Loading ...
Sorry, an error occurred while loading the content.

Upgrade version 2.5.5 to 2.7.1

Expand Messages
  • Bruno Costacurta
    Hello, I intend to upgrade Postfix version 2.5.5 to 2.7.1. Are there incompatibilities or specific path for upgrade ? Or any manual re-configuration to be done
    Message 1 of 8 , Dec 1, 2010
    • 0 Attachment
      Hello,

      I intend to upgrade Postfix version 2.5.5 to 2.7.1.
      Are there incompatibilities or specific path for upgrade ?
      Or any manual re-configuration to be done ?

      At the end of this email I posted my postconf -n

      Thanks for info.

      * note :
      I know the famous "if it is not broken, do not fix it !". And indeed
      Postfix works fine.
      However I like to upgrade, time to time, to avoid too old versions
      (whatever software it is)
      to be still in use on the server which might a needed future upgrade
      more difficult due
      to evolution of the software.
      This server is a Debian Lenny and upgrade will be done via the Debian
      lenny-backports
      repository usage wich included Postfix v2.7.1.

      * postconf -n

      alias_maps = hash:/etc/aliases
      append_dot_mydomain = no
      biff = no
      broken_sasl_auth_clients = yes
      config_directory = /etc/postfix
      data_directory = /var/lib/postfix
      disable_vrfy_command = yes
      local_recipient_maps = $alias_maps
      mail_spool_directory = /var/mail
      mailbox_size_limit = 0
      mydestination = $mydomain, localhost
      mynetworks = 127.0.0.0/8
      myorigin = $mydomain
      recipient_delimiter = +
      relay_domains = $mydestination, $mynetworks
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
      smtpd_client_restrictions = permit_mynetworks
      permit_sasl_authenticated reject_rbl_client zen.spamhaus.org,
      reject_rbl_client bl.spamcop.net reject_rhsbl_client zen.spamhaus.org
      reject_rhsbl_client bl.spamcop.net warn_if_reject
      smtpd_helo_required = yes
      smtpd_helo_restrictions = permit_mynetworks,
      reject_unknown_helo_hostname, reject_invalid_hostname
      smtpd_recipient_restrictions = permit_mynetworks
      permit_sasl_authenticated reject_unauth_destination
      reject_invalid_hostname reject_unauth_pipelining
      reject_non_fqdn_sender reject_unknown_sender_domain
      reject_non_fqdn_recipient reject_unknown_recipient_domain permit
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_path = private/auth
      smtpd_sasl_type = dovecot
      smtpd_tls_CApath = /etc/postfix/tls/CAcertClass3Root.pem
      smtpd_tls_auth_only = yes
      smtpd_tls_cert_file = /etc/postfix/tls/mail.costacurta.org.pem
      smtpd_tls_key_file = /etc/postfix/tls/mail.costacurta.org.keyout.pem
      smtpd_tls_loglevel = 0
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtpd_use_tls = yes
      strict_rfc821_envelopes = yes
      virtual_alias_maps = hash:/etc/postfix/virtual
      virtual_gid_maps = static:5000
      virtual_mailbox_base = /var/mail/vhosts/maildir
      virtual_mailbox_domains = /etc/postfix/virtual_domains
      virtual_mailbox_maps = hash:/etc/postfix/vmailbox
      virtual_minimum_uid = 1000
      virtual_transport = myprocmail
      virtual_uid_maps = static:5000


      Bye,
      Bruno

      --
      Linux Counter #353844
      http://counter.li.org/




      ----------------------------------------------------------------
    • Victor Duchovni
      ... May as well use 2.7.2. ... The Postfix 2.7 source code includes: RELEASE_NOTES RELEASE_NOTES-2.6 RELEASE_NOTES-2.5 RELEASE_NOTES-2.4 RELEASE_NOTES-2.3
      Message 2 of 8 , Dec 1, 2010
      • 0 Attachment
        On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:

        > I intend to upgrade Postfix version 2.5.5 to 2.7.1.

        May as well use 2.7.2.

        > Are there incompatibilities or specific path for upgrade ?

        The Postfix 2.7 source code includes:

        RELEASE_NOTES
        RELEASE_NOTES-2.6
        RELEASE_NOTES-2.5
        RELEASE_NOTES-2.4
        RELEASE_NOTES-2.3
        RELEASE_NOTES-2.2
        RELEASE_NOTES-2.1
        RELEASE_NOTES-2.0
        RELEASE_NOTES-1.1
        RELEASE_NOTES-1.0

        You need to read the first two.

        --
        Viktor.
      • Stan Hoeppner
        ... I performed this exact backports upgrade about a week ago. As far as I recall, no manual master.cf or main.cf changes were *required* although I did make
        Message 3 of 8 , Dec 1, 2010
        • 0 Attachment
          Bruno Costacurta put forth on 12/1/2010 2:19 PM:
          > Hello,
          >
          > I intend to upgrade Postfix version 2.5.5 to 2.7.1.
          > Are there incompatibilities or specific path for upgrade ?
          > Or any manual re-configuration to be done ?

          I performed this exact backports upgrade about a week ago. As far as I
          recall, no manual master.cf or main.cf changes were *required* although
          I did make some manual changes due the the following becoming available:

          check_reverse_client_hostname_access

          The only "issue" I've come across is that logwatch doesn't recognize
          Postfix log stamps containing "2.7.1", which is no big deal.

          The 2.7.1 backport is running perfectly here so far.

          --
          Stan
        • fakessh @
          ... Hash: SHA1 ... and how to apply this option too I do not use check_reverse_client_hostname_access - --
          Message 4 of 8 , Dec 1, 2010
          • 0 Attachment
            -----BEGIN PGP SIGNED MESSAGE-----
            Hash: SHA1

            Le 01.12.2010 21:49, Stan Hoeppner a écrit :
            > Bruno Costacurta put forth on 12/1/2010 2:19 PM:
            >> Hello,
            >>
            >> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
            >> Are there incompatibilities or specific path for upgrade ?
            >> Or any manual re-configuration to be done ?
            >
            > I performed this exact backports upgrade about a week ago. As far as I
            > recall, no manual master.cf or main.cf changes were *required* although
            > I did make some manual changes due the the following becoming available:
            >
            > check_reverse_client_hostname_access
            >
            > The only "issue" I've come across is that logwatch doesn't recognize
            > Postfix log stamps containing "2.7.1", which is no big deal.
            >
            > The 2.7.1 backport is running perfectly here so far.
            >

            and how to apply this option too I do not use
            check_reverse_client_hostname_access

            - --
            http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
            gpg --keyserver pgp.mit.edu --recv-key 092164A7
            -----BEGIN PGP SIGNATURE-----
            Version: GnuPG v1.4.5 (GNU/Linux)
            Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

            iD8DBQFM9raUtXI/OwkhZKcRAgsgAJ9fqw76IshgD0z6+oZpDh+r8GtFUQCcDPG5
            jodLx1K+3Puqx8dsVwa9Z3A=
            =6LOs
            -----END PGP SIGNATURE-----
          • Stan Hoeppner
            ... The OP sticks to Debian Stable and Backports packages Viktor, as I do. We ve waited almost 2 years for something newer than 2.5.5. Unless there are
            Message 5 of 8 , Dec 1, 2010
            • 0 Attachment
              Victor Duchovni put forth on 12/1/2010 2:28 PM:
              > On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:
              >
              >> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
              >
              > May as well use 2.7.2.

              The OP sticks to Debian Stable and Backports packages Viktor, as I do.
              We've waited almost 2 years for something newer than 2.5.5. Unless
              there are security issues (which Postfix never suffers) then the next
              backport we'll likely see is 2.8.x some weeks or months after Wietse
              officially releases it--this coming directly from the mouth (fingers) of
              the Debian Postfix maintainer, Lamont Jones, in a reply to my email to
              him of a few days ago.

              In addition to, or in lieu of reading the version release notes, what I
              would recommend doing is what I did. That is, search for:

              "This feature is available in Postfix 2.6 and later"
              "This feature is available in Postfix 2.7 and later"

              at

              http://www.postfix.org/postconf.5.html

              in order to find out what new parameters are available since 2.5.5, and
              implement any you find useful.

              --
              Stan
            • Victor Duchovni
              ... It would be unwise of LaMont or Debian, having selected a particular Postfix 2.x release (say 2.7) to not track the patch updates from time to time. I
              Message 6 of 8 , Dec 1, 2010
              • 0 Attachment
                On Wed, Dec 01, 2010 at 03:11:12PM -0600, Stan Hoeppner wrote:

                > Victor Duchovni put forth on 12/1/2010 2:28 PM:
                > > On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:
                > >
                > >> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
                > >
                > > May as well use 2.7.2.
                >
                > The OP sticks to Debian Stable and Backports packages Viktor, as I do.
                > We've waited almost 2 years for something newer than 2.5.5. Unless
                > there are security issues (which Postfix never suffers) then the next
                > backport we'll likely see is 2.8.x some weeks or months after Wietse
                > officially releases it--this coming directly from the mouth (fingers) of
                > the Debian Postfix maintainer, Lamont Jones, in a reply to my email to
                > him of a few days ago.

