My favorites | Sign in
Project Home Downloads Wiki Issues Source
Search
for
Upgrade_032_040  
Upgrade Guide: 0.32 => 0.4.0
Updated Oct 27, 2010 by michaelb...@gmail.com

WARNING: This page is still being worked on, please do NOT apply it to your server now.

Fixed

  • Fix crontab job error which used to punge expired mails. Thanks xcrossbow@gmail. 
    • #### Run this shell command ####
# crontab -e -u root

#### Change 'dovecot' to '/usr/sbin/dovecot' (absolute path) ###
1   5   *   *   *   /usr/sbin/dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool
  • Fix incorrect crontab job for vmail user. Thanks xcrossbow@gmail. 
    • # crontab -e -u vmail

1   5   *   *   *   find /var/virusmails -ctime +30 | xargs rm -rf {}
  • Fix incorrect parameters in /etc/postfix/ldap_XXX.cf (WARNING: Backup them before you modify).

Incorrect Correct
debug_level debuglevel

You can use this command to correct them automatic: 
# perl -pi -e 's#(.*)debug_level(.*)#${1}debuglevel${2}#' /etc/postfix/ldap_*

Components Update and Migration

Postfix

  • Postfix was update to 2.5.6, please backup main config files before you update it (we assume you backup them to /opt/backup/): 
    • # cp -rfp /etc/postfix/ /opt/backup/
# yum update postfix
  • Parameters changed (Restart postfix to make it work):
    • Set maximal_queue_lifetime and bounce_queue_lifetime to '1d'. Thanks muniao@gmail.
    • Reduce postfix queue run retry time to '300s'.
    • Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses. 
      • # postconf -e maximal_queue_lifetime='1d'
# postconf -e bounce_queue_lifetime='1d'

# postconf -e queue_run_delay='300s'
# postconf -e minimal_backoff_time='300s'
# postconf -e maximal_backoff_time='1800s'

# postconf -e disable_vrfy_command='yes'
  • Reduce spam. Add one more pcre expression for smtpd helo restriction to block client which use dynamic ip address. Thanks muniao@gmail. 
    • # File: /etc/postfix/helo_access.pcre

/\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}/   REJECT Go away  (dynamic).

TODO: OpenLDAP

In iRedMail 0.4.0+, LDAP schema was changed, several attributes were merged:

OLD NEW Comment
enableMailService: yes enabledService: mail
enableSMTP: yes enabledService: smtp
enablePOP3: yes enabledService: pop3
enableIMAP: yes enabledService: imap
enableDELIVER: yes enabledService: deliver
enableFTPService: yes enabledService: ftp This attribute is not used yet.
enableIMService: yes enabledService: im This attribute is not used yet.

Step-by-Step migration tutorial:

  1. Export all users via:
    • phpLDAPadmin
    • slapcat 
      • ##### Dump all virtual domains and users #####
# slapcat -b 'o=domains,dc=iredmail,dc=org' -a '(|(objectClass=mailUser)(objectClass=mailDomain))' > all.ldif

##### BACKUP! BACKUP! BACKUP! #####
# cp all.ldif all.ldif.orig
  2. Change attributes and values: 
    3. # perl -pi -e 's#enableMailService: yes#enabledService: mail#' all.ldif
# perl -pi -e 's#enableSMTP: yes#enabledService: smtp#' all.ldif
# perl -pi -e 's#enablePOP3: yes#enabledService: pop3#' all.ldif
# perl -pi -e 's#enableIMAP: yes#enabledService: imap#' all.ldif
# perl -pi -e 's#enableDELIVER: yes#enabledService: deliver#' all.ldif
# perl -pi -e 's#enableFTPService: yes#enabledService: ftp#' all.ldif
# perl -pi -e 's#enableIMService: yes#enabledService: im#' all.ldif
  3. Delete all entries: 
    4. ##### Dump all dn of virtual domains and users. #####
# ldapsearch -x \
    -b 'o=domains,dc=iredmail,dc=org' \
    -s sub \
    -D 'cn=Manager,dc=iredmail,dc=org' \
    -W \
    "(|(objectClass=mailUser)(objectClass=mailDomain))" dn | \
    grep '^dn:' | awk '{print $2}' | grep -v '^domainName' | sort -r > dn.del.list

##### WARNING: Be sure you have a valid LDIF copy. #####
# ldapdelete -x -D 'cn=Manager,dc=iredmail,dc=org' -W -f dn.del.list
  4. Use schema file in iRedMail-0.4.0 (samples/iredmail.schema) to replace old file: 
    5. # cp -f iRedMail-0.4.0/samples/iredmail.schema /etc/openldap/schema/
  5. Restart ldap service: 
    6. # /etc/init.d/ldap restart
  6. Re-import LDIF data: 
    7. # ldapadd -x -D 'cn=Manager,dc=iredmail,dc=org' -W -f all.ldif
  7. Change ldap search filter in all ldap enabled service:
    • Dovecot: /etc/dovecot-ldap.conf 
      • user_filter     = (&(mail=%u)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls))
    • Postfix:
      • /etc/postfix/ldap_virtual_mailbox_domains.cf 
        • query_filter    = (&(objectClass=mailDomain)(domainName=%s)(domainStatus=active)(enabledService=mail))
      • /etc/postfix/ldap_sender_login_maps.cf 
        • query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=smtp))
      • /etc/postfix/ldap_accounts.cf 
        • query_filter    = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail))
      • /etc/postfix/ldap_virtual_mailbox_maps.cf 
        • query_filter    = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver))
      • /etc/postfix/ldap_sender_bcc_maps_user.cf 
        • query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail))
      • /etc/postfix/ldap_sender_bcc_maps_domain.cf 
        • query_filter    = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail))
      • /etc/postfix/ldap_virtual_alias_maps.cf 
        • query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail))
      • /etc/postfix/ldap_recipient_bcc_maps_user.cf 
        • query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail))
      • /etc/postfix/ldap_recipient_bcc_maps_domain.cf 
        • query_filter    = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail))
      • /etc/postfix/ldap_recipient_bcc_maps_user.cf 
        • query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail))
    • Roundcube global ldap address book: /var/www/roundcubemail-x.y.z/config/main.inc.php 
      •     'filter'        => "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=deliver))",
    • Change ldap password plugin in SquirrelMail: /var/www/squirrelmail-x.y.z/plugins/change_ldappass/config.php 
      • $ldap_filter = "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))";

Apache

  • Add Directory container to disable autoindex feature in webmail directory.
  • Make web-based admin consoles access via https only.
    • File: /etc/httpd/conf.d/horde.conf 
      • # Add '-Indexes' after 'FollowSymLinks'.
<Directory /var/www/html/horde>
    Options +FollowSymLinks -Indexes
    • File: /etc/httpd/conf.d/phpldapadmin.conf 
      • # Comment below lines, make it can't access via http://.
#Alias /phpldapadmin "/var/www/phpldapadmin-1.1.0.6/"
#Alias /ldap "/var/www/phpldapadmin-1.1.0.6/"

# Add below lines.
<Directory "/var/www/phpldapadmin-1.1.0.6/">
    Options -Indexes
</Directory>
    • File: /etc/httpd/conf.d/phpmyadmin.conf 
      • # Comment below lines, make it can't access via http://.
#Alias /phpmyadmin "/var/www/phpMyAdmin-2.11.9.4-all-languages/"

# Add below lines.
<Directory "/var/www/phpMyAdmin-2.11.9.4-all-languages/">
    Options -Indexes
</Directory>
    • File: /etc/httpd/conf.d/postfixadmin.conf 
      • # Comment below lines, make it can't access via http://.
#Alias /postfixadmin "/var/www/postfixadmin-2.2.1.1/"
    • File: /etc/httpd/conf.d/roundcubemail.conf 
      • # Add below lines.
<Directory "/var/www/roundcubemail-0.2-stable/">
    Options -Indexes
</Directory>
    • File: /etc/httpd/conf.d/roundcubemail.conf 
      • # Add below lines.
<Directory "/var/www/squirrelmail-1.4.17/">
    Options -Indexes
</Directory>
    • File: /etc/httpd/conf.d/ssl.conf 
      • # Add below lines before '</VirtualHost>' mark, make all web-based
# programs can access via https://.

Alias /squirrelmail /var/www/squirrelmail-1.4.17/
Alias /squirrel /var/www/squirrelmail-1.4.17/
Alias /mail /var/www/roundcubemail-0.2-stable/
Alias /webmail /var/www/roundcubemail-0.2-stable/
Alias /roundcube /var/www/roundcubemail-0.2-stable/
Alias /phpldapadmin /var/www/phpldapadmin-1.1.0.6/
Alias /ldap /var/www/phpldapadmin-1.1.0.6/
Alias /phpmyadmin /var/www/phpMyAdmin-2.11.9.4-all-languages/

phpLDAPadmin

  • Update phpLDAPadmin to 1.1.0.6.
    1. Backup old version (we assume you backup it to /opt/backup/). 
      2. # cp -rfp /var/www/phpldapadmin-1.1.0.5/ /opt/backup/
    2. Extract new version to /var/www/: 
      3. # tar zxf phpldapadmin-1.1.0.6.tar.gz -C /var/www/
    3. Set file permission: 
      4. # chown -R root:root /var/www/phpldapadmin-1.1.0.6/
# chmod -R 0755 /var/www/phpldapadmin-1.1.0.6/
    4. Update /etc/httpd/conf.d/ssl.conf, replace the version number: 
      5. Alias /phpldapadmin "/var/www/phpldapadmin-1.1.0.6/"
Alias /ldap "/var/www/phpldapadmin-1.1.0.6/"
    5. Restart Apache: 
      6. # /etc/init.d/httpd restart

TODO: Roundcube webmail

Roundcube webmail was upgrade to 0.2-stable.

TODO:

  • Upgrade SQL structure.
  • Update roundcube-0.2-stable
  • Apply patches.

Powered by Google Project Hosting