Search found 19 matches
- 28 Apr 2020 16:06
- Forum: 4.x Bugs
- Topic: Update eFa-4.0.2-13 resolv.conf
- Replies: 9
- Views: 25335
Re: Update eFa-4.0.2-13 resolv.conf
I've still got eFa running outside my production environment so I only noticed this issue today after it hit on April 13th when it updated to -12. I concur that commenting out dns=none fixes the problem for me. I use local-caching nameservers for my network and have all my devices point at those. Th...
- 20 Feb 2020 23:51
- Forum: 4.x Bugs
- Topic: Logwatch "unmatched" postfix messages
- Replies: 6
- Views: 7195
Re: Logwatch "unmatched" postfix messages
Got a response. The fix is to add this configuration to turn on long-queue-id processing:
Code: Select all
cat > /etc/logwatch/conf/services/postfix.conf <<EOF
$postfix_Enable_Long_Queue_Ids = Yes
EOF
- 20 Feb 2020 18:12
- Forum: 4.x Bugs
- Topic: Logwatch "unmatched" postfix messages
- Replies: 6
- Views: 7195
Re: Logwatch "unmatched" postfix messages
Thanks for the link (and sorry for the long delay in responding). I have emailed them a sample. Hopefully they will respond quickly.
Considering I expect to get hundreds of emails per day, thousands of unmatched entries in logwatch in untenable.
I will respond again if/when I hear anything.
Considering I expect to get hundreds of emails per day, thousands of unmatched entries in logwatch in untenable.
I will respond again if/when I hear anything.
- 02 Jan 2020 15:40
- Forum: 4.x Bugs
- Topic: Logwatch "unmatched" postfix messages
- Replies: 6
- Views: 7195
Re: Logwatch "unmatched" postfix messages
Hi.
FYI, this is still an issue in 4.0.1-8
(do I need to manually switch over from 4-testing to -stable?)
FYI, this is still an issue in 4.0.1-8
(do I need to manually switch over from 4-testing to -stable?)
- 19 Aug 2019 13:38
- Forum: 4.x Bugs
- Topic: Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed
- Replies: 1
- Views: 3852
Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed
Hi, Just received the following cron job email which seems to imply that the new package did not install because it's not signed. /etc/cron.daily/0yum-daily.cron: Package eFa-4.0.0-66.eFa.el7.x86_64.rpm is not signed The following updates will be applied on efa.ihtfp.org: ===========================...
- 29 Jul 2019 14:08
- Forum: 4.x Bugs
- Topic: EFA Let's Encrypt
- Replies: 7
- Views: 9208
Re: EFA Let's Encrypt
Testing now. I left off the port 80 on/off becuase port 80 is open by default on eFa4 to redirect to https, but I think I will test port 80 and then toggle it, but only if it is off to start with. I think it's safe to just leave that off if you think 80 is always open. But yeah, if 80 is off, you m...
- 29 Jul 2019 14:07
- Forum: 4.x Bugs
- Topic: Certbot Renewal Cron Job broken on July 8
- Replies: 6
- Views: 9072
Re: Certbot Renewal Cron Job broken on July 8
Oops, I found one bug above. In the cron job where I say "user" it needs to be "root" (or whatever user cron needs to run certbot as).
- 27 Jul 2019 12:25
- Forum: 4.x Bugs
- Topic: Certbot Renewal Cron Job broken on July 8
- Replies: 6
- Views: 9072
Re: Certbot Renewal Cron Job broken on July 8
Not everybody wants the certs for postfix, so I will add some logic to choose either scenario. Sure. Configuring LE certs for postfix should absolutely be a separate option. However IMHO restarting postfix when LE certs get renewed is perfectly safe regardless of whether it's using self- or LE certs.
- 26 Jul 2019 20:57
- Forum: 4.x Bugs
- Topic: Certbot Renewal Cron Job broken on July 8
- Replies: 6
- Views: 9072
Re: Certbot Renewal Cron Job broken on July 8
Thanks.
If you could actually take my full-blown suggestion from viewtopic.php?f=19&t=3577&p=14151#p14151 it would be even better. Hat would let us use LetsEncrypt for both HTTP and Postfix and have it do the right thing whenthe cert is updated.
If you could actually take my full-blown suggestion from viewtopic.php?f=19&t=3577&p=14151#p14151 it would be even better. Hat would let us use LetsEncrypt for both HTTP and Postfix and have it do the right thing whenthe cert is updated.
