Upgrade iRedMail from 1.4.2 to 1.5.0

Paid Remote Upgrade Support

We offer remote upgrade support if you don't want to get your hands dirty, check the details and contact us.

ChangeLog

General (All backends should apply these changes)

Update /etc/iredmail-release with new iRedMail version number

iRedMail stores the release version in /etc/iredmail-release after installation, it's recommended to update this file after you upgraded iRedMail, so that you can know which version of iRedMail you're running. For example:

1.5.0

Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.0.4)

Please follow below tutorial to upgrade iRedAPD to the latest stable release: Upgrade iRedAPD to the latest stable release

Upgrade iRedAdmin (open source edition) to the latest stable release (1.6)

Please follow below tutorial to upgrade iRedAdmin to the latest stable release: Upgrade iRedAdmin to the latest stable release.

Upgrade mlmmjadmin to the latest stable release (3.1.3)

Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release

Upgrade Roundcube webmail to the latest stable release (1.5.1)

MySQL and MariaDB server tunning

On CentOS 7, Debian 10 and Ubuntu 18.04, you must add 2 parameters in MySQL or MariaDB config file to avoid error Specified key was too long; max key length is 767 bytes: - On CentOS 7: it's /etc/my.cnf - On Debian 10: it's /etc/mysql/my.cnf

[mysqld] innodb_large_prefix=ON innodb_file_format=Barracuda

Please follow Roundcube official tutorial to upgrade Roundcube webmail to the latest stable release:

Upgrade netdata to the latest stable release (1.32.1)

If you have netdata installed, you can upgrade it by following this tutorial: Upgrade netdata.

Nginx: several improvements

Attention

All credit goes to GitHub user @ludovicandrieux, thanks for the contributions. See also: #136, #137, #138.

To apply these changes, please open file /etc/nginx/templates/ssl.tmpl with your favourite text editor, then:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH;
# Greatly improve the performance of keep-alive connections over SSL.
# With this enabled, client is not necessary to do a full SSL-handshake for
# every request, thus saving time and cpu-resources.
ssl_session_cache shared:SSL:10m;

Restarting Nginx service is required.

Dovecot: enable a new ssl cipher and remove a weak one

Please open file /etc/dovecot/dovecot.conf (Linux/OpenBSD) or /usr/local/etc/dovecot/dovecot.conf (FreeBSD), update parameter ssl_cipher_list to below value, it adds new cipher EECDH+CHACHA20 and removes the weak one AES256+EDH:

ssl_cipher_list = EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH

Restarting Dovecot service is required.