26 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 119

Re: iRedmail on Ubuntu 24.04 LTS

Hi folks

Just to let you know, I have spent the weekend testing a direct upgrade to 24.04 from 22.04, my old mail server has been through a few different versions of Ubuntu Server.

Upgrading from 22.04 to 24.04 on a clone of the Production went pretty well, Only thing i will mention is direct upgrade from 22.04 isn't currently supported until 24.04.1 is released.

Do you want me to post the upgrade step by step?

Regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

27 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: iRedmail on Ubuntu 24.04 LTS

jackb wrote:

Do you want me to post the upgrade step by step?

Yes, please share it in a new forum topic.

28 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 119

Re: iRedmail on Ubuntu 24.04 LTS

ZhangHuangbin wrote:
jackb wrote:

Do you want me to post the upgrade step by step?

Yes, please share it in a new forum topic.

I have posted the Upgrade stage to 22.04, If you see anything that need's to be changed let me know smile

https://forum.iredmail.org/topic20565-d … guide.html

29 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: iRedmail on Ubuntu 24.04 LTS

Thanks for sharing. smile

30 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 119

Re: iRedmail on Ubuntu 24.04 LTS

ZhangHuangbin wrote:

Thanks for sharing. smile

You are welcome big_smile

31 Reply by alss (edited by alss 2024-12-26 13:55:12)

  • alss
  • Member
  • Offline
  • Registered: 2024-12-26
  • Posts: 3

Re: iRedmail on Ubuntu 24.04 LTS

Hi iRedmail team,

Doing some tests in Ubuntu 24.04 using CIS Benchmark Level 1 hardened image. I recommend everyone to delay the upgrade after 24.04.2 for production environments if you have specific security compliance requirements, there is no announcement for USG(Ubuntu Security Guide) support in this version yet.

In a clean OS and iRedmail install be warned about this bug if you are using AppArmor, php8.3-fpm install will fail due to a missing permission in the profile to allow a notify to systemd:

You can find the DENIED in audit logs, the following actions will solve the problem before install:

To fix it just add this line to /etc/apparmor.d/local/php-fpm

owner /run/systemd/notify w,

And restart AppArmor

systemctl restart apparmor.service

This will solve the problem, going to create an Ubuntu bug.
UPDATE:
Found six month old bug:
Ubuntu Launchpad Bug #2061113

More updates as soon as I get more results from tests.

Best regards

32 Reply by alss (edited by alss 2024-12-26 10:14:13)

  • alss
  • Member
  • Offline
  • Registered: 2024-12-26
  • Posts: 3

Re: iRedmail on Ubuntu 24.04 LTS

More on AppArmor profiles, Ubuntu 24.04 and iRedmail php8.3-fpm,

Or we match the log location in the php8.3-fpm to AppArmor profile:

# the main log file
/var/log/php*-fpm.log rw,

Or the fix is to modify /etc/apparmor.d/local/php-fpm:

# Allow notify to systemd
owner /run/systemd/notify w,

# Allow logs located in /var/log/php-fpm/ dir
/var/log/php-fpm/*.log rw,

Maybe would be good idea to create specific topic related to iRedmail Security Compliance using AppArmor on Debian based distributions and Selinux on RHEL flavors, plus CIS Benchmarks.

Best regards

33 Reply by Wingthor

  • Wingthor
  • Member
  • Offline
  • Registered: 2020-12-25
  • Posts: 9

Re: iRedmail on Ubuntu 24.04 LTS

jackb wrote:

There is support for 24.04 now. Update the PPA in /etc/apt/sources.list/

I would hold off though for Sogo. Direct upgrade from 22.04 to 24.04 works but requires iRedMail to be running the latest and  in /etc/php/8.3/fpm/pool.d requires to be replaced with the original from /etc/php/8.1/fpm/pool.d
Postfix / Dovecot works perfectly fine.

Regards.

