702 lines
35 KiB
HTML
702 lines
35 KiB
HTML
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Upgrade iRedMail from 0.9.2 to 0.9.3</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
|
|
|
// <a href="./index.html">Document Index</a>
|
|
</div><h1 id="upgrade-iredmail-from-092-to-093">Upgrade iRedMail from 0.9.2 to 0.9.3</h1>
|
|
<div class="toc">
|
|
<ul>
|
|
<li><a href="#upgrade-iredmail-from-092-to-093">Upgrade iRedMail from 0.9.2 to 0.9.3</a><ul>
|
|
<li><a href="#changelog">ChangeLog</a></li>
|
|
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
|
|
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
|
|
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-170">Upgrade iRedAPD (Postfix policy server) to the latest 1.7.0</a></li>
|
|
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</a></li>
|
|
<li><a href="#amavisd-fix-incorrect-setting-which-signs-dkim-on-inbound-messages">Amavisd: Fix incorrect setting which signs DKIM on inbound messages</a></li>
|
|
<li><a href="#dovecot-fix-incorrect-quota-warning-priorities">Dovecot: Fix incorrect quota warning priorities</a></li>
|
|
<li><a href="#dovecot-22-add-more-special-folders-as-alias-folders">Dovecot-2.2: Add more special folders as alias folders</a></li>
|
|
<li><a href="#roundcube-webmail-add-daily-cron-job-to-cleanup-roundcube-sql-database">Roundcube webmail: Add daily cron job to cleanup Roundcube SQL database</a></li>
|
|
<li><a href="#sogo-the-dovecot-master-user-used-by-sogo-doesnt-work-due-to-incorrect-username">SOGo: The Dovecot Master User used by SOGo doesn't work due to incorrect username.</a></li>
|
|
<li><a href="#sogo-cron-jobs-which-run-every-minute-must-be-grouped-in-one-job">SOGo: cron jobs which run every minute must be grouped in one job.</a></li>
|
|
<li><a href="#sogo-use-correct-sieve-folder-encoding">SOGo: Use correct sieve folder encoding</a></li>
|
|
<li><a href="#rhelcentos-7-remove-daemonze-line-in-etcuwsgiini">[RHEL/CentOS 7] Remove daemonze = line in /etc/uwsgi.ini</a></li>
|
|
<li><a href="#rhelcentos-7-fix-incorrect-default-firewall-zone-name">[RHEL/CentOS 7] Fix incorrect default firewall zone name</a></li>
|
|
<li><a href="#optional-fixed-not-preserve-the-case-of-extension-while-delivering-message-to-mailbox">[OPTIONAL] Fixed: Not preserve the case of ${extension} while delivering message to mailbox</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
|
|
<li><a href="#fixed-improper-acl-control">Fixed: improper ACL control</a></li>
|
|
<li><a href="#fixed-dovecot-master-user-doesnt-work-with-acl-plugin">Fixed: Dovecot Master User doesn't work with ACL plugin</a></li>
|
|
<li><a href="#add-new-sql-table-outbound_wblist-in-amavisd-database">Add new SQL table outbound_wblist in amavisd database</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#mysqlmariadb-backend-special">MySQL/MariaDB backend special</a><ul>
|
|
<li><a href="#add-new-sql-columns-in-vmail-database-aliasis_alias-aliasalias_to">Add new SQL columns in vmail database: alias.is_alias, alias.alias_to</a></li>
|
|
<li><a href="#add-new-sql-table-outbound_wblist-in-amavisd-database_1">Add new SQL table outbound_wblist in amavisd database</a></li>
|
|
<li><a href="#optional-sogo-enable-isolated-per-domain-global-address-book">[OPTIONAL] SOGo: enable isolated per-domain global address book</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#postgresql-backend-special">PostgreSQL backend special</a><ul>
|
|
<li><a href="#add-new-sql-columns-in-vmail-database-aliasis_alias-aliasalias_to_1">Add new SQL columns in vmail database: alias.is_alias, alias.alias_to</a></li>
|
|
<li><a href="#add-new-sql-table-outbound_wblist-in-amavisd-database_2">Add new SQL table outbound_wblist in amavisd database</a></li>
|
|
<li><a href="#optional-sogo-enable-isolated-per-domain-global-address-book_1">[OPTIONAL] SOGo: enable isolated per-domain global address book</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<p><strong>This is still a DRAFT document, do NOT apply it.</strong></p>
|
|
<h2 id="changelog">ChangeLog</h2>
|
|
<blockquote>
|
|
<p>We offer remote upgrade service, check <a href="../support.html">the price</a> and <a href="../contact.html">contact us</a>.</p>
|
|
</blockquote>
|
|
<ul>
|
|
<li>2015-11-03: SOGo: enable isolated per-domain global address book.</li>
|
|
<li>2015-10-08: OpenLDAP: Fix improper ACL control.</li>
|
|
<li>2015-09-28: SOGo: cron jobs which run every minute must be grouped in one job.</li>
|
|
<li>2015-09-28: [RHEL/CentOS 7] Fix incorrect default firewall zone name</li>
|
|
<li>2015-09-28: [RHEL/CentOS 7] Remove <code>daemonze =</code> line in <code>/etc/uwsgi.ini</code>.</li>
|
|
