Upgrade version 2.5.5 to 2.7.1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrade version 2.5.5 to 2.7.1

Bruno Costacurta
Hello,

I intend to upgrade Postfix version 2.5.5 to 2.7.1.
Are there incompatibilities or specific path for upgrade ?
Or any manual re-configuration to be done ?

At the end of this email I posted my postconf -n

Thanks for info.

* note :
I know the famous "if it is not broken, do not fix it !". And indeed  
Postfix works fine.
However I like to upgrade, time to time, to avoid too old versions  
(whatever software it is)
to be still in use on the server which might a needed future upgrade  
more difficult due
to evolution of the software.
This server is a Debian Lenny and upgrade will be done via the Debian  
lenny-backports
repository usage wich included Postfix v2.7.1.

* postconf -n

alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
local_recipient_maps = $alias_maps
mail_spool_directory = /var/mail
mailbox_size_limit = 0
mydestination = $mydomain, localhost
mynetworks = 127.0.0.0/8
myorigin = $mydomain
recipient_delimiter = +
relay_domains = $mydestination, $mynetworks
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks  
permit_sasl_authenticated reject_rbl_client zen.spamhaus.org,  
reject_rbl_client bl.spamcop.net reject_rhsbl_client zen.spamhaus.org  
reject_rhsbl_client bl.spamcop.net  warn_if_reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,  
reject_unknown_helo_hostname, reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks  
permit_sasl_authenticated reject_unauth_destination  
reject_invalid_hostname reject_unauth_pipelining  
reject_non_fqdn_sender reject_unknown_sender_domain  
reject_non_fqdn_recipient reject_unknown_recipient_domain permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CApath = /etc/postfix/tls/CAcertClass3Root.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/tls/mail.costacurta.org.pem
smtpd_tls_key_file = /etc/postfix/tls/mail.costacurta.org.keyout.pem
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts/maildir
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 1000
virtual_transport = myprocmail
virtual_uid_maps = static:5000


Bye,
Bruno

--
Linux Counter #353844
http://counter.li.org/




----------------------------------------------------------------

Reply | Threaded
Open this post in threaded view
|

Re: Upgrade version 2.5.5 to 2.7.1

Victor Duchovni
On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:

> I intend to upgrade Postfix version 2.5.5 to 2.7.1.

May as well use 2.7.2.

> Are there incompatibilities or specific path for upgrade ?

The Postfix 2.7 source code includes:

    RELEASE_NOTES
    RELEASE_NOTES-2.6
    RELEASE_NOTES-2.5
    RELEASE_NOTES-2.4
    RELEASE_NOTES-2.3
    RELEASE_NOTES-2.2
    RELEASE_NOTES-2.1
    RELEASE_NOTES-2.0
    RELEASE_NOTES-1.1
    RELEASE_NOTES-1.0

You need to read the first two.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade version 2.5.5 to 2.7.1

Stan Hoeppner
In reply to this post by Bruno Costacurta
Bruno Costacurta put forth on 12/1/2010 2:19 PM:
> Hello,
>
> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
> Are there incompatibilities or specific path for upgrade ?
> Or any manual re-configuration to be done ?

I performed this exact backports upgrade about a week ago.  As far as I
recall, no manual master.cf or main.cf changes were *required* although
I did make some manual changes due the the following becoming available:

check_reverse_client_hostname_access

The only "issue" I've come across is that logwatch doesn't recognize
Postfix log stamps containing "2.7.1", which is no big deal.

The 2.7.1 backport is running perfectly here so far.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade version 2.5.5 to 2.7.1

fakessh @
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 01.12.2010 21:49, Stan Hoeppner a écrit :

> Bruno Costacurta put forth on 12/1/2010 2:19 PM:
>> Hello,
>>
>> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
>> Are there incompatibilities or specific path for upgrade ?
>> Or any manual re-configuration to be done ?
>
> I performed this exact backports upgrade about a week ago.  As far as I
> recall, no manual master.cf or main.cf changes were *required* although
> I did make some manual changes due the the following becoming available:
>
> check_reverse_client_hostname_access
>
> The only "issue" I've come across is that logwatch doesn't recognize
> Postfix log stamps containing "2.7.1", which is no big deal.
>
> The 2.7.1 backport is running perfectly here so far.
>

and how to apply this option too I do not use
check_reverse_client_hostname_access

- --
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iD8DBQFM9raUtXI/OwkhZKcRAgsgAJ9fqw76IshgD0z6+oZpDh+r8GtFUQCcDPG5
jodLx1K+3Puqx8dsVwa9Z3A=
=6LOs
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade version 2.5.5 to 2.7.1

Stan Hoeppner
In reply to this post by Victor Duchovni
Victor Duchovni put forth on 12/1/2010 2:28 PM:
> On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:
>
>> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
>
> May as well use 2.7.2.

