Postfix:
/opt/iredmail/custom/postfix/aliases
: alias file./opt/iredmail/custom/postfix/sender_bcc
: hash file./opt/iredmail/custom/postfix/recipient_bcc
: hash file.Roundcube:
markasjunk
by default. When message is moved to Junk
folder, it will be learnt as spam message. When message is moved from
Junk to any other folder, it will be learnt as clean message.Antispam:
From:
equals to To:
address.OLE2BlockMacros
was set to true
, it's now false
.Nginx:
Firewalll:
Netdata:
Backup scripts:
Improvements of iRedMail Easy platform:
request_slowlog_timeout
to 60 seconds.Package updates:
Firewall:
iRedAdmin:
mlmmjadmin:
netdata:
Package updates:
Improvements of iRedMail Easy platform:
syspatch
command.iRedMail Easy now supports OpenBSD 6.6.
Warning: OpenBSD 6.4 and 6.5 support will be dropped when 6.7 is out.
Dovecot:
Netdata:
OpenLDAP:
/opt/iredmail/custom/openldap/schema/
to store extra
LDAP schema files.Apparmor config file has been updated on Ubuntu to allow slapd
program
to read config files from this directory.
mdb
database since OpenBSD 6.6. OpenBSD 6.5 uses hdb
.Postfix:
Roundcube:
Changes to iRedMail Easy platform:
ansible_all_ipv6_addresses
is
undefined.OpenLDAP:
calentry.schema
, calresource.schema
.Postfix:
LIMIT 1
in SQL queries for better performance.Dovecot:
Firewall:
Nginx:
AntiSpam:
autodiscover:
Undefined offset
php error./var/log/autoconfig/autoconfig.log
.netdata:
Nginx
was not chosen, netdata is inaccessible although
Nginx is actually deployed as dependent component.Move http auth file to /opt/iredmail/custom/netdata/
.
Since netdata-1.17.0, netdata sets permission of directory
/opt/netdata/etc/netdata/
to 0700, this causes Nginx can not read
the http auth file.
Backup scripts:
Changes to iRedMail Easy platform:
priority
parameter in iRedMail yum repo. (CentOS 7 only)/opt/iredmail/custom/openldap/custom.sh
while
deploying or upgrading OpenLDAP. You can write shell commands in this
file to update other config files for advanced customization. for
example, updating /etc/sysconfig/slapd
(CentOS) or
/etc/ldap/slapd
(Debian/Ubuntu) to make OpenLDAP listening on all
available network interfaces and IP addresses./root/iRedMail/iRedMail.tips
.Package updates:
Postfix:
Nginx:
/adminer/
to /adminer
.Dovecot:
Add setting sieve_redirect_envelope_from=recipient
. It's used to
rewrite sender address in redirected message (with sieve directive
redirect
) to the final recipient address of the message.
For example, someone@gmail.com
sends an email to user@domain.com
which is hosted on your server, and this user has sieve rule to
redirect received message to forward@3rd-domain.com
, with default
Dovecot setting (sieve_redirect_envelope_from=sender
), user
forward@3rd-domain.com
will receive this email with sender address
someone@gmail.com
in mail header, but with
sieve_redirect_envelope_from=recipient
, the sender address will
be user@domain.com
.
Log delivery_time
of LDA/LMTP.
php-fpm:
post_max_size
1MB larger than upload_max_filesize
, so
that Roundcube can successfully upload mail attachment.OpenDMARC:
public_suffix_list.dat
every
2 days.SpamAssassin:
score SPF_FAIL 5
: sender does not match SPF record (fail)score TO_EQ_FM_SPF_FAIL 5
: To == From and external SPF failedscore TO_EQ_FM_DOM_SPF_FAIL 5
: To domain == From domain and external SPF failedClamAV:
Fixed issues:
Package updates:
Changes to iRedMail Easy platform:
curl
as required packages.%7.3
) instead of version number for php on OpenBSD.Dovecot:
mailbox.enablequota-status
. This
will cause mail rejection.Firewall:
/opt/iredmail/custom/firewall/custom.sh
after each deployment.Dovecot:
dovecot-mysql
for OpenLDAP backend on CentOS.Postfix:
/etc/resolv.conf
to /var/spool/postfix/etc/
.Nginx:
ATTENTION: directive ssl on;
has been removed (in
/etc/nginx/templates/ssl.tmpl
) due to it's deprecated by Nginx itself.
If you have custom web host, please use listen <port> ssl;
in the
server {}
block (in /etc/nginx/sites-enabled/*.conf
) instead.
