694 lines
33 KiB
HTML
694 lines
33 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Upgrade iRedMail from 0.9.7 to 0.9.8</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="https://www.iredmail.org" target="_blank">
|
|
<img alt="iRedMail web site"
|
|
src="./images/logo-iredmail.png"
|
|
style="vertical-align: middle; height: 30px;"
|
|
/>
|
|
<span>iRedMail</span>
|
|
</a>
|
|
// <a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-097-to-098">Upgrade iRedMail from 0.9.7 to 0.9.8</h1>
|
|
<div class="toc">
|
|
<ul>
|
|
<li><a href="#upgrade-iredmail-from-097-to-098">Upgrade iRedMail from 0.9.7 to 0.9.8</a><ul>
|
|
<li><a href="#changelog">ChangeLog</a></li>
|
|
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
|
|
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
|
|
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-22">Upgrade iRedAPD (Postfix policy server) to the latest stable release (2.2)</a></li>
|
|
<li><a href="#fixed-sogo-backup-script-contains-3-issues">Fixed: SOGo backup script contains 3 issues</a></li>
|
|
<li><a href="#fail2ban-new-jail-postfix-pregreet">Fail2ban: new jail postfix-pregreet</a></li>
|
|
<li><a href="#fixed-nginx-snippet-file-hard-codes-static-file-types-for-iredadmin">Fixed: Nginx snippet file hard-codes static file types for iRedAdmin</a></li>
|
|
<li><a href="#security-fixed-nginx-snippet-file-doesnt-block-access-to-roundcube-sensitive-files">[SECURITY] Fixed: Nginx snippet file doesn't block access to Roundcube sensitive files</a></li>
|
|
<li><a href="#fix-unexpected-dnsbl-query-result-for-site-bbarracudacentralorg">Fix unexpected DNSBL query result for site b.barracudacentral.org</a></li>
|
|
<li><a href="#openbsd-upgrade-uwsgi-to-the-latest-2016">OpenBSD: Upgrade uwsgi to the latest 2.0.16</a></li>
|
|
<li><a href="#optional-log-mail-subject-sender-size-in-mail-deliver-log">[OPTIONAL] Log mail subject, sender, size in mail deliver log</a></li>
|
|
<li><a href="#optional-integrate-netdata-fancy-system-monitor">[OPTIONAL] integrate netdata - fancy system monitor</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#openldap-backend">OpenLDAP backend</a><ul>
|
|
<li><a href="#update-openldap-config-file-to-index-new-attributes-and-fix-an-acl">Update OpenLDAP config file to index new attributes and fix an ACL</a></li>
|
|
<li><a href="#update-iredmail-ldap-schema-file">Update iRedMail LDAP schema file</a></li>
|
|
<li><a href="#mlmmj-mailing-list-manager-integration">mlmmj (mailing list manager) integration</a></li>
|
|
<li><a href="#amavisd-add-new-sql-column-maddremail_raw-to-store-mail-address-without-address-extension">Amavisd: Add new SQL column maddr.email_raw to store mail address without address extension</a></li>
|
|
<li><a href="#update-sogo-config-file-for-per-domain-global-address-book">Update SOGo config file for per-domain global address book</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#mysqlmariadb-backends">MySQL/MariaDB backends</a><ul>
|
|
<li><a href="#fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol">Fixed: User under disabled domain is able to send email with smtp protocol</a></li>
|
|
<li><a href="#sql-structure-changes-in-vmail-database">SQL structure changes in vmail database</a></li>
|
|
<li><a href="#mlmmj-mailing-list-manager-integration_1">mlmmj (mailing list manager) integration</a></li>
|
|
<li><a href="#amavisd-add-new-sql-column-maddremail_raw-to-store-mail-address-without-address-extension_1">Amavisd: Add new SQL column maddr.email_raw to store mail address without address extension</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#postgresql-backend">PostgreSQL backend</a><ul>
|
|
<li><a href="#fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol_1">Fixed: User under disabled domain is able to send email with smtp protocol</a></li>
|
|
<li><a href="#sql-structure-changes-in-vmail-database_1">SQL structure changes in vmail database</a></li>
|
|
<li><a href="#mlmmj-mailing-list-manager-integration_2">mlmmj (mailing list manager) integration</a></li>
|
|
<li><a href="#amavisd-add-new-sql-column-maddremail_raw-to-store-mail-address-without-address-extension_2">Amavisd: Add new SQL column maddr.email_raw to store mail address without address extension</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<div class="admonition note">
|
|
<p class="admonition-title">Paid Remote Upgrade Support</p>
|
|
<p>We offer remote upgrade support if you don't want to get your hands dirty,
|
|
check <a href="https://www.iredmail.org/support.html">the details</a> and
|
|
<a href="https://www.iredmail.org/contact.html">contact us</a>.</p>
|
|
</div>
|
|
<h2 id="changelog">ChangeLog</h2>
|
|
<ul>
|
|
<li>Mar 1, SQL structure changes in <code>vmail</code> database.</li>
|
|
<li>Feb 14, 2018: [SECURITY] Fixed: Nginx snippet file doesn't block access to Roundcube sensitive files.</li>
|
|
<li>Feb 11, 2018: netdata integration.</li>
|
|
<li>Feb 11, 2018: mlmmj & mlmmjadmin integration.</li>
|
|
<li>Feb 11, 2018: OpenBSD: Upgrade uwsgi to the latest 2.0.16</li>
|
|
<li>Jan 31, 2018: Fail2ban: new jail <code>postfix-pregreet</code>.</li>
|
|
<li>Jan 21, 2018: [LDAP] Update SOGo config file for per-domain global address book.</li>
|
|
<li>Jan 19, 2018: Update OpenLDAP config file to index new attributes and fix an ACL.</li>
|
|
<li>Jan 19, 2018: Update iRedMail LDAP schema file</li>
|
|
<li>Dec 18, 2017: Don't hard-code static file types in Nginx template for iRedAdmin.</li>
|
|
<li>Nov 24, 2017: Amavisd: Add new SQL column <code>maddr.email_raw</code> to store mail address without address extension.</li>
|
|
<li>Oct 6, 2017: Fixed: SOGo backup script contains 3 issues</li>
|
|
<li>Oct 6, 2017: [OPTIONAL] Fix improper expected DNSBL filter for site <code>b.barracudacentral.org</code></li>
|
|
<li>Oct 6, 2017: [OPTIONAL] Log mail subject, sender, size in mail deliver log.</li>
|
|
</ul>
|
|
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
|
|
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
|
|
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
|
|
installation, it's recommended to update this file after you upgraded iRedMail,
|
|
so that you can know which version of iRedMail you're running. For example:</p>
|
|
<pre><code>0.9.7
|
|
</code></pre>
|
|
|
|
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-22">Upgrade iRedAPD (Postfix policy server) to the latest stable release (2.2)</h3>
|
|
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
|
|
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
|
|
<h3 id="fixed-sogo-backup-script-contains-3-issues">Fixed: SOGo backup script contains 3 issues</h3>
|
|
<p>SOGo backup script <code>/var/vmail/backup/backup_sogo.sh</code> shipped in iRedMail-0.9.7
|
|
and earlier releases contains 3 issues:</p>
|
|
<ul>
|
|
<li>it cannot remove old backup files</li>
|
|
<li>it doesn't set correct owner and permission on backup files</li>
|
|
<li>it cannot find command <code>sogo-tool</code> on FreeBSD. This issue causes our script
|
|
didn't backup any sogo data on FreeBSD at all.</li>
|
|
</ul>
|
|
<p>To fix them, please download the latest version and override the one on your
|
|
system:</p>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>Script <code>backup_sogo.sh</code> uses <code>/var/vmail/backup</code> to store backup files by
|
|
default, if you use a different directory, please edit this file and modify
|
|
parameter <code>BACKUP_ROOTDIR=</code> to use the correct one.</p>
|
|
</div>
|
|
<pre><code>cd /var/vmail/backup/
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/tools/backup_sogo.sh
|
|
chown root backup_sogo.sh
|
|
chmod 0400 backup_sogo.sh
|
|
</code></pre>
|
|
|
|
<h3 id="fail2ban-new-jail-postfix-pregreet">Fail2ban: new jail <code>postfix-pregreet</code></h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>This is not applicable to OpenBSD because we don't have Fail2ban running on
|
|
OpenBSD.</p>
|
|
</div>
|
|
<p>Quote from <a href="http://www.postfix.org/POSTSCREEN_README.html#pregreet">Postfix website</a>:</p>
|
|
<blockquote>
|
|
<p>The SMTP protocol is a classic example of a protocol where the server speaks
|
|
before the client. postscreen(8) detects zombies that are in a hurry and that
|
|
speak before their turn.</p>
|
|
</blockquote>
|
|
<p>Many spammers are in a hurry to transfer message to your server, we'd
|
|
like to block them due to not follow RFC.</p>
|
|
<p>During mail server maintenance, we found many spammers from China mainland
|
|
cannot pass this pregreet test and all of them use <code>ylmf-pc</code> as HELO hostname.
