Search found 19 matches

by warlord
28 Apr 2020 16:06
Forum: 4.x Bugs
Topic: Update eFa-4.0.2-13 resolv.conf
Replies: 5
Views: 531

Re: Update eFa-4.0.2-13 resolv.conf

I've still got eFa running outside my production environment so I only noticed this issue today after it hit on April 13th when it updated to -12. I concur that commenting out dns=none fixes the problem for me. I use local-caching nameservers for my network and have all my devices point at those. Th...
by warlord
20 Feb 2020 23:51
Forum: 4.x Bugs
Topic: Logwatch "unmatched" postfix messages
Replies: 6
Views: 3165

Re: Logwatch "unmatched" postfix messages

Got a response. The fix is to add this configuration to turn on long-queue-id processing:

Code: Select all

cat > /etc/logwatch/conf/services/postfix.conf <<EOF
$postfix_Enable_Long_Queue_Ids = Yes
EOF
by warlord
20 Feb 2020 18:12
Forum: 4.x Bugs
Topic: Logwatch "unmatched" postfix messages
Replies: 6
Views: 3165

Re: Logwatch "unmatched" postfix messages

Thanks for the link (and sorry for the long delay in responding). I have emailed them a sample. Hopefully they will respond quickly.
Considering I expect to get hundreds of emails per day, thousands of unmatched entries in logwatch in untenable.
I will respond again if/when I hear anything.
by warlord
02 Jan 2020 15:40
Forum: 4.x Bugs
Topic: Logwatch "unmatched" postfix messages
Replies: 6
Views: 3165

Re: Logwatch "unmatched" postfix messages

Hi.
FYI, this is still an issue in 4.0.1-8
(do I need to manually switch over from 4-testing to -stable?)
by warlord
19 Aug 2019 13:38
Forum: 4.x Bugs
Topic: Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed
Replies: 1
Views: 2657

Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed

Hi, Just received the following cron job email which seems to imply that the new package did not install because it's not signed. /etc/cron.daily/0yum-daily.cron: Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed The following updates will be applied on efa.ihtfp.org: ===========================...
by warlord
29 Jul 2019 14:08
Forum: 4.x Bugs
Topic: EFA Let's Encrypt
Replies: 7
Views: 5116

Re: EFA Let's Encrypt

Testing now. I left off the port 80 on/off becuase port 80 is open by default on eFa4 to redirect to https, but I think I will test port 80 and then toggle it, but only if it is off to start with. I think it's safe to just leave that off if you think 80 is always open. But yeah, if 80 is off, you m...
by warlord
29 Jul 2019 14:07
Forum: 4.x Bugs
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 6079

Re: Certbot Renewal Cron Job broken on July 8

Oops, I found one bug above. In the cron job where I say "user" it needs to be "root" (or whatever user cron needs to run certbot as).
by warlord
27 Jul 2019 12:25
Forum: 4.x Bugs
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 6079

Re: Certbot Renewal Cron Job broken on July 8

Not everybody wants the certs for postfix, so I will add some logic to choose either scenario. Sure. Configuring LE certs for postfix should absolutely be a separate option. However IMHO restarting postfix when LE certs get renewed is perfectly safe regardless of whether it's using self- or LE certs.
by warlord
26 Jul 2019 20:57
Forum: 4.x Bugs
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 6079

Re: Certbot Renewal Cron Job broken on July 8

Thanks.

If you could actually take my full-blown suggestion from viewtopic.php?f=19&t=3577&p=14151#p14151 it would be even better. Hat would let us use LetsEncrypt for both HTTP and Postfix and have it do the right thing whenthe cert is updated.
by warlord
26 Jul 2019 17:28
Forum: 4.x Bugs
Topic: Certbot Renewal Cron Job broken on July 8
Replies: 6
Views: 6079

Certbot Renewal Cron Job broken on July 8

Hi, My EFA server took an update and on July 8th and it rewrote (and BROKE) /etc/cron.d/certbotrenew: # ls -l /etc/cron.d/certbotrenew -rw-r--r--. 1 root root 666 Jul 8 05:14 /etc/cron.d/certbotrenew # cat /etc/cron.d/certbotrenew 0 0,12 awl.php checklogin.php conf.php connect.php functions.php imag...
by warlord
10 Jul 2019 00:33
Forum: 4.x Bugs
Topic: fail2ban compliant ?
Replies: 7
Views: 2563

Re: fail2ban compliant ?

