elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/html_bk/upgrade.iredmail.1.2.1-1.3....

261 lines
14 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Upgrade iRedMail from 1.2.1 to 1.3</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-121-to-13">Upgrade iRedMail from 1.2.1 to 1.3</h1>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-121-to-13">Upgrade iRedMail from 1.2.1 to 1.3</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release">Upgrade iRedAPD (Postfix policy server) to the latest stable release</a></li>
<li><a href="#upgrade-mlmmjadmin-to-the-latest-stable-release">Upgrade mlmmjadmin to the latest stable release</a></li>
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-146">Upgrade Roundcube webmail to the latest stable release (1.4.6)</a></li>
<li><a href="#fixed-can-not-manage-mail-filters-with-roundcube-on-centos-7">Fixed: can not manage mail filters with Roundcube on CentOS 7</a></li>
<li><a href="#fixed-inconsistent-fail2ban-jail-names">Fixed: inconsistent Fail2ban jail names</a></li>
</ul>
</li>
<li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
<li><a href="#add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database">Add missing index for SQL column msgs.time_iso in amavisd database</a></li>
<li><a href="#improvement-store-more-info-in-fail2ban-sql-db">Improvement: Store more info in Fail2ban SQL db</a></li>
</ul>
</li>
<li><a href="#mysqlmariadb-backend-special">MySQL/MariaDB backend special</a><ul>
<li><a href="#add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database_1">Add missing index for SQL column msgs.time_iso in amavisd database</a></li>
<li><a href="#improvement-store-more-info-in-fail2ban-sql-db_1">Improvement: Store more info in Fail2ban SQL db</a></li>
</ul>
</li>
<li><a href="#postgresql-backend-special">PostgreSQL backend special</a><ul>
<li><a href="#improvement-store-more-info-in-fail2ban-sql-db_2">Improvement: Store more info in Fail2ban SQL db</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="admonition note">
<p class="admonition-title">Paid Remote Upgrade Support</p>
<p>We offer remote upgrade support if you don't want to get your hands dirty,
check <a href="https://www.iredmail.org/support.html">the details</a> and
<a href="https://www.iredmail.org/contact.html">contact us</a>.</p>
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>Jun 29, 2020: initial release.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code>1.3
</code></pre>
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release">Upgrade iRedAPD (Postfix policy server) to the latest stable release</h3>
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
<h3 id="upgrade-mlmmjadmin-to-the-latest-stable-release">Upgrade mlmmjadmin to the latest stable release</h3>
<p>Please follow below tutorial to upgrade mlmmjadmin to the latest stable release:
<a href="./upgrade.mlmmjadmin.html">Upgrade mlmmjadmin to the latest stable release</a></p>
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release-146">Upgrade Roundcube webmail to the latest stable release (1.4.6)</h3>
<div class="admonition warning">
<p class="admonition-title">Roundcube 1.4</p>
<p>Since Roundcube 1.3, at least <strong>PHP 5.4</strong> is required. If your server is
running PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube
the latest 1.2 branch instead.</p>
</div>
<p>Roundcube 1.4.6 fixes few security issues, all users are encouraged to upgrade
<em>as soon as possible</em>.</p>
<ul>
<li><a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</li>
</ul>
<p>References:</p>
<ul>
<li>07 June 2020, <a href="https://roundcube.net/news/2020/06/07/updates-1.4.6-and-1.3.13-released">Updates 1.4.6 and 1.3.13 released</a></li>
<li>02 June 2020, <a href="https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12">Security updates 1.4.5 and 1.3.12 released</a></li>
</ul>
<h3 id="fixed-can-not-manage-mail-filters-with-roundcube-on-centos-7">Fixed: can not manage mail filters with Roundcube on CentOS 7</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This is only application to CentOS 7.</p>
</div>
<p>On CentOS 7, the Roundcube official plugin <code>managesieve</code> doesn't work with
TLSv1.1 and TLSv1.2, so we have to re-enable TLSv1 in Dovecot, otherwise you
can not manage mail filters with Roundcube.</p>
<p>Open file <code>/etc/dovecot/dovecot.conf</code>, find the <code>ssl_protocols</code> parameter like
below:</p>
<pre><code>ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
</code></pre>
<p>Remove <code>!TLSv1</code> and restart Dovecot service:</p>
<pre><code>ssl_protocols = !SSLv2 !SSLv3 !TLSv1.1
</code></pre>
<p>Note: TLSv1 and TLSv1.2 are supported with this change.</p>
<h3 id="fixed-inconsistent-fail2ban-jail-names">Fixed: inconsistent Fail2ban jail names</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This is applicable to Linux and OpenBSD.</p>
</div>
<p>iRedMail-1.2 and 1.2.1 introduced <a href="./fail2ban.sql.html">SQL integration in
Fail2ban</a>, but there're few inconsistent jail names which
caused unbanning IP from iRedAdmin-Pro doesn't work. Please run commands below
to fix them.</p>
<pre><code>cd /etc/fail2ban/jail.d/
perl -pi -e 's#dovecot-iredmail#dovecot#g' dovecot.local
perl -pi -e 's#postfix-pregreet-iredmail#postfix-pregreet#g' postfix-pregreet.local
perl -pi -e 's#name=postfix,#name=postfix-pregreet,#g' postfix-pregreet.local
perl -pi -e 's#postfix-iredmail#postfix#g' postfix.local
perl -pi -e 's#roundcube-iredmail#roundcube#g' roundcube.local
perl -pi -e 's#sogo-iredmail#sogo#g' sogo.local
</code></pre>
<h2 id="openldap-backend-special">OpenLDAP backend special</h2>
<h3 id="add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database">Add missing index for SQL column <code>msgs.time_iso</code> in <code>amavisd</code> database</h3>