For example:
Old config file /etc/nginx/sites-enabled/00-default-ssl.conf
:
server {
listen 443;
...
}
New directive:
server {
listen 443 ssl;
...
}
Firewall:
Package updates:
OpenDMARC integration.
Disable DMARC
under
Settings
tab.Roundcube:
password
plugin: /opt/iredmail/custom/roundcube/config_password.inc.php
managesieve
plugin: /opt/iredmail/custom/roundcube/config_managesieve.inc.php
Postfix:
Fixed: improper order of restriction rules in smtpd_sender_restrictions
.
File /etc/postfix/sender_access.pcre
is not used anymore, all content
in this file should be moved to
/opt/iredmail/custom/postfix/sender_access.pcre
instead.
Nginx:
/etc/nginx/conf-available/gzip.conf
).Few programs moved and/or renamed:
/opt/iredmail/bin/fail2ban_unbanip
-> /opt/iredmail/bin/fail2ban/unbanip
./opt/iredmail/bin/generate_password_hash.py
-> /opt/iredmail/bin/generate_password_hash
./opt/iredmail/bin/dovecot/scan_reported_mails.sh
-> /opt/iredmail/bin/dovecot/scan_reported_mails
Fixed issues of iRedMail Easy platform:
/etc/nginx/templates/misc.tmpl
).freshclam
immediately to fetch/update ClamAV virus database.Package updates:
Fail2ban:
Dovecot:
autoconfig:
/.well-known/autoconfig/mail/config-v1.1.xml
.Improvements of iRedMail Easy platform:
Package updates:
Postfix:
header_checks
and body_checks
pcre maps.SOGo:
Package updates:
Improvements of iRedMail Easy platform:
Supports OpenBSD 6.5.
WARNING: OpenBSD 6.4 support will be removed when OpenBSD 6.6 is out. That means you must upgrade OpenBSD 6.4 to 6.5 before 6.6 is out.
Fixed: not enable php ldap extension for Roundcube for OpenLDAP backend.
iRedMail.tips
file to postmaster after deployment.Roundcube
Dovecot:
Able to track user last (POP3/IMAP) login for OpenLDAP and MariaDB backends. It's disabled by default, you can enable it in iRedMail Easy user portal, in mail server profile page, tab "Settings".
Note: Dovecot doesn't support this with PostgreSQL yet.
Here's detailed tutorial to show you what changes are applied to Dovecot: Track user last login time.
Improvements of iRedMail Easy platform:
iRedMail.tips
file to postmaster after deployment.Dovecot:
imapsieve
setting to handle different IMAP command sent by
Microsoft Outlook (it sometimes uses APPEND
instead of COPY
for
moving message to another folder).iRedAPD:
Update to version 2.7, with SRS (Sender Rewriting Scheme) support.
Note: SRS is disabled by default, you can enable it in mail server profile page with the iRedMail Easy web UI.
Switch logging to syslog (and logrotate).
iRedAdmin:
BIND (local cache-only DNS server):
netdata:
SpamAssassin:
AutoConfig/AutoDiscover
autoconfig.<domain>
and autodiscover.<domain>
are not
required if the web domain is hosted on iRedMail server, Outlook will
look for https://<web-domain>/autodiscover/autodiscover.xml
.Fail2ban:
SOGo:
Backup:
-o ldif-wrap=no
, to avoid break long
line to multiple lines. The dumped LDIF file is easier to work with
grep
and other command line tools.Improvements of iRedMail Easy platform:
::1
if system doesn't
have IPv6 support.nginx -t
for troubleshooting before
restart nginx servvice, it's very useful for troubleshooting.Trusted clients
in mail server profile page, under tab
Settings
. You can list all trusted IP addresses or CIDR networks here,
they will be whitelisted by few components:mynetworks
in /etc/postfix/main.cf
MYNETWORKS
in /opt/iredapd/settings.py
ignoreip
in /etc/fail2ban/ignoreip.local
Fixed issues of iRedMail Easy platform:
Improvements:
Fixed issues:
Package updates:
Enable imapsieve plugin in Dovecot by default.
Message moved to Junk folder will be copied to a directory for spam learning later, vice verse, message moved out of Junk will be copied for ham learning later.
The spam/ham learning will be performed every 10 minutes with a cron job.
Now encourage your users to report spams by moving spams to Junk
folder. :)
Fixed issues:
Updated packages:
Hello, 2019. :)
Attention
/etc/iredmail-release
on your server./opt/www/well-known
, mostly used for Let's Encrypt cert
request./etc/init.d/ip6tables
/etc/default/ip6tables
monitor
by default.departmentNumber
.imjournal
for rate limit control.