Upgrade/iRedMail/0.6.1-0.7.0

From iRedMail
Revision as of 01:37, 9 June 2011 by ZhangHuangbin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents




General Update, all backends should apply these changes

Update postfix setting 'proxy_read_maps'

Execute below command as root user, it's used to append $smtpd_sender_restrictions in setting postfix "proxy_read_maps" setting.

Terminal:
# postconf -e proxy_read_maps='$canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions'

OpenLDAP backend only

Support alias domain in mail list/alias

  • Edit /etc/postfix/ldap_virtual_group_maps.cf, remove "domainName=%d" in search_base:
File: /etc/postfix/ldap_virtual_group_maps.cf
# OLD SETTING
search_base     = domainName=%d,o=domains,dc=XXX

# NEW SETTING
search_base     = o=domains,dc=XXX
  • Edit /etc/postfix/ldap_catch_all_maps.cf, set query_filter to:
File: /etc/postfix/ldap_catch_all_maps.cf
# NEW SETTING
query_filter     = (&(objectClass=mailUser)(accountStatus=active)(|(mail=@%d)(shadowAddress=@%d)))

Support IMAP share folder in LDAP

Dovecot IMAP share folder doesn't work with default LDAP query, so we need to change it.

  • Edit /etc/dovecot-ldap.conf (RHEL/CentOS) or /etc/dovecot/dovecot-ldap.conf (Debian/Ubuntu/openSUSE) or /usr/local/etc/dovecot-ldap.conf (FreeBSD), set user_attrs = to below value:
File: dovecot-ldap.conf
# This is old value.
#user_attrs      = storageBaseDirectory=home,mailMessageStore=mail=maildir:~/%$/Maildir/,mailQuota=quota_rule=*:bytes=%$

# This is new value.
user_attrs      = homeDirectory=home,mailMessageStore=mail=maildir:/var/vmail/%$/Maildir/,mailQuota=quota_rule=*:bytes=%$

What we changed:

  • Replace storageBaseDirectory=home with homeDirectory=home.
  • Replace mailMessageStore=mail=maildir:~/%$/Maildir/ with mailMessageStore=mail=maildir:/var/vmail/%$/Maildir/, with hard-coded /var/vmail instead of using ~ to replace home query. /var/vmail is value of postfix setting virtual_mailbox_base, you can get it with command postconf virtual_mailbox_base. Please make sure you have the correct one.

Save date of password last change in Roundcube

Roundcube won't save date of password last change by default, please change setting of its plugin "password" to make it work.

  • Edit config file /var/www/roundcubemail/plugins/password/config.inc.php (RHEL/CentOS) or /usr/share/apache2/roundcubemail/plugins/password/config.inc.php (Debian/Ubuntu) or /srv/www/roundcubemail/plugins/password/config.inc.php (openSUSE) or /usr/local/www/roundcubemail/plugins/password/config.inc.php (FreeBSD), find setting "password_ldap_lchattr" and set its value to "shadowLastChange":
File: plugins/password/config.inc.php
$rcmail_config['password_ldap_lchattr'] = 'shadowLastChange';

Roundcube will now save date of password last change in attribute 'shadowLastChange'.

Add missing value for mail users

iRedMail-0.7.0 requires enabledService=smtpsecured for sending mail via SMTP over SSL in Postfix. so we should add it if users doesn't have it.

Steps:

  • Download python script used to adding missing values.
Terminal:
# cd /root/
# wget http://iredmail.googlecode.com/hg/extra/update/updateLDAPValues_061_to_070.py
  • Open updateLDAPValues_061_to_070.py, config below parameters in file head:
File: updateLDAPValues_061_to_070.py
uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=iredmail,dc=org'
bind_dn = 'cn=vmailadmin,dc=iredmail,dc=org'
bind_pw = 'passwd'

Tip:

    • You can find them in iRedAdmin config file or iRedMail.tips file under your iRedMail installation directory.
    • Use 'cn=Manager' instead of 'cn=vmailadmin' here is ok too.
  • Execute this script, it will add missing values for mail accounts:
Terminal:
# python updateLDAPValues_061_to_070.py

MySQL backend only

Improve backup mx support

  • Edit /etc/postfix/mysql_domain_alias_maps.cf, change query = to below new setting:
File: /etc/postfix/mysql_domain_alias_maps.cf
query       = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND alias.address=CONCAT('%u', '@',     alias_domain.target_domain) AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1 AND domain.backupmx=0

Check domain status in postfix and dovecot

  • Edit postfix config file /etc/postfix/mysql_virtual_mailbox_maps.cf, change query = to below new setting:
File: mysql_virtual_mailbox_maps.cf
query       = SELECT CONCAT(mailbox.storagenode, '/', mailbox.maildir) FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.active='1' AND mailbox.enabledeliver='1' AND domain.domain = mailbox.domain AND domain.active='1'

