iredmail-doc/en_US/upgrade/0-upgrade.iredmail.1.4.0-1.4.1.md

Upgrade iRedMail from 1.4.0 to 1.4.1

[TOC]

!!! note "Paid Remote Upgrade Support"

We offer remote upgrade support if you don't want to get your hands dirty,
check [the details](https://www.iredmail.org/support.html) and
[contact us](https://www.iredmail.org/contact.html).

ChangeLog

• Sep 13, 2021: Fix incorrect PostgreSQL column type for new columns introduced in table vmail.mailbox.
• Sep 08, 2021: initial release.

General (All backends should apply these changes)

Update /etc/iredmail-release with new iRedMail version number

iRedMail stores the release version in /etc/iredmail-release after installation, it's recommended to update this file after you upgraded iRedMail, so that you can know which version of iRedMail you're running. For example:

1.4.1

Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.0.3)

!!! attention

iRedAPD has been migrated to Python 3 and doesn't support Python 2 anymore.

Please follow below tutorial to upgrade iRedAPD to the latest stable release: Upgrade iRedAPD to the latest stable release

Upgrade iRedAdmin (open source edition) to the latest stable release (1.5)

!!! attention

iRedAdmin has been migrated to Python 3 and doesn't support Python 2 anymore.

Please follow below tutorial to upgrade iRedAdmin to the latest stable release: Upgrade iRedAdmin to the latest stable release.

Upgrade mlmmjadmin to the latest stable release (3.1.2)

Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release

Amavisd: Add some useful ban rules

Microsoft Office documents are banned with iRedMail default settings, but it's common that some mailbox may need to receive such documents.

Here we define some ban rules to allow these Office document types, iRedMail server admin can update per-user spam policy to allow receiving such documents.

• Update Amavisd config file and append these lines before the last line (1;):
  • on RHEL/CentOS/Rocky Linux, it's /etc/amavisd/amavisd.conf.
  • on Debian/Ubuntu, it's /etc/amavis/conf.d/50-user.
  • on FreeBSD, it's /usr/local/etc/amavisd.conf.
  • on OpenBSD, it's /etc/amavisd/amavisd.conf.

# Define some useful rules.
%banned_rules = (
    # Allow all Microsoft Office documents.
    'ALLOW_MS_OFFICE'   => new_RE([qr'.\.(doc|docx|xls|xlsx|ppt|pptx)$'i => 0]),

    # Allow Microsoft Word, Excel, PowerPoint documents separately.
    'ALLOW_MS_WORD'     => new_RE([qr'.\.(doc|docx)$'i => 0]),
    'ALLOW_MS_EXCEL'    => new_RE([qr'.\.(xls|xlsx)$'i => 0]),
    'ALLOW_MS_PPT'      => new_RE([qr'.\.(ppt|pptx)$'i => 0]),

    # Default rule.
    'DEFAULT' => $banned_filename_re,
);

• Restarting Amavisd service is required.

Here we defines 5 ban rules:

• ALLOW_MS_OFFICE: Allow all Microsoft Office documents.
• ALLOW_MS_WORD: Allow Microsoft Word documents (.doc, .docx).
• ALLOW_MS_EXCEL: Allow Microsoft Excel documents (.xls, .xlsx).
• ALLOW_MS_PPT: Allow Microsoft PowerPoint documents (.ppt, .pptx).
• DEFAULT: use the default ban rule defined in $banned_filename_re.

You're free to define more ban rules to fit your own needs.

!!! attention

#### Example: How to use these ban rules

If you already define per-user, per-domain, or global spam policy with
iRedAdmin-Pro or manually, you can now assign these ban rules to them.

For example, if you have spam policy for user `user@domain.com`, to allow
this user to accept Microsoft Word and Excel documents, you can run SQL
commands below to achieve it (Note: we use MySQL for example):

    USE amavisd;
    UPDATE policy SET banned_rulenames="ALLOW_MS_WORD,ALLOW_MS_EXCEL" WHERE policy_name="user@domain.com";

For OpenLDAP backend

Add new attribute/value pairs for per-user SOGo webmail / calendar / activesync service control

iRedMail-1.4.1 improves SOGo config file and it's able to enable or disable per-user SOGo webmail, calendar, activesync services with 3 new LDAP attribute/value pairs:

• enabledService=sogowebmail
• enabledService=sogocalendar
• enabledService=sogoactivesync

The old enabledService=sogo is still used to enable or disable whole SOGo access.

• Download script used to update existing mail accounts:

cd /root/
wget https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/update-ldap.py

• Open downloaded file update-ldap.py, set LDAP server related settings in this file:

  You can find required LDAP credential in iRedAdmin config file (/opt/www/iredadmin/settings.py), using either cn=Manager,dc=xx,dc=xx or cn=vmailadmin,dc=xx,dc=xx as bind dn is ok.

# Part of file: updateLDAPValues_099_to_1.py

uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'

• Execute this script with Python-3 to update LDAP data:

# python3 update-ldap.py

SOGo: Update config file

Open SOGo main config file /etc/sogo/sogo.conf (Linux/OpenBSD) or /usr/local/etc/sogo/sogo.conf (FreeBSD), find the SOGoUserSources block like below:

    // Authentication using LDAP
    SOGoUserSources = (
        {
            // Used for user authentication
            type = ldap;
            id = users;
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )

Add new parameter ModulesConstraints right after canAuthenticate = YES; line like below:

    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { enabledService = sogowebmail; };
                Calendar = { enabledService = sogocalendar; };
                ActiveSync = { enabledService = sogoactivesync; };
            };

            // ... we omit other config lines here ...
        }
    )

For MySQL and MariaDB backends

Add new SQL columns in vmail.mailbox table for per-user SOGo webmail / calendar / activesync service control

iRedMail-1.4.1 introduces 3 new columns used to enable or disable per-user SOGo webmail, calendar and activesync services:

• enablesogowebmail
• enablesogocalendar
• enablesogoactivesync

Download plain SQL file used to update SQL table, then import it as MySQL root user (Please run commands below as root user):

wget -O /tmp/iredmail.mysql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/iredmail.mysql
mysql vmail < /tmp/iredmail.mysql
rm -f /tmp/iredmail.mysql

SOGo: Re-create SQL VIEW and update config file

Download plain SQL file used to update SQL table, then import it as MySQL root user (Please run commands below as root user):

wget -O /tmp/sogo.mysql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/sogo.mysql
mysql sogo < /tmp/sogo.mysql
rm -f /tmp/sogo.mysql

Now open SOGo main config file /etc/sogo/sogo.conf (Linux/OpenBSD) or /usr/local/etc/sogo/sogo.conf (FreeBSD), find the SOGoUserSources block like below:

    // Authentication using SQL
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = ...
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )

Add new parameter ModulesConstraints right after canAuthenticate = YES; line like below:

    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { c_webmail = y; };
                Calendar = { c_calendar = y; };
                ActiveSync = { c_activesync = y; };
            };

            // ... we omit other config lines here ...
        }
    )

Restarting SOGo service is requried.

For PostgreSQL backend

Add new SQL columns in vmail.mailbox table for per-user SOGo webmail / calendar / activesync service control

iRedMail-1.4.1 introduces 3 new columns used to enable or disable per-user SOGo webmail, calendar and activesync services:

• enablesogowebmail
• enablesogocalendar
• enablesogoactivesync

Download plain SQL file used to update SQL table:

wget -O /tmp/iredmail.pgsql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/iredmail.pgsql
chmod +r /tmp/iredmail.pgsql

• Connect to PostgreSQL server as postgres user and import the SQL file:
  • on Linux, it's postgres user
  • on FreeBSD, it's pgsql user
  • on OpenBSD, it's _postgresql user

su - postgres
psql -d vmail < /tmp/iredmail.pgsql

• Remove downloaded file:

rm -f /tmp/iredmail.pgsql

SOGo: Re-create SQL VIEW and update config file

Download plain SQL file used to update SQL table:

wget -O /tmp/sogo.pgsql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/sogo.pgsql
chmod +r /tmp/sogo.pgsql

Please open file /tmp/sogo.pgsql, replace string VMAIL_DB_BIND_PASSWD by the real password of SQL user vmail. You can find the password in any file under /etc/postfix/pgsql/.

After updated /tmp/sogo.pgsql, please connect to PostgreSQL server as postgres user and import the SQL file:

• on Linux, it's postgres user
• on FreeBSD, it's pgsql user
• on OpenBSD, it's _postgresql user

su - postgres
psql -d sogo < /tmp/sogo.pgsql

• Remove downloaded file:

rm -f /tmp/sogo.pgsql

Now open SOGo main config file /etc/sogo/sogo.conf (Linux/OpenBSD) or /usr/local/etc/sogo/sogo.conf (FreeBSD), find the SOGoUserSources block like below:

    // Authentication using SQL
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = ...
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )

Add new parameter ModulesConstraints right after canAuthenticate = YES; line like below:

    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { c_webmail = y; };
                Calendar = { c_calendar = y; };
                ActiveSync = { c_activesync = y; };
            };

            // ... we omit other config lines here ...
        }
    )

Restarting SOGo service is requried.