<li>2015-09-10: Add new daily cron job to cleanup Roundcube SQL database.</li>
|
|
<li>2015-08-08: [SQL backends] Add new SQL columns in <code>vmail</code> database: <code>alias.is_alias</code>, <code>alias.alias_to</code>.</li>
|
|
<li>2015-07-31: SOGo: The Dovecot Master User used by SOGo doesn't work due to incorrect username.</li>
|
|
<li>2015-07-31: [LDAP] Fixed: Dovecot Master User doesn't work with ACL plugin.</li>
|
|
<li>2015-07-06: Add new SQL table <code>outbound_wblist</code> in <code>amavisd</code> database.</li>
|
|
<li>2015-07-06: Amavisd: Fix incorrect setting which signs DKIM on inbound messages.</li>
|
|
<li>2015-07-03: Dovecot: Fix incorrect quota warning priorities.</li>
|
|
<li>2015-06-30: Dovecot-2.2: Add more special folders as alias folders.</li>
|
|
<li>2015-06-09: [OPTIONAL] Fixed: Not preserve the case of <code>${extension}</code> while delivering message to mailbox.</li>
|
|
</ul>
|
|
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
|
|
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
|
|
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
|
|
installation, it's recommended to update this file after you upgraded iRedMail,
|
|
so that you can know which version of iRedMail you're running. For example:</p>
|
|
<pre><code># File: /etc/iredmail-release
|
|
|
|
0.9.3
|
|
</code></pre>
|
|
|
|
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-170">Upgrade iRedAPD (Postfix policy server) to the latest 1.7.0</h3>
|
|
<blockquote>
|
|
<p>Note: iRedAPD-1.7.0 requires a new SQL database, please create it by
|
|
following upgrade tutorial.</p>
|
|
</blockquote>
|
|
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
|
|
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
|
|
<p>Detailed release notes are available here: <a href="./iredapd.releases.html">iRedAPD release notes</a>.</p>
|
|
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</h3>
|
|
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
|
|
latest stable release immediately: <a href="http://trac.roundcube.net/wiki/Howto_Upgrade">How to upgrade Roundcube</a></p>
|
|
<h3 id="amavisd-fix-incorrect-setting-which-signs-dkim-on-inbound-messages">Amavisd: Fix incorrect setting which signs DKIM on inbound messages</h3>
|
|
<p>In iRedMail-0.9.2 and earlier releases, Amavisd will signing DKIM on inbound
|
|
message, this is wrong. Please follow steps below to fix it.</p>
|
|
<p>With below changes, Amavisd will aply policy bank 'ORIGINATING' to emails
|
|
submitted through submission (port 587) by smtp authenticated user. This way
|
|
we clearly separate emails submitted by authenticated users and inbound message
|
|
sent by others, and Amavisd won't sign DKIM on inbound message anymore.</p>
|
|
<ul>
|
|
<li>
|
|
<p>Open Amavisd config file, make sure you have below settings. If they don't
|
|
exist, please add them or update them.</p>
|
|
<ul>
|
|
<li>on RHEL/CentOS: it's <code>/etc/amavisd/amavisd.conf</code>.</li>
|
|
<li>on Debian/Ubuntu: it's <code>/etc/amavis/conf.d/50-user</code>.</li>
|
|
<li>on FreeBSD: it's <code>/usr/local/etc/amavisd.conf</code>.</li>
|
|
<li>on OpenBSD: it's <code>/etc/amavisd.conf</code>.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<pre><code>$inet_socket_port = [10024, 10026, 9998];
|
|
$interface_policy{'10026'} = 'ORIGINATING';
|
|
</code></pre>
|
|
|
|
<p>We will configure Postfix to pipe email submitted by authenticated user through
|
|
port 10026, others through port 10024. And port 9998 is used to manage
|
|
quarantined mails.</p>
|
|
<ul>
|
|
<li>Find <code>$policy_bank{'ORIGINATING'} = {</code> block, comment out <code>forward_method</code>
|
|
line in the block:</li>
|
|
</ul>
|
|
<pre><code> #forward_method => 'smtp:[127.0.0.1]:10027',
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>Comment out below line in Amavisd config file:</p>
|
|
<p><strong>WARNING: Do NOT remove <code>originating => 1,</code> in ALL <code>$policy_bank</code> blocks.</strong></p>
|
|
</li>
|
|
</ul>
|
|
<pre><code>$originating = 1;
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Comment out the whole <code>$policy_bank{'MYUSERS'}</code> block:</li>
|
|
</ul>
|
|
<pre><code>#$policy_blank{'MYUSERS'} = {
|
|
# ...
|
|
#}
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>Restart Amavisd service.</p>
|
|
</li>
|
|
<li>
|
|
<p>Open Postfix config file <code>/etc/postfix/master.cf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/postfix/master.cf</code> (FreeBSD), update transport <code>submission</code>
|
|
to use <code>content_filter=smtp-amavis:[127.0.0.1]:10026</code> as content filter like
|
|
below:</p>
|
|
</li>
|
|
</ul>
|
|
<pre><code>submission inet n - n - - smtpd
|
|
... [omit other settings here] ...
