iRedMail   //  Document Index

iRedMail Easy: Release Notes

Version: 2020102801 (Oct 28, 2020)

• Supports now distribution release:

  • OpenBSD 6.8. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available. NOTE:
    • Support for OpenBSD 6.6 will be dropped in 6 months.
    • Support for OpenBSD 6.7 will be dropped after 6.9 is out.
    • Fail2ban (0.11.1) is not available due to not fully compatible with the Python 3.8.6 offered by OpenBSD 6.8.

• Add /opt/iredmail/custom/custom.sh. It will be ran at the end of EACH deployment.

• Postfix:

  • Revert the block of default reverse hostnames offered by OVH.com.

• Amavisd:

  • Log matched virus database name.
  • Update regex to match SecuriteInfo virus signature names.

• Fixed issues:

  • Failed to upgrade ClamAV database on CentOS 7.
  • Incorrect rsyslog pid file path on CentOS 7.
  • Not upgrade sope* packages while upgrading SOGo packages.
  • Can not create PostgreSQL database if locale doesn't match LC_CTYPE.

• Package updates:

  • iRedAPD-4.6. Python 3.5+ is required.
  • mlmmjadmin-3.0.4. Python 3.5+ is required.
  • iRedAdmin-1.1. Python 3.5+ is required.
  • netdata-1.26.0
  • Roundcube webmail 1.4.9

Version: 2020082501 (Aug 25, 2020)

• SOGo:

  Warning

  SOGo may not successfully kill all its child processes and causes sogo service failed to start. If it occurs, please stop SOGo service manually (service sogo stop), kill orphan processes (pkill -9 sogod), then start it manually (service sogo restart).

  • Upgrade SOGo to the latest v5 branch (nightly bulid) on Linux.
  • With SOGo v5, it now send email via submission service (port 587) without ssl cert verification.

• Nginx:

  • Enable http2 for https sites by default.

• Amavisd:

  • Fix improper SQL column type for column msgs.from_address (changed from VARCHAR to VARBINARY) for MariaDB and OpenLDAP backends.

• Dovecot:

  • Logrotate config file for Dovecot uses incorrect pid file name on CentOS. Thanks Igor Cej for the report and help.
  • Fixed: do not enable spam/ham auto learning if Amavisd + SpamAssassin are not installed.

• Postfix:

  • Block default reverse hostnames (format (ns|ip)XXXX.ip-XX-XX-XX.eu, "XX" is digit numbers) offered by OVH.com. Note: If you run mail server on OVH platform with a fixed hostname and valid PTR DNS record, it's not impacted.
  • Fixed: incorrect SMTP action code for whitelisted HELO hostnames.

• Chronyd (ntp alternative on CentOS 8):

  • Add -x option for chronyd if system is running in a LXC container.

• Package updates:

  • netdata-1.24.0
  • Roundcube webmail 1.4.8

Version: 2020070701 (Jul 7, 2020)

• BIND (cache-only) DNS server:

  • Fixed: Set DNS server to only 127.0.0.1 in ifcfg-XXX scripts on CentOS. Thanks Igor Cej for the feedback and help.

• Postfix:

  • Bypass Facebook mail server HELO hostname pattern: <ip>.mail-campmail.facebook.com.

• Roundcube:

  • Add /opt/iredmail/custom/roundcube/custom.sh for advance customization. It will be ran each time you (re-)deploy Roundcube or upgrade.
  • Connect to local (127.0.0.1) IMAP server without TLS on Ubuntu 20.04 and CentOS 8. This is also considered as secure by Dovecot.

• SOGo:

  • Connect to local (127.0.0.1) IMAP server without TLS on Ubuntu 20.04 and CentOS 8. This is also considered as secure by Dovecot.

    We received reports that Roundcube and SOGo have problem when TLS is explicitly enabled for IMAP service, unfortunately we didn't figure out what causes the issue yet. As a temporary fix, we choose to disable TLS for local connection.

• Fail2ban:

  • Suppress fail2ban-client output in cron job to avoid annoying mail notification.
  • Fixed: incorrect match rule. Thanks for Igor Cej for the feedback.

