Update en_US/upgrade/0-upgrade.debian.8-9.md.
This commit is contained in:
parent
21b016e2a9
commit
701334fd54
|
@ -2,6 +2,26 @@
|
||||||
|
|
||||||
[TOC]
|
[TOC]
|
||||||
|
|
||||||
|
## Postfix
|
||||||
|
|
||||||
|
Run commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
# Backup files
|
||||||
|
cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
|
||||||
|
cp /etc/postfix/master.cf /etc/postfix/master.cf
|
||||||
|
|
||||||
|
# Update main.cf and master.cf
|
||||||
|
postconf -e daemon_directory='/usr/lib/postfix/sbin'
|
||||||
|
postconf -e shlib_directory='/usr/lib/postfix'
|
||||||
|
postconf -e compatibility_level=2
|
||||||
|
for i in $(postconf -Mf | grep '^[0-9a-zA-Z]' | awk '{print $1"/"$2"/chroot=n"}'); do postconf -F $i; done
|
||||||
|
```
|
||||||
|
|
||||||
|
* Incorrect `daemon_directory` causes Postfix cannot start.
|
||||||
|
* Incorrect `shlib_directory` causes Postfix cannot find pcre/mysql/pgsql/ldap modules.
|
||||||
|
* Debian 8 ships Postfix 2.x, but Debian 9 ships Postfix 3.x, we need to disable compatible mode.
|
||||||
|
|
||||||
## Dovecot
|
## Dovecot
|
||||||
|
|
||||||
Please remove `!SSLv2` from parameter `ssl_protocols`, and restart Dovecot service:
|
Please remove `!SSLv2` from parameter `ssl_protocols`, and restart Dovecot service:
|
||||||
|
@ -9,3 +29,18 @@ Please remove `!SSLv2` from parameter `ssl_protocols`, and restart Dovecot servi
|
||||||
```
|
```
|
||||||
ssl_protocols = !SSLv3
|
ssl_protocols = !SSLv3
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Fail2ban
|
||||||
|
|
||||||
|
There's a duplicate parameter in file `/etc/fail2ban/jail.conf`, under section
|
||||||
|
`[pam-generic]` like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
[pam-generic]
|
||||||
|
...
|
||||||
|
port = all
|
||||||
|
...
|
||||||
|
port = anyport
|
||||||
|
```
|
||||||
|
|
||||||
|
Comment out `port = anyport` and restart fail2ban service.
|
||||||
|
|
|
@ -19,15 +19,47 @@
|
||||||
<div class="toc">
|
<div class="toc">
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="#fixes-you-need-after-upgrading-debian-from-8-to-9">Fixes you need after upgrading Debian from 8 to 9</a><ul>
|
<li><a href="#fixes-you-need-after-upgrading-debian-from-8-to-9">Fixes you need after upgrading Debian from 8 to 9</a><ul>
|
||||||
|
<li><a href="#postfix">Postfix</a></li>
|
||||||
<li><a href="#dovecot">Dovecot</a></li>
|
<li><a href="#dovecot">Dovecot</a></li>
|
||||||
|
<li><a href="#fail2ban">Fail2ban</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
<h2 id="postfix">Postfix</h2>
|
||||||
|
<p>Run commands:</p>
|
||||||
|
<pre><code># Backup files
|
||||||
|
cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
|
||||||
|
cp /etc/postfix/master.cf /etc/postfix/master.cf
|
||||||
|
|
||||||
|
# Update main.cf and master.cf
|
||||||
|
postconf -e daemon_directory='/usr/lib/postfix/sbin'
|
||||||
|
postconf -e shlib_directory='/usr/lib/postfix'
|
||||||
|
postconf -e compatibility_level=2
|
||||||
|
for i in $(postconf -Mf | grep '^[0-9a-zA-Z]' | awk '{print $1"/"$2"/chroot=n"}'); do postconf -F $i; done
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Incorrect <code>daemon_directory</code> causes Postfix cannot start.</li>
|
||||||
|
<li>Incorrect <code>shlib_directory</code> causes Postfix cannot find pcre/mysql/pgsql/ldap modules.</li>
|
||||||
|
<li>Debian 8 ships Postfix 2.x, but Debian 9 ships Postfix 3.x, we need to disable compatible mode.</li>
|
||||||
|
</ul>
|
||||||
<h2 id="dovecot">Dovecot</h2>
|
<h2 id="dovecot">Dovecot</h2>
|
||||||
<p>Please remove <code>!SSLv2</code> from parameter <code>ssl_protocols</code>, and restart Dovecot service:</p>
|
<p>Please remove <code>!SSLv2</code> from parameter <code>ssl_protocols</code>, and restart Dovecot service:</p>
|
||||||
<pre><code>ssl_protocols = !SSLv3
|
<pre><code>ssl_protocols = !SSLv3
|
||||||
</code></pre><div class="footer">
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="fail2ban">Fail2ban</h2>
|
||||||
|
<p>There's a duplicate parameter in file <code>/etc/fail2ban/jail.conf</code>, under section
|
||||||
|
<code>[pam-generic]</code> like below:</p>
|
||||||
|
<pre><code>[pam-generic]
|
||||||
|
...
|
||||||
|
port = all
|
||||||
|
...
|
||||||
|
port = anyport
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>Comment out <code>port = anyport</code> and restart fail2ban service.</p><div class="footer">
|
||||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||||
</div>
|
</div>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
|
|
Loading…
Reference in New Issue