1230 lines
38 KiB
HTML
1230 lines
38 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>iRedMail Easy: Release Notes</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="https://www.iredmail.org" target="_blank">
|
|
<img alt="iRedMail web site"
|
|
src="./images/logo-iredmail.png"
|
|
style="vertical-align: middle; height: 30px;"
|
|
/>
|
|
<span>iRedMail</span>
|
|
</a>
|
|
// <a href="./index.html">Document Index</a></div><h1 id="iredmail-easy-release-notes">iRedMail Easy: Release Notes</h1>
|
|
<div class="toc">
|
|
<ul>
|
|
<li><a href="#iredmail-easy-release-notes">iRedMail Easy: Release Notes</a><ul>
|
|
<li><a href="#20200626">Version: 2020062601 (Jun 26, 2020)</a></li>
|
|
<li><a href="#20200430">Version: 2020043001 (Apr 30, 2020)</a></li>
|
|
<li><a href="#20200416">Version: 2020041601 (Apr 16, 2020)</a></li>
|
|
<li><a href="#20200210">Version: 2020021001 (Feb 10, 2020)</a></li>
|
|
<li><a href="#20191210">Version: 2019121301 (Dec 13, 2019)</a></li>
|
|
<li><a href="#20191210">Version: 2019121001 (Dec 10, 2019)</a></li>
|
|
<li><a href="#20191209">Version: 2019120901 (Dec 09, 2019)</a></li>
|
|
<li><a href="#20191112">Version: 2019111201 (Nov 12, 2019)</a></li>
|
|
<li><a href="#20191022">Version: 2019102201 (Oct 22, 2019)</a></li>
|
|
<li><a href="#20190906">Version: 2019090601 (Sep 06, 2019)</a></li>
|
|
<li><a href="#20190802">Version: 2019080201 (Aug 02, 2019)</a></li>
|
|
<li><a href="#20190801">Version: 2019080101 (Aug 01, 2019)</a></li>
|
|
<li><a href="#20190715">Version: 2019071501 (Jul 15, 2019)</a></li>
|
|
<li><a href="#20190606">Version: 2019060601 (Jun 06, 2019)</a></li>
|
|
<li><a href="#20190428">Version: 2019042801 (Apr 28, 2019)</a></li>
|
|
<li><a href="#20190402">Version: 2019040201 (Apr 02, 2019)</a></li>
|
|
<li><a href="#20190327">Version: 2019032701 (Mar 27, 2019)</a></li>
|
|
<li><a href="#20190219">Version: 2019021901 (Feb 19, 2019)</a></li>
|
|
<li><a href="#20190130">Version: 2019013001 (Jan 30, 2019)</a></li>
|
|
<li><a href="#20190102">Version: 2019010201 (Jan 2, 2019)</a></li>
|
|
<li><a href="#20181223">Version: 2018122301 (Dec 23, 2018)</a></li>
|
|
<li><a href="#20181217">Version: 2018121701 (Dec 17, 2018)</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<h2 id="20200626">Version: 2020062601 (Jun 26, 2020)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Possible issue after upgraded on CentOS 8:</p>
|
|
<p>Old CentOS 8 releases shipped Dovecot-2.2.x, but the new <code>8.2.2004</code> release
|
|
suprisely ships Dovecot-2.3.8 which has some backward-incompatible settings.
|
|
iRedMail Easy will upgrade it from old version <code>2.2.36</code> and re-generates
|
|
its config files, it MAY fail to (re)start if you have unsupported
|
|
customized parameters set in config file under
|
|
<code>/opt/iredmail/custom/dovecot/conf-enabled/</code>.</p>
|
|
<p>Mostly customized parameter is <code>ssl_protocols</code>, it should be replace by
|
|
<code>ssl_min_protocol</code>.</p>
|
|
<p>For example, if you still need to support TLSv1, please set
|
|
<code>ssl_min_protocol = TLSv1</code> instead. Default value is TLSv1.2.</p>
|
|
<ul>
|
|
<li>For more details, please check <a href="https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/">official Dovecot upgrade
|
|
tutorial</a>.</li>
|
|
<li>If you have issue after upgraded, feel free to create a support
|
|
ticket on the iRedMail Easy platform.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Supports now distribution releases:</p>
|
|
<ul>
|
|
<li>Ubuntu 20.04. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.</li>
|
|
<li>OpenBSD 6.7. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.