Could you plz provide the link to the PPA or which channel to add to the sources.list. Can't find it anywhere.

Regards.

34 Reply by Wingthor

  • Wingthor
  • Member
  • Offline
  • Registered: 2020-12-25
  • Posts: 9

Re: iRedmail on Ubuntu 24.04 LTS

ZhangHuangbin wrote:

SOGo is available on Ubuntu 24.04 now, but we're still waiting for Fail2ban, it's broken:
https://bugs.launchpad.net/ubuntu/+sour … ug/2055114

I installed fail2ban from here:
https://github.com/fail2ban/fail2ban/releases

35 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: iRedmail on Ubuntu 24.04 LTS

Ubuntu official apt repository has fail2ban.

36 Reply by Wingthor

  • Wingthor
  • Member
  • Offline
  • Registered: 2020-12-25
  • Posts: 9

Re: iRedmail on Ubuntu 24.04 LTS

ZhangHuangbin wrote:

Ubuntu official apt repository has fail2ban.

As per 2024-12-27 fail2ban (1.0.2-3ubuntu0.1) it was broken when installing from apt. Didn't support python 3.12. Perhaps it works with ohter version of python. However python 3.12 is standard on ubuntu 24.04.

I posted an issue on it on the github, and was adviced to install from the deb package in the release section og fail2ban github. That version worked out of box.

Fail report I got was:

Traceback (most recent call last): 
File "/usr/local/bin/fail2ban-server", line 34, in <module> 
File "/usr/local/lib/python3.12/dist-packages/fail2ban/client/fail2banserver.py", line 26, in <module>
from .fail2bancmdline import Fail2banCmdLine, ServerExecutionException, \ 
File "/usr/local/lib/python3.12/dist-packages/fail2ban/client/fail2bancmdline.py", line 30, in <module>
from ..helpers import getLogger, str2LogLevel, getVerbosityFormat, BrokenPipeError
File "/usr/local/lib/python3.12/dist-packages/fail2ban/helpers.py", line 35, in <module>
import imp 
ModuleNotFoundError: No module named 'imp' 
fail2ban.service: Main process exited, code=exited, status=1/FAILURE

Perhaps  sogo issues is "of topic" in this forum, however since its mentioned as an issue...

Still no one has the location of the proper sogo (nighly) PPA for Ubuntu 24.04?

37 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: iRedmail on Ubuntu 24.04 LTS

- Fail2ban issue has been fixed for a long time, and it works fine with iRedMail.
- SOGo team has apt repo for Ubuntu 24.04 too. https://packages.sogo.nu/nightly/5/ubuntu/dists/

38 Reply by Wingthor

  • Wingthor
  • Member
  • Offline
  • Registered: 2020-12-25
  • Posts: 9

Re: iRedmail on Ubuntu 24.04 LTS

ZhangHuangbin wrote:

- Fail2ban issue has been fixed for a long time, and it works fine with iRedMail.
- SOGo team has apt repo for Ubuntu 24.04 too. https://packages.sogo.nu/nightly/5/ubuntu/dists/

Indeed fail2ban works on 24.04!

Also downloaded the deb file to check the content of helpers.py. And helpers.py file differs from the one I got with command 

apt-get install

.
/usr/local/lib/python3.12/dist-packages/fail2ban/helpers.py

So whats wrong with my apt-sources, I don't know. I hade done a "dist-upgrade" from ubuntu 22.04. For me the solution was to download fail2ban.deb from github.

Ubuntu 24.04 also uses a different format for deb sources management – deb822 

Types: deb deb-src
URIs: uri
Suites: suite
Components: [component1] [component2] [...]
option1: value1
option2: value2

Mine now looks like this in /etc/apt/sources.list.d/sogo-nightly.sources:

Enabled: yes
Types: deb
URIs: http://packages.sogo.nu/nightly/5/ubuntu/
Suites: noble
Components: noble