2015-07-12 21:10:46 +08:00

872 lines
24 KiB

# Upgrade iRedMail from 0.5.1 to 0.6.0
## ChangeLog
> We provide remote upgrade service, check [the price](../support.html) and [contact us](../contact.html).
* 2010-06-19: Fixed: Add new column in MySQL database after upgarding PostfixAdmin.
* 2010-06-18: [OpenLDAP] New: Index missed LDAP attributes.
* 2010-06-03: Fixed: Forget to add new parameter to enable domain alias management in PostfixAdmin.
* 2010-06-02: Fixed: incorrect config file of phpLDAPadmin. Thanks billybons2006@forum.
* 2010-06-02: Fixed: incorrect PostfixAdmin config file. Thanks hata_ph@forum.
## General (All backends should apply these steps)
### Apply hotfix for iRedMail-0.5.1
* [Incorrect crontab job of vmail user](
* [iRedAdmin-0.1.1 (shipped in iRedMail-0.5.1): not all arguments converted during string formatting](
### Add missing MySQL table (Debian/Ubuntu only)
__Note__: This step is applicable to only Debian/Ubuntu.
You should manually import another MySQL table if you are using below distributions:
* Debian 5
* Ubuntu 8.04
* Ubuntu 9.04
$ mysql -uroot -p postfixpolicyd
mysql> SOURCE /usr/share/dbconfig-common/data/postfix-policyd/upgrade/mysql/1.73-1;
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON postfixpolicyd.* TO postfix-policyd@localhost;
mysql> quit;
It will create a new table `postfixpolicyd.blacklist_dnsname`. Used to block
emails sent from `blacklist_dnsname` in Policyd,
### Upgrade Roundcube webmail to 0.3.1
Roundcube-0.3.1 brings new features and better performance, all users are encouraged to upgrade it.
To upgrade roundcube to 0.3.1, we should:
* Backup current roundcube installation.
* Download roundcube source tarball: roundcubemail-0.3.1.tar.gz, and uncompress it.
* Copy it to apache server root directory.
* Upgrade SQL database.
* Replace symbol link by new version.
* Create new config files and synchronize settings from old configuration files.
* Enable necessary plugins.
* Restart apache web server
* [Next Step] Configure plugin (`managesieve`) to allow user to customize mail filter rule.
Steps to upgrade it:
* Backup current roundcube installation.
* We should backup roundcubemail database in MySQL. If upgrade failed, we can recovery it from this backup copy.
* Backing up installation files is not required since we won't move or override them during upgrade procedure.
$ mysqldump -uroot -p --default-character-set=utf8 roundcubemail > /opt/roundcubemail-old.sql
File `/opt/roundcubemail-old.sql` is the backup copy of current roundcubemail database.
* Download Roundcube 0.3.1: .
we assume you downloaded it to /root/ directory.
# cd /root/
# tar zxf roundcubemail-0.3.1.tar.gz
* Copy it to apache server root directory:
# ---- On RHEL/CentOS ----
# cp -rf /root/roundcubemail-0.3.1 /var/www/
# ---- On Debian/Ubuntu ----
# cp -rf /root/roundcubemail-0.3.1 /usr/share/apache2/
* Remove old symbol link, and create a new one:
# ---- On RHEL/CentOS ----
# cd /var/www/
# rm -i roundcubemail # Do not use command 'rm' with '-r' flag here.
# ln -s roundcubemail-0.3.1 roundcubemail
# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/
# rm -i roundcubemail
# ln -s roundcubemail-0.3.1 roundcubemail
* Upgrade SQL database.
# ---- On RHEL/CentOS ----
# mysql -uroot -p
mysql> USE roundcubemail;
mysql> SOURCE /var/www/roundcubemail/SQL/mysql.update.sql;
mysql> quit;
# ---- On Debian/Ubuntu ----
# mysql -uroot -p
mysql> USE roundcubemail;
mysql> SOURCE /usr/share/apache2/roundcubemail/SQL/mysql.update.sql;
mysql> quit;
* Create new config files and synchronize settings from old configuration files.
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/config/
# cp # Database config file.
# cp # Main config file.
# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/config/
# cp # Database config file.
# cp # Main config file.
Sync database config file `` with below config parameters:
# Part of file: roundcubemail/config/
$rcmail_config['db_dsnw'] =
Sync config parameters in main config file ``. Roundcube 0.3.1 has
some new config parameters in main config file ``, but you can use
most of them with default values. What we need to do is syncing config
parameters from old installation.
