6.6 KiB
Upgrade iRedMail from 1.2.1 to 1.3
[TOC]
!!! warning
THIS IS STILL A DRAFT DOCUMENT, DO NOT APPLY IT.
!!! note "Paid Remote Upgrade Support"
We offer remote upgrade support if you don't want to get your hands dirty,
check [the details](https://www.iredmail.org/support.html) and
[contact us](https://www.iredmail.org/contact.html).
ChangeLog
- May XX, 2020: initial release.
General (All backends should apply these changes)
Update /etc/iredmail-release
with new iRedMail version number
iRedMail stores the release version in /etc/iredmail-release
after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:
1.3
Fixed: inconsistent Fail2ban jail names
!!! attention
This is applicable to Linux and OpenBSD.
iRedMail-1.2 and 1.2.1 introduced SQL integration in Fail2ban, but there're few inconsistent jail names which caused unbanning IP from iRedAdmin-Pro doesn't work. Please run commands below to fix them.
cd /etc/fail2ban/jail.d/
perl -pi -e 's#dovecot-iredmail#dovecot#g' dovecot.local
perl -pi -e 's#postfix-pregreet-iredmail#postfix-pregreet#g' postfix-pregreet.local
perl -pi -e 's#name=postfix,#name=postfix-pregreet,#g' postfix-pregreet.local
perl -pi -e 's#postfix-iredmail#postfix#g' postfix.local
perl -pi -e 's#roundcube-iredmail#roundcube#g' roundcube.local
perl -pi -e 's#sogo-iredmail#sogo#g' sogo.local
OpenLDAP backend special
Add missing index for SQL column msgs.time_iso
in amavisd
database
Please run SQL commands below as MySQL root user:
USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
Improvement: Store more info in Fail2ban SQL db
!!! attention
Since iRedMail-1.2, Fail2ban is configured to [store banned IP addresses in
SQL database](./fail2ban.sql.html), if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: [iRedMail release notes and upgrade tutorials](./iredmail.releases.html).
With changes below, we now store more info in Fail2ban SQL database:
- Matched log lines which triggerred the ban
- Number of times the failure occurred until ban
- Reverse DNS name of banned IP address
Please run SQL commands below as MySQL root user:
USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
Now open file /etc/fail2ban/action.d/banned_db.conf
, find the actionban =
line like below:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
Replace it by:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
Download improved shell script and replace the existing one:
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
Now restart Fail2ban service.
MySQL/MariaDB backend special
Add missing index for SQL column msgs.time_iso
in amavisd
database
Please run SQL commands below as MySQL root user:
USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
Improvement: Store more info in Fail2ban SQL db
!!! attention
Since iRedMail-1.2, Fail2ban is configured to [store banned IP addresses in
SQL database](./fail2ban.sql.html), if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: [iRedMail release notes and upgrade tutorials](./iredmail.releases.html).
With changes below, we now store more info in Fail2ban SQL database:
- Matched log lines which triggerred the ban
- Number of times the failure occurred until ban
- Reverse DNS name of banned IP address
Please run SQL commands below as MySQL root user:
USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
Now open file /etc/fail2ban/action.d/banned_db.conf
, find the actionban =
line like below:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
Replace it by:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
Download improved shell script and replace the existing one:
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
Now restart Fail2ban service.
PostgreSQL backend special
Improvement: Store more info in Fail2ban SQL db
!!! attention
Since iRedMail-1.2, Fail2ban is configured to [store banned IP addresses in
SQL database](./fail2ban.sql.html), if you're running an old iRedMail
release, please upgrade your iRedMail server by following the upgrade
tutorials: [iRedMail release notes and upgrade tutorials](./iredmail.releases.html).
With changes below, we now store more info in Fail2ban SQL database:
- Matched log lines which triggerred the ban
- Number of times the failure occurred until ban
- Reverse DNS name of banned IP address
Please follow steps below to apply required changes.
- Connect to PostgreSQL server as
postgres
user and connect tovmail
database:- on Linux, it's
postgres
user - on FreeBSD, it's
pgsql
user - on OpenBSD, it's
_postgresql
user
- on Linux, it's
su - postgres
psql -d fail2ban
- Run SQL commands below:
\c fail2ban;
ALTER TABLE banned ADD COLUMN failures SMALLINT NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN rdns VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX idx_banned_rdns ON banned (rdns);
- Open file
/etc/fail2ban/action.d/banned_db.conf
, find theactionban =
line like below:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
Replace it by:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
- Download improved shell script and replace the existing one:
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
- Now restart Fail2ban service.