1 Topic by ensysit

  • ensysit
  • Member
  • Offline
  • Registered: 2017-01-22
  • Posts: 13

Topic: iRedMail-0.9.7 Upgrade Questions / Comments / Issues

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: CentOS 7.3.1611
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? YES 2.8
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Just completed the upgrade from 0.9.6 to 0.9.7. Overall everything works but I have a few questions. I went through it thoroughly so my questions are also thorough. Please let me know if you need more information. Thank you for the excellent product.


*** Roundcube ***

- You mention that it is necessary to remove "system" from PHP.INI in the "disable_functions" section. I did this before running the Roundcube upgrade. Is it not a big security risk to leave it removed ? Should you not mention to add it back after the upgrade to Roundcube 1.3 ? Just an observation, I will defer to your expertise on this.

The Roundcube upgrade sections says : backup,backup, backup and recommends to backup the roundcube database and schema. I looked for 2 hours on how to do this. Could not find an example of how to do the schema or database. I made an educated guess and almost got the database backed up with mysqldump using the credentials in config.inc.php with this command (I used the password from config.inc.php as well) :

mysqldump -u roundcube -p roundcubemail > ~/roundcubebackup.sql

mysqldump: Got error: 1044: "Access denied for user 'roundcube'@'localhost' to database 'roundcubemail'" when using LOCK TABLES

- Unfortunately, seems like the database tables are locked and cannot be backed up. What/Where can I find the procedure to backup the database ?

- How do we backup the schema ?

(btw, instructions should say how to check what the roundcube directory is, was not sure if it was the symbolic link /var/www/roundcubemail or dirctory /var/www/roundcubemail-1.2.0 . I had to assume it was /var/www/roundcubemail based on forum posts I found. Might be simpler to mention it or at least how to check)

I did a backup of the Roundcube directory and proceeded with running the upgrade script. Only gave one error :

Your configuration files are now up-to-date!
Executing database schema update.
Updating database schema (2016081200)... [OK]
Updating database schema (2016100900)... [OK]
Updating database schema (2016112200)... [FAILED]
All done

- What should be done about the FAILED schema upgrade to 2016112200 ?

- I noticed the roundcube directory is still /var/www/roundcubemail-1.2.0 with a symbolic link to /var/www/roundcubemail. Is it normal that the directory is 1.2 even though the version is 1.3 ?

NOTE: Roundcube works well and when logged in, the about in the top left corner shows version 1.3.0
NOTE: with these plugins :
Plugin                            Version    License    Source
filesystem_attachments    1.0            GPLv3+   
jqueryui                            1.12.0    GPLv3+   
managesieve                    8.7            GPLv3+   
password                            4.2            GPLv3+


*** FIX of Improper Postfix HELO rules ****

- Made the change you recommended. However, my main.cf "smtpd_helo_restrictions =" section does not have a "reject_unknown_helo_hostname" entry, instead, it has "reject_invalid_helo_hostname". Everything else is identical. Is this normal ?

*** FIX : incorrect session.save_path in php-fpm pool config file on RHEL/CentOS **

- My php_value[session.save_path] = /var/lib/php/session
   has no quotes like in the example. I changed it to /var/lib/php/sessions. Just want to make sure it's normal that there
    are no quotes.

*** FIX : incorrect freshclam setting ***

- These settings appeared to already be correct except your document says to have "LogSyslog yes" . Mine already said "LogSyslog true". Is that correct ?

*** FIX: Avoid possible backdooring mysqldump backups ***

My /var/vmail/backup/backup_mysql.sh says the following (it has a single quote instead of double quotes)

export CMD_MYSQLDUMP='mysqldump'

- Is the correct syntax :
   export CMD_MYSQLDUMP='mysqldump'  --skip-comments   
   or     
   export CMD_MYSQLDUMP='mysqldump --skip-comments'

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedMail-0.9.7 Upgrade Questions / Comments / Issues

ensysit wrote:

- You mention that it is necessary to remove "system" from PHP.INI in the "disable_functions" section. I did this before running the Roundcube upgrade. Is it not a big security risk to leave it removed ? Should you not mention to add it back after the upgrade to Roundcube 1.3 ? Just an observation, I will defer to your expertise on this.

You're right, we'd better disable it after upgrading Roundcube. I upgraded Roundcube wiki document to mention this: https://github.com/roundcube/roundcubemail/wiki/Upgrade

ensysit wrote:

The Roundcube upgrade sections says : backup,backup, backup and recommends to backup the roundcube database and schema. I looked for 2 hours on how to do this. Could not find an example of how to do the schema or database. I made an educated guess and almost got the database backed up with mysqldump using the credentials in config.inc.php with this command (I used the password from config.inc.php as well) :

You can use the backup script set up by iRedMail installer, default path is: /var/vmail/backup/backup_mysql.sh.

ensysit wrote:

- What should be done about the FAILED schema upgrade to 2016112200 ?

You can try to run it manually. For example:

# mysql --defaults-file=/root/.my.cnf -uroot
mysql> USE roundcubemail;
mysql> SOURCE 2016112200.sql;
ensysit wrote:

- I noticed the roundcube directory is still /var/www/roundcubemail-1.2.0 with a symbolic link to /var/www/roundcubemail. Is it normal that the directory is 1.2 even though the version is 1.3 ?

