EFA 4 beta

Bugs in eFa 4
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

Hi there,

Shawn and Henk, if needed i can send PM user Access to server for testing

Using the build

Code: Select all

Jan 20 23:29:01 mx2 sqlgrey: 2019/01/20-23:29:01 sqlgrey (type Net::Server::Multiplex) starting! pid(13895)
Jan 20 23:29:01 mx2 sqlgrey: Resolved [localhost]:2501 to [127.0.0.1]:2501, IPv4
Jan 20 23:29:01 mx2 sqlgrey: Resolved [localhost]:2501 to [::1]:2501, IPv6Jan 20 23:29:01 mx2 sqlgrey: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jan 20 23:29:01 mx2 sqlgrey: Binding to TCP port 2501 on host ::1 with IPv6
Jan 20 23:29:01 mx2 sqlgrey: 2019/01/20-23:29:01 Can't connect to TCP port 2501 on ::1 [Cannot assign requested address]#012  at line 68 in file /usr/share/perl5/vendor_perl/Net/Server/Proto/TCP.pm
Jan 20 23:29:01 mx2 sqlgrey: 2019/01/20-23:29:01 Server closing!
Jan 20 23:29:01 mx2 postfix/pickup[11926]: 43jW8s4Rdsz1FCWk: uid=0 from=<root>
Jan 20 23:29:01 mx2 postfix/cleanup[11928]: 43jW8s4Rdsz1FCWk: message-id=<43jW8s4Rdsz1FCWk@mx2.domain.tld>
Jan 20 23:29:01 mx2 postfix/qmgr[4396]: 43jW8s4Rdsz1FCWk: from=<root@domain.tld>, size=817, nrcpt=1 (queue active)
Jan 20 23:29:02 mx2 postfix/smtp[11930]: 43jW8s4Rdsz1FCWk: to=<root@domain.tld>, orig_to=<root>, relay=email.server.tld[x.x.x.x]:25, delay=0.47, delays=0.02/0/0.35/0.1, dsn=2.0.0, status=sent (250 OK id=1glMWR-0000Ey-OO)
Jan 20 23:29:02 mx2 postfix/qmgr[4396]: 43jW8s4Rdsz1FCWk: removed
Jan 20 23:29:10 mx2 postfix/postqueue[13918]: fatal: Connect to the Postfix showq service: Permission denied
Last edited by Alleyviper on 21 Jan 2019 00:37, edited 2 times in total.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

Probably related to the failed postfix package...will update devbuild.sh shortly.
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

Hi Shawn,

Devbuild.sh had the error. Using normal wget build.sh testing sticks the error
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

Alleyviper wrote: 20 Jan 2019 23:04 Hi there,

Using devbuild.sh, at the end of the installation

Complete!
error: failed to stat /root/v4/rpmbuild/SPECS/postfix_eFa-3.3.0.spec: No such file or directory
[root@mx2 scripts]#
@Alleyviper, are you performing a git clone of the master branch, and are you doing it while you are in the /root home?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

Alleyviper wrote: 20 Jan 2019 23:32 Jan 20 23:29:01 mx2 sqlgrey: 2019/01/20-23:29:01 Can't connect to TCP port 2501 on ::1 [Cannot assign requested address]#012 at line 68 in file /usr/share/perl5/vendor_perl/Net/Server/Proto/TCP.pm
Do you have ipv6 disabled in your instance, and if so, do you have ::1 in your /etc/hosts?
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk »

I tested the kickstart again. :violin:
2019-01-20 22_59_50-sanspam_afa on T610.private.lan.png
2019-01-20 22_59_50-sanspam_afa on T610.private.lan.png (27.33 KiB) Viewed 2275857 times
Nice to monitor the install with Alt+Tab
2019-01-20 23_20_16-sanspam_afa on T610.private.lan.png
2019-01-20 23_20_16-sanspam_afa on T610.private.lan.png (123.28 KiB) Viewed 2275857 times
No issues, just 1 typo at the end
...
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
Warning: ALREADY_ENABLED: smtp
success
Warning: ALREADY_ENABLED: ssh
success
success
Warning: ALREADY_ENABLED: 443:tcp
success
Warning: ALREADY_ENABLED: 587:tcp
success
success
/usr/sbin/eFa-Commit: line 1036: /var/log/yum/yum/yum.log: No such file or directory
Configuration complete, preparing to reboot in 60 seconds.

