38 KiB

Raw Blame History

iRedMail Easy: Release Notes

[TOC]

Version: 2021090801 (Sep 8, 2021) {: id=2021090801 }

Debian Linux 11 (Bullseye) is now supported.

Debian 9 will be dropped in 3 months.

SOGo:
- Able to enable or disable per-user SOGo webmail, calendar and activesync services.
Amavisd:
- Add some useful ban rules. You can assign them in per-user, per-domain or global spam policy page with iRedAdmin-Pro.
  - ALLOW_MS_OFFICE: Allow all Microsoft Office documents.
  - ALLOW_MS_WORD: Allow Microsoft Word documents (.doc, .docx).
  - ALLOW_MS_EXCEL: Allow Microsoft Excel documents (.xls, .xlsx).
  - ALLOW_MS_PPT: Allow Microsoft PowerPoint documents (.ppt, .pptx).
php-fpm:
- Log slow process if doesn't finish in 20 seconds.
Fixed issues:
- Minor issue while setting up MariaDB on CentOS 8.
Package updates:
- iRedAdmin-1.5
- iRedAPD-5.0.3

Version: 2021062401 (Jun 24, 2021) {: id=2021062401 }

Rocky Linux 8 is now supported.
OpenBSD 6.9 is now supported, 6.5, 6.6, 6.7, 6.8 are all dropped.

Dovecot:
- Optional setting to enable FTS (full-text search) integration. Notes:
  - This setting is NOT enabled by default. You can go to mail server profile page, tab "Settings", find setting "Enable FTS (Full-Text Search)" under section "POP3/IMAP services" and enable it.
  - Currently this option is available on CentOS 8, Debian 10, OpenBSD.
  - FTS backend is xapian, no daemon service is running.
mlmmjadmin:
- Fixed: tools/maillist_admin.py: don't call add_subscribers() and remove_subscribers() for backends.
Nginx:
- Do not enable multi_accept on;. Thanks jinleileiking@GitHub.
Fail2ban:
- Use builtin filter file for Dovecot jail.
Fixed issues:
- Anonying logwatch warning about freshclam log file.
- logwatch can not detect and check clamav log files.
- Allow more sendgrid HELO hostnames. Thanks to Jim Nelin for the feedback.
- Allow HELO hostnames used by Amazon EC2 and QQ.com (Tencent).
- Do not enable iRedAPD pulgin amavisd_wblist if antispam component is not enabled.
Package updates:
- adminer 4.8.1
- iRedAPD 5.0.2
- mlmmjadmin 3.1.2
- netdata 1.31.0

Version: 2021041301 (Apr 13, 2021) {: id=2021041301 }

CentOS 8 Stream is now supported.

MariaDB and PostgreSQL backends:
- New SQL table: maillist_owners. Used to store owner of (subscribable) mailing lists.
OpenLDAP:
- New LDAP attributes for objectClass mailList:
  - listOwner: used to store owner(s) of (subscribable) mailing list.
  - listModerator: used to store moderator(s) of (subscribable) mailing list.
Dovecot:
- Log the time of last received message.
Postfix:
- Remove blacklist of reverse DNS name for ddXX.kasserver.com.
- Whitelist HELO hostname used by Microsoft Outlook/Hotmail servers.
Fail2ban:
- Stores (base64) encoded log lines in SQL database, it also helps avoid possible SQL injection.
ClamAV:
- CentOS: ClamAV database is now updated by daemon service clamav-freshclam, not cron job anymore.
Fixed issues:
- Not apply all custom settings defined in /opt/iredmail/custom/<PROGRAM>/custom.sh after system reboot. Note: it's now done by a cron job with special time @reboot for root user.
- /opt/iredmail/bin/create_user: not set correct password and quota size.
Package updates:
- adminer-4.8.0
- iRedAPD-5.0
- netdata-1.30.1
- mlmmjadmin-3.1
- iRedAdmin-1.3

Version: 2021020401 (Feb 4, 2020) {: id=2021020401 }

iRedAPD:
- Fixed: not enable plugin sql_ml_access_policy by default.
Postfix:
- Update rdns match rule to block static.X.X.X.X.clients.your-server.de.
Package update:
- netdata-1.29.0

Version: 2020122801 (Dec 28, 2020) {: id=20201228 }

Package updates:
- Roundcube webmail -> 1.4.10. It's a security and bug fix release, all users are encouraged to upgrade as soon as possible. Check official release page for more details.
- netdata-1.28.0
- web.py-0.62

