1

Topic: Call for testers: iRedMail-0.9.1-beta1 has been released.

Dear all,

Here's iRedMail-0.9.1-beta1, we need your help to test it on your favourite Linux/BSD distributions before mark it as a stable release.

* Download it directly with this link: https://bitbucket.org/zhb/iredmail/down … a1.tar.bz2
* IMPORTANT NOTE: This is still a beta release, do NOT deploy it for production use, and we don't provide upgrade tutorial for beta releases.

Below are detailed changes since iRedMail-0.9.0:

Works on new distribution releases:
  • Debian 8, Ubuntu 15.04. Notes:

    • Roundcube and iRedAdmin are now stored under /opt/www.

    • Cluebringer is not installed due to package missing in official repo, that means your server doesn't support greylisting and throttling. We will develop plugins for iRedAPD to offer greylisting and throttling features in the future.

    • SOGo is not installed due to package missing in upstream (SOGo) repo.

  • OpenBSd 5.7. Notes:

    • No official MySQL binary packages, so please use MariaDB instead.

Drop support for old distribution releases:
  • Ubuntu 12.04, 14.10. Please use Ubuntu 14.04 LTS or 15.04 instead.

Improvements
  • Log most terminal output of iRedMail installation to file 'runtime/install.log', used for troubleshooting after installation.

  • Backup scripts are able to delete old backup copies. Default setting is keeping backup copies for 90 days.

  • [LDAP] Allow mailing list account to use attributes: gidNumber, memberUid.

  • Don't install both Apache and Nginx, just one of them.

Debian/Ubuntu package maintainer over-designed the post-install
script, it will restart service after package installed, if we have
both installed, installing another one will fail, because network
ports are used by the first one.

Same reason as above, if we have both installed, upgrading both of
them will trigger service restarting too. This may cause the
currently running web service cannot start.

  • Make Dovecot subscribe newly created folder automatically. Thanks Michael Telatynski <postmaster _at_ webdevguru.co.uk> for the patch.

  • Able to restrict user to login for specified IP addresses or networks, multiple IP addresses or networks must be separated by comma.

    • LDAP backend: IP addresses or networks must be listed in attribute `allowNets` in user object.

    • SQL backends: IP addresses or networks must be listed in SQL column `mailbox.allow_nets`.

  • Bypass greylisting for some big ISPs (samples/cluebringer/greylisting-whitelist.sql).

  • Setup Fail2ban to monitor SOGo log file.

  • Add two new Fail2ban filters to help catch spam.

Fixed issues
  • Amavisd cannot ban zipped '.exe' file on RHEL/CentOS.

  • Install package `unrar` as rar unarchiver on RHEL/CentOS/Debian/Ubuntu.

  • Incorrect log file and owner/group in /etc/logrotate.d/policyd.

  • Cannot send email to user+ext@domain.com when per-domain catch-all is enabled. Note: not fixed with LDAP backend yet.

  • Cannot send mail with Roundcube and PHP 5.6.

  • Cannot run PHP scripts under web document root with Nginx.

  • Not use user's identity as envelope sender for 'return receipt' responses.

  • Not backup SOGo SQL database.

  • Incorrect path of command 'sogo-tool' on OpenBSD.

  • Not apply service restriction in Dovecot SQL query file while acting as SASL server.

Updated packages
  • Roundcube webmail -> 1.1.1

  • iRedAdmin -> 0.4.2 (open source edition).

  • iRedAPD -> 1.5.0.

  • uwsgi -> 2.0.9. OpenBSD only.

Known issues
  • OpenLDAP backend: if you have catch-all account enabled for mail domain, email sent to user+extension@domain.com will be delivered to catch-all account.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

Great news!
I have two questions. If I install the beta 1, can I later upgrade to the stable release, without loss of configuration files?
And the next question. Will I be able to upgrade from version 0.9.0 to 0.9.1 stable version, and also without the loss of configuration files?
Thank you!

3

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

Has the issue with LDAP backend and nginx been solved?

By issue I am referring to cluebringer and awstats and missing nginx SQL/LDAP auth module.

4

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

@kysil: 1) Yes you can but we won't provide a beta->stable guide, you'll just have to look at the stable upgrade guide and do any steps you hadn't done before.
2) Our updates are rather manual due to the nature of iRedMail being so customizeable, so if you take care not to override your own changes to the config then they will remain. The guide that will be created for 0.9.0 => 0.9.1 will be based on the current 0.9.0 => 0.9.1beta1 guide.

@mir: NGinx lacks a suitable SQL Auth module, so it is an issue that as far as I know still exists and is not just in the LDAP Backend.

5

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

7t3chguy wrote:

@mir: NGinx lacks a suitable SQL Auth module, so it is an issue that as far as I know still exists and is not just in the LDAP Backend.

As I understand it 0.9.1 will only ship with nginx so how has this been solved?

6

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

It installs EITHER Nginx or Apache, currently 0.9.0 installs both (and configures both) but only starts the chosen one by default. 0.9.1 will only install the one you choose instead, so if you'd like to have the interfaces, go with Apache smile

7

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

7t3chguy wrote:

It installs EITHER Nginx or Apache, currently 0.9.0 installs both (and configures both) but only starts the chosen one by default. 0.9.1 will only install the one you choose instead, so if you'd like to have the interfaces, go with Apache smile

Exactly. Or, use basic auth without SQL/LDAP, it's supported by Nginx.

8

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

ZhangHuangbin wrote:
7t3chguy wrote:

It installs EITHER Nginx or Apache, currently 0.9.0 installs both (and configures both) but only starts the chosen one by default. 0.9.1 will only install the one you choose instead, so if you'd like to have the interfaces, go with Apache smile

Exactly. Or, use basic auth without SQL/LDAP, it's supported by Nginx.

I think I will stick to apache until the nginx-auth-ldap module is merged into nginx. Maintaining two user user pools seems not like progress to me;-)

9

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

mir wrote:

I think I will stick to apache until the nginx-auth-ldap module is merged into nginx.

Who knows when nginx-auth-ldap will be merged into nginx ...

10

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

ZhangHuangbin wrote:
Drop support for old distribution releases:
  • Ubuntu 12.04, 14.10. Please use Ubuntu 14.04 LTS or 15.04 instead.

Just out of interest, why will Ubuntu 12.04 no longer be supported? This is an LTS release and official maintenance releases are available until April 2017, yet you also state to use 15.04 which according to http://www.ubuntu.com/info/release-end-of-life is only supported until the end of 2016.  Is there a technical reason?

Paul

11

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

I'm guessing he's just trying to lighten his workload, each change he makes has to be tested on every OS with every configuration permutation. Drop 2 old releases, add a new one; I'm guessing he believes that anyone using 12LTS will be happy to upgrade to 14LTS, and in most cases this is probably true.
Most important thing is, this is Installer Compatibility, so existing 12LTS installations will be unaffected and running through manual updates will remain functional. Not many people provisioning a new system for iRedMail would install 12LTS as their chosen release.

12

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

paulgit wrote:

Just out of interest, why will Ubuntu 12.04 no longer be supported? This is an LTS release and official maintenance releases are available until April 2017, yet you also state to use 15.04 which according to http://www.ubuntu.com/info/release-end-of-life is only supported until the end of 2016.  Is there a technical reason?

Hi Paul,

iRedMail script will check whether there's new version when you run iRedMail installer, so we know how many people are deploying iRedMail on which Linux/BSD distribution, and here's the data of iRedMail-0.9.0 till i writing this reply post:

Total    Distro    Ver.    Code Name
9143    UBUNTU    14.04    trusty
6440    RHEL    6    centos
5977    DEBIAN    7    wheezy
2437    RHEL    7    centos
1428    UBUNTU    12.04    precise
904    UBUNTU    14.10    utopic
782    FREEBSD    10    
375    RHEL    6    rhel
144    UBUNTU    7    
109    FREEBSD    9    
27739 [total]        

As you see, most Ubuntu users choose 14.04 LTS, not 12.04 LTS. I know Ubuntu offers long term support for 12.04, but that doesn't mean we should do this. we need to reduce our workload (as t3chguy mentioned) and still please our most users.

About supporting the latest Ubuntu even it's not LTS release, it helps us to stay close the the latest technologic used in the latest Linux/BSD distributions.

13

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

ZhangHuangbin wrote:
paulgit wrote:

Just out of interest, why will Ubuntu 12.04 no longer be supported? This is an LTS release and official maintenance releases are available until April 2017, yet you also state to use 15.04 which according to http://www.ubuntu.com/info/release-end-of-life is only supported until the end of 2016.  Is there a technical reason?

