Upgrade iRedMail from 1.2.1 to 1.3

Paid Remote Upgrade Support

We offer remote upgrade support if you don't want to get your hands dirty, check the details and contact us.

ChangeLog

General (All backends should apply these changes)

Update /etc/iredmail-release with new iRedMail version number

iRedMail stores the release version in /etc/iredmail-release after installation, it's recommended to update this file after you upgraded iRedMail, so that you can know which version of iRedMail you're running. For example:

1.3

Upgrade iRedAPD (Postfix policy server) to the latest stable release

Please follow below tutorial to upgrade iRedAPD to the latest stable release: Upgrade iRedAPD to the latest stable release

Upgrade mlmmjadmin to the latest stable release

Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release

Upgrade Roundcube webmail to the latest stable release (1.4.6)

Roundcube 1.4

Since Roundcube 1.3, at least PHP 5.4 is required. If your server is running PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube the latest 1.2 branch instead.

Roundcube 1.4.6 fixes few security issues, all users are encouraged to upgrade as soon as possible.

References:

Fixed: can not manage mail filters with Roundcube on CentOS 7

Attention

This is only application to CentOS 7.

On CentOS 7, the Roundcube official plugin managesieve doesn't work with TLSv1.1 and TLSv1.2, so we have to re-enable TLSv1 in Dovecot, otherwise you can not manage mail filters with Roundcube.

Open file /etc/dovecot/dovecot.conf, find the ssl_protocols parameter like below:

ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1

Remove !TLSv1 and restart Dovecot service:

ssl_protocols = !SSLv2 !SSLv3 !TLSv1.1

Note: TLSv1 and TLSv1.2 are supported with this change.

Fixed: inconsistent Fail2ban jail names

Attention

This is applicable to Linux and OpenBSD.

iRedMail-1.2 and 1.2.1 introduced SQL integration in Fail2ban, but there're few inconsistent jail names which caused unbanning IP from iRedAdmin-Pro doesn't work. Please run commands below to fix them.

cd /etc/fail2ban/jail.d/
perl -pi -e 's#dovecot-iredmail#dovecot#g' dovecot.local

perl -pi -e 's#postfix-pregreet-iredmail#postfix-pregreet#g' postfix-pregreet.local
perl -pi -e 's#name=postfix,#name=postfix-pregreet,#g' postfix-pregreet.local

perl -pi -e 's#postfix-iredmail#postfix#g' postfix.local
perl -pi -e 's#roundcube-iredmail#roundcube#g' roundcube.local
perl -pi -e 's#sogo-iredmail#sogo#g' sogo.local

OpenLDAP backend special

Add missing index for SQL column msgs.time_iso in amavisd database

Please run SQL commands below as MySQL root user:

USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);

Improvement: Store more info in Fail2ban SQL db

Attention

Since iRedMail-1.2, Fail2ban is configured to store banned IP addresses in SQL database, if you're running an old iRedMail release, please upgrade your iRedMail server by following the upgrade tutorials: iRedMail release notes and upgrade tutorials.

With changes below, we now store more info in Fail2ban SQL database:

Please run SQL commands below as MySQL root user:

USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);

Now open file /etc/fail2ban/action.d/banned_db.conf, find the actionban = line like below:

actionban   = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>

Replace it by:

actionban   = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>

Download improved shell script and replace the existing one:

wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db

Now restart Fail2ban service.

MySQL/MariaDB backend special

Add missing index for SQL column msgs.time_iso in amavisd database

Please run SQL commands below as MySQL root user:

USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);

Improvement: Store more info in Fail2ban SQL db

Attention

Since iRedMail-1.2, Fail2ban is configured to store banned IP addresses in SQL database, if you're running an old iRedMail release, please upgrade your iRedMail server by following the upgrade tutorials: iRedMail release notes and upgrade tutorials.

With changes below, we now store more info in Fail2ban SQL database:

Please run SQL commands below as MySQL root user:

USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);

Now open file /etc/fail2ban/action.d/banned_db.conf, find the actionban = line like below:

actionban   = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>

Replace it by:

actionban   = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>

Download improved shell script and replace the existing one:

wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db

Now restart Fail2ban service.

PostgreSQL backend special

Improvement: Store more info in Fail2ban SQL db

Attention

Since iRedMail-1.2, Fail2ban is configured to store banned IP addresses in SQL database, if you're running an old iRedMail release, please upgrade your iRedMail server by following the upgrade tutorials: iRedMail release notes and upgrade tutorials.

With changes below, we now store more info in Fail2ban SQL database:

Please follow steps below to apply required changes.

su - postgres
psql -d fail2ban
\c fail2ban;
ALTER TABLE banned ADD COLUMN failures SMALLINT NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN rdns VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX idx_banned_rdns ON banned (rdns);
actionban   = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>

Replace it by:

actionban   = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db