Topic: Hotfix for iRedMail-0.9.9: fix improper SQL/LDAP queries in Dovecot
Dear all,
We just found one issue in the newly released iRedMail-0.9.9, please follow the instruction below to fix it.
- iRedMail-0.9.9 has been repacked with this fix.
- iRedMail upgrade tutorial for iRedMail-0.9.9 has been updated with this fix.
About the issue
The SQL/LDAP query used by Dovecot introduced in iRedMail-0.9.9 doesn't convert upper cases to lower cases.
- If you always store maildir paths in lower cases, this issue doesn't impact your server.
- If you have maildir paths in upper cases, this issue will impact your server. When user logs in, Dovecot will create a new empty mailbox for the user.
Affected iRedMail releases
- iRedMail-0.9.9
- old iRedMail releases which upgraded to iRedMail-0.9.9 manually
- iRedMail Easy (version: 2018121701. To fix it, just login to iRedMail Easy https://easy.iredmail.org, go to mail server list page, you will find an icon which indicates there's a new version available for upgrade, click it to go to Deployment page, click the Upgrade button. That's it.)
How to fix it
For OpenLDAP and OpenBSD ldapd backends, find one line in /etc/dovecot/dovecot-ldap.conf (Linux/OpenBSD) or /usr/local/etc/dovecot/dovecot-ldap.conf (FreeBSD) like below:
user_attrs = mail=master_user,mail=user,homeDirectory=home,=mail=%{ldap:mailboxFormat:maildir}:~/%{ldap:mailboxFolder:Maildir}/,mailQuota=quota_rule=*:bytes=%$Replace it by:
user_attrs = mail=master_user,mail=user,=home=%L{ldap:homeDirectory},=mail=%{ldap:mailboxFormat:maildir}:~/%{ldap:mailboxFolder:Maildir}/,mailQuota=quota_rule=*:bytes=%$For MySQL/MariaDB backends, find lines in /etc/dovecot/dovecot-mysql.conf (Linux/OpenBSD) or /usr/local/etc/dovecot/dovecot-mysql.conf (FreeBSD) like below:
CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir) AS home, \
CONCAT(mailbox.mailboxformat, ':', mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir, '/', mailbox.mailboxfolder, '/') AS mail, \Replace above 2 lines by:
LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir)) AS home, \
CONCAT(mailbox.mailboxformat, ':~/', mailbox.mailboxfolder, '/') AS mail, \For PostgreSQL backend with PostgreSQL 8.x, find lines in /etc/dovecot/dovecot-pgsql.conf (Linux/OpenBSD) or /usr/local/etc/dovecot/dovecot-pgsql.conf (FreeBSD) like below:
mailbox.storagebasedirectory || '/' || mailbox.storagenode || '/' || mailbox.maildir AS home, \
mailbox.mailboxformat || ':' || mailbox.storagebasedirectory || '/' || mailbox.storagenode || '/' || mailbox.maildir || '/' || mailbox.mailboxfolder || '/' AS mail, \Replace above 2 lines by:
LOWER(mailbox.storagebasedirectory || '/' || mailbox.storagenode || '/' || mailbox.maildir) AS home, \
LOWER(mailbox.mailboxformat || ':~/' || mailbox.mailboxfolder || '/') AS mail, \For PostgreSQL backend with PostgreSQL 9.x and later versions, find lines in /etc/dovecot/dovecot-pgsql.conf (Linux/OpenBSD) or /usr/local/etc/dovecot/dovecot-pgsql.conf (FreeBSD) like below:
CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir) AS home, \
CONCAT(mailbox.mailboxformat, ':', mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir, '/', mailbox.mailboxfolder, '/') AS mail, \Replace above 2 lines by:
LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir)) AS home, \
CONCAT(mailbox.mailboxformat, ':~/', mailbox.mailboxfolder, '/') AS mail, \----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.