|
|
<strong>NOTE</strong>: support for OpenBSD 6.6 will be dropped after 6.8 is out.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>Fixed: not wrap IPv6 addresses inside <code>[]</code> in <code>mynetworks</code>.</li>
|
|
<li>Fixed: not bypass HELO identities used by pinterest.com mail server.</li>
|
|
<li>Fixed: not add alias for <code>postmaster</code> (system) user which is used as
|
|
2bounce recipient.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Fail2ban:</p>
|
|
<ul>
|
|
<li>It now stores more info in SQL db, you can view them with iRedAdmin-Pro:<ul>
|
|
<li>Number of times the failure occurred in log files</li>
|
|
<li>The log lines which triggerred the ban</li>
|
|
<li>Reverse DNS of banned IP address</li>
|
|
</ul>
|
|
</li>
|
|
<li>Fixed: specify <code>backend = pooling</code> and <code>journalmatch =</code> (empty value)
|
|
to avoid performance issue and startup warnings in fail2ban log file.</li>
|
|
<li>Fixed: inconsistent jail name for jail <code>nginx-http-auth</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Antispam:</p>
|
|
<ul>
|
|
<li>[Debian/Ubuntu] Fixed: not add user <code>debian-spamd</code> to <code>amavis</code> group.</li>
|
|
<li>[OpenLDAP/MariaDB] Add missing INDEX for SQL column <code>msgs.time_iso</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Adminer:</p>
|
|
<ul>
|
|
<li>Improve Nginx configuration to loading custom CSS file <code>adminer.css</code>
|
|
in same directory (<code>/opt/www/adminer/</code>).</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Make sure all 3 required official apt repositories are enabled on Ubuntu.</li>
|
|
<li>Make sure iRedMail yum repository has higher priority on CentOS.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>roundcube webmail-1.4.6. It includes few security fixes.</li>
|
|
<li>adminer-4.7.7</li>
|
|
<li>netdata-1.23.0</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 id="20200430">Version: 2020043001 (Apr 30, 2020)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Antispam:</p>
|
|
<ul>
|
|
<li>Fixed: incorrect regular expression rules which caused unbanning based
|
|
on file types doesn't work.</li>
|
|
<li>Fixed: incorrect file owner and permission for SpamAssassin config files:
|
|
<code>/etc/mail/spamassassin/local.cf</code> and <code>razor.conf</code>, must be owned by
|
|
user/group which is running Amavisd service, with permission 0640.</li>
|
|
<li>Add <code>/opt/iredmail/custom/spamassassin/custom.cf</code> for custom SpamAssassin
|
|
rules.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>Fixed: improper permission on file
|
|
<code>/etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf</code>.</li>
|
|
<li>Add <code>/opt/iredmail/custom/dovecot/master-users</code> for custom master users.
|
|
Please do not modify <code>/etc/dovecot/dovecot-master-users</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Firewall:</p>
|
|
<ul>
|
|
<li>[Debian 10] Fixed: Not open ports for XMPP service (5222, 5269) if
|
|
Prosody is deployed.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Nginx:</p>
|
|
<ul>
|
|
<li>Fixed: improper http code <code>301</code> (permanent redirect) causes incorrect
|
|
redirection after switching homepage application from SOGo to other
|
|
web application. It's now replaced by <code>302</code> (temporarily redirect).</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Roundcube:</p>
|
|
<ul>
|
|
<li>Fixed: not load custom config file for plugin <code>markasjunk</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Switch self-signed SSL cert key length to 4096, also DKIM key length to</li>
|
|
<li>Note: Only new initial installation is affected, also if you
|
|
already have those files, it won't re-generate them.</li>
|
|
<li>Able to customize http and https ports.</li>
|
|
<li>Add Prosody related info in <code>/root/iRedMail/iRedMail.tips</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>Roundcube webmail 1.4.4 (includes few security fixes)</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 id="20200416">Version: 2020041601 (Apr 16, 2020)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>CentOS 8 is now supported, all 3 backends (MariaDB, PostgreSQL, OpenLDAP)
|
|
are available.</p>
|
|
<p>Note: RedHat dropped OpenLDAP server in RHEL 8, iRedMail Easy installs the
|
|
OpenLDAP server packages (<code>symas-openldap-*</code>) from yum repository offered
|
|
by Symas (the company behind OpenLDAP), package <code>symas-openldap</code> conflicts
|
|
with the <code>openldap</code> package available in official RHEL/CentOS 8 yum repo.</p>
|
|
</li>
|
|
<li>
|
|
<p>Drop support for OpenBSD 6.4, 6.5.</p>
|
|
</li>
|
|
<li>
|
|
<p>New script <code>/opt/iredmail/bin/create_user</code>: create single user with quota
|
|
support. Note: available for SQL backends.</p>
|
|
</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>TLSv1 is now disabled by default.</li>
|
|
<li>It now tracks last login of both POP3 and IMAP logins. In early releases,
|
|
either POP3 or IMAP was tracked.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Nginx:</p>
|
|
<ul>
|
|
<li>New directory <code>/opt/iredmail/custom/nginx/webapps/</code> used to store custom
|
|
settings for web applications, it should be useful if sysadmin wants to
|
|
add ACL control for the web application.</li>
|
|
</ul>
|
|
<p>Currently only 3 applications are supported: iRedAdmin, Roundcube, Adminer.</p>
|
|
<p>For example, Nginx loads <code>/etc/nginx/templates/iredadmin.tmpl</code> for
|
|
iRedAdmin, also loads extra settings from
|
|
