1

Topic: iRedMail-0.9.6 has been released

Dear all,

iRedMail-0.9.6 stable release has been released.

Below are changes since iRedMail-0.9.5-1:

Supports new distribution release
  • Ubuntu 16.10. WARNING: Ubuntu 16.10 will end of life in July 2017, Ubuntu 16.04 LTS edition is recommended for a production server.

  • OpenBSD 6.0. OpenBSD 5.9 is not supported anymore.

  • FreeBSD 11.0

Improvements
  • iRedMail Installer: Able to choose not to install web server and web applications.

  • Use rsyslog (requires version 8.x) instead of internal logging system for Dovecot on CentOS 7 and Ubuntu 16.04, 16.10.

    • rsyslog is default syslog program on CentOS, Debian and Ubuntu. With rsyslog, we're able to discard log messages which matches given regular expressions if it produces too fast. for example, HAProxy performs health check every few seconds for POP3/IMAP (and other) services, we can easily discard those health check related logs to save disk space.

  • Switch Awstats user authentication from SQL/LDAP to basic auth based on file, Awstats is now available for both Apache and Nginx.

  • Nginx:

    • Add HSTS header for Roundcube, iRedAdmin, SOGo.

    • Add sample config files to run Roundcube, iRedAdmin, SOGo as a subdomain.

  • Roundcube webmail:

    • Enable plugin `enigma` by default for PGP encryption. WARNING: The plugin uses gpg binary on the server and stores all keys (including private keys of the users) on the server. Encryption/decryption is done server-side. So, this plugin is for users that trust the server.

    • If you get error `Identity must have a user name defined` while first trying to generate gpg key, please add a name for your email account in Roundcube: `Settings -> Identities`.

  • SOGo: List all contacts by default in SOGo global address book.

  • FreeBSD: Switch from OpenSSL to LibreSSL by default.

Fixed issues
  • LDAP backends: mail accounts (user, alias, list) are still active when domain is disabled.

  • Fix the HTTPROXY vulnerability in Apache and Nginx. Reference: https://httpoxy.org/

  • Not convert domain name and email address to lower cases while creating mail accounts with scripts tools/create_mail_user_*. Thanks Santosh Gupta <head.it _at_ satmatechnologies.com> for the report.

  • SOGo: Not correctly redirect access to https in Apache.

  • Postfix:

    • Not enable opportunistic TLS support for remote smtp clients.

    • Incorrect HELO restriction rule which causes Postfix rejects smtp session with HELO "[IP_ADDRESS]" (with squared brackets).

  • Nginx:

    • Not allow access to '/.well-known/'.

    • Not forward real client IP address to SOGo.

    • Config file for catch-all virtual host `default.conf` has been renamed to `00-default.conf`, to make sure it will be loaded before other virtual host config files.

  • Roundcube webmail:

    • Missing cron job used to clean up old Roundcube temporary files (bin/gc.sh).

    • Not set proper file owner (apache/nginx) and permission (0600) for config file of password plugin.

  • iRedAPD: Not add FreeBSD Jail IP address as trusted client. This causes mail delivery failure while sending to user under same domain. Thanks Erez Zabusky <erez_z _at_ cre8ip.com> for the report.

  • OpenBSD:

    • not enable uwsgi service.

    • not create symbol links for PHP programs.

Updated packages
  • Roundcube -> 1.2.3

  • iRedAPD -> 2.0

  • iRedAdmin -> 0.7

  • uwsgi -> 2.0.14 (OpenBSD only)

  • FreeBSD: php-7.0, mysql-5.7

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail-0.9.6 has been released

iRedAPD-2.0 has some improvements too:

New plugins
  • plugins/whitelist_outbound_recipient.py: used to automatically whitelist outbound recipient for greylisting (parameter 'WL_RCPT_FOR_GREYLISTING'). Please check comment lines in `libs/default_settings.py` for more details. This plugin is not enabled by default.

Improvements
  • Copy `plugins/custom_*` during upgrading to keep custom plugins.

  • Able to throttle based on external senders.

  • Handle systemd script while upgrading in tools/upgrade_iredapd.sh.

  • If one sender passed greylisting service, we reuse the sender IP address to avoid further temporary rejection.

