From iRedMail
Warning: this page is still under working, do *NOT* apply it.
General Update, all backends should apply these changes.
Apply hotfix for iRedMail-0.5.1
All users should apply hotfix for iRedMail-0.5.1 before go further: http://iredmail.org/hotfix-051.html
Add missing MySQL table (Debian/Ubuntu only)
Note: This step is ONLY required on Debian/Ubuntu.
- You should manually import another MySQL table if you are using below distributions:
- Debian 5
- Ubuntu 8.04
- Ubuntu 9.04
| Terminal:
|
$ mysql -uroot -p postfixpolicyd
mysql> SOURCE /usr/share/dbconfig-common/data/postfix-policyd/upgrade/mysql/1.73-1;
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON postfixpolicyd.* TO postfix-policyd@localhost;
mysql> quit;
|
Note: It will create a new table postfixpolicyd.blacklist_dnsname. Used to block emails sent from blacklist_dnsname in Policyd,
Upgrade Roundcube to 0.3.1
Upgrade Roundcube webmail to 0.3.1
Roundcube-0.3.1 brings new features and better performance, all users are encouraged to upgrade it.
To upgrade roundcube to 0.3.1, we should:
- Backup current roundcube installation.
- Download roundcube source tarball: roundcubemail-0.3.1.tar.gz, and uncompress it.
- Copy it to apache server root directory.
- Replace symbol link by new version.
- Create new config files and synchronize settings from old configuration files.
- Enable necessary plugins.
- Restart apache web server
- [Next Step] Configure plugin (managesieve) to allow user to customize mail filter rule.
Steps to upgrade it:
- Backup current roundcube installation.
- We should backup roundcubemail database in MySQL. If upgrade failed, we can recovery it from this backup copy.
- Backing up installation files is not required since we won't move or override them during upgrade procedure.
| Terminal:
|
$ mysqldump -uroot -p --default-character-set=utf8 roundcubemail > /opt/roundcubemail-old.sql
|
File /opt/roundcubemail-old.sql is the backup copy of current roundcubemail database.
- Download Roundcube 0.3.1 from official download site OR from iRedMail web site:
| Terminal:
|
# ---- Download it to /root/ directory as example ----
# cd /root/
# wget http://iredmail.org/yum/misc/roundcubemail-0.3.1.tar.gz
# tar zxf roundcubemail-0.3.1.tar.gz
|
- Copy it to apache server root directory:
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# cp -rf /root/roundcubemail-0.3.1 /var/www/
#
# ---- On Debian/Ubuntu ----
#
# cp -rf /root/roundcubemail-0.3.1 /usr/share/apache2/
|
- Remove old symbol link, and create a new one:
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# cd /var/www/
# rm -i roundcubemail # Do not use command 'rm' with '-r' flag here.
# ln -s roundcubemail-0.3.1 roundcubemail
#
# ---- On Debian/Ubuntu ----
#
# cd /usr/share/apache2/
# rm -i roundcubemail
# ln -s roundcubemail-0.3.1 roundcubemail
|
- Create new config files and synchronize settings from old configuration files.
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# cd /var/www/roundcubemail/config/
# cp db.inc.php.dist db.inc.php # Database config file.
# cp main.inc.php.dist main.inc.php # Main config file.
#
# ---- On Debian/Ubuntu ----
#
# cd /usr/share/apache2/roundcubemail/config/
# cp db.inc.php.dist db.inc.php # Database config file.
# cp main.inc.php.dist main.inc.php # Main config file.
|
Sync database config file db.inc.php with below config parameters:
| File: roundcubemail/config/db.inc.php
|
$rcmail_config['db_dsnw'] =
|
Sync config parameters in main config file main.inc.php. Roundcube 0.3.1 has some new config parameters in main config file main.inc.php, but you can use most of them with default values. What we need to do is syncing config parameters from old installation.
