9.1 KiB
Upgrade iRedMail from 0.5.0 to 0.5.1
[TOC]
!!! note "Paid Remote Upgrade Support"
We offer remote upgrade support if you don't want to get your hands dirty,
check [the details](https://www.iredmail.org/support.html) and
[contact us](https://www.iredmail.org/contact.html).
ChangeLog
- 2009-11-03: Explain why we need extra SQL columns. Thanks Rashef@forum.
- 2009-11-03: Fix file name of LDAP schema. Thanks Bronkoo@twitter.
- 2009-11-02: Use python script to update LDAP data. ldapsearch will wrap long line, it breaks dn value. Thanks yangbajing@bbs for report this issue.
- 2009-11-02: Fix typo error. Thanks sdaniel@bbs.
- 2009-11-02: Add domain alias support.
General (All backends should apply these steps)
Apply hotfixes
- 2009-10-28: Missing syslog setting. (Ubuntu 8.04 + LDAP backend only)
- 2009-09-10: Maill forwarding and bcc are invalid
- 2009-08-21: per-user mail filter setting
Enable proxymap
in SQL/LDAP query maps
Set proxy_read_maps
in postfix, so that we can use proxymap(8)
daemon which
is part of postfix to reduce the number of connections to MySQL/LDAP and
greatly reduces system load.
# postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps'
Add @mynetworks
in /etc/amavis/conf.d/50-user
(Debian/Ubuntu only)
# Part of file: /etc/amavis/conf.d/50-user
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
NOTE: They are trusted subnets (amavisd-new default setting), mail sent from these subnets will be bypassed for anti-spam and anti-virus.
Convert SQL columns from latin to utf8 in policyd database
Convert some columns of policyd database from latin to utf8, so that we can
add non-ascii characters in description
column.
$ mysql -uroot -p policyd
mysql> ALTER TABLE blacklist MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE blacklist_sender MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE whitelist MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE whitelist_dnsname MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
mysql> ALTER TABLE whitelist_sender MODIFY COLUMN _description CHAR(60) CHARACTER SET utf8;
NOTE: Policyd database name is policyd
(on RHEL/CentOS) or postfixpolicyd
(on Debian/Ubuntu).
OpenLDAP backend only
Replace old LDAP schema file with the new one shipped in iRedMail-0.5.1.
# --- BELOW ARE SHELL COMMANDS ----
# cd /etc/openldap/schema/ # Note: On Debian/Ubuntu, path is /etc/ldap/schema/
# cp iredmail.schema iredmail.schema.bak
# cd /root
# wget http://iredmail.googlecode.com/hg/tags/0.5.1/samples/iredmail.schema
# mv -i /root/iredmail.schema /etc/openldap/schema/
# /etc/init.d/ldap restart # Note: On Debian/Ubuntu, path is /etc/init.d/slapd
NOTE: New LDAP schema provides several new attributes, but it's backwards compatibility, it's SAFE to replace the old one without additional operations.
Use proxymap to improve performance and reliability under high load.
Prepend proxy:
to the beginnning of all LDAP lookup table definitions in
postfix configuration file: /etc/postfix/main.cf
. For example:
# Part of file: /etc/postfix/main.cf
# Old setting:
#virtual_alias_maps = ldap:/etc/postfix/ldap_virtual_alias_maps.cf
# New setting. Add 'proxy:'.
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf
Restrict POP3S/IMAPS service in Dovecot
Update dovecot settings to restrict POP3S & IMAPS in /etc/dovecot-ldap.conf
(on RHEL/CentOS) or /etc/dovecot/dovecot-ldap.conf
(on Debian/Ubuntu),
support domain alias and user shadow address.
# Part of file: dovecot-ldap.conf
# Old setting:
#base = ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org
#user_filter = (&(mail=%u)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls))
#pass_filter = (mail=%u)
# New setting (user_filter is same as pass_filter):
base = o=domains,dc=iredmail,dc=org
user_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
Restarting Dovecot service is required.