• Package updates:

  • Roundcube webmail 1.4.7, with a security fix.
  • netdata-1.23.1

Version: 2020062601 (Jun 26, 2020)

• Possible issue after upgraded on CentOS 8:

  Old CentOS 8 releases shipped Dovecot-2.2.x, but the new 8.2.2004 release suprisely ships Dovecot-2.3.8 which has some backward-incompatible settings. iRedMail Easy will upgrade it from old version 2.2.36 and re-generates its config files, it MAY fail to (re)start if you have unsupported customized parameters set in config file under /opt/iredmail/custom/dovecot/conf-enabled/.

  Mostly customized parameter is ssl_protocols, it should be replace by ssl_min_protocol.

  For example, if you still need to support TLSv1, please set ssl_min_protocol = TLSv1 instead. Default value is TLSv1.2.

  • For more details, please check official Dovecot upgrade tutorial.
  • If you have issue after upgraded, feel free to create a support ticket on the iRedMail Easy platform.

• Supports now distribution releases:

  • Ubuntu 20.04. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.
  • OpenBSD 6.7. All 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available. NOTE: support for OpenBSD 6.6 will be dropped after 6.8 is out.

• Postfix:

  • Fixed: not wrap IPv6 addresses inside [] in mynetworks.
  • Fixed: not bypass HELO identities used by pinterest.com mail server.
  • Fixed: not add alias for postmaster (system) user which is used as 2bounce recipient.

• Fail2ban:

  • It now stores more info in SQL db, you can view them with iRedAdmin-Pro:
    • Number of times the failure occurred in log files
    • The log lines which triggerred the ban
    • Reverse DNS of banned IP address
  • Fixed: specify backend = pooling and journalmatch = (empty value) to avoid performance issue and startup warnings in fail2ban log file.
  • Fixed: inconsistent jail name for jail nginx-http-auth.

• Antispam:

  • [Debian/Ubuntu] Fixed: not add user debian-spamd to amavis group.
  • [OpenLDAP/MariaDB] Add missing INDEX for SQL column msgs.time_iso.

• Adminer:

  • Improve Nginx configuration to loading custom CSS file adminer.css in same directory (/opt/www/adminer/).

• Improvements of iRedMail Easy platform:

  • Make sure all 3 required official apt repositories are enabled on Ubuntu.
  • Make sure iRedMail yum repository has higher priority on CentOS.

• Package updates:

  • roundcube webmail-1.4.6. It includes few security fixes.
  • adminer-4.7.7
  • netdata-1.23.0

Version: 2020043001 (Apr 30, 2020)

• Antispam:

  • Fixed: incorrect regular expression rules which caused unbanning based on file types doesn't work.
  • Fixed: incorrect file owner and permission for SpamAssassin config files: /etc/mail/spamassassin/local.cf and razor.conf, must be owned by user/group which is running Amavisd service, with permission 0640.
  • Add /opt/iredmail/custom/spamassassin/custom.cf for custom SpamAssassin rules.

• Dovecot:

  • Fixed: improper permission on file /etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf.
  • Add /opt/iredmail/custom/dovecot/master-users for custom master users. Please do not modify /etc/dovecot/dovecot-master-users.

• Firewall:

  • [Debian 10] Fixed: Not open ports for XMPP service (5222, 5269) if Prosody is deployed.

• Nginx:

  • Fixed: improper http code 301 (permanent redirect) causes incorrect redirection after switching homepage application from SOGo to other web application. It's now replaced by 302 (temporarily redirect).

• Roundcube:

  • Fixed: not load custom config file for plugin markasjunk.

• Improvements of iRedMail Easy platform:

  • Switch self-signed SSL cert key length to 4096, also DKIM key length to
  • Note: Only new initial installation is affected, also if you already have those files, it won't re-generate them.
  • Able to customize http and https ports.
  • Add Prosody related info in /root/iRedMail/iRedMail.tips.

• Package updates:

  • Roundcube webmail 1.4.4 (includes few security fixes)

Version: 2020041601 (Apr 16, 2020)

• CentOS 8 is now supported, all 3 backends (MariaDB, PostgreSQL, OpenLDAP) are available.

