elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/en_US/upgrade/0-upgrade.iredmail.0.9.9-1....

469 lines
14 KiB
Markdown
Raw Permalink Blame History

# Upgrade iRedMail from 0.9.9 to 1.0
[TOC]
!!! note "Paid Remote Upgrade Support"
We offer remote upgrade support if you don't want to get your hands dirty,
check [the details](https://www.iredmail.org/support.html) and
[contact us](https://www.iredmail.org/contact.html).
## ChangeLog
* Apr 18, 2020, mention how to configure Dovecot to track user last login time.
* Dec 11 2019, mention not to enable quota-status service in Dovecot-2.1.x.
* Dec 9, 2019, initial release.
## General (All backends should apply these changes)
### Update `/etc/iredmail-release` with new iRedMail version number
iRedMail stores the release version in `/etc/iredmail-release` after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:
```
1.0
```
### Upgrade iRedAPD (Postfix policy server) to the latest stable release: 3.3
!!! attention
iRedAPD offers SRS (Sender Rewriting Scheme) support in this release, but
it's disabled by default, please read our tutorial to understand known
issues and how to enable it: [Enable SRS (Sender Rewriting Scheme) support](./srs.html).
Please follow below tutorial to upgrade iRedAPD to the latest stable release:
[Upgrade iRedAPD to the latest stable release](./upgrade.iredapd.html)
### Upgrade iRedAdmin (open source edition) to the latest stable release: 0.9.9
Please follow this tutorial to upgrade iRedAdmin open source edition to the
latest stable release:
[Upgrade iRedAdmin to the latest stable release](./migrate.or.upgrade.iredadmin.html)
### Upgrade mlmmjadmin to the latest stable release (2.1)
Please follow below tutorial to upgrade mlmmjadmin to the latest stable release:
[Upgrade mlmmjadmin to the latest stable release](./upgrade.mlmmjadmin.html)
### Upgrade Roundcube webmail to the latest stable release: 1.4.1
!!! warning "Roundcube 1.4"
Since Roundcube 1.3, at least __PHP 5.4__ is required. If your server is
running PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube
the latest 1.2 branch instead.
The latest Roundcube webmail 1.4.1 offers a shiny new web UI.
Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
latest stable release (1.4.1):
* [How to upgrade Roundcube](https://github.com/roundcube/roundcubemail/wiki/Upgrade).
### Upgrade netdata to the latest stable release (1.19.0)
If you have netdata installed, you can upgrade it by following this tutorial:
[Upgrade netdata](./upgrade.netdata.html).
### Fixed: improper order of Postfix smtpd_sender_restriction rules
iRedMail-0.9.9 and earlier releases didn't configure Postfix to apply custom
restriction rule before querying DNS records of sender domain,
this way you cannot whitelist some sender mail domains which don't have
DNS records (especially your internal mail domains used in LAN). Please follow
steps below to fix it.
* Open file `/etc/postfix/main.cf` (Linux/OpenBSD) or
`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
`smtpd_sender_restrictions` like below:
```
smtpd_sender_restrictions =
reject_unknown_sender_domain
...
check_sender_access pcre:...
```
* Move the `reject_unknown_sender_domain` line after `check_sender_access` line
like below:
```
smtpd_sender_restrictions =
...
check_sender_access pcre:...
reject_unknown_sender_domain
```
* Reloading or restarting Postfix service is required.
### Fixed: fix improper HELO rule which blocks new Facebook servers
Facebook has some new servers which uses `<ip>.mail-mail.facebook.com` as
HELO identities, this is blocked by the default HELO rules configured by
iRedMail-0.9.9 and earlier releases. Please fix it with EITHER step described
below, but solution 1 is the recommended.
1. Prepend line below in `/etc/postfix/helo_access.pcre` (Linux/OpenBSD) and
`/usr/local/etc/postfix/helo_access.pcre` (FreeBSD):
```
/^\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.mail-mail\.facebook\.com$/ DUNNO
```
2. Or, find line below in `helo_access.pcre` and remove it.
```
/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery
```
Reloading or restarting Postfix service is required.
### Fixed: Incorrect SSL CA file path in Postfix on FreeBSD and OpenBSD
!!! attention
This applies to only FreeBSD and OpenBSD, NOT Linux.
FreeBSD and OpenBSD has all CAs in file `/etc/ssl/cert.pem`, but it's
configured by iRedMail to load multiple CA files under `/etc/ssl/certs`
directory like Linux. Commands below fix this issue.
```
postconf -e smtpd_tls_CAfile=/etc/ssl/cert.pem
postconf -e smtpd_tls_CApath=''
postfix reload
```
### Fail2ban: slightly loose filter rule for postfix
We received few reports from clients that Outlook for macOS may trigger some
unexpected smtp errors, and caught by the Fail2ban filter rules shipped by
iRedMail, so we decide to remove the filter rule used to match Postfix log
`lost connection after EHLO`.
Please follow commands below to get the updated filter rules.
* On Linux:
```
cd /etc/fail2ban/filter.d/
wget -O postfix.iredmail.conf https://github.com/iredmail/iRedMail/raw/1.0/samples/fail2ban/filter.d/postfix.iredmail.conf
wget -O dovecot.iredmail.conf https://github.com/iredmail/iRedMail/raw/1.0/samples/fail2ban/filter.d/dovecot.iredmail.conf
```
Restarting Fail2ban service is required.
## For OpenLDAP backend
### [OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.
With default iRedMail settings, Postfix accepts email without checking whether
user's mailbox is over quota, then pipes email to Dovecot LDA for local
delivery. If mailbox is over quota, Dovecot can not save message to mailbox
and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot
directly, then reject email if it's over quota. It saves system resource used
to process this email (e.g. spam/virus scanning), and avoids bounce message.
#### Add required LDAP attribute/value pair for all mail users
According to the Dovecot settings configured by iRedMail, all mail users
should have LDAP attribute/value pair `enabledService=quota-status` to use
this service.
* Download script used to update existing mail accounts:
```
cd /root/
wget https://github.com/iredmail/iRedMail/raw/1.0/update/ldap/updateLDAPValues_099_to_1.py
```
* Open downloaded file `updateLDAPValues_099_to_1.py`, set LDAP server
related settings in this file. For example:
```
# Part of file: updateLDAPValues_099_to_1.py
uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'
```
You can find required LDAP credential in iRedAdmin config file or
`iRedMail.tips` file under your iRedMail installation directory. Using either
`cn=Manager,dc=xx,dc=xx` or `cn=vmailadmin,dc=xx,dc=xx` as bind dn is ok, both
of them have read-write privilege to update mail accounts.
* Execute this script, it will add required data:
```
# python2 updateLDAPValues_099_to_1.py
```
#### Enable quota-status service in Dovecot
!!! warning
This feature requires Dovecot-2.2 or later releases, do not apply it on
Dovecot-2.1.x or earlier versions.
Open Dovecot config file `/etc/dovecot/dovecot.conf` (Linux/OpenBSD) or
`/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), find the `plugin {}` block
and add 3 new parameters:
```
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
```
In same `dovecot.conf`, append settings below __at the end of file__:
* With settings below, Dovecot quota-status service will listen on `127.0.0.1:12340`.
* You can change the port number `12340` to any other spare one if you want.
```
service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
```
Restarting Dovecot service is required.
#### Enable quota status check in Postfix
!!! warning
This feature requires Dovecot-2.2 or later releases, do not apply it on
Dovecot-2.1.x or earlier versions.
Open Postfix config file `/etc/postfix/main.cf` (Linux/OpenBSD) or
`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
`smtpd_recipient_restrictions` and append a new `check_policy_service` setting
__at the end__ like below:
```
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
```
Restarting Postfix service is required.
### [OPTIONAL] Track the time of user last login via IMAP/POP3
Sometimes you may want/need to know the time of user last login via IMAP/POP3,
and here's the tutorial to implement this feature. If you run iRedAdmin-Pro
admin panel, it's visiable on the web UI directly.
* [Track user last login time](./track.user.last.login.html)
## For MySQL/MariaDB backends
### [OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.
With default iRedMail settings, Postfix accepts email without checking whether
user's mailbox is over quota, then pipes email to Dovecot LDA for local
delivery. If mailbox is over quota, Dovecot can not save message to mailbox
and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot
directly, then reject email if it's over quota. It saves system resource used
to process this email (e.g. spam/virus scanning), and avoids bounce message.
#### Add new SQL column in `vmail.mailbox` table
According to the Dovecot settings configured by iRedMail, a new SQL column
`mailbox.enablequota-status` is required.
Download plain SQL file used to create required column and index, then import
it directly as MySQL root user (Please run commands below as `root` user):
```
wget -O /tmp/iredmail.mysql https://github.com/iredmail/iRedMail/raw/1.0/update/1.0/iredmail.mysql
mysql vmail < /tmp/iredmail.mysql
rm -f /tmp/iredmail.mysql
```
#### Enable quota-status service in Dovecot
!!! warning
This feature requires Dovecot-2.2 or later releases, do not apply it on
Dovecot-2.1.x or earlier versions.
Open Dovecot config file `/etc/dovecot/dovecot.conf` (Linux/OpenBSD) or
`/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), find the `plugin {}` block
and add 3 new parameters:
```
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
```
In same `dovecot.conf`, append settings below __at the end of file__:
* With settings below, Dovecot quota-status service will listen on `127.0.0.1:12340`.
* You can change the port number `12340` to any other spare one if you want.
```
service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
```
Restarting Dovecot service is required.
#### Enable quota status check in Postfix
!!! warning
This feature requires Dovecot-2.2 or later releases, do not apply it on
Dovecot-2.1.x or earlier versions.
Open Postfix config file `/etc/postfix/main.cf` (Linux/OpenBSD) or
`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
`smtpd_recipient_restrictions` and append a new `check_policy_service` setting
__at the end__ like below:
```
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
```
Restarting Postfix service is required.
### [OPTIONAL] Track the time of user last login via IMAP/POP3
Sometimes you may want/need to know the time of user last login via IMAP/POP3,
and here's the tutorial to implement this feature. If you run iRedAdmin-Pro
admin panel, it's visiable on the web UI directly.
* [Track user last login time](./track.user.last.login.html)
## For PostgreSQL backend
### [OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.
With default iRedMail settings, Postfix accepts email without checking whether
user's mailbox is over quota, then pipes email to Dovecot LDA for local
delivery. If mailbox is over quota, Dovecot can not save message to mailbox
and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot
directly, then reject email if it's over quota. It saves system resource used
to process this email (e.g. spam/virus scanning), and avoids bounce message.
#### Add new SQL column in `vmail.mailbox` table
According to the Dovecot settings configured by iRedMail, a new SQL column
`mailbox.enablequota-status` is required.
* Download plain SQL file used to create required column and index:
```
wget -O /tmp/iredmail.pgsql https://github.com/iredmail/iRedMail/raw/1.0/update/1.0/iredmail.pgsql
```
* Connect to PostgreSQL server as `postgres` user and import the SQL file:
* on Linux, it's `postgres` user
* on FreeBSD, it's `pgsql` user
* on OpenBSD, it's `_postgresql` user
```
su - postgres
psql -d vmail < /tmp/iredmail.pgsql
```
* Remove downloaded file as root user:
```
rm -f /tmp/iredmail.pgsql
```
#### Enable quota-status service in Dovecot
!!! warning
This feature requires Dovecot-2.2 or later releases, do not apply it on
Dovecot-2.1.x or earlier versions.
Open Dovecot config file `/etc/dovecot/dovecot.conf` (Linux/OpenBSD) or
`/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), find the `plugin {}` block
and add 3 new parameters:
```
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
```
In same `dovecot.conf`, append settings below __at the end of file__:
* With settings below, Dovecot quota-status service will listen on `127.0.0.1:12340`.
* You can change the port number `12340` to any other spare one if you want.
```
service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
```
Restarting Dovecot service is required.
#### Enable quota status check in Postfix
!!! warning
This feature requires Dovecot-2.2 or later releases, do not apply it on
Dovecot-2.1.x or earlier versions.
Open Postfix config file `/etc/postfix/main.cf` (Linux/OpenBSD) or
`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
`smtpd_recipient_restrictions` and append a new `check_policy_service` setting
__at the end__ like below:
```
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
```
Restarting Postfix service is required.
Reference in New Issue View Git Blame Copy Permalink