Warning
This is still a DRAFT document, do NOT apply it.
Paid Remote Upgrade Support
We offer remote upgrade support if you don't want to get your hands dirty, check the details and contact us.
TODO
/etc/iredmail-release
with new iRedMail version numberiRedMail stores the release version in /etc/iredmail-release
after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:
1.0
Attention
iRedAPD offers SRS (Sender Rewriting Scheme) support in this release, but it's disabled by default, please read our tutorial to understand known issues and how to enable it: Enable SRS (Sender Rewriting Scheme) support.
Please follow below tutorial to upgrade iRedAPD to the latest stable release: Upgrade iRedAPD to the latest stable release
Please follow this tutorial to upgrade iRedAdmin open source edition to the latest stable release: Upgrade iRedAdmin to the latest stable release
Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release
Roundcube 1.3
With the release of Roundcube 1.3.0, the previous stable release branches 1.2.x and 1.1.x will switch in to LTS low maintenance mode which means they will only receive important security updates but no longer any regular improvement updates.
Please follow Roundcube official tutorial to upgrade Roundcube webmail to the latest stable release (1.3.10):
If you have netdata installed, you can upgrade it by following this tutorial: Upgrade netdata.
iRedMail-0.9.9 and earlier releases didn't configure Postfix to apply custom restriction rule before querying DNS records of sender domain, this way you cannot whitelist some sender mail domains which don't have DNS records (especially your internal mail domains used in LAN). Please follow steps below to fix it.
/etc/postfix/main.cf
(Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
smtpd_sender_restrictions
like below:smtpd_sender_restrictions =
reject_unknown_sender_domain
...
check_sender_access pcre:...
reject_unknown_sender_domain
line after check_sender_access
line
like below:smtpd_sender_restrictions =
...
check_sender_access pcre:...
reject_unknown_sender_domain
Attention
This applies to only FreeBSD and OpenBSD, NOT Linux.
FreeBSD and OpenBSD has all CAs in file /etc/ssl/cert.pem
, but it's
configured by iRedMail to load multiple CA files under /etc/ssl/certs
directory like Linux. Commands below fix this issue.
postconf -e smtpd_tls_CAfile=/etc/ssl/cert.pem
postconf -e smtpd_tls_CApath=''
postfix reload
We received few reports from clients that Outlook for macOS may trigger some
unexpected smtp errors, and caught by the Fail2ban filter rules shipped by
iRedMail, so we decide to remove the filter rule used to match Postfix log
lost connection after EHLO
.
Please follow commands below to get the updated filter rules.
cd /etc/fail2ban/filter.d/
wget -O postfix.iredmail.conf https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/postfix.iredmail.conf
wget -O dovecot.iredmail.conf https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/dovecot.iredmail.conf
Restarting Fail2ban service is required.
With default iRedMail settings, Postfix accepts email without checking whether user's mailbox is over quota, then pipes email to Dovecot LDA for local delivery. If mailbox is over quota, Dovecot can not save message to mailbox and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot directly, then reject email if it's over quota. It saves system resource used to process this email (e.g. spam/virus scanning), and avoids bounce message.
According to the Dovecot settings configured by iRedMail, all mail users
should have LDAP attribute/value pair enabledService=quota-status
to use
this service.
cd /root/
wget https://bitbucket.org/zhb/iredmail/raw/default/extra/update/updateLDAPValues_099_to_1.py
updateLDAPValues_099_to_1.py
, set LDAP server
related settings in this file. For example:# Part of file: updateLDAPValues_099_to_1.py
uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'
You can find required LDAP credential in iRedAdmin config file or
iRedMail.tips
file under your iRedMail installation directory. Using either
cn=Manager,dc=xx,dc=xx
or cn=vmailadmin,dc=xx,dc=xx
as bind dn is ok, both
of them have read-write privilege to update mail accounts.
# python updateLDAPValues_099_to_1.py
Open Dovecot config file /etc/dovecot/dovecot.conf
(Linux/OpenBSD) or
/usr/local/etc/dovecot/dovecot.conf
(FreeBSD), find the plugin {}
block
and add 3 new parameters:
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
In same dovecot.conf
, append settings below at the end of file:
127.0.0.1:12340
.12340
to any other spare one if you want.service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
Restarting Dovecot service is required.
Open Postfix config file /etc/postfix/main.cf
(Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
smtpd_recipient_restrictions
and append a new check_policy_service
setting
at the end like below:
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
Restarting Postfix service is required.
With default iRedMail settings, Postfix accepts email without checking whether user's mailbox is over quota, then pipes email to Dovecot LDA for local delivery. If mailbox is over quota, Dovecot can not save message to mailbox and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot directly, then reject email if it's over quota. It saves system resource used to process this email (e.g. spam/virus scanning), and avoids bounce message.
vmail.mailbox
tableAccording to the Dovecot settings configured by iRedMail, a new SQL column
mailbox.enablequota-status
is required.
Download plain SQL file used to create required column and index, then import
it directly as MySQL root user (Please run commands below as root
user):
wget -O /tmp/iredmail.mysql https://bitbucket.org/zhb/iredmail/raw/default/extra/update/1.0/iredmail.mysql
mysql vmail < /tmp/iredmail.mysql
rm -f /tmp/iredmail.mysql
Open Dovecot config file /etc/dovecot/dovecot.conf
(Linux/OpenBSD) or
/usr/local/etc/dovecot/dovecot.conf
(FreeBSD), find the plugin {}
block
and add 3 new parameters:
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
In same dovecot.conf
, append settings below at the end of file:
127.0.0.1:12340
.12340
to any other spare one if you want.service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
Restarting Dovecot service is required.
Open Postfix config file /etc/postfix/main.cf
(Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
smtpd_recipient_restrictions
and append a new check_policy_service
setting
at the end like below:
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
Restarting Postfix service is required.
With default iRedMail settings, Postfix accepts email without checking whether user's mailbox is over quota, then pipes email to Dovecot LDA for local delivery. If mailbox is over quota, Dovecot can not save message to mailbox and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot directly, then reject email if it's over quota. It saves system resource used to process this email (e.g. spam/virus scanning), and avoids bounce message.
vmail.mailbox
tableAccording to the Dovecot settings configured by iRedMail, a new SQL column
mailbox.enablequota-status
is required.
wget -O /tmp/iredmail.pgsql https://bitbucket.org/zhb/iredmail/raw/default/extra/update/1.0/iredmail.pgsql
postgres
user and import the SQL file:postgres
userpgsql
user_postgresql
usersu - postgres
psql -d vmail < /tmp/iredmail.pgsql
rm -f /tmp/iredmail.pgsql
Open Dovecot config file /etc/dovecot/dovecot.conf
(Linux/OpenBSD) or
/usr/local/etc/dovecot/dovecot.conf
(FreeBSD), find the plugin {}
block
and add 3 new parameters:
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
In same dovecot.conf
, append settings below at the end of file:
127.0.0.1:12340
.12340
to any other spare one if you want.service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
Restarting Dovecot service is required.
Open Postfix config file /etc/postfix/main.cf
(Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
smtpd_recipient_restrictions
and append a new check_policy_service
setting
at the end like below:
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
Restarting Postfix service is required.