2017-11-17 11:48:44 +08:00

24 KiB

Upgrade iRedMail from 0.5.1 to 0.6.0



We provide remote upgrade service, check the price and contact us.

  • 2010-06-19: Fixed: Add new column in MySQL database after upgarding PostfixAdmin.
  • 2010-06-18: [OpenLDAP] New: Index missed LDAP attributes.
  • 2010-06-03: Fixed: Forget to add new parameter to enable domain alias management in PostfixAdmin.
  • 2010-06-02: Fixed: incorrect config file of phpLDAPadmin. Thanks billybons2006@forum.
  • 2010-06-02: Fixed: incorrect PostfixAdmin config file. Thanks hata_ph@forum.

General (All backends should apply these steps)

Apply hotfix for iRedMail-0.5.1

Add missing MySQL table (Debian/Ubuntu only)

Note: This step is applicable to only Debian/Ubuntu.

You should manually import another MySQL table if you are using below distributions:

  • Debian 5
  • Ubuntu 8.04
  • Ubuntu 9.04
$ mysql -uroot -p postfixpolicyd
mysql> SOURCE /usr/share/dbconfig-common/data/postfix-policyd/upgrade/mysql/1.73-1;
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON postfixpolicyd.* TO postfix-policyd@localhost;
mysql> quit;

It will create a new table postfixpolicyd.blacklist_dnsname. Used to block emails sent from blacklist_dnsname in Policyd,

Upgrade Roundcube webmail to 0.3.1

Roundcube-0.3.1 brings new features and better performance, all users are encouraged to upgrade it.

To upgrade roundcube to 0.3.1, we should:

  • Backup current roundcube installation.
  • Download roundcube source tarball: roundcubemail-0.3.1.tar.gz, and uncompress it.
  • Copy it to apache server root directory.
  • Upgrade SQL database.
  • Replace symbol link by new version.
  • Create new config files and synchronize settings from old configuration files.
  • Enable necessary plugins.
  • Restart apache web server
  • [Next Step] Configure plugin (managesieve) to allow user to customize mail filter rule.

Steps to upgrade it:

  • Backup current roundcube installation.

    • We should backup roundcubemail database in MySQL. If upgrade failed, we can recovery it from this backup copy.
    • Backing up installation files is not required since we won't move or override them during upgrade procedure.
$ mysqldump -uroot -p --default-character-set=utf8 roundcubemail > /opt/roundcubemail-old.sql

File /opt/roundcubemail-old.sql is the backup copy of current roundcubemail database.

# cd /root/
# tar zxf roundcubemail-0.3.1.tar.gz
  • Copy it to apache server root directory:
# ---- On RHEL/CentOS ----
# cp -rf /root/roundcubemail-0.3.1 /var/www/

# ---- On Debian/Ubuntu ----
# cp -rf /root/roundcubemail-0.3.1 /usr/share/apache2/
  • Remove old symbol link, and create a new one:
# ---- On RHEL/CentOS ----
# cd /var/www/
# rm -i roundcubemail        # Do not use command 'rm' with '-r' flag here.
# ln -s roundcubemail-0.3.1 roundcubemail

# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/
# rm -i roundcubemail
# ln -s roundcubemail-0.3.1 roundcubemail
  • Upgrade SQL database.
# ---- On RHEL/CentOS ----
# mysql -uroot -p
mysql> USE roundcubemail;
mysql> SOURCE /var/www/roundcubemail/SQL/mysql.update.sql;
mysql> quit;

# ---- On Debian/Ubuntu ----
# mysql -uroot -p
mysql> USE roundcubemail;
mysql> SOURCE /usr/share/apache2/roundcubemail/SQL/mysql.update.sql;
mysql> quit;
  • Create new config files and synchronize settings from old configuration files.
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/config/
# cp        # Database config file.
# cp        # Main config file.

# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/config/
# cp        # Database config file.
# cp        # Main config file.

Sync database config file with below config parameters:

# Part of file:  roundcubemail/config/

$rcmail_config['db_dsnw'] =

Sync config parameters in main config file Roundcube 0.3.1 has some new config parameters in main config file, but you can use most of them with default values. What we need to do is syncing config parameters from old installation.

