• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Upgrade Postfix but use as normal afterwards within Plesk

learning_curve

Silver Pleskian
We want to upgrade both our Postfix and Dovecot packages from the current RPM provided releases.
This thread is about Postfix. We’ll post a separate thread for Dovecot once this one is resolved.

Our current RPM provided Postfix package is 2.10.1 which although backported is still well out of date…We want to upgrade this to the current stable Postfix release which is THIS ONE at the time of writing this thread. Yum update cannot be used to achieve this, so we need some alternative method that works within our existing Plesk / RPM Packages setup (signature)

Having searched around quite a lot first and prior to posting this thread, our current “thinking” for a structured, safe way to do this is as follows:

1) List all the existing RPM packages on the server to check current packages
Code:
# rpm -qa
Having checked this, all yum ‘Development Tools’ plus cyrus-sasl, openssl, pcre and openldap must already exist.

2) Download latest Postfix release into /usr/local/src directory

3) Unpack the file (tar zxvf * will make its own new subdirectory) and cd into the new subdirectory

4) Install any ‘extra’ devel packages that may be needed. In our planned upgrade method these would be:
Code:
yum install libdb-devel db4-devel cyrus-sasl-devel openssl-devel pcre-devel openldap-devel mariadb-devel and/or mysql-devel*** (*** see notes at the end)
Clean up the makefiles and build new ones because Postfix won’t be compiled with SASL and SQL support when only using the supplied makefile. At the end, build the whole package:
Code:
make clean

make tidy

make makefiles CCARGS='-fPIC -DUSE_TLS -DUSE_SSL -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DPREFIX=\\"/usr\\" -DHAS_LDAP -DLDAP_DEPRECATED=1 -DHAS_PCRE -I/usr/include/openssl -DHAS_MYSQL -I/usr/include/mysql -I/usr/include/sasl -I/usr/include' 

AUXLIBS='-L/usr/lib64 -L/usr/lib64/openssl -lssl -lcrypto -L/usr/lib64/mysql -lmysqlclient -L/usr/lib64/sasl2 -lsasl2 -lpcre -lz -lm -lldap -llber -Wl,-rpath,/usr/lib64/openssl -pie -Wl,-z,relro' 

OPT='-O' 

DEBUG='-g'

make
5) Assuming this all goes okay ;)
Code:
make upgrade
6) And finally, run
Code:
service postfix restart
In order to verify the upgrade is in place and functional

Notes:

We have assumed at 4) that because cyrus-sase openssl pure and openldap already exist on the server, only the devel packages mentioned need to be installed for this to work

We don’t actually use MySQL. We only use MariaDB which is regularaly updated via RPM. Despite this, there is still only a /usr/lib64/mysql directory and no /usr/lib64/mysql directory actually exists. Therefore, any advice on only using the mariadb-devel package and/or the mysql-devel package e.g.... no; you must install both devel packages is very welcome.

No changes to the associated main.cf or master.cf files should be required, as this is compiling from source, so the RPM package number etc will remain as was (we think!)

We’re still very new to this and therefore this could be 100% completely wrong. The benefits of posting this in the forum in advance for input and of course before we actually do it :) are much appreciated. Finally, if anyone has already done this and/or done the same thing with Dovecot :D It would be great to read your experiences
 
What about just

# yum install rpm-build openldap-devel cyrus-sasl-devel
# wget http://repos.oostergo.net/7/SRPMS/postfix-3.2.3-1.el7.centos.src.rpm
# rpmbuild --rebuild postfix-3.2.3-1.el7.centos.src.rpm
# rpm -Uvh /root/rpmbuild/RPMS/x86_64/postfix-3.2.3-1.el7.centos.x86_64.rpm
# touch /etc/postfix/postfix-files
# postfix set-permissions
# systemctl restart postfix
# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-10-09 12:52:07 NOVT; 6s ago
Process: 20748 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 20766 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 20763 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 20759 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 20840 (master)
CGroup: /system.slice/postfix.service
├─20840 /usr/libexec/postfix/master -w
├─20841 pickup -l -t fifo -u
└─20842 qmgr -l -t fifo -u

Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix[20766]: Postfix is running with backwards-compatible default settings
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix[20766]: See Postfix Backwards-Compatibility Safety Net for details
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix[20766]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix/postfix-script[20835]: warning: not set-gid or not owner+group+world executable: /usr/sbin/postdrop
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix/postfix-script[20838]: starting the Postfix mail system
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix/master[20840]: daemon started -- version 3.2.3, configuration /etc/postfix
 
Yeah! The great part of being on this forum :D Thank you @IgorG

However, our slight stumbling block is this line:
# wget http://repos.oostergo.net/7/SRPMS/postfix-3.2.3-1.el7.centos.src.rpm

Because the repsonse was:
Code:
...Resolving repos.oostergo.net (repos.oostergo.net)... 185.53.177.31
Connecting to repos.oostergo.net (repos.oostergo.net)|185.53.177.31|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-10-09 08:43:42 ERROR 403: Forbidden
We don't use http or ftp anywhere at all, so assuming that was the issue, we changed this line to
# wget https://repos.oostergo.net/7/SRPMS/postfix-3.2.3-1.el7.centos.src.rpm

The new error was:
Code:
Resolving repos.oostergo.net (repos.oostergo.net)... 185.53.177.31
Connecting to repos.oostergo.net (repos.oostergo.net)|185.53.177.31|:443... connected.
ERROR: cannot verify repos.oostergo.net's certificate, issued by ‘/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2’:
  Issued certificate has expired.
ERROR: no certificate subject alternative name matches
   requested host name ‘repos.oostergo.net’.
To connect to repos.oostergo.net insecurely, use `--no-check-certificate'.
Of course using --no-check-certificate in the https line simply took us back to the original http address & error ;)

We can easily browser/url to the original line and take a local download and then SFTP that to the server but... to which location exactly? That we don't know... :)
 
Hahaha Root it was then.... until :(
Code:
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: bogus date in %changelog: Mon Jan 1 2017 Milo Oostergo <[email protected]> - 3:3.1.4
warning: bogus date in %changelog: Mon Jul 22 2015 Milo Oostergo <[email protected]> - 3:3.0.2
error: Failed build dependencies:
    zlib-devel is needed by postfix-2:3.2.3-1.el7.centos.x86_64
    libicu-devel is needed by postfix-2:3.2.3-1.el7.centos.x86_64
    pcre-devel is needed by postfix-2:3.2.3-1.el7.centos.x86_64
    mysql-devel is needed by postfix-2:3.2.3-1.el7.centos.x86_64
    openssl-devel is needed by postfix-2:3.2.3-1.el7.centos.x86_64
#
The 5 devel packages we can yum install shortly (we assume) but the other warnings?
Safe to ignore them?
 
Annddddddd breathe :)
We love this forum!
Code:
systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2017-10-09 10:06:23 BST; 13s ago
  Process: 4552 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 4549 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 4546 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
 Main PID: 4618 (master)
   Memory: 4.0M
   CGroup: /system.slice/postfix.service
           ├─4618 /usr/libexec/postfix/master -w
           ├─4619 pickup -l -t fifo -u
           └─4620 qmgr -l -t fifo -u

Oct 09 10:06:23 ** systemd[1]: Starting Postfix Mail Transport Agent...
Oct 09 10:06:23 ** postfix[4552]: Postfix is running with backwards-compatible default settings
Oct 09 10:06:23 ** postfix[4552]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Oct 09 10:06:23 ** postfix[4552]: To disable backwards compatibility use "postconf compatibility_level=2" an...eload"
Oct 09 10:06:23 ** postfix/postfix-script[4616]: starting the Postfix mail system
Oct 09 10:06:23 ** postfix/master[4618]: daemon started -- version 3.2.3, configuration /etc/postfix
Oct 09 10:06:23 ** systemd[1]: Started Postfix Mail Transport Agent.
Hint: Some lines were ellipsized, use -l to show in full.
[**]#

