OpenBSD Email Service - Upgrade an existing installation
Upgrades are only supported from one release to the release immediately following it. Read through and understand this process before attempting it. For critical or physically remote machines, test it on an identical, local system first. - OpenBSD Upgrade Guide
Before upgrading to OpenBSD 6.3, backup /var/rspamd and:
cd /tmp
ftp https://fastly.cdn.openbsd.org/pub/OpenBSD/6.3/amd64/bsd.rd
ftp https://fastly.cdn.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig
signify -C -p /etc/signify/openbsd-63-base.pub -x SHA256.sig bsd.rd && \
cp -p /bsd.rd /bsd.rd-6.2 && cp /tmp/bsd.rd /
rm -r /usr/share/man
rm -r /usr/share/compile
cd /usr/X11R6/lib
rm libpthread-stubs.a \
libpthread-stubs.so.2.0 \
pkgconfig/pthread-stubs.pc
reboot
boot: bsd.rd
> (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? U
...
Set name(s) = -comp* -game* -x*
...
reboot
sysmerge
pkg_add -u
sievec /var/dovecot/imapsieve/before/report-ham.sieve
sievec /var/dovecot/imapsieve/before/report-spam.sieve
sievec /var/dovecot/sieve/before/spamtest.sieve
rcctl restart smtpd dovecot rspamd dkimproxy_out
rm /bsd.rd-6.2RFC 7217 style IPv6 addresses enabled by default. If you need the old style:
echo "inet6 -soii" >> /etc/hostname.vio0Enable syncookie adaptive mode:
sed -i '/block-policy/a\
set syncookies adaptive (start 25%, end 12%)
' /etc/pf.conf
pfctl -f /etc/pf.confMozilla Autoconfiguration
vi src/var/www/htdocs/mercury.example.com/mail/config-v1.1.xml
install -o root -g daemon -m 0755 -d src/var/www/htdocs/mercury.example.com/mail /var/www/htdocs/$(hostname)/mail
install -o root -g daemon -m 0644 -b src/var/www/htdocs/mercury.example.com/mail/config-v1.1.xml /var/www/htdocs/$(hostname)/mail/Each autoconfig subdomain has record type CNAME pointing to Autoconfiguration server:
autoconfig.example.com. 86400 IN CNAME mercury.example.com.Each virtual autoconfig subdomain has record type CNAME pointing to Autoconfiguration server:
autoconfig.example.net. 86400 IN CNAME mercury.example.com.Each domain and virtual domain has record types SRV for simple MUA auto-configuration:
_submission._tcp.example.com. 86400 IN SRV 0 1 587 mercury.example.com.
_imaps._tcp.example.com. 86400 IN SRV 0 1 993 mercury.example.com.Each autoconfig subdomain needs a TXT record with SPF data:
autoconfig.example.com. 86400 IN TXT "v=spf1 -all"Edit autoconfig.example.com, and add the following configuration directive to /etc/httpd.conf:
...
# Host
server "mercury.example.com" {
alias "autoconfig.example.com"
listen on $IPv4 port http
...
}
# Mozilla Autoconfiguration
server "autoconfig.*" {
listen on $IPv4 port http
listen on $IPv6 port http
tcp nodelay
connection { max requests 500, timeout 3600 }
log syslog
block
location "/*" {
block return 302 "https://autoconfig.example.com$REQUEST_URI"
}
}
...Revoke mercury.example.com certificate:
acme-client -vr mercury.example.comUpdate /etc/acme-client.conf:
sed -i -e '/alternative names/s|secure.example.com|autoconfig.example.com|' \
-e '/alternative names/s/^#//' /etc/acme-client.confGet a new certificate for mercury.example.com:
acme-client -v mercury.example.com
get-ocsp.sh mercury.example.comRestart:
rcctl restart smtpd dovecotWhen relaying as backup MX, enforce STARTTLS and certificate verification:
sed -i 's|relay backup|& tls verify|g' /etc/mail/smtpd.confRestart backup MX:
rcctl restart smtpdAdd per_user and per_language bayes classification of messages:
rcctl stop rspamd
rm /tmp/*.shm
cp src/etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/
cp src/usr/local/bin/learn_*.sh /usr/local/bin/Start with a fresh database:
rm /var/rspamd/*
rcctl start rspamd