1

Topic: iRedMail-1.4.0 has been released

Dear all,

iRedMail-1.4.0 has been released.

Here's major changes since iRedMail-1.3.2.

Supports new distribution releases
  • CentOS 8 Stream. All backends are supported: MariaDB, PostgreSQL, OpenLDAP.

DROPPED distribution release
  • Debian 9 (stretch). Please use Debian 10 instead.

Improvements
  • SQL backends: New sql table `maillist_owners`. Used to store owners of subscribeable mailing lists. With this new table, if self-service is enabled in iRedAdmin-Pro, mailing list owner is able to login to iRedAdmin-Pro and manage profile and members of owned mailing lists.

  • SQL backends: Drop 4 unused SQL columns in `vmail.mailbox` table: allowedsenders, rejectedsenders, allowedrecipients, rejectedrecipients.

  • OpenLDAP backend: New attributes `listModerator` and `listOwner`. Used to to store moderator and owner of subscribeable mailing lists. With these new attributes, if self-service is enabled in iRedAdmin-Pro, mailing list owner is able to login to iRedAdmin-Pro and manage profile and members of owned mailing lists.

  • Fail2ban now stores (base64) encoded log lines in SQL database to avoid possible SQL injection.

  • Enable long queue id support in logwatch.

## Fixed issues

  • Whitelist HELO hostname used by Microsoft Outlook/Hotmail servers.

  • tools/backup_pgsql.sh: Not dump databases with `--clean` argument.

  • Not install nftables package on Ubuntu 20.04.

  • [OpenBSD] Used wrong Python MySQL driver name in iRedAPD.

  • Fail2ban can not store banned IP address when its country name quotes.

## Updated packages

  • Roundcube webmail -> 1.4.11. Security and bug fixes.

  • netdata -> 1.30.1

  • mlmmjadmin -> 3.1

  • iRedAPD -> 5.0

  • iRedAdmin -> 1.3

Introduce "iRedMail Easy" - the new deployment, upgrade and support platform

iRedMail Easy is the new web-based deployment, (one-click) upgrade and technical support platform introduced few months ago, we release new version frequently (currently one new release per month), with the one-click upgrade support, you can easily keep the iRedMail server up to date without caring about any technical details. It's the recommend way to deploy NEW iRedMail server and get technical support.

For more details, please check our website, the comparison of iRedMail Easy and classic downloadable installer is available too: https://www.iredmail.org/easy.html

If you need to upgrade existing iRedMail server to the iRedMail Easy platform, please check our tutorial: Migrate from iRedMail to iRedMail Easy platform.

Introduce all-in-one Dockerized iRedMail

We have built an all-in-one Dockerized iRedMail, get it here:
https://hub.docker.com/r/iredmail/mariadb

  • Only MariaDB backend is available right now.

  • Based on Ubuntu Linux (20.04) docker image, all components in one container.

  • SOGo groupware is not yet included.

It's not considered as production ready, please don't run it on production
server now. Feedback, suggestions are all welcome. smile

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by RikuS 2021-04-13 18:15:33)

Re: iRedMail-1.4.0 has been released

Thanks for the update!

I believe fail2ban config needs a small update:

conf/global sets nftables for Debian and Ubuntu https://github.com/iredmail/iRedMail/bl … obal#L493, but conf/fail2ban does it only for Debian Buster https://github.com/iredmail/iRedMail/bl … il2ban#L52

PR here => https://github.com/iredmail/iRedMail/pull/118

3

Re: iRedMail-1.4.0 has been released

Dear @RikuS,

PR merged and re-tagged iRedMail-1.4.0.
Thank you. smile

4

Re: iRedMail-1.4.0 has been released

I have just downloaded iRedMail-1.4.0 and get the following messages :-

root@x1:~/iRedMail-1.4.0 # bash iRedMail.sh
< SKIP > Function: check_new_iredmail.
[ INFO ] Fetching source tarballs ...
[ INFO ] + 1 of 3: https://dl.iredmail.org/yum/misc/iRedAdmin-1.3.tar.gz
iRedAdmin-1.3.tar.gz                                  1799 kB 1283 kBps    01s
[ INFO ] + 2 of 3: https://dl.iredmail.org/yum/misc/mlmmjadmin-3.1.tar.gz
mlmmjadmin-3.1.tar.gz                                   43 kB  125 kBps    00s
[ INFO ] + 3 of 3: https://dl.iredmail.org/yum/misc/iRedAPD-5.0.tar.gz
iRedAPD-5.0.tar.gz                                     100 kB  193 kBps    00s
[ INFO ] Validate downloaded source tarballs ...
2c2
< SHA256 (misc/mlmmjadmin-3.1.tar.gz) = ef6f8834e8def04349241b89ec2102478378b78cb992a4826c1a038f924420d8
---
> SHA256 (misc/mlmmjadmin-3.1.tar.gz) = 6bf02c12969688eb861d20a7dbb336d73f06434e46761df5e44089c8b7c882f1
    [ FAILED ]
<< ERROR >> Package verification failed. Script exit ...

Please help

5

Re: iRedMail-1.4.0 has been released

mlmmjadmin was re-packed to fix an issue, please re-download iRedMail-1.4.0 and try again.

6

Re: iRedMail-1.4.0 has been released

Where is version 1.4 download located?   All links lead to v 1.3.2 ...

7

Re: iRedMail-1.4.0 has been released

bodywise wrote:

Where is version 1.4 download located?   All links lead to v 1.3.2 ...

here: https://www.iredmail.org/download.html

Where did you find the incorrect link which is labeled as 1.4.0 version? I’d like to fix it.

8 (edited by bodywise 2021-04-19 15:15:58)

Re: iRedMail-1.4.0 has been released

ZhangHuangbin wrote:
bodywise wrote:

Where is version 1.4 download located?   All links lead to v 1.3.2 ...

here: https://www.iredmail.org/download.html

Where did you find the incorrect link which is labeled as 1.4.0 version? I’d like to fix it.

Thank you.  If you click any of the links (www.iredmail.org/download.html) it takes you to the main page which downloads v 1.3.2.  There is no link to v 1.4  anywhere.  I tried starting a new instance and it throws an error.  Must use most updated version.  So there are numerous references to v 1.4 but all links refer back to v 1.3.2.

thank you again,
Philip Lee Miller

9

Re: iRedMail-1.4.0 has been released

bodywise wrote:
ZhangHuangbin wrote:
bodywise wrote:

Where is version 1.4 download located?   All links lead to v 1.3.2 ...

here: https://www.iredmail.org/download.html

Where did you find the incorrect link which is labeled as 1.4.0 version? I’d like to fix it.

Thank you.  If you click any of the links (www.iredmail.org/download.html) it takes you to the main page which downloads v 1.3.2.  There is no link to v 1.4  anywhere.  I tried starting a new instance and it throws an error.  Must use most updated version.  So there are numerous references to v 1.4 but all links refer back to v 1.3.2.

update:
Apologies I see it just changed today

thank you again,
Philip Lee Miller

10 (edited by ThASattler 2021-04-23 17:01:46)

Re: iRedMail-1.4.0 has been released

Installing iRedMail-1.4.0 on a blank DEBIAN 10 Buster with SOGo included I get the following message:

Get:4 https://packages.inverse.ca/SOGo/nightly/5/debian buster InRelease [2513 B]
Err:4 https://packages.inverse.ca/SOGo/nightly/5/debian buster InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 19CDA6A9810273C4

I will open a new thread.
Edit: [SOLVED] Reason was that gnupg was not installed.

11

Re: iRedMail-1.4.0 has been released

This is missing from upgrade instructions:

# Whitelist HELO hostname used by Microsoft Outlook/Hotmail servers.

You only find it in changelog and github.

12

Re: iRedMail-1.4.0 has been released

tyllee wrote:

This is missing from upgrade instructions:

# Whitelist HELO hostname used by Microsoft Outlook/Hotmail servers.

You only find it in changelog and github.