  Note: RedHat dropped OpenLDAP server in RHEL 8, iRedMail Easy installs the OpenLDAP server packages (symas-openldap-*) from yum repository offered by Symas (the company behind OpenLDAP), package symas-openldap conflicts with the openldap package available in official RHEL/CentOS 8 yum repo.

• Drop support for OpenBSD 6.4, 6.5.

• New script /opt/iredmail/bin/create_user: create single user with quota support. Note: available for SQL backends.

• Dovecot:

  • TLSv1 is now disabled by default.
  • It now tracks last login of both POP3 and IMAP logins. In early releases, either POP3 or IMAP was tracked.

• Nginx:

  • New directory /opt/iredmail/custom/nginx/webapps/ used to store custom settings for web applications, it should be useful if sysadmin wants to add ACL control for the web application.

  Currently only 3 applications are supported: iRedAdmin, Roundcube, Adminer.

  For example, Nginx loads /etc/nginx/templates/iredadmin.tmpl for iRedAdmin, also loads extra settings from /opt/iredmail/custom/nginx/webapps/iredadmin.conf. If you want to limit the access to network 192.168.0.0/24, you can create file /opt/iredmail/custom/nginx/webapps/iredadmin.conf with content below and reload Nginx service:

  ```
  allow 192.168.0.0/24;
  deny all;
  ```
  

  • Cache fonts used by web applications for 30 days.
  • Fixed: can not request Let's Encrypt cert with default config file for web domain autoconfig.* and autodiscover.*.

• Roundcube:

  • Use pspell as default spell check engine.

• Amavisd:

  • Fixed: SQL column msgs.subject doesn't support storing emoji characters.

• ClamAV:

  • Fixed: incorrect permission of database directory on RHEL/CentOS.
  • Fixed: not install package libclamavunrar9 on Ubuntu for rar files.

• mlmmj (Mailing list manager):

  • Fixed: do not abort if altermime program is not available.

• Fail2ban:

  • It now works on OpenBSD.
  • Improve rsyslog config file to catch all fail2ban log.
  • Improve ban action to query and store country of IP address in SQL db.
  • Enable jail to catch iRedAdmin-Pro login failures.
  • Add cron job to unban IP addresses which are pending for removal.

• Package updates:

  • Roundcube webmail 1.4.3
  • iRedAPD-3.6
  • netdata-1.21.1

• Improvements of iRedMail Easy platform:

  • Fixed: file /etc/rsyslog.d/1-iredmail-iredapd.conf was incorrectly rewritten by Prosody component.
  • Fixed: there's incorrect rsyslog setting in file /etc/rsyslog.d/0-iredmail-misc.conf, this file is now removed.

Version: 2020021001 (Feb 10, 2020)

• PostgreSQL backend:

  • Fixed: improper index type on SQL table sender_relayhost.

• Postfix:

  • Fixed: Backup MX doesn't work.
  • Fixed: [LDAP backend] improper filter which causes missing external members while querying (not-subscribeable) mailing list with alias domain.
  • Add 3 files for custom settings:
    • /opt/iredmail/custom/postfix/aliases: alias file.
    • /opt/iredmail/custom/postfix/sender_bcc: hash file.
    • /opt/iredmail/custom/postfix/recipient_bcc: hash file.

• Roundcube:

  • Enable plugin markasjunk by default. When message is moved to Junk folder, it will be learnt as spam message. When message is moved from Junk to any other folder, it will be learnt as clean message.

• Antispam:

  • Explicitly specify (DKIM) signed header fields.
  • Use default Amavisd verbose log template.
  • Add few more custom scores in SpamAssassin to catch spams when From: equals to To: address.
  • Fixed:
    • Don't block attachment with macro in ClamAV. Parameter OLE2BlockMacros was set to true, it's now false.
    • Not update apparmor config file to grant privilege for virus scanning on Debian 10.

• Nginx:

  • Fixed: make sure log directory is not writable by group or other, otherwise logrotate will refuse to rotate log files.

• Firewalll:

  • Correctly disable ping flood with nftables on Debian 10.

