From f3cc1d70a68a5b53c3de7b1a70f9ae9675286282 Mon Sep 17 00:00:00 2001 From: Zhang Huangbin Date: Thu, 19 Jul 2018 21:43:08 +0200 Subject: [PATCH] Sync iRedMail upgrade tutorial. --- .../move.detected.spam.to.junk.folder.md | 11 +---- .../upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md | 45 +++++++++++++++++++ html/move.detected.spam.to.junk.folder.html | 9 +--- html/upgrade.iredmail.0.9.8-0.9.9.html | 35 +++++++++++++++ 4 files changed, 84 insertions(+), 16 deletions(-) diff --git a/en_US/howto/move.detected.spam.to.junk.folder.md b/en_US/howto/move.detected.spam.to.junk.folder.md index cc342b8b..a9858fed 100644 --- a/en_US/howto/move.detected.spam.to.junk.folder.md +++ b/en_US/howto/move.detected.spam.to.junk.folder.md @@ -13,7 +13,7 @@ find it, you can still download one from iRedMail project: This file must be owned by user `vmail` and group `vmail`, permission `0500`. Now open Dovecot config file `/etc/dovecot/dovecot.conf` (on Linux/OpenBSD) -or `/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), find parameter `sieve_before =` +or `/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), make sure you have setting like below: ``` @@ -21,18 +21,11 @@ like below: plugin { ... - #sieve_before = + sieve_before = /var/vmail/sieve/dovecot.sieve ... } ``` -Uncomment it and set its value to `/var/vmail/sieve/dovecot.sieve` (Note: -use the correct path on your server). - -``` - sieve_before = /var/vmail/sieve/dovecot.sieve -``` - Restart Dovecot service to enable it. Note: we don't use `sieve_default =` for global sieve script, because it diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md b/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md index 72dceed8..f67e4d6f 100644 --- a/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md +++ b/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md @@ -65,6 +65,51 @@ chown mlmmj:mlmmj /opt/mlmmjadmin/settings.py chmod 0400 /opt/mlmmjadmin/settings.py ``` +### Fix improper Nginx config files for Roundcube + +Accurate Nginx url match helps avoid namespace conflicts, we need some fixes +for Roundcube to get accurate url match. + +Please open file `/etc/nginx/templates/roundcube.tmpl`, find `location` +directives like below: + +``` +location ~ /mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; } +location ~ /mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; } +location ~ /mail/plugins/.*/config.inc.php.* { deny all; } +location ~ /mail/plugins/enigma/home($|/.*) { deny all; } +``` + +Add a `^` symbol before url path, this will exactly match the url begins +with the path. + +``` ++location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; } ++location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; } ++location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; } ++location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; } +``` + +Open file `/etc/nginx/templates/roundcube-subdomain.tmpl`, find `location` +directives like below: + + +``` +location ~ /(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; } +location ~ /(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; } +location ~ /plugins/.*/config.inc.php.* { deny all; } +location ~ /plugins/enigma/home($|/.*) { deny all; } +``` + +Add `^` symbol like below: + +``` +location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; } +location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; } +location ~ ^/plugins/.*/config.inc.php.* { deny all; } +location ~ ^/plugins/enigma/home($|/.*) { deny all; } +``` + ## OpenLDAP special ### Update iRedMail LDAP schema file diff --git a/html/move.detected.spam.to.junk.folder.html b/html/move.detected.spam.to.junk.folder.html index a1933e7e..3a5a8d1e 100644 --- a/html/move.detected.spam.to.junk.folder.html +++ b/html/move.detected.spam.to.junk.folder.html @@ -26,22 +26,17 @@ find it, you can still download one from iRedMail project: here

This file must be owned by user vmail and group vmail, permission 0500.

Now open Dovecot config file /etc/dovecot/dovecot.conf (on Linux/OpenBSD) -or /usr/local/etc/dovecot/dovecot.conf (FreeBSD), find parameter sieve_before = +or /usr/local/etc/dovecot/dovecot.conf (FreeBSD), make sure you have setting like below:

# Part of file: /etc/dovecot/dovecot.conf
 
 plugin {
     ...
-    #sieve_before = 
+    sieve_before = /var/vmail/sieve/dovecot.sieve
     ...
 }
-

Uncomment it and set its value to /var/vmail/sieve/dovecot.sieve (Note: -use the correct path on your server).

-
    sieve_before = /var/vmail/sieve/dovecot.sieve
-
-

Restart Dovecot service to enable it.

Note: we don't use sieve_default = for global sieve script, because it will be ignored if users have their own personal sieve rule files.

diff --git a/html/upgrade.iredmail.0.9.8-0.9.9.html b/html/upgrade.iredmail.0.9.8-0.9.9.html index 2d508222..971ec847 100644 --- a/html/upgrade.iredmail.0.9.8-0.9.9.html +++ b/html/upgrade.iredmail.0.9.8-0.9.9.html @@ -26,6 +26,7 @@
  • Upgrade iRedAdmin (open source edition) to the latest stable release (1.0)
  • Upgrade Roundcube webmail to the latest stable release (1.3.6)
  • Fix incorrect file owner/group of mlmmjadmin config file
    • +
  • Fix improper Nginx config files for Roundcube
  • OpenLDAP special
      @@ -102,6 +103,40 @@ latest stable release immediately:

      chmod 0400 /opt/mlmmjadmin/settings.py +

      Fix improper Nginx config files for Roundcube

      +

      Accurate Nginx url match helps avoid namespace conflicts, we need some fixes +for Roundcube to get accurate url match.

      +

      Please open file /etc/nginx/templates/roundcube.tmpl, find location +directives like below:

      +
      location ~ /mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
+location ~ /mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
+location ~ /mail/plugins/.*/config.inc.php.* { deny all; }
+location ~ /mail/plugins/enigma/home($|/.*) { deny all; }
+
      + +

      Add a ^ symbol before url path, this will exactly match the url begins +with the path.

      +
      +location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
++location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
++location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; }
++location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; }
+
      + +

      Open file /etc/nginx/templates/roundcube-subdomain.tmpl, find location +directives like below:

      +
      location ~ /(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
+location ~ /(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
+location ~ /plugins/.*/config.inc.php.* { deny all; }
+location ~ /plugins/enigma/home($|/.*) { deny all; }
+
      + +

      Add ^ symbol like below:

      +
      location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; }
+location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; }
+location ~ ^/plugins/.*/config.inc.php.* { deny all; }
+location ~ ^/plugins/enigma/home($|/.*) { deny all; }
+
      +

      OpenLDAP special

      Update iRedMail LDAP schema file

      iRedMail-0.9.9 introduces 2 new LDAP attributes for mail user account: