elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/html_bk/iredmail-easy.release.notes...

1659 lines
50 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>iRedMail Easy: Release Notes</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="iredmail-easy-release-notes">iRedMail Easy: Release Notes</h1>
<div class="toc">
<ul>
<li><a href="#iredmail-easy-release-notes">iRedMail Easy: Release Notes</a><ul>
<li><a href="#2021091301">Version: 2021091301 (Sep 13, 2021)</a></li>
<li><a href="#2021090801">Version: 2021090801 (Sep 8, 2021)</a></li>
<li><a href="#2021062401">Version: 2021062401 (Jun 24, 2021)</a></li>
<li><a href="#2021041301">Version: 2021041301 (Apr 13, 2021)</a></li>
<li><a href="#2021020401">Version: 2021020401 (Feb 4, 2020)</a></li>
<li><a href="#20201228">Version: 2020122801 (Dec 28, 2020)</a></li>
<li><a href="#20201211">Version: 2020121101 (Dec 11, 2020)</a></li>
<li><a href="#20201028">Version: 2020102801 (Oct 28, 2020)</a></li>
<li><a href="#20200825">Version: 2020082501 (Aug 25, 2020)</a></li>
<li><a href="#20200707">Version: 2020070701 (Jul 7, 2020)</a></li>
<li><a href="#20200626">Version: 2020062601 (Jun 26, 2020)</a></li>
<li><a href="#20200430">Version: 2020043001 (Apr 30, 2020)</a></li>
<li><a href="#20200416">Version: 2020041601 (Apr 16, 2020)</a></li>
<li><a href="#20200210">Version: 2020021001 (Feb 10, 2020)</a></li>
<li><a href="#20191210">Version: 2019121301 (Dec 13, 2019)</a></li>
<li><a href="#20191210">Version: 2019121001 (Dec 10, 2019)</a></li>
<li><a href="#20191209">Version: 2019120901 (Dec 09, 2019)</a></li>
<li><a href="#20191112">Version: 2019111201 (Nov 12, 2019)</a></li>
<li><a href="#20191022">Version: 2019102201 (Oct 22, 2019)</a></li>
<li><a href="#20190906">Version: 2019090601 (Sep 06, 2019)</a></li>
<li><a href="#20190802">Version: 2019080201 (Aug 02, 2019)</a></li>
<li><a href="#20190801">Version: 2019080101 (Aug 01, 2019)</a></li>
<li><a href="#20190715">Version: 2019071501 (Jul 15, 2019)</a></li>
<li><a href="#20190606">Version: 2019060601 (Jun 06, 2019)</a></li>
<li><a href="#20190428">Version: 2019042801 (Apr 28, 2019)</a></li>
<li><a href="#20190402">Version: 2019040201 (Apr 02, 2019)</a></li>
<li><a href="#20190327">Version: 2019032701 (Mar 27, 2019)</a></li>
<li><a href="#20190219">Version: 2019021901 (Feb 19, 2019)</a></li>
<li><a href="#20190130">Version: 2019013001 (Jan 30, 2019)</a></li>
<li><a href="#20190102">Version: 2019010201 (Jan 2, 2019)</a></li>
<li><a href="#20181223">Version: 2018122301 (Dec 23, 2018)</a></li>
<li><a href="#20181217">Version: 2018121701 (Dec 17, 2018)</a></li>
</ul>
</li>
</ul>
</div>
<h2 id="2021091301">Version: 2021091301 (Sep 13, 2021)</h2>
<ul>
<li>Remove unused LDAP attributes: lastLoginDate, lastLoginIP, lastLoginProtocol.</li>
<li>
<p>Remove unused sql columns in <code>vmail.mailbox</code>:</p>
<ul>
<li>lastlogindate</li>
<li>lastloginipv4</li>
<li>lastloginprotocol</li>
</ul>
</li>
<li>
<p>Fix improper SQL column types in <code>vmail</code> and <code>sogo</code> databases:</p>
<ul>
<li>mailbox.enablesogowebmail</li>
<li>mailbox.enablesogocalendar</li>
<li>mailbox.enablesogoactivesync</li>
</ul>
</li>
</ul>
<h2 id="2021090801">Version: 2021090801 (Sep 8, 2021)</h2>
<ul>
<li>Debian Linux 11 (Bullseye) is now supported.</li>
<li>Debian 9 will be dropped in 3 months.</li>
<li>
<p>SOGo:</p>
<ul>
<li>Able to enable or disable per-user SOGo webmail, calendar and activesync
services.</li>
</ul>
</li>
<li>
<p>Amavisd:</p>
<ul>
<li>Add some useful ban rules. You can assign them in per-user,
per-domain or global spam policy page with iRedAdmin-Pro.<ul>
<li>ALLOW_MS_OFFICE: Allow all Microsoft Office documents.</li>
<li>ALLOW_MS_WORD: Allow Microsoft Word documents (.doc, .docx).</li>
<li>ALLOW_MS_EXCEL: Allow Microsoft Excel documents (.xls, .xlsx).</li>
<li>ALLOW_MS_PPT: Allow Microsoft PowerPoint documents (.ppt, .pptx).</li>
</ul>
</li>
</ul>
</li>
<li>
<p>php-fpm:</p>
<ul>
<li>Log slow process if doesn't finish in 20 seconds.</li>
</ul>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>Security vulnerability: It generates same random passwords for different
hosts in some cases.</li>
<li>Minor issue while setting up MariaDB on CentOS 8.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>iRedAdmin-1.5</li>
<li>iRedAPD-5.0.3</li>
</ul>
</li>
</ul>
<h2 id="2021062401">Version: 2021062401 (Jun 24, 2021)</h2>
<ul>
<li>Rocky Linux 8 is now supported.</li>
<li>OpenBSD 6.9 is now supported, 6.5, 6.6, 6.7, 6.8 are all dropped.</li>
<li>Dovecot:<ul>
<li>Optional setting to enable FTS (full-text search) integration.
Notes:<ul>
<li>This setting is <strong>NOT enabled by default</strong>. You can go to mail
server profile page, tab "Settings", find setting
"Enable FTS (Full-Text Search)" under section "POP3/IMAP services"
and enable it.</li>
<li>Currently this option is available on CentOS 8, Debian 10, OpenBSD.</li>
<li>FTS backend is xapian, no daemon service is running.</li>
</ul>
</li>
</ul>
</li>
<li>mlmmjadmin:<ul>
<li>Fixed: tools/maillist_admin.py: don't call <code>add_subscribers()</code> and
<code>remove_subscribers()</code> for backends.</li>
</ul>
</li>
<li>Nginx:<ul>
<li>Do not enable <code>multi_accept on;</code>. Thanks jinleileiking@GitHub.</li>
</ul>
</li>
<li>Fail2ban:<ul>
<li>Use builtin filter file for Dovecot jail.</li>
</ul>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>Anonying logwatch warning about freshclam log file.</li>
<li>logwatch can not detect and check clamav log files.</li>
<li>Allow more sendgrid HELO hostnames.
Thanks to Jim Nelin for the feedback.</li>
<li>Allow HELO hostnames used by Amazon EC2 and QQ.com (Tencent).</li>
<li>Do not enable iRedAPD pulgin <code>amavisd_wblist</code> if antispam component is
not enabled.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>adminer 4.8.1</li>
<li>iRedAPD 5.0.2</li>
<li>mlmmjadmin 3.1.2</li>
<li>netdata 1.31.0</li>
</ul>
</li>
</ul>
<h2 id="2021041301">Version: 2021041301 (Apr 13, 2021)</h2>
<ul>
<li>CentOS 8 Stream is now supported.</li>
<li>
<p>MariaDB and PostgreSQL backends:</p>
<ul>
<li>New SQL table: <code>maillist_owners</code>. Used to store owner of (subscribable)
mailing lists.</li>
</ul>
</li>
<li>
<p>OpenLDAP:</p>
<ul>
<li>New LDAP attributes for objectClass <code>mailList</code>:<ul>
<li><code>listOwner</code>: used to store owner(s) of (subscribable) mailing list.</li>
<li><code>listModerator</code>: used to store moderator(s) of (subscribable) mailing list.</li>
</ul>
</li>
</ul>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>Log the time of last received message.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Remove blacklist of reverse DNS name for <code>ddXX.kasserver.com</code>.</li>
<li>Whitelist HELO hostname used by Microsoft Outlook/Hotmail servers.</li>
</ul>
</li>
<li>
<p>Fail2ban:</p>
<ul>
<li>Stores (base64) encoded log lines in SQL database, it also helps avoid
possible SQL injection.</li>
</ul>
</li>
<li>
<p>ClamAV:</p>
<ul>
<li>CentOS: ClamAV database is now updated by daemon service
<code>clamav-freshclam</code>, not cron job anymore.</li>
</ul>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>Not apply all custom settings defined in
<code>/opt/iredmail/custom/&lt;PROGRAM&gt;/custom.sh</code> after system reboot.
Note: it's now done by a cron job with special time <code>@reboot</code> for root user.</li>
<li><code>/opt/iredmail/bin/create_user</code>: not set correct password and quota size.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>adminer-4.8.0</li>
<li>iRedAPD-5.0</li>
<li>netdata-1.30.1</li>
<li>mlmmjadmin-3.1</li>
<li>iRedAdmin-1.3</li>
</ul>
</li>
</ul>
<h2 id="2021020401">Version: 2021020401 (Feb 4, 2020)</h2>
<ul>
<li>
<p>iRedAPD:</p>
<ul>
<li>Fixed: not enable plugin <code>sql_ml_access_policy</code> by default.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Update rdns match rule to block <code>static.X.X.X.X.clients.your-server.de</code>.</li>
</ul>
</li>
<li>
<p>Package update:</p>
<ul>
<li>netdata-1.29.0</li>
</ul>
</li>
</ul>
<h2 id="20201228">Version: 2020122801 (Dec 28, 2020)</h2>
<ul>
<li>Package updates:<ul>
<li>Roundcube webmail -&gt; 1.4.10. It's a security and bug fix release, all
users are encouraged to upgrade as soon as possible. Check <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.4.10">official
release page</a>
for more details.</li>
<li>netdata-1.28.0</li>
<li>web.py-0.62</li>
</ul>
</li>
</ul>
<h2 id="20201211">Version: 2020121101 (Dec 11, 2020)</h2>
<ul>
<li>
<p>Postfix:</p>
<ul>
<li>If logwatch is installed, enable long queue id support in logwatch.</li>
</ul>
</li>
<li>
<p>SpamAssassin:</p>
<ul>
<li>Remove rules which caused too many incorrect quarantining:
<code>URIBL_SBL</code>, <code>URIBL_SBL_A</code>.</li>
</ul>
</li>
<li>
<p>Fail2ban:</p>
<ul>
<li>It now works on OpenBSD 6.8.</li>
<li>Fixed: Can not store banned IP address when country name contains quotes.</li>
<li>Fixed: possible SQL injection in shell script used by <code>banned_db</code> action.</li>
</ul>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>Not install uwsgi for Python 3 on CentOS 8.</li>
<li>Not backup Postfix config files <code>main.cf</code> and <code>master.cf</code> if they're
regular files.</li>
<li>Not always install the latest Python module <code>web.py</code>.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>adminer-4.7.8</li>
<li>iRedAPD-4.7</li>
<li>iRedAdmin-Pro-LDAP-4.8, iRedAdmin-Pro-SQL-4.7</li>
<li>mlmmjadmin-3.0.7</li>
</ul>
</li>
</ul>
<h2 id="20201028">Version: 2020102801 (Oct 28, 2020)</h2>
<ul>
<li>
<p>Supports now distribution release:</p>
<ul>
<li>OpenBSD 6.8. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.
<strong>NOTE</strong>:<ul>
<li>Support for OpenBSD 6.6 will be dropped in 6 months.</li>
<li>Support for OpenBSD 6.7 will be dropped after 6.9 is out.</li>
<li>Fail2ban (0.11.1) is not available due to not fully compatible with
the Python 3.8.6 offered by OpenBSD 6.8.</li>
</ul>
</li>
</ul>
</li>
<li>
<p>Add <code>/opt/iredmail/custom/custom.sh</code>. It will be ran at the end of EACH
deployment.</p>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Revert the block of default reverse hostnames offered by OVH.com.</li>
</ul>
</li>
<li>
<p>Amavisd:</p>
<ul>
<li>Log matched virus database name.</li>
<li>Update regex to match SecuriteInfo virus signature names.</li>
</ul>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>Failed to upgrade ClamAV database on CentOS 7.</li>
<li>Incorrect rsyslog pid file path on CentOS 7.</li>
<li>Not upgrade <code>sope*</code> packages while upgrading SOGo packages.</li>
<li>Can not create PostgreSQL database if locale doesn't match LC_CTYPE.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>iRedAPD-4.6. <strong>Python 3.5+ is required.</strong></li>
<li>mlmmjadmin-3.0.4. <strong>Python 3.5+ is required.</strong></li>
<li>iRedAdmin-1.1. <strong>Python 3.5+ is required.</strong></li>
<li>netdata-1.26.0</li>
<li>Roundcube webmail 1.4.9</li>
</ul>
</li>
</ul>
<h2 id="20200825">Version: 2020082501 (Aug 25, 2020)</h2>
<ul>
<li>
<p>SOGo:</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>SOGo may not successfully kill all its child processes and causes sogo
service failed to start. If it occurs, please stop SOGo service manually
(<code>service sogo stop</code>), kill orphan processes (<code>pkill -9 sogod</code>), then start
it manually (<code>service sogo restart</code>).</p>
</div>
<ul>
<li>Upgrade SOGo to the latest v5 branch (nightly bulid) on Linux.</li>
<li>With SOGo v5, it now send email via submission service (port 587) without
ssl cert verification.</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>Enable http2 for https sites by default.</li>
</ul>
</li>
<li>
<p>Amavisd:</p>
<ul>
<li>Fix improper SQL column type for column <code>msgs.from_address</code> (changed
from <code>VARCHAR</code> to <code>VARBINARY</code>) for MariaDB and OpenLDAP backends.</li>
</ul>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>Logrotate config file for Dovecot uses incorrect pid file name on CentOS.
