J'ai effectué ce test de migration sur une vieille machine que j'utilisais comme clône de ce serveur. Les paquets installés sont donc les mêmes et les services lancés à peu de choses près les mêmes également.

Les services en cours d'exécution: apache2, bind9, mysql, pure-ftpd, qmail, vpopmail, courier-imap, imapproxy, spamassassin, clamav.

Pour la mise à jour vers squeeze j'ai simplement modifié le sources.lists avec vi (:1,$ s/lenny/squeeze/g). Puis un petit coup d'apt-get update suivi d'un apt-get dist-upgrade.
Le sources-list ressemble donc à ceci:

lindows:/# cat /etc/apt/sources.list
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb ftp://ftp.fr.debian.org/debian/ squeeze main contrib
deb http://www.backports.org/debian/ squeeze-backports main
deb-src ftp://ftp.fr.debian.org/debian/ squeeze main contrib



Tout d'abord la surprise (bonne): qmail est reparti sans broncher et pourtant:

sur une machine tournant sur lenny:

srvweb:/tmp# dpkg -l qmail libc6
=========================================================================
ii  libc6                                    2.7-18lenny4                             GNU C Library: Shared libraries
ii  qmail                                    1.03-40.dotdeb.1                         Secure, reliable, efficient, simple mail transport system

sur la machine migrée:

lindows:/# dpkg -l qmail libc6
=========================================================================
ii  libc6                                   2.11.2-2                                Embedded GNU C Library: Shared libraries
ii  qmail                                   1.03-40.dotdeb.1                        Secure, reliable, efficient, simple mail transport system



Pour vpopmail, j'avais effectué des tests et des modifs et les fichiers de conf n'étaient plus trop à jour. J'ai donc simplement réinstallé le paquet trouvé chez dotdeb (www.dotdeb.org)  dans la branche lenny !



lindows:/# dpkg -l vpopmail-bin
Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
| État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-installé/W=attend-traitement-déclenchements
|/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
||/ Nom                                     Version                                 Description
+++-=======================================-===============
ii  vpopmail-bin                            5.4.27-0.dotdeb.1                       vpopmail binaries

Cependant la config imposé par ce paquet ne me satisfaisait pas et j'ai modifié la config comme suit pour utiliser spamassassin et clamav comme je le souhaitais.

lindows:/etc/vpopmail# ll
total 44
drwxr-xr-x   3 root     root   4096 12 sept. 19:40 .
drwxr-xr-x 107 root     root   8192 12 sept. 19:40 ..
-rw-r--r--   1 root     root     28 10 sept. 19:32 inc_deps
-rw-r--r--   1 root     root     45 10 sept. 19:32 lib_deps
drwxr-xr-x   2 root     root   4096 11 oct.   2008 log
-rw-r--r--   1 root     root    106  9 juin   2005 mysql.conf
-rw-r--r--   1 vpopmail vchkpw    0 12 sept. 19:40 open-smtp
-rw-r--r--   1 root     root     44  8 sept. 17:06 options
-rw-r--r--   1 root     root    235  9 juin   2005 servertype
-rw-r--r--   1 root     root   1238 12 sept. 19:19 vlimits.default
-rw-r--r--   1 root     root    196  9 juin   2005 vpopmail.conf



lindows:/etc/vpopmail# cat vlimits.default
# Default limits file.  This file is used for domains without a
# .qmailadmin-limits file.

# maximums for each account type, -1 = unlimited
maxpopaccounts        -1
maxforwards        -1
maxautoresponders    -1
maxmailinglists        -1

# quota for entire domain, in megabytes
# example shows a domain with a 100MB quota and a limit of 10,000 messages
#quota            100
#maxmsgcount        10000

# default quota for newly created users (in bytes)
# example shows a user with a 10MB quota and a limit of 1000 messages
#default_quota        10485760
#default_maxmsgcount    1000

# comment the following line to enable the spamassassin filtering by default
disable_spamassassin

# uncomment the following lines to disable certain features
#disable_pop
#disable_imap
#disable_dialup
#disable_password_changing
#disable_external_relay
#disable_smtp
#disable_webmail
#delete_spam
#disable_maildrop


# Set bitflags on account management for non-postmaster admins.
# To disable certain features, add the following bits:
#   Create = 1, Modify = 2, Delete = 4
# So, to allow modification but not creation or deletion of
# POP/IMAP accounts, set perm_account to 5.

