EFA 4 beta
EFA 4 beta
I saw a beta version of EFA 4 for download on github
I would like to test an installation but how stable is it? I can only test if mails are going through the system. I am running 2 instances at the moment. The primary gets 98% of all the mail en the secondary the rest. That is mainly (95%) spam, so maybe I can change that one for a EFA 4 beta? Or is it to early?
Thanks for the hard work an amazing product!
Roger
I would like to test an installation but how stable is it? I can only test if mails are going through the system. I am running 2 instances at the moment. The primary gets 98% of all the mail en the secondary the rest. That is mainly (95%) spam, so maybe I can change that one for a EFA 4 beta? Or is it to early?
Thanks for the hard work an amazing product!
Roger
Re: EFA 4 beta
I set up a vps with CentOS7 and tried to install from github. But after a while I get this error:
--------------------------------------------------------------------
++ wget -q -O - https://composer.github.io/installer.sig
+ EXPECTED_SIGNATURE=93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8
+ php -r 'copy('\''https://getcomposer.org/installer'\'', '\''composer-setup.php'\'');'
/var/tmp/rpm-tmp.JPC7nM: line 47: php: command not found
error: Bad exit status from /var/tmp/rpm-tmp.JPC7nM (%install)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.JPC7nM (%install)
[root@mailgateway3 build]# php -v
-bash: /usr/bin/php: No such file or directory
--------------------------------------------------------------------
It can't find php. Installing it manually errors out the install script.
Thanks,
Roger
EDIT:
I added php72u-cli to the devbuild.sh script anfd now it installed correctly. Going to check it further.
--------------------------------------------------------------------
++ wget -q -O - https://composer.github.io/installer.sig
+ EXPECTED_SIGNATURE=93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8
+ php -r 'copy('\''https://getcomposer.org/installer'\'', '\''composer-setup.php'\'');'
/var/tmp/rpm-tmp.JPC7nM: line 47: php: command not found
error: Bad exit status from /var/tmp/rpm-tmp.JPC7nM (%install)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.JPC7nM (%install)
[root@mailgateway3 build]# php -v
-bash: /usr/bin/php: No such file or directory
--------------------------------------------------------------------
It can't find php. Installing it manually errors out the install script.
Thanks,
Roger
EDIT:
I added php72u-cli to the devbuild.sh script anfd now it installed correctly. Going to check it further.
-
- Posts: 28
- Joined: 31 May 2015 20:37
Re: EFA 4 beta
Hi Shawn,
is there a way to install V4 on LXC..would be great to test on my LXC Hosts.
Thx
Mac
is there a way to install V4 on LXC..would be great to test on my LXC Hosts.
Thx
Mac
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
eFa4 will not build in LXC yet. It currently expects SELinux to be enabled, which is not namespaced, so it will not install properly and fail.mac.linux.free wrote: ↑04 Jan 2019 20:31 Hi Shawn,
is there a way to install V4 on LXC..would be great to test on my LXC Hosts.
Thx
Mac
When I do tackle LXC support, I am going to have to create a separate build just for LXC.
-
- Posts: 28
- Joined: 31 May 2015 20:37
Re: EFA 4 beta
would be really nice since I have most of my vms ported to lxc.
-
- Posts: 28
- Joined: 31 May 2015 20:37
Re: EFA 4 beta
Hi all,
is RC1 now LXC capable?
is RC1 now LXC capable?
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
Testing it now....adding some logic to exclude selinux stuff to see how well it does...
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
LXC building is passing now
-
- Posts: 83
- Joined: 16 Oct 2018 05:55
- Location: Portugal
Re: EFA 4 beta
Hi there,
Is there a no KS Install like on 3.0.2.6?. My provider only allows this way
Is there a no KS Install like on 3.0.2.6?. My provider only allows this way
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
Yes, there is.Alleyviper wrote: ↑19 Jan 2019 22:47 Hi there,
Is there a no KS Install like on 3.0.2.6?. My provider only allows this way
Code: Select all
wget https://dl.efa-project.org/build/4/build.bash
chmod +x build.bash
sudo ./build.bash testing
-
- Posts: 83
- Joined: 16 Oct 2018 05:55
- Location: Portugal
Re: EFA 4 beta
Hi Shawn,
Just reinstalled a new clean centos 7 and devbuild.sh....but....
[ ~]$ sudo tail -f /var/log/maillog
Jan 19 23:45:03 mx2 root[15138]: MSMilter started
Jan 19 23:45:04 mx2 postfix/pickup[14144]: 43hvYr5zLNz1qrWy: uid=0 from=<root>
Jan 19 23:45:04 mx2 postfix/cleanup[14148]: 43hvYr5zLNz1qrWy: message-id=<43hvYr5zLNz1qrWy@domain.tld>
Jan 19 23:45:04 mx2 postfix/qmgr[14143]: 43hvYr5zLNz1qrWy: from=<root@domain.tld>, size=495, nrcpt=1 (queue active)
Jan 19 23:45:05 mx2 postfix/smtp[14150]: 43hvYr5zLNz1qrWy: to=<email@domain.tld>, relay=email.domain.tld[80.211.85.55]:25, delay=0.56, delays=0.01/0/0.44/0.1, dsn=2.0.0, status=sent (250 OK id=1gl0IR-0002DJ-0D)
Jan 19 23:45:05 mx2 postfix/qmgr[14143]: 43hvYr5zLNz1qrWy: removed
Jan 19 23:45:24 mx2 postfix/postqueue[15171]: fatal: Connect to the Postfix showq service: Permission denied
Jan 19 23:45:55 mx2 postfix/postqueue[15200]: fatal: Connect to the Postfix showq service: Permission denied
Jan 19 23:46:26 mx2 postfix/postqueue[15350]: fatal: Connect to the Postfix showq service: Permission denied
Jan 19 23:46:56 mx2 postfix/postqueue[15623]: fatal: Connect to the Postfix showq service: Permission denied
Just reinstalled a new clean centos 7 and devbuild.sh....but....
[ ~]$ sudo tail -f /var/log/maillog
Jan 19 23:45:03 mx2 root[15138]: MSMilter started
Jan 19 23:45:04 mx2 postfix/pickup[14144]: 43hvYr5zLNz1qrWy: uid=0 from=<root>
Jan 19 23:45:04 mx2 postfix/cleanup[14148]: 43hvYr5zLNz1qrWy: message-id=<43hvYr5zLNz1qrWy@domain.tld>
Jan 19 23:45:04 mx2 postfix/qmgr[14143]: 43hvYr5zLNz1qrWy: from=<root@domain.tld>, size=495, nrcpt=1 (queue active)
Jan 19 23:45:05 mx2 postfix/smtp[14150]: 43hvYr5zLNz1qrWy: to=<email@domain.tld>, relay=email.domain.tld[80.211.85.55]:25, delay=0.56, delays=0.01/0/0.44/0.1, dsn=2.0.0, status=sent (250 OK id=1gl0IR-0002DJ-0D)
Jan 19 23:45:05 mx2 postfix/qmgr[14143]: 43hvYr5zLNz1qrWy: removed
Jan 19 23:45:24 mx2 postfix/postqueue[15171]: fatal: Connect to the Postfix showq service: Permission denied
Jan 19 23:45:55 mx2 postfix/postqueue[15200]: fatal: Connect to the Postfix showq service: Permission denied
Jan 19 23:46:26 mx2 postfix/postqueue[15350]: fatal: Connect to the Postfix showq service: Permission denied
Jan 19 23:46:56 mx2 postfix/postqueue[15623]: fatal: Connect to the Postfix showq service: Permission denied
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
Oh, crud, I need to update the devbuild.sh script!
