# change sources.list mv /etc/apt/sources.list /etc/apt/sources.list.old echo 'deb http://deb.devuan.org/merged beowulf main contrib non-free' >> /etc/apt/sources.list echo 'deb http://deb.devuan.org/merged beowulf-updates main contrib non-free' >> /etc/apt/sources.list echo 'deb http://deb.devuan.org/merged beowulf-security main contrib non-free' >> /etc/apt/sources.list echo '#deb http://deb.devuan.org/merged beowulf-backports main contrib non-free' >> /etc/apt/sources.list # NOTE: you should check sources.list.d for any extra listings before you proceed. apt update apt -y upgrade apt -y dist-upgrade apt -y autoremove reboot
ISPConfig3 fixes amavis do it does not do “normal” stuff; it is enhanced. I'm assuming this is what causes this problem. Basically, when you're doing your update/upgrade, amavisd-new will fail to upgrade since it can not start/stop it. I found the easiest way to fix it is:
ps ax | grep amavis # for each instance running, beginning with master kill PID_FOUND_ABOVE # that leaves the pid file with insecure permissions, so simply remove it rm /var/run/amavis/amavisd.pid
There is a major configuration change on dovecot and, if you're using ISPConfig3, it will break. To fix it, you need comment the ssl_protocols line and add ssl_min_protocol and ssl_dh lines in /etc/dovecot/dovecot.conf
#ssl_protocols = !SSLv3 ssl_min_protocol = TLSv1 ssl_dh=</etc/dovecot/dh.pem
Then, run the following. This probably only works on Debian derivative machines
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
Note: with ISPConfig, postfix relies on dovecot for authentication, so after you fix dovecot, be sure and restart postfix.
service dovecot restart service postfix restart tail -f /var/log/mail.log
# remove certbot-auto and install via apt mkdir ~/trash mv /opt/eff.org /etc/cron.d/certbot /usr/local/bin/certbot-auto ~/trash apt install certbot