migrating 2.1 to 3.x, what else is needed ?

[lists]

I'd like to update and migrate my current Postfix 2.1 to an up to date
version, it's a Postfix/Dovecot/MySQL/smtp auth/ virtual domains/users

I've installed new Centos 7 with ghettoforge postfix 3.2.4 /dovecot, and,
copied over /etc/postfix etc/dovecot, after some minor edits (remove
policyd 1.x, add postfwd, edit IPs/host names, letsencrypt, etc)

it seems to work OK, only some warnings, can send/receive

so I should now run this, yes ? "postconf compatibility_level=2"

what else should I or must I do, what else is suggested/recommended ?

is my (largely unconfigured as yet) postfwd in correct place ?

# postfix reload

Dec 26 11:14:07 geko postfix[8521]: Postfix is running with
backwards-compatible default settings
Dec 26 11:14:07 geko postfix[8521]: See
http://www.postfix.org/COMPATIBILITY_README.html for details
Dec 26 11:14:07 geko postfix[8521]: To disable backwards compatibility use
"postconf compatibility_level=2" and "postfix
 reload"
Dec 26 11:14:07 geko postfix/postfix-script[8527]: refreshing the Postfix
mail system
Dec 26 11:14:07 geko postfix/master[1298]: reload -- version 3.2.4,
configuration /etc/postfix

postconf -n
-

address_verify_sender = $double_bounce_sender
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
anvil_rate_time_unit = 1800s
biff = no
body_checks = pcre:/etc/postfix/body_checks
body_checks_size_limit = 15
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 30971520
mime_header_checks = pcre:$config_directory/mime_headers.pcre
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain,
localhost.$myhostname
mydomain = sbt.net.au
myhostname = geko.sbt.net.au
mynetworks = 163.47.110.6 163.47.110.7 127.0.0.1
myorigin = geko.sbt.net.au
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps
$mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps
$relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps
$sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps
$transport_maps $virtual_alias_domains $virtual_alias_maps
$virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix3-3.2.4/README_FILES
recipient_bcc_maps =
proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf,
proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination,
proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf,
proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_client_connection_rate_limit = 50
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks,
check_sasl_access hash:/etc/postfix/sasl_access permit_sasl_authenticated,
reject_unauth_destination, check_policy_service inet:127.0.0.1:10040,
check_recipient_access hash:/etc/postfix/recipient_no_checks,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks, check_sender_access
hash:/etc/postfix/sender_checks, check_client_access
hash:/etc/postfix/client_checks, check_client_access
pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org,
reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus

Re: migrating 2.1 to 3.x ?

[Voytek]

On Thu, August 10, 2017 6:33 pm, Peter wrote:
> On 10/08/17 16:51, Voytek wrote:

>> mail_version = 2.11.0
>
> This is not the stock postfix for CentOS 6, so if you want to upgrade it
> on the same server you might want to check where the current postfix came
> from.  How it got there has to do with what you need to do to remove it.

Peter, thanks

I think... I've used Simon J Mudd's pages to compile, well, copy'n'paste
from his website relevant lines.

but, all in all, I think a new 'C7' server etc is a better way forward

thanks, I'll undoubtedly be asking more questions.


Voytek

Re: migrating 2.1 to 3.x ?

[Peter]

On 10/08/17 16:51, Voytek wrote:
> I currently have Postfix 2.11 /MySQL on Centos 6, looking at migrating to
> current Postfix.
> 
> current server:
> CentOS release 6.x
> mail_version = 2.11.0

This is not the stock postfix for CentOS 6, so if you want to upgrade it
on the same server you might want to check where the current postfix
came from.  How it got there has to do with what you need to do to
remove it.

Do note that GhettoForge does supply the latest postfix packages for
both CentOS 6 and 7, so if you want to just upgrade postfix on the
current server that is an option.

> new server:
> CentOS 7.3
> mail_version = 2.10.1
> 
> reading some of the ML posts: is ghettoforge the way to do it ?

That is my recommendation.  I build the GhettoForge packages myself so I
can vouch for them.

> http://ghettoforge.org/index.php/Postfix
> 
> what can or should I do with current main.cf ? master.cf

You can keep them.  postfix 2.11.0 config will actually work with
postfix 3.2.2 without any changes if you want.  The only thing you will
notice are compatibility_level warnings in the log.  To get rid of those
warnings you can follow the instructions in the COMPATIBILITY_README, or
the simplified instructions on the GhettoForge wiki page you linked to
above.

> the idea is to set new server with Postfix 3, have both running till all done
> 
> thanks for all the pointers and help
> 
> V
> (current)
> postconf -m
> 
...

It looks like you have a postfix built with most or all of the table
types compiled in.  Postfix 2.11 did not have dynamic map support so it
had to be compiled from the start with the table types that you wanted
supported.  Starting with postfix 3.0 packagers are able to separate out
many of the map types into separate packages and that is what
GhettoForge has done, so you have packages such as postfix3-mysql,
postfix3-pgsql, etc, and you just install the packages for the map types
you want in addition to the postfix-3 package.

I would encourage you to look through your main.cf and master.cf files
(or the output of postconf -nf and postconf -Mf) and come up with a list
of map types you actually use, then install those map types along with
the postfix3 package from GhettoForge.  The advantage of not installing
other map types is you don't have to install packages for the supporting
libraries of map types you don't use, for example if you install
postfix3-pgsql then you end up having to install postgresql-libs as well
as a dependency, but this is not necessary if you don't need postgresql
support.

If you need any additional help I am happy to answer questions on this
list, or you can reach me at the #postfix or #ghettoforge Freenode IRC
channels.


Peter

migrating 2.1 to 3.x ?

[Voytek]

I currently have Postfix 2.11 /MySQL on Centos 6, looking at migrating to
current Postfix.

current server:
CentOS release 6.x
mail_version = 2.11.0

new server:
CentOS 7.3
mail_version = 2.10.1

reading some of the ML posts: is ghettoforge the way to do it ?
http://ghettoforge.org/index.php/Postfix

what can or should I do with current main.cf ? master.cf

the idea is to set new server with Postfix 3, have both running till all done

thanks for all the pointers and help

V
(current)
postconf -m

btree
cidr
environ
fail
hash
internal
ldap
memcache
mysql
nis
pcre
pgsql
proxy
regexp
socketmap
static
tcp
texthash
unix