Skip to content

Updating

Jump to bottom Edit New page
Matt Simerson edited this page Jun 10, 2017 · 38 revisions

The procedure to update a service jail is to provision a new one. The procedures for how to do so are:

FreeBSD OS security updates

After a FreeBSD security release, the base jail needs to get updated and a new snapshot with the patches applied is created. After this step, all future provision operations will be based off the newly updated base snapshot.

sudo sh
fetch https://raw.githubusercontent.com/msimerson/Mail-Toaster-6/master/mail-toaster.sh
. mail-toaster.sh
provision host
provision base

Then provision anew any jails affected by the security updates.

Notes

  • provision host needs the jails to be stopped (service jail stop)
  • it's often safe to skip provision host, see Changes

Port/package security updates

Provision anew any jails affected by the security updates.

Changes

unbound

  • if 'dns' jail was provisioned before 11 Dec 2016, the data volume MUST be added to /etc/jail.conf.

Haraka

  • config directory moved from /usr/local/haraka to /data

Dovecot

  • config directory moved to /data/dovecot/etc

ClamAV unofficial

  • older versions (pre 5.4.1 MT6 update) preserved clamav-unofficial-sigs.conf. That file no longer exists.
  • newer versions instead have a user.conf file which is preserved now.
  • so, manually copy local changes from clamav-unofficial-sigs.conf to user.conf

Webmail

As of 2016-12-09, the webmail jail no longer has squirrelmail and roundcube installed within. Once webmail has been rebuilt, squirrelmail and roundcube will be broken until you build those new jails and rebuild the haproxy jail with the new config sections.

  • haproxy rules need updating (rebuild haproxy)
  • if squirrelmail had sqlite (default) storage, move data from webmail to squirrelmail data volume
    • mv /data/webmail/squirrelmail/* /data/squirrelmail/
  • if roundcube had sqlite storage, move data from webmail to roundcube data volume
    • mv /data/webmail/roundcube/sqlite.db /data/roundcube/
  • if roundcube or squirrelmail used mysql, their mysql perms need updating (see #221)
  • the CLI commands are untested and approximations (based on memory) of what need to be done.

Courier-IMAP

There is no courier-imap support in MT6. If you haven't yet converted to Dovecot, now is the time. Have a look at Migrating to Dovecot on the old wiki and issue #201

Introduction | Host | Base | Jails | testing | Migrating | Updating | FAQ

Mail Toaster 6

Clone this wiki locally