• Netdata:

  • Disable checks for energid. It uses port 9998, but it's used by Amavisd-new on iRedMail server, this causes error message in Amavisd log file each time netdata starts.

• Backup scripts:

  • Backup scripts don't rely on Python to calculate dates anymore.

• Improvements of iRedMail Easy platform:

  • Fixed: Updating MariaDB/PostgreSQL/OpenLDAP/SOGo separatedly didn't update their backup scripts.
  • New options for cross-domain user query and global address book in SOGo Groupware.
  • Increase php-fpm setting request_slowlog_timeout to 60 seconds.
  • Updated Postfix package in iRedMail yum repo for PostgreSQL backend on CentOS 7.
  • On OpenBSD system, update the latest errata patch names.

• Package updates:

  • Roundcube-1.4.2
  • iRedAdmin-1.0
  • iRedAPD-3.4
  • adminer-4.7.6

Version: 2019121301 (Dec 13, 2019)

• Package updates:
  • iRedAdmin-Pro (SQL edition)

Version: 2019121001 (Dec 10, 2019)

• Fixed issues:
  • Incorrect setting in netdata main config file (netdata.conf).
  • Not remove opendmarc package, config files, SQL db and cron jobs.

Version: 2019120901 (Dec 09, 2019)

• Firewall:

  • On Debian 10, allow ping in nftables firewall.

• iRedAdmin:

  • Fixed: incorrect syslog id in uwsgi config file.
  • Simplify log format.

• mlmmjadmin:

  • Simplify log format.

• netdata:

  • Replace few Python collectors by Go modules for better performance.
  • Monitor BIND DNS service.
  • Disable email notification since netdata is too sensitive and the notification message is "useless".

• Package updates:

  • Roundcube webmail 1.4.1. It offers a shiny new web UI.
  • netdata-1.19.0
  • iRedAPD-3.3
  • iRedAdmin-0.9.9
  • adminer-4.7.5

• Improvements of iRedMail Easy platform:

  • On OpenBSD system, if latest security errata hasn't been applied, iRedMail deployment will abort with detailed warning message to remind sysadmin to apply the patches with syspatch command.

Version: 2019111201 (Nov 12, 2019)

• iRedMail Easy now supports OpenBSD 6.6.

  Warning: OpenBSD 6.4 and 6.5 support will be dropped when 6.7 is out.

• Dovecot:

  • Create and use custom (empty) global sieve rule file by default.
  • Log more events: save, copy, mailbox_create.

• Netdata:

  • Fixed: incorrect hostname in alarm notification email.

• OpenLDAP:

  • Create directory /opt/iredmail/custom/openldap/schema/ to store extra LDAP schema files.

  Apparmor config file has been updated on Ubuntu to allow slapd program to read config files from this directory.

  • Use mdb database since OpenBSD 6.6. OpenBSD 6.5 uses hdb.

• Postfix:

  • Bypass facebook.com HELO hostnames which contain IP addresses.

• Roundcube:

  • Upgrade to version 1.4.0, released on Nov 10, 2019.

• Changes to iRedMail Easy platform:

  • Fix aborted installation if Ansible fact ansible_all_ipv6_addresses is undefined.
  • Upgrade pip to the latest version before installing web.py on Debian 10.

Version: 2019102201 (Oct 22, 2019)

• OpenLDAP:

  • Remove 2 unused LDAP schema files: calentry.schema, calresource.schema.

• Postfix:

  • Fixed incorrect CA file on OpenBSD.
  • Add LIMIT 1 in SQL queries for better performance.

• Dovecot:

  • Log ssl protocol and cipher information for login session. e.g. "TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)"

• Firewall:

  • Fixed: not filter IPv4/IPv6 addresses while generating iptables rules.
  • Fixed: not enable ipv6-icmp in firewall.

• Nginx:

  • Make sure Apache/Lighttpd service is not enabled, otherwise Nginx may not be able to start due to 80/443 ports are used by them.

• AntiSpam:

  • OpenDMARC has been removed due to internal bug which caused incorrect email rejection. Bug reported to upstream: https://github.com/trusteddomainproject/OpenDMARC/issues/50

• autodiscover:

  • Fixed the Undefined offset php error.
  • Log the schema data sent by remote MUA, also the settings sent to MUA.
  • Log file is now /var/log/autoconfig/autoconfig.log.

• netdata:

  • If component Nginx was not chosen, netdata is inaccessible although Nginx is actually deployed as dependent component.

  • Move http auth file to /opt/iredmail/custom/netdata/.

    Since netdata-1.17.0, netdata sets permission of directory /opt/netdata/etc/netdata/ to 0700, this causes Nginx can not read the http auth file.

• Backup scripts:

  • It now removes old empty backup directories.

• Changes to iRedMail Easy platform:

  • Not add priority parameter in iRedMail yum repo. (CentOS 7 only)
  • Able to whitelist IP or CIDR newtorks in fail2ban.
  • Do not forward systemd journald log to syslog.
  • Run shell script /opt/iredmail/custom/openldap/custom.sh while deploying or upgrading OpenLDAP. You can write shell commands in this file to update other config files for advanced customization. for example, updating /etc/sysconfig/slapd (CentOS) or /etc/ldap/slapd (Debian/Ubuntu) to make OpenLDAP listening on all available network interfaces and IP addresses.
  • Add Fail2ban related info in /root/iRedMail/iRedMail.tips.
  • Make sure no SysV script and rule files for 'iptables' service on Debian 10.

• Package updates:

  • netdata -> 1.18.1
  • iredapd -> 3.2

Version: 2019090601 (Sep 06, 2019)

• Postfix:

  • Sign DKIM signature for locally generated emails, like auto-reply (a.k.a vacation) message.

• Nginx:

  • Redirect URI /adminer/ to /adminer.

• Dovecot:

  • Add setting sieve_redirect_envelope_from=recipient. It's used to rewrite sender address in redirected message (with sieve directive redirect) to the final recipient address of the message.

    For example, someone@gmail.com sends an email to user@domain.com which is hosted on your server, and this user has sieve rule to redirect received message to forward@3rd-domain.com, with default Dovecot setting (sieve_redirect_envelope_from=sender), user forward@3rd-domain.com will receive this email with sender address someone@gmail.com in mail header, but with sieve_redirect_envelope_from=recipient, the sender address will be user@domain.com.

  • Log delivery_time of LDA/LMTP.

• php-fpm:

  • Set value of post_max_size 1MB larger than upload_max_filesize, so that Roundcube can successfully upload mail attachment.

• OpenDMARC:

  • Add shell script and cron job to update public_suffix_list.dat every 2 days.

• SpamAssassin:

  • Set 3 custom scores in SpamAssassin to catch more spams.
    • score SPF_FAIL 5: sender does not match SPF record (fail)
    • score TO_EQ_FM_SPF_FAIL 5: To == From and external SPF failed
    • score TO_EQ_FM_DOM_SPF_FAIL 5: To domain == From domain and external SPF failed

• ClamAV:

  • Increase systemd timeout value to avoid startup failure on low memory server.

• Fixed issues:

  • Improper postrotate command for logrotate program on Linux.

• Package updates:

  • roundcube -> 1.3.10
  • adminer -> 4.7.3
  • iRedAPD -> 3.1
  • netdata -> 1.17.0
  • iRedAdmin -> 0.9.8

• Changes to iRedMail Easy platform:

  • Firewall rule always opens port 22 for ssh.
  • Add curl as required packages.
  • Use package branch (%7.3) instead of version number for php on OpenBSD.

Version: 2019080201 (Aug 02, 2019)

• Dovecot:

  • Fixed: not add required SQL column mailbox.enablequota-status. This will cause mail rejection.

• Firewall:

  • Run /opt/iredmail/custom/firewall/custom.sh after each deployment.

Version: 2019080101 (Aug 01, 2019)

• It now supports Debian 10.

• Dovecot:

  • Enable quota-status service used to query mailbox quota.
  • Fixed: Not install package dovecot-mysql for OpenLDAP backend on CentOS.