$rcmail_config['enable_installer'] = FALSE;
$rcmail_config['check_all_folders'] = TRUE;
$rcmail_config['default_host'] =
$rcmail_config['smtp_server'] =
$rcmail_config['smtp_user'] = "%u";
$rcmail_config['smtp_pass'] = "%p";
$rcmail_config['smtp_auth_type'] = "LOGIN";
$rcmail_config['username_domain'] =
$rcmail_config['language'] =
$rcmail_config['enable_spellcheck'] =
$rcmail_config['default_charset'] = "UTF-8";
$rcmail_config['useragent'] = "RoundCube WebMail";
$rcmail_config['create_default_folders'] = TRUE;
$rcmail_config['mime_param_folding'] = 1;
$rcmail_config['identities_level'] = 3;
$rcmail_config['preview_pane'] = TRUE;
$rcmail_config['quota_zero_as_unlimited'] = TRUE;
$rcmail_config['log_driver'] = "syslog";
$rcmail_config['syslog_id'] = "roundcube";
$rcmail_config['syslog_facility'] = LOG_MAIL;
$rcmail_config['log_logins'] = TRUE;
$rcmail_config['delete_always'] = TRUE;
# ---- Global LDAP Address Book ----
# You can simply copy from old config file.
* Enable necessary plugins.
Roundcube 0.3.1 officially ships some plugins, currently, we need two plugins:
`password`, `managesieve`. List them in main config file: ``.
# Part of file: roundcubemail/config/
$rcmail_config['plugins'] = array("password", "managesieve",);
Plugin name is same as folder name under `roundcubemail/plugins/` directory,
and we have to config plugins separately.
* Restart apache web server.
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart
# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart
* Apply two patches. About these two patches:
* Refer to this forum topic for more detail about patch for CVE-2010-0464: [ Security fix in Roundcube: Disable DNS prefetching. (CVE-2010-0464)]
* Patch `managesieve_rule_width_on_safari.patch` is used to fix page width in filter plugin, for Safari web browser.
Steps to patch your roundcube 0.3.1:
* On RHEL/CentOS:
# cd /tmp/
# wget
# wget
# cd /var/www/roundcubemail/
# patch -p0 < /tmp/roundcube-CVE-2010-0464.patch
# patch -p0 < /tmp/managesieve_rule_width_on_safari.patch
* On Debian/Ubuntu:
# cd /tmp/
# wget
# wget
# cd /usr/share/apache2/roundcubemail/
# patch -p0 < /tmp/roundcube-CVE-2010-0464.patch
# patch -p0 < /tmp/managesieve_rule_width_on_safari.patch
#### Configure plugin for mail filter rules: managesieve
Roundcube 0.3.1 officially ships a plugin to allow users to customize mail
filter rule: `managesieve`. To make it work, we should generate new config
file and config necessary parameters.
* Change current directory to plugin directory:
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/plugins/managesieve/
# cp
# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/plugins/managesieve/
# cp
* Configure plugin in ``:
# Part of file: roundcubemail/plugins/managesieve/
$rcmail_config['managesieve_port'] = 2000;
$rcmail_config['managesieve_host'] = "";
$rcmail_config['managesieve_usetls'] = false;
$rcmail_config['managesieve_default'] = "/var/vmail/sieve/dovecot.sieve";
* Make sure this plugin is enabled/listed in roundcube main config file: `roundcubemail/config/`.
# Part of file: roundcubemail/config/
$rcmail_config['plugins'] = array("password", "managesieve",);
### Upgrade phpMyAdmin to 2.11.10
phpMyAdmin doesn't require additional config, you can simply download new version
and copy old config file into new version.
* Download new version and uncompress it:
# cd /root/
# wget
# tar xjf phpMyAdmin-2.11.10-all-languages.tar.bz2
* Copy it to apache server root directory, remove old symbol link and create a
new one, copy old config file into new version:
# ---- On RHEL/CentOS ----
# cp -rf /root/phpMyAdmin-2.11.10-all-languages /var/www/
# cd /var/www/
# rm -i phpmyadmin
# ln -s phpMyAdmin-2.11.10-all-languages phpmyadmin
# cp phpMyAdmin-OLD-VERSION/ phpmyadmin/
# ---- On Debian/Ubuntu ----
# cp -rf /root/phpMyAdmin-2.11.10-all-languages /usr/share/apache2/
# cd /usr/share/apache2/
# rm -i phpmyadmin
# ln -s phpMyAdmin-2.11.10-all-languages phpmyadmin
# cp phpMyAdmin-OLD-VERSION/ phpmyadmin/
* It's recommended to restart apache web server:
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart
# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart
## OpenLDAP backend only
### Use newest schema file
NOTE: New LDAP schema provides several new attributes, but it's backwards
compatibility, it's __SAFE__ to replace the old one without additional operations.