|
|
it's very possible that they're running an illegal Windows XP system which were
|
|
installed with a malware Windows XP ISO image.</p>
|
|
<p>Steps to create this new Fail2ban jail:</p>
|
|
<ul>
|
|
<li>Create new file <code>/etc/fail2ban/filter.d/postfix-pregreet.iredmail.conf</code> with content
|
|
below:</li>
|
|
</ul>
|
|
<pre><code>[Definition]
|
|
|
|
# Block clients which cannot pass Postfix postscreen pregreet test.
|
|
# FYI: http://www.postfix.org/POSTSCREEN_README.html#pregreet
|
|
#
|
|
# The SMTP protocol is a classic example of a protocol where the server speaks
|
|
# before the client. postscreen(8) detects zombies that are in a hurry and that
|
|
# speak before their turn.
|
|
failregex = postscreen\[\d+\]: PREGREET .* from \[<HOST>\]:\d+:
|
|
|
|
# while setting up new account, Thunderbird doesn't wait for server connection
|
|
# greeting/banner, this causes Thunderbird cannot pass the Postfix pregreet
|
|
# test and caught by `failregex` rules listed above (the rule contains
|
|
# 'PREGREET' line).
|
|
# FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=538809#c41
|
|
ignoreregex = postscreen\[\d+\]: PREGREET .* from \[<HOST>\]:\d+: (EHLO|HELO) we-guess.mozilla.org
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>Create new file <code>/etc/fail2ban/jail.d/postfix-pregreet.local</code> with content
|
|
below:</p>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>Please make sure you're using correct Postfix log file in <code>logpath =</code>
|
|
parameter. On RHEL/CentOS/FreeBSD, it's <code>/var/log/maillog</code>. On
|
|
Debian/Ubuntu, it's <code>/var/log/mail.log</code>.</p>
|
|
</div>
|
|
</li>
|
|
</ul>
|
|
<pre><code>[postfix-pregreet-iredmail]
|
|
enabled = true
|
|
filter = postfix-pregreet.iredmail
|
|
logpath = /var/log/maillog
|
|
maxretry = 1
|
|
action = iptables-multiport[name=postfix, port="25", protocol=tcp]
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Restarting Fail2ban service is required.</li>
|
|
</ul>
|
|
<h3 id="fixed-nginx-snippet-file-hard-codes-static-file-types-for-iredadmin">Fixed: Nginx snippet file hard-codes static file types for iRedAdmin</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>This is only applicable to Nginx.</p>
|
|
</div>
|
|
<p>With default iRedMail settings, Nginx snippet file <code>/etc/nginx/templates/iredadmin.tmpl</code>
|
|
(on Linux/OpenBSD) or <code>/usr/local/etc/nginx/templates/iredadmin.tmpl</code> (on FreeBSD)
|
|
hard-codes static file types like below:</p>
|
|
<pre><code>location ~ ^/iredadmin/static/(.*)\.(png|jpg|gif|css|js) {
|
|
alias /var/www/iredadmin/static/$1.$2;
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Note: The path in <code>alias</code> directive is different on different Linux/BSD distributions.</p>
|
|
<p>Please replace it by:</p>
|
|
<pre><code>location ~ ^/iredadmin/static/(.*) { # Remove file types
|
|
alias /var/www/iredadmin/static/$1; # Remove '.$2'
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Reloading or restarting Nginx service is required.</p>
|
|
<h3 id="security-fixed-nginx-snippet-file-doesnt-block-access-to-roundcube-sensitive-files">[SECURITY] Fixed: Nginx snippet file doesn't block access to Roundcube sensitive files</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>This is only applicable to Nginx.</p>
|
|
</div>
|
|
<p>With default iRedMail settings, Nginx doesn't block access to Roundcube
|
|
sensitive files and <code>.htaccess</code> file, this may leak users' PGP keys.
|
|
Please follow steps below to fix it.</p>
|
|
<p>Please open file <code>/etc/nginx/templates/roundcube.tmpl</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/nginx/templates/roundcube.tmpl</code> (FreeBSD), add lines below
|
|
<strong>ABOVE</strong> any existing lines:</p>
|
|
<pre><code># Block access to default directories and files under these directories
