Postfix:
Nginx:
/adminer/
to /adminer
.Dovecot:
Add setting sieve_redirect_envelope_from=recipient
. It's used to
rewrite sender address in redirected message (with sieve directive
redirect
) to the final recipient address of the message.
For example, someone@gmail.com
sends an email to user@domain.com
which is hosted on your server, and this user has sieve rule to
redirect received message to forward@3rd-domain.com
, with default
Dovecot setting (sieve_redirect_envelope_from=sender
), user
forward@3rd-domain.com
will receive this email with sender address
someone@gmail.com
in mail header, but with
sieve_redirect_envelope_from=recipient
, the sender address will
be user@domain.com
.
Log delivery_time
of LDA/LMTP.
php-fpm:
post_max_size
1MB larger than upload_max_filesize
, so
that Roundcube can successfully upload mail attachment.OpenDMARC:
public_suffix_list.dat
every
2 days.SpamAssassin:
score SPF_FAIL 5
: sender does not match SPF record (fail)score TO_EQ_FM_SPF_FAIL 5
: To == From and external SPF failedscore TO_EQ_FM_DOM_SPF_FAIL 5
: To domain == From domain and external SPF failedClamAV:
Fixed issues:
Package updates:
Changes to iRedMail Easy platform:
curl
as required packages.%7.3
) instead of version number for php on OpenBSD.Dovecot:
mailbox.enablequota-status
. This
will cause mail rejection.Firewall:
/opt/iredmail/custom/firewall/custom.sh
after each deployment.Dovecot:
dovecot-mysql
for OpenLDAP backend on CentOS.Postfix:
/etc/resolv.conf
to /var/spool/postfix/etc/
.Nginx:
ATTENTION: directive ssl on;
has been removed (in
/etc/nginx/templates/ssl.tmpl
) due to it's deprecated by Nginx itself.
If you have custom web host, please use listen <port> ssl;
in the
server {}
block (in /etc/nginx/sites-enabled/*.conf
) instead.
For example:
Old config file /etc/nginx/sites-enabled/00-default-ssl.conf
:
server {
listen 443;
...
}
New directive:
server {
listen 443 ssl;
...
}
Firewall:
Package updates:
OpenDMARC integration.
Disable DMARC
under
Settings
tab.Roundcube:
password
plugin: /opt/iredmail/custom/roundcube/config_password.inc.php
managesieve
plugin: /opt/iredmail/custom/roundcube/config_managesieve.inc.php
Postfix:
Fixed: improper order of restriction rules in smtpd_sender_restrictions
.
File /etc/postfix/sender_access.pcre
is not used anymore, all content
in this file should be moved to
/opt/iredmail/custom/postfix/sender_access.pcre
instead.
Nginx:
/etc/nginx/conf-available/gzip.conf
).Few programs moved and/or renamed:
/opt/iredmail/bin/fail2ban_unbanip
-> /opt/iredmail/bin/fail2ban/unbanip
./opt/iredmail/bin/generate_password_hash.py
-> /opt/iredmail/bin/generate_password_hash
./opt/iredmail/bin/dovecot/scan_reported_mails.sh
-> /opt/iredmail/bin/dovecot/scan_reported_mails
Fixed issues of iRedMail Easy platform:
/etc/nginx/templates/misc.tmpl
).freshclam
immediately to fetch/update ClamAV virus database.Package updates:
Fail2ban:
Dovecot:
autoconfig:
/.well-known/autoconfig/mail/config-v1.1.xml
.Improvements of iRedMail Easy platform:
Package updates:
Postfix:
header_checks
and body_checks
pcre maps.SOGo:
Package updates:
Improvements of iRedMail Easy platform:
Supports OpenBSD 6.5.
WARNING: OpenBSD 6.4 support will be removed when OpenBSD 6.6 is out. That means you must upgrade OpenBSD 6.4 to 6.5 before 6.6 is out.
Fixed: not enable php ldap extension for Roundcube for OpenLDAP backend.
iRedMail.tips
file to postmaster after deployment.Roundcube
Dovecot:
Able to track user last (POP3/IMAP) login for OpenLDAP and MariaDB backends. It's disabled by default, you can enable it in iRedMail Easy user portal, in mail server profile page, tab "Settings".
Note: Dovecot doesn't support this with PostgreSQL yet.
Here's detailed tutorial to show you what changes are applied to Dovecot: Track user last login time.
Improvements of iRedMail Easy platform:
iRedMail.tips
file to postmaster after deployment.Dovecot:
imapsieve
setting to handle different IMAP command sent by
Microsoft Outlook (it sometimes uses APPEND
instead of COPY
for
moving message to another folder).iRedAPD:
Update to version 2.7, with SRS (Sender Rewriting Scheme) support.
Note: SRS is disabled by default, you can enable it in mail server profile page with the iRedMail Easy web UI.
Switch logging to syslog (and logrotate).
iRedAdmin:
BIND (local cache-only DNS server):
netdata:
SpamAssassin:
AutoConfig/AutoDiscover
autoconfig.<domain>
and autodiscover.<domain>
are not
required if the web domain is hosted on iRedMail server, Outlook will
look for https://<web-domain>/autodiscover/autodiscover.xml
.Fail2ban:
SOGo:
Backup:
-o ldif-wrap=no
, to avoid break long
line to multiple lines. The dumped LDIF file is easier to work with
grep
and other command line tools.Improvements of iRedMail Easy platform:
::1
if system doesn't
have IPv6 support.nginx -t
for troubleshooting before
restart nginx servvice, it's very useful for troubleshooting.Trusted clients
in mail server profile page, under tab
Settings
. You can list all trusted IP addresses or CIDR networks here,
they will be whitelisted by few components:mynetworks
in /etc/postfix/main.cf
MYNETWORKS
in /opt/iredapd/settings.py
ignoreip
in /etc/fail2ban/ignoreip.local
Fixed issues of iRedMail Easy platform:
Improvements:
Fixed issues:
Package updates:
Enable imapsieve plugin in Dovecot by default.
Message moved to Junk folder will be copied to a directory for spam learning later, vice verse, message moved out of Junk will be copied for ham learning later.
The spam/ham learning will be performed every 10 minutes with a cron job.
Now encourage your users to report spams by moving spams to Junk
folder. :)
Fixed issues:
Updated packages:
Hello, 2019. :)
Attention
/etc/iredmail-release
on your server./opt/www/well-known
, mostly used for Let's Encrypt cert
request./etc/init.d/ip6tables
/etc/default/ip6tables
monitor
by default.departmentNumber
.imjournal
for rate limit control.