$rcmail_config['enable_installer'] = FALSE;
$rcmail_config['check_all_folders'] = TRUE;
$rcmail_config['default_host'] =
$rcmail_config['smtp_server'] =
$rcmail_config['smtp_user'] = "%u";
$rcmail_config['smtp_pass'] = "%p";
$rcmail_config['smtp_auth_type'] = "LOGIN";
$rcmail_config['username_domain'] =
$rcmail_config['language'] =
$rcmail_config['enable_spellcheck'] =
$rcmail_config['default_charset'] = "UTF-8";
$rcmail_config['useragent'] = "RoundCube WebMail";
$rcmail_config['create_default_folders'] = TRUE;
$rcmail_config['mime_param_folding'] = 1;
$rcmail_config['identities_level'] = 3;
$rcmail_config['preview_pane'] = TRUE;
$rcmail_config['quota_zero_as_unlimited'] = TRUE;
$rcmail_config['log_driver'] = "syslog";
$rcmail_config['syslog_id'] = "roundcube";
$rcmail_config['syslog_facility'] = LOG_MAIL;
$rcmail_config['log_logins'] = TRUE;
$rcmail_config['delete_always'] = TRUE;

# ---- Global LDAP Address Book ----
# You can simply copy from old config file.
  • Enable necessary plugins.

Roundcube 0.3.1 officially ships some plugins, currently, we need two plugins: password, managesieve. List them in main config file:

# Part of file: roundcubemail/config/

$rcmail_config['plugins'] = array("password", "managesieve",);

Plugin name is same as folder name under roundcubemail/plugins/ directory, and we have to config plugins separately.

  • Restart apache web server.
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart

# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart

Steps to patch your roundcube 0.3.1:

  • On RHEL/CentOS:
# cd /tmp/
# wget
# wget
# cd /var/www/roundcubemail/
# patch -p0 < /tmp/roundcube-CVE-2010-0464.patch
# patch -p0 < /tmp/managesieve_rule_width_on_safari.patch
  • On Debian/Ubuntu:
# cd /tmp/
# wget
# wget
# cd /usr/share/apache2/roundcubemail/
# patch -p0 < /tmp/roundcube-CVE-2010-0464.patch
# patch -p0 < /tmp/managesieve_rule_width_on_safari.patch

Configure plugin for mail filter rules: managesieve

Roundcube 0.3.1 officially ships a plugin to allow users to customize mail filter rule: managesieve. To make it work, we should generate new config file and config necessary parameters.

  • Change current directory to plugin directory:
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/plugins/managesieve/
# cp

# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/plugins/managesieve/
# cp
  • Configure plugin in
# Part of file: roundcubemail/plugins/managesieve/

$rcmail_config['managesieve_port'] = 2000; 
$rcmail_config['managesieve_host'] = "";
$rcmail_config['managesieve_usetls'] = false;
$rcmail_config['managesieve_default'] = "/var/vmail/sieve/dovecot.sieve";
  • Make sure this plugin is enabled/listed in roundcube main config file: roundcubemail/config/
# Part of file: roundcubemail/config/

$rcmail_config['plugins'] = array("password", "managesieve",);

Upgrade phpMyAdmin to 2.11.10

phpMyAdmin doesn't require additional config, you can simply download new version and copy old config file into new version.

  • Download new version and uncompress it:
# cd /root/
# wget
# tar xjf phpMyAdmin-2.11.10-all-languages.tar.bz2
  • Copy it to apache server root directory, remove old symbol link and create a new one, copy old config file into new version:
# ---- On RHEL/CentOS ----
# cp -rf /root/phpMyAdmin-2.11.10-all-languages /var/www/
# cd /var/www/
# rm -i phpmyadmin
# ln -s phpMyAdmin-2.11.10-all-languages phpmyadmin
# cp phpMyAdmin-OLD-VERSION/ phpmyadmin/

# ---- On Debian/Ubuntu ----
# cp -rf /root/phpMyAdmin-2.11.10-all-languages /usr/share/apache2/
# cd /usr/share/apache2/
# rm -i phpmyadmin
# ln -s phpMyAdmin-2.11.10-all-languages phpmyadmin
# cp phpMyAdmin-OLD-VERSION/ phpmyadmin/
  • It's recommended to restart apache web server:
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart

# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart

OpenLDAP backend only

Use newest schema file

NOTE: New LDAP schema provides several new attributes, but it's backwards compatibility, it's SAFE to replace the old one without additional operations.

To use the newest iRedMail ldap schem file, we have to:

  • Download the newest iRedMail ldap schema file
  • Copy old ldap schema file as a backup copy
  • Replace the old one
  • Restart OpenLDAP service.

