DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 2 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,377
Default The story of server upgrades from 6.3 to 6.4

The TL;DR - I waited until after 6.4 was released to start practicing the upgrades. Knowing what changes were coming for OpenSMTPd, I should have practiced earlier.

----

For OpenBSD 6.4, OpenSMTPd went through a major change in its internal mail handling/structures. And that necessitated changing the grammar in its configuration file. The "accept" statement was replaced with separate "action" statements directing mail for further delivery, and "match" filter statements used to select the specified action statements.

I have been running my own small pair of mail severs with OpenSMTPd. But the main "upstream" mail server had a very complex configuration, handling mail from the Internet, directing internal mail, validating recipients, routing mail through SpamAssassin filtering, routing outbound mail through DKIM signing, and authenticating its tunneled connection with the internal, "downstream" server.

OpenSMTPd changed in OpenBSD -current shortly after 6.3 was released. And then a lot of people struggled with the new syntax and the new rules structure. So I said, "Hmmm... let's wait, and deal with it after things have settled down."

They did settle down. But I kept putting it off, because the change was so significant.

After about a week* of testing, on and off, as time allowed, I've upgraded and implemented the change. And there were increases in lines: my 7 "accept" rules were replaced with 12 statements: 8 "match" filters and 4 "action" directives. Even so, the total number of lines in my smtpd.conf(5) dropped substantially, from 95 to 64. The bulk of that was removal of comments, as the new grammar is easier to understand when the server provides many functions.

Testing was conducted using virtual machines that operated on an isolated network, to avoid creating any problems on the Internet. After testing completed, implementation in production went smoothly.

---
* I had two delays due to misreading the man pages. 1) I'd neglected to note that authorized SMTP mail transfer sessions between the two servers required valid certificate authorities by default. I was using self-signed certificates on the isolated network. The documentation for this is in the smtpd.conf(5) man page, but hidden in a paragraph about URL label values. The circumvention was to use "tls no-verify" on outbound relays. 2) The original "accept" rule set used "from local" and "for local" as defaults. This did not change with the new "match" filter, and I was caught with some match rules during the redesign that did not specify these explicitly. Mail was being rejected with "unknown recipient" errors when this occurred. Both of my smtp.conf files now have comments to remind me to specify both "from" and "for" explicitly in my match rules to avoid this error in the future. It happened to me before. It is said, "Wisdom is recognizing your mistakes when you make them again."

Last edited by jggimi; 2 Weeks Ago at 01:11 AM. Reason: typo
Reply With Quote
  #2   (View Single Post)  
Old 2 Weeks Ago
fvgit's Avatar
fvgit fvgit is offline
Tempvs fvgit
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("SGVyZSBiZSBkcmFnb25zC")'
Posts: 151
Default

I have a very simple smtpd.conf I use to relay outgoing mail to my mail provider. The biggest hurdle for me was actually figuring out which options for the delivery methods correspond to the earlier relay options due to different naming conventions. Took some digging in the mailing lists. Once I had it figured out it was a piece of cake and the new names actually make more sense.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
binary upgrades and /usr/src/UPDATING chuckdevguy FreeBSD General 2 28th September 2015 04:28 PM
Share your BSD story for the BSD Now Holiday show ibara News 1 14th December 2014 06:22 PM
OpenBSD installs/upgrades now signed in -current ocicat News 0 19th January 2014 03:17 PM
Migrating from iptables to pf, a love story Popelicious OpenBSD Security 7 19th April 2013 08:46 AM
how to restore last working Xorg settings after many -current upgrades ? daemonfowl OpenBSD General 12 30th July 2012 01:16 PM


All times are GMT. The time now is 06:59 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick