Fixes you need after upgrading Debian from 9 to 10

Warning

This is still a DRAFT document, it may miss some other important changes.

Postfix

Dovecot

Changes required to be made in Dovecot main config file /etc/dovecot/dovecot.conf:

ssl_min_protocol = TLSv1.2

Note: If your end users run old mail client applications, it may not support TLSv1.2, you may want to use weaker one like TLSv1.1, TLSv1 instead.

ssl_dh = </etc/ssl/dh2048_param.pem
Old New
mail_plugins = ... stats mail_plugins = ... old_stats
protocol imap { mail_plugins = ... imap_stats } protocol imap { mail_plugins = ... imap_old_stats}
service stats {} service old-stats {}
Warning: It's a dash (-), not underscore (_).
fifo_listener stats-mail fifo_listener old-stats-mail
Warning: It's a dash (-), not underscore (_).
fifo_listener stats-user fifo_listener old-stats-user
Warning: It's a dash (-), not underscore (_).
unix_listener stats unix_listener old-stats
Warning: It's a dash (-), not underscore (_).
plugin { stats_refresh = ... } plugin { old_stats_refresh = ...}
plugin { stats_track_cmds = ...} plugin { old_stats_track_cmds = ...}

Inside service old-status {} block, please add new content:

    unix_listener old-stats-reader {
        user = vmail
        group = vmail
        mode = 0660
    }
    unix_listener old-stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }

If you get this kind of error in your mail.log:

Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission deni))

You may be able to fix it by adding the new service stats configuration to /etc/dovecot/dovecot.conf. See this thread.

service stats {
    unix_listener stats-reader {
        user = vmail
        group = vmail
        mode = 0660
    }

    unix_listener stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }
}

Restart Dovecot service is required.

ClamAV

You may see errors like this in your mail.log:

!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 114) 

The issue is that /etc/clamav/clamd.conf has deprecated entries preventing the daemon from starting. Comment/remove them:

#DetectBrokenExecutables false
#ScanOnAccess false
#StatsEnabled false
#StatsPEDisabled true
#StatsHostID auto
#StatsTimeout 10

Restart the clamav-daemon service afterwards

PHP

Debian 9 offers PHP-5, but Debian 10 offers PHP-7.3, you have to upgrade php manually.

SOGo Groupware

Please replace stretch by buster in file /etc/apt/sources.list.d/sogo-nightly.repo, then upgrade sogo packages.