Here we go:

  • On RHEL/CentOS:
# cd /tmp
# wget

# cd /etc/openldap/schema/
# cp iredmail.schema iredmail.schema.bak

# mv -i /tmp/iredmail.schema /etc/openldap/schema/
# /etc/init.d/ldap restart
  • On Debian/Ubuntu:
# cd /tmp
# wget

# cd /etc/ldap/schema/
# cp iredmail.schema iredmail.schema.bak

# mv -i /tmp/iredmail.schema /etc/ldap/schema/
# /etc/init.d/slapd restart

Include Amavisd LDAP schema file in OpenLDAP

We're starting to provide better Amavisd integration in iRedMail, e.g. per-user blacklist/whitelist, anti-spam and anti-virus settings.

Since Amavisd can read per-user settings which stored in LDAP, we have to include Amavisd LDAP schema file in OpenLDAP.

NOTE: Amavisd LDAP schema file is installed in OpenLDAP schema directory during installing Amavisd-new, so we don't need to copy/move it.

  • On RHEL/CentOS, edit /etc/openldap/slapd.conf and append Amavisd schema file before iredmail.schema:
# Part of file: /etc/openldap/slapd.conf

# Integrate Amavisd-new.
include     /etc/openldap/schema/amavisd-new.schema
include     /etc/openldap/schema/iredmail.schema

Restart OpenLDAP service to make it work:

# /etc/init.d/ldap restart
  • On Debian/Ubuntu, edit /etc/ldap/slapd.conf and append Amavisd schema file before iredmail.schema:
# part of file: /etc/ldap/slapd.conf

# Integrate Amavisd-new.
include     /etc/ldap/schema/amavis.schema
include     /etc/ldap/schema/iredmail.schema

Restart OpenLDAP service to make it work:

# /etc/init.d/slapd restart

Index missed attributes

We will search email address which stored in attribute shadowAddress, so make sure you have shadowAddress indexed in OpenLDAP configure file like this:

# Part of file: slapd.conf

index shadowAddress eq,pres,sub

If shadowAddress already exists in slapd.conf, you don't need to do additional operations. If you add them now, you have to initially index this attribute manually now.

  • Stop OpenLDAP service first.
# ---- On RHEL/CentOS ----
# /etc/init.d/ldap stop

# ---- On Debian/Ubuntu ----
# /etc/init.d/slapd stop
  • Execute 'slapindex' to index all attributes:
# ---- On RHEL/CentOS ----
# slapindex -f /etc/openldap/slapd.conf

# ---- On Debian/Ubuntu ----
# slapindex -f /etc/ldap/slapd.conf
  • Start OpenLDAP service now.
# ---- On RHEL/CentOS ----
# /etc/init.d/ldap start

# ---- On Debian/Ubuntu ----
# /etc/init.d/slapd start

Add missing LDAP attribute/value

iRedMail-0.6.0 requires some more values of attribute enabledService and objectClass:

  • enabledService=sieve
  • enabledService=sievesecured
  • enabledService=internal
  • objectClass=amavisAccount

Both enabledService=sieve and enabledService=sievesecured are used in Dovecot-1.2.x, for builtin managesieve service. enabledService=internal is used for shared IMAP folder. objectClass=amavisAccount is used for Amavisd-new integration, for example, per-user anti-spam settings, anti-virus control.


  • Download python script used to adding missing values.
# cd /root/
# wget
  • Open, config below parameters in file head:
# Part of file:

uri = 'ldap://'
basedn = 'o=domains,dc=iredmail,dc=org'
bind_dn = 'cn=vmailadmin,dc=iredmail,dc=org'
bind_pw = 'passwd'

You can find required LDAP credential in iRedAdmin config file or file under your iRedMail installation directory. Using either cn=Manager,dc=xx,dc=xx or cn=vmailadmin,dc=xx,dc=xx as bind dn is ok.

  • Execute this script, it will add missing values for mail accounts:
# python

Add shadowAddress support for mail alias

  • Update postfix mysql lookup file: /etc/postfix/
# Part of file: /etc/postfix/

query_filter = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))

# - Added: shadowAddress=%s
# - Removed: objectClass=mailList. It's impossible to add shadow address support for mail list.
query_filter = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))

Note: We add shadowAddress support for mail alias here, and remove shadowAddress support for mail list. Because mail list doesn't support this feature.

Add catch-all account support

NOTE: This is required by iRedAdmin-Pro-1.2.0.

