1

Topic: iRedMail-0.9.0 has been released.

Dear all,

Happy New Year. big_smile

The long waiting is over, iRedMail-0.9.0 final release is now available for download, thanks to all users who contributed and provided feedbacks, you made this release possible. i hope you will find it worth the long waiting.

* Download: https://bitbucket.org/zhb/iredmail/down … .0.tar.bz2
* Upgrade tutorials are available here: http://www.iredmail.org/docs/iredmail.releases.html

Highlight features in iRedMail-0.9.0
  • Supports RHEL/CentOS 7, Ubuntu 14.10, OpenBSD 5.6.

  • Nginx support. You can choose either Apache or Nginx as default web server during iRedMail installation.

  • SOGo groupware support. With SOGo integration, iRedMail now provides calendar (CalDAV) and contacts (CardDAV) services.

  • With MySQL/MariaDB/PostgreSQL, uses SSHA512 password hash on Linux, BCRYPT on FreeBSD/OpenBSD by default. SSHA is still the default one with OpenLDAP backend (better to integrate third-party applications).

  • 3 new plugins in iRedAPD, several bug fixes, performance improvement.

Below are the full changes since iRedMail-0.8.7:

Works on new distribution releases:
  • RHEL/CentOS 7.

  • Ubuntu 14.10 (codename: utopic)

  • OpenBSD 5.6. Note: Nginx is used as web server, the new built-in httpd daemon (not Apache-1.3) is not supported.

SOGo groupware integration:

SOGo groupware provides a rich AJAX-based Web interface and supports multiple native clients through the use of standard protocols such as CalDAV, CardDAV and GroupDAV, as well as Microsoft ActiveSync. Check its website for more details: http://sogo.nu/

Important notes of SOGo integration in iRedMail:

  • SOGo integration is available on below Linux distributions and releases:

    • RHEL/CentOS 6. SOGo project doesn't provide RPMs for CentOS 7 yet.

    • Debian 7.

    • Ubuntu 12.04 and 14.04. No official packages for 14.10 yet.

    • OpenBSD 5.6.

  • Full/native Exchange protocol support requires OpenChange and Samba4, but they're not integrated in iRedMail, so iRedMail-0.9.0 doesn't provide full/native support for Microsoft Outlook clients, Apple Mail.app and iOS devices. BlackBerry 10 works fine. Check our tutorial to setup your mail clients: http://www.iredmail.org/docs/index.html … plications

  • If you choose to install both Roundcube webmail and SOGo, Managesieve service is disabled in SOGo by default, because sieve rules generated by SOGo is not compatible with Roundcube webmail. but if you don't install Roundcube, managesieve will be enabled in SOGo by default, plus vacation and forwarding support.

  • User cannot change password with PostgreSQL backend.

Improvements
  • Nginx support is now available on all Linux/BSD distributions. Note: If you choose to use Nginx as default web server, both Awstats and Cluebringer are not accessible, because Nginx doesn't have official SQL/LDAP auth modules. You have to switch to Apache instead, and reset mail user password to MD5.

  • MariaDB support is now available on FreeBSD.

  • Add new index for SQL column 'msgs.spam_level' in 'amavisd' database.

  • With MySQL/PostgreSQL backends, password hash is now SSHA512 by default on Linux, and BCRYPT on FreeBSD and OpenBSD. Both Roundcube password plugin and iRedAdmin support them. Note: if you want to login to Awstats/Cluebringer, you have to reset mail user password to MD5 since Apache sql/ldap auth doesn't support SSHA512/BCRYPT.

  • Enable '@lookup_sql_dsn' in Amavisd by default, used for per-recipient lookup policy, including white/blacklist, spam policy, incoming message size limit.

  • Enable global sieve script in Dovecot to move spam to Junk folder by default.

  • Disable SSLv3 in Postfix, Dovecot, Apache, Nginx.

  • Backup scripts will log backup status in SQL table `iredadmin`, so that admin can easily check backup status with iRedAdmin.

  • New index in `amavisd` database for SQL column `policy.policy_name`. Required by iRedAdmin-Pro self-service.

Fixed issues
  • Not detect domain backupmx status while querying Postfix per-domain transport.

  • Replace mod_auth_mysql/pgsql by apr-util-mysql/pgsql for Awstats and Cluebringer webui user authentication on Debian/Ubuntu.

  • Set 'receive_override_options=no_address_mappings' in Postfix to disable address mappings before content filter (Amavisd, in our case), and remove 'no_address_mappings' in Postfix master.cf defined for transport '127.0.0.1:10025'. Note: you must comment out 'receive_override_options=no_address_mappings' in Postfix if you don't have a content filter.

  • Not enable cron job to update SpamAssassin rules in file /etc/default/spamassassin (CRON=1) on Debian/Ubuntu.

  • Incorrect quota dict name in Dovecot quota warning script.

  • Decrease number of pre-forked Amavisd processes ($max_servers) to 4 by default to reduce memory usage.

  • Add missing SQL column (mailbox.enableindexer-worker) and LDAP attribute/value pair: enabledService=indexer-worker. Required by Dovecot. Thanks dwbotsch <botsch _at_ cnf.cornell.edu> for the report.

Updated packages:
  • Roundcube webmail -> 1.0.4

  • iRedAPD -> 1.4.4. This is a huge update: 3 new plugins, multiple smtp protocol state support, big improvement in plugin 'reject_sender_login_mismatch', several bug fixes, one big performance improvement, easier upgrade. Please check ChangeLog file to view technical details.

  • iRedAdmin -> 0.4. New tool scripts, fixes several issues.

FreeBSD ports of major component:

  • Apache: www/apache24

  • PHP: lang/php56

  • MySQL: databases/mysql56-server

  • MariaDB: databases/mariadb55-server

  • PostgreSQL: databases/postgresql93-server

Below packages are removed from iRedMail due to security concern:
  • phpMyAdmin

  • phpPgAdmin

  • phpLDAPadmin

If you need a web-based sql management tool, please try http://adminer.org/ (web-based, a single PHP file) or other desktop applications instead.

For local LDAP management, you can try ldapvi (http://www.lichteblau.com/ldapvi/) in terminal. For remote LDAP management, you can try http://www.ldapadmin.org/ on Windows PC, or Apache Directory Studio on Windows/Linux/BSD/Mac: http://directory.apache.org/studio/ (Java application).

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail-0.9.0 has been released.

Hi Huang,

ZhangHuangbin wrote:

Happy New Year. big_smile

Same to you smile

I have just made the upgrade from 0.8.7 to 0.9.0 on Debian Wheezy with LDAP backend. Everything seems to have worked fine except for the following error when updating iRedAdmin (OSS) - Then script continued and gave a last reply that upgrade was successful.

upgrade_iredadmin.sh: line 100: [: too many arguments

Does this have any influence on the upgrade?

Last a little request for updating apache2 on Debian and Ubuntu:

I think the proper Debian way to disable SSLv3 in apache2 would be to add the config to /etc/apache2/conf.d/security instead of
/etc/apache2/apache.conf

Michael.

3

Re: iRedMail-0.9.0 has been released.

mir wrote:

upgrade_iredadmin.sh: line 100: [: too many arguments
Does this have any influence on the upgrade?

Please check iRedAdmin config file (settings.py), does the script add one commend line and parameter "amavisd_enable_policy_lookup = True" in it?

It's a minor bug, but it doesn't matter. Fixed moment ago.

mir wrote:

I think the proper Debian way to disable SSLv3 in apache2 would be to add the config to /etc/apache2/conf.d/security instead of /etc/apache2/apache.conf

it should be ok to add it in any Apache config file which will be read by Apache. I think /etc/apache2/apache.conf is fine. smile

4

Re: iRedMail-0.9.0 has been released.

ZhangHuangbin wrote:

Please check iRedAdmin config file (settings.py), does the script add one commend line and parameter "amavisd_enable_policy_lookup = True" in it?

It's a minor bug, but it doesn't matter. Fixed moment ago.

It was in settings.py so the warning obviously was only cosmetic;)

5

Re: iRedMail-0.9.0 has been released.

mir wrote:

It was in settings.py so the warning obviously was only cosmetic;)

OK. Anyway, this small bug was fixed moment ago.

6

Re: iRedMail-0.9.0 has been released.

Hi all,

I have a problem with a part of the update proccess.
When applying this part to Postfix with MySQL : Fix improper Postfix setting in both main.cf and master.cf

Where actions are :

postconf -e receive_override_options='no_address_mappings'

and

# Part of file: /etc/postfix/master.cf

# ORIGINAL setting
#    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

# MODIFIED setting
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Then I'm no longer allowed to receive emails on aliases. I receive the error :

Jan  2 02:27:18 mx1 postfix/pipe[21093]: E851C40F34: to=<abuse@mydomain.com>, relay=dovecot, delay=1.2, delays=1.1/0.01/0/0.07, dsn=5.1.1, status=bounced (user unknown)

7

Re: iRedMail-0.9.0 has been released.