I did not enable IPV6 and enabled recursion.

I did enable rootacces in ssh just for the install to be able to login with ssh. (/etc/ssh/sshd_config)

Code: Select all

ls -l   /etc/sysconfig/network-scripts/ifcfg-*
-rw-------. 1 root root 420 Jan 20 23:41 /etc/sysconfig/network-scripts/ifcfg-eth0
-rw-r--r--. 1 root root 408 Jan 20 23:40 /etc/sysconfig/network-scripts/ifcfg-eth0.bak
-rw-r--r--. 1 root root 254 Aug 24 12:23 /etc/sysconfig/network-scripts/ifcfg-lo

Code: Select all

cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_00/lv_root rd.lvm.lv=vg_00/lv_swap biosdevname=0 net.ifnames=0 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"


No issue login to Gui. :clap: :clap: :dance: :dance:

Todo
maillog
....
Jan 20 23:44:04 spam sqlgrey: Couldn't unlink "/var/run/sqlgrey.pid" [Permission denied]
Jan 20 23:44:04 spam sqlgrey: Process Backgrounded
Jan 20 23:44:04 spam sqlgrey: 2019/01/20-23:44:04 sqlgrey (type Net::Server::Multiplex) starting! pid(6563)
Jan 20 23:44:04 spam sqlgrey: Resolved [localhost]:2501 to [::1]:2501, IPv6
Jan 20 23:44:04 spam sqlgrey: Resolved [localhost]:2501 to [127.0.0.1]:2501, IPv4
Jan 20 23:44:04 spam sqlgrey: Binding to TCP port 2501 on host ::1 with IPv6
Jan 20 23:44:04 spam sqlgrey: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jan 20 23:44:04 spam sqlgrey: Setting gid to "989 989"
Jan 20 23:44:04 spam sqlgrey: Setting uid to "992"
Jan 20 23:44:05 spam root[6695]: Starting MSMilter
Jan 20 23:44:07 spam MSMilter[7292]: MSMilter Daemon starting...
Jan 20 23:44:07 spam MSMilter[7292]: Reading configuration file /etc/MailScanner/MailScanner.conf
Jan 20 23:44:07 spam MSMilter[7292]: Reading configuration file /etc/MailScanner/conf.d/README
Jan 20 23:44:07 spam MSMilter[7292]: Could not read directory /var/spool/MailScanner/incoming/Locks
Jan 20 23:44:07 spam MSMilter[7292]: Error in configuration file line 3142, directory /var/spool/MailScanner/incoming/Locks for lockfiledir does not exist (or is not readable)
Jan 20 23:44:07 spam MSMilter[7292]: Read 868 hostnames from the phishing whitelist

Jan 20 23:44:45 sspam postfix/master[6069]: reload -- version 3.3.0, configuration /etc/postfix
Jan 20 23:44:46 sspam postfix/sendmail[6615]: fatal: root(0): No recipient addresses found in message header
Jan 20 23:44:47 sspam MailScanner[12422]: Connected to Processing Attempts Database

(host 172.17.1.16[172.17.1.16] said: 550 5.1.1 <root@xx.lan>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command))
Jan 21 00:07:56 spam postfix/qmgr[12716]: 43jVhX19Mqzdlwm: removed



P.S.

You can close issue https://github.com/E-F-A/v4/issues/3 "Temporary dcc files never gets purged #3"
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

Hi Henk,

IPV6 disabled and DNS recursion ON


On /etc/hosts

Code: Select all

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
x.x.x.x   mx2.domain.tld   mx2

