We provide remote upgrade service, check the price and contact us.
proxymap
in SQL/LDAP query mapsSet proxy_read_maps
in postfix, so that we can use proxymap(8)
daemon which
is part of postfix to reduce the number of connections to MySQL/LDAP and
greatly reduces system load.
# postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps'
@mynetworks
in /etc/amavis/conf.d/50-user
(Debian/Ubuntu only)# Part of file: /etc/amavis/conf.d/50-user
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
NOTE: They are trusted subnets (amavisd-new default setting), mail sent from these subnets will be bypassed for anti-spam and anti-virus.
Convert some columns of policyd database from latin to utf8, so that we can
add non-ascii characters in description
column.
$ mysql -uroot -p policyd
mysql> ALTER TABLE blacklist MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE blacklist_sender MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE whitelist MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE whitelist_dnsname MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE whitelist_sender MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
NOTE: Policyd database name is policyd
(on RHEL/CentOS) or postfixpolicyd
(on Debian/Ubuntu).
# --- BELOW ARE SHELL COMMANDS ----
# cd /etc/openldap/schema/ # Note: On Debian/Ubuntu, path is /etc/ldap/schema/
# cp iredmail.schema iredmail.schema.bak
# cd /root
# wget http://iredmail.googlecode.com/hg/tags/0.5.1/samples/iredmail.schema
# mv -i /root/iredmail.schema /etc/openldap/schema/
# /etc/init.d/ldap restart # Note: On Debian/Ubuntu, path is /etc/init.d/slapd
NOTE: New LDAP schema provides several new attributes, but it's backwards compatibility, it's SAFE to replace the old one without additional operations.
Prepend proxy:
to the beginnning of all LDAP lookup table definitions in
postfix configuration file: /etc/postfix/main.cf
. For example:
# Part of file: /etc/postfix/main.cf
# Old setting:
#virtual_alias_maps = ldap:/etc/postfix/ldap_virtual_alias_maps.cf
# New setting. Add 'proxy:'.
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf
Update dovecot settings to restrict POP3S & IMAPS in /etc/dovecot-ldap.conf
(on RHEL/CentOS) or /etc/dovecot/dovecot-ldap.conf
(on Debian/Ubuntu),
support domain alias and user shadow address.
# Part of file: dovecot-ldap.conf
# Old setting:
#base = ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org
#user_filter = (&(mail=%u)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls))
#pass_filter = (mail=%u)
# New setting (user_filter is same as pass_filter):
base = o=domains,dc=iredmail,dc=org
user_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
Restarting Dovecot service is required.
# python
>>> import ldap
If it raises error message ImportError: No module named ldap
, you have to
install python-ldap module first.
# easy_install python-ldap==2.3.8
# wget http://iredmail.googlecode.com/hg/extra/update/updateLDAPValues_050_to_051.py
# Part of file: updateLDAPValues_050_to_051.py
uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=iredmail,dc=org'
bind_dn = 'cn=Manager,dc=iredmail,dc=org'
bind_pw = 'passwd'
# python updateLDAPValues_050_to_051.py
Add domain alias support in postfix ldap lookup table file: /etc/postfix/ldap_virtual_mailbox_domains.cf
.
# Part of file: /etc/postfix/ldap_virtual_mailbox_domains.cf
# ---- Old setting ----
query_filter = (&(objectClass=mailDomain)(domainName=%s)(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail))
# ---- New setting ----
query_filter = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail))
Add missing service control in postfix ldap lookup table file: /etc/postfix/ldap_virtual_mailbox_maps.cf
:
# Part of file: /etc/postfix/ldap_virtual_mailbox_maps.cf
# OLD setting
#query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail))
# NEW setting
query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver))
Add shadowAddress
and employeeNumber
attribute names in
/etc/openldap/slapd.conf
(RHEL/CentOS) or /etc/ldap/slapd.conf
(Debian/Ubuntu) for access control and index.
# Part of file: slapd.conf
# OLD setting
#access to attrs="homeDirectory,mailMessageStore,mail,..."
# NEW setting
access to attrs="shadowAddress,employeeNumber,homeDirectory,mailMessageStore,mail,..."
# OLD setting
#index homeDirectory,mailMessageStore,mailForwardingAddress eq,pres
# NEW setting
index homeDirectory,mailMessageStore,mailForwardingAddress,shadowAddress,employeeNumber eq,pres
Add columns used for service control: pop3s, imaps, managesieve:
# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox ADD COLUMN enableimapsecured TINYINT(1) NOT NULL DEFAULT '1';
mysql> ALTER TABLE mailbox ADD COLUMN enablepop3secured TINYINT(1) NOT NULL DEFAULT '1';
mysql> ALTER TABLE mailbox ADD COLUMN enablemanagesievesecured TINYINT(1) NOT NULL DEFAULT '1';
Add columns used to store default user quota size, per-domain default password length control. Will be used in iRedAdmin.
# mysql -uroot -p vmail
mysql> ALTER TABLE domain ADD COLUMN defaultuserquota BIGINT(20) NOT NULL DEFAULT '1024';
mysql> ALTER TABLE domain ADD COLUMN minpasswordlength INT(10) NOT NULL DEFAULT '0';
mysql> ALTER TABLE domain ADD COLUMN maxpasswordlength INT(10) NOT NULL DEFAULT '0';
proxymap
to improve performance and reliability under high load in PostfixPrepend proxy:
to the beginnning of all MySQL lookup table definitions in
postfix configuration file: /etc/postfix/main.cf
. For example:
# Part of file: /etc/postfix/main.cf
# Old setting:
#virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# New setting. Add 'proxy:'.
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
Update dovecot settings in /etc/dovecot-mysql.conf
(RHEL/CentOS) or
/etc/dovecot/dovecot-mysql.conf
(Debian/Ubuntu) to restrict POP3S/IMAPS
services.
# Part of file: dovecot-mysql.conf
# Old setting:
AND active='1' AND enable%Ls='1' AND expired >= NOW()
# New setting (Add '%Lc'):
AND active='1' AND enable%Ls%Lc='1' AND expired >= NOW()
All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.