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
Just installed the beta. Watching the install is impressive
I just post every step I did, some of them are no show stopper. ( the mysql changes or the proposal for defaults)
When using the devbuild,
The first time I cloned in /root/scripts and got the following error after the packages installed.
error: failed to stat /root/v4/rpmbuild/SPECS/postfix_eFa-3.3.0.spec: No such file or directory
Second try, cloned in /root
[eFa] Generating Apache and postfix self-signed cert
Generating a 2048 bit RSA private key
.......................................+++
....+++
writing new private key to '../private/localhost.key'
-----
Created symlink from /etc/systemd/system/multi-user.target.wants/mailscanner.service to /usr/lib/systemd/system/mailscanner.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/crond.service to /usr/lib/systemd/system/crond.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@scan.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/sqlgrey.service to /usr/lib/systemd/system/sqlgrey.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/unbound.service to /usr/lib/systemd/system/unbound.service.
Failed to execute operation: No such file or directory
[eFa] - Error initializing system! Please try again...
error Failed to reload mariadb.service: Job type reload is not applicable for unit mariadb.service.
See system logs and 'systemctl status mariadb.service' for details.
This will not halt the script, but reload should be restart as mariadb doesnt support reload should be systemctl restart mariadb
/rpmbuild/SOURCES/eFa-base-4.0.0/eFa/eFa-Commit:473:
sed -i "/^\[mysqld\]/ a\tmpdir = /var/lib/mysql/temp" /etc/my.cnf.d/mariadb-server.cnf
systemctl reload mariadb
Change to
sed -i "/^\[mysqld\]/ a\tmpdir = /var/lib/mysql/temp" /etc/my.cnf.d/mariadb-server.cnf
systemctl restart mariadb
==================================
So I switched to inst.ks=http://dl.efa-project.org/build/4/kstesting.cfg
after the init the script crashed. it could not find /etc/sysconfig/network-scripts/ifcfg-ens192
so i copyed the ifcfg ifname to /etc/sysconfig/network-scripts/ifcfg-ens192
cp /etc/sysconfig/network-scripts/ifcfg-eno16780032 /etc/sysconfig/network-scripts/ifcfg-ens192
It can be related to the fact that I use static dhcp for the lan interface. Not sure about that.
As I like the 'normal' eth(x) interface names, all my servers have this enabled in /etc/default/grub
Mysql: max_open_files to more than 1024
● mariadb.service - MariaDB 10.1 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-01-19 23:01:49 CET; 14min ago
Main PID: 5582 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─5582 /usr/libexec/mysqld --basedir=/usr
Jan 19 23:01:45 xx.lan systemd[1]: Starting MariaDB 10.1 database server...
Jan 19 23:01:47 xx.lan mysql-prepare-db-dir[5449]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Jan 19 23:01:47 xx.lan mysql-prepare-db-dir[5449]: If this is not the case, make sure the /var/lib/mysql is empty before running mysql-prepare-db-dir.
Jan 19 23:01:47 xx.lan mysqld[5582]: 2019-01-19 23:01:47 139804821674240 [Note] /usr/libexec/mysqld (mysqld 10.1.35-MariaDB) starting as process 5582 ...
Jan 19 23:01:47 xx.lan mysqld[5582]: 2019-01-19 23:01:47 139804821674240 [Warning] Could not increase number of max_open_files to more than 1024 (request: 4182)
Jan 19 23:01:49 xx.lan systemd[1]: Started MariaDB 10.1 database server.
Fix:
To setup mysql I also changed the server.cnf
mariadb will resize automatic, no need for manual actions
in section:
[mariadb-10.1]
To limit the dcc logfiles from dcc, move maintenance job to daily cron
Copy dcc cron to daily cron ( better move)
proposal: enable software versions by default in Gui
vi /var/www/html/mailscanner/conf.php
default install mysqltuner to check mysq
Create .my.cnf in /root to be able to login without typing password for mysql every time
unbound-1 ( resolv local network)
Need to check unbound, as only external hosts are resolved.
todo: Check log messages
/var/log/maillog
Jan 20 00:28:06 xxpostfix/smtp[6906]: 43hvBF6Lnpzc7bd: to=<xxr@private.lan>, relay=none, delay=0.25, delays=0.12/0.09/0.04/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=xx.lan type=AAAA: Host not found)
Jan 20 00:28:06 xxpostfix/cleanup[6886]: 43hvBG0lnQzc7bf: message-id=<43hvBG0lnQzc7bf@xx.lan>
Jan 20 00:28:06 xxpostfix/qmgr[5940]: 43hvBG0lnQzc7bf: from=<>, size=2602, nrcpt=1 (queue active)
Jan 20 00:28:06 xxpostfix/bounce[6927]: 43hvBF6Lnpzc7bd: sender non-delivery notification: 43hvBG0lnQzc7bf
Jan 20 00:28:06 xxpostfix/qmgr[5940]: 43hvBF6Lnpzc7bd: removed
Jan 20 00:28:06 xxpostfix/smtp[6906]: 43hvBG0lnQzc7bf: to=<root@xx.lan>, relay=none, delay=0.04, delays=0.03/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=xx.lan type=AAAA: Host not found)
Jan 20 00:31:20 xxpostfix/master[5886]: daemon started -- version 3.3.0, configuration /etc/postfix
Jan 20 00:31:20 xxMSMilter[5526]: MSMilter Daemon starting...
Jan 20 00:31:21 xxMSMilter[5526]: Reading configuration file /etc/MailScanner/MailScanner.conf
Jan 20 00:31:21 xxMSMilter[5526]: Reading configuration file /etc/MailScanner/conf.d/README
Jan 20 00:31:21 xxMSMilter[5526]: Could not read directory /var/spool/MailScanner/incoming/Locks
Jan 20 00:31:21 xxMSMilter[5526]: Error in configuration file line 3142, directory /var/spool/MailScanner/incoming/Locks for lockfiledir does not exist (or is not readable)
Jan 20 00:31:21 xxMSMilter[5526]: Read 868 hostnames from the phishing whitelist
Jan 20 00:31:21 xxMSMilter[5526]: Read 5807 hostnames from the phishing blacklists
[root@xxlog]# ls -la /var/spool/MailScanner/incoming/Locks
total 4
drwxr-xr-x. 2 root postfix 200 Jan 20 00:31 .
drwxrwx---. 9 root mtagroup 220 Jan 20 00:32 ..
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 avgBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 bitdefenderBusy.lock
-rw-rw----. 1 postfix postfix 48 Jan 20 00:05 clamavBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 f-secureBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 genericBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 MS.bayes.rebuild.lock
-rw-rw----. 1 postfix postfix 0 Jan 20 00:31 MS.bayes.starting.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 sophosBusy.lock
/var/log/httpd/error_log
[Sun Jan 20 00:27:28.834271 2019] [mpm_prefork:notice] [pid 5403] AH00163: Apache/2.4.35 (IUS) OpenSSL/1.0.2k-fips PHP/7.2.14 configured -- resuming normal operations
[Sun Jan 20 00:27:28.834322 2019] [core:notice] [pid 5403] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Jan 20 00:30:37.057934 2019] [mpm_prefork:notice] [pid 5403] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jan 20 00:31:17.773486 2019] [core:notice] [pid 5388] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Jan 20 00:31:17.849310 2019] [suexec:notice] [pid 5388] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Jan 20 00:31:18.017364 2019] [http2:warn] [pid 5388] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
see http://httpd.apache.org/docs/current/mpm.html
/var/log/httpd/ssl_error_log
[Sun Jan 20 00:31:18.017053 2019] [ssl:warn] [pid 5388] AH01906: xx.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jan 20 00:31:18.017094 2019] [ssl:warn] [pid 5388] AH01909: xx.lan:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jan 20 01:02:43.246630 2019] [php7:warn] [pid 5668] [client xx.xx.11.220:56193] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /var/www/html/mailscanner/logout.php on line 40, referer: https://xx.lan/mailscanner/sf_version.php
[Sun Jan 20 01:03:46.564369 2019] [php7:warn] [pid 5668] [client xx.xx.11.220:56200] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /var/www/html/mailscanner/logout.php on line 40, referer: https://xx.lan/mailscanner/sf_version.php
I just post every step I did, some of them are no show stopper. ( the mysql changes or the proposal for defaults)
When using the devbuild,
The first time I cloned in /root/scripts and got the following error after the packages installed.
