[pfx] update on: Moving from postfix 2.10.1 to postfix 3.9

2025-01-21 Thread Marco Fioretti via Postfix-users 
Wietse wrote:

> from your answer I understand that it would be
> OK/safe to do this:
>
> 1, copy all the old configuration files into the new server, and just add
> compatibility_level = 0 to main.cf
>
> 2, regenerate all hashes and btree files
>
> 3, start postfix, see which warnings it generates, and then figure out
> if/what exactly I should change in the configuration files
>
> Is this correct, or did I misunderstand your answer?

That is what I suggested (compatibility_level still is zero
by default, but setting it is a good idea in case some
maintainer changes the default).

Many COMPATIBILITY_README warnings will happen while Postfix
receives or delivers email.

MY UPDATE:

I did all of the above, and after a bit of trials and analyses of the log
files:

Dovecot is NOT working yet, see below and TIA if someone can help on that
side too

But it seems that everything about Postfix is working, as I do see that all
the email my users should receive from mailing lists or other
correspondents seems to arrive again in the right mailboxes, and passing
the IP address of the server at https://tools.appriver.com/OpenRelay.aspx
shows no successful relays. For documentation sake, to get there, I had to:

1) change main.cf as follows:

# sdiff -w 200  -s /etc/postfix/main.cf /home/marco/oldserver/etc/postfix/
main.cf
compatibility_level  = 0   <
#check_policy_service unix:postgrey/socket
  |check_policy_service unix:postgrey/socket
check_policy_service inet:127.0.0.1:10023
<
daemon_directory = /usr/lib/postfix/sbin/

2) rename and move the postgrey whitelists files from /etc/postfix to
/etc/postgrey

3) (of course) also restore the whole /etc/opendkim directory I had on the
old server

Further tips and comments are very appreciated, of course.

Thanks,
Marco

ABOUT DOVECOT NOT WORKING: if you are interested, please check here:

https://dovecot.org/mailman3/hyperkitty/list/dove...@dovecot.org/

the two threads titled:

connection refused, no error anywhere
and

dovecot not listening, but doing passw checks? Was: connection refused, no
error anywhere
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Moving from postfix 2.10.1 to postfix 3.9

2025-01-14 Thread Marco Fioretti via Postfix-users 
Greetings,

I have found myself with the task of moving/recreating the mail server of a
small ngo from an old VPS which hasn't been updated for years but still
works without any visible problem, to a new one.

The current server runs postfix 2.10.1 + postgrey on Centos  7.6.

The new server should run the current stable version of Postfix (3.9,
right?) on (almost surely) Ubuntu 24.04 LTS, and the same fixed IP as
today, with the same load as today (7/8 domains, but with very few users)

I would need, in order to minimize downtime, to know in advance what
exactly I should change in the several postfix configuration files and
connected "tools", e.g. certbot certificates. That is, I am pretty sure I
cannot just copy the whole content of /etc/postfix (see below) from the old
VPS to the new one and expect things to work, but what should I change? And
what input should I provide, besides the output of postconf -n below?

Thanks in advance for your support,

Marco

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix-2.4.3-documentation/html
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
mydestination = $myhostname, localhost
mydomain = $myhostname
myhostname = a.mx.NGO-DOMAIN-NAME
mynetworks = 127.0.0.0/8, 47.53.159.60
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
procmail_destination_recipient_limit = 1
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme
relay_domains =
sample_directory = /etc/postfix
sender_dependent_relayhost_maps = hash:/etc/postfix/mymaps/relayhost_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_address_preference = ipv4
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps = hash:/etc/postfix/mymaps/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_sender_dependent_authentication = yes
smtp_tls_mandatory_ciphers = high
smtp_tls_security_level = may
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_client_access
cidr:/etc/postfix/client_checks, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, check_helo_access
hash:/etc/postfix/reject_own_helo, check_policy_service unix:postgrey/socket
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/NGO-DOMAIN-NAME/fullchain.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file = /etc/letsencrypt/live/NGO-DOMAIN-NAME/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/mymail_storage
virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map
virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map
virtual_transport = procmail
virtual_uid_maps = static:1001
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org