From iRedMail

Revision as of 08:31, 20 March 2012

THIS UPGRADE TUTORIAL IS A DRAFT, DO NOT APPLY IT.

General (All backends should apply these upgrade steps)

Set strict file permission for Dovecot config files

There're two Dovecot config files are world-readable, we should set strict file owner and permission on them so that it won't leak SQL server infomation.

Please execute below command to fix it, then restart Dovecot service:

• On RHEL/CentOS/Scientific Linux 5.x:

# chown dovecot:dovecot /etc/dovecot-used-quota.conf /etc/dovecot-share-folder.conf
# chmod 0500 /etc/dovecot-used-quota.conf /etc/dovecot-share-folder.conf

• On RHEL/CentOS/Scientific Linux 6.x, Debian, Ubuntu, openSUSE:

# chown dovecot:dovecot /etc/dovecot/dovecot-used-quota.conf /etc/dovecot/dovecot-share-folder.conf
# chmod 0500 /etc/dovecot/dovecot-used-quota.conf /etc/dovecot/dovecot-share-folder.conf

• On FreeBSD:

# chown dovecot:dovecot /usr/local/etc/dovecot-used-quota.conf /usr/local/etc/dovecot-share-folder.conf
# chmod 0500 /usr/local/etc/dovecot-used-quota.conf /usr/local/etc/dovecot-share-folder.conf

Enable greylist opt in and opt out in Policyd

Some people are fairly irate when it comes to mail and refuse wanting to have any type of delay. this feature enables each and every person the ability to not subject themselves to greylisting. this feature is also VERY usefull when you dont want to subject EVERY person to greylisting at once but instead allows you to enable it in batches/groups of users so you get a feel on the type of complaints or praise from your users.

Please update Policyd setting OPTINOUT to 1 to enable greylist opt in / opt out:

• On RHEL/CentOS/Scientific Linux, it's set in file /etc/policyd.conf.
• On Debian/Ubuntu, it's set in file /etc/postfix-policyd.conf.
• On openSUSE, it's set in file /etc/policyd.conf.
• On FreeBSD, it's set in file /usr/local/etc/postfix-policyd-sf.conf.

OPTINOUT=1

Restarting Policyd service is required to make it work.

Notes:

• iRedAdmin-Pro customers can manage greylist opt-in with one lick with the latest iRedAdmin-Pro releases, in domain profile page or user profile page, under tab Advanced.
• For more details about how to set greylist opt-in manually with MySQL command line or phpMyAdmin, please refer to Policyd official document: http://policyd.sourceforge.net/readme.html (Section "Greylist Opt-in / Opt-out")

Enable case insensitive user authentication in Roundcube webmail

Please change below setting to true in Roundcube webmail config file 'config/main.inc.php' to enable case insensitive user authentication. The config file should be:

• /var/www/roundcubemail/config/main.inc.php on RHEL/CentOS/Scientific Linux
• /usr/share/apache2/roundcubemail/config.inc.php on Debian/Ubuntu
• /srv/www/roundcubemail/config/main.inc.php on openSUSE
• /usr/local/www/roundcubemail/config/main.inc.php on FreeBSD

$rcmail_config['login_lc'] = false;

Fix logrotate setting of Dovecot log files

Open /etc/logrotate.d/dovecot and /etc/logrotate.d/sieve, update postrotate commands:

• If you're running Dovecot-1.x, please update postrotate command with below value:

postrotate
    /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true
endscript

• If you're running Dovecot-2.x, please update postrotate command with below value:

postrotate
    doveadm log reopen
endscript