Code: Select all

Complete!
s@mx2 ~]$ sudo tail -f /var/log/maillog
Jan 20 23:53:54 mx2 postfix/smtpd[17963]: disconnect from unknown[185.234.216.213] ehlo=1 auth=0/1 mail=0/1 qu                                                                                                                               it=1 commands=2/4
Jan 20 23:57:14 mx2 postfix/anvil[17964]: statistics: max connection rate 1/60s for (smtp:185.234.216.213) at                                                                                                                                Jan 20 23:53:54
Jan 20 23:57:14 mx2 postfix/anvil[17964]: statistics: max connection count 1 for (smtp:185.234.216.213) at Jan                                                                                                                                20 23:53:54
Jan 20 23:57:14 mx2 postfix/anvil[17964]: statistics: max cache size 1 at Jan 20 23:53:54
Jan 21 00:00:00 mx2 dccifd[4477]: 1.3.163 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0                                                                                                                                targets among 0 total messages for 4 targets since 01/20/19 22:26:44
Jan 21 00:12:56 mx2 postfix/pickup[14295]: 43jX7X70Trz1FCYJ: uid=0 from=<root>
Jan 21 00:12:57 mx2 postfix/cleanup[21115]: 43jX7X70Trz1FCYJ: message-id=<43jX7X70Trz1FCYJ@mx2.domain.tld>
Jan 21 00:12:57 mx2 postfix/qmgr[14294]: 43jX7X70Trz1FCYJ: from=<root@domain.tld>, size=917, nrcpt=1 (queue ac                                                                                                                               tive)
Jan 21 00:12:57 mx2 postfix/smtp[21117]: 43jX7X70Trz1FCYJ: to=<root@domain.tld>, orig_to=<root>, relay=email-server.domain.tld.                                                                                                                              [x.x.x.x]:25, delay=0.62, delays=0.05/0.02/0.46/0.09, dsn=2.0.0, status=sent (250 OK id=1glNCx-                                                                                                                               00012e-5N)
Jan 21 00:12:57 mx2 postfix/qmgr[14294]: 43jX7X70Trz1FCYJ: removed
Jan 21 00:20:22 mx2 postfix/postqueue[22526]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:20:25 mx2 postfix/postqueue[22541]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:20:27 mx2 postfix/postqueue[22558]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:20:58 mx2 postfix/postqueue[22593]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:21:29 mx2 postfix/postqueue[22745]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:21:59 mx2 postfix/postqueue[22778]: fatal: Connect to the Postfix showq service: Permission denied

Code: Select all

@mx2 ~]$ sudo cat /var/log/maillog | grep denied
Jan 20 23:27:14 mx2 MailScanner[13710]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:27:14 mx2 MailScanner[13710]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:27:19 mx2 MailScanner[13720]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:27:19 mx2 MailScanner[13720]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:27:24 mx2 MailScanner[13727]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:27:24 mx2 MailScanner[13727]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:27:29 mx2 MailScanner[13735]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:27:29 mx2 MailScanner[13735]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:28:07 mx2 postfix/postqueue[13848]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:28:38 mx2 postfix/postqueue[13868]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:29:10 mx2 postfix/postqueue[13918]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:29:41 mx2 postfix/postqueue[13935]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:29:46 mx2 postfix/postqueue[13949]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:29:48 mx2 postfix/postqueue[13963]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:30:19 mx2 postfix/postqueue[14011]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:30:50 mx2 postfix/postqueue[14025]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:31:05 mx2 MSMilter[14260]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:31:05 mx2 MSMilter[14260]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:32:03 mx2 MSMilter[14478]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:32:03 mx2 MSMilter[14478]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:33:03 mx2 MSMilter[14631]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:33:03 mx2 MSMilter[14631]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:34:03 mx2 MSMilter[14782]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:34:03 mx2 MSMilter[14782]: Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc (Error: DBI connect('database=mailscanner;host=localhost','mailwatch',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied") at /usr/share/MailScanner/perl/custom/MailWatch.pm line 97.
Jan 20 23:34:21 mx2 postfix/postqueue[14821]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:34:54 mx2 postfix/postqueue[14858]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:35:26 mx2 postfix/postqueue[14997]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:35:58 mx2 postfix/postqueue[15016]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:36:29 mx2 postfix/postqueue[15165]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:37:01 mx2 postfix/postqueue[15184]: fatal: Connect to the Postfix showq service: Permission denied
Jan 20 23:37:32 mx2 postfix/postqueue[15325]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:20:22 mx2 postfix/postqueue[22526]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:20:25 mx2 postfix/postqueue[22541]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:20:27 mx2 postfix/postqueue[22558]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:20:58 mx2 postfix/postqueue[22593]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:21:29 mx2 postfix/postqueue[22745]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:21:59 mx2 postfix/postqueue[22778]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:22:30 mx2 postfix/postqueue[22930]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:23:01 mx2 postfix/postqueue[22964]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:23:32 mx2 postfix/postqueue[23114]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:24:04 mx2 postfix/postqueue[23270]: fatal: Connect to the Postfix showq service: Permission denied
Jan 21 00:24:34 mx2 postfix/postqueue[23312]: fatal: Connect to the Postfix showq service: Permission denied
[@mx2 ~]$

Attachments
top.PNG
top.PNG (56.52 KiB) Viewed 2275850 times
web.PNG
web.PNG (45.25 KiB) Viewed 2275854 times
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

@Alleyviper, are you performing a git clone of the master branch, and are you doing it while you are in the /root home?
Yes Shawn, first I tried the git clone and just cloned it from root home. then I´ve tried the normal build with all the issues reported on previous post.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

@Alleyviper

I'm not sure why devbuild.sh isn't working for you except that the git clone must reside exactly in /root/v4/. It is failing because your spec files are not located at /root/v4/rpmbuild/SPECS/

As for test building, did you happen to log the entire build process?

Code: Select all

logsave build.log ./build.bash testing
If not, I need you to do that so I can see why your build is failing hard.
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

Hi Shawn,

Installation in progress. I will update this post with the log


1) Centos 7 Version (I cannot change it - Available by cloud provider)

Code: Select all

[root@vm ~]# cat /etc/*elease
CentOS Linux release 7.6.1810 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.6.1810 (Core)
CentOS Linux release 7.6.1810 (Core)
[root@vm ~]#

2) Logged in as root and performed the installation as follows

Code: Select all

wget https://dl.efa-project.org/build/4/build.bash
chmod +x build.bash
sudo logsave build.log ./build.bash testing
3) Here goes the build log

Code: Select all

https://drive.google.com/file/d/1YZpndg11SU95aSe__ENCIyv9vdpMJIbY/view?usp=sharing
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

@Alleyviper

Your issue appears to be that SELinux is disabled. This is causing a bunch of problems during the build because SELinux policies aren't getting applied.

Can you enable it before building and try again?
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

@Alleyviper

Your issue appears to be that SELinux is disabled. This is causing a bunch of problems during the build because SELinux policies aren't getting applied.

Can you enable it before building and try again?
Hi Shawn,

For sure, on it. :) In a few I will return with feedback

One question: SELinux in what mode - Permissive or Enforcing?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

permissive is fine
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

1) Checked SELINUX Status

Code: Select all

[root@vm ~]# getenforce
Disabled
[root@vm1 ~]# sestatus
SELinux status:                 disabled
[root@vm ~]#
2) Changed SELINUX=disabled to SELINUX=permissive

Code: Select all

vi /etc/sysconfig/selinux

Code: Select all

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

3) Rebooted the system and rechecked SELINUX Status

Code: Select all

[root@vm ~]# getenforce
Permissive
[root@vm ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[root@vm ~]#
4) Launched new build and saved the log.

Code: Select all

wget https://dl.efa-project.org/build/4/build.bash
chmod +x build.bash
sudo logsave build.log ./build.bash testing
5) Waiting.... :whistle: (In a few I will provide more feedback)

6) Almost there

7) It´s working :violin:
Attachments
ok.PNG
ok.PNG (54.4 KiB) Viewed 2275819 times
conf.PNG
conf.PNG (35.43 KiB) Viewed 2275822 times
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

Hi Shawn,

Is this normal on Greylist?

Code: Select all

Error in the query: Table 'sqlgrey.connect' doesn't exist
Thanks for the help by the way
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

Try restarting sqlgrey and see if that helps.

