Upgrade/iRedMail/0.5.1-0.6.0
From iRedMail
(Difference between revisions)
(→Add missing MySQL table (Debian/Ubuntu only)) |
(→Upgrade Roundcube webmail to 0.3.1) |
||
| Line 35: | Line 35: | ||
* Synchronize settings from old configuration files. | * Synchronize settings from old configuration files. | ||
* [OPTIONAL] Restart apache web server | * [OPTIONAL] Restart apache web server | ||
| + | * [Next Step] Configure plugin ('''managesieve''') to allow user to customize mail filter rule. | ||
Steps to upgrade it: | Steps to upgrade it: | ||
Revision as of 15:00, 1 June 2010
Contents |
Warning: this page is still under working, do *NOT* apply it.
General Update, all backends should apply these changes.
Apply hotfix for iRedMail-0.5.1
All users should apply hotfix for iRedMail-0.5.1 before go further: http://iredmail.org/hotfix-051.html
Add missing MySQL table (Debian/Ubuntu only)
Note: This step is ONLY required on Debian/Ubuntu.
- You should manually import another MySQL table if you are using below distributions:
- Debian 5
- Ubuntu 8.04
- Ubuntu 9.04
| Terminal: |
$ mysql -uroot -p postfixpolicyd mysql> SOURCE /usr/share/dbconfig-common/data/postfix-policyd/upgrade/mysql/1.73-1; mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON postfixpolicyd.* TO postfix-policyd@localhost; mysql> quit; |
Note: It will create a new table postfixpolicyd.blacklist_dnsname. Used to block emails sent from blacklist_dnsname in Policyd,
Upgrade Roundcube to 0.3.1
Upgrade Roundcube webmail to 0.3.1
Roundcube-0.3.1 brings new features and better performance, all users are encouraged to upgrade it.
To upgrade roundcube to 0.3.1, we should:
- Download roundcube source tarball: roundcubemail-0.3.1.tar.gz
- Uncompress it.
- Copy it to apache server root directory.
- Replace symbol link by new version.
- Synchronize settings from old configuration files.
- [OPTIONAL] Restart apache web server
- [Next Step] Configure plugin (managesieve) to allow user to customize mail filter rule.
Steps to upgrade it:
- Download Roundcube 0.3.1 from official download site OR from iRedMail web site:
- Roundcube official download site: http://sourceforge.net/projects/roundcubemail/files/
- iRedMail web site: http://iredmail.org/yum/misc/roundcubemail-0.3.1.tar.gz
| Terminal: |
# ---- Download it to /root/ directory as example ---- # cd /root/ # wget http://iredmail.org/yum/misc/roundcubemail-0.3.1.tar.gz |
- Uncompress it:
| Terminal: |
# cd /root/ # tar zxf roundcubemail-0.3.1.tar.gz |
- Copy it to apache server root directory:
| Terminal: |
# ---- On RHEL/CentOS ---- # cp -rf /root/roundcubemail-0.3.1 /var/www/ # ---- On Debian/Ubuntu ---- # cp -rf /root/roundcubemail-0.3.1 /usr/share/apache2/ |
- Remove old symbol link, and create a new one:
| Terminal: |
# ---- On RHEL/CentOS ---- # cd /var/www/ # rm -i roundcubemail # Do not use command 'rm' with '-r' flag here. # ln -s roundcubemail-0.3.1 roundcubemail # ---- On Debian/Ubuntu ---- # cd /usr/share/apache2/ # rm -i roundcubemail # ln -s roundcubemail-0.3.1 roundcubemail |
Configure plugins
Apply patches
About these two patches:
- Refer to this forum topic for more detail about patch for CVE-2010-0464: Security fix in Roundcube: Disable DNS prefetching. (CVE-2010-0464)
- Patch managesieve_rule_width_on_safari.patch is used to fix page width in filter plugin, for Safari web browser.
