|
WARNING: This page is still being worked on, please do NOT apply it to your server now. Fixed- Fix crontab job error which used to punge expired mails. Thanks xcrossbow@gmail.
#### Run this shell command ####
# crontab -e -u root
#### Change 'dovecot' to '/usr/sbin/dovecot' (absolute path) ###
1 5 * * * /usr/sbin/dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool - Fix incorrect crontab job for vmail user. Thanks xcrossbow@gmail.
# crontab -e -u vmail
1 5 * * * find /var/virusmails -ctime +30 | xargs rm -rf {}- Fix incorrect parameters in /etc/postfix/ldap_XXX.cf (WARNING: Backup them before you modify).
| Incorrect | Correct | | debug_level | debuglevel |
You can use this command to correct them automatic:
# perl -pi -e 's#(.*)debug_level(.*)#${1}debuglevel${2}#' /etc/postfix/ldap_* Components Update and MigrationPostfix- Postfix was update to 2.5.6, please backup main config files before you update it (we assume you backup them to /opt/backup/):
# cp -rfp /etc/postfix/ /opt/backup/
# yum update postfix - Parameters changed (Restart postfix to make it work):
- Set maximal_queue_lifetime and bounce_queue_lifetime to '1d'. Thanks muniao@gmail.
- Reduce postfix queue run retry time to '300s'.
- Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.
# postconf -e maximal_queue_lifetime='1d'
# postconf -e bounce_queue_lifetime='1d'
# postconf -e queue_run_delay='300s'
# postconf -e minimal_backoff_time='300s'
# postconf -e maximal_backoff_time='1800s'
# postconf -e disable_vrfy_command='yes' - Reduce spam. Add one more pcre expression for smtpd helo restriction to block client which use dynamic ip address. Thanks muniao@gmail.
# File: /etc/postfix/helo_access.pcre
/\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}/ REJECT Go away (dynamic).TODO: OpenLDAPIn iRedMail 0.4.0+, LDAP schema was changed, several attributes were merged: | OLD | NEW | Comment | | enableMailService: yes | enabledService: mail | | | enableSMTP: yes | enabledService: smtp | | | enablePOP3: yes | enabledService: pop3 | | | enableIMAP: yes | enabledService: imap | | | enableDELIVER: yes | enabledService: deliver | | | enableFTPService: yes | enabledService: ftp | This attribute is not used yet. | | enableIMService: yes | enabledService: im | This attribute is not used yet. |
Step-by-Step migration tutorial: - Export all users via:
##### Dump all virtual domains and users #####
# slapcat -b 'o=domains,dc=iredmail,dc=org' -a '(|(objectClass=mailUser)(objectClass=mailDomain))' > all.ldif
##### BACKUP! BACKUP! BACKUP! #####
# cp all.ldif all.ldif.orig - Change attributes and values:
# perl -pi -e 's#enableMailService: yes#enabledService: mail#' all.ldif
# perl -pi -e 's#enableSMTP: yes#enabledService: smtp#' all.ldif
# perl -pi -e 's#enablePOP3: yes#enabledService: pop3#' all.ldif
# perl -pi -e 's#enableIMAP: yes#enabledService: imap#' all.ldif
# perl -pi -e 's#enableDELIVER: yes#enabledService: deliver#' all.ldif
# perl -pi -e 's#enableFTPService: yes#enabledService: ftp#' all.ldif
# perl -pi -e 's#enableIMService: yes#enabledService: im#' all.ldif - Delete all entries:
##### Dump all dn of virtual domains and users. #####
# ldapsearch -x \
-b 'o=domains,dc=iredmail,dc=org' \
-s sub \
-D 'cn=Manager,dc=iredmail,dc=org' \
-W \
"(|(objectClass=mailUser)(objectClass=mailDomain))" dn | \
grep '^dn:' | awk '{print $2}' | grep -v '^domainName' | sort -r > dn.del.list
##### WARNING: Be sure you have a valid LDIF copy. #####
# ldapdelete -x -D 'cn=Manager,dc=iredmail,dc=org' -W -f dn.del.list- Use schema file in iRedMail-0.4.0 (samples/iredmail.schema) to replace old file:
# cp -f iRedMail-0.4.0/samples/iredmail.schema /etc/openldap/schema/ - Restart ldap service:
# /etc/init.d/ldap restart - Re-import LDIF data:
# ldapadd -x -D 'cn=Manager,dc=iredmail,dc=org' -W -f all.ldif - Change ldap search filter in all ldap enabled service:
- Dovecot: /etc/dovecot-ldap.conf
user_filter = (&(mail=%u)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls)) - Postfix:
- /etc/postfix/ldap_virtual_mailbox_domains.cf
query_filter = (&(objectClass=mailDomain)(domainName=%s)(domainStatus=active)(enabledService=mail)) - /etc/postfix/ldap_sender_login_maps.cf
query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=smtp)) - /etc/postfix/ldap_accounts.cf
query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail)) - /etc/postfix/ldap_virtual_mailbox_maps.cf
query_filter = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)) - /etc/postfix/ldap_sender_bcc_maps_user.cf
query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)) - /etc/postfix/ldap_sender_bcc_maps_domain.cf
query_filter = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail)) - /etc/postfix/ldap_virtual_alias_maps.cf
query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)) - /etc/postfix/ldap_recipient_bcc_maps_user.cf
query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)) - /etc/postfix/ldap_recipient_bcc_maps_domain.cf
query_filter = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail)) - /etc/postfix/ldap_recipient_bcc_maps_user.cf
query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)) - Roundcube global ldap address book: /var/www/roundcubemail-x.y.z/config/main.inc.php
'filter' => "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=deliver))", - Change ldap password plugin in SquirrelMail: /var/www/squirrelmail-x.y.z/plugins/change_ldappass/config.php
$ldap_filter = "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))";
Apache- Add Directory container to disable autoindex feature in webmail directory.
- Make web-based admin consoles access via https only.
- File: /etc/httpd/conf.d/horde.conf
# Add '-Indexes' after 'FollowSymLinks'.
<Directory /var/www/html/horde>
Options +FollowSymLinks -IndexesFile: /etc/httpd/conf.d/phpldapadmin.conf # Comment below lines, make it can't access via http://.
#Alias /phpldapadmin "/var/www/phpldapadmin-1.1.0.6/"
#Alias /ldap "/var/www/phpldapadmin-1.1.0.6/"
# Add below lines.
<Directory "/var/www/phpldapadmin-1.1.0.6/">
Options -Indexes
</Directory>File: /etc/httpd/conf.d/phpmyadmin.conf # Comment below lines, make it can't access via http://.
#Alias /phpmyadmin "/var/www/phpMyAdmin-2.11.9.4-all-languages/"
# Add below lines.
<Directory "/var/www/phpMyAdmin-2.11.9.4-all-languages/">
Options -Indexes
</Directory>File: /etc/httpd/conf.d/postfixadmin.conf # Comment below lines, make it can't access via http://.
#Alias /postfixadmin "/var/www/postfixadmin-2.2.1.1/" File: /etc/httpd/conf.d/roundcubemail.conf # Add below lines.
<Directory "/var/www/roundcubemail-0.2-stable/">
Options -Indexes
</Directory>File: /etc/httpd/conf.d/roundcubemail.conf # Add below lines.
<Directory "/var/www/squirrelmail-1.4.17/">
Options -Indexes
</Directory>File: /etc/httpd/conf.d/ssl.conf # Add below lines before '</VirtualHost>' mark, make all web-based
# programs can access via https://.
Alias /squirrelmail /var/www/squirrelmail-1.4.17/
Alias /squirrel /var/www/squirrelmail-1.4.17/
Alias /mail /var/www/roundcubemail-0.2-stable/
Alias /webmail /var/www/roundcubemail-0.2-stable/
Alias /roundcube /var/www/roundcubemail-0.2-stable/
Alias /phpldapadmin /var/www/phpldapadmin-1.1.0.6/
Alias /ldap /var/www/phpldapadmin-1.1.0.6/
Alias /phpmyadmin /var/www/phpMyAdmin-2.11.9.4-all-languages/ phpLDAPadmin- Update phpLDAPadmin to 1.1.0.6.
- Backup old version (we assume you backup it to /opt/backup/).
# cp -rfp /var/www/phpldapadmin-1.1.0.5/ /opt/backup/ - Extract new version to /var/www/:
# tar zxf phpldapadmin-1.1.0.6.tar.gz -C /var/www/ - Set file permission:
# chown -R root:root /var/www/phpldapadmin-1.1.0.6/
# chmod -R 0755 /var/www/phpldapadmin-1.1.0.6/ - Update /etc/httpd/conf.d/ssl.conf, replace the version number:
Alias /phpldapadmin "/var/www/phpldapadmin-1.1.0.6/"
Alias /ldap "/var/www/phpldapadmin-1.1.0.6/" - Restart Apache:
# /etc/init.d/httpd restart
TODO: Roundcube webmailRoundcube webmail was upgrade to 0.2-stable. TODO: - Upgrade SQL structure.
- Update roundcube-0.2-stable
- Apply patches.
|