To use the newest iRedMail ldap schem file, we have to:
* Download the newest iRedMail ldap schema file
* Copy old ldap schema file as a backup copy
* Replace the old one
* Restart OpenLDAP service.
Here we go:
* On RHEL/CentOS:
# cd /tmp
# wget
# cd /etc/openldap/schema/
# cp iredmail.schema iredmail.schema.bak
# mv -i /tmp/iredmail.schema /etc/openldap/schema/
# /etc/init.d/ldap restart
* On Debian/Ubuntu:
# cd /tmp
# wget
# cd /etc/ldap/schema/
# cp iredmail.schema iredmail.schema.bak
# mv -i /tmp/iredmail.schema /etc/ldap/schema/
# /etc/init.d/slapd restart
### Include Amavisd LDAP schema file in OpenLDAP
We're starting to provide better Amavisd integration in iRedMail, e.g.
per-user blacklist/whitelist, anti-spam and anti-virus settings.
Since Amavisd can read per-user settings which stored in LDAP, we have to
include Amavisd LDAP schema file in OpenLDAP.
NOTE: Amavisd LDAP schema file is installed in OpenLDAP schema directory during
installing Amavisd-new, so we don't need to copy/move it.
* On RHEL/CentOS, edit `/etc/openldap/slapd.conf` and append Amavisd schema
file before `iredmail.schema`:
# Part of file: /etc/openldap/slapd.conf
# Integrate Amavisd-new.
include /etc/openldap/schema/amavisd-new.schema
include /etc/openldap/schema/iredmail.schema
Restart OpenLDAP service to make it work:
# /etc/init.d/ldap restart
* On Debian/Ubuntu, edit `/etc/ldap/slapd.conf` and append Amavisd schema file before `iredmail.schema`:
# part of file: /etc/ldap/slapd.conf
# Integrate Amavisd-new.
include /etc/ldap/schema/amavis.schema
include /etc/ldap/schema/iredmail.schema
Restart OpenLDAP service to make it work:
# /etc/init.d/slapd restart
### Index missed attributes
We will search email address which stored in attribute `shadowAddress`, so make
sure you have `shadowAddress` indexed in OpenLDAP configure file like this:
# Part of file: slapd.conf
index shadowAddress eq,pres,sub
If `shadowAddress` already exists in `slapd.conf`, you don't need to do
additional operations. If you add them now, you have to initially index this
attribute manually now.
* Stop OpenLDAP service first.
# ---- On RHEL/CentOS ----
# /etc/init.d/ldap stop
# ---- On Debian/Ubuntu ----
# /etc/init.d/slapd stop
* Execute 'slapindex' to index all attributes:
# ---- On RHEL/CentOS ----
# slapindex -f /etc/openldap/slapd.conf
# ---- On Debian/Ubuntu ----
# slapindex -f /etc/ldap/slapd.conf
* Start OpenLDAP service now.
# ---- On RHEL/CentOS ----
# /etc/init.d/ldap start
# ---- On Debian/Ubuntu ----
# /etc/init.d/slapd start
### Add missing LDAP attribute/value
iRedMail-0.6.0 requires some more values of attribute `enabledService` and `objectClass`:
* enabledService=sieve
* enabledService=sievesecured
* enabledService=internal
* objectClass=amavisAccount
Both `enabledService=sieve` and `enabledService=sievesecured` are used in
Dovecot-1.2.x, for builtin managesieve service. `enabledService=internal` is
used for shared IMAP folder. `objectClass=amavisAccount` is used for
Amavisd-new integration, for example, per-user anti-spam settings, anti-virus
* Download python script used to adding missing values.
# cd /root/
# wget
* Open ``, config below parameters in file head:
# Part of file:
uri = 'ldap://'
basedn = 'o=domains,dc=iredmail,dc=org'
bind_dn = 'cn=vmailadmin,dc=iredmail,dc=org'
bind_pw = 'passwd'
You can find required LDAP credential in iRedAdmin config file or ``
file under your iRedMail installation directory. Using either
`cn=Manager,dc=xx,dc=xx` or `cn=vmailadmin,dc=xx,dc=xx` as bind dn is ok.
* Execute this script, it will add missing values for mail accounts:
# python
### Add `shadowAddress` support for mail alias
* Update postfix mysql lookup file: `/etc/postfix/`:
# Part of file: /etc/postfix/
query_filter = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
# - Added: shadowAddress=%s
# - Removed: objectClass=mailList. It's impossible to add shadow address support for mail list.
query_filter = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
Note: We add `shadowAddress` support for mail alias here, and remove
`shadowAddress` support for mail list. Because mail list doesn't support this
### Add catch-all account support
NOTE: This is required by iRedAdmin-Pro-1.2.0.
* Change your postfix setting in `/etc/postfix/`:
# Part of file: /etc/postfix/
virtual_alias_maps =
proxy:ldap:/etc/postfix/, # <-- Add this line.
proxy:ldap:/etc/postfix/ # <-- Add this line.
* File `/etc/postfix/` already exists by default, so
what you need to do is adding new file: `/etc/postfix/`.
# File: /etc/postfix/
# WARNING: Please REPLACE bind_dn, bind_pw, search_base below, you can find
# them in /etc/postfix/ldap_*.cf.
server_host =
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,dc=iredmail,dc=org
bind_pw = JnvF4UQheMdImdXYnRVEgKpsdCXJy3
search_base = domainName=%d,o=domains,dc=iredmail,dc=org
scope = sub
query_filter = (&(objectClass=mailUser)(accountStatus=active)(mail=@%d))
result_attribute= mailForwardingAddress
debuglevel = 0
* Restart postfix service to make it work.
```# /etc/init.d/postfix restart```
### Roundcube Webmail plugin: change password stored in OpenLDAP
Password plugin which officially shipped in Roundcubemail-0.3.1 requires php-pear and Net_LDAP2, so we have to:
* Generate a new config file and config necessary parameters.
* Force upgrade php-pear to support password plugin on RHEL/CentOS 5 (Not required on Debian/Ubuntu)
* Install php-mhash to provide hash algorithms such as MD5, SHA1, GOST, and many others. (Not required on Debian/Ubuntu)
* Install php pear package: Net_LDAP2.
* Restart Apache web service.
* Generate a new config file:
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/plugins/password/
# cp
# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/plugins/password/
# cp
* Config it:
# Part of file: roundcubemail/plugins/password/
$rcmail_config['password_driver'] = "ldap";
$rcmail_config['password_confirm_current'] = true;
$rcmail_config['password_minimum_length'] = 6;
$rcmail_config['password_require_nonalpha'] = false;
$rcmail_config['password_ldap_host'] = "";
$rcmail_config['password_ldap_port'] = "389";
$rcmail_config['password_ldap_starttls'] = false;
$rcmail_config['password_ldap_version'] = "3";
$rcmail_config['password_ldap_basedn'] = "o=domains,dc=iredmail,dc=org"; # REPLACE THIS BY YOUR OWN BASE DN
$rcmail_config['password_ldap_method'] = "user";
$rcmail_config['password_ldap_adminDN'] = "null";
$rcmail_config['password_ldap_adminPW'] = "null";
$rcmail_config['password_ldap_userDN_mask'] = "mail=%login,ou=Users,domainName=%domain,o=domains,dc=iredmail,dc=org";
$rcmail_config['password_ldap_encodage'] = "ssha";
$rcmail_config['password_ldap_pwattr'] = "userPassword";
$rcmail_config['password_ldap_force_replace'] = false;
* Upgrade php-pear and install pear package: Net_LDAP2.
# ---- On RHEL/CentOS ----
# pear upgrade --force pear
# pear install Net_LDAP2
# yum install php-mhash # Please make sure you have iRedMail yum repository enabled.
# /etc/init.d/httpd restart # Restart Apache web service.
# ---- On Debian/Ubuntu ----
# pear install Net_LDAP2
# /etc/init.d/apache2 restart # Restart Apache web service.
### Upgrade phpLDAPadmin to
phpLDAPadmin doesn't require additional config, you can simply download new
version and copy sample config file to make it work.
* Download new version and uncompress it:
# cd /root/
# wget
# tar zxf phpldapadmin-
* Copy it to apache server root directory, remove old symbol link and create
a new one, copy old config file into new version:
# ---- On RHEL/CentOS ----
# cp -rf /root/phpldapadmin- /var/www/
# cd /var/www/
# rm -i phpldapadmin
# ln -s phpldapadmin- phpldapadmin
# cd phpldapadmin/config/
# cp config.php.example config.php
# ---- On Debian/Ubuntu ----
# cp -rf /root/phpldapadmin- /usr/share/apache2/
# cd /usr/share/apache2/
# rm -i phpldapadmin
# ln -s phpldapadmin- phpldapadmin
# cd phpldapadmin/config/
# cp config.php.example config.php
* Edit config file to hide template warning messages: `phpldapadmin/config/config.php`.
# Part of file: phpldapadmin/config/config.php
# Search 'hide_template_warning' in config file, uncomment below line, and change value to 'true'.
$config->custom->appearance['hide_template_warning'] = true;
* It's recommended to restart apache web server:
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart
# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart
## MySQL backend only
### Add missing SQL columns in `vmail.mailbox`
iRedMail-0.6.0 adds a new SQL column in `vmail.mailbox` table: `enableinternal`.
This is used in Dovecot, e.g. shared IMAP folders, etc.
$ mysql -uroot -p
mysql> USE vmail;
mysql> ALTER TABLE mailbox ADD COLUMN enableinternal TINYINT(1) NOT NULL DEFAULT '1';
mysql> quit;
### Domain alias support
Note: You can use PostfixAdmin-2.3 to manage domain alias. iRedAdmin-Pro for
MySQL backend will support this feature later.
* Save below lines in temporary file: `/tmp/upgrade_iredmail.sql`:
`alias_domain` varchar(255) NOT NULL,
`target_domain` varchar(255) NOT NULL,
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`alias_domain`),
KEY `active` (`active`),
KEY `target_domain` (`target_domain`)
* Import missing MySQL table in `vmail` database with above temporary file:
# mysql -uroot -p
mysql> USE vmail;
mysql> SOURCE /tmp/upgrade_iredmail.sql;
* Update postfix config in `/etc/postfix/`.
# Part of file: /etc/postfix/
# ---- OLD SETTING ----
virtual_alias_maps = proxy:mysql:/etc/postfix/
# ---- NEW SETTING ----
virtual_alias_maps =
* Add new file: `/etc/postfix/`.
# File: /etc/postfix/
# WARNING: REPLACE password below. You can find it in /etc/postfix/mysql_*.cf.
user = vmail
hosts = localhost
port = 3306
dbname = vmail
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND = 1 AND'1'
### Roundcube Webmail plugin: change password
* Generate a new config file:
# ---- On RHEL/CentOS ----
# cd /var/www/roundcubemail/plugins/password/
# cp
# ---- On Debian/Ubuntu ----
# cd /usr/share/apache2/roundcubemail/plugins/password/
# cp
* Config it:
# Part of file: roundcubemail/plugins/password/
$rcmail_config['password_driver'] = "sql";
$rcmail_config['password_confirm_current'] = true;
$rcmail_config['password_minimum_length'] = 6;
$rcmail_config['password_require_nonalpha'] = false;
$rcmail_config['password_db_dsn'] = 'mysqli://roundcube:REPLACE_YOUR_PASSWORD_HERE@localhost/vmail';
$rcmail_config['password_query'] = 'UPDATE vmail.mailbox SET password=%c,modified=NOW() WHERE username=%u LIMIT 1';
$rcmail_config['password_hash_algorithm'] = 'md5crypt';
$rcmail_config['password_hash_base64'] = false;
### Upgrade PostfixAdmin to 2.3
To upgrade PostfixAdmin to 2.3, we should:
* Download and uncompress new version.
* Copy new version to apache server root directory.
* Copy config file from old version.
* Add new column in MySQL database.
* Restart apache web server. (Optional, but is recommended.)
* Download and uncompress new version:
# cd /root/
# wget
# tar zxf postfixadmin_2.3.tar.gz
* Copy new version to apache server root directory, create new symbol link and copy old config file:
# ---- On RHEL/CentOS ----
# cp -rf /root/postfixadmin-2.3 /var/www/
# cd /var/www/
# cp postfixadmin/config.local.php postfixadmin-2.3/
# rm -i postfixadmin
# ln -s postfixadmin-2.3 postfixadmin
# ---- On Debian/Ubuntu ----
# cp -rf /root/postfixadmin-2.3 /usr/share/apache2/
# cd /usr/share/apache2/
# cp postfixadmin/config.local.php postfixadmin-2.3/
# rm -i postfixadmin
# ln -s postfixadmin-2.3 postfixadmin
* Add one more parameter in `postfixadmin/config.local.php` to enable domain alias management:
# Part of file: postfixadmin/config.local.php
$CONF['alias_domain'] = 'YES';
* Add new column in MySQL database.
# mysql -uroot -p
mysql> USE vmail;
mysql> ALTER TABLE mailbox ADD local_part VARCHAR(255) NOT NULL DEFAULT '';
mysql> UPDATE mailbox SET local_part = substring_index(username, '@', 1);
* Restart apache web server.
# ---- On RHEL/CentOS ----
# /etc/init.d/httpd restart
# ---- On Debian/Ubuntu ----
# /etc/init.d/apache2 restart