- 26 Jul 2019 17:28
- Forum: 4.x Bugs
- Topic: Certbot Renewal Cron Job broken on July 8
- Replies: 6
- Views: 9072
Certbot Renewal Cron Job broken on July 8
Hi, My EFA server took an update and on July 8th and it rewrote (and BROKE) /etc/cron.d/certbotrenew: # ls -l /etc/cron.d/certbotrenew -rw-r--r--. 1 root root 666 Jul 8 05:14 /etc/cron.d/certbotrenew # cat /etc/cron.d/certbotrenew 0 0,12 awl.php checklogin.php conf.php connect.php functions.php imag...
- 10 Jul 2019 00:33
- Forum: 4.x Bugs
- Topic: fail2ban compliant ?
- Replies: 7
- Views: 20009
Re: fail2ban compliant ?
What do you mean by "try fail2ban"?
I am running fail2ban on my eFa test server, and it is watching e.g. ssh logs and banning people.
I am running fail2ban on my eFa test server, and it is watching e.g. ssh logs and banning people.
- 31 May 2019 20:01
- Forum: 4.x Bugs
- Topic: EFA Let's Encrypt
- Replies: 7
- Views: 9208
Re: EFA Let's Encrypt
Hi,
I tracked down another certbot cron issue (see my post about the cron getpwnam errors).
Specifically, /etc/cron.d/certbotrenew is broken -- it's missing the username to run the script as.
I tracked down another certbot cron issue (see my post about the cron getpwnam errors).
Specifically, /etc/cron.d/certbotrenew is broken -- it's missing the username to run the script as.
- 31 May 2019 19:58
- Forum: 4.x Bugs
- Topic: Daily cron errors: getpwnam() failed
- Replies: 3
- Views: 4371
Re: Daily cron errors: getpwnam() failed
A little more debugging for you: # grep -i getpwnam /var/log/cron ... May 29 12:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 30 00:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 30 12:00:01 efa crond[3068]: (python) ERROR (getpwnam() failed) May 31 00:00:01 efa crond[...
- 31 May 2019 19:38
- Forum: 4.x Bugs
- Topic: Daily cron errors: getpwnam() failed
- Replies: 3
- Views: 4371
Re: Daily cron errors: getpwnam() failed
Hi. CentOS 7.0 is from June 2014, which means it is 5 years old. You can't even install EL7.0 today if you wanted to -- none of the repos contain it anymore. Even 7.6 is relatively old (October 2018, so 8 months old). I hope that you're not saying that you intend to only support a 5-year-old centos ...
- 21 May 2019 12:51
- Forum: 4.x Bugs
- Topic: Logwatch "unmatched" postfix messages
- Replies: 6
- Views: 7195
Logwatch "unmatched" postfix messages
Hi, Running 4.x on CentOS 7.6, and in my daily logwatch it's seeing a lot of "unmatched" postfix entries: --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 4 Connections 2 Connections lost (inbound) 4 Disconnections **Unmatched Entries** 1 May 19 03:11:4...
- 21 May 2019 12:46
- Forum: 4.x Bugs
- Topic: Daily cron errors: getpwnam() failed
- Replies: 3
- Views: 4371
Daily cron errors: getpwnam() failed
Hi, I recently installed 4.x on a CentOS 7.6 system using the build.bash script. On the first run I got a set of errors from missing files (unfortunately I deleted these). However, the daily logwatch is showing persistent cron script errors: --------------------- Cron Begin ------------------------ ...
- 17 May 2019 19:03
- Forum: How-to
- Topic: Sender Verification
- Replies: 1
- Views: 2618
Re: Sender Verification
I don't have an answer but I am migrating from a postfix+maia-mailguard to efa-based solution. I've been using sender-verify on the old system and yes, it does have many false-positives and blocks valid email, but it's also extremely important in cutting down spam. So yes, I would definitely agree t...
- 17 May 2019 18:00
- Forum: 4.x Bugs
- Topic: EFA Let's Encrypt
- Replies: 7
- Views: 9208
Re: EFA Let's Encrypt
One more bug in EFA's Let's Encrypt integration. When I enabled it, it created the new certificate but didn't restart httpd to have it take effect. I had to do that manually. Obviously this is related to the cert renewal issue above. And, of course, even though postfix is configured for TLS, it does...
- 16 May 2019 21:28
- Forum: 4.x Bugs
- Topic: EFA Let's Encrypt
- Replies: 7
- Views: 9208
Re: EFA Let's Encrypt
Looking at the script that generates the crontab, there is a bug in the certbot cron job. Specifically, certbot will require you to restart the applications after the certificate is renewed. That's why it appears not to work. You need a post-hook to restart httpd (and any other services). On other s...