  • Change your postfix setting in /etc/postfix/
# Part of file: /etc/postfix/

virtual_alias_maps =
    proxy:ldap:/etc/postfix/,      # <-- Add this line.
    proxy:ldap:/etc/postfix/          # <-- Add this line.
  • File /etc/postfix/ already exists by default, so what you need to do is adding new file: /etc/postfix/
# File: /etc/postfix/

# WARNING: Please REPLACE bind_dn, bind_pw, search_base below, you can find
#          them in /etc/postfix/ldap_*.cf.
server_host     =
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=iredmail,dc=org
bind_pw         = JnvF4UQheMdImdXYnRVEgKpsdCXJy3
search_base     = domainName=%d,o=domains,dc=iredmail,dc=org
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(mail=@%d))
result_attribute= mailForwardingAddress
debuglevel      = 0
  • Restart postfix service to make it work. # /etc/init.d/postfix restart

Roundcube Webmail plugin: change password stored in OpenLDAP

Password plugin which officially shipped in Roundcubemail-0.3.1 requires php-pear and Net_LDAP2, so we have to:

  • Generate a new config file and config necessary parameters.
  • Force upgrade php-pear to support password plugin on RHEL/CentOS 5 (Not required on Debian/Ubuntu)
  • Install php-mhash to provide hash algorithms such as MD5, SHA1, GOST, and many others. (Not required on Debian/Ubuntu)
  • Install php pear package: Net_LDAP2.
  • Restart Apache web service.


  • Generate a new config file:
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/plugins/password/
# cp

# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/plugins/password/
# cp
  • Config it:
# Part of file: roundcubemail/plugins/password/

$rcmail_config['password_driver'] = "ldap";
$rcmail_config['password_confirm_current'] = true;
$rcmail_config['password_minimum_length'] = 6;
$rcmail_config['password_require_nonalpha'] = false;

$rcmail_config['password_ldap_host'] = "";
$rcmail_config['password_ldap_port'] = "389";
$rcmail_config['password_ldap_starttls'] = false;
$rcmail_config['password_ldap_version'] = "3";
$rcmail_config['password_ldap_basedn'] = "o=domains,dc=iredmail,dc=org";    # REPLACE THIS BY YOUR OWN BASE DN
$rcmail_config['password_ldap_method'] = "user";
$rcmail_config['password_ldap_adminDN'] = "null";
$rcmail_config['password_ldap_adminPW'] = "null";

$rcmail_config['password_ldap_userDN_mask'] = "mail=%login,ou=Users,domainName=%domain,o=domains,dc=iredmail,dc=org";

$rcmail_config['password_ldap_encodage'] = "ssha";
$rcmail_config['password_ldap_pwattr'] = "userPassword";
$rcmail_config['password_ldap_force_replace'] = false;
  • Upgrade php-pear and install pear package: Net_LDAP2.
# ---- On RHEL/CentOS ----
# pear upgrade --force pear
# pear install Net_LDAP2
# yum install php-mhash           # Please make sure you have iRedMail yum repository enabled.
# /etc/init.d/httpd restart       # Restart Apache web service.

# ---- On Debian/Ubuntu ----
# pear install Net_LDAP2
# /etc/init.d/apache2 restart       # Restart Apache web service.

Upgrade phpLDAPadmin to

phpLDAPadmin doesn't require additional config, you can simply download new version and copy sample config file to make it work.

  • Download new version and uncompress it:
# cd /root/
# wget
# tar zxf phpldapadmin-
  • Copy it to apache server root directory, remove old symbol link and create a new one, copy old config file into new version:
# ---- On RHEL/CentOS ----
# cp -rf /root/phpldapadmin- /var/www/
# cd /var/www/
# rm -i phpldapadmin
# ln -s phpldapadmin- phpldapadmin
# cd phpldapadmin/config/
# cp config.php.example config.php

# ---- On Debian/Ubuntu ----
# cp -rf /root/phpldapadmin- /usr/share/apache2/
# cd /usr/share/apache2/
# rm -i phpldapadmin
# ln -s phpldapadmin- phpldapadmin
# cd phpldapadmin/config/
# cp config.php.example config.php
  • Edit config file to hide template warning messages: phpldapadmin/config/config.php.
# Part of file: phpldapadmin/config/config.php

# Search 'hide_template_warning' in config file, uncomment below line, and change value to 'true'.
$config->custom->appearance['hide_template_warning'] = true;
  • It's recommended to restart apache web server:
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart

# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart

MySQL backend only

Add missing SQL columns in vmail.mailbox

iRedMail-0.6.0 adds a new SQL column in vmail.mailbox table: enableinternal. This is used in Dovecot, e.g. shared IMAP folders, etc.