WARNING: If you don't have column "storagenode" present in table "vmail.mailbox", please add it with below SQL command:

Terminal:
$ mysql -uroot -p
mysql> USE vmail;
mysql> ALTER TABLE mailbox ADD COLUMN storagenode VARCHAR(255) NOT NULL DEFAULT '';
  • Edit postfix config file /etc/postfix/mysql_virtual_alias_maps.cf, change query = to below new setting:
File: mysql_virtual_alias_maps.cf
query       = SELECT alias.goto FROM alias,domain WHERE alias.address='%s' AND alias.domain='%d' AND alias.domain=domain.domain AND alias.active=1 AND domain.backupmx=0 AND domain.active=1
  • Edit postfix config file /etc/postfix/mysql_transport_maps_user.cf, change query = to below new setting:
File: mysql_transport_maps_user.cf
query       = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1 AND mailbox.transport<>''
  • Edit postfix config file /etc/postfix/mysql_sender_login_maps.cf, change query = to below new setting:
File: mysql_sender_login_maps.cf
query       = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1
  • Edit postfix config file /etc/postfix/mysql_recipient_bcc_maps_user.cf, change query = to below new setting:
File: mysql_recipient_bcc_maps_user.cf
query       = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username='%s' AND recipient_bcc_user.domain='%d' AND recipient_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND recipient_bcc_user.active=1
  • Edit postfix config file mysql_sender_bcc_maps_user.cf, change query = to below new setting:
File: mysql_sender_bcc_maps_user.cf
query       = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username='%s' AND sender_bcc_user.domain='%d' AND sender_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND sender_bcc_user.active=1
  • Edit dovecot config file /etc/dovecot-mysql.conf (RHEL/CentOS) or /etc/dovecot/dovecot-mysql.conf (Debian/Ubuntu/openSUSE) or /usr/local/etc/dovecot-mysql.conf (FreeBSD):
File: dovecot-mysql.conf
user_query = SELECT CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir) AS home, CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE mailbox.username='%u' AND mailbox.domain='%d' AND mailbox.enable%Ls%Lc=1 AND mailbox.domain=domain.domain AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1

It will now check domain status, so if this domain is disabled, all users and aliases will be disabled too.

Restart postfix and dovecot services to make it work.

Make catch-all account work as expected

To make catch-all account work as expected, we need two more SQL lookup files:

  • /etc/postfix/catchall_maps.cf: Catch-all support for exist domains.
  • /etc/postfix/domain_alias_catchall_maps.cf: Catch-all support for alias domains.

Now edit postfix config file /etc/postfix/main.cf (Linux) or /usr/local/etc/postfix/main.cf (FreeBSD), append these two lookup files in virtual_alias_maps setting:

File: main.cf
virtual_alias_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
    proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf,
    proxy:mysql:/etc/postfix/catchall_maps.cf,                      # <- Add this line
    proxy:mysql:/etc/postfix/domain_alias_catchall_maps.cf        # <- Add this line.

Now create these two new files (Note: You can create them based on exist mysql lookup files, copy "user, password, hosts, port, dbname" to new files):

  • /etc/postfix/catchall_maps.cf:
File: catchall_maps.cf
user        = vmail
password    = PASSWORD_OF_VMAIL
hosts       = 127.0.0.1
port        = 3306
dbname      = vmail
query       = SELECT alias.goto FROM alias,domain WHERE alias.address='%d' AND alias.address=domain.domain AND alias.active=1 AND domain.active=1 AND domain.backupmx=0
  • /etc/postfix/domain_alias_catchall_maps.cf
File: domain_alias_catchall_maps.cf
user        = vmail
password    = PASSWORD_OF_VMAIL
hosts       = 127.0.0.1
port        = 3306
dbname      = vmail
query       = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND alias.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1

Restart postfix to make it work.

Update SQL structure of vmail database

  • Add some more columns:
Terminal:
$ mysql -uroot -p
USE vmail;

-- enablesmtpsecured: Used for SMTP over SSL support in Postfix + Dovecot.
ALTER TABLE mailbox ADD COLUMN enablesmtpsecured TINYINT(1) NOT NULL DEFAULT '1';

-- name: Used to store common name of admin and alias account.
ALTER TABLE admin ADD COLUMN name VARCHAR(255) DEFAULT '' COLLATE utf8_general_ci;
ALTER TABLE alias ADD COLUMN name VARCHAR(255) DEFAULT '' COLLATE utf8_general_ci;

-- passwordlastchange: Store date of password last change.
ALTER TABLE admin ADD COLUMN passwordlastchange DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00';
ALTER TABLE mailbox ADD COLUMN passwordlastchange DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00';

-- local_part: Used for PostfixAdmin compatible.
ALTER TABLE mailbox ADD COLUMN local_part VARCHAR(255) NOT NULL DEFAULT '';