Version: 2020121101 (Dec 11, 2020) {: id=20201211 }

Postfix:
- If logwatch is installed, enable long queue id support in logwatch.
SpamAssassin:
- Remove rules which caused too many incorrect quarantining: URIBL_SBL, URIBL_SBL_A.
Fail2ban:
- It now works on OpenBSD 6.8.
- Fixed: Can not store banned IP address when country name contains quotes.
- Fixed: possible SQL injection in shell script used by banned_db action.
Fixed issues:
- Not install uwsgi for Python 3 on CentOS 8.
- Not backup Postfix config files main.cf and master.cf if they're regular files.
- Not always install the latest Python module web.py.
Package updates:
- adminer-4.7.8
- iRedAPD-4.7
- iRedAdmin-Pro-LDAP-4.8, iRedAdmin-Pro-SQL-4.7
- mlmmjadmin-3.0.7

Version: 2020102801 (Oct 28, 2020) {: id=20201028 }

Supports now distribution release:
- OpenBSD 6.8. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available. NOTE:
  - Support for OpenBSD 6.6 will be dropped in 6 months.
  - Support for OpenBSD 6.7 will be dropped after 6.9 is out.
  - Fail2ban (0.11.1) is not available due to not fully compatible with the Python 3.8.6 offered by OpenBSD 6.8.
Add /opt/iredmail/custom/custom.sh. It will be ran at the end of EACH deployment.
Postfix:
- Revert the block of default reverse hostnames offered by OVH.com.
Amavisd:
- Log matched virus database name.
- Update regex to match SecuriteInfo virus signature names.
Fixed issues:
- Failed to upgrade ClamAV database on CentOS 7.
- Incorrect rsyslog pid file path on CentOS 7.
- Not upgrade sope* packages while upgrading SOGo packages.
- Can not create PostgreSQL database if locale doesn't match LC_CTYPE.
Package updates:
- iRedAPD-4.6. Python 3.5+ is required.
- mlmmjadmin-3.0.4. Python 3.5+ is required.
- iRedAdmin-1.1. Python 3.5+ is required.
- netdata-1.26.0
- Roundcube webmail 1.4.9

Version: 2020082501 (Aug 25, 2020) {: id=20200825 }

SOGo:

!!! warning

  SOGo may not successfully kill all its child processes and causes sogo
  service failed to start. If it occurs, please stop SOGo service manually
  (`service sogo stop`), kill orphan processes (`pkill -9 sogod`), then start
  it manually (`service sogo restart`).

Upgrade SOGo to the latest v5 branch (nightly bulid) on Linux.
With SOGo v5, it now send email via submission service (port 587) without ssl cert verification.

Nginx:
- Enable http2 for https sites by default.
Amavisd:
- Fix improper SQL column type for column msgs.from_address (changed from VARCHAR to VARBINARY) for MariaDB and OpenLDAP backends.
Dovecot:
- Logrotate config file for Dovecot uses incorrect pid file name on CentOS. Thanks Igor Cej for the report and help.
- Fixed: do not enable spam/ham auto learning if Amavisd + SpamAssassin are not installed.
Postfix:
- Block default reverse hostnames (format (ns|ip)XXXX.ip-XX-XX-XX.eu, "XX" is digit numbers) offered by OVH.com. Note: If you run mail server on OVH platform with a fixed hostname and valid PTR DNS record, it's not impacted.
- Fixed: incorrect SMTP action code for whitelisted HELO hostnames.
Chronyd (ntp alternative on CentOS 8):
- Add -x option for chronyd if system is running in a LXC container.
Package updates:
- netdata-1.24.0
- Roundcube webmail 1.4.8

Version: 2020070701 (Jul 7, 2020) {: id=20200707 }

BIND (cache-only) DNS server:
- Fixed: Set DNS server to only 127.0.0.1 in ifcfg-XXX scripts on CentOS. Thanks Igor Cej for the feedback and help.
Postfix:
- Bypass Facebook mail server HELO hostname pattern: <ip>.mail-campmail.facebook.com.
Roundcube:
- Add /opt/iredmail/custom/roundcube/custom.sh for advance customization. It will be ran each time you (re-)deploy Roundcube or upgrade.
- Connect to local (127.0.0.1) IMAP server without TLS on Ubuntu 20.04 and CentOS 8. This is also considered as secure by Dovecot.
SOGo:
- Connect to local (127.0.0.1) IMAP server without TLS on Ubuntu 20.04 and CentOS 8. This is also considered as secure by Dovecot.
  
  We received reports that Roundcube and SOGo have problem when TLS is explicitly enabled for IMAP service, unfortunately we didn't figure out what causes the issue yet. As a temporary fix, we choose to disable TLS for local connection.
Fail2ban:
- Suppress fail2ban-client output in cron job to avoid annoying mail notification.
- Fixed: incorrect match rule. Thanks for Igor Cej for the feedback.
Package updates:
- Roundcube webmail 1.4.7, with a security fix.
- netdata-1.23.1

Version: 2020062601 (Jun 26, 2020) {: id=20200626 }

Possible issue after upgraded on CentOS 8:

Old CentOS 8 releases shipped Dovecot-2.2.x, but the new 8.2.2004 release suprisely ships Dovecot-2.3.8 which has some backward-incompatible settings. iRedMail Easy will upgrade it from old version 2.2.36 and re-generates its config files, it MAY fail to (re)start if you have unsupported customized parameters set in config file under /opt/iredmail/custom/dovecot/conf-enabled/.

Mostly customized parameter is ssl_protocols, it should be replace by ssl_min_protocol.

For example, if you still need to support TLSv1, please set ssl_min_protocol = TLSv1 instead. Default value is TLSv1.2.
- For more details, please check official Dovecot upgrade tutorial.
- If you have issue after upgraded, feel free to create a support ticket on the iRedMail Easy platform.
Supports now distribution releases:
- Ubuntu 20.04. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.
- OpenBSD 6.7. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available. NOTE: support for OpenBSD 6.6 will be dropped after 6.8 is out.
Postfix:
- Fixed: not wrap IPv6 addresses inside [] in mynetworks.
- Fixed: not bypass HELO identities used by pinterest.com mail server.
- Fixed: not add alias for postmaster (system) user which is used as 2bounce recipient.
Fail2ban:
- It now stores more info in SQL db, you can view them with iRedAdmin-Pro:
  - Number of times the failure occurred in log files
  - The log lines which triggerred the ban
  - Reverse DNS of banned IP address
- Fixed: specify backend = pooling and journalmatch = (empty value) to avoid performance issue and startup warnings in fail2ban log file.
- Fixed: inconsistent jail name for jail nginx-http-auth.
Antispam:
- [Debian/Ubuntu] Fixed: not add user debian-spamd to amavis group.
- [OpenLDAP/MariaDB] Add missing INDEX for SQL column msgs.time_iso.
Adminer:
- Improve Nginx configuration to loading custom CSS file adminer.css in same directory (/opt/www/adminer/).
Improvements of iRedMail Easy platform:
- Make sure all 3 required official apt repositories are enabled on Ubuntu.
- Make sure iRedMail yum repository has higher priority on CentOS.
Package updates:
- roundcube webmail-1.4.6. It includes few security fixes.
- adminer-4.7.7
- netdata-1.23.0

Version: 2020043001 (Apr 30, 2020) {: id=20200430 }

Antispam:
- Fixed: incorrect regular expression rules which caused unbanning based on file types doesn't work.
- Fixed: incorrect file owner and permission for SpamAssassin config files: /etc/mail/spamassassin/local.cf and razor.conf, must be owned by user/group which is running Amavisd service, with permission 0640.
- Add /opt/iredmail/custom/spamassassin/custom.cf for custom SpamAssassin rules.
Dovecot:
- Fixed: improper permission on file /etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf.
- Add /opt/iredmail/custom/dovecot/master-users for custom master users. Please do not modify /etc/dovecot/dovecot-master-users.
Firewall:
- [Debian 10] Fixed: Not open ports for XMPP service (5222, 5269) if Prosody is deployed.
Nginx:
- Fixed: improper http code 301 (permanent redirect) causes incorrect redirection after switching homepage application from SOGo to other web application. It's now replaced by 302 (temporarily redirect).
Roundcube:
- Fixed: not load custom config file for plugin markasjunk.
Improvements of iRedMail Easy platform:
- Switch self-signed SSL cert key length to 4096, also DKIM key length to 2048. Note: Only new initial installation is affected, also if you already have those files, it won't re-generate them.
- Able to customize http and https ports.
- Add Prosody related info in /root/iRedMail/iRedMail.tips.
Package updates:
- Roundcube webmail 1.4.4 (includes few security fixes)

Version: 2020041601 (Apr 16, 2020) {: id=20200416 }

CentOS 8 is now supported, all 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.

Note: RedHat dropped OpenLDAP server in RHEL 8, iRedMail Easy installs the OpenLDAP server packages (symas-openldap-*) from yum repository offered by Symas (the company behind OpenLDAP), package symas-openldap conflicts with the openldap package available in official RHEL/CentOS 8 yum repo.
Drop support for OpenBSD 6.4, 6.5.
New script /opt/iredmail/bin/create_user: create single user with quota support. Note: available for SQL backends.
Dovecot:
- TLSv1 is now disabled by default.
- It now tracks last login of both POP3 and IMAP logins. In early releases, either POP3 or IMAP was tracked.
Nginx:
- New directory /opt/iredmail/custom/nginx/webapps/ used to store custom settings for web applications, it should be useful if sysadmin wants to add ACL control for the web application.
  
  Currently only 3 applications are supported: iRedAdmin, Roundcube, Adminer.
  
  For example, Nginx loads /etc/nginx/templates/iredadmin.tmpl for iRedAdmin, also loads extra settings from /opt/iredmail/custom/nginx/webapps/iredadmin.conf. If you want to limit the access to network 192.168.0.0/24, you can create file /opt/iredmail/custom/nginx/webapps/iredadmin.conf with content below and reload Nginx service:
```
allow 192.168.0.0/24;
deny all;
```
- Cache fonts used by web applications for 30 days.
- Fixed: can not request Let's Encrypt cert with default config file for web domain autoconfig.* and autodiscover.*.
Roundcube:
- Use pspell as default spell check engine.
Amavisd:
- Fixed: SQL column msgs.subject doesn't support storing emoji characters.
ClamAV:
- Fixed: incorrect permission of database directory on RHEL/CentOS.
- Fixed: not install package libclamavunrar9 on Ubuntu for rar files.
mlmmj (Mailing list manager):
- Fixed: do not abort if altermime program is not available.
Fail2ban:
- It now works on OpenBSD.
- Improve rsyslog config file to catch all fail2ban log.
- Improve ban action to query and store country of IP address in SQL db.
- Enable jail to catch iRedAdmin-Pro login failures.
- Add cron job to unban IP addresses which are pending for removal.
Package updates:
- Roundcube webmail 1.4.3
- iRedAPD-3.6
- netdata-1.21.1
Improvements of iRedMail Easy platform:
- Fixed: file /etc/rsyslog.d/1-iredmail-iredapd.conf was incorrectly rewritten by Prosody component.
- Fixed: there's incorrect rsyslog setting in file /etc/rsyslog.d/0-iredmail-misc.conf, this file is now removed.

Version: 2020021001 (Feb 10, 2020) {: id=20200210 }

PostgreSQL backend:
- Fixed: improper index type on SQL table sender_relayhost.
Postfix:
- Fixed: Backup MX doesn't work.
- Fixed: [LDAP backend] improper filter which causes missing external members while querying (not-subscribeable) mailing list with alias domain.
- Add 3 files for custom settings:
  - /opt/iredmail/custom/postfix/aliases: alias file.
  - /opt/iredmail/custom/postfix/sender_bcc: hash file.
  - /opt/iredmail/custom/postfix/recipient_bcc: hash file.
Roundcube:
- Enable plugin markasjunk by default. When message is moved to Junk folder, it will be learnt as spam message. When message is moved from Junk to any other folder, it will be learnt as clean message.
Antispam:
- Explicitly specify (DKIM) signed header fields.
- Use default Amavisd verbose log template.
- Add few more custom scores in SpamAssassin to catch spams when From: equals to To: address.
- Fixed:
  - Don't block attachment with macro in ClamAV. Parameter OLE2BlockMacros was set to true, it's now false.
  - Not update apparmor config file to grant privilege for virus scanning on Debian 10.
Nginx:
- Fixed: make sure log directory is not writable by group or other, otherwise logrotate will refuse to rotate log files.
Firewalll:
- Correctly disable ping flood with nftables on Debian 10.
Netdata:
- Disable checks for energid. It uses port 9998, but it's used by Amavisd-new on iRedMail server, this causes error message in Amavisd log file each time netdata starts.
Backup scripts:
- Backup scripts don't rely on Python to calculate dates anymore.
Improvements of iRedMail Easy platform:
- Fixed: Updating MariaDB/PostgreSQL/OpenLDAP/SOGo separatedly didn't update their backup scripts.
- New options for cross-domain user query and global address book in SOGo Groupware.
- Increase php-fpm setting request_slowlog_timeout to 60 seconds.
- Updated Postfix package in iRedMail yum repo for PostgreSQL backend on CentOS 7.
- On OpenBSD system, update the latest errata patch names.
Package updates:
- Roundcube-1.4.2
- iRedAdmin-1.0
- iRedAPD-3.4
- adminer-4.7.6