<code>/opt/iredmail/custom/nginx/webapps/iredadmin.conf</code>. If you want to
|
|
limit the access to network <code>192.168.0.0/24</code>, you can create file
|
|
<code>/opt/iredmail/custom/nginx/webapps/iredadmin.conf</code> with content below
|
|
and reload Nginx service:</p>
|
|
<pre><code>```
|
|
allow 192.168.0.0/24;
|
|
deny all;
|
|
```
|
|
</code></pre>
|
|
<ul>
|
|
<li>Cache fonts used by web applications for 30 days.</li>
|
|
<li>Fixed: can not request Let's Encrypt cert with default config file
|
|
for web domain <code>autoconfig.*</code> and <code>autodiscover.*</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Roundcube:</p>
|
|
<ul>
|
|
<li>Use <code>pspell</code> as default spell check engine.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Amavisd:</p>
|
|
<ul>
|
|
<li>Fixed: SQL column <code>msgs.subject</code> doesn't support storing emoji characters.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>ClamAV:</p>
|
|
<ul>
|
|
<li>Fixed: incorrect permission of database directory on RHEL/CentOS.</li>
|
|
<li>Fixed: not install package <code>libclamavunrar9</code> on Ubuntu for rar files.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>mlmmj (Mailing list manager):</p>
|
|
<ul>
|
|
<li>Fixed: do not abort if <code>altermime</code> program is not available.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Fail2ban:</p>
|
|
<ul>
|
|
<li>It now works on OpenBSD.</li>
|
|
<li>Improve rsyslog config file to catch all fail2ban log.</li>
|
|
<li>Improve ban action to query and store country of IP address in SQL db.</li>
|
|
<li>Enable jail to catch iRedAdmin-Pro login failures.</li>
|
|
<li>Add cron job to unban IP addresses which are pending for removal.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>Roundcube webmail 1.4.3</li>
|
|
<li>iRedAPD-3.6</li>
|
|
<li>netdata-1.21.1</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Fixed: file <code>/etc/rsyslog.d/1-iredmail-iredapd.conf</code> was incorrectly
|
|
rewritten by Prosody component.</li>
|
|
<li>Fixed: there's incorrect rsyslog setting in file
|
|
<code>/etc/rsyslog.d/0-iredmail-misc.conf</code>, this file is now removed.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 id="20200210">Version: 2020021001 (Feb 10, 2020)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>PostgreSQL backend:</p>
|
|
<ul>
|
|
<li>Fixed: improper index type on SQL table <code>sender_relayhost</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>Fixed: Backup MX doesn't work.</li>
|
|
<li>Fixed: [LDAP backend] improper filter which causes missing external
|
|
members while querying (not-subscribeable) mailing list with alias domain.</li>
|
|
<li>Add 3 files for custom settings:<ul>
|
|
<li><code>/opt/iredmail/custom/postfix/aliases</code>: alias file.</li>
|
|
<li><code>/opt/iredmail/custom/postfix/sender_bcc</code>: hash file.</li>
|
|
<li><code>/opt/iredmail/custom/postfix/recipient_bcc</code>: hash file.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Roundcube:</p>
|
|
<ul>
|
|
<li>Enable plugin <code>markasjunk</code> by default. When message is moved to Junk
|
|
folder, it will be learnt as spam message. When message is moved from
|
|
Junk to any other folder, it will be learnt as clean message.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Antispam:</p>
|
|
<ul>
|
|
<li>Explicitly specify (DKIM) signed header fields.</li>
|
|
<li>Use default Amavisd verbose log template.</li>
|
|
<li>Add few more custom scores in SpamAssassin to catch spams when <code>From:</code>
|
|
equals to <code>To:</code> address.</li>
|
|
<li>Fixed:<ul>
|
|
<li>Don't block attachment with macro in ClamAV.
|
|
Parameter <code>OLE2BlockMacros</code> was set to <code>true</code>, it's now <code>false</code>.</li>
|
|
<li>Not update apparmor config file to grant privilege for virus scanning
|
|
on Debian 10.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Nginx:</p>
|
|
<ul>
|
|
<li>Fixed: make sure log directory is not writable by group or other,
|
|
otherwise logrotate will refuse to rotate log files.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Firewalll:</p>
|
|
<ul>
|
|
<li>Correctly disable ping flood with nftables on Debian 10.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Netdata:</p>
|
|
<ul>
|
|
<li>Disable checks for energid. It uses port 9998, but it's used by
|
|
Amavisd-new on iRedMail server, this causes error message in
|
|
Amavisd log file each time netdata starts.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Backup scripts:</p>
|
|
<ul>
|
|
<li>Backup scripts don't rely on Python to calculate dates anymore.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Fixed: Updating MariaDB/PostgreSQL/OpenLDAP/SOGo separatedly didn't
|
|
update their backup scripts.</li>
|
|
<li>New options for cross-domain user query and global address book in
|
|
SOGo Groupware.</li>
|
|
<li>Increase php-fpm setting <code>request_slowlog_timeout</code> to 60 seconds.</li>
|
|
<li>Updated Postfix package in iRedMail yum repo for PostgreSQL backend on
|
|
CentOS 7.</li>
|
|
<li>On OpenBSD system, update the latest errata patch names.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>Roundcube-1.4.2</li>
|
|
<li>iRedAdmin-1.0</li>
|
|
<li>iRedAPD-3.4</li>
|
|
<li>adminer-4.7.6</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 id="20191210">Version: 2019121301 (Dec 13, 2019)</h2>
|
|
<ul>
|
|
<li>Package updates:<ul>
|
|
<li>iRedAdmin-Pro (SQL edition)</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 id="20191210">Version: 2019121001 (Dec 10, 2019)</h2>
|
|
<ul>
|
|
<li>Fixed issues:<ul>
|
|
<li>Incorrect setting in netdata main config file (netdata.conf).</li>
|
|
<li>Not remove opendmarc package, config files, SQL db and cron jobs.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 id="20191209">Version: 2019120901 (Dec 09, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Firewall:</p>
|
|
<ul>
|
|
<li>On Debian 10, allow ping in nftables firewall.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>iRedAdmin:</p>
|
|
<ul>
|
|
<li>Fixed: incorrect syslog id in uwsgi config file.</li>
|
|
<li>Simplify log format.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>mlmmjadmin:</p>
|
|
<ul>
|
|
<li>Simplify log format.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>netdata:</p>
|
|
<ul>
|
|
<li>Replace few Python collectors by Go modules for better performance.</li>
|
|
<li>Monitor BIND DNS service.</li>
|
|
<li>Disable email notification since netdata is too sensitive and the
|
|
notification message is "useless".</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>Roundcube webmail 1.4.1. It offers a shiny new web UI.</li>
|
|
<li>netdata-1.19.0</li>
|
|
<li>iRedAPD-3.3</li>
|
|
<li>iRedAdmin-0.9.9</li>
|
|
<li>adminer-4.7.5</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>On OpenBSD system, if latest security errata hasn't been applied,
|
|
iRedMail deployment will abort with detailed warning message to remind
|
|
sysadmin to apply the patches with <code>syspatch</code> command.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20191112">Version: 2019111201 (Nov 12, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>iRedMail Easy now supports OpenBSD 6.6.</p>
|
|
<p>Warning: OpenBSD 6.4 and 6.5 support will be dropped when 6.7 is out.</p>
|
|
</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>Create and use custom (empty) global sieve rule file by default.</li>
|
|
<li>Log more events: save, copy, mailbox_create.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Netdata:</p>
|
|
<ul>
|
|
<li>Fixed: incorrect hostname in alarm notification email.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>OpenLDAP:</p>
|
|
<ul>
|
|
<li>Create directory <code>/opt/iredmail/custom/openldap/schema/</code> to store extra
|
|
LDAP schema files.</li>
|
|
</ul>
|
|
<p>Apparmor config file has been updated on Ubuntu to allow <code>slapd</code> program
|
|
to read config files from this directory.</p>
|
|
<ul>
|
|
<li>Use <code>mdb</code> database since OpenBSD 6.6. OpenBSD 6.5 uses <code>hdb</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>Bypass facebook.com HELO hostnames which contain IP addresses.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Roundcube:</p>
|
|
<ul>
|
|
<li>Upgrade to version 1.4.0, released on Nov 10, 2019.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Changes to iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Fix aborted installation if Ansible fact <code>ansible_all_ipv6_addresses</code> is
|
|
undefined.</li>
|
|
<li>Upgrade pip to the latest version before installing web.py on Debian 10.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20191022">Version: 2019102201 (Oct 22, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>OpenLDAP:</p>
|
|
<ul>
|
|
<li>Remove 2 unused LDAP schema files: <code>calentry.schema</code>, <code>calresource.schema</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>Fixed incorrect CA file on OpenBSD.</li>
|
|
<li>Add <code>LIMIT 1</code> in SQL queries for better performance.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>Log ssl protocol and cipher information for login session.
|
|
e.g. "TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)"</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Firewall:</p>
|
|
<ul>
|
|
<li>Fixed: not filter IPv4/IPv6 addresses while generating iptables rules.</li>
|
|
<li>Fixed: not enable ipv6-icmp in firewall.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Nginx:</p>
|
|
<ul>
|
|
<li>Make sure Apache/Lighttpd service is not enabled, otherwise Nginx may
|
|
not be able to start due to 80/443 ports are used by them.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>AntiSpam:</p>
|
|
<ul>
|
|
<li>OpenDMARC has been removed due to internal bug which caused incorrect
|
|
email rejection. Bug reported to upstream:
|
|
https://github.com/trusteddomainproject/OpenDMARC/issues/50</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>autodiscover:</p>
|
|
<ul>
|
|
<li>Fixed the <code>Undefined offset</code> php error.</li>
|
|
<li>Log the schema data sent by remote MUA, also the settings sent to MUA.</li>
|
|
<li>Log file is now <code>/var/log/autoconfig/autoconfig.log</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>netdata:</p>
|
|
<ul>
|
|
<li>If component <code>Nginx</code> was not chosen, netdata is inaccessible although
|
|
Nginx is actually deployed as dependent component.</li>
|
|
<li>
|
|
<p>Move http auth file to <code>/opt/iredmail/custom/netdata/</code>.</p>
|
|
<p>Since netdata-1.17.0, netdata sets permission of directory
|
|
<code>/opt/netdata/etc/netdata/</code> to 0700, this causes Nginx can not read
|
|
the http auth file.</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Backup scripts:</p>
|
|
<ul>
|
|
<li>It now removes old empty backup directories.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Changes to iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Not add <code>priority</code> parameter in iRedMail yum repo. (CentOS 7 only)</li>
|
|
<li>Able to whitelist IP or CIDR newtorks in fail2ban.</li>
|
|
<li>Do not forward systemd journald log to syslog.</li>
|
|
<li>Run shell script <code>/opt/iredmail/custom/openldap/custom.sh</code> while
|
|
deploying or upgrading OpenLDAP. You can write shell commands in this
|
|
file to update other config files for advanced customization. for
|
|
example, updating <code>/etc/sysconfig/slapd</code> (CentOS) or
|
|
<code>/etc/ldap/slapd</code> (Debian/Ubuntu) to make OpenLDAP listening on all
|
|
available network interfaces and IP addresses.</li>
|
|
<li>Add Fail2ban related info in <code>/root/iRedMail/iRedMail.tips</code>.</li>
|
|
<li>Make sure no SysV script and rule files for 'iptables' service on
|
|
Debian 10.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>netdata -> 1.18.1</li>
|
|
<li>iredapd -> 3.2</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190906">Version: 2019090601 (Sep 06, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>Sign DKIM signature for locally generated emails, like auto-reply (a.k.a
|
|
vacation) message.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Nginx:</p>
|
|
<ul>
|
|
<li>Redirect URI <code>/adminer/</code> to <code>/adminer</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>
|
|
<p>Add setting <code>sieve_redirect_envelope_from=recipient</code>. It's used to
|
|
rewrite sender address in redirected message (with sieve directive
|
|
<code>redirect</code>) to the final recipient address of the message.</p>
|
|
<p>For example, <code>someone@gmail.com</code> sends an email to <code>user@domain.com</code>
|
|
which is hosted on your server, and this user has sieve rule to
|
|
redirect received message to <code>forward@3rd-domain.com</code>, with default
|
|
Dovecot setting (<code>sieve_redirect_envelope_from=sender</code>), user
|
|
<code>forward@3rd-domain.com</code> will receive this email with sender address
|
|
<code>someone@gmail.com</code> in mail header, but with
|
|
<code>sieve_redirect_envelope_from=recipient</code>, the sender address will
|
|
be <code>user@domain.com</code>.</p>
|
|
</li>
|
|
<li>
|
|
<p>Log <code>delivery_time</code> of LDA/LMTP.</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>php-fpm:</p>
|
|
<ul>
|
|
<li>Set value of <code>post_max_size</code> 1MB larger than <code>upload_max_filesize</code>, so
|
|
that Roundcube can successfully upload mail attachment.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>OpenDMARC:</p>
|
|
<ul>
|
|
<li>Add shell script and cron job to update <code>public_suffix_list.dat</code> every
|
|
2 days.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>SpamAssassin:</p>
|
|
<ul>
|
|
<li>Set 3 custom scores in SpamAssassin to catch more spams.<ul>
|
|
<li><code>score SPF_FAIL 5</code>: sender does not match SPF record (fail)</li>
|
|
<li><code>score TO_EQ_FM_SPF_FAIL 5</code>: To == From and external SPF failed</li>
|
|
<li><code>score TO_EQ_FM_DOM_SPF_FAIL 5</code>: To domain == From domain and external SPF failed</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>ClamAV:</p>
|
|
<ul>
|
|
<li>Increase systemd timeout value to avoid startup failure on low memory
|
|
server.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Fixed issues:</p>
|
|
<ul>
|
|
<li>Improper postrotate command for logrotate program on Linux.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>roundcube -> 1.3.10</li>
|
|
<li>adminer -> 4.7.3</li>
|
|
<li>iRedAPD -> 3.1</li>
|
|
<li>netdata -> 1.17.0</li>
|
|
<li>iRedAdmin -> 0.9.8</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Changes to iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Firewall rule always opens port 22 for ssh.</li>
|
|
<li>Add <code>curl</code> as required packages.</li>
|
|
<li>Use package branch (<code>%7.3</code>) instead of version number for php on OpenBSD.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190802">Version: 2019080201 (Aug 02, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>Fixed: not add required SQL column <code>mailbox.enablequota-status</code>. This
|
|
will cause mail rejection.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Firewall:</p>
|
|
<ul>
|
|
<li>Run <code>/opt/iredmail/custom/firewall/custom.sh</code> after each deployment.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190801">Version: 2019080101 (Aug 01, 2019)</h2>
|
|
<ul>
|
|
<li>It now supports Debian 10.</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>Enable quota-status service used to query mailbox quota.</li>
|
|
<li>Fixed: Not install package <code>dovecot-mysql</code> for OpenLDAP backend on CentOS.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>Lookup user's mailbox quota status from Dovecot quota-status service,
|
|
reject email if mailbox is over quota. This will help save system
|
|
resources used for spam/virus scanning, avoids "sender non-delivery
|
|
notification" bounce message.</li>
|
|
<li>Fixed: not copy <code>/etc/resolv.conf</code> to <code>/var/spool/postfix/etc/</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Nginx:</p>
|
|
<ul>
|
|
<li>Fixed: improper order while loading modular config files.</li>
|
|
<li>
|
|
<p><strong>ATTENTION</strong>: directive <code>ssl on;</code> has been removed (in
|
|
<code>/etc/nginx/templates/ssl.tmpl</code>) due to it's deprecated by Nginx itself.
|
|
If you have custom web host, please use <code>listen <port> ssl;</code> in the
|
|
<code>server {}</code> block (in <code>/etc/nginx/sites-enabled/*.conf</code>) instead.</p>
|
|
<p>For example:</p>
|
|
<ul>
|
|
<li>
|
|
<p>Old config file <code>/etc/nginx/sites-enabled/00-default-ssl.conf</code>:</p>
|
|
<p><code>server {
|
|
listen 443;
|
|
...
|
|
}</code></p>
|
|
</li>
|
|
<li>
|
|
<p>New directive:</p>
|
|
<p><code>server {
|
|
listen 443 ssl;
|
|
...
|
|
}</code></p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Firewall:</p>
|
|
<ul>
|
|
<li>Port 465 (SMTP over SSL) is not open in firewall when the service is
|
|
enabled.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>adminer -> 4.7.2</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190715">Version: 2019071501 (Jul 15, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>OpenDMARC integration.</p>
|
|
<ul>
|
|
<li>The integration is enabled by default. To disable it, please go to
|
|
mail server profile page, toggle on option <code>Disable DMARC</code> under
|
|
<code>Settings</code> tab.</li>
|
|
<li>Unfortunately, OpenBSD 6.5 and earlier releases don't have such
|
|
integration due to binary package missing. The good news is the latest
|
|
ports tree already has it and binary package is available for OpenBSD
|
|
-snapshot branch.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Roundcube:</p>
|
|
<ul>
|
|
<li>New config files used to store custom settings for official plugins:<ul>
|
|
<li><code>password</code> plugin: <code>/opt/iredmail/custom/roundcube/config_password.inc.php</code></li>
|
|
<li><code>managesieve</code> plugin: <code>/opt/iredmail/custom/roundcube/config_managesieve.inc.php</code></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>
|
|
<p>Fixed: improper order of restriction rules in <code>smtpd_sender_restrictions</code>.</p>
|
|
<p>File <code>/etc/postfix/sender_access.pcre</code> is not used anymore, all content
|
|
in this file should be moved to
|
|
<code>/opt/iredmail/custom/postfix/sender_access.pcre</code> instead.</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Nginx:</p>
|
|
<ul>
|
|
<li>Compress more file types with gzip module (<code>/etc/nginx/conf-available/gzip.conf</code>).</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Few programs moved and/or renamed:</p>
|
|
<ul>
|
|
<li><code>/opt/iredmail/bin/fail2ban_unbanip</code> -> <code>/opt/iredmail/bin/fail2ban/unbanip</code>.</li>
|
|
<li><code>/opt/iredmail/bin/generate_password_hash.py</code> -> <code>/opt/iredmail/bin/generate_password_hash</code>.</li>
|
|
<li><code>/opt/iredmail/bin/dovecot/scan_reported_mails.sh</code> -> <code>/opt/iredmail/bin/dovecot/scan_reported_mails</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Fixed issues of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>If IPv6 is disabled, installation will be abort due to Nginx is
|
|
configured (by Debian/Ubuntu packaging) to listen on IPv6 address.</li>
|
|
<li>If no PHP applications are going to be installed, no php-fpm related
|
|
configuration should be enabled (<code>/etc/nginx/templates/misc.tmpl</code>).</li>
|
|
<li>Make sure installed services are running while cleaning up the deployment.</li>
|
|
<li>Not run <code>freshclam</code> immediately to fetch/update ClamAV virus database.</li>
|
|
<li>Removing unused ClamAV log file (/var/log/clamav/clamav.log) causes
|
|
error in cron job added by ClamAV package.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>iRedAPD 3.0. It fixes a critical bug of throttle plugin.</li>
|
|
<li>iRedAdmin-Pro. Note: it requires a valid iRedAdmin-Pro license.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190606">Version: 2019060601 (Jun 06, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Fail2ban:</p>
|
|
<ul>
|
|
<li>Remove jail 'sshd-ddos'. Fail2ban doesn't ship its filter conf anymore.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>Set default client_limit and process_limit based on memory size.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>autoconfig:</p>
|
|
<ul>
|
|
<li>Fixed: not handle URI <code>/.well-known/autoconfig/mail/config-v1.1.xml</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Able to ban/unban given file types.</li>
|
|
<li>Remove deprecated ClamAV parameters.</li>
|
|
<li>Remove unused ClamAV log file (/var/log/clamav/clamav.log).</li>
|
|
<li>Able to disable HELO hostname DNS check.</li>
|
|
<li>Fixed: not always restart iRedAdmin service to reload the code of new version.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>iRedAPD 2.9. It fixes 2 bugs.</li>
|
|
<li>netdata 1.15.0</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190428">Version: 2019042801 (Apr 28, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Postfix:</p>
|
|
<ul>
|
|
<li>Enable header/body checks for email injected by Amavisd.</li>
|
|
<li>Fixed: not load custom <code>header_checks</code> and <code>body_checks</code> pcre maps.</li>
|
|
<li>Fixed: port 1025/10025/10028 are not listening on only 127.0.0.1.</li>
|
|
<li>Fixed: per-user bcc doesn't work with MySQL/MariaDB backends.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>SOGo:</p>
|
|
<ul>
|
|
<li>[PostgreSQL backend] Fix incorrect owner of SQL VIEWs used for address
|
|
books.</li>
|
|
<li>[SQL backends] Fix incorrect SQL VIEWs which causes error to display
|
|
contacts in address books.</li>
|
|
<li>[SQL backends] Display all contacts directly in per-domain address book.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>iRedAPD 2.8</li>
|
|
<li>iRedAdmin 0.9.7 (open source edition)</li>
|
|
<li>netdata 1.14.0</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>
|
|
<p>Supports OpenBSD 6.5.</p>
|
|
<p>WARNING: OpenBSD 6.4 support will be removed when OpenBSD 6.6 is out.
|
|
That means you must upgrade OpenBSD 6.4 to 6.5 before 6.6 is out.</p>
|
|
</li>
|
|
<li>
|
|
<p>Fixed: not enable php ldap extension for Roundcube for OpenLDAP backend.</p>
|
|
</li>
|
|
<li>Do not always update SOGo packages.