Thanks Igor Cej for the report and help.</li>
<li>Fixed: do not enable spam/ham auto learning if Amavisd + SpamAssassin
are not installed.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Block default reverse hostnames (format <code>(ns|ip)XXXX.ip-XX-XX-XX.eu</code>,
"XX" is digit numbers) offered by OVH.com.
Note: If you run mail server on OVH platform with a fixed hostname and
valid PTR DNS record, it's not impacted.</li>
<li>Fixed: incorrect SMTP action code for whitelisted HELO hostnames.</li>
</ul>
</li>
<li>
<p>Chronyd (<code>ntp</code> alternative on CentOS 8):</p>
<ul>
<li>Add <code>-x</code> option for chronyd if system is running in a LXC container.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>netdata-1.24.0</li>
<li>Roundcube webmail 1.4.8</li>
</ul>
</li>
</ul>
<h2 id="20200707">Version: 2020070701 (Jul 7, 2020)</h2>
<ul>
<li>
<p>BIND (cache-only) DNS server:</p>
<ul>
<li>Fixed: Set DNS server to only <code>127.0.0.1</code> in ifcfg-XXX scripts on CentOS.
Thanks Igor Cej for the feedback and help.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Bypass Facebook mail server HELO hostname pattern:
<code>&lt;ip&gt;.mail-campmail.facebook.com</code>.</li>
</ul>
</li>
<li>
<p>Roundcube:</p>
<ul>
<li>Add <code>/opt/iredmail/custom/roundcube/custom.sh</code> for advance customization.
It will be ran each time you (re-)deploy Roundcube or upgrade.</li>
<li>Connect to local (<code>127.0.0.1</code>) IMAP server without TLS on Ubuntu 20.04
and CentOS 8. This is also considered as secure by Dovecot.</li>
</ul>
</li>
<li>
<p>SOGo:</p>
<ul>
<li>
<p>Connect to local (<code>127.0.0.1</code>) IMAP server without TLS on Ubuntu 20.04
and CentOS 8. This is also considered as secure by Dovecot.</p>
<p>We received reports that Roundcube and SOGo have problem when TLS
is explicitly enabled for IMAP service, unfortunately we didn't figure
out what causes the issue yet. As a temporary fix, we choose to
disable TLS for local connection.</p>
</li>
</ul>
</li>
<li>
<p>Fail2ban:</p>
<ul>
<li>Suppress fail2ban-client output in cron job to avoid annoying mail
notification.</li>
<li>Fixed: incorrect match rule. Thanks for Igor Cej for the feedback.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>Roundcube webmail 1.4.7, with a security fix.</li>
<li>netdata-1.23.1</li>
</ul>
</li>
</ul>
<h2 id="20200626">Version: 2020062601 (Jun 26, 2020)</h2>
<ul>
<li>
<p>Possible issue after upgraded on CentOS 8:</p>
<p>Old CentOS 8 releases shipped Dovecot-2.2.x, but the new <code>8.2.2004</code> release
suprisely ships Dovecot-2.3.8 which has some backward-incompatible settings.
iRedMail Easy will upgrade it from old version <code>2.2.36</code> and re-generates
its config files, it MAY fail to (re)start if you have unsupported
customized parameters set in config file under
<code>/opt/iredmail/custom/dovecot/conf-enabled/</code>.</p>
<p>Mostly customized parameter is <code>ssl_protocols</code>, it should be replace by
<code>ssl_min_protocol</code>.</p>
<p>For example, if you still need to support TLSv1, please set
<code>ssl_min_protocol = TLSv1</code> instead. Default value is TLSv1.2.</p>
<ul>
<li>For more details, please check <a href="https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/">official Dovecot upgrade
tutorial</a>.</li>
<li>If you have issue after upgraded, feel free to create a support
ticket on the iRedMail Easy platform.</li>
</ul>
</li>
<li>
<p>Supports now distribution releases:</p>
<ul>
<li>Ubuntu 20.04. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.</li>
<li>OpenBSD 6.7. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.
<strong>NOTE</strong>: support for OpenBSD 6.6 will be dropped after 6.8 is out.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Fixed: not wrap IPv6 addresses inside <code>[]</code> in <code>mynetworks</code>.</li>
<li>Fixed: not bypass HELO identities used by pinterest.com mail server.</li>
<li>Fixed: not add alias for <code>postmaster</code> (system) user which is used as
2bounce recipient.</li>
</ul>
</li>
<li>
<p>Fail2ban:</p>
<ul>
<li>It now stores more info in SQL db, you can view them with iRedAdmin-Pro:<ul>
<li>Number of times the failure occurred in log files</li>
<li>The log lines which triggerred the ban</li>
<li>Reverse DNS of banned IP address</li>
</ul>
</li>
<li>Fixed: specify <code>backend = pooling</code> and <code>journalmatch =</code> (empty value)
to avoid performance issue and startup warnings in fail2ban log file.</li>
<li>Fixed: inconsistent jail name for jail <code>nginx-http-auth</code>.</li>
</ul>
</li>
<li>
<p>Antispam:</p>
<ul>
<li>[Debian/Ubuntu] Fixed: not add user <code>debian-spamd</code> to <code>amavis</code> group.</li>
<li>[OpenLDAP/MariaDB] Add missing INDEX for SQL column <code>msgs.time_iso</code>.</li>
</ul>
</li>
<li>
<p>Adminer:</p>
<ul>
<li>Improve Nginx configuration to loading custom CSS file <code>adminer.css</code>
in same directory (<code>/opt/www/adminer/</code>).</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>Make sure all 3 required official apt repositories are enabled on Ubuntu.</li>
<li>Make sure iRedMail yum repository has higher priority on CentOS.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>roundcube webmail-1.4.6. It includes few security fixes.</li>
<li>adminer-4.7.7</li>
<li>netdata-1.23.0</li>
</ul>
</li>
</ul>
<h2 id="20200430">Version: 2020043001 (Apr 30, 2020)</h2>
<ul>
<li>
<p>Antispam:</p>
<ul>
<li>Fixed: incorrect regular expression rules which caused unbanning based
on file types doesn't work.</li>
<li>Fixed: incorrect file owner and permission for SpamAssassin config files:
<code>/etc/mail/spamassassin/local.cf</code> and <code>razor.conf</code>, must be owned by
user/group which is running Amavisd service, with permission 0640.</li>
<li>Add <code>/opt/iredmail/custom/spamassassin/custom.cf</code> for custom SpamAssassin
rules.</li>
</ul>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>Fixed: improper permission on file
<code>/etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf</code>.</li>
<li>Add <code>/opt/iredmail/custom/dovecot/master-users</code> for custom master users.