$ mysql -uroot -p
mysql> USE vmail;
mysql> ALTER TABLE mailbox ADD COLUMN enableinternal TINYINT(1) NOT NULL DEFAULT '1';
mysql> quit;

Domain alias support

Note: You can use PostfixAdmin-2.3 to manage domain alias. iRedAdmin-Pro for MySQL backend will support this feature later.

  • Save below lines in temporary file: /tmp/upgrade_iredmail.sql:
    `alias_domain` varchar(255) NOT NULL,
    `target_domain` varchar(255) NOT NULL,
    `created` datetime NOT NULL default '0000-00-00 00:00:00',
    `modified` datetime NOT NULL default '0000-00-00 00:00:00',
    `active` tinyint(1) NOT NULL default '1',
    PRIMARY KEY  (`alias_domain`),
    KEY `active` (`active`),
    KEY `target_domain` (`target_domain`)
  • Import missing MySQL table in vmail database with above temporary file:
# mysql -uroot -p
mysql> USE vmail;
mysql> SOURCE /tmp/upgrade_iredmail.sql;
  • Update postfix config in /etc/postfix/
# Part of file: /etc/postfix/

# ---- OLD SETTING ----
virtual_alias_maps = proxy:mysql:/etc/postfix/

# ---- NEW SETTING ----
virtual_alias_maps =
  • Add new file: /etc/postfix/
# File: /etc/postfix/

# WARNING: REPLACE password below. You can find it in /etc/postfix/mysql_*.cf.
user        = vmail
password    = YOUR_MYSQL_BIND_PW
hosts       = localhost
port        = 3306
dbname      = vmail
query       = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND = 1 AND'1'

Roundcube Webmail plugin: change password

  • Generate a new config file:
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/plugins/password/
# cp

# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/plugins/password/
# cp
  • Config it:
# Part of file: roundcubemail/plugins/password/

$rcmail_config['password_driver'] = "sql";
$rcmail_config['password_confirm_current'] = true;
$rcmail_config['password_minimum_length'] = 6;
$rcmail_config['password_require_nonalpha'] = false;

$rcmail_config['password_db_dsn'] = 'mysqli://roundcube:REPLACE_YOUR_PASSWORD_HERE@localhost/vmail';
$rcmail_config['password_query'] = 'UPDATE vmail.mailbox SET password=%c,modified=NOW() WHERE username=%u LIMIT 1';
$rcmail_config['password_hash_algorithm'] = 'md5crypt';
$rcmail_config['password_hash_base64'] = false;

Upgrade PostfixAdmin to 2.3

To upgrade PostfixAdmin to 2.3, we should:

  • Download and uncompress new version.
  • Copy new version to apache server root directory.
  • Copy config file from old version.
  • Add new column in MySQL database.
  • Restart apache web server. (Optional, but is recommended.)


  • Download and uncompress new version:
# cd /root/
# wget
# tar zxf postfixadmin_2.3.tar.gz
  • Copy new version to apache server root directory, create new symbol link and copy old config file:
# ---- On RHEL/CentOS ----
# cp -rf /root/postfixadmin-2.3 /var/www/
# cd /var/www/
# cp postfixadmin/config.local.php postfixadmin-2.3/
# rm -i postfixadmin
# ln -s postfixadmin-2.3 postfixadmin

# ---- On Debian/Ubuntu ----
# cp -rf /root/postfixadmin-2.3 /usr/share/apache2/
# cd /usr/share/apache2/
# cp postfixadmin/config.local.php postfixadmin-2.3/
# rm -i postfixadmin
# ln -s postfixadmin-2.3 postfixadmin
  • Add one more parameter in postfixadmin/config.local.php to enable domain alias management:
# Part of file: postfixadmin/config.local.php

$CONF['alias_domain'] = 'YES';
  • Add new column in MySQL database.
# mysql -uroot -p
mysql> USE vmail;
mysql> ALTER TABLE mailbox ADD local_part VARCHAR(255) NOT NULL DEFAULT '';
mysql> UPDATE mailbox SET local_part = substring_index(username, '@', 1);
  • Restart apache web server.
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart

# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart