remove `permit_mynetworks,` and save your change. After modification, it's: + +``` +submission ... + ... + -o smtpd_client_restrictions=permit_sasl_authenticated,reject +``` + +* Restart Postfix service is required to load the changed config file. + ### Fixed: not enable opportunistic TLS support in Postfix iRedMail-0.9.5 and iRedMail-0.9.5-1 didn't enable opportunistic TLS support in diff --git a/html/iredadmin-pro.restful.api.html b/html/iredadmin-pro.restful.api.html index ad39749d..0898c842 100644 --- a/html/iredadmin-pro.restful.api.html +++ b/html/iredadmin-pro.restful.api.html @@ -779,6 +779,9 @@ to be a domain admin.

DELETE /api/user/<mail> Delete an existing mail user

+

DELETE /api/user/<mail>/keep_mailbox_days/<number> Delete an existing mail user, and keep the mailbox for given days. Defaults to 100 years. upcoming

+
+

PUT /api/user/<mail> Update profile of an existing mail user Parameters

diff --git a/html/upgrade.iredmail.0.9.5.1-0.9.6.html b/html/upgrade.iredmail.0.9.5.1-0.9.6.html index bff55b09..c24f665d 100644 --- a/html/upgrade.iredmail.0.9.5.1-0.9.6.html +++ b/html/upgrade.iredmail.0.9.5.1-0.9.6.html @@ -31,6 +31,7 @@
  • Fixed: not allow access to '/.well-known/' in Nginx
    • +
  • Fixed: Postfix allows email sent through port 587 without smtp authentication from trusted clients
  • Fixed: not enable opportunistic TLS support in Postfix
  • Fixed: one incorrect HELO restriction rule in Postfix
  • Fixed: incorrect file owner and permission of config file of Roundcube password plugin
    • @@ -75,6 +76,7 @@ check the details and co

    ChangeLog

      +
    • Jan 22, 2016: Fixed: Postfix allows email sent through port 587 without smtp authentication from trusted clients
    • Jan 13, 2016: Fixed: Awstats is world-accessible with Apache.
    • Jan 8, 2016: Fixed: missing cron job used to clean up old Roundcube temporary files.
    • Dec 27, 2016: Add more banned file types/extensions in Amavisd.
      • @@ -172,6 +174,36 @@ location ~ ^/.well-known/ {

      Save your change and reload Nginx service.

      +

      Fixed: Postfix allows email sent through port 587 without smtp authentication from trusted clients

      +

      iRedMail-0.9.5 and iRedMail-0.9.5-1 allows trusted clients (listed in parameter +mynetworks=) to send email through port 587 without smtp authentication, this +is not strict enough and may be used by spammers. All users should be forced +to send email through port 587 with smtp authentication. Please follow steps +below to fix it.

      +
        +
      • Open Postfix config file master.cf, find the transport submission like + below:
          +
        • on Linux and OpenBSD, it's /etc/postfix/master.cf
          • +
        • on FreeBSD, it's /usr/local/etc/postfix/master.cf
          • +
        +
        • +
      +
      submission ...
+    ...
+    -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+
      + +
        +
      • Remove permit_mynetworks, and save your change. After modification, it's:
        • +
      +
      submission ...
+    ...
+    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+
      + +
        +
      • Restart Postfix service is required to load the changed config file.
        • +

      Fixed: not enable opportunistic TLS support in Postfix

      iRedMail-0.9.5 and iRedMail-0.9.5-1 didn't enable opportunistic TLS support in Postfix, this causes other servers cannot transfer emails via TLS secure @@ -591,7 +623,7 @@ will accept emails sent to them. Steps below fix the issue.

      • On Linux and OpenBSD, run commands:
      -
      cp -rf /etc/postfix/ldap /etc/postfix/ldap.$(date +%Y%m%d)
+
      cp -rf /etc/postfix/ldap /etc/postfix/ldap.bak
 cd /etc/postfix/ldap/
 perl -pi -e 's#\(accountStatus=active\)#(accountStatus=active)(!(domainStatus=disabled))#g' catchall_maps.cf recipient_bcc_maps_user.cf sender_bcc_maps_user.cf sender_dependent_relayhost_maps_user.cf sender_login_maps.cf transport_maps_user.cf virtual_alias_maps.cf virtual_group_maps.cf virtual_group_members_maps.cf virtual_mailbox_maps.cf
 
@@ -602,7 +634,7 @@ perl -pi -e 's#\(accountStatus=active\)#(accountStatus=active)(!(domainStatus=di
 
        
 
      • On FreeBSD, run commands:
        • 
 
      
-
      cp -rf /usr/local/etc/postfix/ldap /usr/local/etc/postfix/ldap.$(date +%Y%m%d)
+
      cp -rf /usr/local/etc/postfix/ldap /usr/local/etc/postfix/ldap.bak
 cd /usr/local/etc/postfix/ldap/
 perl -pi -e 's#\(accountStatus=active\)#(accountStatus=active)(!(domainStatus=disabled))#g' catchall_maps.cf recipient_bcc_maps_user.cf sender_bcc_maps_user.cf sender_dependent_relayhost_maps_user.cf sender_login_maps.cf transport_maps_user.cf virtual_alias_maps.cf virtual_group_maps.cf virtual_group_members_maps.cf virtual_mailbox_maps.cf