1

Topic: iRedMail-0.9.0-rc1 has been released

Dear all,

iRedMail-0.9.0-rc1 has been released, we need your help to test it before we tag it as stable release.

* Download it directly with this link: https://bitbucket.org/zhb/iredmail/down … c1.tar.bz2
* IMPORTANT NOTE: it's not recommended for production use. and we don't provide upgrade tutorial for beta/rc releases.

This release candidate has better RHEL/CentOS 7 support, and below are the full changes since iRedMail-0.9.0-beta2:

* Use /var/lib/nginx_tmp_client_body to temporarily store user uploaded files.
* Enable '@lookup_sql_dsn' in Amavisd by default, used for per-recipient
  (per-user, per-domain and global) policy lookup, including per-recipient
  white/blacklist, spam policy control.
* Backup scripts will log backup status in SQL table `iredadmin`, admin can check
  backup status with iRedAdmin (either open source edition of iRedAdmin-Pro).
* Fix incorrect privilege on PostgreSQL table 'vmail.deleted_mailboxes_id_seq'.
* Fix incorrect SQL command used to create iRedAdmin database for OpenLDAP
  backend on OpenBSD.
* Replace mod_auth_mysql/pgsql by apr-util-mysql/pgsql for Awstats/Cluebringer
  webui user authentication on Debian/Ubuntu.

Better RHEL/CentOS 7 support:


* Install epel-release and phpLDAPadmin from vendor repo.
* Update Roundcube webmail to the latest 1.0.3.
* Don't open network ports for ldap/ldaps service in firewalld.
* Fix incorrect ClamAV socket location on RHEL/CentOS 7.
* Fix improper file owner of Amavisd config file, it's now owned by amavisd group.

New iRedAPD release has some improvements too:

  • New plugin: plugins/amavisd_reject_message_size_limit.py, works with Postfix 'smtpd_end_of_data_restrictions'. Used to reject email if current message size exceeds per-recipient message_size_limit stored in Amavisd database (column `policy.message_size_limit`).

  • Detect current smtp protocol state and pick up applicable plugins. It's now working with Postfix 'smtpd_end_of_data_restrictions'.

Here's full changes since iRedMail-0.8.7:

    * Improvement:
        - Backup scripts will log backup status in SQL table `iredadmin`, so
          that admin can easily check backup status with iRedAdmin.
        - Nginx support is now available on all Linux/BSD distributions.
        - MariaDB support is now available on FreeBSD.
        - Enable '@lookup_sql_dsn' in Amavisd by default, used for per-user,
          per-domain and global per-recipient policy, including per-recipient
          white/blacklist, spam policy.
        - New index in `amavisd` database for SQL column `policy.policy_name`.
          Required by iRedAdmin-Pro self-service.
        - On RHEL/CentOS, phpldapadmin is now installed from EPEL repo.

    * Fixed:
        - Replace mod_auth_mysql/pgsql by apr-util-mysql/pgsql for Awstats
          and Cluebringer webui user authentication on Debian/Ubuntu.
        - Set 'receive_override_options=no_address_mappings' in Postfix to
          disable address mappings before content filter (Amavisd, in our
          case), and remove 'no_address_mappings' in Postfix master.cf defined
          for transport '127.0.0.1:10025'.
          Important note: you should comment out
          'receive_override_options=no_address_mappings' in Postfix if you
          don't have a content filter.
        - Not enable cron job to update SpamAssassin rules in file
          /etc/default/spamassassin (CRON=1) on Debian/Ubuntu.
        - Incorrect quota dict name in Dovecot quota warning script.
        - Decrease number of pre-forked Amavisd processes to 4 to reduce
          memory usage.
        - Add missing SQL column (mailbox.enableindexer-worker) and LDAP
          attribute/value pair: enabledService=indexer-worker. Required by
          Dovecot.
          Thanks dwbotsch <botsch _at_ cnf.cornell.edu> for the report.

