Proxmox Mail Gateway 6.x to 7.X 更新
Proxmox Mail Gateway 已經釋放出新版的 7.0 版,改版內容如下或者連到官方看修改什麼內容 官方 wiki 公告內容
官方最新消息 Proxmox Mail Gateway 7.0 Released
此版改版內容
Released 15. July 2021
- Based on Debian Bullseye (11)
- SpamAssassin 3.4.6 (with updated rule-set)
- Kernel 5.11
- PostgreSQL 13
Changelog Overview
-
Enhancements in the web interface (GUI)
-
Make dashboard status panel more detailed, showing, among other things, uptime, kernel version, CPU info and a high level repository status overview.
-
New APT repository management panel in the
Administration
tab shows an in-depth status and a list of all configured repositories.Basic repository management, for example, activating or deactivating a repository, is also supported.
-
Updated ExtJS JavaScript framework to latest GPL release 7.0
-
Added advanced task-log filtering
-
Improved translations, including:
- Arabic
- French
- German
- Japanese
- Polish
- Turkish
-
-
ACME/Let's Encrypt
- Support the use of wildcard domains with the DNS plugins
- API: nodeconfig: validate ACME config before writing
-
API
- pmgproxy: allow setting LISTEN_IP parameter
- The "Authentication mode" setting of LDAP for the quarantine interface no longer contains the ticket-link in the report-mails - thus, quarantine users need to provide their
LDAP
credentials to access the quarantine.
-
Installer:
- Rework the installer environment to use
switch_root
instead of chroot, when transitioning from initrd to the actual installer. This improves module and firmware loading, and slightly reduces memory usage during installation. - Automatically detect HiDPI screens, and increase console font and GUI scaling accordingly. This improves UX for workstations with Proxmox VE (for example, for passthrough).
- Improve ISO detection:
- Support ISOs backed by devices using USB Attached SCSI (UAS), which modern USB3 flash drives often do.
- Linearly increase the delay of subsequent scans for a device with an ISO image, bringing the total check time from 20s to 45s. This allows for the detection of very slow devices, while continuing faster in general.
- Use
zstd
compression for the initrd image and the squashfs images. - Update to busybox 1.33.1 as the core-utils provider.
- Rework the installer environment to use
-
libarchive-perl
- The perl-bindings to
libarchive
have been updated to matchlibarchive
version 3.4.3 (shipped in Debian Bullseye) - the library interface was kept backwards-compatible
- The perl-bindings to
-
libxdgmime-perl
- The perl-bindings to xdgmime have been updated to match current upstream - the library interface was kept backwards-compatible
-
Breaking Changes
-
New default bind address for pmgproxy, unifying the default behavior with Proxmox VE and Proxmox Backup Server
-
In making the LISTEN_IP configurable, the daemon now binds to both wildcard addresses (IPv4
0.0.0.0:8006
and IPv6[::]:8006
) by default.Should you wish to prevent it from listening on IPv6, simply configure the IPv4 wildcard as LISTEN_IP in
/etc/default/pmgproxy
:LISTEN_IP="0.0.0.0"
-
Additionally, the logged IP address format changed for IPv4 in pmgproxy's access log (
/var/log/pmgproxy/pmgproxy.log
). They are now logged as IPv4-mapped IPv6 addresses. Instead of:192.0.2.1- root@pam [01/06/2021:01:19:03 +0200] "GET /api2/json/config/ruledb/digest HTTP/1.1" 200 51
the line now looks like:
::ffff:192.0.2.1- root@pam [01/06/2021:01:19:03 +0200] "GET /api2/json/config/ruledb/digest HTTP/1.1" 200 51
If you want to restore the old logging format, also set
LISTEN_IP="0.0.0.0"
-
-
ClamAV has deprecated the SafeBrowsing feature:
- These options have been removed from the shipped
freshclam.conf.in
template. - The
safebrowsing
config key in/etc/pmg/pmg.conf
is currently ignored and will be dropped at some point in the future.
