From f3cc1d70a68a5b53c3de7b1a70f9ae9675286282 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin
Date: Thu, 19 Jul 2018 21:43:08 +0200
Subject: [PATCH] Sync iRedMail upgrade tutorial.
---
.../move.detected.spam.to.junk.folder.md | 11 +----
.../upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md | 45 +++++++++++++++++++
html/move.detected.spam.to.junk.folder.html | 9 +---
html/upgrade.iredmail.0.9.8-0.9.9.html | 35 +++++++++++++++
4 files changed, 84 insertions(+), 16 deletions(-)
diff --git a/en_US/howto/move.detected.spam.to.junk.folder.md b/en_US/howto/move.detected.spam.to.junk.folder.md
index cc342b8b..a9858fed 100644
--- a/en_US/howto/move.detected.spam.to.junk.folder.md
+++ b/en_US/howto/move.detected.spam.to.junk.folder.md
@@ -13,7 +13,7 @@ find it, you can still download one from iRedMail project:
This file must be owned by user `vmail` and group `vmail`, permission `0500`.
Now open Dovecot config file `/etc/dovecot/dovecot.conf` (on Linux/OpenBSD)
-or `/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), find parameter `sieve_before =`
+or `/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), make sure you have setting
like below:
```
@@ -21,18 +21,11 @@ like below:
plugin {
...
- #sieve_before =
+ sieve_before = /var/vmail/sieve/dovecot.sieve
...
}
```
-Uncomment it and set its value to `/var/vmail/sieve/dovecot.sieve` (Note:
-use the correct path on your server).
-
-```
- sieve_before = /var/vmail/sieve/dovecot.sieve
-```
-
Restart Dovecot service to enable it.
Note: we don't use `sieve_default =` for global sieve script, because it
diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md b/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md
index 72dceed8..f67e4d6f 100644
--- a/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md
+++ b/en_US/upgrade/0-upgrade.iredmail.0.9.8-0.9.9.md
@@ -65,6 +65,51 @@ chown mlmmj:mlmmj /opt/mlmmjadmin/settings.py
chmod 0400 /opt/mlmmjadmin/settings.py
```
+### Fix improper Nginx config files for Roundcube
+
+Accurate Nginx url match helps avoid namespace conflicts, we need some fixes
+for Roundcube to get accurate url match.
+
+Please open file `/etc/nginx/templates/roundcube.tmpl`, find `location`
+directives like below:
+
+```
+location ~ /mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
+location ~ /mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
+location ~ /mail/plugins/.*/config.inc.php.* { deny all; }
+location ~ /mail/plugins/enigma/home($|/.*) { deny all; }
+```
+
+Add a `^` symbol before url path, this will exactly match the url begins
+with the path.
+
+```
++location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
++location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
++location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; }
++location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; }
+```
+
+Open file `/etc/nginx/templates/roundcube-subdomain.tmpl`, find `location`
+directives like below:
+
+
+```
+location ~ /(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
+location ~ /(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
+location ~ /plugins/.*/config.inc.php.* { deny all; }
+location ~ /plugins/enigma/home($|/.*) { deny all; }
+```
+
+Add `^` symbol like below:
+
+```
+location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; }
+location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; }
+location ~ ^/plugins/.*/config.inc.php.* { deny all; }
+location ~ ^/plugins/enigma/home($|/.*) { deny all; }
+```
+
## OpenLDAP special
### Update iRedMail LDAP schema file
diff --git a/html/move.detected.spam.to.junk.folder.html b/html/move.detected.spam.to.junk.folder.html
index a1933e7e..3a5a8d1e 100644
--- a/html/move.detected.spam.to.junk.folder.html
+++ b/html/move.detected.spam.to.junk.folder.html
@@ -26,22 +26,17 @@ find it, you can still download one from iRedMail project:
here
This file must be owned by user vmail
and group vmail
, permission 0500
.
Now open Dovecot config file /etc/dovecot/dovecot.conf
(on Linux/OpenBSD)
-or /usr/local/etc/dovecot/dovecot.conf
(FreeBSD), find parameter sieve_before =
+or /usr/local/etc/dovecot/dovecot.conf
(FreeBSD), make sure you have setting
like below:
# Part of file: /etc/dovecot/dovecot.conf
plugin {
...
- #sieve_before =
+ sieve_before = /var/vmail/sieve/dovecot.sieve
...
}
-Uncomment it and set its value to /var/vmail/sieve/dovecot.sieve
(Note:
-use the correct path on your server).
- sieve_before = /var/vmail/sieve/dovecot.sieve
-
-
Restart Dovecot service to enable it.
Note: we don't use sieve_default =
for global sieve script, because it
will be ignored if users have their own personal sieve rule files.