    * Updated packages:
        + Roundcube webmail -> 1.0.3
        + iRedAPD -> 1.4.4. Bug fixes, performance improvement, new plugins.
        + iRedAdmin -> 0.4. New tool scripts, fixes several issues.

    * Below packages are removed from iRedMail for security concern and their
      own package dependences:
        - phpMyAdmin
        - phpPgAdmin

      If you need a sql management tool, please try http://adminer.org/
      (web-based, a single PHP file) or other desktop applications instead.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail-0.9.0-rc1 has been released

iRedMail-0.9.0-rc1 fails to install on Debian Wheezy.

Problems from install script:
< INFO > Validate packages ...md5sum: WARNING: 1 line is improperly formatted
    [ OK ]
< INFO > Configure LDAP server: OpenLDAP.
ldap_add: No such object (32)
As a result the ldap server is never populated and the installation is broken.

Also, choosing nginx as web server will still install apache

3 (edited by mir 2014-10-11 07:22:29)

Re: iRedMail-0.9.0-rc1 has been released

I think the bug is related to the fact that Debian Wheezy is configured with new school openldap configuration and iredmail uses old school configuration. To have this work you need to move/delete  the slapd.d folder in /etc/ldap

4

Re: iRedMail-0.9.0-rc1 has been released

mir wrote:

< INFO > Configure LDAP server: OpenLDAP.
ldap_add: No such object (32)

I cannot reproduce this issue, installation with OpenLDAP backend works fine for me.

mir wrote:

Also, choosing nginx as web server will still install apache

PHP depends on Apache, so we have to install it. By the way, both Apache + Nginx are configured, you can switch between them anytime.

5

Re: iRedMail-0.9.0-rc1 has been released

ZhangHuangbin wrote:
mir wrote:

< INFO > Configure LDAP server: OpenLDAP.
ldap_add: No such object (32)

I cannot reproduce this issue, installation with OpenLDAP backend works fine for me.

I have tried two times. Fails every time with the same error.

6

Re: iRedMail-0.9.0-rc1 has been released

mir wrote:
ZhangHuangbin wrote:
mir wrote:

< INFO > Configure LDAP server: OpenLDAP.
ldap_add: No such object (32)

I cannot reproduce this issue, installation with OpenLDAP backend works fine for me.

I have tried two times. Fails every time with the same error.

I have tried again. Still same result.

ldapsearch -Y EXTERNAL -H ldapi:/// '(obejct=*)'
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (obejct=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

7

Re: iRedMail-0.9.0-rc1 has been released

Could you please try this patch and try to install iRedMail again? It will print addition log on terminal, please paste them here to help troubleshoot.

diff -r 0d6c934ab67a iRedMail/functions/openldap.sh
--- a/iRedMail/functions/openldap.sh    Fri Oct 10 18:36:38 2014 +0800
+++ b/iRedMail/functions/openldap.sh    Sat Oct 11 10:11:29 2014 +0800
@@ -186,13 +186,15 @@
     chmod -R 0700 ${OPENLDAP_DATA_DIR}
 
     ECHO_DEBUG "Starting OpenLDAP."
-    service_control restart ${OPENLDAP_RC_SCRIPT_NAME} &>/dev/null
+set -x
+    service_control restart ${OPENLDAP_RC_SCRIPT_NAME}
 
     ECHO_DEBUG "Sleep 5 seconds for LDAP daemon initialization ..."
     sleep 5
 
     ECHO_DEBUG "Populate LDAP tree."
     ldapadd -x -D "${LDAP_ROOTDN}" -w "${LDAP_ROOTPW}" -f ${LDAP_INIT_LDIF} >/dev/null
+set +x
 
     cat >> ${TIP_FILE} <<EOF
 OpenLDAP:

8

Re: iRedMail-0.9.0-rc1 has been released

ZhangHuangbin wrote:

Could you please try this patch and try to install iRedMail again? It will print addition log on terminal, please paste them here to help troubleshoot.

diff -r 0d6c934ab67a iRedMail/functions/openldap.sh
--- a/iRedMail/functions/openldap.sh    Fri Oct 10 18:36:38 2014 +0800
+++ b/iRedMail/functions/openldap.sh    Sat Oct 11 10:11:29 2014 +0800
@@ -186,13 +186,15 @@
     chmod -R 0700 ${OPENLDAP_DATA_DIR}
 
     ECHO_DEBUG "Starting OpenLDAP."
-    service_control restart ${OPENLDAP_RC_SCRIPT_NAME} &>/dev/null
+set -x
+    service_control restart ${OPENLDAP_RC_SCRIPT_NAME}
 
     ECHO_DEBUG "Sleep 5 seconds for LDAP daemon initialization ..."
     sleep 5
 
     ECHO_DEBUG "Populate LDAP tree."
     ldapadd -x -D "${LDAP_ROOTDN}" -w "${LDAP_ROOTPW}" -f ${LDAP_INIT_LDIF} >/dev/null
+set +x
 
     cat >> ${TIP_FILE} <<EOF
 OpenLDAP:

This is the output:
< INFO > Configure LDAP server: OpenLDAP.
+ service_control restart slapd
+ ECHO_DEBUG 'Sleep 5 seconds for LDAP daemon initialization ...'
+ '[' XNO == XYES ']'
+ sleep 5
+ ECHO_DEBUG 'Populate LDAP tree.'
+ '[' XNO == XYES ']'
+ ldapadd -x -D cn=Manager,dc=foo,dc=bar -w bigsecret -f /root/iRedMail-0.9.0-rc1/conf/ldap_init.ldif
ldap_add: No such object (32)
+ set +x

As I see it the LDAP directory is configured with Debian's default config and not configured with the structure required by iRedMail so the ldapadd fails due to the missing ldap structure from the iRedMail initial structure script.

I will try with even more output.

9 (edited by mir 2014-10-11 17:40:15)

Re: iRedMail-0.9.0-rc1 has been released

I have found the bug.

The generated file '/etc/ldap/slapd.conf' contains and empty suffix when adding the appropriate suffix which in the above case is dc=foo,dc=bar the ldapadd -x -D cn=Manager,dc=foo,dc=bar -w bigsecret -f /root/iRedMail-0.9.0-rc1/conf/ldap_init.ldif adds the directory structure as expected.

See http://www.openldap.org/faq/data/cache/157.html
"Note: if the entry being added is the same as database suffix, it's parent isn't required. Ie: if your suffix is "dc=domain,dc=com", "dc=com" doesn't need to exist to add "dc=domain,dc=com". "

10

Re: iRedMail-0.9.0-rc1 has been released

mir wrote:

I have found the bug.

The generated file '/etc/ldap/slapd.conf' contains and empty suffix when adding the appropriate suffix which in the above case is dc=foo,dc=bar the ldapadd -x -D cn=Manager,dc=foo,dc=bar -w bigsecret -f /root/iRedMail-0.9.0-rc1/conf/ldap_init.ldif adds the directory structure as expected.

See http://www.openldap.org/faq/data/cache/157.html
"Note: if the entry being added is the same as database suffix, it's parent isn't required. Ie: if your suffix is "dc=domain,dc=com", "dc=com" doesn't need to exist to add "dc=domain,dc=com". "

I am wondering:
    perl -pi -e 's#PH_LDAP_SUFFIX#$ENV{LDAP_SUFFIX}#g' ${OPENLDAP_SLAPD_CONF}

    perl -pi -e 's#PH_OPENLDAP_DEFAULT_DBTYPE#$ENV{OPENLDAP_DEFAULT_DBTYPE}#g' ${OPENLDAP_SLAPD_CONF}
    perl -pi -e 's#PH_LDAP_SUFFIX#$ENV{LDAP_SUFFIX}#g' ${OPENLDAP_SLAPD_CONF}

In script functions/openldap.sh the ldap suffix is written twice. Is that how it should be?
If $ENV{LDAP_SUFFIX} is empty the second time then slapd.conf will end up with an empty suffix.