Enable POP3S/IMAPS services for all mail users
- Make sure you have python-ldap module installed.
# python
>>> import ldap
If it raises error message ImportError: No module named ldap
, you have to
install python-ldap module first.
# easy_install python-ldap==2.3.8
- Download script tool to update LDAP values.
# wget http://iredmail.googlecode.com/hg/extra/update/updateLDAPValues_050_to_051.py
- Open downloaded file, set correct LDAP base dn, bind dn, and bind password. Example:
# Part of file: updateLDAPValues_050_to_051.py
uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=iredmail,dc=org'
bind_dn = 'cn=Manager,dc=iredmail,dc=org'
bind_pw = 'passwd'
- Execute the script to update LDAP data
# python updateLDAPValues_050_to_051.py
Add domain alias support
Add domain alias support in postfix ldap lookup table file: /etc/postfix/ldap_virtual_mailbox_domains.cf
.
# Part of file: /etc/postfix/ldap_virtual_mailbox_domains.cf
# ---- Old setting ----
query_filter = (&(objectClass=mailDomain)(domainName=%s)(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail))
# ---- New setting ----
query_filter = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail))
Add missing service control in Postfix LDAP lookup table
Add missing service control in postfix ldap lookup table file: /etc/postfix/ldap_virtual_mailbox_maps.cf
:
# Part of file: /etc/postfix/ldap_virtual_mailbox_maps.cf
# OLD setting
#query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail))
# NEW setting
query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver))
Add missing attributes in LDAP ACL and index control
Add shadowAddress
and employeeNumber
attribute names in
/etc/openldap/slapd.conf
(RHEL/CentOS) or /etc/ldap/slapd.conf
(Debian/Ubuntu) for access control and index.
# Part of file: slapd.conf
# OLD setting
#access to attrs="homeDirectory,mailMessageStore,mail,..."
# NEW setting
access to attrs="shadowAddress,employeeNumber,homeDirectory,mailMessageStore,mail,..."
# OLD setting
#index homeDirectory,mailMessageStore,mailForwardingAddress eq,pres
# NEW setting
index homeDirectory,mailMessageStore,mailForwardingAddress,shadowAddress,employeeNumber eq,pres
MySQL backend only
Add new columns
Add columns used for service control: pop3s, imaps, managesieve:
# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox ADD COLUMN enableimapsecured TINYINT(1) NOT NULL DEFAULT '1';
mysql> ALTER TABLE mailbox ADD COLUMN enablepop3secured TINYINT(1) NOT NULL DEFAULT '1';
mysql> ALTER TABLE mailbox ADD COLUMN enablemanagesievesecured TINYINT(1) NOT NULL DEFAULT '1';
Add columns used to store default user quota size, per-domain default password length control. Will be used in iRedAdmin.
# mysql -uroot -p vmail
mysql> ALTER TABLE domain ADD COLUMN defaultuserquota BIGINT(20) NOT NULL DEFAULT '1024';
mysql> ALTER TABLE domain ADD COLUMN minpasswordlength INT(10) NOT NULL DEFAULT '0';
mysql> ALTER TABLE domain ADD COLUMN maxpasswordlength INT(10) NOT NULL DEFAULT '0';
Use proxymap
to improve performance and reliability under high load in Postfix
Prepend proxy:
to the beginnning of all MySQL lookup table definitions in
postfix configuration file: /etc/postfix/main.cf
. For example:
# Part of file: /etc/postfix/main.cf
# Old setting:
#virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# New setting. Add 'proxy:'.
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
Restrict POP3S/IMAPS services in Dovecot
Update dovecot settings in /etc/dovecot-mysql.conf
(RHEL/CentOS) or
/etc/dovecot/dovecot-mysql.conf
(Debian/Ubuntu) to restrict POP3S/IMAPS
services.
# Part of file: dovecot-mysql.conf
# Old setting:
AND active='1' AND enable%Ls='1' AND expired >= NOW()
# New setting (Add '%Lc'):
AND active='1' AND enable%Ls%Lc='1' AND expired >= NOW()