Please show us output of command "postconf -n".

8

Re: iRedMail-0.9.0 has been released.

root@mx1:~# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 15728640
milter_default_action = accept
milter_protocol = 6
mime_header_checks = regexp:/etc/postfix/header_checks
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = mydomain.com
myhostname = mx1.mydomain.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = mx1.mydomain.com
non_smtpd_milters = inet:127.0.0.1:8891
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_run_delay = 300s
readme_directory = no
receive_override_options = no_address_mappings
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 0
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

9

Re: iRedMail-0.9.0 has been released.

Well, you don't have "content_filter" in main.cf, and you didn't check iRedMail upgrade tutorial carefully:

IMPORTANT NOTE: If you want to disable content_filter= in Postfix, please comment out receive_override_options= in Postfix config file main.cf too, otherwise canonical address mapping, virtual alias map expansion, address masquerading, and automatic BCC (blind carbon-copy) recipients will not work.

10

Re: iRedMail-0.9.0 has been released.

I've read that, but I was thinking that content_filter was enabled, and I didn't want to turn it off.
So it's my fault sorry, but I'm new with iRedMail so I was not aware that I had to have content_filter somewhere in main.cf.

11 (edited by 3m 2015-01-04 05:13:00)

Re: iRedMail-0.9.0 has been released.

Highlight features in iRedMail-0.9.0
Supports RHEL/CentOS 7, Ubuntu 14.10, OpenBSD 5.6.
Nginx support. You can choose either Apache or Nginx as default web server during iRedMail installation.
SOGo groupware support. With SOGo integration, iRedMail now provides calendar (CalDAV) and contacts (CardDAV) services.
With MySQL/MariaDB/PostgreSQL, uses SSHA512 password hash on Linux, BCRYPT on FreeBSD/OpenBSD by default. SSHA is still the default one with OpenLDAP backend (better to integrate third-party applications).
3 new plugins in iRedAPD, several bug fixes, performance improvement.

what FreeBSD has not supported ? sad 
authentication error in awstats for  apache24 fixed?

12

Re: iRedMail-0.9.0 has been released.

¡¡ YEAH !! smile

Happy new year to everybody!

Regards and, thanks Mr. Zhang Huangbin

13

Re: iRedMail-0.9.0 has been released.

Missing upgrade steps of iRedMail-0.9.0 from 0.8.7

*IredAdmin Pro whitelists and blakclists are LOST/Deleted, how do we recover and migrate them to the new system ?
We had 100 whitelists and 9000 blakclists, after the upgrade we have 0

*SOGo groupware integration:  how to add/enable this

*Enable global sieve script in Dovecot to move spam to Junk folder by default: how to add/enable this

*Backup scripts will log backup status in SQL table `iredadmin`, so that admin can easily check backup status with iRedAdmin:  how to add/enable this

14

Re: iRedMail-0.9.0 has been released.

extremeshok wrote:

*IredAdmin Pro whitelists and blakclists are LOST/Deleted, how do we recover and migrate them to the new system ?

Sorry about this, will offer a migration tool later. And the old whitelists/blacklists are still stored in cluebringer database, not deleted.

extremeshok wrote:

*SOGo groupware integration:  how to add/enable this

Will provide detailed tutorial later, but it won't be too soon.

extremeshok wrote:

*Enable global sieve script in Dovecot to move spam to Junk folder by default: how to add/enable this

If you don't need this feature, you don't need to enable it.
Anyway, i will update iRedMail upgrade tutorial to cover this later.

extremeshok wrote:

*Backup scripts will log backup status in SQL table `iredadmin`, so that admin can easily check backup status with iRedAdmin:  how to add/enable this

Will update iRedMail upgrade tutorial later.

Thanks very much for your feedback.

15

Re: iRedMail-0.9.0 has been released.

Hi.

SOGo groupware support. With SOGo integration, iRedMail now provides calendar (CalDAV) and contacts (CardDAV) services.

Freebsd will have this features??

16

Re: iRedMail-0.9.0 has been released.

Hi jorge,

Sogo is not available in FreeBSD ports tree, so it won't be integrated on FreeBSD. Sorry.