|
|
We're using SOGo nightly build, it's not always stable, upgrading may
|
|
cause issue.</li>
|
|
<li>Send <code>iRedMail.tips</code> file to postmaster after deployment.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190402">Version: 2019040201 (Apr 02, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Roundcube</p>
|
|
<ul>
|
|
<li>Upgrade to 1.3.9 (<a href="https://github.com/roundcube/roundcubemail/releases/tag/1.3.9">Detailed ChangeLog</a>.)</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>
|
|
<p>Able to track user last (POP3/IMAP) login for OpenLDAP and MariaDB
|
|
backends. It's disabled by default, you can enable it in iRedMail Easy
|
|
user portal, in mail server profile page, tab "Settings".</p>
|
|
<p>Note: Dovecot doesn't support this with PostgreSQL yet.</p>
|
|
<p>Here's detailed tutorial to show you what changes are applied to Dovecot:
|
|
<a href="https://docs.iredmail.org/track.user.last.login.html">Track user last login time</a>.</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Send <code>iRedMail.tips</code> file to postmaster after deployment.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190327">Version: 2019032701 (Mar 27, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Dovecot:</p>
|
|
<ul>
|
|
<li>Improve <code>imapsieve</code> setting to handle different IMAP command sent by
|
|
Microsoft Outlook (it sometimes uses <code>APPEND</code> instead of <code>COPY</code> for
|
|
moving message to another folder).</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>iRedAPD:</p>
|
|
<ul>
|
|
<li>
|
|
<p>Update to version 2.7, with SRS (Sender Rewriting Scheme) support.</p>
|
|
<p>Note: SRS is disabled by default, you can enable it in mail server
|
|
profile page with the iRedMail Easy web UI.</p>
|
|
</li>
|
|
<li>
|
|
<p>Switch logging to syslog (and logrotate).</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>iRedAdmin:</p>
|
|
<ul>
|
|
<li>Update to 0.9.6.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>BIND (local cache-only DNS server):</p>
|
|
<ul>
|
|
<li>Set syslog facility to 'local5'.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>netdata:</p>
|
|
<ul>
|
|
<li>Update to version 1.13.0.</li>
|
|
<li>Switch logging to syslog (and logrotate).</li>
|
|
<li>Disable sending anonymous statistics to netdata cloud.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>SpamAssassin:</p>
|
|
<ul>
|
|
<li>Add one custom rule to catch porn spams.</li>
|
|
<li>Fixed: not create required SQL tables for bayes.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>AutoConfig/AutoDiscover</p>
|
|
<ul>
|
|
<li>Domain name <code>autoconfig.<domain></code> and <code>autodiscover.<domain></code> are not
|
|
required if the web domain is hosted on iRedMail server, Outlook will
|
|
look for <code>https://<web-domain>/autodiscover/autodiscover.xml</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Fail2ban:</p>
|
|
<ul>
|
|
<li>Slightly loose filter for postfix to reduce unexpected ban caused by
|
|
Outlook for macOS.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>SOGo:</p>
|
|
<ul>
|
|
<li>Enable per-domain global address book for OpenLDAP backend by default.
|
|
We sponsored SOGo team to implement this feature:
|
|
https://sogo.nu/bugs/view.php?id=3685
|
|
Note: it requires SOGo nightly build version '4.0.7.20190318' or later,
|
|
OpenBSD 6.4 doesn't support this feature due to old SOGo package.</li>
|
|
<li>Enable builtin IMAP4 pooling by default. User should notice faster IMAP
|
|
operations.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Backup:</p>
|
|
<ul>
|
|
<li>Backup OpenLDAP data with option <code>-o ldif-wrap=no</code>, to avoid break long
|
|
line to multiple lines. The dumped LDIF file is easier to work with
|
|
<code>grep</code> and other command line tools.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Improvements of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Make sure OpenLDAP service is running before populating data.</li>
|
|
<li>Make Nginx/Dovecot/Postfix not listen on address <code>::1</code> if system doesn't
|
|
have IPv6 support.</li>
|
|
<li>Slightly reduce Amavisd max_servers to same as RAM (GB) for better
|
|
stability.</li>
|
|
<li>Always check and make sure major components are the latest versions.</li>
|
|
<li>Always update major components (postfix/dovecot/sogo/fail2ban/...) to the
|
|
latest stable release.</li>
|
|
<li>Always print command output of <code>nginx -t</code> for troubleshooting before
|
|
restart nginx servvice, it's very useful for troubleshooting.</li>
|
|
<li>New option <code>Trusted clients</code> in mail server profile page, under tab
|
|
<code>Settings</code>. You can list all trusted IP addresses or CIDR networks here,
|
|
they will be whitelisted by few components:<ul>
|
|
<li>Postfix: parameter <code>mynetworks</code> in <code>/etc/postfix/main.cf</code></li>
|
|
<li>iRedAPD: parameter <code>MYNETWORKS</code> in <code>/opt/iredapd/settings.py</code></li>
|
|
<li>Fail2ban: parameter <code>ignoreip</code> in <code>/etc/fail2ban/ignoreip.local</code></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Fixed issues of iRedMail Easy platform:</p>
|
|
<ul>
|
|
<li>Incorrect permission of directories used to store prosody custom modules
|
|
and config files.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190219">Version: 2019021901 (Feb 19, 2019)</h2>
|
|
<ul>
|
|
<li>
|
|
<p>Improvements:</p>
|
|
<ul>
|
|