-- defaultuseraliases: Assign new user to these aliases
ALTER TABLE domain ADD COLUMN defaultuseraliases TEXT NOT NULL DEFAULT '';

-- defaultpasswordscheme: Per-domain password scheme support.
ALTER TABLE domain ADD COLUMN defaultpasswordscheme VARCHAR(10) NOT NULL DEFAULT '';
  • Create indexes of some columns for better performance.
Terminal:
$ mysql -uroot -p
USE vmail;

-- Table: admin
ALTER TABLE  admin ADD INDEX (passwordlastchange);
ALTER TABLE  admin ADD INDEX (expired);
ALTER TABLE  admin ADD INDEX (active);

-- Table: alias
ALTER TABLE  alias ADD INDEX (domain);
ALTER TABLE  alias ADD INDEX (expired);
ALTER TABLE  alias ADD INDEX (active);

-- Table: domain
ALTER TABLE  domain ADD INDEX (backupmx);
ALTER TABLE  domain ADD INDEX (expired);
ALTER TABLE  domain ADD INDEX (active);

-- Table: domain_admins
ALTER TABLE  domain_admins ADD INDEX (username);
ALTER TABLE  domain_admins ADD INDEX (domain);
ALTER TABLE  domain_admins ADD INDEX (active);

-- Table: mailbox
ALTER TABLE  mailbox ADD INDEX (domain);
ALTER TABLE  mailbox ADD INDEX (department);
ALTER TABLE  mailbox ADD INDEX (employeeid);
ALTER TABLE  mailbox ADD INDEX (enablesmtp);
ALTER TABLE  mailbox ADD INDEX (enablesmtpsecured);
ALTER TABLE  mailbox ADD INDEX (enablepop3);
ALTER TABLE  mailbox ADD INDEX (enablepop3secured);
ALTER TABLE  mailbox ADD INDEX (enableimap);
ALTER TABLE  mailbox ADD INDEX (enableimapsecured);
ALTER TABLE  mailbox ADD INDEX (enablemanagesieve);
ALTER TABLE  mailbox ADD INDEX (enablemanagesievesecured);
ALTER TABLE  mailbox ADD INDEX (enablesieve);
ALTER TABLE  mailbox ADD INDEX (enablesievesecured);
ALTER TABLE  mailbox ADD INDEX (enableinternal);
ALTER TABLE  mailbox ADD INDEX (passwordlastchange);
ALTER TABLE  mailbox ADD INDEX (expired);
ALTER TABLE  mailbox ADD INDEX (active);

-- Table: sender_bcc_domain
ALTER TABLE  sender_bcc_domain ADD INDEX (bcc_address);
ALTER TABLE  sender_bcc_domain ADD INDEX (expired);
ALTER TABLE  sender_bcc_domain ADD INDEX (active);

-- Table: sender_bcc_user
ALTER TABLE  sender_bcc_user ADD INDEX (bcc_address);
ALTER TABLE  sender_bcc_user ADD INDEX (expired);
ALTER TABLE  sender_bcc_user ADD INDEX (active);

-- Table: recipient_bcc_domain
ALTER TABLE  recipient_bcc_domain ADD INDEX (bcc_address);
ALTER TABLE  recipient_bcc_domain ADD INDEX (expired);
ALTER TABLE  recipient_bcc_domain ADD INDEX (active);

-- Table: recipient_bcc_user
ALTER TABLE  recipient_bcc_user ADD INDEX (bcc_address);
ALTER TABLE  recipient_bcc_user ADD INDEX (expired);
ALTER TABLE  recipient_bcc_user ADD INDEX (active);

Save date of password last change in Roundcube

Roundcube won't save date of password last change by default, please change setting of its plugin "password" to make it work.

  • Edit config file /var/www/roundcubemail/plugins/password/config.inc.php (RHEL/CentOS) or /usr/share/apache2/roundcubemail/plugins/password/config.inc.php (Debian/Ubuntu) or /srv/www/roundcubemail/plugins/password/config.inc.php (openSUSE) or /usr/local/www/roundcubemail/plugins/password/config.inc.php (FreeBSD), change "password_query", add "passwordlastchange=NOW()" in SQL command:
File: plugins/password/config.inc.php
$rcmail_config['password_query'] = "UPDATE vmail.mailbox SET password=%c,passwordlastchange=NOW() WHERE username=%u LIMIT 1";

Roundcube will now save date of password last change in column 'passwordlastchange'.

Note: If you want to force users to change their passwords in 90 days, please refer to this wiki tutorial: Force users to change password in 90 days.

ChangeLog

  • 2011-04-11: [MySQL backend special] Add command to create SQL column "storagenode" in table "vmail.mailbox". Thanks insanadair@forum.
  • Initial public.
Personal tools