error: failed to stat /root/v4/rpmbuild/SPECS/postfix_eFa-3.3.0.spec: No such file or directory
Second try, cloned in /root
[eFa] Generating Apache and postfix self-signed cert
Generating a 2048 bit RSA private key
.......................................+++
....+++
writing new private key to '../private/localhost.key'
-----
Created symlink from /etc/systemd/system/multi-user.target.wants/mailscanner.service to /usr/lib/systemd/system/mailscanner.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/crond.service to /usr/lib/systemd/system/crond.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@scan.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/sqlgrey.service to /usr/lib/systemd/system/sqlgrey.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/unbound.service to /usr/lib/systemd/system/unbound.service.
Failed to execute operation: No such file or directory
[eFa] - Error initializing system! Please try again...
error Failed to reload mariadb.service: Job type reload is not applicable for unit mariadb.service.
See system logs and 'systemctl status mariadb.service' for details.
This will not halt the script, but reload should be restart as mariadb doesnt support reload should be systemctl restart mariadb
/rpmbuild/SOURCES/eFa-base-4.0.0/eFa/eFa-Commit:473:
sed -i "/^\[mysqld\]/ a\tmpdir = /var/lib/mysql/temp" /etc/my.cnf.d/mariadb-server.cnf
systemctl reload mariadb
Change to
sed -i "/^\[mysqld\]/ a\tmpdir = /var/lib/mysql/temp" /etc/my.cnf.d/mariadb-server.cnf
systemctl restart mariadb
==================================
So I switched to inst.ks=http://dl.efa-project.org/build/4/kstesting.cfg
after the init the script crashed. it could not find /etc/sysconfig/network-scripts/ifcfg-ens192
so i copyed the ifcfg ifname to /etc/sysconfig/network-scripts/ifcfg-ens192
cp /etc/sysconfig/network-scripts/ifcfg-eno16780032 /etc/sysconfig/network-scripts/ifcfg-ens192
It can be related to the fact that I use static dhcp for the lan interface. Not sure about that.
As I like the 'normal' eth(x) interface names, all my servers have this enabled in /etc/default/grub
Code: Select all
cat /etc/default/grub
Code: Select all
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
#GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_00/lv_root rd.lvm.lv=vg_00/lv_swap rhgb quiet"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_00/lv_root rd.lvm.lv=vg_00/lv_swap net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"
Code: Select all
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
Mysql: max_open_files to more than 1024
Code: Select all
systemctl status mariadb.service
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-01-19 23:01:49 CET; 14min ago
Main PID: 5582 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─5582 /usr/libexec/mysqld --basedir=/usr
Jan 19 23:01:45 xx.lan systemd[1]: Starting MariaDB 10.1 database server...
Jan 19 23:01:47 xx.lan mysql-prepare-db-dir[5449]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Jan 19 23:01:47 xx.lan mysql-prepare-db-dir[5449]: If this is not the case, make sure the /var/lib/mysql is empty before running mysql-prepare-db-dir.
Jan 19 23:01:47 xx.lan mysqld[5582]: 2019-01-19 23:01:47 139804821674240 [Note] /usr/libexec/mysqld (mysqld 10.1.35-MariaDB) starting as process 5582 ...
Jan 19 23:01:47 xx.lan mysqld[5582]: 2019-01-19 23:01:47 139804821674240 [Warning] Could not increase number of max_open_files to more than 1024 (request: 4182)
Jan 19 23:01:49 xx.lan systemd[1]: Started MariaDB 10.1 database server.
Fix:
Code: Select all
mkdir /etc/systemd/system/mariadb.service.d
vi /etc/systemd/system/mariadb.service.d/limit.conf
Code: Select all
[Service]
LimitNOFILE=infinity
Code: Select all
sudo systemctl daemon-reload
mariadb will resize automatic, no need for manual actions
Code: Select all
vi /etc/my.cnf.d/mariadb-server.cnf
[mariadb-10.1]
Code: Select all
bind-address = 127.0.0.1
innodb-defragment = 1
innodb_buffer_pool_instances = 1
innodb_buffer_pool_size = 1G
innodb_file_per_table = 1
innodb_log_buffer_size = 32M
innodb_log_file_size = 125M
join_buffer_size = 512K
key_cache_segments = 4
max_allowed_packet = 16M
max_heap_table_size = 32M
query_cache_size = 0M
query_cache_type = OFF
read_buffer_size = 2M
read_rnd_buffer_size = 1M
skip-external-locking
skip-host-cache
sort_buffer_size = 4M
thread_cache_size = 16
tmp_table_size = 32M
Code: Select all
systemctl restart mariadb.service
Copy dcc cron to daily cron ( better move)
Code: Select all
cp -a /etc/cron.monthly/cron-dccd /etc/cron.daily/cron-dccd
vi /var/www/html/mailscanner/conf.php
Code: Select all
// Show Software Version tab (only Admins can see it).
//define('SHOW_SFVERSION', false);
define('SHOW_SFVERSION', true);
Code: Select all
mkdir /root/scripts
cd /root/scripts
wget http://mysqltuner.pl/ -O mysqltuner.pl
Code: Select all
[client]
user=root
password=<<EFA MYSQLPASSWORD>>
Need to check unbound, as only external hosts are resolved.
todo: Check log messages
/var/log/maillog
Jan 20 00:28:06 xxpostfix/smtp[6906]: 43hvBF6Lnpzc7bd: to=<xxr@private.lan>, relay=none, delay=0.25, delays=0.12/0.09/0.04/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=xx.lan type=AAAA: Host not found)
Jan 20 00:28:06 xxpostfix/cleanup[6886]: 43hvBG0lnQzc7bf: message-id=<43hvBG0lnQzc7bf@xx.lan>
Jan 20 00:28:06 xxpostfix/qmgr[5940]: 43hvBG0lnQzc7bf: from=<>, size=2602, nrcpt=1 (queue active)
Jan 20 00:28:06 xxpostfix/bounce[6927]: 43hvBF6Lnpzc7bd: sender non-delivery notification: 43hvBG0lnQzc7bf
Jan 20 00:28:06 xxpostfix/qmgr[5940]: 43hvBF6Lnpzc7bd: removed
Jan 20 00:28:06 xxpostfix/smtp[6906]: 43hvBG0lnQzc7bf: to=<root@xx.lan>, relay=none, delay=0.04, delays=0.03/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=xx.lan type=AAAA: Host not found)
Jan 20 00:31:20 xxpostfix/master[5886]: daemon started -- version 3.3.0, configuration /etc/postfix
Jan 20 00:31:20 xxMSMilter[5526]: MSMilter Daemon starting...
Jan 20 00:31:21 xxMSMilter[5526]: Reading configuration file /etc/MailScanner/MailScanner.conf
Jan 20 00:31:21 xxMSMilter[5526]: Reading configuration file /etc/MailScanner/conf.d/README
Jan 20 00:31:21 xxMSMilter[5526]: Could not read directory /var/spool/MailScanner/incoming/Locks
Jan 20 00:31:21 xxMSMilter[5526]: Error in configuration file line 3142, directory /var/spool/MailScanner/incoming/Locks for lockfiledir does not exist (or is not readable)
Jan 20 00:31:21 xxMSMilter[5526]: Read 868 hostnames from the phishing whitelist
Jan 20 00:31:21 xxMSMilter[5526]: Read 5807 hostnames from the phishing blacklists
[root@xxlog]# ls -la /var/spool/MailScanner/incoming/Locks
total 4
drwxr-xr-x. 2 root postfix 200 Jan 20 00:31 .
drwxrwx---. 9 root mtagroup 220 Jan 20 00:32 ..
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 avgBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 bitdefenderBusy.lock
-rw-rw----. 1 postfix postfix 48 Jan 20 00:05 clamavBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 f-secureBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 genericBusy.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 MS.bayes.rebuild.lock
-rw-rw----. 1 postfix postfix 0 Jan 20 00:31 MS.bayes.starting.lock
-rw-rw----. 1 postfix postfix 0 Jan 19 22:58 sophosBusy.lock
/var/log/httpd/error_log
[Sun Jan 20 00:27:28.834271 2019] [mpm_prefork:notice] [pid 5403] AH00163: Apache/2.4.35 (IUS) OpenSSL/1.0.2k-fips PHP/7.2.14 configured -- resuming normal operations
[Sun Jan 20 00:27:28.834322 2019] [core:notice] [pid 5403] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Jan 20 00:30:37.057934 2019] [mpm_prefork:notice] [pid 5403] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jan 20 00:31:17.773486 2019] [core:notice] [pid 5388] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Jan 20 00:31:17.849310 2019] [suexec:notice] [pid 5388] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Jan 20 00:31:18.017364 2019] [http2:warn] [pid 5388] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
see http://httpd.apache.org/docs/current/mpm.html
/var/log/httpd/ssl_error_log
[Sun Jan 20 00:31:18.017053 2019] [ssl:warn] [pid 5388] AH01906: xx.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jan 20 00:31:18.017094 2019] [ssl:warn] [pid 5388] AH01909: xx.lan:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jan 20 01:02:43.246630 2019] [php7:warn] [pid 5668] [client xx.xx.11.220:56193] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /var/www/html/mailscanner/logout.php on line 40, referer: https://xx.lan/mailscanner/sf_version.php
[Sun Jan 20 01:03:46.564369 2019] [php7:warn] [pid 5668] [client xx.xx.11.220:56200] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /var/www/html/mailscanner/logout.php on line 40, referer: https://xx.lan/mailscanner/sf_version.php
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: EFA 4 beta
Last night I have been working with shaw on the v4.
It’s configured and running now.
The issue now is when someone send us a email we get this error
emote Server returned '554 5.7.1 <juliene@gmail.com>: Relay access denied'
What could be the cause ?
It’s configured and running now.
The issue now is when someone send us a email we get this error
emote Server returned '554 5.7.1 <juliene@gmail.com>: Relay access denied'
What could be the cause ?
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Re: EFA 4 beta
did you have a look at https://www.howtoforge.com/community/th ... 7-1.72415/
and see the ssl log in my previous post about the CA
As I still need to have a look at unbound, did you have unbound working corectly, resolving local hosts? or do you use IP adressses?
and see the ssl log in my previous post about the CA
As I still need to have a look at unbound, did you have unbound working corectly, resolving local hosts? or do you use IP adressses?
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: EFA 4 beta
Hi Henki am using IP of the EfA as smart host using IP.
What you mean using IP or host ?
What you mean using IP or host ?
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
Hi henk,
Thank you very much for testing this. I have updated the testing status with your feedback and am working through the issues.
After I make some changes, would you be willing to give the test build another try? I am concerned about the missing network-scripts after you run through setup. Did you set 'net.ifnames=0 ' before or after running through setup?
Unbound split DNS support is a todo. If you are using recursion, you have to add an additional forward for internal domains manually or update the hosts file.
Thank you very much for testing this. I have updated the testing status with your feedback and am working through the issues.
After I make some changes, would you be willing to give the test build another try? I am concerned about the missing network-scripts after you run through setup. Did you set 'net.ifnames=0 ' before or after running through setup?
Unbound split DNS support is a todo. If you are using recursion, you have to add an additional forward for internal domains manually or update the hosts file.
Re: EFA 4 beta
Hi Shawn,
Sure, see efa build beats tv and I learn something at the same time.
Installing with git clone and the build script on a Centos 7 minimal template, ( having 'net.ifnames=0 ' in the boot options already) didn't work as mentioned before.
With the kickstart script install I forgot to enter the 'net.ifnames=0' , next time I will use somthing like "net.ifnames=0 biosdevname=0 inst.ks=http://dl.efa-project.org/build/4/kstesting.cfg"
I did set 'net.ifnames=0 ' before running the efa-configure script. (so login and exit configure efa for the first time.
Kinda strange: the efa configure sets the ip eth(x) or ens(x) in the networking script directory, with bootpro=none. The question is why is the new interface generated after reboot?