|
|
location ~ /mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
|
|
|
|
# Block access to default files under top-directory and files start with same name.
|
|
location ~ /mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
|
|
|
|
# Block plugin config files and sample config files.
|
|
location ~ /mail/plugins/.*/config.inc.php.* { deny all; }
|
|
|
|
# Block access to plugin data
|
|
location ~ /mail/plugins/enigma/home($|/.*) { deny all; }
|
|
</code></pre>
|
|
|
|
<p>Please open file <code>/etc/nginx/templates/roundcube-subdomain.tmpl</code>
|
|
(Linux/OpenBSD) or <code>/usr/local/etc/nginx/templates/roundcube-subdomain.tmpl</code>
|
|
(FreeBSD), add lines below <strong>ABOVE</strong> any existing lines:</p>
|
|
<pre><code># Block access to default directories and files under these directories
|
|
location ~ /(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
|
|
|
|
# Block access to default files under top-directory and files start with same name.
|
|
location ~ /(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
|
|
|
|
# Block plugin config files and sample config files.
|
|
location ~ /plugins/.*/config.inc.php.* { deny all; }
|
|
|
|
# Block access to plugin data
|
|
location ~ /plugins/enigma/home($|/.*) { deny all; }
|
|
</code></pre>
|
|
|
|
<p>Open file <code>/etc/nginx/sites-available/00-default.conf</code> AND <code>00-default-ssl.conf</code>,
|
|
make sure template file <code>misc.tmpl</code> is loaded before other template files.
|
|
For example, your existing config file may look like this:</p>
|
|
<pre><code>server {
|
|
...
|
|
include /etc/nginx/templates/...;
|
|
include /etc/nginx/templates/...;
|
|
include /etc/nginx/templates/misc.tmpl;
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Please move the <code>misc.tmpl</code> line <strong>ABOVE</strong> any other <code>include</code> directive.
|
|
Final setting should look like this:</p>
|
|
<pre><code>server {
|
|
...
|
|
include /etc/nginx/templates/misc.tmpl;
|
|
include /etc/nginx/templates/...;
|
|
include /etc/nginx/templates/...;
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Note: Nginx in iRedMail-0.9.7 loads modular config files from
|
|
<code>/etc/nginx/sites-conf.d/default/</code> and <code>/etc/nginx/sites-conf.d/default-ssl/</code>
|
|
instead of storing all configurations for default web hosts in one file, in
|
|
this case you need to:</p>
|
|
<ul>
|
|
<li>rename file <code>/etc/nginx/sites-conf.d/default/99-include-tmpl-misc.conf</code> to
|
|
<code>/etc/nginx/sites-conf.d/default/1-include-tmpl-misc.conf</code>.</li>
|
|
<li>rename file <code>/etc/nginx/sites-conf.d/default-ssl/99-include-tmpl-misc.conf</code> to
|
|
<code>/etc/nginx/sites-conf.d/default-ssl/1-include-tmpl-misc.conf</code>.</li>
|
|
</ul>
|
|
<p>Restarting Nginx service is required.</p>
|
|
<h3 id="fix-unexpected-dnsbl-query-result-for-site-bbarracudacentralorg">Fix unexpected DNSBL query result for site <code>b.barracudacentral.org</code></h3>
|
|
<p>Postfix config file generated by iRedMail enables DNSBL service for postscreen
|
|
service like below:</p>
|
|
<pre><code>postscreen_dnsbl_sites =
|
|
zen.spamhaus.org=127.0.0.[2..11]*3
|
|
b.barracudacentral.org=127.0.0.[2..11]*2
|
|
</code></pre>
|
|
|
|
<p>but site <code>b.barracudacentral.org</code> returns only domain <code>127.0.0.2</code> (instead of
|
|
a range from <code>127.0.0.2</code> to <code>127.0.0.11</code>), so we should change the
|
|
<code>b.barracudacentral.org=127.0.0.[2..11]*2</code> line to:</p>
|
|
<pre><code>postscreen_dnsbl_sites =
|
|
zen.spamhaus.org=127.0.0.[2..11]*3
|
|
b.barracudacentral.org=127.0.0.2*2
|
|
</code></pre>
|
|
|
|
<p>Reloading or restarting Postfix is required.</p>
|
|
<h3 id="openbsd-upgrade-uwsgi-to-the-latest-2016">OpenBSD: Upgrade uwsgi to the latest 2.0.16</h3>
|
|
<p>uwsgi is the interface between Nginx and iRedAdmin, so if you're running
|
|
iRedAdmin, it's recommended to upgrade uwsgi to the latest version, 2.0.16.</p>
|
|
<p>Steps: Download the latest uwsgi, compile it, then restart uwsgi service.</p>
|
|
<pre><code>cd /root/
|
|
ftp https://projects.unbit.it/downloads/uwsgi-2.0.16.tar.gz
|
|
tar zxf uwsgi-2.0.16.tar.gz
|
|
cd uwsgi-2.0.16
|
|
python setup.py install
|
|
</code></pre>
|
|
|
|
<p>uwsgi should be succesfully installed, then restart uwsgi service:</p>
|
|
<pre><code>rcctl restart uwsgi
|
|
</code></pre>
|
|
|
|
<h3 id="optional-log-mail-subject-sender-size-in-mail-deliver-log">[OPTIONAL] Log mail subject, sender, size in mail deliver log</h3>
|
|
<p>If you may need to get more info of (locally) delivered mail messages,
|
|
Dovecot setting <code>deliver_log_format</code> can log extra mail subject, sender, and
|
|
message size in mail deliver log. Please append this setting in Dovecot config
|
|
file <code>dovecot.conf</code>, then restart or reload Dovecot service.