11

Re: iRedMail-0.9.0-rc1 has been released

It seems $ENV{LDAP_SUFFIX} contains an empty string.

How to make installation successful:
1) When installation is finished and before reboot add correct suffix to /etc/ldap/slapd.conf
2) restart slapd 'service slapd restart'
3) Add missing initial iRedMail data to ldap ldapadd -x -D cn=Manager,dc=foo,dc=bar -w bigsecret -f /root/iRedMail-0.9.0-rc1/conf/ldap_init.ldif
4) reboot server

12

Re: iRedMail-0.9.0-rc1 has been released

Hi Mir,

Thanks for your feedback. Please try below patch, it should fix this issue. I will re-pack and upload iRedMail-0.9.0-rc1 soon:

diff -r d3c34a588989 iRedMail/functions/openldap.sh
--- a/iRedMail/functions/openldap.sh    Sat Oct 11 11:37:20 2014 +0800
+++ b/iRedMail/functions/openldap.sh    Sat Oct 11 20:46:13 2014 +0800
@@ -78,6 +78,7 @@
     ECHO_DEBUG "Generate new server configuration file: ${OPENLDAP_SLAPD_CONF}."
     cp -f ${SAMPLE_DIR}/openldap/slapd.conf ${OPENLDAP_SLAPD_CONF}
 
+    export LDAP_SUFFIX
     perl -pi -e 's#PH_OPENLDAP_SCHEMA_DIR#$ENV{OPENLDAP_SCHEMA_DIR}#g' ${OPENLDAP_SLAPD_CONF}
     perl -pi -e 's#PH_AMAVISD_LDAP_SCHEMA_NAME#$ENV{AMAVISD_LDAP_SCHEMA_NAME}#g' ${OPENLDAP_SLAPD_CONF}
 
@@ -100,7 +101,6 @@
     perl -pi -e 's#PH_LDAP_SUFFIX#$ENV{LDAP_SUFFIX}#g' ${OPENLDAP_SLAPD_CONF}
 
     perl -pi -e 's#PH_OPENLDAP_DEFAULT_DBTYPE#$ENV{OPENLDAP_DEFAULT_DBTYPE}#g' ${OPENLDAP_SLAPD_CONF}
-    perl -pi -e 's#PH_LDAP_SUFFIX#$ENV{LDAP_SUFFIX}#g' ${OPENLDAP_SLAPD_CONF}
     perl -pi -e 's#PH_LDAP_DATA_DIR#$ENV{LDAP_DATA_DIR}#g' ${OPENLDAP_SLAPD_CONF}
     perl -pi -e 's#PH_LDAP_ROOTDN#$ENV{LDAP_ROOTDN}#g' ${OPENLDAP_SLAPD_CONF}
     perl -pi -e 's#PH_LDAP_ROOTPW_SSHA#$ENV{LDAP_ROOTPW_SSHA}#g' ${OPENLDAP_SLAPD_CONF}

== UPDATE ==
Re-packed and uploaded iRedMail-0.9.0-rc1.

13

Re: iRedMail-0.9.0-rc1 has been released

I can confirm that everything works with the latest patch.

14

Re: iRedMail-0.9.0-rc1 has been released

mir wrote:

I can confirm that everything works with the latest patch.

Thank you for helping test and feedback. smile

15

Re: iRedMail-0.9.0-rc1 has been released

Hi,

Recently new version  iRedMail-0.9.0-rc1 has released.
Can i upgrade my present iRedMail version: 0.9.0 beta2 to  iRedMail-0.9.0-rc1 or I have to freshly install iRedMail-0.9.0-rc1?

16

Re: iRedMail-0.9.0-rc1 has been released

Hi,

waiting for your reply, thanks in advance.

17

Re: iRedMail-0.9.0-rc1 has been released

xxyyzz wrote:

Can i upgrade my present iRedMail version: 0.9.0 beta2 to  iRedMail-0.9.0-rc1 or I have to freshly install iRedMail-0.9.0-rc1?