  • Get full traceback if error occurs while applying plugin.

  • Reduce SQLAlchemy connection pool recycle to 360 (was 3600) to work better on low traffic server.

  • SQLAlchemy connection pool size and pool recycle are configurable with parameter `SQL_CONNECTION_POOL_SIZE` and `SQL_CONNECTION_POOL_RECYCLE` in iRedAPD config file.

  • tools/greylisting_admin.py:

    • able to specify IP address/network, email address as sender.

    • able to add/list per-account whitelists.

  • Add systemd script used to control iredapd service: rc_scripts/iredapd.service.

Fixed issues
  • Memory leak due to not clean up session tracking data.

  • plugins/throttle.py: Throttle plugin cannot handle email which has multiple recipients. Thanks to Andrea <info _at_ nili.ca> for the report.

  • plugins/amavisd_wblist.py: not apply inbound wblist if both sender and recipient are local virtual mail user. Thanks Tom <tom _at_ ansspc.com> for the report in forum.

  • plugins/sql_alias_access_policy: if access policy is 'subdomain', email sent from alias member (which is under same domain) to <alias_account@alias_domain.com> was incorrectly rejected.

  • Incorrect account type: tld_domain -> top_level_domain. Thanks Ralph <shane _at_ greenjames.com> for the report in forum.

  • Remove host bits in IP address of SPF record in tools/spf_to_greylist_whitelists.py: x.x.x.Y/zz -> x.x.x.Y.

  • White/blacklist doesn't work if email was sent from SOGo or ActiveSync client (e.g. Outlook). Thanks <alexeilevinzon _at gmail.com> for the report.

  • tools/wblist_admin.py cannot add/delete white/blacklists.

  • tools/spf_to_greylist_whitelists.py: inserts whitelists without checking whether it exists, this causes annoying warning message in PostgreSQL log file due to duplicate key.

3

Re: iRedMail-0.9.6 has been released

ZhangHuangbin wrote:

Dear all,

Upgrade tutorials are available here: http://www.iredmail.org/docs/iredmail.releases.html

Upgrade tutorial seems to be missing on this page?

4

Re: iRedMail-0.9.6 has been released

mir wrote:

Upgrade tutorial seems to be missing on this page?

Updated. smile

5

Re: iRedMail-0.9.6 has been released

Hey, I installed 0.9.6 today on Centos 7 but MySQL allows root user to login without a password. I'm not sure how to fix this. Does anyone know how?

6

Re: iRedMail-0.9.6 has been released

James86 wrote:

Hey, I installed 0.9.6 today on Centos 7 but MySQL allows root user to login without a password. I'm not sure how to fix this. Does anyone know how?

We store MySQL root password in file /root/.my.cnf, that's why it doesn't require a password. This file is also used by backup script (/var/vmail/backup/backup_mysql.sh).

7

Re: iRedMail-0.9.6 has been released

ZhangHuangbin wrote:

Dear all,

iRedMail-0.9.6 stable release has been released.
...
Fixed issues
...
Postfix:

Not enable opportunistic TLS support for remote smtp clients....

Please fix it with commands below.

postconf -e smtpd_tls_security_level='may'.

   
however the string

smtpd_tls_security_level = may

is already present in /etc/postfix/main.cf iRedMail-0.9.5-1

8

Re: iRedMail-0.9.6 has been released

oermolaev wrote:

   
however the string

smtpd_tls_security_level = may

is already present in /etc/postfix/main.cf iRedMail-0.9.5-1

If you already have it, it's safe to ignore. I will update doc to mention this.
Thanks for the feedback.

9 (edited by jwegge 2017-01-25 07:05:23)

Re: iRedMail-0.9.6 has been released

Hello,

After upgrade (which was smooth as ever, thanks!) I have an issue when I wanted to check/edit the profile of a domain --> Error: ProgrammingError(1146, "Table 'vmail.sender_relayhost' doesn't exist")
also when changin profile of user: Error: OperationalError(1054, "Unknown column 'enablesogo' in 'field list'")

Running all the latest:
iRedAdmin-0.7
iRedAPD-2.0
iRedAdmin-Pro    v2.5.0 (MySQL)

I downloaded iRedMail v0.9.6, but on the upgrade page (http://www.iredmail.org/docs/upgrade.ir … 0.9.6.html) I cannot find a command which uses it contents.