<li>Able to remove ssh public key on target server.</li>
|
|
<li>SSH keys which were generated 7 days ago will be removed automatically
|
|
from iRedMail Easy platform.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Fixed issues:</p>
|
|
<ul>
|
|
<li>php-fpm: not reopen log file after rotation.</li>
|
|
<li>mlmmjadmin:<ul>
|
|
<li>Incorrect LDAP base dn in config file.</li>
|
|
<li>Do not return error if mailing list directory doesn't exist.</li>
|
|
</ul>
|
|
</li>
|
|
<li>Incorrect iRedAPD plugin name for OpenLDAP backend.</li>
|
|
<li>Few bugs with in Ansible deployment code.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Package updates:</p>
|
|
<ul>
|
|
<li>mlmmjadmin -> 2.1</li>
|
|
<li>iRedAdmin (open source edition) -> 0.9.5</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190130">Version: 2019013001 (Jan 30, 2019)</h2>
|
|
<ul>
|
|
<li>Set max open file limit by SOGo daemon to unlimited.</li>
|
|
<li>Able to set memcached cache size (in MB).</li>
|
|
<li>Able to disable spam/virus scanning.</li>
|
|
<li>Able to deploy iRedAdmin-Pro with your license key.</li>
|
|
<li>Able to custom http/https network ports, max file size of (web) upload file.</li>
|
|
<li>Enable bayes auto-learn in SpamAssassin, and store bayes in SQL db.</li>
|
|
<li>Increase scores of DNSBL relevant spamassassin rules to catch more spams.</li>
|
|
<li>
|
|
<p>Enable imapsieve plugin in Dovecot by default.</p>
|
|
<p>Message moved to Junk folder will be copied to a directory for spam
|
|
learning later, vice verse, message moved out of Junk will be copied
|
|
for ham learning later.</p>
|
|
<p>The spam/ham learning will be performed every 10 minutes with a cron job.</p>
|
|
<p><strong>Now encourage your users to report spams by moving spams to <code>Junk</code> folder. :)</strong></p>
|
|
</li>
|
|
<li>
|
|
<p>Fixed issues:</p>
|
|
<ul>
|
|
<li>Can not login to XMPP service (Prosody) due to incorrect permission of
|
|
auth module files.</li>
|
|
<li>ip6tables failed to start on server which doesn't have IPv6 address.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Updated packages:</p>
|
|
<ul>
|
|
<li>mlmmjadmin-2.0</li>
|
|
<li>adminer-4.7.1</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20190102">Version: 2019010201 (Jan 2, 2019)</h2>
|
|
<blockquote>
|
|
<p>Hello, 2019. :)</p>
|
|
</blockquote>
|
|
<ul>
|
|
<li>Updated packages:<ul>
|
|
<li>iRedAPD-2.4. Fixed a greylisting issue.</li>
|
|
</ul>
|
|
</li>
|
|
<li>Fixed issues:<ul>
|
|
<li>Not correctly set owner and permission of custom Postfix config files
|
|
and hash db files.</li>
|
|
<li>Not remove unused modular nginx config file for iredadmin.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20181223">Version: 2018122301 (Dec 23, 2018)</h2>
|
|
<ul>
|
|
<li>Fixed:<ul>
|
|
<li>Improper dovecot ldap/sql queries which doesn't convert upper cases of
|
|
maildir to lower cases.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<h2 class="old_release" id="20181217">Version: 2018121701 (Dec 17, 2018)</h2>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<ul>
|
|
<li>This is the first public release. :)</li>
|
|
<li>The version number is the date when it's released, it's easier to
|
|
understand whether you're running the latest stable release. It's also
|
|
stored in file <code>/etc/iredmail-release</code> on your server.</li>
|
|
</ul>
|
|
</div>
|
|
<ul>
|
|
<li>New directory <code>/opt/www/well-known</code>, mostly used for Let's Encrypt cert
|
|
request.</li>
|
|
<li>Download source tarball of web applications to iRedMail deploy server first,
|
|
then upload it to target host. If target host can not access website like
|
|
github.com, we can still download required packages for iRedMail deployment.</li>
|
|
<li>Firewall:<ul>
|
|
<li>Add rc script and firewall rule for ipv6 on Debian/Ubuntu:<ul>
|
|
<li><code>/etc/init.d/ip6tables</code></li>
|
|
<li><code>/etc/default/ip6tables</code></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>OpenLDAP backend:<ul>
|
|
<li>Do not enable TLS/SSL support in OpenLDAP by default.</li>
|
|
<li>Add database <code>monitor</code> by default.</li>
|
|
<li>Include calresource.schema and calentry.schema by default. Required
|
|
by SOGo for resource management.</li>
|
|
<li>Index attribute <code>departmentNumber</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>Fail2ban:<ul>
|
|
<li>Remove duplicate filter rules for Postfix postscreen service.</li>
|
|
</ul>
|
|
</li>
|
|
<li>SOGo:<ul>
|
|
<li>Add new parameters to support resource management.</li>
|
|
<li>Add mail aliases and mailing lists as address book.</li>
|
|
<li>Fix incorrect column name in SQL views.</li>
|
|
</ul>
|
|
</li>
|
|
<li>netdata:<ul>
|
|
<li>Supports monitoring OpenLDAP.</li>
|
|
</ul>
|
|
</li>
|
|
<li>Fixed:<ul>
|
|
<li>Ubuntu: Missing apparmor rule to allow ClamAV to scan emails.</li>
|
|
<li>not enable php-fpm status support in Nginx and netdata.</li>
|
|
<li>not load rsyslog module <code>imjournal</code> for rate limit control.</li>
|
|
</ul>
|
|
</li>
|
|
<li>Package update:<ul>
|
|
<li>netdata -> 1.11.1</li>
|
|
<li>adminer -> 4.7.0</li>
|
|
</ul>
|
|
</li>
|
|
</ul><div class="footer">
|
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
|
</div>
|
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
|
<script>
|
|
window.dataLayer = window.dataLayer || [];
|
|
function gtag(){dataLayer.push(arguments);}
|
|
gtag('js', new Date());
|
|
|
|
gtag('config', 'UA-3293801-21');
|
|
</script>
|
|
</body></html> |