Steps to patch your roundcube 0.3.1:
- On RHEL/CentOS:
| Terminal: |
# cd /tmp/ # wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/roundcube-CVE-2010-0464.patch # wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/managesieve_rule_width_on_safari.patch # cd /var/www/roundcubemail/ # patch -p0 < /tmp/roundcube-CVE-2010-0464.patch # patch -p0 < /tmp/managesieve_rule_width_on_safari.patch |
- On Debian/Ubuntu:
| Terminal: |
# cd /tmp/ # wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/roundcube-CVE-2010-0464.patch # wget http://iredmail.googlecode.com/hg/tags/0.6.0/patches/roundcubemail/managesieve_rule_width_on_safari.patch # cd /usr/share/apache2/roundcubemail/ # patch -p0 < /tmp/roundcube-CVE-2010-0464.patch # patch -p0 < /tmp/managesieve_rule_width_on_safari.patch |
OpenLDAP backend only
OpenLDAP Server
Use newest schema file
NOTE: New LDAP schema provides several new attributes, but it's backwards compatibility, it's SAFE to replace the old one without addition operations.
To use the newest iRedMail ldap schem file, we have to:
- Download the newest iRedMail ldap schema file
- Copy old ldap schema file as a backup copy
- Replace the old one
- Restart OpenLDAP service.
Here we go:
- On RHEL/CentOS:
| Terminal: |
# cd /tmp # wget http://iredmail.googlecode.com/hg/tags/0.6.0/samples/iredmail.schema # cd /etc/openldap/schema/ # cp iredmail.schema iredmail.schema.bak # mv -i /tmp/iredmail.schema /etc/openldap/schema/ # /etc/init.d/ldap restart |
- On Debian/Ubuntu:
| Terminal: |
# cd /tmp # wget http://iredmail.googlecode.com/hg/tags/0.6.0/samples/iredmail.schema # cd /etc/ldap/schema/ # cp iredmail.schema iredmail.schema.bak # mv -i /tmp/iredmail.schema /etc/ldap/schema/ # /etc/init.d/slapd restart |
Include Amavisd LDAP schema file in OpenLDAP
We're starting to provide better Amavisd integration in iRedMail, e.g. per-user blacklist/whitelist, anti-spam and anti-virus settings. Since Amavisd can read per-user settings which stored in LDAP, we have to include Amavisd LDAP schema file in OpenLDAP.
Here we go:
NOTE: Amavisd LDAP schema file is installed in OpenLDAP schema directory during installing Amavisd-new, so we don't need to copy/move it.
- On RHEL/CentOS, edit /etc/openldap/slapd.conf and append Amavisd schema file before iredmail.schema:
| File: /etc/openldap/slapd.conf |
# Integrate Amavisd-new. include /etc/openldap/schema/amavisd-new.schema include /etc/openldap/schema/iredmail.schema |
Restart OpenLDAP service to make it work:
| Terminal: |
# /etc/init.d/ldap restart |
- On Debian/Ubuntu, edit /etc/ldap/slapd.conf and append Amavisd schema file before iredmail.schema:
| File: /etc/ldap/slapd.conf |
# Integrate Amavisd-new. include /etc/ldap/schema/amavis.schema include /etc/ldap/schema/iredmail.schema |
Restart OpenLDAP service to make it work:
| Terminal: |
# /etc/init.d/slapd restart |
TBD: Add missing values
Postfix
Add shadowAddress support for mail alias
- Update postfix mysql lookup file: /etc/postfix/ldap_virtual_alias_maps.cf:
| File: /etc/postfix/ldap_virtual_alias_maps.cf |
# OLD SETTING query_filter = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward)))) # NEW SETTING. # - Added: shadowAddress=%s # - Removed: objectClass=mailList. It's impossible to add shadow address support for mail list. query_filter = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward)))) |
Note: We add 'shadowAddress' support for mail alias here, and remove 'shadowAddress' support for mail list. Because mail list doesn't support this feature.
Add Catch-all Email Accounts support
NOTE: This is required by iRedAdmin-Pro-1.2.0.