Please do not modify <code>/etc/dovecot/dovecot-master-users</code>.</li>
</ul>
</li>
<li>
<p>Firewall:</p>
<ul>
<li>[Debian 10] Fixed: Not open ports for XMPP service (5222, 5269) if
Prosody is deployed.</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>Fixed: improper http code <code>301</code> (permanent redirect) causes incorrect
redirection after switching homepage application from SOGo to other
web application. It's now replaced by <code>302</code> (temporarily redirect).</li>
</ul>
</li>
<li>
<p>Roundcube:</p>
<ul>
<li>Fixed: not load custom config file for plugin <code>markasjunk</code>.</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>Switch self-signed SSL cert key length to 4096, also DKIM key length to</li>
<li>Note: Only new initial installation is affected, also if you
already have those files, it won't re-generate them.</li>
<li>Able to customize http and https ports.</li>
<li>Add Prosody related info in <code>/root/iRedMail/iRedMail.tips</code>.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>Roundcube webmail 1.4.4 (includes few security fixes)</li>
</ul>
</li>
</ul>
<h2 id="20200416">Version: 2020041601 (Apr 16, 2020)</h2>
<ul>
<li>
<p>CentOS 8 is now supported, all 3 backends (MariaDB, PostgreSQL, OpenLDAP)
are available.</p>
<p>Note: RedHat dropped OpenLDAP server in RHEL 8, iRedMail Easy installs the
OpenLDAP server packages (<code>symas-openldap-*</code>) from yum repository offered
by Symas (the company behind OpenLDAP), package <code>symas-openldap</code> conflicts
with the <code>openldap</code> package available in official RHEL/CentOS 8 yum repo.</p>
</li>
<li>
<p>Drop support for OpenBSD 6.4, 6.5.</p>
</li>
<li>
<p>New script <code>/opt/iredmail/bin/create_user</code>: create single user with quota
support. Note: available for SQL backends.</p>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>TLSv1 is now disabled by default.</li>
<li>It now tracks last login of both POP3 and IMAP logins. In early releases,
either POP3 or IMAP was tracked.</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>New directory <code>/opt/iredmail/custom/nginx/webapps/</code> used to store custom
settings for web applications, it should be useful if sysadmin wants to
add ACL control for the web application.</li>
</ul>
<p>Currently only 3 applications are supported: iRedAdmin, Roundcube, Adminer.</p>
<p>For example, Nginx loads <code>/etc/nginx/templates/iredadmin.tmpl</code> for
iRedAdmin, also loads extra settings from
<code>/opt/iredmail/custom/nginx/webapps/iredadmin.conf</code>. If you want to
limit the access to network <code>192.168.0.0/24</code>, you can create file
<code>/opt/iredmail/custom/nginx/webapps/iredadmin.conf</code> with content below
and reload Nginx service:</p>
<pre><code>```
allow 192.168.0.0/24;
deny all;
```
</code></pre>
<ul>
<li>Cache fonts used by web applications for 30 days.</li>
<li>Fixed: can not request Let's Encrypt cert with default config file
for web domain <code>autoconfig.*</code> and <code>autodiscover.*</code>.</li>
</ul>
</li>
<li>
<p>Roundcube:</p>
<ul>
<li>Use <code>pspell</code> as default spell check engine.</li>
</ul>
</li>
<li>
<p>Amavisd:</p>
<ul>
<li>Fixed: SQL column <code>msgs.subject</code> doesn't support storing emoji characters.</li>
</ul>
</li>
<li>
<p>ClamAV:</p>
<ul>
<li>Fixed: incorrect permission of database directory on RHEL/CentOS.</li>
<li>Fixed: not install package <code>libclamavunrar9</code> on Ubuntu for rar files.</li>
</ul>
</li>
<li>
<p>mlmmj (Mailing list manager):</p>
<ul>
<li>Fixed: do not abort if <code>altermime</code> program is not available.</li>
</ul>
</li>
<li>
<p>Fail2ban:</p>
<ul>
<li>It now works on OpenBSD.</li>
<li>Improve rsyslog config file to catch all fail2ban log.</li>
<li>Improve ban action to query and store country of IP address in SQL db.</li>
<li>Enable jail to catch iRedAdmin-Pro login failures.</li>
<li>Add cron job to unban IP addresses which are pending for removal.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>Roundcube webmail 1.4.3</li>
<li>iRedAPD-3.6</li>
<li>netdata-1.21.1</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>Fixed: file <code>/etc/rsyslog.d/1-iredmail-iredapd.conf</code> was incorrectly
rewritten by Prosody component.</li>
<li>Fixed: there's incorrect rsyslog setting in file
<code>/etc/rsyslog.d/0-iredmail-misc.conf</code>, this file is now removed.</li>
</ul>
</li>
</ul>
<h2 id="20200210">Version: 2020021001 (Feb 10, 2020)</h2>
<ul>
<li>
<p>PostgreSQL backend:</p>
<ul>
<li>Fixed: improper index type on SQL table <code>sender_relayhost</code>.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Fixed: Backup MX doesn't work.</li>
<li>Fixed: [LDAP backend] improper filter which causes missing external
members while querying (not-subscribeable) mailing list with alias domain.</li>
<li>Add 3 files for custom settings:<ul>
<li><code>/opt/iredmail/custom/postfix/aliases</code>: alias file.</li>
<li><code>/opt/iredmail/custom/postfix/sender_bcc</code>: hash file.</li>
<li><code>/opt/iredmail/custom/postfix/recipient_bcc</code>: hash file.</li>
</ul>
</li>
</ul>
</li>
<li>
<p>Roundcube:</p>
<ul>
<li>Enable plugin <code>markasjunk</code> by default. When message is moved to Junk
folder, it will be learnt as spam message. When message is moved from
Junk to any other folder, it will be learnt as clean message.</li>
</ul>
</li>
<li>
<p>Antispam:</p>
<ul>
<li>Explicitly specify (DKIM) signed header fields.</li>
<li>Use default Amavisd verbose log template.</li>
<li>Add few more custom scores in SpamAssassin to catch spams when <code>From:</code>
equals to <code>To:</code> address.</li>
<li>Fixed:<ul>
<li>Don't block attachment with macro in ClamAV.