You have to freshly install iRedMail-0.9.0-rc1. As mentioned in release note, we don't provide upgrade tutorial for beta and rc releases, and not recommend to use beta/rc releases on production server.

18

Re: iRedMail-0.9.0-rc1 has been released

Thanks for your reply.

19 (edited by mbiki 2014-10-16 01:51:32)

Re: iRedMail-0.9.0-rc1 has been released

I selected Apache as webserver during fresh install of iRedMail-0.9.0-rc1 on Centos 7.
But after reboot nginx is started instead, but with apache user ID:

ps aux|grep apache
apache    1185  0.0  0.2 110612  4316 ?        S    20:43   0:00 nginx: worker process
apache    1188  0.0  0.3 434312  5768 ?        S    20:43   0:00 php-fpm: pool www
apache    1189  0.0  0.3 434312  5768 ?        S    20:43   0:00 php-fpm: pool www
apache    1190  0.0  0.3 434312  5768 ?        S    20:43   0:00 php-fpm: pool www
apache    1191  0.0  0.3 434312  5768 ?        S    20:43   0:00 php-fpm: pool www
apache    1192  0.0  0.3 434312  5768 ?        S    20:43   0:00 php-fpm: pool www

Roundcube works, but I could not download attachments from Roundcube because of directory ownership mismatch with process ID:
ls -la /var/lib/nginx
total 4
drwx------.  3 nginx nginx   16 Oct 15 20:40 .
drwxr-xr-x. 36 root  root  4096 Oct 15 21:24 ..
drwx------.  6 nginx nginx   55 Oct 15 20:43 tmp

After "chown -R apache /var/lib/nginx" downloads work (that's incorrect solution, but it shows the problem - better would be to run nginx with nginx user ID).

Actually, while I selected apache during install, nginx is autostarted:

systemctl status nginx.service
nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled)
   Active: active (running) since Wed 2014-10-15 20:43:59 MSK; 5min ago

systemctl status httpd.service
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
   Active: inactive (dead)

If I manually stop nginx and try to start apache, it fails to start:

systemctl start httpd.service
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
[root@temp ~]# systemctl -l status httpd.service
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
   Active: failed (Result: exit-code) since Wed 2014-10-15 21:32:41 MSK; 13s ago
  Process: 15168 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 15167 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 15167 (code=exited, status=1/FAILURE)

Oct 15 21:32:41 ********* httpd[15167]: AH00526: Syntax error on line 23 of /etc/httpd/conf.d/awstats.conf:
Oct 15 21:32:41 ********* httpd[15167]: Invalid command 'AuthzLDAPAuthoritative', perhaps misspelled or defined by a module not included in the server configuration

"AuthzLDAPAuthoritative" was removed in Apache 2.4: http://httpd.apache.org/docs/2.4/upgrad … l#run-time says:
Directives that control how authorization modules respond when they don't match the authenticated user have been removed: This includes AuthzLDAPAuthoritative, AuthzDBDAuthoritative, AuthzDBMAuthoritative, AuthzGroupFileAuthoritative, AuthzUserAuthoritative, and AuthzOwnerAuthoritative.

rpm -q httpd
httpd-2.4.6-18.el7.centos.x86_64

Apache starts after removing AuthzLDAPAuthoritative from /etc/httpd/conf.d/awstats.conf and /etc/httpd/conf.d/cluebringer.conf

With best regards,
Michael

20 (edited by 3m 2014-10-17 03:15:03)

Re: iRedMail-0.9.0-rc1 has been released

Hi Zhang! Third time I write to you. I have to freshly install iRedMail-0.9.0-rc1 on FreeBSD 9.3, nginx, MySql.
1. Roundcube does not send mail ..."Timeout request".
2. Attempts to access links httpS://your_server/awstats/awstats.pl?config=web    "404 Not Found nginx"

maillog
Oct 16 19:25:36 test postfix/smtpd[1168]: connect from test.ua[127.0.0.1]
Oct 16 19:25:39 test postfix/smtpd[1168]: 6D22589584: client=test.ua[127.0.0.1], sasl_method=LOGIN, sasl_username=222@mmm.ua
Oct 16 19:26:39 test roundcube: SMTP Error: SMTP error: Failed to send data in /usr/local/www/roundcube/program/lib/Roundcube/rcube.php on line 1505 (POST /mail/?_task=mail&_unlock=loading1413476733396&_lang=ru&_framed=1?_task=mail&_action=send)
Oct 16 19:26:39 test postfix/smtpd[1168]: lost connection after DATA (12 bytes) from test.ua[127.0.0.1]
Oct 16 19:26:39 test postfix/cleanup[1175]: 6D22589584: message-id=<20141016162539.6D22589584@test.ua>
Oct 16 19:26:39 test postfix/smtpd[1168]: disconnect from test.ua[127.0.0.1]

