(SOLVED) Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Issues related to applications and software problems
Post Reply
joejac
Posts: 23
Joined: 2015/06/17 21:46:34

(SOLVED) Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Post by joejac » 2020/06/23 22:32:09

Hello,
I installed SSL Let's Encrypt certificate on a small VPS and domains work fine with independent SSL certificate and Apache. Unfortunately, the emails for each domain does not work with SSL, due to the certificate mismatch which is a problem of Postfix, this is the VPS software:

Software Versions
Operating system CentOS Linux 7.8.2003
Perl version 5.016003
BIND version 9.11
Postfix version 2.10.1
Apache version 2.4.6
PHP versions 5.4.16, 5.6.25, 7.2.24
Webalizer version 2.23-08
Logrotate version 3.8.6
MySQL version 5.5.65
ProFTPD version 1.35
SpamAssassin version 3.4.0
ClamAV version 0.99.2
Webmin version 1.942
Virtualmin version 6.09
Usermin version 1.791
Postfix version 3.4 works with SNI solving the issue with virtual domains and SSL email using SNI.

Question: Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?
Postfix 3.4 is not in base repository, only verrsion 2:2.10.1-9.el7 is.
Thanks and regards.
joejac
Last edited by joejac on 2020/07/06 19:06:58, edited 1 time in total.

joejac
Posts: 23
Joined: 2015/06/17 21:46:34

Re: Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Post by joejac » 2020/06/25 20:34:30

Hello,
Is it possible to safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?
Is there a tutorial on how to do it?
The problem is that it is not in the repos.
Thanks and regards
joejac

User avatar
KernelOops
Posts: 278
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Post by KernelOops » 2020/06/26 05:47:27

You may have problems with SNI over SMTP, some clients don't support it and some others have a bad/broken implementation.

My suggestion, is to avoid using multiple domains for postfix. Just use the main hostname of the server with its own SSL certificate and ask all users to use that hostname for smtp/imap/pop3 etc use. Of course, your apache may still use SNI for browsers.

Another suggestion is to avoid limiting SSL, since many microsoft servers still use old v1.0 and you will loose mail if you only accept v1.2.
--
I love my computer - all my friends live there.
--

User avatar
jlehtone
Posts: 2934
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Post by jlehtone » 2020/06/26 06:08:34

Define safe.

Red Hat backports security fixes to the postfix that they include in RHEL and CentOS uses that postfix.
We get as secure as possible postfix till the EOL of the CentOS with simple yum update.

Compare that to you grabbing postfix from somewhere.
Will it be compatible with base packages that depend on features of base postfix?
Whenever your upstream releases fixes, you have to specifically fetch them and update your system.
That is laborious and fragile.

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Post by TrevorH » 2020/06/26 08:26:17

The "ghettoforge" third party yum repo contains postfix3 3.5 packages in their 'plus' repo.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

joejac
Posts: 23
Joined: 2015/06/17 21:46:34

Re: Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Post by joejac » 2020/07/06 19:05:46

Thank you all,
Since I do not want to mess with unsupported versions I followed KernelOops (Thanks!) recommendation, and it is working and passing the various tools diagnostics
KernelOops wrote:
2020/06/26 05:47:27
You may have problems with SNI over SMTP, some clients don't support it and some others have a bad/broken implementation.

My suggestion, is to avoid using multiple domains for postfix. Just use the main hostname of the server with its own SSL certificate and ask all users to use that hostname for smtp/imap/pop3 etc use. Of course, your apache may still use SNI for browsers.

Another suggestion is to avoid limiting SSL, since many microsoft servers still use old v1.0 and you will loose mail if you only accept v1.2.
Best regards
joejac

User avatar
KernelOops
Posts: 278
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: (SOLVED) Can I safely upgrade Postfix version 2.10.1 to Postfix 3.4 on CentOS 7.8.2003?

Post by KernelOops » 2020/07/08 21:50:13

I'm glad it worked!


One little correction about a small mistake I made. I said to avoid limiting SSL, but what I mean is TLS. It is strongly encouraged to disable SSL (all versions) and only allow TLS v1.0, v1.1, v1.2 and v1.3.

What I wanted to say, is not to disable TLS v1.0, since that is the only version supported by many microsoft email servers. Even some yahoo.com servers still try to connect with SSLv3 and fail one after the other, until one of them finally makes a TLS v1.0 connection (but not higher!).
--
I love my computer - all my friends live there.
--

Post Reply

Return to “CentOS 7 - Software Support”