209 lines
11 KiB
HTML
209 lines
11 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Upgrade iRedMail from 0.9.9 to 1.0</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="https://www.iredmail.org" target="_blank">
|
|
<img alt="iRedMail web site"
|
|
src="./images/logo-iredmail.png"
|
|
style="vertical-align: middle; height: 30px;"
|
|
/>
|
|
<span>iRedMail</span>
|
|
</a>
|
|
// <a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-099-to-10">Upgrade iRedMail from 0.9.9 to 1.0</h1>
|
|
<div class="toc">
|
|
<ul>
|
|
<li><a href="#upgrade-iredmail-from-099-to-10">Upgrade iRedMail from 0.9.9 to 1.0</a><ul>
|
|
<li><a href="#changelog">ChangeLog</a></li>
|
|
<li><a href="#general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</a><ul>
|
|
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
|
|
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release">Upgrade iRedAPD (Postfix policy server) to the latest stable release</a></li>
|
|
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-096">Upgrade iRedAdmin (open source edition) to the latest stable release (0.9.6)</a></li>
|
|
<li><a href="#upgrade-mlmmjadmin-to-the-latest-stable-release-21">Upgrade mlmmjadmin to the latest stable release (2.1)</a></li>
|
|
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</a></li>
|
|
<li><a href="#upgrade-netdata-to-the-latest-stable-release-1150">Upgrade netdata to the latest stable release (1.15.0)</a></li>
|
|
<li><a href="#fixed-improper-order-of-postfix-smtpd_sender_restriction-rules">Fixed: improper order of Postfix smtpd_sender_restriction rules</a></li>
|
|
<li><a href="#fail2ban-slightly-loose-filter-rule-for-postfix">Fail2ban: slightly loose filter rule for postfix</a></li>
|
|
<li><a href="#optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</a><ul>
|
|
<li><a href="#enable-quota-status-service-in-dovecot">Enable quota-status service in Dovecot</a></li>
|
|
<li><a href="#enable-quota-status-check-in-postfix">Enable quota status check in Postfix</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Warning</p>
|
|
<p>This is still a <strong>DRAFT</strong> document, do <strong>NOT</strong> apply it.</p>
|
|
</div>
|
|
<div class="admonition note">
|
|
<p class="admonition-title">Paid Remote Upgrade Support</p>
|
|
<p>We offer remote upgrade support if you don't want to get your hands dirty,
|
|
check <a href="https://www.iredmail.org/support.html">the details</a> and
|
|
<a href="https://www.iredmail.org/contact.html">contact us</a>.</p>
|
|
</div>
|
|
<h2 id="changelog">ChangeLog</h2>
|
|
<p>TODO</p>
|
|
<h2 id="general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</h2>
|
|
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
|
|
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
|
|
installation, it's recommended to update this file after you upgraded iRedMail,
|
|
so that you can know which version of iRedMail you're running. For example:</p>
|
|
<pre><code>1.0
|
|
</code></pre>
|
|
|
|
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release">Upgrade iRedAPD (Postfix policy server) to the latest stable release</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>iRedAPD offers SRS (Sender Rewriting Scheme) support in this release, but
|
|
it's disabled by default, please read our tutorial to understand known
|
|
issues and how to enable it: <a href="./srs.html">Enable SRS (Sender Rewriting Scheme) support</a>.</p>
|
|
</div>
|
|
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
|
|
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
|
|
<h3 id="upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-096">Upgrade iRedAdmin (open source edition) to the latest stable release (0.9.6)</h3>
|
|
<p>Please follow this tutorial to upgrade iRedAdmin open source edition to the
|
|
latest stable release:
|
|
<a href="./migrate.or.upgrade.iredadmin.html">Upgrade iRedAdmin to the latest stable release</a></p>
|
|
<h3 id="upgrade-mlmmjadmin-to-the-latest-stable-release-21">Upgrade mlmmjadmin to the latest stable release (2.1)</h3>
|
|
<p>Please follow below tutorial to upgrade mlmmjadmin to the latest stable release:
|
|
<a href="./upgrade.mlmmjadmin.html">Upgrade mlmmjadmin to the latest stable release</a></p>
|
|
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</h3>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Roundcube 1.3</p>
|
|
<ul>
|
|
<li>Roundcube 1.3 requires at least <strong>PHP 5.4</strong>. If your server is still running
|
|
PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube to the latest
|
|
1.2 branch (1.2.5) instead.</li>
|
|
<li>Roundcube 1.3 no longer supports IE < 10 and old versions of Firefox,
|
|
Chrome and Safari.</li>
|
|
<li>Roundcube 1.3 uses jQuery 3.2 and will not work with current jQuery
|
|
mobile plugin. If you use any third-party plugin, please check its
|
|
website to make sure it's compatible with Roundcube 1.3 before upgrading.</li>
|
|
</ul>
|
|
<p>With the release of Roundcube 1.3.0, the previous stable release branches
|
|
1.2.x and 1.1.x will switch in to LTS low maintenance mode which means
|
|
they will only receive important security updates but no longer any regular
|
|
improvement updates.</p>
|
|
</div>
|
|
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
|
|
latest stable release immediately:</p>
|
|
<ul>
|
|
<li><a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</li>
|
|
</ul>
|
|
<h3 id="upgrade-netdata-to-the-latest-stable-release-1150">Upgrade netdata to the latest stable release (1.15.0)</h3>
|
|
<p>If you have netdata installed, you can upgrade it by following this tutorial: <a href="./upgrade.netdata.html">Upgrade netdata</a>.</p>
|
|
<h3 id="fixed-improper-order-of-postfix-smtpd_sender_restriction-rules">Fixed: improper order of Postfix smtpd_sender_restriction rules</h3>
|
|
<p>iRedMail-0.9.9 and earlier releases didn't configure Postfix to apply custom
|
|
restriction rule before querying DNS records of sender domain,
|
|
this way you cannot whitelist some sender mail domains which don't have
|
|
DNS records (especially your internal mail domains used in LAN). Please follow
|
|
steps below to fix it.</p>
|
|
<ul>
|
|
<li>Open file <code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/postfix/main.cf</code> (FreeBSD), find parameter
|
|
<code>smtpd_sender_restrictions</code> like below:</li>
|
|
</ul>
|
|
<pre><code>smtpd_sender_restrictions =
|
|
reject_unknown_sender_domain
|
|
...
|
|
check_sender_access pcre:...
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Move the <code>reject_unknown_sender_domain</code> line after <code>check_sender_access</code> line
|
|
like below:</li>
|
|
</ul>
|
|
<pre><code>smtpd_sender_restrictions =
|
|
...
|
|
check_sender_access pcre:...
|
|
reject_unknown_sender_domain
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Reloading or restarting Postfix service is required.</li>
|
|
</ul>
|
|
<h3 id="fail2ban-slightly-loose-filter-rule-for-postfix">Fail2ban: slightly loose filter rule for postfix</h3>
|
|
<p>We received few reports from clients that Outlook for macOS may trigger some
|
|
unexpected smtp errors, and caught by the Fail2ban filter rules shipped by
|
|
iRedMail, so we decide to remove the filter rule used to match Postfix log
|
|
<code>lost connection after EHLO</code>.</p>
|
|
<p>Please follow commands below to get the updated filter rules.</p>
|
|
<ul>
|
|
<li>On Linux:</li>
|
|
</ul>
|
|
<pre><code>cd /etc/fail2ban/filter.d/
|
|
wget -O postfix.iredmail.conf https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/postfix.iredmail.conf
|
|
wget -O dovecot.iredmail.conf https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/dovecot.iredmail.conf
|
|
</code></pre>
|
|
|
|
<p>Restarting Fail2ban service is required.</p>
|
|
<h3 id="optional-enable-mailbox-quota-status-check-in-dovecot-and-postfix">[OPTIONAL] Enable mailbox quota status check in Dovecot and Postfix.</h3>
|
|
<p>With default iRedMail settings, Postfix accepts email without checking whether
|
|
user's mailbox is over quota, then pipes email to Dovecot LDA for local
|
|
delivery. If mailbox is over quota, Dovecot can not save message to mailbox
|
|
and generates a "sender non-delivery notification" to sender.</p>
|
|
<p>With the change below, Postfix will query mailbox quota status from Dovecot
|
|
directly, then reject email if it's over quota. It saves system resource used
|
|
to process this email (e.g. spam/virus scanning), and avoids bounce message.</p>
|
|
<h4 id="enable-quota-status-service-in-dovecot">Enable quota-status service in Dovecot</h4>
|
|
<p>Open Dovecot config file <code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), find the <code>plugin {}</code> block
|
|
and add 3 new parameters:</p>
|
|
<pre><code>plugin {
|
|
...
|
|
# Used by quota-status service.
|
|
quota_status_success = DUNNO
|
|
quota_status_nouser = DUNNO
|
|
quota_status_overquota = "552 5.2.2 Mailbox is full"
|
|
...
|
|
}
|
|
</code></pre>
|
|
|
|
<p>In same <code>dovecot.conf</code>, append settings below <strong>at the end of file</strong>:</p>
|
|
<ul>
|
|
<li>With settings below, Dovecot quota-status service will listen on <code>127.0.0.1:12340</code>.</li>
|
|
<li>You can change the port number <code>12340</code> to any other spare one if you want.</li>
|
|
</ul>
|
|
<pre><code>service quota-status {
|
|
executable = quota-status -p postfix
|
|
client_limit = 1
|
|
inet_listener {
|
|
address = 127.0.0.1
|
|
port = 12340
|
|
}
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Restarting Dovecot service is required.</p>
|
|
<h4 id="enable-quota-status-check-in-postfix">Enable quota status check in Postfix</h4>
|
|
<p>Open Postfix config file <code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/postfix/main.cf</code> (FreeBSD), find parameter
|
|
<code>smtpd_recipient_restrictions</code> and append a new <code>check_policy_service</code> setting
|
|
<strong>at the end</strong> like below:</p>
|
|
<pre><code>smtpd_recipient_restrictions =
|
|
...
|
|
check_policy_service inet:127.0.0.1:12340
|
|
</code></pre>
|
|
|
|
<p>Restarting Postfix service is required.</p><div class="footer">
|
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
|
</div>
|
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
|
<script>
|
|
window.dataLayer = window.dataLayer || [];
|
|
function gtag(){dataLayer.push(arguments);}
|
|
gtag('js', new Date());
|
|
|
|
gtag('config', 'UA-3293801-21');
|
|
</script>
|
|
</body></html> |