iRedMail
// Document IndexAttention
Check out the on-premises, lightweight email archiving software developed by iRedMail team: Spider Email Archiver.
Paid Remote Upgrade Support
We offer remote upgrade support if you don't want to get your hands dirty, check the details and contact us.
/etc/iredmail-release with new iRedMail version numberiRedMail stores the release version in /etc/iredmail-release after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:
1.6.8
There's a "SMTP Smuggling" attack found in all Postfix versions, visit Postfix website for more details: SMTP Smuggling.
Quote from Postfix website:
Details
The attack involves a COMPOSITION of two email services with specific differences in the way they handle line endings other than
:
- One email service A that does not recognize malformed line endings in SMTP such as in
. in an email message from an authenticated attacker to a recipient at email service B, and that propagates those malformed line endings verbatim when it forwards that message to: - One different email service B that does support malformed line endings in SMTP such as in
. . When this is followed by "smuggled" SMTP MAIL/RCPT/DATA commands and message header plus body text, email service B is tricked into receiving two email messages: one message with the content before the . , and one message with the "smuggled" header plus body text after the "smuggled" SMTP commands. All this when email service A sends only one message. Postfix is an example of email service B. Microsoft's outlook.com was an example of email service A.
Impact
- The authenticated attacker can use the "smuggled" SMTP MAIL/RCPT/DATA commands and header plus body text, to spoof an email message from any MAIL FROM address whose domain is also hosted at email service A, to any RCPT TO address whose domain is also hosted at email service B.
- The spoofed email message will pass SPF-based DMARC checks at email service B, because the spoofed message has a MAIL FROM address whose domain is hosted at email service A, and because the message was received from an IP address for email service A.
Please run shell commands below to apply the fix:
postconf -e smtpd_data_restrictions=reject_unauth_pipelining
postconf -e smtpd_discard_ehlo_keywords=chunking
postfix reload
Note: Most Linux/BSD distribution releases don't have latest Postfix release till today (Dec 29, 2023), we can only apply this "short-term workarounds". The "long-term fix" is upgrading Postfix to at least version: 3.8.4, 3.7.9, 3.6.13 and 3.5.23 to stop all forms of the smuggling attacks on recipients at a Postfix server.
Attention
This is applicable to only CentOS, Rocky Linux, AlmaLinux.
Please run command below to enable daily cron job to update SpamAssassin rules:
ln -sf /usr/share/spamassassin/sa-update.cron /etc/cron.daily/sa-update
Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release
If you have netdata installed, you can upgrade it by following this tutorial: Upgrade netdata.
Please open file /etc/postfix/ldap/virtual_group_maps.cf, replace
query_filter line by below one:
query_filter = (&(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=deliver)(|(&(|(memberOfGroup=%s)(shadowAddress=%s))(|(objectClass=mailUser)(objectClass=mailExternalUser)))(&(memberOfGroup=%s)(!(shadowAddress=%s))(|(objectClass=mailAlias)(objectClass=mailList)))(&(objectClass=mailList)(enabledService=mlmmj)(|(mail=%s)(shadowAddress=%s)))))
Restarting postfix service is required.