| File: roundcubemail/config/main.inc.php
|
$rcmail_config['enable_installer'] = FALSE;
$rcmail_config['check_all_folders'] = TRUE;
$rcmail_config['default_host'] =
$rcmail_config['smtp_server'] =
$rcmail_config['smtp_user'] = "%u";
$rcmail_config['smtp_pass'] = "%p";
$rcmail_config['smtp_auth_type'] = "LOGIN";
$rcmail_config['username_domain'] =
$rcmail_config['language'] =
$rcmail_config['enable_spellcheck'] =
$rcmail_config['default_charset'] = "UTF-8";
$rcmail_config['useragent'] = "RoundCube WebMail";
$rcmail_config['create_default_folders'] = TRUE;
$rcmail_config['mime_param_folding'] = 1;
$rcmail_config['identities_level'] = 3;
$rcmail_config['preview_pane'] = TRUE;
$rcmail_config['quota_zero_as_unlimited'] = TRUE;
$rcmail_config['log_driver'] = "syslog";
$rcmail_config['syslog_id'] = "roundcube";
$rcmail_config['syslog_facility'] = LOG_MAIL;
$rcmail_config['log_logins'] = TRUE;
$rcmail_config['delete_always'] = TRUE;
#
# ---- Global LDAP Address Book ----
# You can simply copy from old config file.
#
$rcmail_config['ldap_public']
|
- Enable necessary plugins.
Roundcube 0.3.1 officially ships some plugins, currently, we need two plugins: password, managesieve. List them in main config file: main.inc.php.
| File: roundcubemail/config/main.inc.php
|
$rcmail_config['plugins'] = array("password", "managesieve",);
|
Tips: Plugin name is same as folder name which under roundcubemail/plugins/ directory, and we have to enter plugin directory to config them.
- Restart apache web server.
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# /etc/init.d/httpd restart
#
# ---- On Debian/Ubuntu ----
#
# /etc/init.d/apache2 restart
|
Apply two patches
About these two patches:
Steps to patch your roundcube 0.3.1:
| Terminal:
|
# cd /tmp/
# wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/roundcube-CVE-2010-0464.patch
# wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/managesieve_rule_width_on_safari.patch
# cd /var/www/roundcubemail/
# patch -p0 < /tmp/roundcube-CVE-2010-0464.patch
# patch -p0 < /tmp/managesieve_rule_width_on_safari.patch
|
| Terminal:
|
# cd /tmp/
# wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/roundcube-CVE-2010-0464.patch
# wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/managesieve_rule_width_on_safari.patch
# cd /usr/share/apache2/roundcubemail/
# patch -p0 < /tmp/roundcube-CVE-2010-0464.patch
# patch -p0 < /tmp/managesieve_rule_width_on_safari.patch
|
Configure plugin for mail filter rules: managesieve
Roundcube 0.3.1 officially ships a plugin to allow users to customize mail filter rule: managesieve. To make it work, we should generate new config file and config necessary parameters.
Steps:
- Change current directory to plugin directory:
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# cd /var/www/roundcubemail/plugins/managesieve/
# cp config.inc.php.dist config.inc.php
#
# ---- On Debian/Ubuntu ----
#
# cd /usr/share/apache2/roundcubemail/plugins/managesieve/
# cp config.inc.php.dist config.inc.php
|
- Configure plugin in config.inc.php:
| File: roundcubemail/plugins/managesieve/config.inc.php
|
$rcmail_config['managesieve_port'] = 2000;
$rcmail_config['managesieve_host'] = "127.0.0.1";
$rcmail_config['managesieve_usetls'] = false;
$rcmail_config['managesieve_default'] = "/var/vmail/sieve/dovecot.sieve";
|
- Make sure this plugin is enabled/listed in roundcube main config file: roundcubemail/config/main.inc.php.
| File: roundcubemail/config/main.inc.php
|
$rcmail_config['plugins'] = array("password", "managesieve",);
|
OpenLDAP backend only
OpenLDAP Server
Use newest schema file
NOTE: New LDAP schema provides several new attributes, but it's backwards compatibility, it's SAFE to replace the old one without addition operations.
To use the newest iRedMail ldap schem file, we have to:
- Download the newest iRedMail ldap schema file
- Copy old ldap schema file as a backup copy
- Replace the old one
- Restart OpenLDAP service.
Here we go:
| Terminal:
|
# cd /tmp
# wget http://iredmail.googlecode.com/hg/tags/0.6.0/samples/iredmail.schema
# cd /etc/openldap/schema/
# cp iredmail.schema iredmail.schema.bak
# mv -i /tmp/iredmail.schema /etc/openldap/schema/
# /etc/init.d/ldap restart
|
| Terminal:
|
# cd /tmp
# wget http://iredmail.googlecode.com/hg/tags/0.6.0/samples/iredmail.schema
# cd /etc/ldap/schema/
# cp iredmail.schema iredmail.schema.bak
# mv -i /tmp/iredmail.schema /etc/ldap/schema/
# /etc/init.d/slapd restart
|
Include Amavisd LDAP schema file in OpenLDAP
We're starting to provide better Amavisd integration in iRedMail, e.g. per-user blacklist/whitelist, anti-spam and anti-virus settings.