The OP sticks to Debian Stable and Backports packages Viktor, as I do.
We've waited almost 2 years for something newer than 2.5.5.  Unless
there are security issues (which Postfix never suffers) then the next
backport we'll likely see is 2.8.x some weeks or months after Wietse
officially releases it--this coming directly from the mouth (fingers) of
the Debian Postfix maintainer, Lamont Jones, in a reply to my email to
him of a few days ago.

In addition to, or in lieu of reading the version release notes, what I
would recommend doing is what I did.  That is, search for:

"This feature is available in Postfix 2.6 and later"
"This feature is available in Postfix 2.7 and later"

at

http://www.postfix.org/postconf.5.html

in order to find out what new parameters are available since 2.5.5, and
implement any you find useful.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade version 2.5.5 to 2.7.1

Victor Duchovni
On Wed, Dec 01, 2010 at 03:11:12PM -0600, Stan Hoeppner wrote:

> Victor Duchovni put forth on 12/1/2010 2:28 PM:
> > On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:
> >
> >> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
> >
> > May as well use 2.7.2.
>
> The OP sticks to Debian Stable and Backports packages Viktor, as I do.
> We've waited almost 2 years for something newer than 2.5.5.  Unless
> there are security issues (which Postfix never suffers) then the next
> backport we'll likely see is 2.8.x some weeks or months after Wietse
> officially releases it--this coming directly from the mouth (fingers) of
> the Debian Postfix maintainer, Lamont Jones, in a reply to my email to
> him of a few days ago.

It would be unwise of LaMont or Debian, having selected a particular
Postfix 2.x release (say 2.7) to not track the patch updates from time to
time. I understand that Debian stable or backports won't switch from 2.7
to 2.8 any time soon, but they should integrate patches in a reasonably
timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we
have the changes below. They are not "critical", but O/S distributions
still need to not sit on bug-fixes too long...

    20100610

          Bugfix (introduced Postfix 2.2): Postfix no longer appends
          the system default CA certificates to the lists specified
          with *_tls_CAfile or with *_tls_CApath.  This prevents
          third-party certificates from getting mail relay permission
          with the permit_tls_all_clientcerts feature.  Unfortunately
          this may cause compatibility problems with configurations
          that rely on certificate verification for other purposes.
          To get the old behavior, specify "tls_append_default_CA =
          yes".  Files: tls/tls_certkey.c, tls/tls_misc.c,
          global/mail_params.h.  proto/postconf.proto, mantools/postlink.

    20100714

          Compatibility with Postfix < 2.3: fix 20061207 was incomplete
          (undoing the change to bounce instead of defer after
          pipe-to-command delivery fails with a signal). Fix by Thomas
          Arnett. File: global/pipe_command.c.

    20100727

          Bugfix: the milter_header_checks parser provided only the
          actions that change the message flow (reject, filter,
          discard, redirect) but disabled the non-flow actions (warn,
          replace, prepend, ignore, dunno, ok).  File:
          cleanup/cleanup_milter.c.

    20100827

          Performance: fix for poor smtpd_proxy_filter TCP performance
          over loopback (127.0.0.1) connections. Problem reported by
          Mark Martinec.  Files: smtpd/smtpd_proxy.c.

    20101023

          Cleanup: don't apply reject_rhsbl_helo to non-domain forms
          such as network addresses.  This would cause false positives
          with dbl.spamhaus.org.  File: smtpd/smtpd_check.c.

    20101117

          Bugfix: the "421" reply after Milter error was overruled
          by Postfix 1.1 code that replied with "503" for RFC 2821
          compliance. We now make an exception for "final" replies,
          as permitted by RFC. Solution by Victor Duchovni. File:
          smtpd/smtpd.c.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade version 2.5.5 to 2.7.1

Stan Hoeppner
Victor Duchovni put forth on 12/1/2010 3:41 PM:

> On Wed, Dec 01, 2010 at 03:11:12PM -0600, Stan Hoeppner wrote:
>
>> Victor Duchovni put forth on 12/1/2010 2:28 PM:
>>> On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:
>>>
>>>> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
>>>
>>> May as well use 2.7.2.
>>
>> The OP sticks to Debian Stable and Backports packages Viktor, as I do.
>> We've waited almost 2 years for something newer than 2.5.5.  Unless
>> there are security issues (which Postfix never suffers) then the next
>> backport we'll likely see is 2.8.x some weeks or months after Wietse
>> officially releases it--this coming directly from the mouth (fingers) of
>> the Debian Postfix maintainer, Lamont Jones, in a reply to my email to
>> him of a few days ago.
>
> It would be unwise of LaMont or Debian, having selected a particular
> Postfix 2.x release (say 2.7) to not track the patch updates from time to
> time. I understand that Debian stable or backports won't switch from 2.7
> to 2.8 any time soon, but they should integrate patches in a reasonably
> timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we
> have the changes below. They are not "critical", but O/S distributions
> still need to not sit on bug-fixes too long...

I'm not exactly sure how, or if, this is handled.  I don't recall seeing
any updates to 2.5.5-1.1, security or otherwise, since Lenny was
released in Feb 2009.  Maybe I don't have the correct set of apt sources
configured?  Unlikely but possible I guess.