perm_account        0
perm_alias        0
perm_forward        0
perm_autoresponder    0
perm_maillist        0
perm_quota        0
perm_defaultquota    0
lindows:/etc/vpopmail#


lindows:/etc/vpopmail# cat vpopmail.conf
backend    freecdb
#backend mysql
#backend lmysql
#apop_file /etc/apop-secrets
#tcpserver_file /etc/tcprules.cdb
#quota 50M
#admin_email foobar@foobar.com
#relay_clear 180
#default_domain foobar.com


La gestion de l'anti-spam et de l'anti-virus reste à la charge des .qmail présents dans les répertoires utilisateurs de mail.

Exemple:
lindows:/etc/vpopmail# cat /var/lib/vpopmail/domains/net.hom/patrick/.qmail
|/usr/bin/preline /usr/bin/procmail -m -p /etc/procmailrc-filter


lindows:/etc# cat procmailrc-filter
VIRTUALHOME=`/usr/sbin/vuserinfo -d $EXT@$HOST`
MAILDIR=$VIRTUALHOME/Maildir
SAFECAT=/usr/bin/safecat

:0fw: spamassassin.lock
* < 256000
| spamc -f -d localhost

:0fw
|/usr/bin/clamfilter.pl

:0 H
* ^X-Virus-Found: Yes
/tmp

:0:
* ^X-Spam-Status: Yes
/tmp/spam/$EXT-$HOST/


:0e
{ EXITCODE=75 HOST }

:0w
|$SAFECAT $MAILDIR/tmp $MAILDIR/new


Le fichier clamfilter.pl est dispo ici


Ensuite j'ai simplement testé depuis une autre machine (sachant que les dns locaux utilisés pour les tests sont déclarés dans bind sur les 2 machines.

1) Je teste l'envoi d'un virus :

srvweb:/tmp# cat eicar.com | mail -s "Essai 12092010 1737" patrick@net.hom

lindows:/var/log# tail -f mail.log
Sep 12 17:37:27 lindows qmail: 1284305847.993808 CHKUSER accepted sender: from <root@pmenier.dynalias.net::> remote <pmenier.dynalias.net:unknown:192.168.0.23> rcpt <> : accepted any sender always
Sep 12 17:37:27 lindows qmail: 1284305847.995709 CHKUSER accepted any rcpt: from <root@pmenier.dynalias.net::> remote <pmenier.dynalias.net:unknown:192.168.0.23> rcpt <patrick@net.hom> : accepted any recipient for any rcpt domain
Sep 12 17:37:27 lindows qmail: 1284305848.000933 new msg 408815
Sep 12 17:37:28 lindows qmail: 1284305848.001078 info msg 408815: bytes 498 from <root@pmenier.dynalias.net> qp 6817 uid 64011
Sep 12 17:37:28 lindows qmail: 1284305848.003625 starting delivery 4: msg 408815 to local net.hom-patrick@net.hom
Sep 12 17:37:28 lindows qmail: 1284305848.003727 status: local 1/10 remote 0/20
Sep 12 17:37:28 lindows spamd[1806]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53728
Sep 12 17:37:28 lindows spamd[1806]: spamd: processing message <20100912153811.18106.qmail@pmenier.dynalias.net> for vpopmail:1004
Sep 12 17:37:30 lindows spamd[1806]: spamd: clean message (-1.0/3.0) for vpopmail:1004 in 2.2 seconds, 634 bytes.
Sep 12 17:37:30 lindows spamd[1806]: spamd: result: . -1 - ALL_TRUSTED scantime=2.2,size=634,user=vpopmail,uid=1004,required_score=3.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53728,mid=<20100912153811.18106.qmail@pmenier.dynalias.net>,autolearn=ham
Sep 12 17:37:30 lindows qmail: 1284305850.621775 delivery 4: success: did_0+0+1/
Sep 12 17:37:30 lindows qmail: 1284305850.621883 status: local 0/10 remote 0/20
Sep 12 17:37:30 lindows qmail: 1284305850.621899 end msg 408815
Sep 12 17:37:30 lindows spamd[1587]: prefork: child states: II

Si je vérifie dans le répertoire tmp de la machine cf fichier de config procmailrc-filter ci-dessus:

lindows:/tmp# ll
total 24
drwxrwxrwt  5 root     root   4096 12 sept. 17:39 .
drwxr-xr-x 23 root     root   4096  8 sept. 14:53 ..
drwxrwxrwt  2 root     root   4096 12 sept.  2010 .ICE-unix
-rw-------  1 vpopmail vchkpw 1219 12 sept. 17:37 msg.X2tB
drwxrwxrwx  3 root     root   4096 12 sept.  2010 spam
drwxrwxrwt  2 root     root   4096 12 sept.  2010 .X11-unix

Il y bien un msg.xxx qui est bien celui qui vient d'être envoyé:

lindows:/tmp# cat msg.X2tB
From root@pmenier.dynalias.net Sun Sep 12 15:37:28 2010
Return-Path: <root@pmenier.dynalias.net>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lindows.net.hom
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=3.0 tests=ALL_TRUSTED autolearn=ham
    version=3.3.1
Delivered-To: net.hom-patrick@net.hom
Received: (qmail 6817 invoked from network); 12 Sep 2010 15:37:27 -0000
Received: from unknown (HELO pmenier.dynalias.net) (192.168.0.23)
  by 0 with SMTP; 12 Sep 2010 15:37:27 -0000
Received: (qmail 18107 invoked by uid 0); 12 Sep 2010 15:38:11 -0000
Date: 12 Sep 2010 15:38:11 -0000
Message-ID: <20100912153811.18106.qmail@pmenier.dynalias.net>
From: root@pmenier.dynalias.net
To: patrick@net.hom
Subject: Essai 12092010 1737
X-Virus-Found: yes
X-Virus-Status:
 ------------------------------------------------------------
 Virus Scan Status:
 ------------------------------------------------------------
 --------------------------------------
 stream: Eicar-Test-Signature FOUND
 
 ----------- SCAN SUMMARY -----------
 Infected files: 1
 Time: 0.003 sec (0 m 0 s)
 
 ------------------------------------------------------------

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


2) Je teste l'envoi d'un spam:


srvweb:/tmp# cat sample-spam.txt | mail -s "Essai 12092010 1743" patrick@net.hom

A l'arrivée:

lindows:/tmp# tail -f /var/log/mail.log


Sep 12 17:43:05 lindows qmail: 1284306185.425354 CHKUSER accepted sender: from <root@pmenier.dynalias.net::> remote <pmenier.dynalias.net:unknown:192.168.0.23> rcpt <> : accepted any sender always
Sep 12 17:43:05 lindows qmail: 1284306185.427196 CHKUSER accepted any rcpt: from <root@pmenier.dynalias.net::> remote <pmenier.dynalias.net:unknown:192.168.0.23> rcpt <patrick@net.hom> : accepted any recipient for any rcpt domain
Sep 12 17:43:05 lindows qmail: 1284306185.473075 new msg 408815
Sep 12 17:43:05 lindows qmail: 1284306185.473252 info msg 408815: bytes 1228 from <root@pmenier.dynalias.net> qp 7216 uid 64011
Sep 12 17:43:05 lindows qmail: 1284306185.476269 starting delivery 5: msg 408815 to local net.hom-patrick@net.hom
Sep 12 17:43:05 lindows qmail: 1284306185.476376 status: local 1/10 remote 0/20
Sep 12 17:43:05 lindows spamd[1807]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59764
Sep 12 17:43:05 lindows spamd[1807]: spamd: processing message <20100912154349.18531.qmail@pmenier.dynalias.net> for vpopmail:1004
Sep 12 17:43:07 lindows spamd[1807]: spamd: identified spam (1001.6/3.0) for vpopmail:1004 in 2.3 seconds, 1363 bytes.
Sep 12 17:43:07 lindows spamd[1807]: spamd: result: Y 1001 - ALL_TRUSTED,GTUBE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=2.3,size=1363,user=vpopmail,uid=1004,required_score=3.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59764,mid=<20100912154349.18531.qmail@pmenier.dynalias.net>,autolearn=no
Sep 12 17:43:08 lindows spamd[1587]: prefork: child states: II
Sep 12 17:44:04 lindows qmail: 1284306244.186717 delivery 5: success: procmail:_Lock_failure_on_"/tmp/spam/patrick-net.hom/.lock"/did_0+0+1/
Sep 12 17:44:04 lindows qmail: 1284306244.186827 status: local 0/10 remote 0/20
Sep 12 17:44:04 lindows qmail: 1284306244.186843 end msg 408815