• Postfix:

  • Lookup user's mailbox quota status from Dovecot quota-status service, reject email if mailbox is over quota. This will help save system resources used for spam/virus scanning, avoids "sender non-delivery notification" bounce message.
  • Fixed: not copy /etc/resolv.conf to /var/spool/postfix/etc/.

• Nginx:

  • Fixed: improper order while loading modular config files.

  • ATTENTION: directive ssl on; has been removed (in /etc/nginx/templates/ssl.tmpl) due to it's deprecated by Nginx itself. If you have custom web host, please use listen <port> ssl; in the server {} block (in /etc/nginx/sites-enabled/*.conf) instead.

    For example:

    • Old config file /etc/nginx/sites-enabled/00-default-ssl.conf:

      server { listen 443; ... }

    • New directive:

      server { listen 443 ssl; ... }

• Firewall:

  • Port 465 (SMTP over SSL) is not open in firewall when the service is enabled.

• Package updates:

  • adminer -> 4.7.2

Version: 2019071501 (Jul 15, 2019)

• OpenDMARC integration.

  • The integration is enabled by default. To disable it, please go to mail server profile page, toggle on option Disable DMARC under Settings tab.
  • Unfortunately, OpenBSD 6.5 and earlier releases don't have such integration due to binary package missing. The good news is the latest ports tree already has it and binary package is available for OpenBSD -snapshot branch.

• Roundcube:

  • New config files used to store custom settings for official plugins:
    • password plugin: /opt/iredmail/custom/roundcube/config_password.inc.php
    • managesieve plugin: /opt/iredmail/custom/roundcube/config_managesieve.inc.php

• Postfix:

  • Fixed: improper order of restriction rules in smtpd_sender_restrictions.

    File /etc/postfix/sender_access.pcre is not used anymore, all content in this file should be moved to /opt/iredmail/custom/postfix/sender_access.pcre instead.

• Nginx:

  • Compress more file types with gzip module (/etc/nginx/conf-available/gzip.conf).

• Few programs moved and/or renamed:

  • /opt/iredmail/bin/fail2ban_unbanip -> /opt/iredmail/bin/fail2ban/unbanip.
  • /opt/iredmail/bin/generate_password_hash.py -> /opt/iredmail/bin/generate_password_hash.
  • /opt/iredmail/bin/dovecot/scan_reported_mails.sh -> /opt/iredmail/bin/dovecot/scan_reported_mails

• Fixed issues of iRedMail Easy platform:

  • If IPv6 is disabled, installation will be abort due to Nginx is configured (by Debian/Ubuntu packaging) to listen on IPv6 address.
  • If no PHP applications are going to be installed, no php-fpm related configuration should be enabled (/etc/nginx/templates/misc.tmpl).
  • Make sure installed services are running while cleaning up the deployment.
  • Not run freshclam immediately to fetch/update ClamAV virus database.
  • Removing unused ClamAV log file (/var/log/clamav/clamav.log) causes error in cron job added by ClamAV package.

• Package updates:

  • iRedAPD 3.0. It fixes a critical bug of throttle plugin.
  • iRedAdmin-Pro. Note: it requires a valid iRedAdmin-Pro license.

Version: 2019060601 (Jun 06, 2019)

• Fail2ban:

  • Remove jail 'sshd-ddos'. Fail2ban doesn't ship its filter conf anymore.

• Dovecot:

  • Set default client_limit and process_limit based on memory size.

• autoconfig:

  • Fixed: not handle URI /.well-known/autoconfig/mail/config-v1.1.xml.

• Improvements of iRedMail Easy platform:

  • Able to ban/unban given file types.
  • Remove deprecated ClamAV parameters.
  • Remove unused ClamAV log file (/var/log/clamav/clamav.log).
  • Able to disable HELO hostname DNS check.
  • Fixed: not always restart iRedAdmin service to reload the code of new version.

• Package updates:

  • iRedAPD 2.9. It fixes 2 bugs.
  • netdata 1.15.0

Version: 2019042801 (Apr 28, 2019)

• Postfix:

  • Enable header/body checks for email injected by Amavisd.
  • Fixed: not load custom header_checks and body_checks pcre maps.
  • Fixed: port 1025/10025/10028 are not listening on only 127.0.0.1.
  • Fixed: per-user bcc doesn't work with MySQL/MariaDB backends.

• SOGo:

  • [PostgreSQL backend] Fix incorrect owner of SQL VIEWs used for address books.
  • [SQL backends] Fix incorrect SQL VIEWs which causes error to display contacts in address books.
  • [SQL backends] Display all contacts directly in per-domain address book.

• Package updates:

  • iRedAPD 2.8
  • iRedAdmin 0.9.7 (open source edition)
  • netdata 1.14.0

• Improvements of iRedMail Easy platform:

  • Supports OpenBSD 6.5.

    WARNING: OpenBSD 6.4 support will be removed when OpenBSD 6.6 is out. That means you must upgrade OpenBSD 6.4 to 6.5 before 6.6 is out.

  • Fixed: not enable php ldap extension for Roundcube for OpenLDAP backend.

  • Do not always update SOGo packages. We're using SOGo nightly build, it's not always stable, upgrading may cause issue.
  • Send iRedMail.tips file to postmaster after deployment.

Version: 2019040201 (Apr 02, 2019)

• Roundcube

  • Upgrade to 1.3.9 (Detailed ChangeLog.)

• Dovecot:

  • Able to track user last (POP3/IMAP) login for OpenLDAP and MariaDB backends. It's disabled by default, you can enable it in iRedMail Easy user portal, in mail server profile page, tab "Settings".

    Note: Dovecot doesn't support this with PostgreSQL yet.

    Here's detailed tutorial to show you what changes are applied to Dovecot: Track user last login time.

• Improvements of iRedMail Easy platform:

  • Send iRedMail.tips file to postmaster after deployment.

Version: 2019032701 (Mar 27, 2019)

• Dovecot:

  • Improve imapsieve setting to handle different IMAP command sent by Microsoft Outlook (it sometimes uses APPEND instead of COPY for moving message to another folder).

• iRedAPD:

  • Update to version 2.7, with SRS (Sender Rewriting Scheme) support.

    Note: SRS is disabled by default, you can enable it in mail server profile page with the iRedMail Easy web UI.

  • Switch logging to syslog (and logrotate).

• iRedAdmin:

  • Update to 0.9.6.

• BIND (local cache-only DNS server):

  • Set syslog facility to 'local5'.

• netdata:

  • Update to version 1.13.0.
  • Switch logging to syslog (and logrotate).
  • Disable sending anonymous statistics to netdata cloud.

• SpamAssassin:

  • Add one custom rule to catch porn spams.
  • Fixed: not create required SQL tables for bayes.

• AutoConfig/AutoDiscover

  • Domain name autoconfig.<domain> and autodiscover.<domain> are not required if the web domain is hosted on iRedMail server, Outlook will look for https://<web-domain>/autodiscover/autodiscover.xml.

• Fail2ban:

  • Slightly loose filter for postfix to reduce unexpected ban caused by Outlook for macOS.

• SOGo:

  • Enable per-domain global address book for OpenLDAP backend by default. We sponsored SOGo team to implement this feature: https://sogo.nu/bugs/view.php?id=3685 Note: it requires SOGo nightly build version '4.0.7.20190318' or later, OpenBSD 6.4 doesn't support this feature due to old SOGo package.
  • Enable builtin IMAP4 pooling by default. User should notice faster IMAP operations.

• Backup:

  • Backup OpenLDAP data with option -o ldif-wrap=no, to avoid break long line to multiple lines. The dumped LDIF file is easier to work with grep and other command line tools.

• Improvements of iRedMail Easy platform:

  • Make sure OpenLDAP service is running before populating data.
  • Make Nginx/Dovecot/Postfix not listen on address ::1 if system doesn't have IPv6 support.
  • Slightly reduce Amavisd max_servers to same as RAM (GB) for better stability.
  • Always check and make sure major components are the latest versions.
  • Always update major components (postfix/dovecot/sogo/fail2ban/...) to the latest stable release.
  • Always print command output of nginx -t for troubleshooting before restart nginx servvice, it's very useful for troubleshooting.
  • New option Trusted clients in mail server profile page, under tab Settings. You can list all trusted IP addresses or CIDR networks here, they will be whitelisted by few components:
    • Postfix: parameter mynetworks in /etc/postfix/main.cf
    • iRedAPD: parameter MYNETWORKS in /opt/iredapd/settings.py
    • Fail2ban: parameter ignoreip in /etc/fail2ban/ignoreip.local

• Fixed issues of iRedMail Easy platform:

  • Incorrect permission of directories used to store prosody custom modules and config files.

Version: 2019021901 (Feb 19, 2019)

• Improvements:

  • Able to remove ssh public key on target server.
  • SSH keys which were generated 7 days ago will be removed automatically from iRedMail Easy platform.

• Fixed issues:

  • php-fpm: not reopen log file after rotation.
  • mlmmjadmin:
    • Incorrect LDAP base dn in config file.
    • Do not return error if mailing list directory doesn't exist.
  • Incorrect iRedAPD plugin name for OpenLDAP backend.
  • Few bugs with in Ansible deployment code.

• Package updates:

  • mlmmjadmin -> 2.1
  • iRedAdmin (open source edition) -> 0.9.5

Version: 2019013001 (Jan 30, 2019)

• Set max open file limit by SOGo daemon to unlimited.
• Able to set memcached cache size (in MB).
• Able to disable spam/virus scanning.
• Able to deploy iRedAdmin-Pro with your license key.
• Able to custom http/https network ports, max file size of (web) upload file.
• Enable bayes auto-learn in SpamAssassin, and store bayes in SQL db.
• Increase scores of DNSBL relevant spamassassin rules to catch more spams.

• Enable imapsieve plugin in Dovecot by default.

  Message moved to Junk folder will be copied to a directory for spam learning later, vice verse, message moved out of Junk will be copied for ham learning later.

  The spam/ham learning will be performed every 10 minutes with a cron job.

  Now encourage your users to report spams by moving spams to Junk folder. :)

• Fixed issues:

  • Can not login to XMPP service (Prosody) due to incorrect permission of auth module files.
  • ip6tables failed to start on server which doesn't have IPv6 address.

• Updated packages:

  • mlmmjadmin-2.0
  • adminer-4.7.1

Version: 2019010201 (Jan 2, 2019)

Hello, 2019. :)

• Updated packages:
  • iRedAPD-2.4. Fixed a greylisting issue.
• Fixed issues:
  • Not correctly set owner and permission of custom Postfix config files and hash db files.
  • Not remove unused modular nginx config file for iredadmin.

Version: 2018122301 (Dec 23, 2018)

• Fixed:
  • Improper dovecot ldap/sql queries which doesn't convert upper cases of maildir to lower cases.

Version: 2018121701 (Dec 17, 2018)

• New directory /opt/www/well-known, mostly used for Let's Encrypt cert request.
• Download source tarball of web applications to iRedMail deploy server first, then upload it to target host. If target host can not access website like github.com, we can still download required packages for iRedMail deployment.
• Firewall:
  • Add rc script and firewall rule for ipv6 on Debian/Ubuntu:
    • /etc/init.d/ip6tables
    • /etc/default/ip6tables
• OpenLDAP backend:
  • Do not enable TLS/SSL support in OpenLDAP by default.
  • Add database monitor by default.
  • Include calresource.schema and calentry.schema by default. Required by SOGo for resource management.
  • Index attribute departmentNumber.
• Fail2ban:
  • Remove duplicate filter rules for Postfix postscreen service.
• SOGo:
  • Add new parameters to support resource management.
  • Add mail aliases and mailing lists as address book.
  • Fix incorrect column name in SQL views.
• netdata:
  • Supports monitoring OpenLDAP.
• Fixed:
  • Ubuntu: Missing apparmor rule to allow ClamAV to scan emails.
  • not enable php-fpm status support in Nginx and netdata.
  • not load rsyslog module imjournal for rate limit control.
• Package update:
  • netdata -> 1.11.1
  • adminer -> 4.7.0