- Change your postfix setting in /etc/postfix/main.cf:
| File: /etc/postfix/main.cf |
virtual_alias_maps =
proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf,
proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf,
proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf, # <-- Add this line.
proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf # <-- Add this line.
|
- File /etc/postfix/ldap_sender_login_maps.cf already exists by default, so what you need to do is adding new file: /etc/postfix/ldap_catch_all_maps.cf.
| File: /etc/postfix/ldap_catch_all_maps.cf |
# # WARNING: Please REPLACE bind_dn, bind_pw, search_base below, you can find # them in /etc/postfix/ldap_*.cf. # server_host = 127.0.0.1 server_port = 389 version = 3 bind = yes start_tls = no bind_dn = cn=vmail,dc=iredmail,dc=org bind_pw = JnvF4UQheMdImdXYnRVEgKpsdCXJy3 search_base = domainName=%d,o=domains,dc=iredmail,dc=org scope = sub query_filter = (&(objectClass=mailUser)(accountStatus=active)(mail=@%d)) result_attribute= mailForwardingAddress debuglevel = 0 |
- Restart postfix service to make it work.
| Terminal: |
# /etc/init.d/postfix restart |
Roundcube Webmail plugin: change password
Password plugin which officially shipped in Roundcubemail-0.3.1 requires php-pear and Net_LDAP2, so we have to:
- Force upgrade php-pear to support password plugin on RHEL/CentOS 5 (Not required on Debian/Ubuntu)
- Install php-mhash to provide hash algorithms such as MD5, SHA1, GOST, and many others. (Not required on Debian/Ubuntu)
- Install php pear package: Net_LDAP2.
- Restart Apache web service.
Steps to make it work:
- on RHEL/CentOS 5
| Terminal: |
# pear upgrade --force pear # pear install Net_LDAP2 # yum install php-mhash # Please make sure you have iRedMail yum repository enabled. # /etc/init.d/httpd restart # Restart Apache web service. |
- On Debian/Ubuntu:
| Terminal: |
# pear install Net_LDAP2 # /etc/init.d/apache2 restart # Restart Apache web service. |
TBC: phpLDAPadmin
MySQL backend only.
Add missing SQL columns in vmail.mailbox
iRedMail-0.6.0 adds a new SQL column in vmail.mailbox table: enableinternal. This is used in Dovecot, e.g. shared IMAP folders, etc.
| Terminal: |
$ mysql -uroot -p mysql> USE vmail; mysql> ALTER TABLE mailbox ADD COLUMN enableinternal TINYINT(1) NOT NULL DEFAULT '1'; mysql> quit; |
Postfix
Domain alias support
Note: You can use PostfixAdmin-2.3 to manage domain alias. iRedAdmin-Pro for MySQL backend will support this feature later.
- Save below lines in temporary file: /tmp/upgrade_iredmail.sql:
CREATE TABLE IF NOT EXISTS `alias_domain` (
`alias_domain` varchar(255) NOT NULL,
`target_domain` varchar(255) NOT NULL,
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`alias_domain`),
KEY `active` (`active`),
KEY `target_domain` (`target_domain`)
) ENGINE=MyISAM;
- Import missing MySQL table in vmail database with above temporary file:
| Terminal: |
# mysql -uroot -p mysql> USE vmail; mysql> SOURCE /tmp/upgrade_iredmail.sql; |
- Update postfix config in /etc/postfix/main.cf.
| File: /etc/postfix/main.cf |
# ---- OLD SETTING ----
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# ---- NEW SETTING ----
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/mysql_domain_alias_maps.cf
|
- Add new file: /etc/postfix/mysql_domain_alias_maps.cf.
| File: /etc/postfix/mysql_domain_alias_maps.cf |
#
# WARNING: REPLACE password below. You can find it in /etc/postfix/mysql_*.cf.
#
user = vmail
password = YOUR_MYSQL_BIND_PW
hosts = localhost
port = 3306
dbname = vmail
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
|
Upgrade PostfixAdmin to 2.3
- Backup old version.
- Download and uncompress new version.
- Copy config file from old version.
- Add missing variables: postfix_admin_url.