                It would be unwise of LaMont or Debian, having selected a particular
                Postfix 2.x release (say 2.7) to not track the patch updates from time to
                time. I understand that Debian stable or backports won't switch from 2.7
                to 2.8 any time soon, but they should integrate patches in a reasonably
                timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we
                have the changes below. They are not "critical", but O/S distributions
                still need to not sit on bug-fixes too long...

                20100610

                Bugfix (introduced Postfix 2.2): Postfix no longer appends
                the system default CA certificates to the lists specified
                with *_tls_CAfile or with *_tls_CApath. This prevents
                third-party certificates from getting mail relay permission
                with the permit_tls_all_clientcerts feature. Unfortunately
                this may cause compatibility problems with configurations
                that rely on certificate verification for other purposes.
                To get the old behavior, specify "tls_append_default_CA =
                yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
                global/mail_params.h. proto/postconf.proto, mantools/postlink.

                20100714

                Compatibility with Postfix < 2.3: fix 20061207 was incomplete
                (undoing the change to bounce instead of defer after
                pipe-to-command delivery fails with a signal). Fix by Thomas
                Arnett. File: global/pipe_command.c.

                20100727

                Bugfix: the milter_header_checks parser provided only the
                actions that change the message flow (reject, filter,
                discard, redirect) but disabled the non-flow actions (warn,
                replace, prepend, ignore, dunno, ok). File:
                cleanup/cleanup_milter.c.

                20100827

                Performance: fix for poor smtpd_proxy_filter TCP performance
                over loopback (127.0.0.1) connections. Problem reported by
                Mark Martinec. Files: smtpd/smtpd_proxy.c.

                20101023

                Cleanup: don't apply reject_rhsbl_helo to non-domain forms
                such as network addresses. This would cause false positives
                with dbl.spamhaus.org. File: smtpd/smtpd_check.c.

                20101117

                Bugfix: the "421" reply after Milter error was overruled
                by Postfix 1.1 code that replied with "503" for RFC 2821
                compliance. We now make an exception for "final" replies,
                as permitted by RFC. Solution by Victor Duchovni. File:
                smtpd/smtpd.c.

                --
                Viktor.
              • Stan Hoeppner
                ... I m not exactly sure how, or if, this is handled. I don t recall seeing any updates to 2.5.5-1.1, security or otherwise, since Lenny was released in Feb
                Message 7 of 8 , Dec 1, 2010
                • 0 Attachment
                  Victor Duchovni put forth on 12/1/2010 3:41 PM:
                  > On Wed, Dec 01, 2010 at 03:11:12PM -0600, Stan Hoeppner wrote:
                  >
                  >> Victor Duchovni put forth on 12/1/2010 2:28 PM:
                  >>> On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:
                  >>>
                  >>>> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
                  >>>
                  >>> May as well use 2.7.2.
                  >>
                  >> The OP sticks to Debian Stable and Backports packages Viktor, as I do.
                  >> We've waited almost 2 years for something newer than 2.5.5. Unless
                  >> there are security issues (which Postfix never suffers) then the next
                  >> backport we'll likely see is 2.8.x some weeks or months after Wietse
                  >> officially releases it--this coming directly from the mouth (fingers) of
                  >> the Debian Postfix maintainer, Lamont Jones, in a reply to my email to
                  >> him of a few days ago.
                  >
                  > It would be unwise of LaMont or Debian, having selected a particular
                  > Postfix 2.x release (say 2.7) to not track the patch updates from time to
                  > time. I understand that Debian stable or backports won't switch from 2.7
                  > to 2.8 any time soon, but they should integrate patches in a reasonably
                  > timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we
                  > have the changes below. They are not "critical", but O/S distributions
                  > still need to not sit on bug-fixes too long...

                  I'm not exactly sure how, or if, this is handled. I don't recall seeing
                  any updates to 2.5.5-1.1, security or otherwise, since Lenny was
                  released in Feb 2009. Maybe I don't have the correct set of apt sources
                  configured? Unlikely but possible I guess.

                  I Absolutely agree it would be preferable for the user base to get these
                  bug fixes, and preferably in a timely manner. I could very well be
                  wrong here, but AFAIK, there have been zero updates to Lenny Postfix
                  2.5.5-1.1 since Lenny was released. And if not for the Backports
                  effort, we'd not have 2.7.1, and still be stuck with unpatched 2.5.5-1.1.

                  Would it be appropriate for you or Wietse to fire off a kind note to
                  Lamont simply inquiring about Postfix version/bug fix support in Debian
                  Stable/Backports? The community recently voted to keep the 2 year
                  (gasp) release cycle. If they're not going to even bug fix Postfix for
                  a two year period, that may be worth having at least a short discussion
                  with the maintainer about.

                  Now that they absorbed the Backports project this situation may change a
                  bit, although that's merely speculation. As I may have stated before,
                  Dovecot has seen multiple Backport releases recently due to bug fixes.
                  Postfix doesn't seem to be getting any attention at all. This is a
                  shame because Debian is a great stable OS, and from what I gather,
                  Postfix atop it is very popular.

                  lamont at debian.org

                  --
                  Stan

                  > 20100610
                  >
                  > Bugfix (introduced Postfix 2.2): Postfix no longer appends
                  > the system default CA certificates to the lists specified
                  > with *_tls_CAfile or with *_tls_CApath. This prevents
                  > third-party certificates from getting mail relay permission
                  > with the permit_tls_all_clientcerts feature. Unfortunately
                  > this may cause compatibility problems with configurations
                  > that rely on certificate verification for other purposes.
                  > To get the old behavior, specify "tls_append_default_CA =
                  > yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
                  > global/mail_params.h. proto/postconf.proto, mantools/postlink.
                  >
                  > 20100714
                  >
                  > Compatibility with Postfix < 2.3: fix 20061207 was incomplete
                  > (undoing the change to bounce instead of defer after
                  > pipe-to-command delivery fails with a signal). Fix by Thomas
                  > Arnett. File: global/pipe_command.c.
                  >
                  > 20100727
                  >
                  > Bugfix: the milter_header_checks parser provided only the
                  > actions that change the message flow (reject, filter,
                  > discard, redirect) but disabled the non-flow actions (warn,
                  > replace, prepend, ignore, dunno, ok). File:
                  > cleanup/cleanup_milter.c.
                  >
                  > 20100827
                  >
                  > Performance: fix for poor smtpd_proxy_filter TCP performance
                  > over loopback (127.0.0.1) connections. Problem reported by
                  > Mark Martinec. Files: smtpd/smtpd_proxy.c.
                  >
                  > 20101023
                  >
                  > Cleanup: don't apply reject_rhsbl_helo to non-domain forms
                  > such as network addresses. This would cause false positives
                  > with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
                  >
                  > 20101117
                  >
                  > Bugfix: the "421" reply after Milter error was overruled
                  > by Postfix 1.1 code that replied with "503" for RFC 2821
                  > compliance. We now make an exception for "final" replies,
                  > as permitted by RFC. Solution by Victor Duchovni. File:
                  > smtpd/smtpd.c.
                  >
                • DTNX/NGMX Postmaster
                  ... According to the Debian package database, there haven t been any; http://packages.debian.org/search?suite=all&searchon=names&keywords=postfix Here s the
                  Message 8 of 8 , Dec 1, 2010
                  • 0 Attachment
                    On 01/12/2010, at 23:40, Stan Hoeppner wrote:

                    > Victor Duchovni put forth on 12/1/2010 3:41 PM:
                    >> It would be unwise of LaMont or Debian, having selected a particular
                    >> Postfix 2.x release (say 2.7) to not track the patch updates from time to
                    >> time. I understand that Debian stable or backports won't switch from 2.7
                    >> to 2.8 any time soon, but they should integrate patches in a reasonably
                    >> timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we
                    >> have the changes below. They are not "critical", but O/S distributions
                    >> still need to not sit on bug-fixes too long...
                    >
                    > I'm not exactly sure how, or if, this is handled. I don't recall seeing
                    > any updates to 2.5.5-1.1, security or otherwise, since Lenny was
                    > released in Feb 2009. Maybe I don't have the correct set of apt sources
                    > configured? Unlikely but possible I guess.

                    According to the Debian package database, there haven't been any;
                    http://packages.debian.org/search?suite=all&searchon=names&keywords=postfix

                    Here's the changelog for the 2.5.5 branch in Debian;
                    http://packages.debian.org/changelogs/pool/main/p/postfix/postfix_2.5.5-1.1/changelog

                    And the changelog for the 2.7.1 branch the backport is probably based on;
                    http://packages.debian.org/changelogs/pool/main/p/postfix/postfix_2.7.1-1/changelog

                    It seems they integrate upstream releases in packages while they are in the 'unstable' suite. Things then move into 'testing', which is currently the 'squeeze' release. They've frozen 'squeeze' in August this year, and are working towards release, which probably means they're not introducing any new code.

                    As far as I can tell, 2.7.2 is from last week, correct? If you needed the fixes provided, you could grab the Debian source package, the Postfix source, change the package description file and compile .deb packages for deployment. That's what we would do anyway, once we upgrade our current 2.6.x to the 2.7 branch.

                    Cya,
                    Jona
                  Your message has been successfully submitted and would be delivered to recipients shortly.