Upgrade iRedMail from 1.4.0 to 1.4.1

Paid Remote Upgrade Support

We offer remote upgrade support if you don't want to get your hands dirty, check the details and contact us.

ChangeLog

General (All backends should apply these changes)

Update /etc/iredmail-release with new iRedMail version number

iRedMail stores the release version in /etc/iredmail-release after installation, it's recommended to update this file after you upgraded iRedMail, so that you can know which version of iRedMail you're running. For example:

1.4.1

Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.0.3)

Attention

iRedAPD has been migrated to Python 3 and doesn't support Python 2 anymore.

Please follow below tutorial to upgrade iRedAPD to the latest stable release: Upgrade iRedAPD to the latest stable release

Upgrade iRedAdmin (open source edition) to the latest stable release (1.5)

Attention

iRedAdmin has been migrated to Python 3 and doesn't support Python 2 anymore.

Please follow below tutorial to upgrade iRedAdmin to the latest stable release: Upgrade iRedAdmin to the latest stable release.

Upgrade mlmmjadmin to the latest stable release (3.1.2)

Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release

Upgrade netdata to the latest stable release (1.31.0)

If you have netdata installed, you can upgrade it by following this tutorial: Upgrade netdata.

Amavisd: Add some useful ban rules

Microsoft Office documents are banned with iRedMail default settings, but it's common that some mailbox may need to receive such documents.

Here we define some ban rules to allow these Office document types, iRedMail server admin can update per-user spam policy to allow receiving such documents.

# Define some useful rules.
%banned_rules = (
    # Allow all Microsoft Office documents.
    'ALLOW_MS_OFFICE'   => new_RE([qr'.\.(doc|docx|xls|xlsx|ppt|pptx)$'i => 0]),

    # Allow Microsoft Word, Excel, PowerPoint documents separately.
    'ALLOW_MS_WORD'     => new_RE([qr'.\.(doc|docx)$'i => 0]),
    'ALLOW_MS_EXCEL'    => new_RE([qr'.\.(xls|xlsx)$'i => 0]),
    'ALLOW_MS_PPT'      => new_RE([qr'.\.(ppt|pptx)$'i => 0]),

    # Default rule.
    'DEFAULT' => $banned_filename_re,
);

Here we defines 5 ban rules:

You're free to define more ban rules to fit your own needs.

Attention

Example: How to use these ban rules

If you already define per-user, per-domain, or global spam policy with iRedAdmin-Pro or manually, you can now assign these ban rules to them.

For example, if you have spam policy for user user@domain.com, to allow this user to accept Microsoft Word and Excel documents, you can run SQL commands below to achieve it (Note: we use MySQL for example):

USE amavisd;
UPDATE policy SET banned_rulenames="ALLOW_MS_WORD,ALLOW_MS_EXCEL" WHERE policy_name="user@domain.com";

For OpenLDAP backend

Add new attribute/value pairs for per-user SOGo webmail / calendar / activesync service control

iRedMail-1.4.1 improves SOGo config file and it's able to enable or disable per-user SOGo webmail, calendar, activesync services with 3 new LDAP attribute/value pairs:

The old enabledService=sogo is still used to enable or disable whole SOGo access.

cd /root/
wget https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/update-ldap.py
# Part of file: updateLDAPValues_099_to_1.py

uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'
# python3 update-ldap.py

SOGo: Update config file

Open SOGo main config file /etc/sogo/sogo.conf (Linux/OpenBSD) or /usr/local/etc/sogo/sogo.conf (FreeBSD), find the SOGoUserSources block like below:

    // Authentication using LDAP
    SOGoUserSources = (
        {
            // Used for user authentication
            type = ldap;
            id = users;
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )

Add new parameter ModulesConstraints right after canAuthenticate = YES; line like below:

    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { enabledService = sogowebmail; };
                Calendar = { enabledService = sogocalendar; };
                ActiveSync = { enabledService = sogoactivesync; };
            };

            // ... we omit other config lines here ...
        }
    )

For MySQL and MariaDB backends

Add new SQL columns in vmail.mailbox table for per-user SOGo webmail / calendar / activesync service control

iRedMail-1.4.1 introduces 3 new columns used to enable or disable per-user SOGo webmail, calendar and activesync services:

Download plain SQL file used to update SQL table, then import it as MySQL root user (Please run commands below as root user):

wget -O /tmp/iredmail.mysql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/iredmail.mysql
mysql vmail < /tmp/iredmail.mysql
rm -f /tmp/iredmail.mysql

SOGo: Re-create SQL VIEW and update config file

Download plain SQL file used to update SQL table, then import it as MySQL root user (Please run commands below as root user):

wget -O /tmp/sogo.mysql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/sogo.mysql
mysql sogo < /tmp/sogo.mysql
rm -f /tmp/sogo.mysql

Now open SOGo main config file /etc/sogo/sogo.conf (Linux/OpenBSD) or /usr/local/etc/sogo/sogo.conf (FreeBSD), find the SOGoUserSources block like below:

    // Authentication using SQL
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = ...
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )

Add new parameter ModulesConstraints right after canAuthenticate = YES; line like below:

    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { c_webmail = y; };
                Calendar = { c_calendar = y; };
                ActiveSync = { c_activesync = y; };
            };

            // ... we omit other config lines here ...
        }
    )

Restarting SOGo service is requried.

For PostgreSQL backend

Add new SQL columns in vmail.mailbox table for per-user SOGo webmail / calendar / activesync service control

iRedMail-1.4.1 introduces 3 new columns used to enable or disable per-user SOGo webmail, calendar and activesync services:

Download plain SQL file used to update SQL table:

wget -O /tmp/iredmail.pgsql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/iredmail.pgsql
chmod +r /tmp/iredmail.pgsql
su - postgres
psql -d vmail < /tmp/iredmail.pgsql
rm -f /tmp/iredmail.pgsql

SOGo: Re-create SQL VIEW and update config file

Download plain SQL file used to update SQL table:

wget -O /tmp/sogo.pgsql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/sogo.pgsql
chmod +r /tmp/sogo.pgsql

Please open file /tmp/sogo.pgsql, replace string VMAIL_DB_BIND_PASSWD by the real password of SQL user vmail. You can find the password in any file under /etc/postfix/pgsql/.

After updated /tmp/sogo.pgsql, please connect to PostgreSQL server as postgres user and import the SQL file: on Linux, it's postgres user on FreeBSD, it's pgsql user * on OpenBSD, it's _postgresql user

su - postgres
psql -d sogo < /tmp/sogo.pgsql
rm -f /tmp/sogo.pgsql

Now open SOGo main config file /etc/sogo/sogo.conf (Linux/OpenBSD) or /usr/local/etc/sogo/sogo.conf (FreeBSD), find the SOGoUserSources block like below:

    // Authentication using SQL
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = ...
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )

Add new parameter ModulesConstraints right after canAuthenticate = YES; line like below:

    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { c_webmail = y; };
                Calendar = { c_calendar = y; };
                ActiveSync = { c_activesync = y; };
            };

            // ... we omit other config lines here ...
        }
    )

Restarting SOGo service is requried.