854 lines
42 KiB
HTML
854 lines
42 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Upgrade iRedMail from 0.9.4 to 0.9.5</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="https://www.iredmail.org" target="_blank">
|
|
<img alt="iRedMail web site"
|
|
src="./images/logo-iredmail.png"
|
|
style="vertical-align: middle; height: 30px;"
|
|
/>
|
|
<span>iRedMail</span>
|
|
</a>
|
|
// <a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-094-to-095">Upgrade iRedMail from 0.9.4 to 0.9.5</h1>
|
|
<div class="toc">
|
|
<ul>
|
|
<li><a href="#upgrade-iredmail-from-094-to-095">Upgrade iRedMail from 0.9.4 to 0.9.5</a><ul>
|
|
<li><a href="#changelog">ChangeLog</a></li>
|
|
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
|
|
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
|
|
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-190">Upgrade iRedAPD (Postfix policy server) to the latest stable release (1.9.0)</a></li>
|
|
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-061">Upgrade iRedAdmin (open source edition) to the latest stable release (0.6.1)</a></li>
|
|
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-115">Upgrade Roundcube webmail to the latest stable release (1.1.5)</a></li>
|
|
<li><a href="#linux-fixed-not-add-ssh-port-number-in-fail2ban-config-file-jaillocal">[Linux] Fixed: not add ssh port number in Fail2ban config file (jail.local)</a></li>
|
|
<li><a href="#fixed-not-perform-banned-file-types-checking-on-rhelcentosopenbsdfreebsd">Fixed: Not perform banned file types checking on RHEL/CentOS/OpenBSD/FreeBSD</a></li>
|
|
<li><a href="#fixed-not-add-alias-for-virusalert-on-rhelcentosopenbsdfreebsd">Fixed: not add alias for virusalert on RHEL/CentOS/OpenBSD/FreeBSD</a></li>
|
|
<li><a href="#fixed-improper-nginx-proxy-timeout-setting-for-sogo">Fixed: Improper Nginx proxy timeout setting for SOGo</a></li>
|
|
<li><a href="#rhelcentos-fixed-not-enable-cron-job-to-update-spamassassin-rules">[RHEL/CentOS] Fixed: Not enable cron job to update SpamAssassin rules</a></li>
|
|
<li><a href="#rhelcentos-fixed-not-create-required-directory-used-to-store-php-session-files">[RHEL/CentOS] Fixed: Not create required directory used to store PHP session files</a></li>
|
|
<li><a href="#openbsd-add-script-and-daily-cron-job-to-backup-ldapd-database">[OpenBSD] Add script and daily cron job to backup ldapd database</a></li>
|
|
<li><a href="#optional-add-custom-amavisd-log-template-to-always-log-spamassassin-testing-result">[OPTIONAL] Add custom Amavisd log template to always log SpamAssassin testing result</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
|
|
<li><a href="#new-support-postfix-sender_dependent_relayhost_maps">NEW: Support Postfix sender_dependent_relayhost_maps</a><ul>
|
|
<li><a href="#summary">Summary</a></li>
|
|
<li><a href="#use-the-latest-iredmail-ldap-schema-file">Use the latest iRedMail LDAP schema file</a></li>
|
|
<li><a href="#create-ldap-lookup-files">Create LDAP lookup files</a></li>
|
|
<li><a href="#update-postfix-settings-in-etcpostfixmaincf">Update Postfix settings in /etc/postfix/main.cf</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#new-able-to-enabledisable-sogo-access-for-a-single-user">NEW: Able to enable/disable SOGo access for a single user</a><ul>
|
|
<li><a href="#add-required-ldap-attributevalue-for-existing-mail-users">Add required LDAP attribute/value for existing mail users</a></li>
|
|
<li><a href="#update-sogo-config-file">Update SOGo config file</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#mysqlmariadb-backend-special">MySQL/MariaDB backend special</a><ul>
|
|
<li><a href="#new-support-postfix-sender_dependent_relayhost_maps_1">NEW: Support Postfix sender_dependent_relayhost_maps</a><ul>
|
|
<li><a href="#summary_1">Summary</a></li>
|
|
<li><a href="#create-sql-table-vmailsender_relayhost">Create SQL table vmail.sender_relayhost</a></li>
|
|
<li><a href="#create-sql-lookup-file-sender_dependent_relayhost_mapscf">Create SQL lookup file: sender_dependent_relayhost_maps.cf</a></li>
|
|
<li><a href="#update-postfix-settings-in-etcpostfixmaincf_1">Update Postfix settings in /etc/postfix/main.cf</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#new-able-to-enabledisable-sogo-access-for-a-single-user_1">NEW: Able to enable/disable SOGo access for a single user</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#postgresql-backend-special">PostgreSQL backend special</a><ul>
|
|
<li><a href="#new-support-postfix-sender_dependent_relayhost_maps_2">NEW: Support Postfix sender_dependent_relayhost_maps</a><ul>
|
|
<li><a href="#summary_2">Summary</a></li>
|
|
<li><a href="#create-sql-table-vmailsender_relayhost_1">Create SQL table vmail.sender_relayhost</a></li>
|
|
<li><a href="#create-sql-lookup-file-sender_dependent_relayhost_mapscf_1">Create SQL lookup file: sender_dependent_relayhost_maps.cf</a></li>
|
|
<li><a href="#update-postfix-settings-in-etcpostfixmaincf_2">Update Postfix settings in /etc/postfix/main.cf</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#new-able-to-enabledisable-sogo-access-for-a-single-user_2">NEW: Able to enable/disable SOGo access for a single user</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<div class="admonition note">
|
|
<p class="admonition-title">Paid Remote Upgrade Support</p>
|
|
<p>We offer remote upgrade support if you don't want to get your hands dirty,
|
|
check <a href="https://www.iredmail.org/support.html">the details</a> and
|
|
<a href="https://www.iredmail.org/contact.html">contact us</a>.</p>
|
|
</div>
|
|
<h2 id="changelog">ChangeLog</h2>
|
|
<ul>
|
|
<li>May 3, 2016: Initial publish.</li>
|
|
</ul>
|
|
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
|
|
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
|
|
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
|
|
installation, it's recommended to update this file after you upgraded iRedMail,
|
|
so that you can know which version of iRedMail you're running. For example:</p>
|
|
<pre><code>0.9.5
|
|
</code></pre>
|
|
|
|
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-190">Upgrade iRedAPD (Postfix policy server) to the latest stable release (1.9.0)</h3>