/var/log/cbpolicyd.log
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: Found policy member with ID '2' in policy 'Default Outbound'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: Found policy member with ID '3' in policy 'Default Inbound'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: Found policy member with ID '4' in policy 'Default Internal'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: Found policy member with ID '6' in policy 'whitelists'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: Found policy member with ID '7' in policy 'blacklists'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: Found policy member with ID '8' in policy 'no_greylisting'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: Found policy member with ID '9' in policy 'no_greylisting'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]: Main policy sources '%internal_domains'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]: Group 'internal_domains' has 1 source(s) => @test.km
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]=>(group:internal_domains): - Resolved source '@test.km' to a email address specification, match = 0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]=>(group:internal_domains): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:2/Name:Default Outbound]: Source matching result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Main policy sources '!%internal_ips,!%internal_domains'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CIDR specification, match = 0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_ips): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Group 'internal_domains' has 1 source(s) => @test.km
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_domains): - Resolved source '@test.km' to a email address specification, match = 0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_domains): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:3/Name:Default Inbound]: Source matching result: matched=1
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Main policy destinations '%internal_domains'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Group 'internal_domains' has 1 destination(s) => @test.km
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_domains): - Resolved destination '@test.km' to a email address specification, match = 0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_domains): Destination group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:3/Name:Default Inbound]: Destination matching result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:4/Name:Default Internal]: Main policy sources '%internal_ips,%internal_domains'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:4/Name:Default Internal]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:4/Name:Default Internal]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CIDR specification, match = 0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:4/Name:Default Internal]=>(group:internal_ips): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:4/Name:Default Internal]: Source matching result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:6/Name:whitelists]: Main policy sources '%whitelists'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:6/Name:whitelists]: Group 'whitelists' has 0 source(s) =>
[2014/10/16-19:25:39 - 1066] [POLICIES] WARNING: [ID:6/Name:whitelists]: No group members for source group 'whitelists'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:6/Name:whitelists]=>(group:whitelists): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:6/Name:whitelists]: Source matching result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:7/Name:blacklists]: Main policy sources '%blacklists'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:7/Name:blacklists]: Group 'blacklists' has 0 source(s) =>
[2014/10/16-19:25:39 - 1066] [POLICIES] WARNING: [ID:7/Name:blacklists]: No group members for source group 'blacklists'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:7/Name:blacklists]=>(group:blacklists): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:7/Name:blacklists]: Source matching result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]: Main policy sources '!%internal_ips,!%internal_domains'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CIDR specification, match = 0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]=>(group:internal_ips): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]: Group 'internal_domains' has 1 source(s) => @test.km
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]=>(group:internal_domains): - Resolved source '@test.km' to a email address specification, match = 0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]=>(group:internal_domains): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:8/Name:no_greylisting]: Source matching result: matched=1
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]: Main policy destinations '%no_greylisting_for_internal'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]: Group 'no_greylisting_for_internal' has 0 destination(s) =>
[2014/10/16-19:25:39 - 1066] [POLICIES] WARNING: [ID:8/Name:no_greylisting]: No group members for destination group 'no_greylisting_for_internal'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:8/Name:no_greylisting]=>(group:no_greylisting_for_internal): Destination group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:8/Name:no_greylisting]: Destination matching result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:9/Name:no_greylisting]: Main policy sources '%no_greylisting_for_external'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:9/Name:no_greylisting]: Group 'no_greylisting_for_external' has 0 source(s) =>
[2014/10/16-19:25:39 - 1066] [POLICIES] WARNING: [ID:9/Name:no_greylisting]: No group members for source group 'no_greylisting_for_external'
[2014/10/16-19:25:39 - 1066] [POLICIES] DEBUG: [ID:9/Name:no_greylisting]=>(group:no_greylisting_for_external): Source group result: matched=0
[2014/10/16-19:25:39 - 1066] [POLICIES] INFO: [ID:9/Name:no_greylisting]: Source matching result: matched=0
[2014/10/16-19:25:39 - 1066] [TRACKING] DEBUG: Policy resolved into: $VAR1 = {};
[2014/10/16-19:25:39 - 1066] [TRACKING] DEBUG: Request translated into session data: $VAR1 = {
          'Recipient' => '111@mmm.ua',
          'SASLUsername' => '222@mmm.ua',
          'QueueID' => '',
          'RecipientData' => '',
          'Instance' => '490.543ff182.758ce.0',
          'EncryptionCipher' => 'DHE-RSA-AES256-SHA',
          'Size' => '0',
          'EncryptionKeySize' => '256',
          'ParsedClientAddress' => {
                                     'Broadcast_Long' => 2130706433,
                                     'Network' => '127.0.0.1',
                                     'IP_Long' => 2130706433,
                                     'Broadcast' => '127.0.0.1',
                                     'IP' => '127.0.0.1',
                                     'Mask_Long' => 4294967295,
                                     'Network_Long' => 2130706433
                                   },
          'ProtocolTransport' => 'Postfix',
          'EncryptionProtocol' => 'TLSv1',
          'Helo' => '_',
          'ClientAddress' => '127.0.0.1',
          'ClientName' => 'test.ua',
          'Sender' => '222@mmm.ua',
          'SASLSender' => '',
          'Timestamp' => 1413476738,
          'ProtocolState' => 'RCPT',
          'Policy' => {},
          'Protocol' => 'ESMTP',
          'ClientReverseName' => 'test.ua',
          'SASLMethod' => 'LOGIN'
        };
[2014/10/16-19:25:39 - 1066] [CBPOLICYD] DEBUG: Got request, running modules...
[2014/10/16-19:25:39 - 1066] [CBPOLICYD] DEBUG: Running module: Access Control Plugin
[2014/10/16-19:25:39 - 1066] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check Plugin
[2014/10/16-19:25:39 - 1066] [CBPOLICYD] DEBUG: Running module: Greylisting Plugin
[2014/10/16-19:25:39 - 1066] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2014/10/16-19:25:39 - 1066] [CBPOLICYD] DEBUG: Done with modules
[2014/10/16-19:26:09 - 1062] [CORE] INFO: Killing "1" children
[2014/10/16-19:26:09 - 1174] [CBPOLICYD] DEBUG: Shutting down caching engine (1174)

Pay attention to the installation log the last line
********************************************************************
* Start iRedMail Configurations
********************************************************************
< INFO > Create self-signed SSL certification files (2048 bits).
< INFO > Create required system account: vmail, iredadmin, iredapd.
< INFO > Configure Apache web server and PHP.
< INFO > Configure Nginx web server and uWSGI.
< INFO > Configure PHP.
< INFO > Configure MySQL database server.
< INFO > Setup daily cron job to backup SQL databases: /var/vmail/backup/backup_mysql.sh
< INFO > Configure Postfix (Message Transfer Agent).
< INFO > Configure Cluebringer (postfix policy server).
< INFO > Configure Dovecot (pop3/imap/managesieve server).
< INFO > Configure ClamAV (anti-virus toolkit).
< INFO > Configure Amavisd-new (interface between MTA and content checkers).
< INFO > Configure SpamAssassin (content-based spam filter).
< INFO > Configure iRedAPD (postfix policy daemon).
< INFO > Configure iRedAdmin (official web-based admin panel).
< INFO > Configure Roundcube webmail.
< INFO > Configure Awstats (logfile analyzer for mail and web server).
pkg_info: can't find package 'awstats-*' installed or in a file!