After some normal work for a day or two, we'll move on to Dovecot next ;)
 
Hi learning_curve,
why you want to upgrade to the last release ? And especially why we cannot update Postfix with plesk ? Is it secure to update Postfix (and Dovecot) with plesk release (17.5) ?
 
why you want to upgrade to the last release?
Why not?
And especially why we cannot update Postfix with plesk?
If you look above (for our setup anyway) this works perfectly within Plesk. As/when new, future packages are released via RPM etc (we are on CentOS 7.4 so that won't be next week... ;)) then the end package above, would be replaced in the normal way.
Is it secure to update Postfix (and Dovecot) with plesk release (17.5) ?
It's as secure as YOU make it to be fair. Upgrading Postfix itself is just one step. FWIW There are other, finer changes to add to make this more secure for use within our setup. We thought there was little point in adding these to an already out-of-date package when we first started. Your setup / demands / approach etc may be different.
 
Hi Igor,

is there something else to do for Plesk, or your solution is the best practice to upgrade and to work with Plesk without any problem ?

Thank you

What about just

# yum install rpm-build openldap-devel cyrus-sasl-devel
# wget http://repos.oostergo.net/7/SRPMS/postfix-3.2.3-1.el7.centos.src.rpm
# rpmbuild --rebuild postfix-3.2.3-1.el7.centos.src.rpm
# rpm -Uvh /root/rpmbuild/RPMS/x86_64/postfix-3.2.3-1.el7.centos.x86_64.rpm
# touch /etc/postfix/postfix-files
# postfix set-permissions
# systemctl restart postfix
# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-10-09 12:52:07 NOVT; 6s ago
Process: 20748 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 20766 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 20763 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 20759 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 20840 (master)
CGroup: /system.slice/postfix.service
├─20840 /usr/libexec/postfix/master -w
├─20841 pickup -l -t fifo -u
└─20842 qmgr -l -t fifo -u

Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix[20766]: Postfix is running with backwards-compatible default settings
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix[20766]: See Postfix Backwards-Compatibility Safety Net for details
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix[20766]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix/postfix-script[20835]: warning: not set-gid or not owner+group+world executable: /usr/sbin/postdrop
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix/postfix-script[20838]: starting the Postfix mail system
Oct 09 12:52:07 ppu17-5.demo.pp.plesk.ru postfix/master[20840]: daemon started -- version 3.2.3, configuration /etc/postfix
 
If postfix 3 is support from Plesk and/or if there are some other commend to make it operational with Plesk
 
Hi Igor,
I've tried to find some KB or article that confirm or not the support of postfix3 from Plesk. Considering that there are so much KB that tell that MariaDB 10.2 isn't supported and if you want to upgrade.. well "you know what you're doing", what about postfix ?
Thank you
 
As far as I remember Postfix 3 is installed by default on Debian 9 and Ubuntu 16. Do you have any problems on these OSes with Plesk and Postfix?
 
As far as I remember Postfix 3 is installed by default on Debian 9 and Ubuntu 16....
@OverWolf You can clearly see our server setup on our forum signature. It is not the same as those two mentioned above. Ammending your own forum signature, which currently gives no clues at all to anybody, would certainly be helpful.

You could re-read our opening post in this thread, as to how we thought about achieving what we wanted and then a subsequent reply, with a MUCH better suggestion from @IgorG You have already asked us some questions, which we answered, even though the answers were in posts made beforehand...If you were to correctly identify your own setup ^^ and your intentions and reasons for changing Postfix (as we did initially) then everybody may be able to help you a lot easier ;) FWIW The process suggested by @IgorG that we followed, worked perfectly, as does the upgraded Postfix on our server setup.
 