Parameter <code>OLE2BlockMacros</code> was set to <code>true</code>, it's now <code>false</code>.</li>
<li>Not update apparmor config file to grant privilege for virus scanning
on Debian 10.</li>
</ul>
</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>Fixed: make sure log directory is not writable by group or other,
otherwise logrotate will refuse to rotate log files.</li>
</ul>
</li>
<li>
<p>Firewalll:</p>
<ul>
<li>Correctly disable ping flood with nftables on Debian 10.</li>
</ul>
</li>
<li>
<p>Netdata:</p>
<ul>
<li>Disable checks for energid. It uses port 9998, but it's used by
Amavisd-new on iRedMail server, this causes error message in
Amavisd log file each time netdata starts.</li>
</ul>
</li>
<li>
<p>Backup scripts:</p>
<ul>
<li>Backup scripts don't rely on Python to calculate dates anymore.</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>Fixed: Updating MariaDB/PostgreSQL/OpenLDAP/SOGo separatedly didn't
update their backup scripts.</li>
<li>New options for cross-domain user query and global address book in
SOGo Groupware.</li>
<li>Increase php-fpm setting <code>request_slowlog_timeout</code> to 60 seconds.</li>
<li>Updated Postfix package in iRedMail yum repo for PostgreSQL backend on
CentOS 7.</li>
<li>On OpenBSD system, update the latest errata patch names.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>Roundcube-1.4.2</li>
<li>iRedAdmin-1.0</li>
<li>iRedAPD-3.4</li>
<li>adminer-4.7.6</li>
</ul>
</li>
</ul>
<h2 id="20191210">Version: 2019121301 (Dec 13, 2019)</h2>
<ul>
<li>Package updates:<ul>
<li>iRedAdmin-Pro (SQL edition)</li>
</ul>
</li>
</ul>
<h2 id="20191210">Version: 2019121001 (Dec 10, 2019)</h2>
<ul>
<li>Fixed issues:<ul>
<li>Incorrect setting in netdata main config file (netdata.conf).</li>
<li>Not remove opendmarc package, config files, SQL db and cron jobs.</li>
</ul>
</li>
</ul>
<h2 id="20191209">Version: 2019120901 (Dec 09, 2019)</h2>
<ul>
<li>
<p>Firewall:</p>
<ul>
<li>On Debian 10, allow ping in nftables firewall.</li>
</ul>
</li>
<li>
<p>iRedAdmin:</p>
<ul>
<li>Fixed: incorrect syslog id in uwsgi config file.</li>
<li>Simplify log format.</li>
</ul>
</li>
<li>
<p>mlmmjadmin:</p>
<ul>
<li>Simplify log format.</li>
</ul>
</li>
<li>
<p>netdata:</p>
<ul>
<li>Replace few Python collectors by Go modules for better performance.</li>
<li>Monitor BIND DNS service.</li>
<li>Disable email notification since netdata is too sensitive and the
notification message is "useless".</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>Roundcube webmail 1.4.1. It offers a shiny new web UI.</li>
<li>netdata-1.19.0</li>
<li>iRedAPD-3.3</li>
<li>iRedAdmin-0.9.9</li>
<li>adminer-4.7.5</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>On OpenBSD system, if latest security errata hasn't been applied,
iRedMail deployment will abort with detailed warning message to remind
sysadmin to apply the patches with <code>syspatch</code> command.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20191112">Version: 2019111201 (Nov 12, 2019)</h2>
<ul>
<li>
<p>iRedMail Easy now supports OpenBSD 6.6.</p>
<p>Warning: OpenBSD 6.4 and 6.5 support will be dropped when 6.7 is out.</p>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>Create and use custom (empty) global sieve rule file by default.</li>
<li>Log more events: save, copy, mailbox_create.</li>
</ul>
</li>
<li>
<p>Netdata:</p>
<ul>
<li>Fixed: incorrect hostname in alarm notification email.</li>
</ul>
</li>
<li>
<p>OpenLDAP:</p>
<ul>
<li>Create directory <code>/opt/iredmail/custom/openldap/schema/</code> to store extra
LDAP schema files.</li>
</ul>
<p>Apparmor config file has been updated on Ubuntu to allow <code>slapd</code> program
to read config files from this directory.</p>
<ul>
<li>Use <code>mdb</code> database since OpenBSD 6.6. OpenBSD 6.5 uses <code>hdb</code>.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Bypass facebook.com HELO hostnames which contain IP addresses.</li>
</ul>
</li>
<li>
<p>Roundcube:</p>
<ul>
<li>Upgrade to version 1.4.0, released on Nov 10, 2019.</li>
</ul>
</li>
<li>
<p>Changes to iRedMail Easy platform:</p>
<ul>
<li>Fix aborted installation if Ansible fact <code>ansible_all_ipv6_addresses</code> is
undefined.</li>
<li>Upgrade pip to the latest version before installing web.py on Debian 10.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20191022">Version: 2019102201 (Oct 22, 2019)</h2>
<ul>
<li>
<p>OpenLDAP:</p>
<ul>
<li>Remove 2 unused LDAP schema files: <code>calentry.schema</code>, <code>calresource.schema</code>.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Fixed incorrect CA file on OpenBSD.</li>
<li>Add <code>LIMIT 1</code> in SQL queries for better performance.</li>
</ul>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>Log ssl protocol and cipher information for login session.
e.g. "TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)"</li>
</ul>
</li>
<li>
<p>Firewall:</p>
<ul>
<li>Fixed: not filter IPv4/IPv6 addresses while generating iptables rules.</li>
<li>Fixed: not enable ipv6-icmp in firewall.</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>Make sure Apache/Lighttpd service is not enabled, otherwise Nginx may
not be able to start due to 80/443 ports are used by them.</li>
</ul>
</li>
<li>
<p>AntiSpam:</p>
<ul>
<li>OpenDMARC has been removed due to internal bug which caused incorrect
email rejection. Bug reported to upstream:
https://github.com/trusteddomainproject/OpenDMARC/issues/50</li>
</ul>
</li>
<li>
<p>autodiscover:</p>
<ul>
<li>Fixed the <code>Undefined offset</code> php error.</li>
<li>Log the schema data sent by remote MUA, also the settings sent to MUA.</li>
<li>Log file is now <code>/var/log/autoconfig/autoconfig.log</code>.</li>
</ul>
</li>
<li>
<p>netdata:</p>
<ul>
<li>If component <code>Nginx</code> was not chosen, netdata is inaccessible although
Nginx is actually deployed as dependent component.</li>
<li>
<p>Move http auth file to <code>/opt/iredmail/custom/netdata/</code>.</p>
<p>Since netdata-1.17.0, netdata sets permission of directory
<code>/opt/netdata/etc/netdata/</code> to 0700, this causes Nginx can not read
the http auth file.</p>
</li>
</ul>
</li>
<li>
<p>Backup scripts:</p>
<ul>
<li>It now removes old empty backup directories.</li>
</ul>
</li>
<li>
<p>Changes to iRedMail Easy platform:</p>
<ul>
<li>Not add <code>priority</code> parameter in iRedMail yum repo. (CentOS 7 only)</li>
<li>Able to whitelist IP or CIDR newtorks in fail2ban.</li>
<li>Do not forward systemd journald log to syslog.</li>
<li>Run shell script <code>/opt/iredmail/custom/openldap/custom.sh</code> while
deploying or upgrading OpenLDAP. You can write shell commands in this
file to update other config files for advanced customization. for
example, updating <code>/etc/sysconfig/slapd</code> (CentOS) or
<code>/etc/ldap/slapd</code> (Debian/Ubuntu) to make OpenLDAP listening on all
available network interfaces and IP addresses.</li>
<li>Add Fail2ban related info in <code>/root/iRedMail/iRedMail.tips</code>.</li>
<li>Make sure no SysV script and rule files for 'iptables' service on
Debian 10.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>netdata -&gt; 1.18.1</li>
<li>iredapd -&gt; 3.2</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190906">Version: 2019090601 (Sep 06, 2019)</h2>
<ul>
<li>
<p>Postfix:</p>
<ul>
<li>Sign DKIM signature for locally generated emails, like auto-reply (a.k.a
vacation) message.</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>Redirect URI <code>/adminer/</code> to <code>/adminer</code>.</li>
</ul>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>
<p>Add setting <code>sieve_redirect_envelope_from=recipient</code>. It's used to
rewrite sender address in redirected message (with sieve directive
<code>redirect</code>) to the final recipient address of the message.</p>
<p>For example, <code>someone@gmail.com</code> sends an email to <code>user@domain.com</code>
which is hosted on your server, and this user has sieve rule to
redirect received message to <code>forward@3rd-domain.com</code>, with default
Dovecot setting (<code>sieve_redirect_envelope_from=sender</code>), user
<code>forward@3rd-domain.com</code> will receive this email with sender address
<code>someone@gmail.com</code> in mail header, but with
<code>sieve_redirect_envelope_from=recipient</code>, the sender address will
be <code>user@domain.com</code>.</p>
</li>
<li>
<p>Log <code>delivery_time</code> of LDA/LMTP.</p>
</li>
</ul>
</li>
<li>
<p>php-fpm:</p>
<ul>
<li>Set value of <code>post_max_size</code> 1MB larger than <code>upload_max_filesize</code>, so
that Roundcube can successfully upload mail attachment.</li>
</ul>
</li>
<li>
<p>OpenDMARC:</p>
<ul>
<li>Add shell script and cron job to update <code>public_suffix_list.dat</code> every
2 days.</li>
</ul>
</li>
<li>
<p>SpamAssassin:</p>
<ul>
<li>Set 3 custom scores in SpamAssassin to catch more spams.<ul>
<li><code>score SPF_FAIL 5</code>: sender does not match SPF record (fail)</li>
<li><code>score TO_EQ_FM_SPF_FAIL 5</code>: To == From and external SPF failed</li>
<li><code>score TO_EQ_FM_DOM_SPF_FAIL 5</code>: To domain == From domain and external SPF failed</li>
</ul>
</li>
</ul>
</li>
<li>
<p>ClamAV:</p>
<ul>
<li>Increase systemd timeout value to avoid startup failure on low memory
server.</li>
</ul>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>Improper postrotate command for logrotate program on Linux.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>roundcube -&gt; 1.3.10</li>
<li>adminer -&gt; 4.7.3</li>
<li>iRedAPD -&gt; 3.1</li>
<li>netdata -&gt; 1.17.0</li>
<li>iRedAdmin -&gt; 0.9.8</li>
</ul>
</li>
<li>
<p>Changes to iRedMail Easy platform:</p>
<ul>
<li>Firewall rule always opens port 22 for ssh.</li>
<li>Add <code>curl</code> as required packages.</li>
<li>Use package branch (<code>%7.3</code>) instead of version number for php on OpenBSD.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190802">Version: 2019080201 (Aug 02, 2019)</h2>
<ul>
<li>
<p>Dovecot:</p>
<ul>
<li>Fixed: not add required SQL column <code>mailbox.enablequota-status</code>. This
will cause mail rejection.</li>
</ul>
</li>
<li>
<p>Firewall:</p>
<ul>
<li>Run <code>/opt/iredmail/custom/firewall/custom.sh</code> after each deployment.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190801">Version: 2019080101 (Aug 01, 2019)</h2>
<ul>
<li>It now supports Debian 10.</li>
<li>
<p>Dovecot:</p>
<ul>
<li>Enable quota-status service used to query mailbox quota.</li>
<li>Fixed: Not install package <code>dovecot-mysql</code> for OpenLDAP backend on CentOS.</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>Lookup user's mailbox quota status from Dovecot quota-status service,
reject email if mailbox is over quota. This will help save system
resources used for spam/virus scanning, avoids "sender non-delivery
notification" bounce message.</li>
<li>Fixed: not copy <code>/etc/resolv.conf</code> to <code>/var/spool/postfix/etc/</code>.</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>Fixed: improper order while loading modular config files.</li>
<li>
<p><strong>ATTENTION</strong>: directive <code>ssl on;</code> has been removed (in
<code>/etc/nginx/templates/ssl.tmpl</code>) due to it's deprecated by Nginx itself.
If you have custom web host, please use <code>listen &lt;port&gt; ssl;</code> in the
<code>server {}</code> block (in <code>/etc/nginx/sites-enabled/*.conf</code>) instead.</p>
<p>For example:</p>
<ul>
<li>
<p>Old config file <code>/etc/nginx/sites-enabled/00-default-ssl.conf</code>:</p>
<p><code>server {
listen 443;
...
}</code></p>
</li>
<li>
<p>New directive:</p>
<p><code>server {
listen 443 ssl;
...
}</code></p>
</li>
</ul>
</li>
</ul>
</li>
<li>
<p>Firewall:</p>
<ul>
<li>Port 465 (SMTP over SSL) is not open in firewall when the service is
enabled.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>adminer -&gt; 4.7.2</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190715">Version: 2019071501 (Jul 15, 2019)</h2>
<ul>
<li>
<p>OpenDMARC integration.</p>
<ul>
<li>The integration is enabled by default. To disable it, please go to
mail server profile page, toggle on option <code>Disable DMARC</code> under
<code>Settings</code> tab.</li>
<li>Unfortunately, OpenBSD 6.5 and earlier releases don't have such
integration due to binary package missing. The good news is the latest
ports tree already has it and binary package is available for OpenBSD
-snapshot branch.</li>
</ul>
</li>
<li>
<p>Roundcube:</p>
<ul>
<li>New config files used to store custom settings for official plugins:<ul>
<li><code>password</code> plugin: <code>/opt/iredmail/custom/roundcube/config_password.inc.php</code></li>
<li><code>managesieve</code> plugin: <code>/opt/iredmail/custom/roundcube/config_managesieve.inc.php</code></li>
</ul>
</li>
</ul>
</li>
<li>
<p>Postfix:</p>
<ul>
<li>
<p>Fixed: improper order of restriction rules in <code>smtpd_sender_restrictions</code>.</p>
<p>File <code>/etc/postfix/sender_access.pcre</code> is not used anymore, all content