|
|
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
|
|
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
|
|
<p>Detailed release notes are available <a href="./iredapd.releases.html">here</a>.</p>
|
|
<h3 id="upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-061">Upgrade iRedAdmin (open source edition) to the latest stable release (0.6.1)</h3>
|
|
<p>Please follow this tutorial to upgrade iRedAdmin open source edition to the
|
|
latest stable release:
|
|
<a href="./migrate.or.upgrade.iredadmin.html">Upgrade iRedAdmin to the latest stable release</a></p>
|
|
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release-115">Upgrade Roundcube webmail to the latest stable release (1.1.5)</h3>
|
|
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
|
|
latest stable release immediately: <a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</p>
|
|
<p>Note: package <code>rsync</code> must be installed on your server before upgrading.</p>
|
|
<h3 id="linux-fixed-not-add-ssh-port-number-in-fail2ban-config-file-jaillocal">[Linux] Fixed: not add ssh port number in Fail2ban config file (jail.local)</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>If your <code>jail.local</code> uses <code>action = iptables-allports</code>, then you can skip
|
|
this step.</p>
|
|
</div>
|
|
<p>iRedMail-0.9.4 doesn't list ssh port number in 2 Fail2ban jails: <code>sshd</code>,
|
|
<code>sshd-ddos</code>, this causes Fail2ban doesn't block bad client IP address for
|
|
ssh service.</p>
|
|
<ul>
|
|
<li>Please open Fail2ban config file <code>/etc/fail2ban/jail.local</code>, find lines below:</li>
|
|
</ul>
|
|
<pre><code>[sshd]
|
|
...
|
|
action = iptables-multiport[name=sshd, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
|
|
|
|
[sshd-ddos]
|
|
...
|
|
action = iptables-multiport[name=sshd-ddos, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Append your ssh service name <code>ssh</code> in the <code>port=</code> parameter like below. If
|
|
you're running ssh service on different port number, please append the port
|
|
number directly:</li>
|
|
</ul>
|
|
<pre><code>[sshd]
|
|
...
|
|
action = iptables-multiport[name=sshd, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve,ssh", protocol=tcp]
|
|
|
|
[sshd-ddos]
|
|
...
|
|
action = iptables-multiport[name=sshd-ddos, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve,ssh", protocol=tcp]
|
|
</code></pre>
|
|
|
|
<p>Restarting Fail2ban service is required.</p>
|
|
<h3 id="fixed-not-perform-banned-file-types-checking-on-rhelcentosopenbsdfreebsd">Fixed: Not perform banned file types checking on RHEL/CentOS/OpenBSD/FreeBSD</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>This is <strong>NOT</strong> applicable to Debian and Ubuntu.</p>
|
|
</div>
|
|
<p>There's a bug in iRedMail-0.9.3 and 0.9.4, it didn't comment out setting
|
|
<code>bypass_banned_checks_maps</code> in parameter <code>$policy_bank{'ORIGINATING'} = {}</code>,
|
|
this causes Amavisd won't perform banned file types checking for outgoing
|
|
emails sent through SMTP AUTH. Please follw steps below to fix it.</p>
|
|
<p>Open Amavisd config file, find parameter <code>$policy_bank{'ORIGINATING'} =</code> like
|
|
below:</p>
|
|
<ul>
|
|
<li>on RHEL/CentOS: it's <code>/etc/amavisd/amavisd.conf</code></li>
|
|
<li>on FreeBSD: it's <code>/usr/local/etc/amavisd.conf</code></li>
|
|
<li>on OpenBSD: it's <code>/etc/amavisd.conf</code></li>
|
|
</ul>
|
|
<pre><code>$policy_bank{'ORIGINATING'} = {
|
|
...
|
|
bypass_banned_checks_maps => [1],
|
|
...
|
|
};
|
|
</code></pre>
|
|
|
|
<p>Comment out line <code>bypass_banned_checks_maps</code> like below:</p>
|
|
<pre><code>$policy_bank{'ORIGINATING'} = {
|
|
...
|
|
#bypass_banned_checks_maps => [1],
|
|
...
|
|
};
|
|
</code></pre>
|
|
|
|
<p>Save the change. Restarting amavisd service is required.</p>
|
|
<h3 id="fixed-not-add-alias-for-virusalert-on-rhelcentosopenbsdfreebsd">Fixed: not add alias for <code>virusalert</code> on RHEL/CentOS/OpenBSD/FreeBSD</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>This is <strong>NOT</strong> applicable to Debian and Ubuntu.</p>
|
|
</div>
|
|
<p>There's a bug in iRedMail-0.9.4, it adds alias <code>virusalert</code> on only Debian and
|
|
Ubuntu, but not other OSes. Please fix it with below commands:</p>
|
|
<ul>
|
|
<li>For Linux and OpenBSD:</li>
|
|
</ul>
|
|
<pre><code class="shell">perl -pi -e 's/(virusalert:.*)/#${1}/g' /etc/postfix/aliases
|
|
echo -e '\nvirusalert: root' >> /etc/postfix/aliases
|
|
postalias /etc/postfix/aliases
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>For FreeBSD:</li>
|
|
</ul>
|
|
<pre><code class="shell">perl -pi -e 's/(virusalert:.*)/#${1}/g' /usr/local/etc/postfix/aliases
|
|
echo -e '\nvirusalert: root' >> /usr/local/etc/postfix/aliases
|
|
postalias /usr/local/etc/postfix/aliases
|
|
</code></pre>
|
|
|
|
<h3 id="fixed-improper-nginx-proxy-timeout-setting-for-sogo">Fixed: Improper Nginx proxy timeout setting for SOGo</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>This is applicable to Nginx, not Apache (Apache has proper proxy timeout setting).</p>
|
|
</div>
|
|
<p>iRedMail-0.9.4 and early releases didn't set proper proxy timeout setting in
|
|
Nginx, this will cause error <code>client disconnected during delivery of response</code>
|
|
while SOGo trying to push mailbox changes. Below settings will fix this issue.</p>
|
|
<ul>
|
|
<li>
|
|
<p>Open Nginx config file <code>/etc/nginx/templates/sogo.tmpl</code></p>
|
|
<ul>
|
|
<li>If your iRedMail server was installed with iRedMail-0.9.4, it's
|
|
<code>/etc/nginx/templates/sogo.tmpl</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/nginx/templates/sogo.tmpl</code> (FreeBSD).</li>
|
|
<li>If your iRedMail server was installed with early release and upgraded to
|
|
iRedMail-0.9.4, it's <code>/etc/nginx/conf.d/default.conf</code> (Linux/OpenBSD)
|
|
or <code>/usr/local/etc/nginx/conf.d/default.conf</code> (FreeBSD).</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>Find setting like below:</p>
|
|
</li>
|
|
</ul>
|
|
<pre><code>location ^~ /Microsoft-Server-ActiveSync {
|
|
...
|
|
}
|
|
|
|
location ^~ /SOGo/Microsoft-Server-ActiveSync {
|
|
...
|
|
}
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Add 3 proxy timeout settings in both <code>location {}</code> blocks like below:</li>
|
|
</ul>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Warning</p>
|
|
<p>The timeout value, <code>360</code> (seconds), used below must be same as the value of
|
|
parameter <code>SOGoMaximumPingInterval =</code> in SOGo config file <code>/etc/sogo/sogo.conf</code>
|
|
(Linux/OpenBSD) or <code>/usr/local/etc/sogo/sogo.conf</code>. if your <code>sogo.conf</code>
|
|
doesn't have this setting, please add it manually (<code>SOGoMaximumPingInterval = 360;</code>).</p>
|
|
</div>
|
|
<pre><code>location ^~ /Microsoft-Server-ActiveSync {
|
|
...
|
|
proxy_connect_timeout 360;
|
|
proxy_send_timeout 360;
|
|
proxy_read_timeout 360;
|
|
}
|
|
|
|
location ^~ /SOGo/Microsoft-Server-ActiveSync {
|
|
...
|
|
proxy_connect_timeout 360;
|
|
proxy_send_timeout 360;
|
|
proxy_read_timeout 360;
|
|
}
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Restarting Nginx service is required.</li>
|
|
</ul>
|
|
<h3 id="rhelcentos-fixed-not-enable-cron-job-to-update-spamassassin-rules">[RHEL/CentOS] Fixed: Not enable cron job to update SpamAssassin rules</h3>
|
|
<p>Note: this is applicable to only RHEL and CentOS.</p>
|
|
<p>In iRedMail-0.9.4 and earlier releases, iRedMail didn't enable cron job to
|
|
update SpamAssassin rules. Please run commands below to fix it.</p>
|
|
<pre><code class="shell">perl -pi -e 's/^(SAUPDATE=yes)/#${1}/' /etc/sysconfig/sa-update
|
|
echo 'SAUPDATE=yes' >> /etc/sysconfig/sa-update
|
|
</code></pre>
|
|
|
|
<h3 id="rhelcentos-fixed-not-create-required-directory-used-to-store-php-session-files">[RHEL/CentOS] Fixed: Not create required directory used to store PHP session files</h3>
|
|
<p>Note: this is applicable to only RHEL and CentOS if you're <strong>running Nginx + php-fpm</strong>.</p>
|
|
<p>In iRedMail-0.9.4 and earlier releases, iRedMail didn't create directory used
|
|
to store PHP session files, it will cause error when your PHP application tries
|
|
to create session file. Please fix it with commands below:</p>
|
|
<pre><code class="shell">mkdir /var/lib/php/session
|
|
chown root:root /var/lib/php/session
|
|
chmod 0773 /var/lib/php/session
|
|
chmod o+t /var/lib/php/session
|
|
</code></pre>
|
|
|
|
<h3 id="openbsd-add-script-and-daily-cron-job-to-backup-ldapd-database">[OpenBSD] Add script and daily cron job to backup ldapd database</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>This is applicable to only OpenBSD with ldapd backend (not OpenLDAP, MySQL, PostgreSQL).</p>
|
|
</div>
|
|
<p>In iRedMail-0.9.4 and early releases, iRedMail incorrectly used script for
|
|
backing up OpenLDAP to backup ldapd, this causes empty backup. Please fix it with
|
|
steps below.</p>
|
|
<ul>
|
|
<li>Download script used to backup ldapd and copy it to <code>/var/vmail/backup</code> (this
|
|
is default backup directory, it might be changed during iRedMail installation,
|
|
so please copy to the correct directory on your server):</li>
|
|
</ul>
|
|
<pre><code>cd /var/vmail/backup/
|
|
wget https://github.com/iredmail/iRedMail/raw/0.9.9/iRedMail/tools/backup_ldapd.sh
|
|
chown root:wheel backup_ldapd.sh
|
|
chmod 0500 backup_ldapd.sh
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>Edit file <code>/var/vmail/backup/backup_ldapd.sh</code>, update parameters with proper
|
|
values:</p>
|
|
<ul>
|
|
<li>You should use LDAP suffix as value of <code>LDAP_BASE_DN</code> to backup whole
|
|
LDAP tree.</li>
|
|
<li>You should use LDAP root dn and password as <code>LDAP_BIND_DN</code> and
|
|
<code>LDAP_BIND_PASSWORD</code>, so that it has required privilege to query whole
|
|
LDAP tree.</li>
|
|
<li>You can find all required values in <code>iRedMail.tips</code> file under iRedMail
|
|
installation directory. for example, <code>/root/iRedMail-0.9.4/iRedMail.tips</code>.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<pre><code># LDAP base dn, bind dn and password.
