[Pkg-exim4-users] exim4 upgrade procedure

Ian Kelling iank at fsf.org
Thu May 13 03:49:16 BST 2021 

Stefan Dall <dalls at math.upb.de> writes:

> Hello guys,
>
> we're running an exim4 MTA in our organization.
>
> It's based on Debian 9 (stretch)
> =====================
> Exim version 4.89 #1 built 04-May-2021 09:03:02
> Copyright (c) University of Cambridge, 1995 - 2017
> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
> Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
> Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR 
> PROXY SOCKS TCP_Fast_Open
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 
> passwd pgsql sqlite
> Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
> Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
> Fixed never_users: 0
> Configure owner: 0:0
> Size of off_t: 8
> 2021-05-12 14:39:06 Warning: purging the environment.
>   Suggested action: use keep_environment.
> Configuration file is /etc/exim4/exim4.conf
>
>
> We plan to change to Debain 10 (buster) and there to the latest available version 4.92.
>
>
>
> In a first try-run, it seems to work but we have difficulties in kerberos/gssapi authentication methods. There is a error dialog 
> appearing in thunderbird which states like ".... kerberos/gssapi on smtp ....". Our assumption is that something in exim4.conf 
> needs to be reconfigured in section
>
>
> ######################################################################
> #                   AUTHENTICATION CONFIGURATION                     #
> ######################################################################
>
> begin authenticators
>
> # Authenticate against local passwords using sasl2-bin
> # Requires exim_uid to be a member of sasl group, see README.Debian.gz
> plain_saslauthd_server:
>    driver = plaintext
>    public_name = PLAIN
>    server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
>    server_set_id = $auth2
>    server_prompts = :
>    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>
> login_saslauthd_server:
>    driver = plaintext
>    public_name = LOGIN
>    server_prompts = "Username:: : Password::"
>    # don't send system passwords over unencrypted connections
>    server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
>    server_set_id = $auth1
>    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>
> api_sasl_server:
>    driver = cyrus_sasl
>    public_name = GSSAPI
>    server_set_id = $auth1
>    server_mech = gssapi
>    server_hostname = smtp.math.uni-paderborn.de
>    server_realm = MATH.UNI-PADERBORN.DE
>
>
>
>
>
>
> procs are running:
> /usr/sbin/saslauthd -a kerberos5 -c -m /var/run/saslauthd -n 5
>
>
> Is there any hint available, how we can successfully migrate from 4.89 to 4.92?
>
>
> Thanks and BR,
> Stefan Dall

I'd look into the patches. One may not have been backported well, or
require a config change.

apt-get source exim4 cd into the directory that is created, then cd to
debian/patches, grep -ri gssapi. You will find many patches.

I upgraded an exim from trisquel 7 to trisquel 9 (4 years of changes),
without any config changes and it worked without any config
adjustments. Generally, I think upgrading should not require any special
procedure. With these patches, I think they are more likely to work
well with a newer version of exim.

-- 
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org

More information about the Pkg-exim4-users mailing list