Code: Select all

sudo systemctl restart sqlgrey
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

Try restarting sqlgrey and see if that helps.
CODE: SELECT ALL

sudo systemctl restart sqlgrey
Yep, something is not right:

Code: Select all

[users@mx2 ~]$ sudo systemctl restart sqlgrey
Job for sqlgrey.service failed because a configured resource limit was exceeded. See "systemctl status sqlgrey.service" and "journalctl -xe" for details.
[cloudns@mx2 ~]$

Code: Select all

[user@mx2 ~]$ sudo systemctl status sqlgrey
● sqlgrey.service - SQLgrey Postfix Grey-listing Policy service
   Loaded: loaded (/usr/lib/systemd/system/sqlgrey.service; enabled; vendor preset: disabled)
   Active: failed (Result: resources) since Mon 2019-01-21 04:31:35 WET; 1min 22s ago
  Process: 17094 ExecStart=/usr/sbin/sqlgrey -d (code=exited, status=0/SUCCESS)
 Main PID: 16905 (code=exited, status=1/FAILURE)

Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: Resolved [localhost]:2501 to [::1]:2501, IPv6
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: Binding to TCP port 2501 on host ::1 with IPv6
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: 2019/01/21-04:31:35 Can't connect to TCP port 2501 on ::1 [Cannot assign requested address]
                                                 at line 68 in file /usr/share/perl5/vendor_perl/Net/Server/Proto/TCP.pm
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: 2019/01/21-04:31:35 Server closing!
Jan 21 04:31:35 mx2.domain.tld systemd[1]: PID file /var/run/sqlgrey.pid not readable (yet?) after start.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: sqlgrey.service never wrote its PID file. Failing.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: Failed to start SQLgrey Postfix Grey-listing Policy service.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: Unit sqlgrey.service entered failed state.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: sqlgrey.service failed.
[user@mx2 ~]$

Code: Select all

[user@mx2 ~]$ systemctl status sqlgrey.service
● sqlgrey.service - SQLgrey Postfix Grey-listing Policy service
   Loaded: loaded (/usr/lib/systemd/system/sqlgrey.service; enabled; vendor preset: disabled)
   Active: failed (Result: resources) since Mon 2019-01-21 04:31:35 WET; 3min 2s ago
  Process: 17094 ExecStart=/usr/sbin/sqlgrey -d (code=exited, status=0/SUCCESS)
 Main PID: 16905 (code=exited, status=1/FAILURE)

Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: Resolved [localhost]:2501 to [::1]:2501, IPv6
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: Binding to TCP port 2501 on host ::1 with IPv6
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: 2019/01/21-04:31:35 Can't connect to TCP port 2501 on ::1 [Cannot assign requested address]
                                                 at line 68 in file /usr/share/perl5/vendor_perl/Net/Server/Proto/TCP.pm
Jan 21 04:31:35 mx2.domain.tld sqlgrey[17095]: 2019/01/21-04:31:35 Server closing!
Jan 21 04:31:35 mx2.domain.tld systemd[1]: PID file /var/run/sqlgrey.pid not readable (yet?) after start.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: sqlgrey.service never wrote its PID file. Failing.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: Failed to start SQLgrey Postfix Grey-listing Policy service.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: Unit sqlgrey.service entered failed state.
Jan 21 04:31:35 mx2.domain.tld systemd[1]: sqlgrey.service failed.
[user@mx2 ~]$
</code]

Maillog

[code]
[user@mx2 ~]$ sudo tail -f /var/log/maillog
Jan 21 04:30:47 mx2 sqlgrey: 2019/01/21-04:30:47 Can't connect to TCP port 2501 on ::1 [Cannot assign requested address]#012  at line 68 in file /usr/share/perl5/vendor_perl/Net/Server/Proto/TCP.pm
Jan 21 04:30:47 mx2 sqlgrey: 2019/01/21-04:30:47 Server closing!
Jan 21 04:31:35 mx2 sqlgrey: Process Backgrounded
Jan 21 04:31:35 mx2 sqlgrey: 2019/01/21-04:31:35 sqlgrey (type Net::Server::Multiplex) starting! pid(17095)
Jan 21 04:31:35 mx2 sqlgrey: Resolved [localhost]:2501 to [127.0.0.1]:2501, IPv4
Jan 21 04:31:35 mx2 sqlgrey: Resolved [localhost]:2501 to [::1]:2501, IPv6
Jan 21 04:31:35 mx2 sqlgrey: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jan 21 04:31:35 mx2 sqlgrey: Binding to TCP port 2501 on host ::1 with IPv6
Jan 21 04:31:35 mx2 sqlgrey: 2019/01/21-04:31:35 Can't connect to TCP port 2501 on ::1 [Cannot assign requested address]#012  at line 68 in file /usr/share/perl5/vendor_perl/Net/Server/Proto/TCP.pm
Jan 21 04:31:35 mx2 sqlgrey: 2019/01/21-04:31:35 Server closing!
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA 4 beta

Post by shawniverson »

Looks like it trying to bind to ::1 and it cannot, probably because ipv6 is disabled in the instance.