|
|
-o content_filter=smtp-amavis:[127.0.0.1]:10026
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Restart Postfix service.</li>
|
|
</ul>
|
|
<h3 id="dovecot-fix-incorrect-quota-warning-priorities">Dovecot: Fix incorrect quota warning priorities</h3>
|
|
<p>iRedMail configures Dovecot to send warning message to local user when the
|
|
mailbox quota is 85%, 90% or 95% full, but the priorities is wrong. Please
|
|
fix it with steps below.</p>
|
|
<ul>
|
|
<li>Find below setting in Dovecot config file <code>/etc/dovecot/dovecot.conf</code>
|
|
(Linux/OpenBSD) or <code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD):</li>
|
|
</ul>
|
|
<pre><code> quota_warning = storage=85%% quota-warning 85 %u
|
|
quota_warning2 = storage=90%% quota-warning 90 %u
|
|
quota_warning3 = storage=95%% quota-warning 95 %u
|
|
</code></pre>
|
|
|
|
<p><code>quota_warning</code> has the highest priority, <code>quota_warning3</code> has the lowest
|
|
priority. Only the command for the first exceeded limit is executed, so we must
|
|
configure the highest limit first.</p>
|
|
<p>With above setting, when the mailbox quota goes from 70% to 98% directly, it
|
|
sends warning message to notify user that the quota is 85% full, this is wrong,
|
|
it's expected to be warned as 95% full instead.</p>
|
|
<ul>
|
|
<li>Update them to below ones to fix it. Please pay close attention to the percent
|
|
numbers:</li>
|
|
</ul>
|
|
<pre><code> quota_warning = storage=95%% quota-warning 95 %u
|
|
quota_warning2 = storage=90%% quota-warning 90 %u
|
|
quota_warning3 = storage=85%% quota-warning 85 %u
|
|
</code></pre>
|
|
|
|
<p>Restart Dovecot service is required.</p>
|
|
<p>For more details, please read Dovecot document:
|
|
<a href="http://wiki2.dovecot.org/Quota/Configuration">Quota Configuration</a></p>
|
|
<h3 id="dovecot-22-add-more-special-folders-as-alias-folders">Dovecot-2.2: Add more special folders as alias folders</h3>
|
|
<p>Note: This is applicable to Dovecot-2.2.x. if you're running Dovecot-2.1.x or
|
|
earlier versions, please skip this step.</p>
|
|
<p>Check Dovecot version number with below command first:</p>
|
|
<pre><code class="bash"># dovecot --version
|
|
</code></pre>
|
|
|
|
<p>Open Dovecot config file <code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), find below setting:</p>
|
|
<pre><code>namespace {
|
|
type = private
|
|
...
|
|
inbox = yes
|
|
...
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Add below alias folders inside the same <code>namespace {}</code> block:</p>
|
|
<pre><code> mailbox "Sent Items" {
|
|
auto = no
|
|
special_use = \Sent
|
|
}
|
|
|
|
mailbox "Deleted Messages" {
|
|
auto = no
|
|
special_use = \Trash
|
|
}
|
|
|
|
mailbox "Deleted Messages" {
|
|
auto = no
|
|
special_use = \Trash
|
|
}
|
|
|
|
# Archive
|
|
mailbox Archive {
|
|
auto = subscribe
|
|
special_use = \Archive
|
|
}
|
|
mailbox Archives {
|
|
auto = no
|
|
special_use = \Archive
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Restart Dovecot service is required.</p>
|
|
<h3 id="roundcube-webmail-add-daily-cron-job-to-cleanup-roundcube-sql-database">Roundcube webmail: Add daily cron job to cleanup Roundcube SQL database</h3>
|
|
<p>It's recommended to setup a daily cron job to keep Roundcube SQL database slick
|
|
and clean, it removes all records that are marked as deleted.</p>
|
|
<p>Please add cron job for user <code>root</code> with command:</p>
|
|
<pre><code># crontab -e -u root
|
|
</code></pre>
|
|
|
|
<p>Then add cron job below:</p>
|
|
<ul>
|
|
<li>RHEL/CentOS:</li>
|
|
</ul>
|
|
<pre><code># Cleanup Roundcube SQL database.
|
|
2 2 * * * php /var/www/roundcubemail/bin/cleandb.sh >/dev/null
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Debian/Ubuntu:</li>
|
|
</ul>
|
|
<pre><code># Cleanup Roundcube SQL database.
|
|
2 2 * * * php /opt/www/roundcubemail/bin/cleandb.sh >/dev/null
|
|
</code></pre>
|
|
|
|
<p><strong>WARNING</strong>: with old iRedMail release, Roundcube directory is
|
|
<code>/usr/share/apache2/roundcubemail</code>, please use the correct one on your server.</p>
|
|
<ul>
|
|
<li>FreeBSD:</li>
|
|
</ul>
|
|
<pre><code># Cleanup Roundcube SQL database.
|
|
2 2 * * * php /usr/local/www/roundcube/bin/cleandb.sh >/dev/null
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>OpenBSD:</li>
|
|
</ul>
|
|
<pre><code># Cleanup Roundcube SQL database.
|
|
2 2 * * * php /var/www/roundcubemail/bin/cleandb.sh >/dev/null
|
|
</code></pre>
|
|
|
|
<h3 id="sogo-the-dovecot-master-user-used-by-sogo-doesnt-work-due-to-incorrect-username">SOGo: The Dovecot Master User used by SOGo doesn't work due to incorrect username.</h3>
|
|
<p>Note: you can skip this step if you don't run SOGo groupware, and iRedMail
|
|
doesn't install SOGo on FreeBSD due to missing required ports in official ports
|
|
tree.</p>
|
|
<p>The Dovecot Master User created by iRedMail and used by SOGo doesn't contain
|
|
a mail domain name, this will cause login failure.</p>
|
|
<p>If you don't append a (non-exist) mail domain name in Dovecot Master User
|
|
account, Dovecot will use the domain name of your login username. For example,
|
|
if your real user is <code>myuser@mydomain.com</code>, when you try to access this user's
|
|
mailbox as Dovecot Master User <code>myuser@mydomain.com*my_master_user</code>, it will
|
|
trigger Dovecot to verify user <code>my_master_user@mydomain.com</code> which doesn't
|
|
exist on your server, then this login attempt fails.</p>
|
|
<p>Please follow steps below to fix it.</p>
|
|
<ul>
|
|
<li>Open file <code>/etc/dovecot/dovecot-master-users</code> (Linux/OpenBSD),
|
|
find the account used by SOGo:</li>
|
|
</ul>
|
|
<pre><code>sogo_sieve_master:...
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Append any mail domain name which is not hosted on your server to this
|
|
account, save your change. for example:</li>
|
|
</ul>
|
|
<pre><code>sogo_sieve_master@not-exist.com:...
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Open file <code>/etc/sogo/sieve.cred</code>, append the same mail domain name for the
|
|
sieve account:</li>
|
|
</ul>
|
|
<pre><code>sogo_sieve_master@not-exist.com:...
|
|
</code></pre>
|
|
|
|
<p>That's all.</p>
|
|
<h3 id="sogo-cron-jobs-which-run-every-minute-must-be-grouped-in-one-job">SOGo: cron jobs which run every minute must be grouped in one job.</h3>
|
|
<p>Note: this is applicable to iRedMail server which has SOGo groupware installed
|
|
and running.</p>
|
|
<p>iRedMail sets up 3 cron jobs for SOGo, 2 of them are running every minute. You
|
|
can check the cron jobs with command below. Note:</p>
|
|
<ul>
|
|
<li>SOGo daemon user is <code>sogo</code> on all Linux distributions.</li>
|
|
<li>SOGo daemon user is <code>_sogo</code> on OpenBSD.</li>
|
|
<li>with iRedMail-0.9.2 and earlier releases, there's no SOGo support on FreeBSD.</li>
|
|
</ul>
|
|
<pre><code># crontab -u sogo -l
|
|
|
|
* * * * * /usr/sbin/sogo-tool expire-sessions 30
|
|
* * * * * /usr/sbin/sogo-ealarms-notify
|
|
</code></pre>
|
|
|
|
<p>It always complains with error message like below:</p>
|
|
<blockquote>
|
|
<p>sogo-tool[27443] Failed to create lock directory '/var/lib/sogo/GNUstep/Defaults/.lck/.GNUstepDefaults.lck'</p>
|
|
<p>sogo-ealarms-notify[27790] Warning ... someone broke our lock (/var/lib/sogo/GNUstep/Defaults/.lck/.GNUstepDefaults.lck) ... and may have interfered with updating defaults data in file.</p>
|
|
</blockquote>
|
|
<p>According to
|
|
<a href="http://marc.info/?l=sogo-users&m=144307619805703&w=2">SOGo mailing list</a>,
|
|
replied by SOGo developer <strong>Christian Mack</strong>, <code>This is a known problem, but
|
|
harmless, as the lock is not really needed here. The work around is to use one
|
|
cron entry only for both (jobs).</code></p>
|
|
<p>Please edit the cron job with command below:</p>
|
|
<pre><code># crontab -u sogo -e
|
|
</code></pre>
|
|
|
|
<p>Then group those 2 jobs into one cron job like below (note, use semicolon <code>;</code>
|
|
to separate jobs):</p>
|
|
<pre><code>* * * * * /usr/sbin/sogo-tool expire-sessions 30; /usr/sbin/sogo-ealarms-notify
|
|
</code></pre>
|
|
|
|
<p>That's all.</p>
|
|
<h3 id="sogo-use-correct-sieve-folder-encoding">SOGo: Use correct sieve folder encoding</h3>
|
|
<p>SOGo uses <code>UTF-7</code> as sieve folder encoding by default, this is improper, we
|
|
must use <code>UTF-8</code> instead, otherwise mail folder names with non-ASCII characters
|
|
cannot be correctly created or displayed.</p>
|
|
<p>To fix this, please add below setting in SOGo config file <code>/etc/sogo/sogo.conf</code>
|
|
(Linux/OpenBSD) or <code>/usr/local/etc/sogo/sogo.conf</code> (FreeBSD):</p>
|
|
<pre><code> SOGoSieveFolderEncoding = UTF-8;
|
|
</code></pre>
|
|
|
|
<p>Restarting SOGo service is required.</p>
|
|
<h3 id="rhelcentos-7-remove-daemonze-line-in-etcuwsgiini">[RHEL/CentOS 7] Remove <code>daemonze =</code> line in <code>/etc/uwsgi.ini</code></h3>
|
|
<p>NOTE: this is required by RHEL/CentOS 7, and not applicable to other Linux/BSD
|
|
distributions.</p>
|
|
<p><code>daemonze =</code> line set in <code>/etc/uwsgi.ini</code> is required by RHEL/CentOS 6, but
|
|
not RHEL/CentOS 7, and it will cause <code>uwsgi</code> service fail. Please <strong>remove or
|
|
comment out this line</strong> and restart <code>uwsgi</code> service.</p>
|
|
<h3 id="rhelcentos-7-fix-incorrect-default-firewall-zone-name">[RHEL/CentOS 7] Fix incorrect default firewall zone name</h3>
|
|
<p>NOTE: this is required by RHEL/CentOS 7, and not applicable to other Linux/BSD
|
|
distributions.</p>
|
|
<p>iRedMail-0.9.2 and earlier versions won't set default firewall zone if you
|
|
didn't choose to restart firewall immediately, so after iRedMail installation,
|
|
you must set the default firewall zone manually with steps below.</p>
|
|
<ul>
|
|
<li>Open file <code>/etc/firewalld/firewalld.conf</code>, find parameter <code>DefaultZone=</code>. If
|
|
it's not set by iRedMail installer, it will be <code>DefaultZone=public</code>:</li>
|
|
</ul>
|
|
<pre><code>DefaultZone=public
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Please replace <code>public</code> by <code>iredmail</code>, it will open ports required by ssh and
|
|
mail services. The zone file is <code>/etc/firewalld/zones/iredmail.xml</code>, please
|
|
make sure you have correct ssh port number in this file.</li>
|
|
</ul>
|
|
<pre><code>DefaultZone=iredmail
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Reload firewall rules with command below:</li>
|
|
</ul>
|
|
<pre><code>firewall-cmd --complete-reload
|
|
</code></pre>
|
|
|
|
<h3 id="optional-fixed-not-preserve-the-case-of-extension-while-delivering-message-to-mailbox">[OPTIONAL] Fixed: Not preserve the case of <code>${extension}</code> while delivering message to mailbox</h3>
|
|
<p>With iRedMail-0.9.2 and earlier releases, email sent to user
|
|
<code>username+Ext@domain.com</code> (upper case <code>E</code>) will be delivered to folder
|
|
<code>ext</code> (lower case <code>e</code>) of <code>username@domain.com</code>'s mailbox. This fix will
|
|
preserve the case of address extension.</p>
|
|
<ul>
|
|
<li>Open file <code>/etc/postfix/master.cf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/postfix/master.cf</code> (FreeBSD), find below lines:</li>
|
|
</ul>
|
|
<pre><code># Use dovecot deliver program as LDA.
|
|
dovecot unix - n n - - pipe
|
|
flags=DRhu ...
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Replace <code>flags=DRhu</code> by <code>flags=DRh</code> (remove <code>u</code>) in the third line:</li>
|
|
</ul>
|
|
<pre><code> flags=DRh ...
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Save your change and restart Postfix service.</li>
|
|
</ul>
|
|
<h2 id="openldap-backend-special">OpenLDAP backend special</h2>
|
|
<h3 id="fixed-improper-acl-control">Fixed: improper ACL control</h3>
|
|
<p>With default OpenLDAP ACL control set by iRedMail, every mail user has
|
|
permission to query the whole LDAP tree (although cannot query sensitive info
|
|
like password), we'd better remove this ACL control due to security concern.</p>
|
|
<ul>
|
|
<li>
|
|
<p>Please open OpenLDAP config file <code>slapd.conf</code>, and find below lines:</p>
|
|
<ul>
|
|
<li>on RHEL/CentOS: it's <code>/etc/openldap/slapd.conf</code>.</li>
|
|
<li>on Debian/Ubuntu: it's <code>/etc/ldap/slapd.conf</code>.</li>
|
|
<li>on FreeBSD: it's <code>/usr/local/etc/openldap/slapd.conf</code>.</li>
|
|
<li>on OpenBSD: it's <code>/etc/openldap/slapd.conf</code>.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<pre><code>access to dn.subtree="o=domains,dc=example,dc=com"
|
|
by anonymous auth
|
|
by self write
|
|
by dn.exact="cn=vmail,dc=example,dc=com" read
|
|
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
|
|
by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=example,dc=com$" read
|
|
by users read
|
|
</code></pre>
|
|
|
|
<p>The LDAP suffix <code>dc=example,dc=com</code> might be different on your server.</p>
|
|
<ul>
|
|
<li>Remove the 6th line (<code>by dn.regex="mail=..."</code>), and replace the line <code>by users read</code>
|
|
by <code>by users none</code>.</li>
|
|
</ul>
|
|
<pre><code>access to dn.subtree="o=domains,dc=example,dc=com"
|
|
by anonymous auth
|
|
by self write
|
|
by dn.exact="cn=vmail,dc=example,dc=com" read
|
|
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
|
|
by users none
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Save your change and restart OpenLDAP service.</li>
|
|
</ul>
|
|
<h3 id="fixed-dovecot-master-user-doesnt-work-with-acl-plugin">Fixed: Dovecot Master User doesn't work with ACL plugin</h3>
|
|
<p>iRedMail has both Dovecot Master User and Dovecot <code>acl</code> plugin enabled by
|
|
default, if <code>acl</code> plugin is enabled, the Master User is still subject to ACLs
|
|
just like any other user, which means that by default the Master User has no
|
|
access to any mailboxes of the user. Please fix this issue by following steps
|
|
below.</p>
|
|
<ul>
|
|
<li>Open file <code>/etc/dovecot/dovecot-ldap.conf</code> (Linux/OpenBSD) or
|
|
<code>/usr/local/etc/dovecot/dovecot-ldap.conf</code> (FreeBSD), find below line:</li>
|
|
</ul>
|
|
<pre><code>user_attrs = mail=user, ...