|
|
export LDAP_BASE_DN='dc=example,dc=com'
|
|
export LDAP_BIND_DN='cn=Manager,dc=example,dc=com'
|
|
export LDAP_BIND_PASSWORD='password'
|
|
|
|
# Where to store backup copies.
|
|
export BACKUP_ROOTDIR='/var/vmail/backup'
|
|
|
|
# Keep backup for how many days. Default is 90 days.
|
|
export KEEP_DAYS='90'
|
|
</code></pre>
|
|
|
|
<p>If you want to store backup status in SQL database <code>iredadmin</code> (so that you
|
|
can check backup status in iRedAdmin), please set correct SQL username and
|
|
password in parameters <code>MYSQL_USER</code> and <code>MYSQL_PASSWD</code> in
|
|
file <code>/var/vmail/backup/backup_ldapd.sh</code>:</p>
|
|
<pre><code># MySQL user and password, used to log backup status to sql table `iredadmin.log`.
|
|
# You can find password of SQL user 'iredadmin' in iRedAdmin config file 'settings.py'.
|
|
export MYSQL_USER='iredadmin'
|
|
export MYSQL_PASSWD='passwd'
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Run this script manually to backup ldapd immediately, check whether or not
|
|
it works: make sure the backup file contains valid/correct LDIF data, and
|
|
SQL table <code>iredadmin.log</code> contains a record of this backup.</li>
|
|
</ul>
|
|
<pre><code>bash backup_ldapd.sh
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Edit root's cron job with command:</li>
|
|
</ul>
|
|
<pre><code>crontab -e -u root
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Find the daily cron job used to run script <code>backup_openldap.sh</code> like below:</li>
|
|
</ul>
|
|
<pre><code>0 3 * * * /usr/local/bin/bash /var/vmail/backup/backup_openldap.sh
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Rename <code>backup_openldap.sh</code> to <code>backup_ldapd.sh</code>, and make sure the absolute
|
|
path of this script is correct:</li>
|
|
</ul>
|
|
<pre><code>0 3 * * * /usr/local/bin/bash /var/vmail/backup/backup_ldapd.sh
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Save your changes.</li>
|
|
</ul>
|
|
<h3 id="optional-add-custom-amavisd-log-template-to-always-log-spamassassin-testing-result">[OPTIONAL] Add custom Amavisd log template to always log SpamAssassin testing result</h3>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Attention</p>
|
|
<p>Note: This step is totally optional.</p>
|
|
</div>
|
|
<p>It's helpful if you can see SpamAssassin testing result in log file at Amavisd
|
|
log_level 0.</p>
|
|
<p>Open Amavisd config file <code>amavisd.conf</code>, add below lines in BEFORE the last line <code>1; # insure a defined return value</code>:</p>
|
|
<ul>
|
|
<li>on RHEL/CentOS: it's <code>/etc/amavisd/amavisd.conf</code>.</li>
|
|
<li>on Debian/Ubuntu: it's <code>/etc/amavis/conf.d/50-user</code>.</li>
|
|
<li>on FreeBSD: it's <code>/usr/local/etc/amavisd.conf</code>.</li>
|
|
<li>on OpenBSD: it's <code>/etc/amavisd.conf</code>.</li>
|
|
</ul>
|
|
<pre><code># Custom Amavisd log template to always log SpamAssassin testing results,
|
|
# useful for troubleshooting. if you want more verbose log, replace it by:
|
|
#
|
|
# $log_templ = $log_verbose_templ;
|
|
#
|
|
# WARNING: $log_verbose_templ will log mail subject, this may be illegal
|
|
# according to the laws in some countries.
|
|
#
|
|
# Note: You can find the original log template at the bottom of
|
|
# /usr/sbin/amavisd-new.
|
|
$log_templ = '
|
|
[?%#D|#|Passed #
|
|
[? [:ccat|major] |#
|
|
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
|
|
UNCHECKED[?[:ccat|minor]||-ENCRYPTED|]|BANNED (%F)|INFECTED (%V)]#
|
|
{[:actions_performed]}#
|
|
,[?%p|| %p][?%a||[?%l|| LOCAL] [:client_addr_port]][?%e|| \[%e\]] %s -> [%D|,]#
|
|
[? %q ||, quarantine: %q]#
|
|
[? %Q ||, Queue-ID: %Q]#
|
|
[? %m ||, Message-ID: [:mail_addr_decode_octets|%m]]#
|
|
[? %r ||, Resent-Message-ID: [:mail_addr_decode_octets|%r]]#
|
|
[? %i ||, mail_id: %i]#
|
|
, Hits: [:SCORE]#
|
|
, size: %z#
|
|
[? [:partition_tag] ||, pt: [:partition_tag]]#
|
|
[~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
|
|
[remote_mta_smtp_response|[~%x|["queued as ([0-9A-Za-z]+)$"]|["%1"]|["%0"]]|/]#
|
|
#, Subject: [:dquote|[:mime2utf8|[:header_field_octets|Subject]|100|1]]#
|
|
#, From: [:uquote|[:mail_addr_decode_octets|[:rfc2822_from]]]#
|
|
[? [:dkim|sig_sd] ||, dkim_sd=[:dkim|sig_sd]]#
|
|
[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
|
|
, %y ms#
|
|
[? %#T ||, Tests: \[[%T|,]\]]#
|
|
]
|
|
[?%#O|#|Blocked #
|
|
[? [:ccat|major|blocking] |#
|
|
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
|
|
UNCHECKED[?[:ccat|minor]||-ENCRYPTED|]|BANNED (%F)|INFECTED (%V)]#
|
|
{[:actions_performed]}#
|
|
,[?%p|| %p][?%a||[?%l|| LOCAL] [:client_addr_port]][?%e|| \[%e\]] %s -> [%D|,]#
|
|
[? %q ||, quarantine: %q]#
|
|
[? %Q ||, Queue-ID: %Q]#
|
|
[? %m ||, Message-ID: [:mail_addr_decode_octets|%m]]#
|
|
[? %r ||, Resent-Message-ID: [:mail_addr_decode_octets|%r]]#
|
|
[? %i ||, mail_id: %i]#
|
|
, Hits: [:SCORE]#
|
|
, size: %z#
|
|
[? [:partition_tag] ||, pt: [:partition_tag]]#
|
|
#, Subject: [:dquote|[:mime2utf8|[:header_field_octets|Subject]|100|1]]#
|
|
#, From: [:uquote|[:mail_addr_decode_octets|[:rfc2822_from]]]#
|
|
[? [:dkim|sig_sd] ||, dkim_sd=[:dkim|sig_sd]]#
|
|
[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
|
|
, %y ms#
|
|
[? %#T ||, Tests: \[[%T|,]\]]#
|
|
]';
|
|
</code></pre>
|
|
|
|
<p>Restarting Amavisd service is required.</p>
|
|
<h2 id="openldap-backend-special">OpenLDAP backend special</h2>
|
|
<h3 id="new-support-postfix-sender_dependent_relayhost_maps">NEW: Support Postfix <code>sender_dependent_relayhost_maps</code></h3>
|
|
<h4 id="summary">Summary</h4>
|
|
<p>Postfix setting <code>relayhost</code> allows Postfix to relay outbound emails to
|
|
specified mail server instead of connecting recipient server directly. Sender
|
|
dependent relayhost (controlled by parameter <code>sender_dependent_relayhost_maps</code>)
|
|
allows you to define per-user or per-domain relayhost, it
|
|
overrides the global <code>relayhost</code> parameter setting. Specified query tables are
|
|
searched by the envelope sender address (<code>user@domain.com</code>) and domain name
|
|
(<code>@domain.com</code>). For more details, please read Postfix document:</p>
|
|
<ul>
|
|
<li>Postfix parameter: <a href="http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps"><code>sender_dependent_relayhost_maps</code></a></li>
|
|
<li>Postfix manual page: <a href="http://www.postfix.org/transport.5.html">transport(5)</a></li>
|
|
</ul>
|
|
<p>To support <code>sender_dependent_relayhost_maps</code>, we need some modification on
|
|
iRedMail server:</p>
|
|
<ul>
|
|
<li>one updated iRedMail OpenLDAP schema file with new attribute: <code>senderRelayHost</code></li>
|
|
<li>two new LDAP lookup files:<ul>
|
|
<li><code>/etc/postfix/ldap/sender_dependent_relayhost_maps_domain.cf</code></li>
|
|
<li><code>/etc/postfix/ldap/sender_dependent_relayhost_maps_user.cf</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>one new Postfix parameter: <code>sender_dependent_relayhost_maps</code></li>
|
|
</ul>
|
|
<h4 id="use-the-latest-iredmail-ldap-schema-file">Use the latest iRedMail LDAP schema file</h4>
|
|
<ul>
|
|
<li>On RHEL/CentOS:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
wget https://github.com/iredmail/iRedMail/raw/1.0/samples/iredmail/iredmail.schema
|
|
|
|
cd /etc/openldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /etc/openldap/schema/
|
|
service slapd restart
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On Debian/Ubuntu:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
wget https://github.com/iredmail/iRedMail/raw/1.0/samples/iredmail/iredmail.schema
|
|
|
|
cd /etc/ldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /etc/ldap/schema/
|
|
service slapd restart
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On FreeBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
wget https://github.com/iredmail/iRedMail/raw/1.0/samples/iredmail/iredmail.schema
|
|
|
|
cd /usr/local/etc/openldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /usr/local/etc/openldap/schema/
|
|
service slapd restart
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On OpenBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /tmp
|
|
ftp https://github.com/iredmail/iRedMail/raw/1.0/samples/iredmail/iredmail.schema
|
|
|
|
cd /etc/openldap/schema/
|
|
cp iredmail.schema iredmail.schema.bak
|
|
|
|
cp -f /tmp/iredmail.schema /etc/openldap/schema/
|
|
rcctl restart slapd
|
|
</code></pre>
|
|
|
|
<h4 id="create-ldap-lookup-files">Create LDAP lookup files</h4>
|
|
<ul>
|
|
<li>On Linux/OpenBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /etc/postfix/ldap/
|
|
cp -p transport_maps_domain.cf sender_dependent_relayhost_maps_domain.cf
|
|
cp -p transport_maps_user.cf sender_dependent_relayhost_maps_user.cf
|
|
perl -pi -e 's#%s#%d#g' sender_dependent_relayhost_maps_domain.cf
|
|
perl -pi -e 's#mtaTransport#senderRelayHost#g' sender_dependent_relayhost_maps*.cf
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On FreeBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /usr/local/etc/postfix/ldap/
|
|
cp -p transport_maps_domain.cf sender_dependent_relayhost_maps_domain.cf
|
|
cp -p transport_maps_user.cf sender_dependent_relayhost_maps_user.cf
|
|
perl -pi -e 's#%s#%d#g' sender_dependent_relayhost_maps_domain.cf
|
|
perl -pi -e 's#mtaTransport#senderRelayHost#g' sender_dependent_relayhost_maps*.cf
|
|
</code></pre>
|
|
|
|
<h4 id="update-postfix-settings-in-etcpostfixmaincf">Update Postfix settings in <code>/etc/postfix/main.cf</code></h4>
|
|
<p>We need to update 2 parameters in Postfix config file: <code>proxy_read_maps</code>,
|
|
<code>sender_dependent_relayhost_maps</code>.</p>
|
|
<ul>
|
|
<li>On <strong>Linux/OpenBSD</strong>, please run 2 commands below to update Postfix settings:</li>
|
|
</ul>
|
|
<pre><code>postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps'
|
|
|
|
postconf -e sender_dependent_relayhost_maps='proxy:ldap:/etc/postfix/ldap/sender_dependent_relayhost_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/sender_dependent_relayhost_maps_user.cf'