Roundcube upgrade script "bin/installto.sh" simply copy files to the directory you specified on command line, it doesn't rename the directory. So the result is: you got Roundcube 1.3, but directory name is still 1.2.0. This doesn't impact webmail service, but if you don't like old directory name, simply rename it and re-create symbol link to new directory.

ensysit wrote:

*** FIX of Improper Postfix HELO rules ****
- Made the change you recommended. However, my main.cf "smtpd_helo_restrictions =" section does not have a "reject_unknown_helo_hostname" entry, instead, it has "reject_invalid_helo_hostname". Everything else is identical. Is this normal ?

Normal.
Old iRedMail releases use "reject_invalid_helo_hostname", this checks HELO syntax, but new iRedMail release uses "reject_unknown_helo_hostname", it verifies whether sender HELO is resolvable by DNS query.

ensysit wrote:

*** FIX : incorrect freshclam setting ***
- These settings appeared to already be correct except your document says to have "LogSyslog yes" . Mine already said "LogSyslog true". Is that correct ?

ClamAV supports both 'yes' and 'true' as value.

ensysit wrote:

*** FIX: Avoid possible backdooring mysqldump backups ***
My /var/vmail/backup/backup_mysql.sh says the following (it has a single quote instead of double quotes)
export CMD_MYSQLDUMP='mysqldump'
- Is the correct syntax :
   export CMD_MYSQLDUMP='mysqldump'  --skip-comments   
   or     
   export CMD_MYSQLDUMP='mysqldump --skip-comments'

The second one is correct:

export CMD_MYSQLDUMP='mysqldump --skip-comments'

3 Reply by ensysit

  • ensysit
  • Member
  • Offline
  • Registered: 2017-01-22
  • Posts: 13

Re: iRedMail-0.9.7 Upgrade Questions / Comments / Issues

Hi Zhang,

Thanks for the quick reply and for clearing many things up. I'm sure your answers will provide useful if others have similar questions.

I tried re-running the SQL schema 2016112200 update manually as you suggested. It completes, but returns with ERROR 1060 (42S21) at line 1 in file: '2016112200.sql': Duplicate column name 'id'

Here is exactly what I did :

[root@mail mysql]# cd /root/roundcubemail-1.3.0/SQL/mysql


[root@mail mysql]# mysql --defaults-file=/root/.my.cnf -uroot

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 181366
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> USE roundcubemail;

Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

MariaDB [roundcubemail]> SOURCE 2016112200.sql;

MariaDB [roundcubemail]> SOURCE 2016112200.sql
ERROR 1060 (42S21) at line 1 in file: '2016112200.sql': Duplicate column name 'id'
Query OK, 0 rows affected (0.05 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.19 sec)

Query OK, 0 rows affected (0.15 sec)



***************** Contents of 2016112200.sql **************

ALTER TABLE `dictionary` ADD COLUMN `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST; -- redundant, for compat. with Galera Clus$

DROP TABLE `cache`;
DROP TABLE `cache_shared`;

CREATE TABLE `cache` (
`user_id` int(10) UNSIGNED NOT NULL,
`cache_key` varchar(128) /*!40101 CHARACTER SET ascii COLLATE ascii_general_ci */ NOT NULL,
`expires` datetime DEFAULT NULL,
`data` longtext NOT NULL,
PRIMARY KEY (`user_id`, `cache_key`),
CONSTRAINT `user_id_fk_cache` FOREIGN KEY (`user_id`)
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
INDEX `expires_index` (`expires`)
) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


CREATE TABLE `cache_shared` (
`cache_key` varchar(255) /*!40101 CHARACTER SET ascii COLLATE ascii_general_ci */ NOT NULL,
`expires` datetime DEFAULT NULL,
`data` longtext NOT NULL,
PRIMARY KEY (`cache_key`),
INDEX `expires_index` (`expires`)
) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


What should I do about this schema update error ?

Thanks in advance !

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedMail-0.9.7 Upgrade Questions / Comments / Issues

It's fine.

5 Reply by ensysit

  • ensysit
  • Member
  • Offline
  • Registered: 2017-01-22
  • Posts: 13

Re: iRedMail-0.9.7 Upgrade Questions / Comments / Issues

ZhangHuangbin wrote:

It's fine.

Just finished updating 2 other unrelated iRedmail servers to 0.9.7 on different versions of CentOS. Both have OpenLDAP implementation and both gave the SQL schema Failed. Just thought you should know. Everything seems to work though. As per your instructions, I'll ignore it :

Done.
Your configuration files are now up-to-date!
Executing database schema update.
Updating database schema (2016081200)... [OK]
Updating database schema (2016100900)... [OK]
Updating database schema (2016112200)... [FAILED]
All done.

6 Reply by Blisk

  • Blisk
  • Member
  • Offline
  • Registered: 2015-05-07
  • Posts: 106

Re: iRedMail-0.9.7 Upgrade Questions / Comments / Issues

Is there no simple upgrade? Do I really need to upgrade every module separate?
like it is written here.
http://www.iredmail.org/docs/upgrade.ir … 0.9.6.html

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedMail-0.9.7 Upgrade Questions / Comments / Issues

ensysit wrote:

I'll ignore it :
Done.

Updating database schema (2016112200)... [FAILED]

Please import this SQL file manually.