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Add new setting <code>mail=master_user</code> in <code>user_attrs</code> like below:</li>
|
|
</ul>
|
|
<pre><code>user_attrs = mail=master_user,mail=user, ...
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Restart Dovecot service.</li>
|
|
</ul>
|
|
<h3 id="add-new-sql-table-outbound_wblist-in-amavisd-database">Add new SQL table <code>outbound_wblist</code> in <code>amavisd</code> database</h3>
|
|
<p>We need a new SQL table <code>outbound_wblist</code> in <code>amavisd</code> database, it's used
|
|
to store white/blacklists for outbound message, required by iRedAPD plugin
|
|
<code>amavisd_wblist</code>.</p>
|
|
<p>Please connect to MySQL server as MySQL root user, create new table:</p>
|
|
<pre><code>$ mysql -uroot -p
|
|
mysql> USE amavisd;
|
|
mysql> CREATE TABLE outbound_wblist (rid integer unsigned NOT NULL, sid integer unsigned NOT NULL, wb varchar(10) NOT NULL, PRIMARY KEY (rid,sid));
|
|
</code></pre>
|
|
|
|
<p>After table created, please restart iRedAPD service.</p>
|
|
<h2 id="mysqlmariadb-backend-special">MySQL/MariaDB backend special</h2>
|
|
<h3 id="add-new-sql-columns-in-vmail-database-aliasis_alias-aliasalias_to">Add new SQL columns in <code>vmail</code> database: <code>alias.is_alias</code>, <code>alias.alias_to</code></h3>
|
|
<p>iRedMail-0.9.3 offers per-user alias address support, that means mail user
|
|
<code>john.smith@domain.com</code> can have additional email addresses like
|
|
<code>john@domain.com</code>, <code>js@domain.com</code> and more, all emails sent to these addresses
|
|
will be delivered to same mailbox. With per-user alias address support, you
|
|
don't need to create many mail alias accounts anymore.</p>
|
|
<p>Per-user alias address requires 2 new SQL columns:</p>
|
|
<ul>
|
|
<li><code>alias.is_alias</code>: this column marks a SQL record is a per-user alias account.</li>
|
|
<li><code>alias.alias_to</code>: this column stores the target address (it's
|
|
<code>john.smith@domain.com</code> as described above). Its value is same as <code>alias.goto</code>
|
|
when this sql record is a per-user alias, but <code>alias.goto</code> is not good for
|
|
indexed searching, so we create <code>alias.alias_to</code> as an alternative.</li>
|
|
</ul>
|
|
<p>Please follow steps below to create required SQL columns:</p>
|
|
<pre><code>$ mysql -uroot -p
|
|
sql> USE vmail;
|
|
sql> ALTER TABLE alias ADD COLUMN is_alias TINYINT(1) NOT NULL DEFAULT 0;
|
|
sql> ALTER TABLE alias ADD COLUMN alias_to VARCHAR(255) NOT NULL DEFAULT '';
|
|
sql> ALTER TABLE alias ADD INDEX (is_alias);
|
|
sql> ALTER TABLE alias ADD INDEX (alias_to);
|
|
</code></pre>
|
|
|
|
<blockquote>
|
|
<p><strong>Sample usage</strong>: add additional email addresses <code>extra@domain.com</code> for
|
|
existing user <code>user@domain.com</code>:</p>
|
|
</blockquote>
|
|
<pre><code>sql> USE vmail;
|
|
sql> INSERT INTO alias (address, goto, is_alias, alias_to, domain)
|
|
VALUES ('extra@domain.com', 'user@domain.com', 1, 'user@domain.com', 'domain.com');
|
|
</code></pre>
|
|
|
|
<blockquote>
|
|
<p>Notes:</p>
|
|
<ul>
|
|
<li>Values of column <code>alias.goto</code> and <code>alias.alias_to</code> are the same.</li>
|
|
<li>You can add as many additional email addresses as you want.</li>
|
|
<li>In above sample, <code>extra@domain.com</code> can be an email address belong to your alias domain.</li>
|
|
</ul>
|
|
</blockquote>
|
|
<h3 id="add-new-sql-table-outbound_wblist-in-amavisd-database_1">Add new SQL table <code>outbound_wblist</code> in <code>amavisd</code> database</h3>
|
|
<p>We need a new SQL table <code>outbound_wblist</code> in <code>amavisd</code> database, it's used
|
|
to store white/blacklists for outbound message, required by iRedAPD plugin
|
|
<code>amavisd_wblist</code>.</p>
|
|
<p>Please connect to MySQL server as MySQL root user, create new table:</p>
|
|
<pre><code>$ mysql -uroot -p
|
|
mysql> USE amavisd;
|
|
mysql> CREATE TABLE outbound_wblist (rid integer unsigned NOT NULL, sid integer unsigned NOT NULL, wb varchar(10) NOT NULL, PRIMARY KEY (rid,sid));
|
|
</code></pre>
|
|
|
|
<p>After table created, please restart iRedAPD service.</p>
|
|
<h3 id="optional-sogo-enable-isolated-per-domain-global-address-book">[OPTIONAL] SOGo: enable isolated per-domain global address book</h3>
|
|
<p>iRedMail doesn't enable global address book by default, this step will help
|
|
you enable isolated per-domain global address book.</p>
|
|
