iRedMail
// Document IndexAttention
Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.
Paid Remote Upgrade Support
We offer remote upgrade support if you don't want to get your hands dirty, check the details and contact us.
/etc/iredmail-release with new iRedMail version numberiRedMail stores the release version in /etc/iredmail-release after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:
1.3
Please follow below tutorial to upgrade iRedAPD to the latest stable release: Upgrade iRedAPD to the latest stable release
Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release
Roundcube 1.4
Since Roundcube 1.3, at least PHP 5.4 is required. If your server is running PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube the latest 1.2 branch instead.
Roundcube 1.4.6 fixes few security issues, all users are encouraged to upgrade as soon as possible.
References:
Attention
This is only application to CentOS 7.
On CentOS 7, the Roundcube official plugin managesieve doesn't work with
TLSv1.1 and TLSv1.2, so we have to re-enable TLSv1 in Dovecot, otherwise you
can not manage mail filters with Roundcube.
Open file /etc/dovecot/dovecot.conf, find the ssl_protocols parameter like
below:
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
Remove !TLSv1 and restart Dovecot service:
ssl_protocols = !SSLv2 !SSLv3 !TLSv1.1
Note: TLSv1 and TLSv1.2 are supported with this change.
Attention
This is applicable to Linux and OpenBSD.
iRedMail-1.2 and 1.2.1 introduced SQL integration in Fail2ban, but there're few inconsistent jail names which caused unbanning IP from iRedAdmin-Pro doesn't work. Please run commands below to fix them.
cd /etc/fail2ban/jail.d/
perl -pi -e 's#dovecot-iredmail#dovecot#g' dovecot.local
perl -pi -e 's#postfix-pregreet-iredmail#postfix-pregreet#g' postfix-pregreet.local
perl -pi -e 's#name=postfix,#name=postfix-pregreet,#g' postfix-pregreet.local
perl -pi -e 's#postfix-iredmail#postfix#g' postfix.local
perl -pi -e 's#roundcube-iredmail#roundcube#g' roundcube.local
perl -pi -e 's#sogo-iredmail#sogo#g' sogo.local
msgs.time_iso in amavisd databasePlease run SQL commands below as MySQL root user:
USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
Attention
Since iRedMail-1.2, Fail2ban is configured to store banned IP addresses in SQL database, if you're running an old iRedMail release, please upgrade your iRedMail server by following the upgrade tutorials: iRedMail release notes and upgrade tutorials.
With changes below, we now store more info in Fail2ban SQL database:
Please run SQL commands below as MySQL root user:
USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
Now open file /etc/fail2ban/action.d/banned_db.conf, find the actionban =
line like below:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
Replace it by:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
Download improved shell script and replace the existing one:
cd /usr/local/bin
wget -O fail2ban_banned_db https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
chmod 0550 fail2ban_banned_db
Now restart Fail2ban service.
msgs.time_iso in amavisd databasePlease run SQL commands below as MySQL root user:
USE amavisd;
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
Attention
Since iRedMail-1.2, Fail2ban is configured to store banned IP addresses in SQL database, if you're running an old iRedMail release, please upgrade your iRedMail server by following the upgrade tutorials: iRedMail release notes and upgrade tutorials.
With changes below, we now store more info in Fail2ban SQL database:
Please run SQL commands below as MySQL root user:
USE fail2ban;
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN `rdns` VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX rdns ON banned (`rdns`);
Now open file /etc/fail2ban/action.d/banned_db.conf, find the actionban =
line like below:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
Replace it by:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
Download improved shell script and replace the existing one:
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
Now restart Fail2ban service.
Attention
Since iRedMail-1.2, Fail2ban is configured to store banned IP addresses in SQL database, if you're running an old iRedMail release, please upgrade your iRedMail server by following the upgrade tutorials: iRedMail release notes and upgrade tutorials.
With changes below, we now store more info in Fail2ban SQL database:
Please follow steps below to apply required changes.
postgres user and connect to vmail database:postgres userpgsql user_postgresql usersu - postgres
psql -d fail2ban
\c fail2ban;
ALTER TABLE banned ADD COLUMN failures SMALLINT NOT NULL DEFAULT 0;
ALTER TABLE banned ADD COLUMN loglines TEXT;
ALTER TABLE banned ADD COLUMN rdns VARCHAR(255) NOT NULL DEFAULT '';
CREATE INDEX idx_banned_rdns ON banned (rdns);
/etc/fail2ban/action.d/banned_db.conf, find the actionban =
line like below:actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
Replace it by:
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db