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On <strong>FreeBSD</strong>, please run 2 commands below to update Postfix settings:</li>
|
|
</ul>
|
|
<pre><code>postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps'
|
|
|
|
postconf -e sender_dependent_relayhost_maps='proxy:ldap:/usr/local/etc/postfix/ldap/sender_dependent_relayhost_maps_domain.cf, proxy:ldap:/usr/local/etc/postfix/ldap/sender_dependent_relayhost_maps_user.cf'
|
|
</code></pre>
|
|
|
|
<p>Reload or restart Postfix service is required.</p>
|
|
<h3 id="new-able-to-enabledisable-sogo-access-for-a-single-user">NEW: Able to enable/disable SOGo access for a single user</h3>
|
|
<p>With steps below, system admin is able to control which users can access SOGo
|
|
Groupware (webmail, calendar, contacts, ActiveSync).</p>
|
|
<p>To accomplish this, we need to add a new LDAP attribute/value pair
|
|
<code>enabledService=sogo</code> for existing mail users, then update SOGo config file to
|
|
use this condition while querying user accounts.</p>
|
|
<h4 id="add-required-ldap-attributevalue-for-existing-mail-users">Add required LDAP attribute/value for existing mail users</h4>
|
|
<ul>
|
|
<li>Download below script to update existing mail users:</li>
|
|
</ul>
|
|
<pre><code>cd /root/
|
|
wget https://github.com/iredmail/iRedMail/raw/1.0/update/ldap/updateLDAPValues_094_to_095.py
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Open downloaded file <code>updateLDAPValues_094_to_095.py</code>, set LDAP server
|
|
related settings in this file. For example:</li>
|
|
</ul>
|
|
<pre><code># Part of file: updateLDAPValues_094_to_095.py
|
|
|
|
uri = 'ldap://127.0.0.1:389'
|
|
basedn = 'o=domains,dc=example,dc=com'
|
|
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
|
|
bind_pw = 'passwd'
|
|
</code></pre>
|
|
|
|
<p>You can find required LDAP credential in iRedAdmin config file or
|
|
<code>iRedMail.tips</code> file under your iRedMail installation directory. Using either
|
|
<code>cn=Manager,dc=xx,dc=xx</code> or <code>cn=vmailadmin,dc=xx,dc=xx</code> as bind dn is ok, both
|
|
of them have read-write privilege to update mail accounts.</p>
|
|
<ul>
|
|
<li>Execute this script, it will add required data:</li>
|
|
</ul>
|
|
<pre><code># python updateLDAPValues_094_to_095.py
|
|
</code></pre>
|
|
|
|
<h4 id="update-sogo-config-file">Update SOGo config file</h4>
|
|
<ul>
|
|
<li>On Linux/OpenBSD, please update file <code>/etc/sogo/sogo.conf</code>.</li>
|
|
<li>On FreeBSD, please update file /usr/local/etc/sogo/sogo.conf`.</li>
|
|
</ul>
|
|
<p>Open SOGo config file <code>sogo.conf</code>, find below line:</p>
|
|
<pre><code>filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail";
|
|
</code></pre>
|
|
|
|
<p>Add new condition <code>AND enabledService=sogo</code> in <code>filter =</code> setting, the final
|
|
setting is:</p>
|
|
<pre><code>filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
|
|
</code></pre>
|
|
|
|
<p>Save your change and restart SOGo service.</p>
|
|
<p>It's now able to enable or disable SOGo access for a single user by adding or
|
|
removing <code>enabledService=sogo</code> for this user.</p>
|
|
<h2 id="mysqlmariadb-backend-special">MySQL/MariaDB backend special</h2>
|
|
<h3 id="new-support-postfix-sender_dependent_relayhost_maps_1">NEW: Support Postfix <code>sender_dependent_relayhost_maps</code></h3>
|
|
<h4 id="summary_1">Summary</h4>
|
|
<p>Postfix setting <code>relayhost</code> allows Postfix to relay outbound emails to
|
|
specified mail server instead of connecting recipient server directly. Sender
|
|
dependent relayhost (controlled by parameter <code>sender_dependent_relayhost_maps</code>)
|
|
allows you to define per-user or per-domain relayhost, it
|
|
overrides the global <code>relayhost</code> parameter setting. Specified query tables are
|
|
searched by the envelope sender address (<code>user@domain.com</code>) and domain name
|
|
(<code>@domain.com</code>). For more details, please read Postfix document:</p>
|
|
<ul>
|
|
<li>Postfix parameter: <a href="http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps"><code>sender_dependent_relayhost_maps</code></a></li>
|
|
<li>Postfix manual page: <a href="http://www.postfix.org/transport.5.html">transport(5)</a></li>
|
|
</ul>
|
|
<p>To support <code>sender_dependent_relayhost_maps</code>, we need some modification on
|
|
iRedMail server:</p>
|
|
<ul>
|
|
<li>a new SQL table: <code>vmail.sender_relayhost</code></li>
|
|
<li>a new SQL lookup file: <code>/etc/postfix/mysql/sender_dependent_relayhost_maps.cf</code></li>
|
|
<li>a new Postfix parameter: <code>sender_dependent_relayhost_maps</code></li>
|
|
</ul>
|
|
<h4 id="create-sql-table-vmailsender_relayhost">Create SQL table <code>vmail.sender_relayhost</code></h4>
|
|
<p>Please connect to MySQL server as MySQL root user, and execute SQL commands
|
|
below to create this new table:</p>
|
|
<pre><code># mysql -uroot -p
|
|
sql> USE vmail;
|
|
sql> CREATE TABLE IF NOT EXISTS sender_relayhost (
|
|
id BIGINT(20) UNSIGNED AUTO_INCREMENT,
|
|
account VARCHAR(255) NOT NULL DEFAULT '',
|
|