Since Amavisd can read per-user settings which stored in LDAP, we have to include Amavisd LDAP schema file in OpenLDAP.
Here we go:
NOTE: Amavisd LDAP schema file is installed in OpenLDAP schema directory during installing Amavisd-new, so we don't need to copy/move it.
- On RHEL/CentOS, edit /etc/openldap/slapd.conf and append Amavisd schema file before iredmail.schema:
| File: /etc/openldap/slapd.conf
|
# Integrate Amavisd-new.
include /etc/openldap/schema/amavisd-new.schema
include /etc/openldap/schema/iredmail.schema
|
Restart OpenLDAP service to make it work:
| Terminal:
|
# /etc/init.d/ldap restart
|
- On Debian/Ubuntu, edit /etc/ldap/slapd.conf and append Amavisd schema file before iredmail.schema:
| File: /etc/ldap/slapd.conf
|
# Integrate Amavisd-new.
include /etc/ldap/schema/amavis.schema
include /etc/ldap/schema/iredmail.schema
|
Restart OpenLDAP service to make it work:
| Terminal:
|
# /etc/init.d/slapd restart
|
Add missing values
iRedMail-0.6.0 requires some more values of attribute enabledService and objectClass:
- enabledService=sieve
- enabledService=sievesecured
- enabledService=internal
- objectClass=amavisAccount
Both 'enabledService=sieve' and 'enabledService=sievesecured' are used in Dovecot-1.2.x, for builtin managesieve service. 'enabledService=internal' is used for shared IMAP folder. 'objectClass=amavisAccount' is used for Amavisd-new integration, for example, per-user anti-spam settings, anti-virus control.
Steps:
- Download python script used to adding missing values.
| Terminal:
|
# cd /root/
# wget http://iredmail.googlecode.com/hg/extra/update/updateLDAPValues_051_to_060.py
|
- Open updateLDAPValues_051_to_060.py, config below parameters in file head:
| File: updateLDAPValues_051_to_060.py
|
uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=iredmail,dc=org'
bind_dn = 'cn=vmailadmin,dc=iredmail,dc=org'
bind_pw = 'passwd'
|
Tip:
- You can find them in iRedAdmin config file or iRedMail.tips file under your iRedMail installation directory.
- Use 'cn=Manager' instead of 'cn=vmailadmin' here is ok too.
- Execute this script, it will add missing values for mail accounts:
| Terminal:
|
# python updateLDAPValues_051_to_060.py
|
Postfix
Add shadowAddress support for mail alias
- Update postfix mysql lookup file: /etc/postfix/ldap_virtual_alias_maps.cf:
| File: /etc/postfix/ldap_virtual_alias_maps.cf
|
# OLD SETTING
query_filter = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
# NEW SETTING.
# - Added: shadowAddress=%s
# - Removed: objectClass=mailList. It's impossible to add shadow address support for mail list.
query_filter = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
|
Note: We add 'shadowAddress' support for mail alias here, and remove 'shadowAddress' support for mail list. Because mail list doesn't support this feature.
Add Catch-all Email Accounts support
NOTE: This is required by iRedAdmin-Pro-1.2.0.
- Change your postfix setting in /etc/postfix/main.cf:
| File: /etc/postfix/main.cf
|
virtual_alias_maps =
proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf,
proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf,
proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf, # <-- Add this line.
proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf # <-- Add this line.
|
- File /etc/postfix/ldap_sender_login_maps.cf already exists by default, so what you need to do is adding new file: /etc/postfix/ldap_catch_all_maps.cf.
| File: /etc/postfix/ldap_catch_all_maps.cf
|
#
# WARNING: Please REPLACE bind_dn, bind_pw, search_base below, you can find
# them in /etc/postfix/ldap_*.cf.
#
server_host = 127.0.0.1
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,dc=iredmail,dc=org
bind_pw = JnvF4UQheMdImdXYnRVEgKpsdCXJy3
search_base = domainName=%d,o=domains,dc=iredmail,dc=org
scope = sub
query_filter = (&(objectClass=mailUser)(accountStatus=active)(mail=@%d))
result_attribute= mailForwardingAddress
debuglevel = 0
|
- Restart postfix service to make it work.
| Terminal:
|
# /etc/init.d/postfix restart
|
Roundcube Webmail plugin: change password
Password plugin which officially shipped in Roundcubemail-0.3.1 requires php-pear and Net_LDAP2, so we have to:
- Force upgrade php-pear to support password plugin on RHEL/CentOS 5 (Not required on Debian/Ubuntu)
- Install php-mhash to provide hash algorithms such as MD5, SHA1, GOST, and many others. (Not required on Debian/Ubuntu)
- Install php pear package: Net_LDAP2.