I Absolutely agree it would be preferable for the user base to get these
bug fixes, and preferably in a timely manner.  I could very well be
wrong here, but AFAIK, there have been zero updates to Lenny Postfix
2.5.5-1.1 since Lenny was released.  And if not for the Backports
effort, we'd not have 2.7.1, and still be stuck with unpatched 2.5.5-1.1.

Would it be appropriate for you or Wietse to fire off a kind note to
Lamont simply inquiring about Postfix version/bug fix support in Debian
Stable/Backports?  The community recently voted to keep the 2 year
(gasp) release cycle.  If they're not going to even bug fix Postfix for
a two year period, that may be worth having at least a short discussion
with the maintainer about.

Now that they absorbed the Backports project this situation may change a
bit, although that's merely speculation.  As I may have stated before,
Dovecot has seen multiple Backport releases recently due to bug fixes.
Postfix doesn't seem to be getting any attention at all.  This is a
shame because Debian is a great stable OS, and from what I gather,
Postfix atop it is very popular.

lamont at debian.org

--
Stan

>     20100610
>
>           Bugfix (introduced Postfix 2.2): Postfix no longer appends
>           the system default CA certificates to the lists specified
>           with *_tls_CAfile or with *_tls_CApath.  This prevents
>           third-party certificates from getting mail relay permission
>           with the permit_tls_all_clientcerts feature.  Unfortunately
>           this may cause compatibility problems with configurations
>           that rely on certificate verification for other purposes.
>           To get the old behavior, specify "tls_append_default_CA =
>           yes".  Files: tls/tls_certkey.c, tls/tls_misc.c,
>           global/mail_params.h.  proto/postconf.proto, mantools/postlink.
>
>     20100714
>
>           Compatibility with Postfix < 2.3: fix 20061207 was incomplete
>           (undoing the change to bounce instead of defer after
>           pipe-to-command delivery fails with a signal). Fix by Thomas
>           Arnett. File: global/pipe_command.c.
>
>     20100727
>
>           Bugfix: the milter_header_checks parser provided only the
>           actions that change the message flow (reject, filter,
>           discard, redirect) but disabled the non-flow actions (warn,
>           replace, prepend, ignore, dunno, ok).  File:
>           cleanup/cleanup_milter.c.
>
>     20100827
>
>           Performance: fix for poor smtpd_proxy_filter TCP performance
>           over loopback (127.0.0.1) connections. Problem reported by
>           Mark Martinec.  Files: smtpd/smtpd_proxy.c.
>
>     20101023
>
>           Cleanup: don't apply reject_rhsbl_helo to non-domain forms
>           such as network addresses.  This would cause false positives
>           with dbl.spamhaus.org.  File: smtpd/smtpd_check.c.
>
>     20101117
>
>           Bugfix: the "421" reply after Milter error was overruled
>           by Postfix 1.1 code that replied with "503" for RFC 2821
>           compliance. We now make an exception for "final" replies,
>           as permitted by RFC. Solution by Victor Duchovni. File:
>           smtpd/smtpd.c.
>

Reply | Threaded
Open this post in threaded view
|

Re: Upgrade version 2.5.5 to 2.7.1

DTNX Postmaster
On 01/12/2010, at 23:40, Stan Hoeppner wrote:

> Victor Duchovni put forth on 12/1/2010 3:41 PM:
>> It would be unwise of LaMont or Debian, having selected a particular
>> Postfix 2.x release (say 2.7) to not track the patch updates from time to
>> time. I understand that Debian stable or backports won't switch from 2.7
>> to 2.8 any time soon, but they should integrate patches in a reasonably
>> timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we
>> have the changes below. They are not "critical", but O/S distributions
>> still need to not sit on bug-fixes too long...
>
> I'm not exactly sure how, or if, this is handled.  I don't recall seeing
> any updates to 2.5.5-1.1, security or otherwise, since Lenny was
> released in Feb 2009.  Maybe I don't have the correct set of apt sources
> configured?  Unlikely but possible I guess.

According to the Debian package database, there haven't been any;
http://packages.debian.org/search?suite=all&searchon=names&keywords=postfix

Here's the changelog for the 2.5.5 branch in Debian;
http://packages.debian.org/changelogs/pool/main/p/postfix/postfix_2.5.5-1.1/changelog

And the changelog for the 2.7.1 branch the backport is probably based on;
http://packages.debian.org/changelogs/pool/main/p/postfix/postfix_2.7.1-1/changelog

It seems they integrate upstream releases in packages while they are in the 'unstable' suite. Things then move into 'testing', which is currently the 'squeeze' release. They've frozen 'squeeze' in August this year, and are working towards release, which probably means they're not introducing any new code.

As far as I can tell, 2.7.2 is from last week, correct? If you needed the fixes provided, you could grab the Debian source package, the Postfix source, change the package description file and compile .deb packages for deployment. That's what we would do anyway, once we upgrade our current 2.6.x to the 2.7 branch.

Cya,
Jona