in this file should be moved to
<code>/opt/iredmail/custom/postfix/sender_access.pcre</code> instead.</p>
</li>
</ul>
</li>
<li>
<p>Nginx:</p>
<ul>
<li>Compress more file types with gzip module (<code>/etc/nginx/conf-available/gzip.conf</code>).</li>
</ul>
</li>
<li>
<p>Few programs moved and/or renamed:</p>
<ul>
<li><code>/opt/iredmail/bin/fail2ban_unbanip</code> -&gt; <code>/opt/iredmail/bin/fail2ban/unbanip</code>.</li>
<li><code>/opt/iredmail/bin/generate_password_hash.py</code> -&gt; <code>/opt/iredmail/bin/generate_password_hash</code>.</li>
<li><code>/opt/iredmail/bin/dovecot/scan_reported_mails.sh</code> -&gt; <code>/opt/iredmail/bin/dovecot/scan_reported_mails</code></li>
</ul>
</li>
<li>
<p>Fixed issues of iRedMail Easy platform:</p>
<ul>
<li>If IPv6 is disabled, installation will be abort due to Nginx is
configured (by Debian/Ubuntu packaging) to listen on IPv6 address.</li>
<li>If no PHP applications are going to be installed, no php-fpm related
configuration should be enabled (<code>/etc/nginx/templates/misc.tmpl</code>).</li>
<li>Make sure installed services are running while cleaning up the deployment.</li>
<li>Not run <code>freshclam</code> immediately to fetch/update ClamAV virus database.</li>
<li>Removing unused ClamAV log file (/var/log/clamav/clamav.log) causes
error in cron job added by ClamAV package.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>iRedAPD 3.0. It fixes a critical bug of throttle plugin.</li>
<li>iRedAdmin-Pro. Note: it requires a valid iRedAdmin-Pro license.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190606">Version: 2019060601 (Jun 06, 2019)</h2>
<ul>
<li>
<p>Fail2ban:</p>
<ul>
<li>Remove jail 'sshd-ddos'. Fail2ban doesn't ship its filter conf anymore.</li>
</ul>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>Set default client_limit and process_limit based on memory size.</li>
</ul>
</li>
<li>
<p>autoconfig:</p>
<ul>
<li>Fixed: not handle URI <code>/.well-known/autoconfig/mail/config-v1.1.xml</code>.</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>Able to ban/unban given file types.</li>
<li>Remove deprecated ClamAV parameters.</li>
<li>Remove unused ClamAV log file (/var/log/clamav/clamav.log).</li>
<li>Able to disable HELO hostname DNS check.</li>
<li>Fixed: not always restart iRedAdmin service to reload the code of new version.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>iRedAPD 2.9. It fixes 2 bugs.</li>
<li>netdata 1.15.0</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190428">Version: 2019042801 (Apr 28, 2019)</h2>
<ul>
<li>
<p>Postfix:</p>
<ul>
<li>Enable header/body checks for email injected by Amavisd.</li>
<li>Fixed: not load custom <code>header_checks</code> and <code>body_checks</code> pcre maps.</li>
<li>Fixed: port 1025/10025/10028 are not listening on only 127.0.0.1.</li>
<li>Fixed: per-user bcc doesn't work with MySQL/MariaDB backends.</li>
</ul>
</li>
<li>
<p>SOGo:</p>
<ul>
<li>[PostgreSQL backend] Fix incorrect owner of SQL VIEWs used for address
books.</li>
<li>[SQL backends] Fix incorrect SQL VIEWs which causes error to display
contacts in address books.</li>
<li>[SQL backends] Display all contacts directly in per-domain address book.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>iRedAPD 2.8</li>
<li>iRedAdmin 0.9.7 (open source edition)</li>
<li>netdata 1.14.0</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>
<p>Supports OpenBSD 6.5.</p>
<p>WARNING: OpenBSD 6.4 support will be removed when OpenBSD 6.6 is out.
That means you must upgrade OpenBSD 6.4 to 6.5 before 6.6 is out.</p>
</li>
<li>
<p>Fixed: not enable php ldap extension for Roundcube for OpenLDAP backend.</p>
</li>
<li>Do not always update SOGo packages.
We're using SOGo nightly build, it's not always stable, upgrading may
cause issue.</li>
<li>Send <code>iRedMail.tips</code> file to postmaster after deployment.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190402">Version: 2019040201 (Apr 02, 2019)</h2>
<ul>
<li>
<p>Roundcube</p>
<ul>
<li>Upgrade to 1.3.9 (<a href="https://github.com/roundcube/roundcubemail/releases/tag/1.3.9">Detailed ChangeLog</a>.)</li>
</ul>
</li>
<li>
<p>Dovecot:</p>
<ul>
<li>
<p>Able to track user last (POP3/IMAP) login for OpenLDAP and MariaDB
backends. It's disabled by default, you can enable it in iRedMail Easy
user portal, in mail server profile page, tab "Settings".</p>
<p>Note: Dovecot doesn't support this with PostgreSQL yet.</p>
<p>Here's detailed tutorial to show you what changes are applied to Dovecot:
<a href="https://docs.iredmail.org/track.user.last.login.html">Track user last login time</a>.</p>
</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>Send <code>iRedMail.tips</code> file to postmaster after deployment.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190327">Version: 2019032701 (Mar 27, 2019)</h2>
<ul>
<li>
<p>Dovecot:</p>
<ul>
<li>Improve <code>imapsieve</code> setting to handle different IMAP command sent by
Microsoft Outlook (it sometimes uses <code>APPEND</code> instead of <code>COPY</code> for
moving message to another folder).</li>
</ul>
</li>
<li>
<p>iRedAPD:</p>
<ul>
<li>
<p>Update to version 2.7, with SRS (Sender Rewriting Scheme) support.</p>
<p>Note: SRS is disabled by default, you can enable it in mail server
profile page with the iRedMail Easy web UI.</p>
</li>
<li>
<p>Switch logging to syslog (and logrotate).</p>
</li>
</ul>
</li>
<li>
<p>iRedAdmin:</p>
<ul>
<li>Update to 0.9.6.</li>
</ul>
</li>
<li>
<p>BIND (local cache-only DNS server):</p>
<ul>
<li>Set syslog facility to 'local5'.</li>
</ul>
</li>
<li>
<p>netdata:</p>
<ul>
<li>Update to version 1.13.0.</li>
<li>Switch logging to syslog (and logrotate).</li>
<li>Disable sending anonymous statistics to netdata cloud.</li>
</ul>
</li>
<li>
<p>SpamAssassin:</p>
<ul>
<li>Add one custom rule to catch porn spams.</li>
<li>Fixed: not create required SQL tables for bayes.</li>
</ul>
</li>
<li>
<p>AutoConfig/AutoDiscover</p>
<ul>
<li>Domain name <code>autoconfig.&lt;domain&gt;</code> and <code>autodiscover.&lt;domain&gt;</code> are not
required if the web domain is hosted on iRedMail server, Outlook will
look for <code>https://&lt;web-domain&gt;/autodiscover/autodiscover.xml</code>.</li>
</ul>
</li>
<li>
<p>Fail2ban:</p>
<ul>
<li>Slightly loose filter for postfix to reduce unexpected ban caused by
Outlook for macOS.</li>
</ul>
</li>
<li>
<p>SOGo:</p>
<ul>
<li>Enable per-domain global address book for OpenLDAP backend by default.
We sponsored SOGo team to implement this feature:
https://sogo.nu/bugs/view.php?id=3685
Note: it requires SOGo nightly build version '4.0.7.20190318' or later,
OpenBSD 6.4 doesn't support this feature due to old SOGo package.</li>
<li>Enable builtin IMAP4 pooling by default. User should notice faster IMAP
operations.</li>
</ul>
</li>
<li>
<p>Backup:</p>
<ul>
<li>Backup OpenLDAP data with option <code>-o ldif-wrap=no</code>, to avoid break long
line to multiple lines. The dumped LDIF file is easier to work with
<code>grep</code> and other command line tools.</li>
</ul>
</li>
<li>
<p>Improvements of iRedMail Easy platform:</p>
<ul>
<li>Make sure OpenLDAP service is running before populating data.</li>
<li>Make Nginx/Dovecot/Postfix not listen on address <code>::1</code> if system doesn't
have IPv6 support.</li>
<li>Slightly reduce Amavisd max_servers to same as RAM (GB) for better
stability.</li>
<li>Always check and make sure major components are the latest versions.</li>
<li>Always update major components (postfix/dovecot/sogo/fail2ban/...) to the
latest stable release.</li>
<li>Always print command output of <code>nginx -t</code> for troubleshooting before
restart nginx servvice, it's very useful for troubleshooting.</li>
<li>New option <code>Trusted clients</code> in mail server profile page, under tab
<code>Settings</code>. You can list all trusted IP addresses or CIDR networks here,
they will be whitelisted by few components:<ul>
<li>Postfix: parameter <code>mynetworks</code> in <code>/etc/postfix/main.cf</code></li>
<li>iRedAPD: parameter <code>MYNETWORKS</code> in <code>/opt/iredapd/settings.py</code></li>
<li>Fail2ban: parameter <code>ignoreip</code> in <code>/etc/fail2ban/ignoreip.local</code></li>
</ul>
</li>
</ul>
</li>
<li>
<p>Fixed issues of iRedMail Easy platform:</p>
<ul>
<li>Incorrect permission of directories used to store prosody custom modules
and config files.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190219">Version: 2019021901 (Feb 19, 2019)</h2>
<ul>
<li>
<p>Improvements:</p>
<ul>
<li>Able to remove ssh public key on target server.</li>
<li>SSH keys which were generated 7 days ago will be removed automatically
from iRedMail Easy platform.</li>
</ul>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>php-fpm: not reopen log file after rotation.</li>
<li>mlmmjadmin:<ul>
<li>Incorrect LDAP base dn in config file.</li>
<li>Do not return error if mailing list directory doesn't exist.</li>
</ul>
</li>
<li>Incorrect iRedAPD plugin name for OpenLDAP backend.</li>
<li>Few bugs with in Ansible deployment code.</li>
</ul>
</li>
<li>
<p>Package updates:</p>
<ul>
<li>mlmmjadmin -&gt; 2.1</li>
<li>iRedAdmin (open source edition) -&gt; 0.9.5</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190130">Version: 2019013001 (Jan 30, 2019)</h2>
<ul>
<li>Set max open file limit by SOGo daemon to unlimited.</li>
<li>Able to set memcached cache size (in MB).</li>
<li>Able to disable spam/virus scanning.</li>
<li>Able to deploy iRedAdmin-Pro with your license key.</li>
<li>Able to custom http/https network ports, max file size of (web) upload file.</li>
<li>Enable bayes auto-learn in SpamAssassin, and store bayes in SQL db.</li>
<li>Increase scores of DNSBL relevant spamassassin rules to catch more spams.</li>
<li>
<p>Enable imapsieve plugin in Dovecot by default.</p>
<p>Message moved to Junk folder will be copied to a directory for spam
learning later, vice verse, message moved out of Junk will be copied
for ham learning later.</p>
<p>The spam/ham learning will be performed every 10 minutes with a cron job.</p>
<p><strong>Now encourage your users to report spams by moving spams to <code>Junk</code> folder. :)</strong></p>
</li>
<li>
<p>Fixed issues:</p>
<ul>
<li>Can not login to XMPP service (Prosody) due to incorrect permission of
auth module files.</li>
<li>ip6tables failed to start on server which doesn't have IPv6 address.</li>
</ul>
</li>
<li>
<p>Updated packages:</p>
<ul>
<li>mlmmjadmin-2.0</li>
<li>adminer-4.7.1</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20190102">Version: 2019010201 (Jan 2, 2019)</h2>
<blockquote>
<p>Hello, 2019. :)</p>
</blockquote>
<ul>
<li>Updated packages:<ul>
<li>iRedAPD-2.4. Fixed a greylisting issue.</li>
</ul>
</li>
<li>Fixed issues:<ul>
<li>Not correctly set owner and permission of custom Postfix config files
and hash db files.</li>
<li>Not remove unused modular nginx config file for iredadmin.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20181223">Version: 2018122301 (Dec 23, 2018)</h2>
<ul>
<li>Fixed:<ul>
<li>Improper dovecot ldap/sql queries which doesn't convert upper cases of
maildir to lower cases.</li>
</ul>
</li>
</ul>
<h2 class="old_release" id="20181217">Version: 2018121701 (Dec 17, 2018)</h2>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<ul>
<li>This is the first public release. :)</li>
<li>The version number is the date when it's released, it's easier to
understand whether you're running the latest stable release. It's also
stored in file <code>/etc/iredmail-release</code> on your server.</li>
</ul>
</div>
<ul>
<li>New directory <code>/opt/www/well-known</code>, mostly used for Let's Encrypt cert
request.</li>
<li>Download source tarball of web applications to iRedMail deploy server first,
then upload it to target host. If target host can not access website like
github.com, we can still download required packages for iRedMail deployment.</li>
<li>Firewall:<ul>
<li>Add rc script and firewall rule for ipv6 on Debian/Ubuntu:<ul>
<li><code>/etc/init.d/ip6tables</code></li>
<li><code>/etc/default/ip6tables</code></li>
</ul>
</li>
</ul>
</li>
<li>OpenLDAP backend:<ul>
<li>Do not enable TLS/SSL support in OpenLDAP by default.</li>
<li>Add database <code>monitor</code> by default.</li>
<li>Include calresource.schema and calentry.schema by default. Required
by SOGo for resource management.</li>
<li>Index attribute <code>departmentNumber</code>.</li>
</ul>
</li>
<li>Fail2ban:<ul>
<li>Remove duplicate filter rules for Postfix postscreen service.</li>
</ul>
</li>
<li>SOGo:<ul>
<li>Add new parameters to support resource management.</li>
<li>Add mail aliases and mailing lists as address book.</li>
<li>Fix incorrect column name in SQL views.</li>
</ul>
</li>
<li>netdata:<ul>
<li>Supports monitoring OpenLDAP.</li>
</ul>
</li>
<li>Fixed:<ul>
<li>Ubuntu: Missing apparmor rule to allow ClamAV to scan emails.</li>
<li>not enable php-fpm status support in Nginx and netdata.</li>
<li>not load rsyslog module <code>imjournal</code> for rate limit control.</li>
</ul>
</li>
<li>Package update:<ul>
<li>netdata -&gt; 1.11.1</li>
<li>adminer -&gt; 4.7.0</li>
</ul>
</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>
Reference in New Issue View Git Blame Copy Permalink