Did I miss something?

Regards,
Jord

10

Re: iRedMail-0.9.6 has been released

You must upgrade iRedMail by following our tutorials here:
http://www.iredmail.org/docs/iredmail.releases.html

Upgrading iRedMail doesn't require to download new version.

11

Re: iRedMail-0.9.6 has been released

Hi there, I did all that but nowhere came across an sql-structure adjustment except "Fix invalid default (datetime) value for some SQL columns in 'vmail' database".

iRedAPD-2.0.tar.bz2
bash upgrade_iredapd.sh

iRedAdmin-0.7.tar.bz2
bash upgrade_iredadmin.sh

adjustments to:
/etc/amavis/conf.d/50-user
/etc/iredmail-release
/etc/apache2/conf-available/awstats.conf
/etc/postfix/master.cf
/etc/postfix/main.cf
/etc/postfix/helo_access.pcre
crontab

iRedAdmin-Pro-SQL-2.5.0.tar.bz2
bash upgrade_iredadmin.sh

chown www-data:www-data /opt/www/roundcubemail/plugins/password/config.inc.php
chmod 0400 /opt/www/roundcubemail/plugins/password/config.inc.php

replaced /etc/fail2ban/filter.d/dovecot.iredmail.conf

iRedMail-0.9.6.tar.bz2
but nothing to do with it?

12

Re: iRedMail-0.9.6 has been released

Hello!

Fixed: missing cron job used to clean up old Roundcube temporary files

Wrong:
# Roundcube: Cleanup old temp files (defaults to keep for 2 days)
2   2   *   *   *   php /var/www/roundcubemail/bin/gc.sh >/dev/null

Correctly:
# Roundcube: Cleanup old temp files (defaults to keep for 2 days)
*   *   */2   *   *   php /var/www/roundcubemail/bin/gc.sh >/dev/null

13

Re: iRedMail-0.9.6 has been released

jwegge wrote:

Hi there, I did all that but nowhere came across an sql-structure adjustment except "Fix invalid default (datetime) value for some SQL columns in 'vmail' database".

iRedAPD-2.0.tar.bz2
bash upgrade_iredapd.sh

iRedAdmin-0.7.tar.bz2
bash upgrade_iredadmin.sh

adjustments to:
/etc/amavis/conf.d/50-user
/etc/iredmail-release
/etc/apache2/conf-available/awstats.conf
/etc/postfix/master.cf
/etc/postfix/main.cf
/etc/postfix/helo_access.pcre
crontab

iRedAdmin-Pro-SQL-2.5.0.tar.bz2
bash upgrade_iredadmin.sh

chown www-data:www-data /opt/www/roundcubemail/plugins/password/config.inc.php
chmod 0400 /opt/www/roundcubemail/plugins/password/config.inc.php

replaced /etc/fail2ban/filter.d/dovecot.iredmail.conf

iRedMail-0.9.6.tar.bz2
but nothing to do with it?


Apparantly is missed something:
MySQL/MariaDB backend special
NEW: Support Postfix sender_dependent_relayhost_maps
Summary
Create SQL table vmail.sender_relayhost
Create SQL lookup file: sender_dependent_relayhost_maps.cf
Update Postfix settings in /etc/postfix/main.cf
NEW: Able to enable/disable SOGo access for a single user

14

Re: iRedMail-0.9.6 has been released

jwegge wrote:

After upgrade (which was smooth as ever, thanks!) I have an issue when I wanted to check/edit the profile of a domain --> Error: ProgrammingError(1146, "Table 'vmail.sender_relayhost' doesn't exist")

SQL table "vmail.sender_relayhost" was introduced in iRedMail-0.9.5, seems you are running and old iRedMail and didn't upgrade it:
http://www.iredmail.org/docs/upgrade.ir … ost_maps_1

15

Re: iRedMail-0.9.6 has been released

sergey.shibka wrote:

Fixed: missing cron job used to clean up old Roundcube temporary files

Wrong:
2   2   *   *   *   php /var/www/roundcubemail/bin/gc.sh >/dev/null

Correctly:
*   *   */2   *   *   php /var/www/roundcubemail/bin/gc.sh >/dev/null

Sorry about the confusion.
The expire date is controlled by Roundcube parameter like below, not by our cron job.