17

Re: iRedMail-0.9.0 has been released.

Hi

Some questions about SOGo integration:

1) Is LDAP group acl  enabled ?
2) Is booking resource enabled ?

Thx

18

Re: iRedMail-0.9.0 has been released.

Hi, I just tried to install iRedMail on Ubuntu 14.04.1. I choose Apache, LDAP and SOGo but no roundcube. Additional DKIM, SpamAssassin etc. I got an error during installation of SpamAssassin:

Adding new user `debian-spamd' (UID 114) with group `debian-spamd' ...
Creating home directory `/var/lib/spamassassin' ...
-su: 70: Syntax error: Bad fd number
dpkg: error processing package spamassassin (--configure):
subprocess installed post-installation script returned error ext status 2
dpkg: dependency problems prevent configuration of sa-compile:
sa-compile depends on spamassassin (>= 3.3.2-8); however:
  Package spamassassin is not configured yet.

pdkg: error processing package sa-compile (--configure):
depeendency problems - leaving unconfigured
Processing triggers for php5-fpm (5.5.9+dfsg-1ubuntu4.5) ...
php5-fpm stop/waiting
No apport report written because the error message indicates its a followup error from a previous failure.
      php5-fpm start/runnning, process 22110
Setting up postfix-cluebringer-webui (2.0.10-1) ...
Processing triggers for libc-bin (2.19-0ubuntu6.4) ...
Processing triggers for ureadhead (0.100.0-16) ...
Errors were encountered while processing:
spamassassin
sa-compile
E: Sub-process /usr/bin/pdkg returned an error code (1)
< ERROR > Instalation failed, please check the terminal output.
You have mail in /var/mail/root

In /var/mail/root are three mails with identical content:

Error while processing /etc/awstats/awstats.conf
Error: SiteDowmain parameter not defined in your config/domain file. You must edit it for using this version of AWStats.
Setup (`/etc/awstats.conf' file, web server or permission) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).


How can I get a clean installation of iRedMail?

19 (edited by srd2010 2015-01-07 20:49:49)

Re: iRedMail-0.9.0 has been released.

Hi..

how do we get SoGo Integration when upgrading from 0.8.7. to 0.9.0  ?

20

Re: iRedMail-0.9.0 has been released.

buzzzo wrote:

1) Is LDAP group acl enabled ?
2) Is booking resource enabled ?

Excuse me, what do you mean "LDAP group acl" and "booking resource"?

21

Re: iRedMail-0.9.0 has been released.

theolmue wrote:

I got an error during installation of SpamAssassin:
...
-su: 70: Syntax error: Bad fd number
...
sa-compile depends on spamassassin (>= 3.3.2-8); however:
  Package spamassassin is not configured yet.
...
Errors were encountered while processing:
spamassassin
sa-compile

Looks like caused by Ubuntu binary packages, i have no idea at all. Did you use official Ubuntu apt repositories?

22

Re: iRedMail-0.9.0 has been released.

srd2010 wrote:

how do we get SoGo Integration when upgrading from 0.8.7. to 0.9.0  ?

I will write a separate SOGo installation guide later, but please don't expect to be too soon.

23

Re: iRedMail-0.9.0 has been released.

ZhangHuangbin wrote:
theolmue wrote:

I got an error during installation of SpamAssassin:
...
-su: 70: Syntax error: Bad fd number
...
sa-compile depends on spamassassin (>= 3.3.2-8); however:
  Package spamassassin is not configured yet.
...
Errors were encountered while processing:
spamassassin
sa-compile

Looks like caused by Ubuntu binary packages, i have no idea at all. Did you use official Ubuntu apt repositories?

Thank you for your quick response.
Yes, I use official Ubuntu binaries. I suspected already somethink like your answer, but I had have hope, you might have an genius idea.

24 (edited by theolmue 2015-01-08 23:28:20)

Re: iRedMail-0.9.0 has been released.

Hi,
Ubuntu binary of spamassassin has version 3.4.0-1ubuntu1. So it seems not to be a simple version conflict. Do you have any idea about the syntax error I found in console output?

-su: 70: Syntax error: Bad fd number

Any idea wich command raises this error and how to correct the syntax? I just searched online, but I found no match on this message.

25

Re: iRedMail-0.9.0 has been released.

No idea at all. I suggest you contact Ubuntu package maintainer instead.