Updated the tutorial:
https://docs.iredmail.org/upgrade.iredm … -hostnames

Thanks for the feedback. smile

13 (edited by awol123 2021-06-04 05:25:29)

Re: iRedMail-1.4.0 has been released

So this update has forced me to upgrade from Debian 9 to Debian 10 (Buster), not a bad thing but I had been putting it off knowing things would break on the iRedmail server.
For anyone else having to do the same, this is what I found:

* dovecot broke, follow the guide here: https://docs.iredmail.org/upgrade.dovecot.2.2-2.3.html
* nginx and iRedAPD broke - I ran the iRedAPD, iRedAdmin, netdata and mlmmjadmin update processes even though they were on the latest versions, this fixed the issues
* Had to install python-pip to install web.py
* PHP FPM now defaults to using a unix socket whereas nginx is configured to connect to it via IP using 127.0.0.1:9999. This breaks roundcube and in my case, a few other PHP tools, giving a Bad Gateway 502 error. I tried to get nginx working with the unix socket (using /run/php/php7.3-fpm.sock) but it kept breaking roundcube even more so reverted back to using IP (listen = 127.0.0.1:9999 in /etc/php/7.3/fpm/pool.d/www.conf) which fixed it.

For some reason, /sbin and /usr/sbin has been removed from the default PATH env so every update script failed when it tried to run service x restart.

Everything seems to be working now, I've opened the ports back up and mail is passing. The only thing i'm not sure about is fail2ban. Wasn't there a f2b chain/policy visible when you ran iptables -L before? I'm not seeing any now:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

14

Re: iRedMail-1.4.0 has been released

awol123 wrote:

Everything seems to be working now, I've opened the ports back up and mail is passing. The only thing i'm not sure about is fail2ban. Wasn't there a f2b chain/policy visible when you ran iptables -L before? I'm not seeing any now:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I had this same issue, and still do. Sieve rules are also not working. I have a new topic open for this.

15

Re: iRedMail-1.4.0 has been released

After upgrading to 1.4.0, sending to SOGO does not work.
Error in SOGO:
5.7.1 <localhost[127.0.0.1]>: Client host rejected: Access denied

/var/log/maillog:
Jul  9 14:21:24 mail postfix/submission/smtpd[19423]: connect from localhost[127.0.0.1]
Jul  9 14:21:24 mail postfix/submission/smtpd[19423]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
Jul  9 14:21:24 mail postfix/submission/smtpd[19423]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost[127.0.0.1]>: Client host rejected: 5.7.1 <localhost[127.0.0.1]>: Client host rejected: Access deniedAccess denied; from=<maxim@mydomain.ru> to=<maxim@mydomain.ru> proto=ESMTP helo$
Jul  9 14:21:24 mail postfix/submission/smtpd[19423]: lost connection after RCPT from localhost[127.0.0.1]
Jul  9 14:21:24 mail postfix/submission/smtpd[19423]: disconnect from localhost[127.0.0.1] ehlo=2 starttls=1 mail=1 rcpt=0/1 commands=4/5

/etc/postfix/main.cf:
mynetworks = 127.0.0.1 [::1]
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_helo_access pcre:/etc/postfix/helo_access.pcre
    reject_non_fqdn_helo_hostname
    reject_unknown_helo_hostname
smtpd_sender_restrictions =
    reject_non_fqdn_sender
    reject_unlisted_sender
    permit_mynetworks
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/sender_access.pcre
    reject_unknown_sender_domain
smtpd_recipient_restrictions =
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:127.0.0.1:7777
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    check_policy_service inet:127.0.0.1:12340
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr

proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps

16

Re: iRedMail-1.4.0 has been released

vitvkz wrote:

After upgrading to 1.4.0, sending to SOGO does not work.
Error in SOGO:
5.7.1 <localhost[127.0.0.1]>: Client host rejected: Access denied

Problem solved.
Was disabled SOGoSMTPAuthenticationType = PLAIN;