21

Re: iRedMail-0.9.0-rc1 has been released

Dear @mbiki and @3m,

Thanks very much for your feedback.
Unfortunately, i'm now traveling, will try to reproduce your issues and fix them as soon as possible. Sorry about this.

22 (edited by mbiki 2014-10-18 00:01:44)

Re: iRedMail-0.9.0-rc1 has been released

One more permission issue: amavisd was not starting:
(*********** below masks my actual hostname)

Error in config file "/etc/amavisd/amavisd.conf": Can't open PEM file /var/lib/dkim/***********.pem: Permission denied at /usr/sbin/amavisd line 636.

ls -l /var/lib/dkim/***********.pem
-rw-------. 1 root root 887 Oct 14 21:00 /var/lib/dkim/***********.pem
ls -ld /var/lib/dkim/
drwxr-xr-x. 2 amavis amavis 28 Oct 14 21:00 /var/lib/dkim/

Give amavis read access to .pem file:
chgrp amavis /var/lib/dkim/***********.pem
chmod g+r /var/lib/dkim/***********.pem

systemctl start amavisd.service
systemctl status amavisd.service
amavisd.service - Amavisd-new is an interface between MTA and content checkers.
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled)
   Active: active (running) since Fri 2014-10-17 19:46:03 MSK; 4s ago

After that amavisd works and mails are sent outside (before that I was getting "connect to 127.0.0.1[127.0.0.1]:10024: Connection refused" errors)

23

Re: iRedMail-0.9.0-rc1 has been released

mbiki wrote:

I selected Apache as webserver during fresh install of iRedMail-0.9.0-rc1 on Centos 7.
But after reboot nginx is started instead, but with apache user ID:

Fixed.

mbiki wrote:

After "chown -R apache /var/lib/nginx" downloads work (that's incorrect solution, but it shows the problem - better would be to run nginx with nginx user ID).

Since we have both Apache and Nginx configured, and you're free to switch between them, it's better to use the same user. So that we don't need to chown web application files after switch.

mbiki wrote:

Oct 15 21:32:41 ********* httpd[15167]: AH00526: Syntax error on line 23 of /etc/httpd/conf.d/awstats.conf:
Oct 15 21:32:41 ********* httpd[15167]: Invalid command 'AuthzLDAPAuthoritative', perhaps misspelled or defined by a module not included in the server configuration

Fixed. removed this directive if Apache is 2.4.

mbiki wrote:

One more permission issue: amavisd was not starting:
(*********** below masks my actual hostname)
Error in config file "/etc/amavisd/amavisd.conf": Can't open PEM file /var/lib/dkim/***********.pem: Permission denied at /usr/sbin/amavisd line 636.

Fixed. Owner is now amavisd user.

24

Re: iRedMail-0.9.0-rc1 has been released

3m wrote:

I have to freshly install iRedMail-0.9.0-rc1 on FreeBSD 9.3, nginx, MySql.
1. Roundcube does not send mail ..."Timeout request".

I'm installing iRedMail on FreeBSD, will try to reproduce this issue and come back to you later.

3m wrote:

2. Attempts to access links httpS://your_server/awstats/awstats.pl?config=web    "404 Not Found nginx"

Nginx doesn't have Awstats/Cluebringer webui configured. So you have to switch to Apache if you want to access them.

3m wrote:

pkg_info: can't find package 'awstats-*' installed or in a file!

You don't have Awstats installed.

25

Re: iRedMail-0.9.0-rc1 has been released

Ok!