Version: 2019121301 (Dec 13, 2019) {: id=20191210 }

Package updates:
- iRedAdmin-Pro (SQL edition)

Version: 2019121001 (Dec 10, 2019) {: id=20191210 }

Fixed issues:
- Incorrect setting in netdata main config file (netdata.conf).
- Not remove opendmarc package, config files, SQL db and cron jobs.

Version: 2019120901 (Dec 09, 2019) {: id=20191209 }

Firewall:
- On Debian 10, allow ping in nftables firewall.
iRedAdmin:
- Fixed: incorrect syslog id in uwsgi config file.
- Simplify log format.

mlmmjadmin:
- Simplify log format.
netdata:
- Replace few Python collectors by Go modules for better performance.
- Monitor BIND DNS service.
- Disable email notification since netdata is too sensitive and the notification message is "useless".
Package updates:
- Roundcube webmail 1.4.1. It offers a shiny new web UI.
- netdata-1.19.0
- iRedAPD-3.3
- iRedAdmin-0.9.9
- adminer-4.7.5
Improvements of iRedMail Easy platform:
- On OpenBSD system, if latest security errata hasn't been applied, iRedMail deployment will abort with detailed warning message to remind sysadmin to apply the patches with syspatch command.

Version: 2019111201 (Nov 12, 2019) {: id=20191112 class="old_release" }

iRedMail Easy now supports OpenBSD 6.6.

Warning: OpenBSD 6.4 and 6.5 support will be dropped when 6.7 is out.
Dovecot:
- Create and use custom (empty) global sieve rule file by default.
- Log more events: save, copy, mailbox_create.
Netdata:
- Fixed: incorrect hostname in alarm notification email.
OpenLDAP:
- Create directory /opt/iredmail/custom/openldap/schema/ to store extra LDAP schema files.
  
  Apparmor config file has been updated on Ubuntu to allow slapd program to read config files from this directory.
- Use mdb database since OpenBSD 6.6. OpenBSD 6.5 uses hdb.
Postfix:
- Bypass facebook.com HELO hostnames which contain IP addresses.
Roundcube:
- Upgrade to version 1.4.0, released on Nov 10, 2019.
Changes to iRedMail Easy platform:
- Fix aborted installation if Ansible fact ansible_all_ipv6_addresses is undefined.
- Upgrade pip to the latest version before installing web.py on Debian 10.

Version: 2019102201 (Oct 22, 2019) {: id=20191022 class="old_release" }

OpenLDAP:
- Remove 2 unused LDAP schema files: calentry.schema, calresource.schema.
Postfix:
- Fixed incorrect CA file on OpenBSD.
- Add LIMIT 1 in SQL queries for better performance.
Dovecot:
- Log ssl protocol and cipher information for login session. e.g. "TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)"
Firewall:
- Fixed: not filter IPv4/IPv6 addresses while generating iptables rules.
- Fixed: not enable ipv6-icmp in firewall.
Nginx:
- Make sure Apache/Lighttpd service is not enabled, otherwise Nginx may not be able to start due to 80/443 ports are used by them.
AntiSpam:
- OpenDMARC has been removed due to internal bug which caused incorrect email rejection. Bug reported to upstream: https://github.com/trusteddomainproject/OpenDMARC/issues/50
autodiscover:
- Fixed the Undefined offset php error.
- Log the schema data sent by remote MUA, also the settings sent to MUA.
- Log file is now /var/log/autoconfig/autoconfig.log.
netdata:
- If component Nginx was not chosen, netdata is inaccessible although Nginx is actually deployed as dependent component.
- Move http auth file to /opt/iredmail/custom/netdata/.
  
  Since netdata-1.17.0, netdata sets permission of directory /opt/netdata/etc/netdata/ to 0700, this causes Nginx can not read the http auth file.
Backup scripts:
- It now removes old empty backup directories.
Changes to iRedMail Easy platform:
- Not add priority parameter in iRedMail yum repo. (CentOS 7 only)
- Able to whitelist IP or CIDR newtorks in fail2ban.
- Do not forward systemd journald log to syslog.
- Run shell script /opt/iredmail/custom/openldap/custom.sh while deploying or upgrading OpenLDAP. You can write shell commands in this file to update other config files for advanced customization. for example, updating /etc/sysconfig/slapd (CentOS) or /etc/ldap/slapd (Debian/Ubuntu) to make OpenLDAP listening on all available network interfaces and IP addresses.
- Add Fail2ban related info in /root/iRedMail/iRedMail.tips.
- Make sure no SysV script and rule files for 'iptables' service on Debian 10.
Package updates:
- netdata -> 1.18.1
- iredapd -> 3.2

Version: 2019090601 (Sep 06, 2019) {: id=20190906 class="old_release" }

Postfix:
- Sign DKIM signature for locally generated emails, like auto-reply (a.k.a vacation) message.
Nginx:
- Redirect URI /adminer/ to /adminer.

Dovecot:

Add setting sieve_redirect_envelope_from=recipient. It's used to rewrite sender address in redirected message (with sieve directive redirect) to the final recipient address of the message.

For example, `someone@gmail.com` sends an email to `user@domain.com`
which is hosted on your server, and this user has sieve rule to
redirect received message to `forward@3rd-domain.com`, with default
Dovecot setting (`sieve_redirect_envelope_from=sender`), user
`forward@3rd-domain.com` will receive this email with sender address
`someone@gmail.com` in mail header, but with
`sieve_redirect_envelope_from=recipient`, the sender address will
be `user@domain.com`.

Log delivery_time of LDA/LMTP.

php-fpm:
- Set value of post_max_size 1MB larger than upload_max_filesize, so that Roundcube can successfully upload mail attachment.
OpenDMARC:
- Add shell script and cron job to update public_suffix_list.dat every 2 days.
SpamAssassin:
- Set 3 custom scores in SpamAssassin to catch more spams.
  - score SPF_FAIL 5: sender does not match SPF record (fail)
  - score TO_EQ_FM_SPF_FAIL 5: To == From and external SPF failed
  - score TO_EQ_FM_DOM_SPF_FAIL 5: To domain == From domain and external SPF failed
ClamAV:
- Increase systemd timeout value to avoid startup failure on low memory server.
Fixed issues:
- Improper postrotate command for logrotate program on Linux.
Package updates:
- roundcube -> 1.3.10
- adminer -> 4.7.3
- iRedAPD -> 3.1
- netdata -> 1.17.0
- iRedAdmin -> 0.9.8
Changes to iRedMail Easy platform:
- Firewall rule always opens port 22 for ssh.
- Add curl as required packages.
- Use package branch (%7.3) instead of version number for php on OpenBSD.

Version: 2019080201 (Aug 02, 2019) {: id=20190802 class="old_release" }

Dovecot:
- Fixed: not add required SQL column mailbox.enablequota-status. This will cause mail rejection.
Firewall:
- Run /opt/iredmail/custom/firewall/custom.sh after each deployment.

Version: 2019080101 (Aug 01, 2019) {: id=20190801 class="old_release" }

It now supports Debian 10.
Dovecot:
- Enable quota-status service used to query mailbox quota.
- Fixed: Not install package dovecot-mysql for OpenLDAP backend on CentOS.
Postfix:
- Lookup user's mailbox quota status from Dovecot quota-status service, reject email if mailbox is over quota. This will help save system resources used for spam/virus scanning, avoids "sender non-delivery notification" bounce message.
- Fixed: not copy /etc/resolv.conf to /var/spool/postfix/etc/.
Nginx:
- Fixed: improper order while loading modular config files.
- ATTENTION: directive ssl on; has been removed (in /etc/nginx/templates/ssl.tmpl) due to it's deprecated by Nginx itself. If you have custom web host, please use listen <port> ssl; in the server {} block (in /etc/nginx/sites-enabled/*.conf) instead.
  
  For example:
  - Old config file /etc/nginx/sites-enabled/00-default-ssl.conf:
```
server {
    listen 443;
    ...
}
```
  - New directive:
```
server {
    listen 443 ssl;
    ...
}
```
Firewall:
- Port 465 (SMTP over SSL) is not open in firewall when the service is enabled.
Package updates:
- adminer -> 4.7.2

Version: 2019071501 (Jul 15, 2019) {: id=20190715 class="old_release" }

OpenDMARC integration.
- The integration is enabled by default. To disable it, please go to mail server profile page, toggle on option Disable DMARC under Settings tab.
- Unfortunately, OpenBSD 6.5 and earlier releases don't have such integration due to binary package missing. The good news is the latest ports tree already has it and binary package is available for OpenBSD -snapshot branch.
Roundcube:
- New config files used to store custom settings for official plugins:
  - password plugin: /opt/iredmail/custom/roundcube/config_password.inc.php
  - managesieve plugin: /opt/iredmail/custom/roundcube/config_managesieve.inc.php
Postfix:
- Fixed: improper order of restriction rules in smtpd_sender_restrictions.
  
  File /etc/postfix/sender_access.pcre is not used anymore, all content in this file should be moved to /opt/iredmail/custom/postfix/sender_access.pcre instead.
Nginx:
- Compress more file types with gzip module (/etc/nginx/conf-available/gzip.conf).
Few programs moved and/or renamed:
- /opt/iredmail/bin/fail2ban_unbanip -> /opt/iredmail/bin/fail2ban/unbanip.
- /opt/iredmail/bin/generate_password_hash.py -> /opt/iredmail/bin/generate_password_hash.
- /opt/iredmail/bin/dovecot/scan_reported_mails.sh -> /opt/iredmail/bin/dovecot/scan_reported_mails
Fixed issues of iRedMail Easy platform:
- If IPv6 is disabled, installation will be abort due to Nginx is configured (by Debian/Ubuntu packaging) to listen on IPv6 address.
- If no PHP applications are going to be installed, no php-fpm related configuration should be enabled (/etc/nginx/templates/misc.tmpl).
- Make sure installed services are running while cleaning up the deployment.
- Not run freshclam immediately to fetch/update ClamAV virus database.
- Removing unused ClamAV log file (/var/log/clamav/clamav.log) causes error in cron job added by ClamAV package.
Package updates:
- iRedAPD 3.0. It fixes a critical bug of throttle plugin.
- iRedAdmin-Pro. Note: it requires a valid iRedAdmin-Pro license.

Version: 2019060601 (Jun 06, 2019) {: id=20190606 class="old_release" }

Fail2ban:
- Remove jail 'sshd-ddos'. Fail2ban doesn't ship its filter conf anymore.
Dovecot:
- Set default client_limit and process_limit based on memory size.
autoconfig:
- Fixed: not handle URI /.well-known/autoconfig/mail/config-v1.1.xml.
Improvements of iRedMail Easy platform:
- Able to ban/unban given file types.
- Remove deprecated ClamAV parameters.
- Remove unused ClamAV log file (/var/log/clamav/clamav.log).
- Able to disable HELO hostname DNS check.
- Fixed: not always restart iRedAdmin service to reload the code of new version.
Package updates:
- iRedAPD 2.9. It fixes 2 bugs.
- netdata 1.15.0

Version: 2019042801 (Apr 28, 2019) {: id=20190428 class="old_release" }

Postfix:
- Enable header/body checks for email injected by Amavisd.
- Fixed: not load custom header_checks and body_checks pcre maps.
- Fixed: port 1025/10025/10028 are not listening on only 127.0.0.1.
- Fixed: per-user bcc doesn't work with MySQL/MariaDB backends.
SOGo:
- [PostgreSQL backend] Fix incorrect owner of SQL VIEWs used for address books.
- [SQL backends] Fix incorrect SQL VIEWs which causes error to display contacts in address books.
- [SQL backends] Display all contacts directly in per-domain address book.
Package updates:
- iRedAPD 2.8
- iRedAdmin 0.9.7 (open source edition)
- netdata 1.14.0
Improvements of iRedMail Easy platform:
- Supports OpenBSD 6.5.
  
  WARNING: OpenBSD 6.4 support will be removed when OpenBSD 6.6 is out. That means you must upgrade OpenBSD 6.4 to 6.5 before 6.6 is out.
- Fixed: not enable php ldap extension for Roundcube for OpenLDAP backend.
- Do not always update SOGo packages. We're using SOGo nightly build, it's not always stable, upgrading may cause issue.
- Send iRedMail.tips file to postmaster after deployment.

Version: 2019040201 (Apr 02, 2019) {: id=20190402 class="old_release" }

Roundcube
- Upgrade to 1.3.9 (Detailed ChangeLog.)