Search found 15 matches

by warlord
19 Aug 2019 13:38
Forum: 4.x Testing
Topic: Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed
Replies: 1
Views: 506

Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed

Hi, Just received the following cron job email which seems to imply that the new package did not install because it's not signed. /etc/cron.daily/0yum-daily.cron: Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed The following updates will be applied on efa.ihtfp.org: ===========================...
by warlord
29 Jul 2019 14:08
Forum: 4.x Testing
Topic: EFA Let's Encrypt
Replies: 7
Views: 1787

Re: EFA Let's Encrypt

Testing now. I left off the port 80 on/off becuase port 80 is open by default on eFa4 to redirect to https, but I think I will test port 80 and then toggle it, but only if it is off to start with. I think it's safe to just leave that off if you think 80 is always open. But yeah, if 80 is off, you m...
by warlord
29 Jul 2019 14:07
Forum: 4.x Testing
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 1753

Re: Certbot Renewal Cron Job broken on July 8

Oops, I found one bug above. In the cron job where I say "user" it needs to be "root" (or whatever user cron needs to run certbot as).
by warlord
27 Jul 2019 12:25
Forum: 4.x Testing
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 1753

Re: Certbot Renewal Cron Job broken on July 8

Not everybody wants the certs for postfix, so I will add some logic to choose either scenario. Sure. Configuring LE certs for postfix should absolutely be a separate option. However IMHO restarting postfix when LE certs get renewed is perfectly safe regardless of whether it's using self- or LE certs.
by warlord
26 Jul 2019 20:57
Forum: 4.x Testing
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 1753

Re: Certbot Renewal Cron Job broken on July 8

Thanks.

If you could actually take my full-blown suggestion from viewtopic.php?f=19&t=3577&p=14151#p14151 it would be even better. Hat would let us use LetsEncrypt for both HTTP and Postfix and have it do the right thing whenthe cert is updated.
by warlord
26 Jul 2019 17:28
Forum: 4.x Testing
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 1753

Certbot Renewal Cron Job broken on July 8

Hi, My EFA server took an update and on July 8th and it rewrote (and BROKE) /etc/cron.d/certbotrenew: # ls -l /etc/cron.d/certbotrenew -rw-r--r--. 1 root root 666 Jul 8 05:14 /etc/cron.d/certbotrenew # cat /etc/cron.d/certbotrenew 0 0,12 awl.php checklogin.php conf.php connect.php functions.php imag...
by warlord
10 Jul 2019 00:33
Forum: 4.x Testing
Topic: fail2ban compliant ?
Replies: 2
Views: 968

Re: fail2ban compliant ?

What do you mean by "try fail2ban"?
I am running fail2ban on my eFa test server, and it is watching e.g. ssh logs and banning people.
by warlord
31 May 2019 20:01
Forum: 4.x Testing
Topic: EFA Let's Encrypt
Replies: 7
Views: 1787

Re: EFA Let's Encrypt

Hi,
I tracked down another certbot cron issue (see my post about the cron getpwnam errors).
Specifically, /etc/cron.d/certbotrenew is broken -- it's missing the username to run the script as.
by warlord
31 May 2019 19:58
Forum: 4.x Testing
Topic: Daily cron errors: getpwnam() failed
Replies: 3
Views: 561

Re: Daily cron errors: getpwnam() failed

A little more debugging for you: # grep -i getpwnam /var/log/cron ... May 29 12:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 30 00:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 30 12:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 31 00:00:01 efa crond[...
by warlord
31 May 2019 19:38
Forum: 4.x Testing
Topic: Daily cron errors: getpwnam() failed
Replies: 3
Views: 561

Re: Daily cron errors: getpwnam() failed

Hi. CentOS 7.0 is from June 2014, which means it is 5 years old. You can't even install EL7.0 today if you wanted to -- none of the repos contain it anymore. Even 7.6 is relatively old (October 2018, so 8 months old). I hope that you're not saying that you intend to only support a 5-year-old centos ...
by warlord
21 May 2019 12:51
Forum: 4.x Testing
Topic: Logwatch "unmatched" postfix messages
Replies: 1
Views: 1150

Logwatch "unmatched" postfix messages

Hi, Running 4.x on CentOS 7.6, and in my daily logwatch it's seeing a lot of "unmatched" postfix entries: --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 4 Connections 2 Connections lost (inbound) 4 Disconnections **Unmatched Entries** 1 May 19 03:11:45 efa post...
by warlord
21 May 2019 12:46
Forum: 4.x Testing
Topic: Daily cron errors: getpwnam() failed
Replies: 3
Views: 561

Daily cron errors: getpwnam() failed

Hi, I recently installed 4.x on a CentOS 7.6 system using the build.bash script. On the first run I got a set of errors from missing files (unfortunately I deleted these). However, the daily logwatch is showing persistent cron script errors: --------------------- Cron Begin ------------------------ ...
by warlord
17 May 2019 19:03
Forum: 3.x How-to
Topic: Sender Verification
Replies: 1
Views: 488

Re: Sender Verification

I don't have an answer but I am migrating from a postfix+maia-mailguard to efa-based solution. I've been using sender-verify on the old system and yes, it does have many false-positives and blocks valid email, but it's also extremely important in cutting down spam. So yes, I would definitely agree t...
by warlord
17 May 2019 18:00
Forum: 4.x Testing
Topic: EFA Let's Encrypt
Replies: 7
Views: 1787

Re: EFA Let's Encrypt

One more bug in EFA's Let's Encrypt integration. When I enabled it, it created the new certificate but didn't restart httpd to have it take effect. I had to do that manually. Obviously this is related to the cert renewal issue above. And, of course, even though postfix is configured for TLS, it does...
by warlord
16 May 2019 21:28
Forum: 4.x Testing
Topic: EFA Let's Encrypt
Replies: 7
Views: 1787

Re: EFA Let's Encrypt

Looking at the script that generates the crontab, there is a bug in the certbot cron job. Specifically, certbot will require you to restart the applications after the certificate is renewed. That's why it appears not to work. You need a post-hook to restart httpd (and any other services). On other s...