# Upgrade iRedMail from 0.9.5-1 to 0.9.6 [TOC] !!! warning This tutorial is still a __DRAFT__, do not apply it. !!! note "Paid Remote Upgrade Support" We offer remote upgrade support if you don't want to get your hands dirty, check [the details](../support.html) and [contact us](../contact.html). ## TODO * Separated SOGo address book for LDAP backend. * List all contacts by default in SOGo global LDAP address book (`listRequiresDot`). ## ChangeLog * Jul 2, 2016: Fixed: SOGo-3.1.3 (and later releases) changed argument used by `sogo-tool` command * Jun 10, 2016: Fixed: Nginx doesn't forward real client IP address to SOGo. * Jun 8, 2016: Set correct file owner for config file of Roundcube password plugin. * Jun 8, 2016: Fixed: one incorrect HELO restriction rule in Postfix. * May 27, 2016: Fixed: not enable opportunistic TLS support in Postfix. * May 24, 2016: Initial __DRAFT__. ## General (All backends should apply these steps) ### Update `/etc/iredmail-release` with new iRedMail version number iRedMail stores the release version in `/etc/iredmail-release` after installation, it's recommended to update this file after you upgraded iRedMail, so that you can know which version of iRedMail you're running. For example: ``` 0.9.6 ``` ### Upgrade iRedAPD (Postfix policy server) to the latest stable release (1.9.2) Please follow below tutorial to upgrade iRedAPD to the latest stable release: [Upgrade iRedAPD to the latest stable release](./upgrade.iredapd.html) Detailed release notes are available [here](./iredapd.releases.html). ### Upgrade iRedAdmin (open source edition) to the latest stable release (0.7.2) Please follow this tutorial to upgrade iRedAdmin open source edition to the latest stable release: [Upgrade iRedAdmin to the latest stable release](./migrate.or.upgrade.iredadmin.html) ### Upgrade Roundcube webmail to the latest stable release (1.2.0) Please follow Roundcube official tutorial to upgrade Roundcube webmail to the latest stable release immediately: [How to upgrade Roundcube](https://github.com/roundcube/roundcubemail/wiki/Upgrade). Note: package `rsync` must be installed on your server before upgrading. ### Fixed: not enable opportunistic TLS support in Postfix iRedMail-0.9.5 and iRedMail-0.9.5-1 didn't enable opportunistic TLS support in Postfix, this causes other servers cannot transfer emails via TLS secure connection. Please fix it with commands below. ``` postconf -e smtpd_tls_security_level='may' postfix reload ``` ### Fixed: one incorrect HELO restriction rule in Postfix There's one incorrect HELO restriction rule file `helo_access.pcre` * on Linux/OpenBSD, it's `/etc/postfix/helo_access.pcre` * on FreeBSD, it's `/usr/local/etc/postfix/helo_access.pcre` It will match HELO identity like `[192.168.1.1]` which is legal. ``` /(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) ``` Please replace it by the correct one below (it matches the IP address with `/^IP$/` strictly): ``` /^(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) ``` ### Fixed: incorrect file owner and permission of config file of Roundcube password plugin iRedMail-0.9.5-1 and earlier versions didn't correct set file owner and permission of config file of Roundcube password plugin, other system users may be able to see the SQL/LDAP username and password in the config file. Please follow steps below to fix it. * On RHEL/CentOS: