v3 to v4 upgrade notes

General eFa discussion
Post Reply
User avatar
pdwalker
Posts: 1260
Joined: 18 Mar 2015 09:16

v3 to v4 upgrade notes

Post by pdwalker » 11 May 2020 03:34

I'm finally ready to get off my ass and replace my v3 system with v4.

Now, I wish I could just upgrade v3, but I have made so many customizations over the years, that I *cough* didn't document, that I have no idea what's going to break and what's going to work.

Instead, what I am going to do is to configure v4 to run in parallel with v3 and only redirect some domains through the v4 system. This way v3 will continue to run (since it works) and I can take the time to setup, customize and work out all the problems with the v4 installation before switching over.

I'll put my notes here for anyone who's interested.

The first thing I need to do is to figure out how to redirect some mail from the v3 machine to bypass the efa processing and instead send it immediately to the v4 machine...

[edit 1] the installation from a brand new vm is simple enough, but the documentation for afterwards is woefully inadequate. For example setting up the geoip - there is no information about this at all, so how would new users even know that they need to do it before they need to do it?. The installation documentation should have at least a list of things that need to be done post installation, even if that documentation is a link to the forums. (link added thanks to Henk)

User avatar
pdwalker
Posts: 1260
Joined: 18 Mar 2015 09:16

Re: v3 to v4 upgrade notes

Post by pdwalker » 11 May 2020 07:20

configuring efa

OS
  • clean centos 7 minimal install
  • ipv6 disabled
  • vm 4cpu,
  • 8GB ram,
  • 100GB drive (/ - 82GB, swap - 8GB, /var/spool/MailScanner/incoming - 10GB, no lvm, xfs, all personal preferences only)
geoip
  • create maxmind account
  • generate license key
  • efa configuration program
    • mailwatch settings, MaxMind GeoLite2 License Key
efa configuration
  • efa configuration, mail settings, outbound mail relay, hosts, <local network/24>
  • efa configuration, mail settings, transport settings, <domain> <internal mail server ip>
mailscanner config
  • merge v3 customizations to v4 /etc/MailScanner.conf
  • same for /etc/MailScanner/rules/*
  • same for /etc/MailScanner/mcp/*
check /var/log/messages and /var/log/maillog for any errors and correct
  • errors because of spaces instead of tabs in the various rules.conf files I copied over
  • errors because of invalid settings no longer supported in the v3 MailScanner.conf that were blindly copied over.
- copy over the transport file from v3 and install into v4
- verify operation for a single test domain (redirected to v4 efa instead of v3)

- backup v3 ( https://wiki.efa-project.org/doku.php?i ... _migration )
- scp /var/EFA/backup/<latestbackup>.tar.gz v4:/tmp

# opendkim
- (v3) tar cvf /tmp/opendkim.tar /etc/opendkim*
- (v3) scp /tmp/opendkim.tar v4:/tmp
- (v4) configure /etc/opendkim.conf, merge in the v3 opendkim.conf settings
- (v4) copy in all the other v3:/etc/opendkim/ files into v4:/etc/opendkim/

# sa-learn db
- (v3) sa-learn –backup > /tmp/salearn-backup.txt
- (v3) scp /tmp/salearn-backup.txt v4:/tmp
- (v4) sa-lean --clear
- (v4) sa-learn --restore /tmp/salearn-backup.txt

# merge changes in
- /etc/clam.d/scan.conf (from v3/etc/clamd.conf)
- /etc/eFa/eFa-Config (from v3:/etc/EFA-Config)
- /etc/opendmarc.conf
- all the /etc/postfix files, especially main.cf

# sqlgrey db and load it separately into the v4 database
- (v3) mysqldump sqlgrey > sqlgrey.sql
- (v4) mysql sqlgrey < sqlgrey.sql
- merge the v3 /etc/sqlgrey/ into v4 /etc/sqlgrey/

# don't forget all the Nicola Plazzi plugins!
- mxpf: viewtopic.php?t=1777
- hashbl: viewtopic.php?t=2836 (just the config file, not the module as it's now built into spamassassin)
- asnpf: viewtopic.php?t=2466
- hpf: viewtopic.php?t=2466
- ow: viewtopic.php?t=2466 (dump the old ow_ tables from v3 and add into v4)

Code: Select all

[root@efa spamassassin]# mysqldump -uroot mailscanner ow_incoming_inreplyto > /tmp/ow1.sql
[root@efa spamassassin]# mysqldump -uroot mailscanner ow_outgoing_messageid > /tmp/ow2.sql
[root@efa spamassassin]# mysqldump -uroot mailscanner ow_outgoing_recipient > /tmp/ow3.sql
# copy to v4 machine
[root@efa4 tmp]# mysql -umailwatch -ppassword mailscanner < ow1.sql
[root@efa4 tmp]# mysql -umailwatch -ppassword mailscanner < ow2.sql
[root@efa4 tmp]# mysql -umailwatch -ppassword mailscanner < ow3.sql
# tested dkim/dmark - seems to work. No idea how, but not complaining.

# fail2ban needed configuring. out of the box, it should work but is disabled
- enable postfix-sasl
- set bantime (48h)
- set maxretry (3)
- set findtime (240m)
- set banaction iptables-multiport
- watch firewall and fail2ban logs to see if the ips are getting locked out

# mailwatch customizations
- autolearn status column: viewtopic.php?t=2642
- date/time format (conf.php)
- style.css changes
- filter.inc.php performance edits
- function.php customizations
-- column nowrap support
-- message id instead of icon, fixed size text
- rep_total_mail_by_date.php customizations
-- add rowhover class back to the report table to make it nice


# testing rbl lookups.

# todos
- check the spamassassin/mailscanner.cf in /etc/mail/spamassassin
- does the ow.pm plugin need a cron job to remove the oldest entries?
- sadwl?: viewtopic.php?f=14&p=14266

henk
Posts: 457
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: v3 to v4 upgrade notes

Post by henk » 11 May 2020 09:40

Hi pdwalker,

agree on the Maxmind GeoIP docu, but there is a topic about that: viewtopic.php?t=4068

I also have a massive amount of customizations, so I use the conf.d directories as much as possible and leave the original configs to the default values.

Since you have a brand new install, can you check if report + spam from the Gui works without errors?
I had some issues with updating older v4 versions that needed manual changes to get it working.

User avatar
pdwalker
Posts: 1260
Joined: 18 Mar 2015 09:16

Re: v3 to v4 upgrade notes

Post by pdwalker » 11 May 2020 09:59

Will do! Also, as much as possible, I'll document what I did and what I customized into the new installation. I'm just beginning to realize just how much I've tweaked and changed over the years. Gah!

iandarke
Posts: 12
Joined: 23 Apr 2015 23:18

Re: v3 to v4 upgrade notes

Post by iandarke » 19 May 2020 04:17

I'm in a similar boat. I'm running EFA v3 at home, but figure I should be getting on v4 soon. My v3 is currently running in a VM w/ a 30GB HD and 2.5G of memory. The v4 "minimum" requirements list 100GB and 8G of memory. That's quite a difference and my home virtualization environment isn't swimming in resources. Is that all really necessary? Is there just that much OS bloat between CENTOS versions or are the minimum requirements drastically overstated?

User avatar
pdwalker
Posts: 1260
Joined: 18 Mar 2015 09:16

Re: v3 to v4 upgrade notes

Post by pdwalker » 19 May 2020 05:28

If you are running at home, then you're probably not dealing with as much mail. Check your disk space usage of your current vm - maybe your new vm would only need 40gb? Maybe you could continue with 30.

As for ram, you might be able to get away with 4gb. Or, you could continue to run with less, but make sure you have swap enabled as you'll probably need it.

My v3 system runs in 8GB/30GB. I could probably run v4 in 4GB, but my disk space definitely needs to increase for the new system if I want to keep a month or so of mail.

If you use lvm, you can always expand your disk space later. And if you're running a vm, you can always increase your ram any time you need, assuming your host has enough resources.

iandarke
Posts: 12
Joined: 23 Apr 2015 23:18

Re: v3 to v4 upgrade notes

Post by iandarke » 19 May 2020 20:56

Only 50% of the 30GB HD is used. I don't think I have it retaining a lot of mail. I do have a swap volume configured.

Have you noticed v4 consuming more memory than v3? My assumption is that w/ no GUI the core OS memory consumption should be pretty similar. I'm not sure if there are any new/additional anti-spam services running in v4 that require more RAM...

My physical host only has 16GB of ram and most of that is going to the windows\exchange server. :(

User avatar
pdwalker
Posts: 1260
Joined: 18 Mar 2015 09:16

Re: v3 to v4 upgrade notes

Post by pdwalker » 20 May 2020 04:26

Centos 7 certainly does consume more memory than Centos 6, and yes, I think efa4 does use a little more memory.

While it is possible to disable enough stuff on your efa vm to make it run in less memory, wouldn't your time be better spent purchasing more memory for your host?

Windows and Exchange server in 16GB of ram with a virtual host? Unless you are running Exchange server 2007 and Windows server 2003, that's really ungenerous. My exchange server environment uses 32GB for 50 users and it's not enough. My next exchange server will have at least 128GB.

Is there no way to upgrade your physical servers ram? Or can you provision another machine?

I really think you should think about upgrading your hardware, the ram at the very least.

henk
Posts: 457
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: v3 to v4 upgrade notes

Post by henk » 20 May 2020 08:42

I really think you should think about upgrading your hardware, the ram at the very least

Agree 100% on that. Moving from v3 to v4 needs some extra resources.

No doubt about massive issues if you try to run v4 on 30GB HD and only 2.5G of memory, even if it's just for a home install.

User avatar
pdwalker
Posts: 1260
Joined: 18 Mar 2015 09:16

Re: v3 to v4 upgrade notes

Post by pdwalker » 25 May 2020 11:21

henk wrote:
11 May 2020 09:40
Since you have a brand new install, can you check if report + spam from the Gui works without errors?
I had some issues with updating older v4 versions that needed manual changes to get it working.
I've just started funnelling in mail into the new efa vm. Hopefully I'll catch some junk shortly for you.

If there are errors, where would you expect to see them? In the /var/log/maillog?

henk
Posts: 457
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: v3 to v4 upgrade notes

Post by henk » 25 May 2020 13:34

The first things I check are:

1. Check if you can report + spam from within the Gui without errors.
or from the commandline:

Code: Select all

su -c "/bin/cat /usr/share/doc/spamassassin-3.4.4.rc1/sample-spam.txt | razor-report -d --verbose" -s /bin/bash  postfix
2. Selinux

Code: Select all

grep -irHn AVC /var/log/audit/audit.log
You do not want to see this:
Raw Audit Messages
type=AVC msg=audit(1590408922.931:414577): avc: denied { getattr } for pid=31769 comm=4D61696C5363616E6E65723A207374 path="/var/www/html/mailscanner/temp/GeoLite2-Country.mmdb" dev="dm-2" ino=50479114 scontext=system_u:system_r:mscan_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file permissive=0

When there are selinux issues, just set a tail on de audit log to indentify them when they pop up.

Code: Select all

tail -F /var/log/audit/audit.log
To list selinux issues:

Code: Select all

ausearch -m 'AVC'
If there are issues, please report to Shawn and let him decide what to do before we jump to conclusions to fast ;)

3. Logfiles

/var/log/maillog

/var/log/messages

Tail all at once

Code: Select all

tail -F /var/log/maillog /var/log/messages /var/log/audit/audit.log
Last edited by henk on 25 May 2020 16:14, edited 1 time in total.

User avatar
pdwalker
Posts: 1260
Joined: 18 Mar 2015 09:16

Re: v3 to v4 upgrade notes

Post by pdwalker » 25 May 2020 15:24

1/ No errors when submitting from the web interface, but I've idea how to confirm whether the pyzor report actually ran. The message does get marked as spam though.

1b/ The command line is good up until one of the servers failed to respond. I reran the command and it completed successfully.

2/ no selinux issues *cough*

Post Reply