1

Topic: General way to upgrade

Hi,

i am running an iRedMail-installation on CentOS 5.3 without any bigger problems so far. Thumbs up, excellent work smile
I am still wondering, what he recommended way to upgrade my installation is.
Having a yum repository made me think i just could use "yum update" and everything wil be worked out more or less by itself.
No i found that i still have i.e. phpMyAdmin - 2.11.9.4 and so i think i am somewhat stuck with iRedMail 0.3.x.
What is the correct way to check the iRedMail-Version?
How do i upgrade a running installation without bigger hassle? The wiki-documenation on these topics states "this is work in progress - don't do this!"...

Thanks for your help and kind regards,
Thomas

2

Re: General way to upgrade

thomas wrote:

I am still wondering, what he recommended way to upgrade my installation is.
...
Having a yum repository made me think i just could use "yum update" and everything wil be worked out more or less by itself.

As you may know, we have a yum repository for RHEL/CentOS 5.x, used to update binary packages.
But we may change settings in config files in new version, it's not *SAFE* to change them while you use 'yum update/upgrade' to update binary packages, so we drop them in a upgrade tutorial, system admins have to adjust settings manually.

This is the best way for upgrading i can image, if you have better idea, please do contact me, let's make it better smile

thomas wrote:

What is the correct way to check the iRedMail-Version?

You can find it in all config files which modifed by iRedMail, such as /etc/dovecot.conf, /etc/postfix/ldap_*.cf, /etc/postfix/mysql_*.cf, etc.

And you can get it with this command:

$ sudo postconf -n mail_name
mail_name = iRedMail

$ sudo postconf -n mail_version
mail_version = 0.5.0
thomas wrote:

The wiki-documenation on these topics states "this is work in progress - don't do this!"...

Thanks for your remind, i removed this notice. smile

3 (edited by thomas 2009-08-19 20:27:43)

Re: General way to upgrade

ZhangHuangbin wrote:
thomas wrote:

I am still wondering, what he recommended way to upgrade my installation is.
...
Having a yum repository made me think i just could use "yum update" and everything wil be worked out more or less by itself.

As you may know, we have a yum repository for RHEL/CentOS 5.x, used to update binary packages.
But we may change settings in config files in new version, it's not *SAFE* to change them while you use 'yum update/upgrade' to update binary packages, so we drop them in a upgrade tutorial, system admins have to adjust settings manually.

So basically all i have to do is a "yum update" and manually change the config files, mysql etc.?
I don't really get it. "yum update" did not alter anything. Not even the binaries, nothing.

Regards,
Tom

4

Re: General way to upgrade

thomas wrote:

So basically all i have to do is a "yum update" followed by "yum upgrade" and manually change the config files, mysql etc.?

Yes (almost).

If addition operations are required after binary package upgrade, we will public relate information in this forum and our twitter (@iredmail, http://twitter.com/iredmail), and push the binary package into yum repository about one week later so that system admins have enough time to notice the addition requirements.

This situation appeared before, but not so much times.

So, don't forget to subscribe forum RSS feed or follow us on twitter.
About RSS feed, you can subscribe to 'News & Announcements' forum for this purpose.

5 (edited by roni 2015-06-15 21:27:12)

Re: General way to upgrade

I have installed latest iRedMail-0.9.2 in our system and created some mail boxes. Able to send and receive mails using mail clients like outlook/thunderbird (Using imap over SSL and pop3s are working fine to fetch new mails)
We have an application installed in anther system, and that application is checking new mails in the above mail boxes using RSS feeds.We have created RSS feed url using the POP3S working credentials that we used in above cases.Not able to fetch mails using this feed with the following error
Warning: imap_open(): Couldn't open stream {mail.XXX.com:995/pop3/ssl} in /usr/share/nginx/www/dev.XXXXXXX/mail2rss.php on line 73

Warning: imap_num_msg() expects parameter 1 to be resource, boolean given in /usr/share/nginx/www/dev.XXXXXX/mail2rss.php on line 78

Notice: Unknown: Can't connect to mail.XXX.com,995: Connection refused (errflg=2) in Unknown on line 0

But when i disable the iptable services in this box this same feed url start working without any issues. How can I troubleshoot this issue by enabling this traffic in iptable?

6

Re: General way to upgrade

roni wrote:

How can I troubleshoot this issue by enabling this traffic in iptable?

roni: Do you have the default rules for iptables in /etc/default/iptables enabled?

You should probably at least have the basics:

# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT

# pop3, pop3s
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# imap, imaps
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

Those should be set to ACCEPT for the ports that you need to use. If they're not set to accept (the ports are closed off), and iptables is running as a service, you're not going to be able to communicate with your mail machine. I believe that those rules are set as a default with a new iRedMail install. At least they were on my machines.  You can try to open that single port on the command line as a test by typing in your shell:

"iptables -A INPUT -p tcp --dport 995 -j ACCEPT" and see what happens. Hopefully opening the port works.

7

Re: General way to upgrade

Thanks for your reply. Default IP Table rules are enabled in this box with its installation and the following is the content of /etc/default/iptables. I tried the command you specified in the commend but it not solved the issue
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [149:33179]
:fail2ban-default - [0:0]
:fail2ban-dovecot - [0:0]
:fail2ban-postfix - [0:0]
:fail2ban-roundcube - [0:0]
-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-postfix
-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-dovecot
-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-roundcube
-A INPUT -p tcp -j fail2ban-default
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -p tcp -j fail2ban-default
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -s X.X.X.X/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s XXXX/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s xxxx/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s xxxx/32 -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s xxxx/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A fail2ban-default -s 58.218.211.166/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-default -j RETURN
-A fail2ban-default -j RETURN
-A fail2ban-dovecot -j RETURN
-A fail2ban-postfix -s 162.243.28.202/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-postfix -s 162.243.226.170/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-postfix -j RETURN
-A fail2ban-roundcube -j RETURN
COMMIT

8

Re: General way to upgrade

I found that the issue, but I couldn't solved it completely. It seems that fail2ban service is blocking the IP of the application server. I tryout to add this server IP in its white-list using the /etc/fail2ban/jail.conf by adding this IP in "ignoreip=",  then I removed this blocking rule from IPtables. But after some time it seems again blocked

Following is the entry i saw in "iptable -L" command as its blocked. hostname.example.com is our application server

Chain fail2ban-postfix (1 references)
target     prot opt source               destination
REJECT     all  --  hostname.example.com  anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

9

Re: General way to upgrade

You should add it to /etc/fail2ban/jail.local.

10

Re: General way to upgrade

It seems the issue fixed. Thanks for the support

11

Re: General way to upgrade

After this issue I noticed that i am not able to send mails using this smtp over TLS (POrt 587). When i tail mail.log file I noticed the following error

Jun 16 05:49:33 svr postfix/smtpd[2482]: connect from unknown[x.x.x.x]
Jun 16 05:49:36 svr postfix/smtpd[2482]: E177F81891: client=unknown[x.x.x.x], sasl_method=LOGIN, sasl_username=test@abc.co
Jun 16 05:49:38 svr postfix/cleanup[2492]: E177F81891: message-id=<>
Jun 16 05:49:38 svr postfix/qmgr[1981]: E177F81891: from=<test@abc.co>, size=594, nrcpt=1 (queue active)
Jun 16 05:49:38 svr postfix/smtp[2009]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Jun 16 05:49:38 svr postfix/smtp[2009]: E177F81891: to=<test@abc.co>, relay=none, delay=2.4, delays=2.4/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Jun 16 05:49:39 svr postfix/smtpd[2482]: disconnect from unknown[x.x.x.x]

12

Re: General way to upgrade

roni wrote:

Jun 16 05:49:38 svr postfix/smtp[2009]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused

Reference:
http://www.iredmail.org/docs/errors.htm … on-refused