The static dhcp:
I use pfsense to set a Static ip thru DHCP, based on mac address, but since I installed from a kickstart script in the boot options from a centos 7 minimal ISO, the Ip address assigned was the correct one ( as defined in the pfsense DHCP server).
However, the dns entry (127.0.0.1) in the dhcp server on pfsense must be removed, so the default dns servers are used during install and configure. When efa is ready ( unbound working) the 127.0.0.1 entry is added again.
I do use recursion and I will report back the changes versus the unbound used in efa3.
Sure, see efa build beats tv and I learn something at the same time.
Installing with git clone and the build script on a Centos 7 minimal template, ( having 'net.ifnames=0 ' in the boot options already) didn't work as mentioned before.
With the kickstart script install I forgot to enter the 'net.ifnames=0' , next time I will use somthing like "net.ifnames=0 biosdevname=0 inst.ks=http://dl.efa-project.org/build/4/kstesting.cfg"
I did set 'net.ifnames=0 ' before running the efa-configure script. (so login and exit configure efa for the first time.
Kinda strange: the efa configure sets the ip eth(x) or ens(x) in the networking script directory, with bootpro=none. The question is why is the new interface generated after reboot?
The static dhcp:
I use pfsense to set a Static ip thru DHCP, based on mac address, but since I installed from a kickstart script in the boot options from a centos 7 minimal ISO, the Ip address assigned was the correct one ( as defined in the pfsense DHCP server).
However, the dns entry (127.0.0.1) in the dhcp server on pfsense must be removed, so the default dns servers are used during install and configure. When efa is ready ( unbound working) the 127.0.0.1 entry is added again.
I do use recursion and I will report back the changes versus the unbound used in efa3.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: EFA 4 beta
Hi jaimersoni,
If you use recursion, did you enter ipadress in the efa configure or fqdn for the mailserver?
My mailserver is on the internal network, and unbound needs some additional configuration to be able to resolve internal hosts. ( see maillog)
If you use recursion, did you enter ipadress in the efa configure or fqdn for the mailserver?
My mailserver is on the internal network, and unbound needs some additional configuration to be able to resolve internal hosts. ( see maillog)
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: EFA 4 beta
i have got mine fixed, it had nothing to do with the build or something.
i've configured the mail setting with the wrong domain which caused the domain to be reject.
so far so good, the efa is running fine now.
@henk thank you so much for pointing me to this, i didn't had the mail server IP/FQDN on the mailsetting now its working
i've configured the mail setting with the wrong domain which caused the domain to be reject.
so far so good, the efa is running fine now.
@henk thank you so much for pointing me to this, i didn't had the mail server IP/FQDN on the mailsetting now its working
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Re: EFA 4 beta
Did you use the kickstart script or the git clone - devbuild?
Didyou enable IPV6? I don't. aka Mysql/postfix/dovecot/unbound should also only use IPv4. (ipv6 disabled depending on the efa-configure)
If you check the logs I mentioned before, there are no issues?
Didyou enable IPV6? I don't. aka Mysql/postfix/dovecot/unbound should also only use IPv4. (ipv6 disabled depending on the efa-configure)
If you check the logs I mentioned before, there are no issues?
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA 4 beta
@henk
Testing repo has been updated, please feel free to test again.
Testing repo has been updated, please feel free to test again.
-
- Posts: 83
- Joined: 16 Oct 2018 05:55
- Location: Portugal
Re: EFA 4 beta
Hi there,
I have a VM waiting on a cloud provider and Will have another go on it.
Report as soon as I can.
I have a VM waiting on a cloud provider and Will have another go on it.
Report as soon as I can.
-
- Posts: 83
- Joined: 16 Oct 2018 05:55
- Location: Portugal
Re: EFA 4 beta
Hi there,
Using devbuild.sh, at the end of the installation
Complete!
error: failed to stat /root/v4/rpmbuild/SPECS/postfix_eFa-3.3.0.spec: No such file or directory
[root@mx2 scripts]#
Using devbuild.sh, at the end of the installation
Complete!
error: failed to stat /root/v4/rpmbuild/SPECS/postfix_eFa-3.3.0.spec: No such file or directory
[root@mx2 scripts]#