|
|
<em> On Linux/OpenBSD, it's <code>/etc/dovecot/dovecot.conf</code>
|
|
</em> On FreeBSD, it's <code>/usr/local/etc/dovecot/dovecot.conf</code></p>
|
|
<pre><code>deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, %$
|
|
</code></pre>
|
|
|
|
<h3 id="optional-integrate-netdata-fancy-system-monitor">[OPTIONAL] integrate netdata - fancy system monitor</h3>
|
|
<p>iRedMail-0.9.8 integrates netdata as an optional component, it's a fancy system
|
|
monitor to help you understand how your iRedMail server runs.</p>
|
|
<p>To integrate netdata, please follow our tutorial below:</p>
|
|
<ul>
|
|
<li><a href="./integration.netdata.linux.html">Integrate netdata monitor on Linux server</a></li>
|
|
<li><a href="./integration.netdata.freebsd.html">Integrate netdata monitor on FreeBSD server</a></li>
|
|
</ul>
|
|
<p>Unfortunately, netdata doesn't work on OpenBSD.</p>
|
|
<h2 id="openldap-backend">OpenLDAP backend</h2>
|
|
<h3 id="update-openldap-config-file-to-index-new-attributes-and-fix-an-acl">Update OpenLDAP config file to index new attributes and fix an ACL</h3>
|
|
<ul>
|
|
<li>
|
|
<p>Please open OpenLDAP config file <code>slapd.conf</code>:</p>
|
|
<ul>
|
|
<li>On RHEL/CentOS, it's <code>/etc/openldap/slapd.conf</code></li>
|
|
<li>On Debian/Ubuntu, it's <code>/etc/ldap/slapd.conf</code></li>
|
|
<li>On FreeBSD, it's <code>/usr/local/etc/openldap/slapd.conf</code></li>
|
|
<li>On OpenBSD:<ul>
|
|
<li>if you're running OpenLDAP, it's <code>/etc/openldap/slapd.conf</code>.</li>
|
|
<li>if you're running <code>ldapd(8)</code> as LDAP server, no need to fix ACL
|
|
issue (<code>access to dn.subtree=</code>), but still need to index new
|
|
attributes.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>find lines below:</p>
|
|
</li>
|
|
</ul>
|
|
<pre><code>access to dn.subtree="o=domains,dc=xxx,dc=xxx"
|
|
by anonymous auth
|
|
by self write
|
|
by dn.exact="cn=vmail,dc=xxx,dc=xxx" read
|
|
by dn.exact="cn=vmailadmin,dc=xxx,dc=xxx" write
|
|
by users none
|
|
</code></pre>
|
|
|
|
<p>Replace the last line <code>by users none</code> by:</p>
|
|
<pre><code> by users read
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Append lines below to the end of OpenLDAP config file <code>slapd.conf</code>:</li>
|
|
</ul>
|
|
<pre><code>index member,uniqueMember eq,pres
|
|
index mailingListID eq
|
|
</code></pre>
|
|
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>For OpenBSD <code>ldapd(8)</code> server, please add lines below inside the
|
|
<code>namespace xxx {}</code> block:</p>
|
|
<p><pre>
|
|
index member
|
|
index uniqueMember
|
|
index mailingListID
|
|
</pre></p>
|
|
</div>
|
|
<h3 id="update-iredmail-ldap-schema-file">Update iRedMail LDAP schema file</h3>
|
|
<p>iRedMail-0.9.8 introduces 1 new LDAP attribute for mailing list account:</p>
|
|
<ul>
|
|
<li><code>mailingListID</code>: used to store a server-wide unique id, currently is used
|
|
for mailing list subscription/unsubscription (a.k.a. newsletter).</li>
|
|
</ul>
|
|
<p>Download the latest iRedMail LDAP schema file</p>
|
|
<ul>
|
|
<li>On RHEL/CentOS:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/iredmail/iredmail.schema
|
|
|
|
cd /etc/openldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /etc/openldap/schema/
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On Debian/Ubuntu:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/iredmail/iredmail.schema
|
|
|
|
cd /etc/ldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /etc/ldap/schema/
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On FreeBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/iredmail/iredmail.schema
|
|
|
|
cd /usr/local/etc/openldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /usr/local/etc/openldap/schema/
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>On OpenBSD:</p>
