Upgrade_040_050

Upgrade Guide: 0.4.0 => 0.5.0

Updated Aug 24, 2009 by michaelb...@gmail.com

Issues Fixed & Notify
Improvements and Updates

Apache
PHP
MySQL backend special
OpenLDAP backend special
Postfix
Dovecot
Roundcube webmail
Disclaimer

For any issue before or after upgrade, please go to our forum for help: http://www.iredmail.org/forum/

Issues Fixed & Notify

LDAP backend only: Remove unnecessary ldap lookup in postfix (2009.07.26):

### Remove ldap_virtual_mailbox_maps.cf in virtual_mailbox_maps.
# virtual_mailbox_maps = ldap:/etc/postfix/ldap_accounts.cf, ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_accounts.cf

Fixed: sa-update cron job.

# chmod 0644 /etc/cron.d/sa-update

Fixed: different timezone in log file. Copy /etc/localtime to /var/spool/postfix/etc/ solves this issue:

# cp /etc/localtime /var/spool/postfix/etc/

Reference: Confusing timestamp in /var/log/secure (UTC time instead of localtime)

WARNING: Horde webmail was removed. Users want to migrate to Roundcube webmail please go to our forum for help.

LDAP backend only: 'userPassword' and 'accountStatus' are optional for objectclass 'mailAdmin' (2008.03.25). Please use the newest schema file to replace the old one:

Backup old schema file (we assume you backup it to /opt/backup/ directory):

# cp /etc/openldap/schema/iredmail.schema /opt/backup/

Use new version to replace the old one:

# cd /tmp/
# wget http://iredmail.googlecode.com/svn/trunk/iRedMail/samples/iredmail.schema
# rm -f /etc/openldap/schema/iredmail.schema
# mv /tmp/iredmail.schema /etc/openldap/schema/
# /etc/init.d/ldap restart

LDAP backend only: attribute 'domainStatus' is deprecated.

Replace old schema file (/etc/openldap/schema/iredmail.schema) by the new one, and then restart openldap service.
Add new attribute 'accountStatus' for each mail domain with phpLDAPadmin or other LDAP admin tool.
Change below files to use 'accountStatus' instead.

/etc/postfix/ldap_virtual_mailbox_domains.cf
/etc/postfix/ldap_relay_domains.cf
/etc/postfix/ldap_transport_maps.cf
/etc/postfix/ldap_recipient_bcc_maps_domain.cf
/etc/postfix/ldap_sender_bcc_maps_domain.cf

Send mail to exist mail user and make sure 'accountStatus' works for you.
Delete attribute 'domainStatus' in each domain.

LDAP backend only: Fixed OpenLDAP ACL (2009.03.23). Edit /etc/openldap/slapd.conf, add several lines like below:

#
# Allow users to access their own domain subtree.
#
access to dn.regex="domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=iredmail,dc=org"   read
    by dn.exact="cn=vmailadmin,dc=iredmail,dc=org"  write
    by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=iredmail,dc=org$" read
    by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=iredmail,dc=org$" read     # <-- Add this line.
    by users                        none

#
# Enable vmail/vmailadmin. 
#
access to dn.subtree="o=domains,dc=iredmail,dc=org"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=iredmail,dc=org"   read
    by dn.exact="cn=vmailadmin,dc=iredmail,dc=org"  write
    by dn.regex="mail=[^,]+,domainName=$1,o=domains,dc=iredmail,dc=org$" read
    by users                        read

########################################################
################# Add below lines ######################
########################################################
access to dn.subtree="o=domainAdmins,dc=iredmail,dc=org"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=iredmail,dc=org"  read
    by dn.exact="cn=vmailadmin,dc=iredmail,dc=org"  write
    by users                        none

Fixed pysieved config file ownership. 2009.03.18

# chown vmail:vmail /etc/pysieved.ini
# /etc/init.d/pysieved restart

Improvements and Updates

Apache

Add /var/www/html/robots.txt file to disallow search engines. Content:

User-agent: *
Disallow: /mail
Disallow: /webmail
Disallow: /roundcube
Disallow: /phpldapadmin
Disallow: /ldap
Disallow: /mysql
Disallow: /phpmyadmin
Disallow: /awstats

PHP

Set disable_functions in /etc/php.ini:

disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, proc_open

Thanks david(at)knapp(dot)org.