Je vérifie :

lindows:/tmp# cd spam/

lindows:/tmp/spam# ll
total 12
drwxrwxrwx 3 root     root   4096 12 sept. 17:44 .
drwxrwxrwt 5 root     root   4096 12 sept. 17:45 ..
drwx------ 5 vpopmail vchkpw 4096 12 sept. 17:44 patrick-net.hom

lindows:/tmp/spam# cd patrick-net.hom/

lindows:/tmp/spam/patrick-net.hom# ll
total 20
drwx------ 5 vpopmail vchkpw 4096 12 sept. 17:44 .
drwxrwxrwx 3 root     root   4096 12 sept. 17:44 ..
drwx------ 2 vpopmail vchkpw 4096 12 sept. 17:44 cur
drwx------ 2 vpopmail vchkpw 4096 12 sept. 17:44 new
drwx------ 2 vpopmail vchkpw 4096 12 sept. 17:44 tmp

lindows:/tmp/spam/patrick-net.hom# ll new
total 12
drwx------ 2 vpopmail vchkpw 4096 12 sept. 17:44 .
drwx------ 5 vpopmail vchkpw 4096 12 sept. 17:44 ..
-rw------- 1 vpopmail vchkpw 3732 12 sept. 17:44 1284306244.7222_1.lindows

lindows:/tmp/spam/patrick-net.hom# cat new/1284306244.7222_1.lindows
Received: from localhost by lindows.net.hom
    with SpamAssassin (version 3.3.1);
    Sun, 12 Sep 2010 17:43:07 +0200
From: root@pmenier.dynalias.net
To: patrick@net.hom
Subject: *****SPAM***** Essai 12092010 1743
Date: 12 Sep 2010 15:43:49 -0000
Message-Id: <20100912154349.18531.qmail@pmenier.dynalias.net>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lindows.net.hom
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1001.6 required=3.0 tests=ALL_TRUSTED,GTUBE,
    RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK autolearn=no
    version=3.3.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4C8CF50B.6CE4EAE1"

This is a multi-part message in MIME format.

------------=_4C8CF50B.6CE4EAE1
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "lindows.net.hom", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Subject: Test spam mail (GTUBE) Message-ID: <GTUBE1.1010101@example.net>
   Date: Wed, 23 Jul 2003 23:30:00 +0200 From: Sender <sender@example.net> To:
   Recipient <recipient@example.net> Precedence: junk MIME-Version: 1.0 Content-Type:
   text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit [...]

Content analysis details:   (1001.6 points, 3.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
1000 GTUBE                  BODY: Generic Test for Unsolicited Bulk Email
 0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 0.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
                            above 50%
                            [cf: 100]
 1.7 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)



------------=_4C8CF50B.6CE4EAE1
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Return-Path: <root@pmenier.dynalias.net>
Delivered-To: net.hom-patrick@net.hom
Received: (qmail 7216 invoked from network); 12 Sep 2010 15:43:05 -0000
Received: from unknown (HELO pmenier.dynalias.net) (192.168.0.23)
  by 0 with SMTP; 12 Sep 2010 15:43:05 -0000
Received: (qmail 18532 invoked by uid 0); 12 Sep 2010 15:43:49 -0000
Date: 12 Sep 2010 15:43:49 -0000
Message-ID: <20100912154349.18531.qmail@pmenier.dynalias.net>
From: root@pmenier.dynalias.net
To: patrick@net.hom
Subject: Essai 12092010 1743

Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is the GTUBE, the
    Generic
    Test for
    Unsolicited
    Bulk
    Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

You should send this test mail from an account outside of your network.


------------=_4C8CF50B.6CE4EAE1--


C'est tout bon. Reste quelques petits messages d'erreurs (procmail:_Lock_failure_on_"/tmp/spam/patrick-net.hom/.lock"/did_0+0+1/) mais qui ne gênent en rien le focntionnement.

Pour basculer mon serveur de prod j'attendrais la sortie officielle de squeeze en stable mais au vu des ces quelques tests je ne suis vraiment pas inquiet, surtout que chez debian stable veut bien dire stable...

Pour info, je ne sais pas si dotdeb maintiendra sur cette version les paquets qmail, vpopmail. Si vous les utilisez, je vous conseille de garder au chaud les paquets d'install et les fichiers de conf.