Last edited:
Hi Igor, hi learning_curve,

I'm on CentOS 7.4 and postfix is released with version 2.10, and mariadb is 5.5. So, I know that every distribution have "its" version software and that these software can be upgraded from users, but, I know that if I use Plesk I should know if a new software version is compatibile/supported or not. My question was only about this.
Then, if you have some strategy or needs for upgrade a determinate software, this is another case. Anyway thank you both :)
 
What about just

# yum install rpm-build openldap-devel cyrus-sasl-devel
# wget http://repos.oostergo.net/7/SRPMS/postfix-3.2.3-1.el7.centos.src.rpm
# rpmbuild --rebuild postfix-3.2.3-1.el7.centos.src.rpm

Hi, I stuck with this last command quoted here and got Error:
Code:
# rpmbuild --rebuild postfix-3.2.3-1.el7.centos.src.rpm
Installiere postfix-3.2.3-1.el7.centos.src.rpm
Warnung: postfix-3.2.3-1.el7.centos.src.rpm: Header V4 DSA/SHA1 Signature, Schlüssel-ID 12a13bd4: NOKEY
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: bogus date in %changelog: Mon Jan 1 2017 Milo Oostergo <[email protected]> - 3:3.1.4
Warnung: bogus date in %changelog: Mon Jul 22 2015 Milo Oostergo <[email protected]> - 3:3.0.2
Fehler: Fehlgeschlagene Paket-Abhängigkeiten:
    libdb-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    zlib-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    libicu-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    pcre-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    mysql-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    openssl-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64

Whats that?
 
@daanse You can't post things on here in German if you want any help...;) Only English
Any concerns and answers to them over 'possible' errors that we had, you can read ealier in this thread.
Please remember that this thread was how to upgrade to Postfix 3.2.3 but we did it again later and upgraded from 3.2.3 > 3.2.5
Both upgrades went smoothly just, by following Post #2 from @IgorG
 
Hi, I stuck with this last command quoted here and got Error:
Code:
# rpmbuild --rebuild postfix-3.2.3-1.el7.centos.src.rpm
Installiere postfix-3.2.3-1.el7.centos.src.rpm
Warnung: postfix-3.2.3-1.el7.centos.src.rpm: Header V4 DSA/SHA1 Signature, Schlüssel-ID 12a13bd4: NOKEY
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: Benutzer mockbuild existiert nicht - benutze Root
Warnung: Gruppe mockbuild existiert nicht - benutze Root
Warnung: bogus date in %changelog: Mon Jan 1 2017 Milo Oostergo <[email protected]> - 3:3.1.4
Warnung: bogus date in %changelog: Mon Jul 22 2015 Milo Oostergo <[email protected]> - 3:3.0.2
Fehler: Fehlgeschlagene Paket-Abhängigkeiten:
    libdb-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    zlib-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    libicu-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    pcre-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    mysql-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64
    openssl-devel wird benötigt von postfix-2:3.2.3-1.el7.x86_64

Whats that?

I had the same exact errors when I tried it, but in English. ;-)

After some doing, I was able to install the newest version available, manually, and got it all working from what I could tell! Then, I looked in the Plesk "Add or remove components" and saw that it wasn't showing any of the mail items as installed, so I selected them and hit continue thinking it would just update Plesk to what was already installed. It didn't — it removed all my changes and reverted everything back to original LOL. I gave up at that point.
 
@daanse You can't post things on here in German if you want any help...;) Only English
Any concerns and answers to them over 'possible' errors that we had, you can read ealier in this thread.
Please remember that this thread was how to upgrade to Postfix 3.2.3 but we did it again later and upgraded from 3.2.3 > 3.2.5
Both upgrades went smoothly just, by following Post #2 from @IgorG

i was to tired to translate whole Error Message. As you can see, i am writing in english ;-) ahhh. #
I installed the missing packages and it worked. I later on saw the Post and firstly misunderstood it.
I thought you ignored also the missing packages. I was wrong there.

Thx anyways.
 
Back
Top