- These options have been removed from the shipped
-
Changes to the database layout:
- The
host
column of thecgreylist
table, which has not been used since Proxmox Mailgateway 6.2, has been dropped from the schema and will be dropped from existing databases during the upgrade.
- The
-
API deprecations, moves and removals
- The upgrade parameter of the
/nodes/{node}/termproxy
API method has been replaced by providing upgrade as cmd parameter. - The domain parameter of the
/config/tlspolicy
API method has been replaced by the destination parameter. - The
/quarantine/whitelist/{address}
and/quarantine/blacklist/{address}
API methods, that take the address as part of the path, have been deprecated in favor of explicitly providing the parameter in the request to/quarantine/whitelist
and/quarantine/blacklist
respectively. - The API methods for detailed statistics per e-mail address, which take the address as part of the path (
/statistics/contact/{contact}
,/statistics/sender/{sender}
and/statistics/receiver/{receiver}
have been deprecated in favor of/statistics/detail
, which takes the address as an explicit parameter.
- The upgrade parameter of the
-
Known Issues
-
Network: Due to the updated systemd version, and for most upgrades, the newer kernel version (5.4 to 5.11), some network interfaces might change upon reboot:
-
Some may change their name. For example, due to newly supported functions, a change from
enp33s0f0
toenp33s0f0np0
could occur.We observed such changes with high-speed Mellanox models.
-
Bridge MAC address selection has changed in Debian Bullseye - it is now generated based on the interface name and the
machine-id (5)
of the system.Note that by default, Proxmox Mail Gateway does not use a Linux Bridge for networking, so most setups are unaffected.
-
-
Machine-id: Systems installed using the Proxmox Mail Gateway 5.0 to 5.4 ISO may have a non-unique machine-id. These systems will have their machine-id re-generated automatically on upgrade, to avoid a potentially duplicated bridge MAC and other issues. If you do the upgrade remotely, make sure you have a backup method of connecting to the host (for example, IPMI/iKVM, tiny-pilot, another network accessible by a cluster node, or physical access), in case the network used for SSH access becomes unreachable, due to the network failing to come up after a reboot.
-
Upgrade from 6.4 See Upgrade from 6.x to 7.0
6.x版更新到7.x版
- 先把現行的 6.X 更新到最新版本
apt update
apt dist-upgrade
- 重啟該主機
reboot -nf
叢集
- 如果您有使用到叢集服務請先停止該服務
systemctl stop pmgmirror pmgtunnel
systemctl mask pmgmirror pmgtunnel
更新來源庫
- 更新來源庫
sources.list
sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list
- 更新訂閱版來源庫
pmg-enterprise.list
,如果沒有用訂閱版來源庫,記要進去註解
echo "deb https://enterprise.proxmox.com/debian/pmg bullseye pmg-enterprise" > /etc/apt/sources.list.d/pmg-enterprise.list
- 更新來源庫
apt update
更新前先停止服務
- 停止 pmg 服務
systemctl stop postfix pmg-smtp-filter pmgpolicy pmgdaemon pmgproxy pmgmirror pmgtunnel
- 屏蔽 postfix 和所有 Proxmox Mailgateway 服務,以防止它們在升級過程中啟動
systemctl mask postfix pmg-smtp-filter pmgpolicy pmgdaemon pmgproxy pmgmirror pmgtunnel
更新服務
- 開始更新 PMG 服務
apt update
apt dist-upgrade
- 更新完重啟主機
reboot
更新 PostgreSQL 服務
- 開始更新 PostgreSQL
pg_dropcluster --stop 13 main
- 設定 13 版為主
pg_upgradecluster -v 13 11 main
- Unmask postfix and all non-cluster Proxmox Mail Gateway services to enable them again
systemctl unmask postfix pmg-smtp-filter pmgpolicy pmgdaemon pmgproxy
- 重啟主機
reboot
- 移除舊版
apt purge postgresql-11 postgresql-client-11
啟動服務
- 啟動 PMG 服務
systemctl unmask pmgmirror pmgtunnel
systemctl start pmgmirror pmgtunnel