|
|
<blockquote>
|
|
<p>Note: if you're running ldapd as LDAP server, the schema directory is
|
|
<code>/etc/ldap</code>, and service name is <code>ldapd</code>.</p>
|
|
</blockquote>
|
|
</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
ftp https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/iredmail/iredmail.schema
|
|
|
|
cd /etc/openldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /etc/openldap/schema/
|
|
</code></pre>
|
|
|
|
<h3 id="mlmmj-mailing-list-manager-integration">mlmmj (mailing list manager) integration</h3>
|
|
<p>iRedMail-0.9.8 integrates mlmmj as mailing list manager, please follow our
|
|
document below to integrate it:</p>
|
|
<ul>
|
|
<li><a href="./integration.mlmmj.ldap.html">Integrate mlmmj mailing list manager</a></li>
|
|
</ul>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>mlmmj is a core component since iRedMail-0.9.8.</p>
|
|
</div>
|
|
<h3 id="amavisd-add-new-sql-column-maddremail_raw-to-store-mail-address-without-address-extension">Amavisd: Add new SQL column <code>maddr.email_raw</code> to store mail address without address extension</h3>
|
|
<p>Many sender/recipient addresses contain address extension like
|
|
<code>user+extension@domain.com</code>, this is annoying if we try to get top 10
|
|
senders/recipients from Amavisd SQL database, because address
|
|
<code>user+ext1@domain.com</code> and <code>user+ext2@domain.com</code> are considered as different
|
|
user. To avoid this issue, we create a SQL trigger to store email address
|
|
without address extension in a new column <code>maddr.email_raw</code>. Please follow
|
|
steps below to apply the SQL structure change.</p>
|
|
<ul>
|
|
<li>Download SQL template file used to update SQL database:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp/
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/extra/update/0.9.8/amavisd.mysql
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Connect to MySQL server as MySQL root user, and execute SQL commands:</li>
|
|
</ul>
|
|
<pre><code>$ mysql amavisd
|
|
mysql> SOURCE /tmp/amavisd.mysql;
|
|
</code></pre>
|
|
|
|
<h3 id="update-sogo-config-file-for-per-domain-global-address-book">Update SOGo config file for per-domain global address book</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>With this change, user can only see other users in same domain. If this is
|
|
<strong>NOT</strong> what you expect, you should <strong>NOT</strong> apply this change.</p>
|
|
</div>
|
|
<p>SOGo is configured by iRedMail to query all users on server while performing
|
|
account search (e.g. global address book, meeting attendees), this may be not
|
|
what you expect if you host multiple mail domains and they should not see
|
|
others on same server. Please follow steps below to fix it.</p>
|
|
<ul>
|
|
<li>Open SOGo config file <code>/etc/sogo/sogo.conf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/sogo/sogo.conf</code> (FreeBSD), find lines like below:</li>
|
|
</ul>
|
|
<pre><code> {
|
|
// Used for global address book
|
|
type = ldap;
|
|
id = global_addressbook;
|
|
canAuthenticate = NO;
|
|
isAddressBook = YES;
|
|
displayName = "Global Address Book";
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Add one line after the <code>displayName =</code> line:</li>
|
|
</ul>
|
|
<pre><code> bindAsCurrentUser = YES;
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Restarting SOGo service is required to apply this change.</li>
|
|
</ul>
|
|
<h2 id="mysqlmariadb-backends">MySQL/MariaDB backends</h2>
|
|
<h3 id="fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol">Fixed: User under disabled domain is able to send email with smtp protocol</h3>
|
|
<p>Dovecot is IMAP/POP3/Managesieve server, also a SASL auth server for Postfix.
