Upgrading and Maintaining your Server

Upgrading your ports and maintaining them are pretty easy. The first thing I would recommend is installing portupgrade from /usr/ports/sysutils/portupgrade. Once that is installed, you can run man portupgrade or just run portupgrade -r name. The -r switch means to upgrade everything recursively. Recurvisly meaning all of it's dependancies, or more simply, anything the program requires. You can do this for anything else not related to qmail or any of its programs. So for instance portupgrade -r kde, it will upgrade kde and all it's dependancies.

Another thing I would recommend using is portaudit. If you have your system setup correctly, You will get portaudit reports in your daily security logs. This will give you any warnings about any obsolete packages and/or any security warnings in regards to anything being installed.

What I am going to suggest in the next few pages is the recommended way to upgrade programs from ports. Mostly we will be running through backing up .conf files and running portupgrade and then making sure everything is chmodded or chowned correctly.

Qmail - Qmail doesn't require any type of upgrades. Qmail hasn't been upgraded since 1997 or 1998 but it is very stable and very secure.

UCSPI-TCP - Pretty much the same as qmail. I don't think has changed at all. Quite honestly, I have never upgraded it and I haven't ever had a problem with running any old/previous versions.

Daemontools - Again, Pretty much the same as qmail or UCSPI-TCP.

Ezmlm-idx - This can change from time to time. I would first backup your list which resides in ~vpopmail/domains/domain.xxx/listname before upgrading the port. Then, run portupgrade -r ezmlm-idx and then check to make sure your list is intact before deleting your backup.

Qmail-Autoresponder - This can be upgraded when new versions come out. A simple portupgrade -r qmail-autoresponder works fine in most cases.

Vpopmail - Portupgrading this can go great or it can really screw up your system. Before running a portupgrade I would HIGHLY recommend backing up the entire ~vpopmail folder. If you have the patch file inside /usr/ports/mail/vpopmail/files, things should go okay. I have yet to have run a portupgrade -r vpopmail on my box as I have the latest version. Vpopmail doesn't change too frequently but check it for any Vulnerabilites.

Please make sure to run the following after upgrading vpopmail to make sure it works ok with TLS

# cd ~vpopmail/bin
# chmod 6711 vchkpw
# chown vpopmail:vchkpw vchkpw

Before you upgrade please change to the /usr/ports/mail/vpopmail/files folder and then download the patch into it so it's applied automagically! We will also be
deleting the new patches for vpopmail that are custom for the port.

# cd /usr/ports/mail/vpopmail/files
# rm patch-vlist.c patch-vlistlib.c patch-vpalias.c patch-vpopmail.c patch-vutil.c patch-config.h.in patch-configure patch-vdelivermail.c patch-vmysql.c patch-vpgsql.c
# cp /downloads/qmailrocks/vpopmail-5.4.26-skel4.patch vpopmail-5.4.26-skel4.patch

SpamAssassin - When I have run portupgrades with Spamassassin in the past, I usually don't run into any issues except the upgrade from 2.6x to 3.0.1. There were quite a few changes from version to version including some of the required modules that were new, like the SPF addon for it and such. If you do run a portupgrade on Spamassassin, I would go to Spamassassins website http://www.spamassassin.org and read the README files under the download section of the site. There it will tell you any changes/modifications that have been done since the previous version. I would also check the rules under /usr/local/etc/mail/spamassassin file, specifically local.cf, to see if any additions or deletions were made.

Restart Spamassassin and then we will need to update the qmail-scanner database by running the following commands:

# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

This will update the header info and the qmail-scanner database and keep everything up to date.

ClamAV - ClamAV is probably the worst one out of all of them all but I make it easy for you, ClamAV changes almost every three months, possibly sooner. I would recommend backing up the clamd.conf and freshclam.conf in /usr/local/etc and then run portupgrade -r clamav. Then chown the following folders:

# chown -R qscand:qscand /var/log/clamav
# chown -R qscand:qscand /var/run/clamav/
# chown qscand:qscand /var/db/clamav/

I would then copy the backups of clamd.conf and freshclam.conf back to /usr/local/etc and then run freshclam to make sure evrything is working perfectly. Restart clamd and then we will need to update the qmail-scanner database by running the following commands:

# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

This will update the header info and the qmail-scanner database and keep everything up to date.

You will now want to restart ClamAV.

Qmail-scanner - At the time of this writing, I would NOT recommend doing a portupgrade of qmail-scanner. There are a few reasons why. First, It does not even reqister with the packages system as we run the configure commands manually. Second we manually patch it with the qms-analog patch to get the nifty qmail-analog reports. So if a new vesion of qmail-scanner is released, I will update the documentation within a few days of it being released.

Courier-imap - Upgrading this shouldn't be too bad. What I would suggest doing is backing up the files in /usr/local/etc/courier-imap and then running the portupgrade -r courier-imap step and then copying back over the courier-imap files in /usr/local/etc. Courier-imap versions don't change too often but again, it still doesn't hurt to double-check.

Qmailadmin - This is something else I wouldn't recommend doing a portupgrade on. When the new version comes out just make deinstall on the port and run through the guide as normal only using the newest version from ports. It just can't get any easier than that!

vqAdmin - Nothing needs to be backed up here. Just make deinstall the port and then follow the guide when the the new version comes out.

Squirrelmail - This one is a rarity but every so often a squirrelmail upgrade does come up and if it does, backup your squirrelmail folder and then run a portupgrade -r squirrelmail and then double-check to make sure your conf files are setup correctly as they might change.


it probably wouldn't be a bad idea to rotate the qmail-scanner logs as they can get huge. These logs are stored in /var/spool/qmailscan and I would suggest adding the following to your /etc/newsyslog.conf:

/var/spool/qmailscan/qmail-queue.log    qscand:qscand   600     5       256  *       JC
/var/spool/qmailscan/qms-events.log     qscand:qscand   600     5       256  *       JC
/var/spool/qmailscan/quarantine.log     qscand:qscand   660     7       *    @T00    JC

If you would like a description of what each section does, do this:

# man 5 newsyslog.conf

How to use Services and look at Logs