[Pkg-exim4-users] exim4 upgrade procedure

Wed May 12 15:19:23 BST 2021

Hello guys,

we're running an exim4 MTA in our organization.

It's based on Debian 9 (stretch)
=====================
Exim version 4.89 #1 built 04-May-2021 09:03:02
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR 
PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 
passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
2021-05-12 14:39:06 Warning: purging the environment.
  Suggested action: use keep_environment.
Configuration file is /etc/exim4/exim4.conf

We plan to change to Debain 10 (buster) and there to the latest available version 4.92.

In a first try-run, it seems to work but we have difficulties in kerberos/gssapi authentication methods. There is a error dialog 
appearing in thunderbird which states like ".... kerberos/gssapi on smtp ....". Our assumption is that something in exim4.conf 
needs to be reconfigured in section

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

begin authenticators

# Authenticate against local passwords using sasl2-bin
# Requires exim_uid to be a member of sasl group, see README.Debian.gz
plain_saslauthd_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

login_saslauthd_server:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   # don't send system passwords over unencrypted connections
   server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
   server_set_id = $auth1
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

api_sasl_server:
   driver = cyrus_sasl
   public_name = GSSAPI
   server_set_id = $auth1
   server_mech = gssapi
   server_hostname = smtp.math.uni-paderborn.de
   server_realm = MATH.UNI-PADERBORN.DE

procs are running:
/usr/sbin/saslauthd -a kerberos5 -c -m /var/run/saslauthd -n 5

Is there any hint available, how we can successfully migrate from 4.89 to 4.92?

Thanks and BR,
Stefan Dall

-- 
Stefan Dall
Rechnerbetrieb Mathematik - Universität Paderborn
Warburger Straße 100 - 33098 Paderborn
Raum: D2.308
Tel.: 05251/60-5227
dalls at math.upb.de