// This is default setting in Roundcube.
$config['temp_dir_ttl'] = '48h';

I updated doc to mention this moment ago. Thanks for the feedback.

16

Re: iRedMail-0.9.6 has been released

Hi after adding the cronjob: php /usr/share/apache2/roundcubemail/bin/gc.sh >/dev/null (i have an old debian), returns me this error:

ERROR: [7] ERROR:  column "expires" does not exist
LINE 1: DELETE FROM "cache" WHERE "expires" < now()
                                  ^ (SQL Query: DELETE FROM "cache" WHERE "expires" < now())ERROR: [7] ERROR:  relation "cache_shared" does not exist
LINE 1: DELETE FROM "cache_shared" WHERE "expires" < now()
                    ^ (SQL Query: DELETE FROM "cache_shared" WHERE "expires" < now())ERROR: [7] ERROR:  column "expires" does not exist
LINE 1: DELETE FROM "cache_messages" WHERE "expires" < now()
                                           ^ (SQL Query: DELETE FROM "cache_messages" WHERE "expires" < now())ERROR: [7] ERROR:  column "expires" does not exist
LINE 1: DELETE FROM "cache_index" WHERE "expires" < now()
                                        ^ (SQL Query: DELETE FROM "cache_index" WHERE "expires" < now())ERROR: [7] ERROR:  column "expires" does not exist
LINE 1: DELETE FROM "cache_thread" WHERE "expires" < now()
                                         ^ (SQL Query: DELETE FROM "cache_thread" WHERE "expires" < now())

17

Re: iRedMail-0.9.6 has been released

Login to the mysql database and run the following DDL:
ALTER TABLE cache_thread add COLUMN `expires` datetime DEFAULT NULL, ADD KEY `expires_index` (`expires`);

18

Re: iRedMail-0.9.6 has been released

d4Mn3d wrote:

Hi after adding the cronjob: php /usr/share/apache2/roundcubemail/bin/gc.sh >/dev/null (i have an old debian), returns me this error:

You should upgrade Roundcube to a new version, or don't run this cron job.

19 (edited by SteveLuxe 2017-01-28 21:43:41)

Re: iRedMail-0.9.6 has been released

ZhangHuangbin wrote:
d4Mn3d wrote:

Hi after adding the cronjob: php /usr/share/apache2/roundcubemail/bin/gc.sh >/dev/null (i have an old debian), returns me this error:

You should upgrade Roundcube to a new version, or don't run this cron job.

Actually, I had a related problem. There's an issue (at least with Debian) with the tutorial, and the cron job as it has been written. There is no username on this particular line pertaining to Roundcube, and I believe that it should use the username www-data before the php command. This caused my CRON jobs to fail, and my logwatch reports not to be sent after making this modification.

I ended up with this problem because I was lazy and copied and pasted from the tutorial into my terminal window when adding the cron job. I'm sure I'm probably not the only person who has done that... so yeah... guilty! Anyway...

This is how the instructions are written on the upgrade page for 0.9.6, and the corrected line is below. This definitely holds true for Debian, and probably Ubuntu. I'm not familiar with what user httpd runs as under Centos / RHEL, but this may be an issue for those OSes as well.

Debian/Ubuntu:

        WARNING: with old iRedMail release, Roundcube directory is /usr/share/apache2/roundcubemail, please make sure you're using the correct one on your server.

# Roundcube: Cleanup old temp files.
# Defaults to keep for 2 days, controlled by Roundcube parameter $config['temp_dir_ttl'].
2   2   *   *   *   php /opt/www/roundcubemail/bin/gc.sh >/dev/null

I believe that this line should actually be like so:
2   2   *   *   *   www-data php /opt/www/roundcubemail/bin/gc.sh >/dev/null

Hopefully I've helped someone who had the same issue as me.