- Restart Apache web service.
Steps to make it work:
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# pear upgrade --force pear
# pear install Net_LDAP2
# yum install php-mhash # Please make sure you have iRedMail yum repository enabled.
# /etc/init.d/httpd restart # Restart Apache web service.
#
# ---- On Debian/Ubuntu ----
#
# pear install Net_LDAP2
# /etc/init.d/apache2 restart # Restart Apache web service.
|
Upgrade phpLDAPadmin to 1.2.0.5
phpLDAPadmin doesn't require addition config, you can simply download new version and copy old config file into new version.
- Download new version and uncompress it:
| Terminal:
|
# cd /root/
# wget http://iredmail.org/yum/misc/phpldapadmin-1.2.0.5.tgz
# tar zxf phpldapadmin-1.2.0.5.tgz
|
- Copy it to apache server root directory, remove old symbol link and create a new one, copy old config file into new version:
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# cp -rf /root/phpldapadmin-1.2.0.5 /var/www/
# cd /var/www/
# rm -i phpldapadmin
# ln -s phpldapadmin-1.2.0.5 phpldapadmin
# cp phpldapadmin-OLD-VERSION/config/config.php phpldapadmin/config/
#
# ---- On Debian/Ubuntu ----
#
# cp -rf /root/phpldapadmin-1.2.0.5 /usr/share/apache2/
# cd /usr/share/apache2/
# rm -i phpldapadmin
# ln -s phpldapadmin-1.2.0.5 phpldapadmin
# cp phpldapadmin-OLD-VERSION/config/config.php phpldapadmin/config/
|
- It's recommended to restart apache web server:
| Terminal:
|
#
# ---- On RHEL/CentOS ----
#
# /etc/init.d/httpd restart
#
# ---- On Debian/Ubuntu ----
#
# /etc/init.d/apache2 restart
|
MySQL backend only.
Add missing SQL columns in vmail.mailbox
iRedMail-0.6.0 adds a new SQL column in vmail.mailbox table: enableinternal. This is used in Dovecot, e.g. shared IMAP folders, etc.
| Terminal:
|
$ mysql -uroot -p
mysql> USE vmail;
mysql> ALTER TABLE mailbox ADD COLUMN enableinternal TINYINT(1) NOT NULL DEFAULT '1';
mysql> quit;
|
Postfix
Domain alias support
Note: You can use PostfixAdmin-2.3 to manage domain alias. iRedAdmin-Pro for MySQL backend will support this feature later.
- Save below lines in temporary file: /tmp/upgrade_iredmail.sql:
CREATE TABLE IF NOT EXISTS `alias_domain` (
`alias_domain` varchar(255) NOT NULL,
`target_domain` varchar(255) NOT NULL,
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`alias_domain`),
KEY `active` (`active`),
KEY `target_domain` (`target_domain`)
) ENGINE=MyISAM;
- Import missing MySQL table in vmail database with above temporary file:
| Terminal:
|
# mysql -uroot -p
mysql> USE vmail;
mysql> SOURCE /tmp/upgrade_iredmail.sql;
|
- Update postfix config in /etc/postfix/main.cf.
| File: /etc/postfix/main.cf
|
# ---- OLD SETTING ----
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# ---- NEW SETTING ----
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/mysql_domain_alias_maps.cf
|
- Add new file: /etc/postfix/mysql_domain_alias_maps.cf.
| File: /etc/postfix/mysql_domain_alias_maps.cf
|
#
# WARNING: REPLACE password below. You can find it in /etc/postfix/mysql_*.cf.
#
user = vmail
password = YOUR_MYSQL_BIND_PW
hosts = localhost
port = 3306
dbname = vmail
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
|
Roundcube Webmail plugin: change password
Upgrade PostfixAdmin to 2.3
- Backup old version.
- Download and uncompress new version.
- Copy config file from old version.
- Add missing variables: postfix_admin_url.
TBC: Upgrade phpMyAdmin to 2.11.10