MySQL backend special

Add column to set mail storage base directory.

Warning: Please replace '/home/vmail' below to fit your environment.
# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox ADD COLUMN storagebasedirectory VARCHAR(255) DEFAULT '/home/vmail';

Alter vmail.enablesieve to vmail.enablemanagesieve:

# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox CHANGE COLUMN enablesieve enablemanagesieve TINYINT(1);

Due to this change, you have to add one more parameter in /etc/pysieved.ini:

# ... skip some lines ...

[Dovecot]
service = managesieve

# ... skip some lines ...

Add extra column(s) in vmail.mailbox table:

# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox ADD COLUMN employeeid VARCHAR(255) DEFAULT NULL;
mysql> ALTER TABLE mailbox ADD COLUMN lastlogindate DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00';
mysql> ALTER TABLE mailbox ADD COLUMN lastloginprotocol CHAR(255) NOT NULL DEFAULT '';

OpenLDAP backend special

Add one more attribute 'forward' in mail forwarding address lookup: /etc/postfix/ldap_virtual_alias_maps.cf.

query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=forward))

Add more attributes to index in /etc/openldap/slapd.conf:

index domainAdmin,domainGlobalAdmin,domainBackupMX    eq,pres
index listAllowedUser,accessPolicy eq,pres
index memberOfGroup eq,pres

After you added above line, please stop openldap and run 'slapindex' in database directory:
# /etc/init.d/ldap stop
# cd /var/lib/ldap/iredmail.org/
# slapindex
# chown ldap:ldap *
# /etc/init.d/ldap start

Postfix

LDAP backend only: Mail group/list implemented of LDAP is changed.

mailUser has a new attribute: memberOfGroup, used to store group name (a valid email address).

Mail group lookup maps in postfix must be changed too. modify your /etc/postfix/main.cf:

virtual_alias_maps =
    ldap:/etc/postfix/ldap_virtual_alias_maps.cf,
    ldap:/etc/postfix/ldap_virtual_group_maps.cf    # Add this lookup file.

Create /etc/postfix/ldap_virtual_group_maps.cf:

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=iredmail,dc=org
bind_pw         = KrxIkebDaRWb81yHdetBPt0UXC6NVZ
search_base     = domainName=%d,o=domains,dc=iredmail,dc=org
scope           = sub
query_filter    = (&(memberOfGroup=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=deliver))
result_attribute= mail
debuglevel      = 0

Remove (objectClass=mailList) in query_filter line in /etc/postfix/ldap_virtual_alias_maps.cf:

#query_filter    = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
query_filter    = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))

LDAP backend only: Add bcc control in bcc lookup:

Warning: Do NOT forget to add 'enabledService=senderbcc' and 'enabledService=recipientbcc' for all domains/users allowed bcc feature.

File: /etc/postfix/ldap_sender_bcc_maps_domain.cf.

query_filter    = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail)(enabledService=senderbcc))

File: /etc/postfix/ldap_recipient_bcc_maps_domain.cf.

query_filter    = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail)(enabledService=recipientbcc))

File: /etc/postfix/ldap_sender_bcc_maps_user.cf.

query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))

File: /etc/postfix/ldap_recipient_bcc_maps_user.cf.

query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))

Add backup mx control in domain lookup file:

For MySQL backend: /etc/postfix/mysql_virtual_mailbox_domains.cf

query       = SELECT domain FROM domain WHERE domain='%s' AND backupmx='0' AND active='1' AND expired >= NOW()

For OpenLDAP backend: /etc/postfix/ldap_virtual_mailbox_domains.cf

query_filter    = (&(objectClass=mailDomain)(domainName=%s)(!(domainBackupMX=yes))(domainStatus=active)(enabledService=mail))

LDAP backend only: Add group mail and alias support for openldap backend, you have to change virtual alias lookup file: /etc/postfix/ldap_virtual_alias_maps.cf.

search_base     = domainName=%d,o=domains,dc=iredmail,dc=org
scope           = sub
query_filter    = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
result_attribute= mailForwardingAddress

Dovecot

Warning: Make sure you have upgrade OpenLDAP and MySQL with steps listed above.

mail_location setting changed in file: /etc/dovecot.conf.

mail_location = maildir:/%Lh/:INDEX=/%Lh/

and dovecot-mysql.conf (if you use MySQL as backend) should be changed too:
user_query = SELECT CONCAT(storagebasedirectory, '/', maildir) AS home, \
and dovecot-ldap.conf (if you use OpenLDAP as backend) should be changed too:
user_attrs      = =sieve_dir=/home/vmail/sieve/%Ld/%Ln/,storageBaseDirectory=home,mailMessageStore=mail=maildir:~/%$/Maildir/,mailQuota=quota_rule=*:bytes=%$

Roundcube webmail

TODO: Upgrade 0.2 to 0.2.1 with plugins.
TODO: Search global address book with current login name and password.

Change global ldap address book filter in /var/www/roundcubemail-x.y.z/config/main.inc.php. It will search mail user/group/alias for you while typing mail address in recipient field.

    'filter'        => "(&(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(&(objectClass=mailList)(hasMember=yes))(objectClass=mailAlias)(objectClass=mailUser)))", // Search mail users, lists, aliases.

New settings in /var/www/roundcubemail-x.y.z/config/main.inc.php:

log_driver	syslog
syslog_id	roundcube
syslog_facility	LOG_MAIL
mime_param_folding	1
identities_level	3
quota_zero_as_unlimited	TRUE

LDAP backend only: Replace 'gn' by 'givenName' in global LDAP address book. (2009.03.15)

# File: /var/www/roundcubemail-x.y.z-stable/config/main.inc.php
    'search_fields' => array('mail', 'cn', 'givenName', 'sn'),  // fields to search in
    'firstname_field' => 'givenName',  // this field represents the contact's first name

Disclaimer

iRedMail-0.5.0 supports automatically adding a disclaimer to all outgoing emails with Amavisd-new + alterMIME.

Install altermime from iRedMail yum repository:

For i386:

# yum install altermime.i386

For x86_64:

# yum install altermime.x86_64

Create directory to store disclaimer files if not exist:

# mkdir -p /etc/postfix/disclaimer/

In /etc/amavisd.conf, add 'allow_disclaimers' in $policy_bank{'MYNET'}:

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  [ ... skip other settings here ...]
  allow_disclaimers => 1,  # enables disclaimer insertion if available
};

Add disclaimer settings before the last line:

# ------------ Disclaimer Setting ---------------
$altermime = '/usr/bin/altermime';
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
 
# Disclaimer in plain text formart.
@altermime_args_disclaimer = qw(--disclaimer=/etc/postfix/disclaimer/_OPTION_.txt);

@disclaimer_options_bysender_maps = ({
    # Per-domain disclaimer setting: /etc/postfix/disclaimer/host1.iredmail.org.txt
    #'host1.iredmail.org' => 'host1.iredmail.org',

    # Sub-domain disclaimer setting: /etc/postfix/disclaimer/iredmail.org.txt
    #'.iredmail.org'      => 'iredmail.org',

    # Per-user disclaimer setting: /etc/postfix/disclaimer/boss.iredmail.org.txt
    #'boss@iredmail.org'  => 'boss.iredmail.org',

    # Catch-all disclaimer setting: /etc/postfix/disclaimer/default.txt
    '.' => 'default',
},);
# ------------ End Disclaimer Setting ---------------

Create an testing disclaimer file:

# echo 'Testing disclaimer.' > /etc/postfix/disclaimer/default.txt

Restart amavisd and send mail from your webmail or Outlook/Thunderbird:

# /etc/init.d/amavisd restart