What do you mean by "try fail2ban"?
I am running fail2ban on my eFa test server, and it is watching e.g. ssh logs and banning people.
by warlord
31 May 2019 20:01
Forum: 4.x Bugs
Topic: EFA Let's Encrypt
Replies: 7
Views: 5116

Re: EFA Let's Encrypt

Hi,
I tracked down another certbot cron issue (see my post about the cron getpwnam errors).
Specifically, /etc/cron.d/certbotrenew is broken -- it's missing the username to run the script as.
by warlord
31 May 2019 19:58
Forum: 4.x Bugs
Topic: Daily cron errors: getpwnam() failed
Replies: 3
Views: 1628

Re: Daily cron errors: getpwnam() failed

A little more debugging for you: # grep -i getpwnam /var/log/cron ... May 29 12:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 30 00:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 30 12:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 31 00:00:01 efa crond[...
by warlord
31 May 2019 19:38
Forum: 4.x Bugs
Topic: Daily cron errors: getpwnam() failed
Replies: 3
Views: 1628

Re: Daily cron errors: getpwnam() failed

Hi. CentOS 7.0 is from June 2014, which means it is 5 years old. You can't even install EL7.0 today if you wanted to -- none of the repos contain it anymore. Even 7.6 is relatively old (October 2018, so 8 months old). I hope that you're not saying that you intend to only support a 5-year-old centos ...
by warlord
21 May 2019 12:51
Forum: 4.x Bugs
Topic: Logwatch "unmatched" postfix messages
Replies: 6
Views: 3165

Logwatch "unmatched" postfix messages

Hi, Running 4.x on CentOS 7.6, and in my daily logwatch it's seeing a lot of "unmatched" postfix entries: --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 4 Connections 2 Connections lost (inbound) 4 Disconnections **Unmatched Entries** 1 May 19 03:11:45 efa post...
by warlord
21 May 2019 12:46
Forum: 4.x Bugs
Topic: Daily cron errors: getpwnam() failed
Replies: 3
Views: 1628

Daily cron errors: getpwnam() failed

Hi, I recently installed 4.x on a CentOS 7.6 system using the build.bash script. On the first run I got a set of errors from missing files (unfortunately I deleted these). However, the daily logwatch is showing persistent cron script errors: --------------------- Cron Begin ------------------------ ...
by warlord
17 May 2019 19:03
Forum: How-to
Topic: Sender Verification
Replies: 1
Views: 1320

Re: Sender Verification

I don't have an answer but I am migrating from a postfix+maia-mailguard to efa-based solution. I've been using sender-verify on the old system and yes, it does have many false-positives and blocks valid email, but it's also extremely important in cutting down spam. So yes, I would definitely agree t...
by warlord
17 May 2019 18:00
Forum: 4.x Bugs
Topic: EFA Let's Encrypt
Replies: 7
Views: 5116

Re: EFA Let's Encrypt

One more bug in EFA's Let's Encrypt integration. When I enabled it, it created the new certificate but didn't restart httpd to have it take effect. I had to do that manually. Obviously this is related to the cert renewal issue above. And, of course, even though postfix is configured for TLS, it does...
by warlord
16 May 2019 21:28
Forum: 4.x Bugs
Topic: EFA Let's Encrypt
Replies: 7
Views: 5116

Re: EFA Let's Encrypt

Looking at the script that generates the crontab, there is a bug in the certbot cron job. Specifically, certbot will require you to restart the applications after the certificate is renewed. That's why it appears not to work. You need a post-hook to restart httpd (and any other services). On other s...