It has been a very busy week and not just for me. Wietse Venema (author of Postfix) released a version 2.2.9 of the Postfix mail-server and I also got an email from Sam Varshavchik on the Courier-announce mailing list that there is an updated version of the Courier IMAP server. Which meant that I had to download, compile, install and test all these new versions again on my test server before I could update my own server and tell you it was safe to upgrade.

Wietse tells in his announcement that the update is a collection of back-ported fixes from the Postfix 2.3 development branch.

Most of this patch hardens the TLS implementation against DNS-based attacks, and eliminates some anomalies from the TLS per-site policy engine. See the TLS_README document for tips on how to avoid DNS-based attacks that can change the server hostname that Postfix uses for logging, for TLS per-site policies, and for server certificate verification.

The patch also adds a workaround that prevents Postfix from repeatedly trying to deliver mail to domains with a malformed MX record (for example, with a null MX hostname). Postfix 2.2.9 bounces such mail immediately.

I’ve downloaded my copy of 2.2.9, compiled and installed it and I can safely say that it is currently running perfectly on my Mac mini server without any problem. Upgrading was as simple as downloading the source, unpacking it and run the commands as documented in the building page. Here is an extract of it:

Unpack it into a directory, use the Terminal and get into the directory where you unpacked it. Issue the following commands as a normal user:

make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -I/usr/local/include/sasl -DHAS_SSL -I/usr/include/openssl -DHAS_MYSQL -I/Library/Mysql/include/mysql -DDEF_HTML_DIR=\"/Library/WebServer/Documents/PostfixDocs\" ' AUXLIBS='-L/usr/lib -lldap -L/usr/lib -llber -L/usr/local/lib -lssl -lsasl2 -L/Library/MySQL/lib/mysql -lmysqlclient -lz -lm'

as root user type the following commands:

make install

The IMAP server has just received some bug-fixes on which you can read here. The fixes are not significant but could be annoying if you encountered them. Doing the upgrade is as easy as the Postfix described above, just run the commands from the build page and you’re a happy bunny running the new version. The only thing you should not do is run the “make install-configure” command as this will overwrite all your configuration files !!! Here is the extract:

Start a Terminal session change the directory in the one you just extracted the software in and follow the instructions:

RANLIB="ranlib -c"
export RANLIB

This will prevent compiler errors, if you didn’t issue this command as the first one you will get an error saying :
"Undefined symbols: _rfc1035_default_resolver"

Next configure the make files with the authentication modules you just created:

./configure --prefix=/usr/local --with-authpwd=YES --without-authcram COURIERAUTHCONFIG=/usr/local/bin/courierauthconfig



And then issue the install command as a root user:

make install

I’m running both updated versions on my server for a day now and I’m not noticing any errors or problems. Hope the update goes as easy for you as it did for me, if it doesn’t please let me know and we’ll work it out.