Hi Paul,

iRedMail script will check whether there's new version when you run iRedMail installer, so we know how many people are deploying iRedMail on which Linux/BSD distribution, and here's the data of iRedMail-0.9.0 till i writing this reply post:

Total    Distro    Ver.    Code Name
9143    UBUNTU    14.04    trusty
6440    RHEL    6    centos
5977    DEBIAN    7    wheezy
2437    RHEL    7    centos
1428    UBUNTU    12.04    precise
904    UBUNTU    14.10    utopic
782    FREEBSD    10    
375    RHEL    6    rhel
144    UBUNTU    7    
109    FREEBSD    9    
27739 [total]        

As you see, most Ubuntu users choose 14.04 LTS, not 12.04 LTS. I know Ubuntu offers long term support for 12.04, but that doesn't mean we should do this. we need to reduce our workload (as t3chguy mentioned) and still please our most users.

About supporting the latest Ubuntu even it's not LTS release, it helps us to stay close the the latest technologic used in the latest Linux/BSD distributions.

I can totally relate to and understand the workload aspect for a small team, as it happens I am running 0.9.x on several 12.04 servers but I manually upgraded from 0.8.x so that would not show in the stats. Looks like I must plan for a major OS upgrade across my servers, I just hadn't planned on doing it so soon! Would you recommend I consider switching to Centos or Debian to get longer iRedMail support?

Thanks for the quick reply, keep up the good work.

Paul

14

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

7t3chguy wrote:

I'm guessing he's just trying to lighten his workload, each change he makes has to be tested on every OS with every configuration permutation. Drop 2 old releases, add a new one; I'm guessing he believes that anyone using 12LTS will be happy to upgrade to 14LTS, and in most cases this is probably true.
Most important thing is, this is Installer Compatibility, so existing 12LTS installations will be unaffected and running through manual updates will remain functional. Not many people provisioning a new system for iRedMail would install 12LTS as their chosen release.

If the manual upgrade remains functional then that will buy me some time. I agree with your comments, that it's unlikely new installs will be on 12LTS. The fact that this was an installer compatibility issue was not clear to me. Thanks for the clarification.

Paul

15

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

paulgit wrote:

Looks like I must plan for a major OS upgrade across my servers, I just hadn't planned on doing it so soon! Would you recommend I consider switching to Centos or Debian to get longer iRedMail support?

We provides upgrade tutorials for existing iRedMail servers, i don't see you need to upgrade.
new iRedMail release just forces you to use a new Linux/BSD release, it doesn't impact your existing iRedMail servers.

Hope it helps.

16

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

So to understand this correctly: When the final release of iRedMail 0.91 comes out I can update my iRedMail Installation from 0.90 to 0.91 and then upgrade my Debian Wheezy 7.8 to Jessie? Because right know I'm waiting with the upgrade to Jessie because I'm afraid I will crash iRedMail 0.90.

17

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

bodkov wrote:

So to understand this correctly: When the final release of iRedMail 0.91 comes out I can update my iRedMail Installation from 0.90 to 0.91 and then upgrade my Debian Wheezy 7.8 to Jessie? Because right know I'm waiting with the upgrade to Jessie because I'm afraid I will crash iRedMail 0.90.

Should be fine. but i suggest you try it on a testing machine first, you know upgrading Debian is not under our control.
if you have any issue, post in this forum please.

18 (edited by Prodigy 2015-05-07 19:47:29)

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

I have installed this version on new freshly installed droplet on digitalocean, after reboot i am able to access port 443 but after several seconds i cannot access iredmail interface anymore, the same thing if i am using direct ip to access 443, e-mail client also mentioning my login is false, there is no noticeable error appear on nginx error log. Restarting nginx also giving me the same results. I am on ubuntu 14.04 LTS with mariadb and nginx enabled.