<p>iRedMail creates a SQL VIEW <code>sogo.users</code> in SOGo SQL database, but it doesn't
|
|
contain a <code>domain</code> column, if you enable global address book, every user is
|
|
able to search ALL mail accounts hosted on iRedMail server, so we need to drop
|
|
existing SQL VIEW, then re-create it with <code>domain</code> column for isolated
|
|
per-domain global address book.</p>
|
|
<p>Now connect to MySQL server as <code>root</code> user, drop existing SQL VIEW
|
|
<code>sogo.users</code>, then re-create it:</p>
|
|
<pre><code>$ mysql -uroot -p
|
|
sql> USE sogo;
|
|
sql> DROP VIEW users;
|
|
sql> CREATE VIEW sogo.users (c_uid, c_name, c_password, c_cn, mail, domain) AS SELECT username, username, password, name, username, domain FROM vmail.mailbox WHERE active=1;
|
|
</code></pre>
|
|
|
|
<p>Open SOGo config file <code>/etc/sogo/sogo.conf</code> (Linux, OpenBSD) or
|
|
<code>/usr/local/etc/sogo/sogo.conf</code> (FreeBSD), find the <code>SOGoUserSources</code> block
|
|
defined for SQL backend. for example:</p>
|
|
<pre><code> // Authentication using SQL
|
|
SOGoUserSources = (
|
|
{
|
|
...
|
|
|
|
//isAddressBook = YES;
|
|
//displayName = "Global Address Book";
|
|
}
|
|
);
|
|
</code></pre>
|
|
|
|
<p>Uncomment <code>isAddressBook</code> and <code>displayName</code> lines, and add two new parameters
|
|
like below:</p>
|
|
<pre><code> isAddressBook = YES;
|
|
displayName = "Global Address Book";
|
|
SOGoEnableDomainBasedUID = YES;
|
|
DomainFieldName = "domain";
|
|
</code></pre>
|
|
|
|
<p>Restart SOGo service is required.</p>
|
|
<h2 id="postgresql-backend-special">PostgreSQL backend special</h2>
|
|
<h3 id="add-new-sql-columns-in-vmail-database-aliasis_alias-aliasalias_to_1">Add new SQL columns in <code>vmail</code> database: <code>alias.is_alias</code>, <code>alias.alias_to</code></h3>
|
|
<p>iRedMail-0.9.3 offers per-user alias address support, that means mail user
|
|
<code>john.smith@domain.com</code> can have additional email addresses like
|
|
<code>john@domain.com</code>, <code>js@domain.com</code> and more, all emails sent to these addresses
|
|
will be delivered to same mailbox. With per-user alias address support, you
|
|
don't need to create many mail alias accounts anymore.</p>
|
|
<p>Per-user alias address requires 2 new SQL columns:</p>
|
|
<ul>
|
|
<li><code>alias.is_alias</code>: this column marks a SQL record is a per-user alias account.</li>
|
|
<li><code>alias.alias_to</code>: this column stores the target address (it's
|
|
<code>john.smith@domain.com</code> as described above). Its value is same as <code>alias.goto</code>
|
|
when this sql record is a per-user alias, but <code>alias.goto</code> is not good for
|
|
indexed searching, so we create <code>alias.alias_to</code> as an alternative.</li>
|
|
</ul>
|
|
<p>Please follow steps below to create required SQL columns:</p>
|
|
<pre><code># su - postgres
|
|
$ psql -d vmail
|
|
sql> ALTER TABLE alias ADD COLUMN is_alias INT2 NOT NULL DEFAULT 0;
|
|
sql> ALTER TABLE alias ADD COLUMN alias_to alias_to VARCHAR(255) NOT NULL DEFAULT '';
|
|
sql> CREATE INDEX idx_alias_is_alias ON alias (is_alias);
|
|
sql> CREATE INDEX idx_alias_alias_to ON alias (alias_to);
|
|
</code></pre>
|
|
|
|
<blockquote>
|
|
<p><strong>Sample usage</strong>: add additional email addresses <code>extra@domain.com</code> for
|
|
existing user <code>user@domain.com</code>:</p>
|
|
</blockquote>
|
|
<pre><code>sql> USE vmail;
|
|
sql> INSERT INTO alias (address, goto, is_alias, alias_to, domain)
|
|
VALUES ('extra@domain.com', 'user@domain.com', 1, 'user@domain.com', 'domain.com');
|
|
</code></pre>
|
|
|
|
<blockquote>
|
|
<p>Notes:</p>
|
|
<ul>
|
|
<li>Values of column <code>alias.goto</code> and <code>alias.alias_to</code> are the same.</li>
|
|
<li>You can add as many additional email addresses as you want.</li>
|
|
<li>In above sample, <code>extra@domain.com</code> can be an email address belong to your alias domain.</li>
|
|
</ul>
|
|
</blockquote>
|
|
<h3 id="add-new-sql-table-outbound_wblist-in-amavisd-database_2">Add new SQL table <code>outbound_wblist</code> in <code>amavisd</code> database</h3>
|
|
<p>We need a new SQL table <code>outbound_wblist</code> in <code>amavisd</code> database, it's used
|
|
to store white/blacklists for outbound message, required by iRedAPD plugin
|
|
<code>amavisd_wblist</code>.</p>
|
|
<p>Please switch to PostgreSQL daemon user, then execute SQL commands to import it:</p>
|
|
<pre><code>* On Linux, PostgreSQL daemon user is `postgres`.