relayhost VARCHAR(255) NOT NULL DEFAULT '',
|
|
PRIMARY KEY (id),
|
|
UNIQUE INDEX (account)
|
|
) ENGINE=InnoDB;
|
|
</code></pre>
|
|
|
|
<h4 id="create-sql-lookup-file-sender_dependent_relayhost_mapscf">Create SQL lookup file: <code>sender_dependent_relayhost_maps.cf</code></h4>
|
|
<p>Create sql lookup file by copying an existing file:</p>
|
|
<ul>
|
|
<li>On Linux/OpenBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /etc/postfix/mysql/
|
|
cp -p catchall_maps.cf sender_dependent_relayhost_maps.cf
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On FreeBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /usr/local/etc/postfix/mysql/
|
|
cp -p catchall_maps.cf sender_dependent_relayhost_maps.cf
|
|
</code></pre>
|
|
|
|
<p>Open file <code>sender_dependent_relayhost_maps.cf</code>, <strong>REPLACE</strong> the <code>query =</code> line
|
|
by below one:</p>
|
|
<pre><code>query = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1
|
|
</code></pre>
|
|
|
|
<h4 id="update-postfix-settings-in-etcpostfixmaincf_1">Update Postfix settings in <code>/etc/postfix/main.cf</code></h4>
|
|
<p>We need to update 2 parameters in Postfix config file: <code>proxy_read_maps</code>,
|
|
<code>sender_dependent_relayhost_maps</code>.</p>
|
|
<ul>
|
|
<li>On <strong>Linux/OpenBSD</strong>, please run 2 commands below to update Postfix settings:</li>
|
|
</ul>
|
|
<pre><code>postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps'
|
|
|
|
postconf -e sender_dependent_relayhost_maps='proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf'
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On <strong>FreeBSD</strong>, please run 2 commands below to update Postfix settings:</li>
|
|
</ul>
|
|
<pre><code>postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps'
|
|
|
|
postconf -e sender_dependent_relayhost_maps='proxy:mysql:/usr/local/etc/postfix/mysql/sender_dependent_relayhost_maps.cf'
|
|
</code></pre>
|
|
|
|
<p>Reload or restart Postfix service is required.</p>
|
|
<h3 id="new-able-to-enabledisable-sogo-access-for-a-single-user_1">NEW: Able to enable/disable SOGo access for a single user</h3>
|
|
<p>With steps below, system admin is able to control which users can access SOGo
|
|
Groupware (webmail, calendar, contacts, ActiveSync).</p>
|
|
<p>To accomplish this, we need to add a new SQL column <code>enablesogo</code> in SQL table
|
|
<code>vmail.mailbox</code>, then re-create SQL VIEW <code>sogo.users</code>.</p>
|
|
<p>Please login to MySQL/MariaDB as SQL root user first:</p>
|
|
<pre><code># mysql -uroot -p
|
|
</code></pre>
|
|
|
|
<p>Then execute SQL commands below to add required new SQL column and re-create
|
|
SQL VIEW <code>sogo.users</code>:</p>
|
|
<pre><code>sql> USE vmail;
|
|
sql> ALTER TABLE mailbox ADD COLUMN enablesogo TINYINT(1) NOT NULL DEFAULT 1;
|
|
sql> ALTER TABLE mailbox ADD INDEX (enablesogo);
|
|
|
|
sql> USE sogo;
|
|
sql> DROP VIEW users;
|
|
sql> CREATE VIEW sogo.users (c_uid, c_name, c_password, c_cn, mail, domain) AS SELECT username, username, password, name, username, domain FROM vmail.mailbox WHERE enablesogo=1 AND active=1;
|
|
</code></pre>
|
|
|
|
<p>It's now able to enable SOGo access for a single user by setting
|
|
<code>mailbox.enablesogo=1</code>, or disable the access with <code>mailbox.enablesogo=0</code>.</p>
|
|
<h2 id="postgresql-backend-special">PostgreSQL backend special</h2>
|
|
<h3 id="new-support-postfix-sender_dependent_relayhost_maps_2">NEW: Support Postfix <code>sender_dependent_relayhost_maps</code></h3>
|
|
<h4 id="summary_2">Summary</h4>
|
|
<p>Postfix setting <code>relayhost</code> allows Postfix to relay outbound emails to
|
|
specified mail server instead of connecting recipient server directly. Sender
|
|
dependent relayhost (controlled by parameter <code>sender_dependent_relayhost_maps</code>)
|
|
allows you to define per-user or per-domain relayhost, it
|
|
overrides the global <code>relayhost</code> parameter setting. Specified query tables are
|
|
searched by the envelope sender address (<code>user@domain.com</code>) and domain name
|
|
(<code>@domain.com</code>). For more details, please read Postfix document:</p>
|
|
<ul>
|
|
<li>Postfix parameter: <a href="http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps"><code>sender_dependent_relayhost_maps</code></a></li>
|
|
<li>Postfix manual page: <a href="http://www.postfix.org/transport.5.html">transport(5)</a></li>
|
|
</ul>
|
|
<p>To support <code>sender_dependent_relayhost_maps</code>, we need some modification on
|
|
iRedMail server:</p>
|
|
<ul>
|
|
<li>a new SQL table: <code>vmail.sender_relayhost</code></li>
|
|
<li>a new SQL lookup file: <code>/etc/postfix/mysql/sender_dependent_relayhost_maps.cf</code></li>
|
|
<li>a new Postfix parameter: <code>sender_dependent_relayhost_maps</code></li>
|
|
</ul>
|
|
<h4 id="create-sql-table-vmailsender_relayhost_1">Create SQL table <code>vmail.sender_relayhost</code></h4>
|
|
<p>Please follow steps below to create this new table:</p>
|
|
<pre><code># su - postgres
|
|
$ psql -d vmail
|
|