<p>Please run SQL commands below as MySQL root user:</p>
<pre><code>USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
</code></pre>
<h3 id="improvement-store-more-info-in-fail2ban-sql-db">Improvement: Store more info in Fail2ban SQL db</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Since iRedMail-1.2, Fail2ban is configured to <a href="./fail2ban.sql.html">store banned IP addresses in
SQL database</a>, if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: <a href="./iredmail.releases.html">iRedMail release notes and upgrade tutorials</a>.</p>
</div>
<p>With changes below, we now store more info in Fail2ban SQL database:</p>
<ul>
<li>Matched log lines which triggerred the ban</li>
<li>Number of times the failure occurred until ban</li>
<li>Reverse DNS name of banned IP address</li>
</ul>
<p>Please run SQL commands below as MySQL root user:</p>
<pre><code>USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
</code></pre>
<p>Now open file <code>/etc/fail2ban/action.d/banned_db.conf</code>, find the <code>actionban =</code>
line like below:</p>
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban &lt;ip&gt; &lt;port&gt; &lt;protocol&gt; &lt;name&gt;
</code></pre>
<p>Replace it by:</p>
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban &lt;ip&gt; &lt;port&gt; &lt;protocol&gt; &lt;name&gt; &lt;ipjailfailures&gt; &lt;ipjailmatches&gt;
</code></pre>
<p>Download improved shell script and replace the existing one:</p>
<pre><code>cd /usr/local/bin
wget -O fail2ban_banned_db https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
chmod 0550 fail2ban_banned_db
</code></pre>
<p>Now restart Fail2ban service.</p>
<h2 id="mysqlmariadb-backend-special">MySQL/MariaDB backend special</h2>
<h3 id="add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database_1">Add missing index for SQL column <code>msgs.time_iso</code> in <code>amavisd</code> database</h3>
<p>Please run SQL commands below as MySQL root user:</p>
<pre><code>USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
</code></pre>
<h3 id="improvement-store-more-info-in-fail2ban-sql-db_1">Improvement: Store more info in Fail2ban SQL db</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Since iRedMail-1.2, Fail2ban is configured to <a href="./fail2ban.sql.html">store banned IP addresses in
SQL database</a>, if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: <a href="./iredmail.releases.html">iRedMail release notes and upgrade tutorials</a>.</p>
</div>
<p>With changes below, we now store more info in Fail2ban SQL database:</p>
<ul>
<li>Matched log lines which triggerred the ban</li>
<li>Number of times the failure occurred until ban</li>
<li>Reverse DNS name of banned IP address</li>
</ul>
<p>Please run SQL commands below as MySQL root user:</p>
<pre><code>USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
</code></pre>
<p>Now open file <code>/etc/fail2ban/action.d/banned_db.conf</code>, find the <code>actionban =</code>
line like below:</p>
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban &lt;ip&gt; &lt;port&gt; &lt;protocol&gt; &lt;name&gt;
</code></pre>
<p>Replace it by:</p>
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban &lt;ip&gt; &lt;port&gt; &lt;protocol&gt; &lt;name&gt; &lt;ipjailfailures&gt; &lt;ipjailmatches&gt;
</code></pre>
<p>Download improved shell script and replace the existing one:</p>
<pre><code>wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
</code></pre>
<p>Now restart Fail2ban service.</p>
<h2 id="postgresql-backend-special">PostgreSQL backend special</h2>
<h3 id="improvement-store-more-info-in-fail2ban-sql-db_2">Improvement: Store more info in Fail2ban SQL db</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Since iRedMail-1.2, Fail2ban is configured to <a href="./fail2ban.sql.html">store banned IP addresses in
SQL database</a>, if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: <a href="./iredmail.releases.html">iRedMail release notes and upgrade tutorials</a>.</p>
</div>
<p>With changes below, we now store more info in Fail2ban SQL database:</p>
<ul>
<li>Matched log lines which triggerred the ban</li>
<li>Number of times the failure occurred until ban</li>
<li>Reverse DNS name of banned IP address</li>
</ul>
<p>Please follow steps below to apply required changes.</p>
<ul>
<li>Connect to PostgreSQL server as <code>postgres</code> user and connect to <code>vmail</code> database:<ul>
<li>on Linux, it's <code>postgres</code> user</li>
<li>on FreeBSD, it's <code>pgsql</code> user</li>
<li>on OpenBSD, it's <code>_postgresql</code> user</li>
</ul>
</li>
</ul>
<pre><code>su - postgres
psql -d fail2ban
</code></pre>
<ul>
<li>Run SQL commands below:</li>
</ul>
<pre><code>\c fail2ban;
ALTER TABLE banned ADD COLUMN failures SMALLINT NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN rdns VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX idx_banned_rdns ON banned (rdns);
</code></pre>
<ul>
<li>Open file <code>/etc/fail2ban/action.d/banned_db.conf</code>, find the <code>actionban =</code>
line like below:</li>
</ul>
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban &lt;ip&gt; &lt;port&gt; &lt;protocol&gt; &lt;name&gt;
</code></pre>
<p>Replace it by:</p>
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban &lt;ip&gt; &lt;port&gt; &lt;protocol&gt; &lt;name&gt; &lt;ipjailfailures&gt; &lt;ipjailmatches&gt;
</code></pre>
<ul>
<li>Download improved shell script and replace the existing one:</li>
</ul>
<pre><code>wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
</code></pre>
<ul>
<li>Now restart Fail2ban service.</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>
Reference in New Issue View Git Blame Copy Permalink