|
|
* On FreeBSD, PostgreSQL daemon user is `pgsql`.
|
|
* On OpenBSD, PostgreSQL daemon user is `_postgresql`.
|
|
</code></pre>
|
|
<pre><code># su - postgres
|
|
$ psql -d cluebringer -d amavisd
|
|
sql> CREATE TABLE outbound_wblist (rid integer NOT NULL CHECK (rid >= 0), sid integer NOT NULL CHECK (sid >= 0), wb varchar(10) NOT NULL, PRIMARY KEY (rid,sid));
|
|
</code></pre>
|
|
|
|
<p>After table created, please restart iRedAPD service.</p>
|
|
<h3 id="optional-sogo-enable-isolated-per-domain-global-address-book_1">[OPTIONAL] SOGo: enable isolated per-domain global address book</h3>
|
|
<p>iRedMail doesn't enable global address book by default, this step will help
|
|
you enable isolated per-domain global address book.</p>
|
|
<p>iRedMail creates a SQL VIEW <code>sogo.users</code> in SOGo SQL database, but it doesn't
|
|
contain a <code>domain</code> column, if you enable global address book, every user is
|
|
able to search ALL mail accounts hosted on iRedMail server, so we need to drop
|
|
existing SQL VIEW, then re-create it with <code>domain</code> column for isolated
|
|
per-domain global address book.</p>
|
|
<p>Before we go further, we must find the SQL username/password used to query
|
|
<code>vmail</code> SQL database in <code>/etc/postfix/pgsql/*.cf</code> (on FreeBSD, it's
|
|
<code>/usr/local/etc/postfix/pgsql/*.cf</code>). for example:</p>
|
|
<pre><code>hosts = 127.0.0.1
|
|
port = 3306
|
|
user = vmail
|
|
password = NGtLm0jFiwwOH5AeQtTsSAkScUMdFc
|
|
dbname = vmail
|
|
</code></pre>
|
|
|
|
<p>We need SQL server address, port, user, password and database name.</p>
|
|
<p>Now connect to PostgreSQL server as admin user, drop existing SQL VIEW
|
|
<code>sogo.users</code>, and re-create it.</p>
|
|
<blockquote>
|
|
<p><strong>WARNING</strong>: You must replace the <code>vmail</code> database username and password by
|
|
the real ones found in <code>/etc/postfix/pgsql/*.cf</code>.</p>
|
|
</blockquote>
|
|
<pre><code># su - postgres
|
|
$ psql -d sogo
|
|
sql> DROP TABLE users;
|
|
sql> CREATE VIEW users AS SELECT * FROM dblink('host=127.0.0.1 port=5432 user=vmail password=NGtLm0jFiwwOH5AeQtTsSAkScUMdFc dbname=vmail', 'SELECT username AS c_uid, username AS c_name, password AS c_password, name AS c_cn, username AS mail, domain AS domain FROM mailbox WHERE active=1') AS users (c_uid VARCHAR(255), c_name VARCHAR(255), c_password VARCHAR(255), c_cn VARCHAR(255), mail VARCHAR(255), domain VARCHAR(255));
|
|
sql> ALTER TABLE users OWNER TO sogo;
|
|
</code></pre>
|
|
|
|
<p>Open SOGo config file <code>/etc/sogo/sogo.conf</code> (Linux, OpenBSD) or
|
|
<code>/usr/local/etc/sogo/sogo.conf</code> (FreeBSD), find the <code>SOGoUserSources</code> block
|
|
defined for SQL backend. for example:</p>
|
|
<pre><code> // Authentication using SQL
|
|
SOGoUserSources = (
|
|
{
|
|
...
|
|
|
|
//isAddressBook = YES;
|
|
//displayName = "Global Address Book";
|
|
}
|
|
);
|
|
</code></pre>
|
|
|
|
<p>Uncomment <code>isAddressBook</code> and <code>displayName</code> lines, and add two new parameters
|
|
like below:</p>
|
|
<pre><code> isAddressBook = YES;
|
|
displayName = "Global Address Book";
|
|
SOGoEnableDomainBasedUID = YES;
|
|
DomainFieldName = "domain";
|
|
</code></pre>
|
|
|
|
<p>Restart SOGo service is required.</p><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
|
|
|
ga('create', 'UA-3293801-21', 'auto');
|
|
ga('send', 'pageview');
|
|
</script>
|
|
</body></html> |