|
|
If mail domain is disabled, users under this domain are not able to use
|
|
IMAP/POP3/Managesieve services, but there's a bug in Dovecot SQL query
|
|
configured by iRedMail, it doesn't check domain status while performing smtp
|
|
sasl auth. Please follow steps below to fix it.</p>
|
|
<ul>
|
|
<li>Open file <code>/etc/dovecot/dovecot-mysql.conf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/dovecot/dovecot-mysql.conf</code> (FreeBSD), find the
|
|
<code>password_query</code> line like below:</li>
|
|
</ul>
|
|
<pre><code>password_query = SELECT password, allow_nets FROM mailbox WHERE username='%u' AND enable%Ls%Lc=1 AND active=1
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Replace it by lines below:</li>
|
|
</ul>
|
|
<pre><code>password_query = SELECT mailbox.password, mailbox.allow_nets \
|
|
FROM mailbox,domain \
|
|
WHERE mailbox.username='%u' \
|
|
AND mailbox.`enable%Ls%Lc`=1 \
|
|
AND mailbox.active=1 \
|
|
AND mailbox.domain=domain.domain \
|
|
AND domain.backupmx=0 \
|
|
AND domain.active=1
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Save your change and restart Dovecot service.</li>
|
|
</ul>
|
|
<h3 id="sql-structure-changes-in-vmail-database">SQL structure changes in <code>vmail</code> database</h3>
|
|
<p>We've made some changes to <code>vmail</code> database:</p>
|
|
<ul>
|
|
<li>Drop sql column <code>mailbox.local_part</code>. This column was inherited from
|
|
PostfixAdmin, but iRedMail didn't use it at all.</li>
|
|
<li>Rename table <code>alias_moderators</code> to <code>moderators</code>. Used to store moderators of
|
|
both mail alias accounts and mailing lists.</li>
|
|
<li>Add new column <code>domain.maillists</code>. Used to store per-domain limit of mailing
|
|
list accounts. Note: this is majorly used by iRedAdmin-Pro.</li>
|
|
<li>Add new column <code>forwardings.is_maillist</code>.</li>
|
|
<li>Add new table <code>maillists</code>, used by our new mailing list manager software - mlmmj.</li>
|
|
</ul>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Warning</p>
|
|
<p>Please backup SQL database <code>vmail</code> before you run any SQL commands below.</p>
|
|
<p><code>bash /var/vmail/backup/backup_mysql.sh</code></p>
|
|
</div>
|
|
<p>Download SQL template file used to update SQL database:</p>
|
|
<pre><code>cd /root/
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/extra/update/0.9.8/iredmail.mysql
|
|
</code></pre>
|
|
|
|
<p>Connect to MySQL server as MySQL root user, and execute SQL commands:</p>
|
|
<pre><code>mysql vmail < /root/iredmail.mysql
|
|
</code></pre>
|
|
|
|
<h3 id="mlmmj-mailing-list-manager-integration_1">mlmmj (mailing list manager) integration</h3>
|
|
<p>iRedMail-0.9.8 integrates mlmmj as mailing list manager, please follow our
|
|
document below to integrate it:</p>
|
|
<ul>
|
|
<li><a href="./integration.mlmmj.mysql.html">Integrate mlmmj mailing list manager</a></li>
|
|
</ul>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>mlmmj is a core component since iRedMail-0.9.8.</p>
|
|
</div>
|
|
<h3 id="amavisd-add-new-sql-column-maddremail_raw-to-store-mail-address-without-address-extension_1">Amavisd: Add new SQL column <code>maddr.email_raw</code> to store mail address without address extension</h3>
|
|
<p>Many sender/recipient addresses contain address extension like
|
|
<code>user+extension@domain.com</code>, this is annoying if we try to get top 10
|
|
senders/recipients from Amavisd SQL database, because address
|
|
<code>user+ext1@domain.com</code> and <code>user+ext2@domain.com</code> should be considered as same
|
|
user, but it's not. To avoid this issue, we create a SQL trigger to store email
|
|
address without address extension in a new column <code>maddr.email_raw</code>. Steps:</p>
|
|
<ul>
|
|
<li>Download SQL template file used to update SQL database:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp/
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/extra/update/0.9.8/amavisd.mysql
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Connect to MySQL server as MySQL root user, and execute SQL commands:</li>
|
|
</ul>
|
|
<pre><code># mysql amavisd
|
|
sql> SOURCE /tmp/amavisd.mysql;
|
|
</code></pre>
|
|
|
|
<h2 id="postgresql-backend">PostgreSQL backend</h2>
|
|
<h3 id="fixed-user-under-disabled-domain-is-able-to-send-email-with-smtp-protocol_1">Fixed: User under disabled domain is able to send email with smtp protocol</h3>
|
|
<p>Dovecot is IMAP/POP3/Managesieve server, also a SASL auth server for Postfix.
