Marco Fioretti via Postfix-users:
> Greetings,
>
> I have found myself with the task of moving/recreating the mail server of a
> small ngo from an old VPS which hasn't been updated for years but still
> works without any visible problem, to a new one.
>
> The current server runs postfix 2.10.1 + postgrey on Centos 7.6.
>
> The new server should run the current stable version of Postfix (3.9,
> right?) on (almost surely) Ubuntu 24.04 LTS, and the same fixed IP as
> today, with the same load as today (7/8 domains, but with very few users)
>
> I would need, in order to minimize downtime, to know in advance what
> exactly I should change in the several postfix configuration files and
> connected "tools", e.g. certbot certificates. That is, I am pretty sure I
> cannot just copy the whole content of /etc/postfix (see below) from the old
> VPS to the new one and expect things to work, but what should I change? And
> what input should I provide, besides the output of postconf -n below?
The idea was that one should be able to copy old Postfix configs
and then use the Postfix compatibility_level (default = 0, i.e.
Postfix 2.x compatible).
Then, follow COMPATIBILITY_README instructions to override or adopt
incompatible changes in default settings.
The main exceptions:
- OpenSSL has removed old featrures and added new ones. So
that will require attention.
- Postfix has become less tolerant for protocol corner cases to
prevent SMTP smuggling attacks, SMTP Alpaca attacks, and so on.
That stuff is covered in a decade worth of RELEASE_NOTES files.
- hash: and btree: files need to be regenerated.
Wietse
> Thanks in advance for your support,
>
> Marco
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
> $daemon_directory/$process_name $process_id & sleep 5
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/postfix-2.4.3-documentation/html
> inet_interfaces = all
> inet_protocols = ipv4
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 20480000
> mydestination = $myhostname, localhost
> mydomain = $myhostname
> myhostname = a.mx.NGO-DOMAIN-NAME
> mynetworks = 127.0.0.0/8, 47.53.159.60
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> non_smtpd_milters = inet:localhost:8891
> procmail_destination_recipient_limit = 1
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme
> relay_domains =
> sample_directory = /etc/postfix
> sender_dependent_relayhost_maps = hash:/etc/postfix/mymaps/relayhost_maps
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_address_preference = ipv4
> smtp_sasl_auth_enable = yes
> smtp_sasl_mechanism_filter =
> smtp_sasl_password_maps = hash:/etc/postfix/mymaps/sasl_passwd
> smtp_sasl_security_options = noanonymous
> smtp_sasl_tls_security_options = noanonymous
> smtp_sasl_type = cyrus
> smtp_sender_dependent_authentication = yes
> smtp_tls_mandatory_ciphers = high
> smtp_tls_security_level = may
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> smtpd_milters = inet:localhost:8891
> smtpd_recipient_restrictions = check_client_access
> cidr:/etc/postfix/client_checks, reject_invalid_hostname,
> reject_non_fqdn_hostname, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain, permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination, check_helo_access
> hash:/etc/postfix/reject_own_helo, check_policy_service unix:postgrey/socket
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = /var/spool/postfix/private/auth
> smtpd_sasl_type = dovecot
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/letsencrypt/live/NGO-DOMAIN-NAME/fullchain.pem
> smtpd_tls_ciphers = medium
> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
> smtpd_tls_key_file = /etc/letsencrypt/live/NGO-DOMAIN-NAME/privkey.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_security_level = may
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> unknown_address_reject_code = 554
> unknown_client_reject_code = 554
> unknown_hostname_reject_code = 554
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/mail/mymail_storage
> virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map
> virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map
> virtual_transport = procmail
> virtual_uid_maps = static:1001
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