20

Re: iRedMail-0.9.6 has been released

SteveLuxe wrote:

There's an issue (at least with Debian) with the tutorial, and the cron job as it has been written. There is no username on this particular line pertaining to Roundcube, and I believe that it should use the username www-data before the php command.

What's the issue?

We run the script as root user directly.

21

Re: iRedMail-0.9.6 has been released

ZhangHuangbin wrote:
SteveLuxe wrote:

There's an issue (at least with Debian) with the tutorial, and the cron job as it has been written. There is no username on this particular line pertaining to Roundcube, and I believe that it should use the username www-data before the php command.

What's the issue?

We run the script as root user directly.

The issue was that for whatever reason, when the cron job was added to my crontab file, crontab -e didn't add a user in front of the 'php' command. I've no idea why, if we're just running everything as the root user... I looked at /etc/crontab, and sure enough, there was no user in front of the 'php' command. Perhaps it was my installation that went wonky?

22 (edited by dsp3 2017-02-08 02:27:01)

Re: iRedMail-0.9.6 has been released

New install on CENTOS7. SOGo gives 502 Bad Gateway:

 2017/02/07 14:48:28 [error] 216#0: *253 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xx.xxx.xxx, server: _, request: "GET /SOGo/ HTTP/1.1", upstream: "http://127.0.0.1:20000/SOGo/", host: "domain.tld"

And

systemctl status sogod
● sogod.service - SOGo is a groupware server
   Loaded: loaded (/usr/lib/systemd/system/sogod.service; enabled; vendor preset: disabled)
   Active: failed (Result: resources) since Tue 2017-02-07 14:32:43 UTC; 10min ago
  Process: 870 ExecStart=/usr/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log (code=exited, status=0/SUCCESS)

Feb 07 13:21:20 mail systemd[1]: sogod.service never wrote its PID file. Failing.
Feb 07 13:21:20 mail systemd[1]: Failed to start SOGo is a groupware server.
Feb 07 13:21:20 mail systemd[1]: Unit sogod.service entered failed state.
Feb 07 13:21:20 mail systemd[1]: sogod.service failed.
Feb 07 14:32:43 mail systemd[1]: Starting SOGo is a groupware server...
Feb 07 14:32:43 mail systemd[1]: PID file /var/run/sogo/sogo.pid not readable (yet?) after start.
Feb 07 14:32:43 mail systemd[1]: sogod.service never wrote its PID file. Failing.
Feb 07 14:32:43 mail systemd[1]: Failed to start SOGo is a groupware server.
Feb 07 14:32:43 mail systemd[1]: Unit sogod.service entered failed state.
Feb 07 14:32:43 mail systemd[1]: sogod.service failed.

The fix:

touch /var/run/sogo/sogo.pid
chown sogo /var/run/sogo/sogo.pid

However, this must be applied each time sogod is restarted

23

Re: iRedMail-0.9.6 has been released

After update to 0.9.6 , when user's send *.JPG in attach have sometime this messages.

_________________________
No viruses were found.

Banned name: .image,.jpg,IMG_4902.JPG
Content type: Banned
Internal reference code for the message is 24946-04/QjKhcbyVOC6d

First upstream SMTP client IP address: [127.0.0.1] mail.*****************
According to a 'Received:' trace, the message apparently originated at:
  [127.0.0.1], _ mail.*************** [127.0.0.1]

Return-Path: <pl@******************>
From: pl@****************
Message-ID: <ee3577787b610848cdb3776d83ee3b55@******************>
Subject: = **********************

Not quarantined.

The message WAS NOT relayed to:
<some_local_user@****************>:
   554 5.7.0 Bounce, id=24946-04 - BANNED: .image,.jpg,IMG_4902.JPG

24 (edited by oermolaev 2017-02-17 18:13:56)

Re: iRedMail-0.9.6 has been released

nemp , I sometimes have the same. But not in all cases. The cause is not understood.

No viruses were found.

Banned name: .image,.jpg,CCI28092016_0000.jpg
Content type: Banned
Internal reference code for the message is 08996-19/RKGHf1k_yIR0

First upstream SMTP client IP address: [192.168.36.51]

25

Re: iRedMail-0.9.6 has been released

yep, not in all cases!!