|
|
If mail domain is disabled, users under this domain are not able to use
|
|
IMAP/POP3/Managesieve services, but there's a bug in Dovecot SQL query
|
|
configured by iRedMail, it doesn't check domain status while performing smtp
|
|
sasl auth. Please follow steps below to fix it.</p>
|
|
<ul>
|
|
<li>Open file <code>/etc/dovecot/dovecot-pgsql.conf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/dovecot/dovecot-pgsql.conf</code> (FreeBSD), find the
|
|
<code>password_query</code> line like below:</li>
|
|
</ul>
|
|
<pre><code>password_query = SELECT password, allow_nets FROM mailbox WHERE username='%u' AND enable%Ls%Lc=1 AND active=1
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Replace it by lines below:</li>
|
|
</ul>
|
|
<pre><code>password_query = SELECT mailbox.password, mailbox.allow_nets \
|
|
FROM mailbox,domain \
|
|
WHERE mailbox.username='%u' \
|
|
AND mailbox."enable%Ls%Lc"=1 \
|
|
AND mailbox.active=1 \
|
|
AND mailbox.domain=domain.domain \
|
|
AND domain.backupmx=0 \
|
|
AND domain.active=1
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Save your change and restart Dovecot service.</li>
|
|
</ul>
|
|
<h3 id="sql-structure-changes-in-vmail-database_1">SQL structure changes in <code>vmail</code> database</h3>
|
|
<p>We've made some changes to <code>vmail</code> database:</p>
|
|
<ul>
|
|
<li>Drop sql column <code>mailbox.local_part</code>. This column was inherited from
|
|
PostfixAdmin, but iRedMail didn't use it at all.</li>
|
|
<li>Rename table <code>alias_moderators</code> to <code>moderators</code>. Used to store moderators of
|
|
both mail alias accounts and mailing lists.</li>
|
|
<li>Add new column <code>domain.maillists</code>. Used to store per-domain limit of mailing
|
|
list accounts. Note: this is majorly used by iRedAdmin-Pro.</li>
|
|
<li>Add new column <code>forwardings.is_maillist</code>.</li>
|
|
<li>Add new table <code>maillists</code>, used by our new mailing list manager software - mlmmj.</li>
|
|
</ul>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Warning</p>
|
|
<p>Please backup SQL database <code>vmail</code> before you run any SQL commands below.</p>
|
|
<p><code>bash /var/vmail/backup/backup_pgsql.sh</code></p>
|
|
</div>
|
|
<p>Download SQL template file used to update SQL database:</p>
|
|
<pre><code>cd /root/
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/extra/update/0.9.8/iredmail.pgsql
|
|
</code></pre>
|
|
|
|
<p>Connect to PostgreSQL server as <code>postgres</code> user and import the SQL file:
|
|
<em> on Linux, it's <code>postgres</code> user
|
|
</em> on FreeBSD, it's <code>pgsql</code> user
|
|
* on OpenBSD, it's <code>_postgresql</code> user</p>
|
|
<pre><code>su - postgres
|
|
psql -d vmail < /root/iredmail.mysql
|
|
</code></pre>
|
|
|
|
<h3 id="mlmmj-mailing-list-manager-integration_2">mlmmj (mailing list manager) integration</h3>
|
|
<p>iRedMail-0.9.8 integrates mlmmj as mailing list manager, please follow our
|
|
document below to integrate it:</p>
|
|
<ul>
|
|
<li><a href="./integration.mlmmj.mysql.html">Integrate mlmmj mailing list manager</a></li>
|
|
</ul>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>mlmmj is a core component since iRedMail-0.9.8.</p>
|
|
</div>
|
|
<h3 id="amavisd-add-new-sql-column-maddremail_raw-to-store-mail-address-without-address-extension_2">Amavisd: Add new SQL column <code>maddr.email_raw</code> to store mail address without address extension</h3>
|
|
<p>Many sender/recipient addresses contain address extension like
|
|
<code>user+extension@domain.com</code>, this is annoying if we try to get top 10
|
|
senders/recipients from Amavisd SQL database, because address
|
|
<code>user+ext1@domain.com</code> and <code>user+ext2@domain.com</code> should be considered as same
|
|
user, but it's not. To avoid this issue, we create a SQL trigger to store email
|
|
address without address extension in a new column <code>maddr.email_raw</code>. Steps:</p>
|
|
<ul>
|
|
<li>Download SQL template file used to update SQL database:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp/
|
|
wget https://bitbucket.org/zhb/iredmail/raw/default/extra/update/0.9.8/amavisd.pgsql
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Run shell commands as root user below to connect to PostgreSQL server:</li>
|
|
</ul>
|
|
<pre><code># su - postgres
|
|
$ psql -U amavisd -d vmail
|
|
sql> \i /tmp/amavisd.pgsql
|
|
</code></pre><div class="footer">
|
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
|
</div>
|
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
|
<script>
|
|
window.dataLayer = window.dataLayer || [];
|
|
function gtag(){dataLayer.push(arguments);}
|
|
gtag('js', new Date());
|
|
|
|
gtag('config', 'UA-3293801-21');
|
|
</script>
|
|
</body></html> |