sql> CREATE TABLE sender_relayhost (
|
|
id SERIAL PRIMARY KEY,
|
|
account VARCHAR(255) NOT NULL DEFAULT '',
|
|
relayhost VARCHAR(255) NOT NULL DEFAULT ''
|
|
);
|
|
|
|
sql> CREATE INDEX idx_sender_relayhost_account ON sender_relayhost (account);
|
|
sql> ALTER TABLE sender_relayhost OWNER TO vmailadmin;
|
|
sql> GRANT SELECT ON sender_relayhost TO vmail;
|
|
</code></pre>
|
|
|
|
<h4 id="create-sql-lookup-file-sender_dependent_relayhost_mapscf_1">Create SQL lookup file: <code>sender_dependent_relayhost_maps.cf</code></h4>
|
|
<p>Create sql lookup file by copying an existing file:</p>
|
|
<ul>
|
|
<li>On Linux/OpenBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /etc/postfix/pgsql/
|
|
cp -p catchall_maps.cf sender_dependent_relayhost_maps.cf
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On FreeBSD:</li>
|
|
</ul>
|
|
<pre><code>cd /usr/local/etc/postfix/pgsql/
|
|
cp -p catchall_maps.cf sender_dependent_relayhost_maps.cf
|
|
</code></pre>
|
|
|
|
<p>Open file <code>sender_dependent_relayhost_maps.cf</code>, <strong>REPLACE</strong> the <code>query =</code> line
|
|
by below one:</p>
|
|
<pre><code>query = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1
|
|
</code></pre>
|
|
|
|
<h4 id="update-postfix-settings-in-etcpostfixmaincf_2">Update Postfix settings in <code>/etc/postfix/main.cf</code></h4>
|
|
<p>We need to update 2 parameters in Postfix config file: <code>proxy_read_maps</code>,
|
|
<code>sender_dependent_relayhost_maps</code>.</p>
|
|
<ul>
|
|
<li>On <strong>Linux/OpenBSD</strong>, please run 2 commands below to update Postfix settings:</li>
|
|
</ul>
|
|
<pre><code>postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps'
|
|
|
|
postconf -e sender_dependent_relayhost_maps='proxy:pgsql:/etc/postfix/pgsql/sender_dependent_relayhost_maps.cf'
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>On <strong>FreeBSD</strong>, please run 2 commands below to update Postfix settings:</li>
|
|
</ul>
|
|
<pre><code>postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps'
|
|
|
|
postconf -e sender_dependent_relayhost_maps='proxy:mysql:/usr/local/etc/postfix/mysql/sender_dependent_relayhost_maps.cf'
|
|
</code></pre>
|
|
|
|
<p>Reload or restart Postfix service is required.</p>
|
|
<h3 id="new-able-to-enabledisable-sogo-access-for-a-single-user_2">NEW: Able to enable/disable SOGo access for a single user</h3>
|
|
<p>With steps below, system admin is able to control which users can access SOGo
|
|
Groupware (webmail, calendar, contacts, ActiveSync).</p>
|
|
<p>To accomplish this, we need to add a new SQL column <code>enablesogo</code> in SQL table
|
|
<code>vmail.mailbox</code>, then re-create SQL VIEW <code>sogo.users</code>.</p>
|
|
<p>Before we go further, please find the SQL password for SQL user <code>vmail</code>
|
|
in Postfix config file <code>/etc/postfix/pgsql/*.cf</code> (on Linux/OpenBSD) or
|
|
<code>/usr/local/etc/postfix/pgsql/*.cf</code> (on FreeBSD), we need this while
|
|
(re-)creating SQL VIEW <code>sogo.users</code>.</p>
|
|
<p>Please login to PostgreSQL database as SQL root user first:</p>
|
|
<ul>
|
|
<li>on Linux, the root user name is <code>postgres</code></li>
|
|
<li>on FreeBSD, the root user name is <code>pgsql</code></li>
|
|
<li>on OpenBSD, the root user name is <code>_postgresql</code></li>
|
|
</ul>
|
|
<pre><code># su - postgres
|
|
$ psql -d vmail
|
|
</code></pre>
|
|
|
|
<p>Then execute SQL commands below to add required new SQL column and re-create
|
|
SQL VIEW <code>sogo.users</code>:</p>
|
|
<pre><code class="sql">sql> \c vmail;
|
|
sql> ALTER TABLE mailbox ADD COLUMN enablesogo INT2 NOT NULL DEFAULT 1;
|
|
sql> CREATE INDEX idx_mailbox_enablesogo ON mailbox (enablesogo);
|
|
|
|
sql> \c sogo;
|
|
sql> DROP VIEW users;
|
|
</code></pre>
|
|
|
|
<p>Be careful, you must replace string <code>VMAIL_PASSWORD</code> in SQL command below
|
|
by the real password of SQL user <code>vmail</code>:</p>
|
|
<pre><code class="sql">sql> CREATE VIEW users
|
|
AS SELECT * FROM dblink('host=127.0.0.1
|
|
port=5432
|
|
dbname=vmail
|
|
user=vmail
|
|
password=VMAIL_PASSWORD',
|
|
'SELECT username AS c_uid,
|
|
username AS c_name,
|
|
password AS c_password,
|
|
name AS c_cn,
|
|
username AS mail,
|
|
domain AS domain
|
|
FROM mailbox
|
|
WHERE enablesogo=1 AND active=1')
|
|
AS users (c_uid VARCHAR(255),
|
|
c_name VARCHAR(255),
|
|
c_password VARCHAR(255),
|
|
c_cn VARCHAR(255),
|
|
mail VARCHAR(255),
|
|
domain VARCHAR(255));
|
|
|
|
sql> ALTER TABLE users OWNER TO sogo;
|
|
sql> EXIT;
|
|
</code></pre>
|
|
|
|
<p>It's now able to enable SOGo access for a single user by setting
|
|
<code>mailbox.enablesogo=1</code>, or disable the access with <code>mailbox.enablesogo=0</code>.</p><div class="footer">
|
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
|
</div>
|
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
|
<script>
|
|
window.dataLayer = window.dataLayer || [];
|
|
function gtag(){dataLayer.push(arguments);}
|
|
gtag('js', new Date());
|
|
|
|
gtag('config', 'UA-3293801-21');
|
|
</script>
|
|
</body></html> |