# netstat -a | egrep 'Proto|LISTEN' 
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:pop3s                 *:*                     LISTEN     
tcp        0      0 localhost:10024         *:*                     LISTEN     
tcp        0      0 localhost:10025         *:*                     LISTEN     
tcp        0      0 localhost:mysql         *:*                     LISTEN     
tcp        0      0 *:submission            *:*                     LISTEN     
tcp        0      0 localhost:11211         *:*                     LISTEN     
tcp        0      0 localhost:9998          *:*                     LISTEN     
tcp        0      0 *:pop3                  *:*                     LISTEN     
tcp        0      0 localhost:10031         *:*                     LISTEN     
tcp        0      0 *:imap2                 *:*                     LISTEN     
tcp        0      0 *:http                  *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 *:24                    *:*                     LISTEN     
tcp        0      0 *:smtp                  *:*                     LISTEN     
tcp        0      0 *:gdomap                *:*                     LISTEN     
tcp        0      0 *:https                 *:*                     LISTEN     
tcp        0      0 *:sieve                 *:*                     LISTEN     
tcp        0      0 localhost:20000         *:*                     LISTEN     
tcp        0      0 localhost:7777          *:*                     LISTEN     
tcp        0      0 *:imaps                 *:*                     LISTEN     
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN     
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN     
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 [::]:24                 [::]:*                  LISTEN     
tcp6       0      0 [::]:sieve              [::]:*                  LISTEN     
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN

It seems the problems lies on the iptables ?

root@mail:~# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination         
fail2ban-SOGo  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
fail2ban-postfix  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
fail2ban-dovecot  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
fail2ban-roundcube  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
fail2ban-default  tcp  --  0.0.0.0/0            0.0.0.0/0           
fail2ban-default  tcp  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:993

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-SOGo (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-default (2 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-dovecot (1 references)
target     prot opt source               destination         
REJECT     all  --  36.72.125.2          0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-postfix (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-roundcube (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Disabling iptables fixes the issue, my /etc/default/iptables :

#---------------------------------------------------------------------
# This file is part of iRedMail, which is an open source mail server
# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
#
# iRedMail is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# iRedMail is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with iRedMail.  If not, see <http://www.gnu.org/licenses/>.
#---------------------------------------------------------------------

#
# Sample iptables rules. It should be localted at:
#   /etc/sysconfig/iptables
#
# Shipped within iRedMail project:
#   * http://www.iRedMail.org/
#

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Keep state.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

# Allow PING from remote hosts.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# ssh
-A INPUT -p tcp --dport 22 -j ACCEPT

# http, https
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT

# pop3, pop3s
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# imap, imaps
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

# ldap/ldaps
#-A INPUT -p tcp --dport 389 -j ACCEPT
#-A INPUT -p tcp --dport 636 -j ACCEPT

# MySQL service.
# Note: Please make sure MySQL service is not binding to localhost with
#       'bind-address=127.0.0.1'.
#-A INPUT -p tcp --dport 3306 -j ACCEPT

# PostgreSQL service.
#-A INPUT -p tcp --dport 5432 -j ACCEPT

# ftp.
#-A INPUT -p tcp --dport 20 -j ACCEPT
#-A INPUT -p tcp --dport 21 -j ACCEPT

# ejabberd
#-A INPUT -p tcp --dport 5222 -j ACCEPT
#-A INPUT -p tcp --dport 5223 -j ACCEPT
#-A INPUT -p tcp --dport 5280 -j ACCEPT

COMMIT

19

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

You have several password failures (or other errors) which triggers Fail2ban to invoke iptables to block your IP address. As a temporary solution, it's ok to disable Fail2ban service. but it's recommended to enable it after your clients have their MUA correctly configured.

20

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

Is there any plan to use Shorewall as firewall? Fail2ban can use Shorewall as backend.

21

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

kuadhual wrote:

Is there any plan to use Shorewall as firewall? Fail2ban can use Shorewall as backend.

No.

22

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

an idea of the release date for 0.9.1?  next week, next month?

23

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

Bug with new feature of removing old backups after specified keep period :

backup_pgsql.sh :

/var/vmail/backup/backup_pgsql.sh: line 177: -u: command not found

line 177:   ${CMD_MYSQL} -u"${MYSQL_USER}" -p"${MYSQL_PASSWD}" iredadmin -e "${sql_log_msg}"

24

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

stannicek wrote:

Bug with new feature of removing old backups after specified keep period :

backup_pgsql.sh :

/var/vmail/backup/backup_pgsql.sh: line 177: -u: command not found

line 177:   ${CMD_MYSQL} -u"${MYSQL_USER}" -p"${MYSQL_PASSWD}" iredadmin -e "${sql_log_msg}"

Fixed, thanks for your feedback.
https://bitbucket.org/zhb/iredmail/comm … p_pgsql.sh

25 (edited by Admire 2015-05-12 20:56:36)

Re: Call for testers: iRedMail-0.9.1-beta1 has been released.

Debian 8

[ INFO ] Configure PHP.
-i used with no filenames on the command line, reading from STDIN.