Edit /etc/sqlgrey/sqlgrey.conf and add the following line:

Code: Select all

inet = 127.0.0.1:2501
Then start sqlgrey again.

Code: Select all

sudo systemctl start sqlgrey
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

1) Edited the file on:

Code: Select all

## Socket
# On which socket do SQLgrey wait for queries
# use the following if you need to bind on a public IP address
# inet = <public_ip>:2501
# to bind on a UNIX socket, use the following:
# unix = /path/to/socket
# default :
# inet = 2501    # bind to localhost:2501
To

Code: Select all

## Socket
# On which socket do SQLgrey wait for queries
# use the following if you need to bind on a public IP address
# inet = <public_ip>:2501
# to bind on a UNIX socket, use the following:
# unix = /path/to/socket
# default :
inet = 127.0.0.1:2501    # bind to localhost:2501
2) Checked ok

Code: Select all

[user@mx2 ~]$ sudo systemctl start sqlgrey
[user@mx2 ~]$ sudo systemctl status sqlgrey
● sqlgrey.service - SQLgrey Postfix Grey-listing Policy service
   Loaded: loaded (/usr/lib/systemd/system/sqlgrey.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-01-21 04:52:37 WET; 14s ago
  Process: 20081 ExecStart=/usr/sbin/sqlgrey -d (code=exited, status=0/SUCCESS)
 Main PID: 20082 (sqlgrey)
   CGroup: /system.slice/sqlgrey.service
           └─20082 /usr/bin/perl -w /usr/sbin/sqlgrey -d

Jan 21 04:52:37 mx2.domain.tld systemd[1]: Starting SQLgrey Postfix Grey-listing Policy service...
Jan 21 04:52:37 mx2.domain.tld  sqlgrey[20082]: Process Backgrounded
Jan 21 04:52:37 mx2.domain.tld  sqlgrey[20082]: 2019/01/21-04:52:37 sqlgrey (type Net::Server::Multiplex) starting! pid(20082)
Jan 21 04:52:37 mx2.domain.tld  sqlgrey[20082]: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jan 21 04:52:37 mx2.domain.tld  sqlgrey[20082]: Setting gid to "990 990"
Jan 21 04:52:37 mx2.domain.tld  sqlgrey[20082]: Setting uid to "993"
Jan 21 04:52:37 mx2.domain.tld  systemd[1]: Started SQLgrey Postfix Grey-listing Policy service.
[user@mx2 ~]$
3) On Mailwatch sqlgrey is working now.
Attachments
oksqlgrey.PNG
oksqlgrey.PNG (18.28 KiB) Viewed 2275796 times
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper »

Hi Shawn,

1) I confirm that SeLinux was disabled by default on clean Centos 7 on cloud provider - Need to have a check on that on the build;
2) I confirm that on EFAinit (web) I´ve selected "no" for IPV6 - Need to have some check on the build to change the inet if this selection is made;
3) I´ve changed mx priority for testing EFa4 and verify/var/log/mailog and emails are getting in :D
4) SQLgrey is working too

Code: Select all

Jan 21 05:07:13 mx2 postfix/smtpd[22827]: connect from mail-wm1-f52.google.com[209.85.128.52]
Jan 21 05:07:13 mx2 postfix/smtpd[22827]: Anonymous TLS connection established from mail-wm1-f52.google.com[209.85.128.52]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 21 05:07:14 mx2 sqlgrey: grey: new: 209.85.128(209.85.128.52), emails@gmail.com -> email@domain.tld
Jan 21 05:07:14 mx2 postfix/smtpd[22827]: NOQUEUE: reject: RCPT from mail-wm1-f52.google.com[209.85.128.52]: 451 4.7.1 <email@domain.tld>: Recipient address rejected: Greylisted for 5 minutes; from=<email@gmail.com> to=<email@domain.tld> proto=ESMTP helo=<mail-wm1-f52.google.com>
Jan 21 05:07:14 mx2 postfix/smtpd[22827]: disconnect from mail-wm1-f52.google.com[209.85.128.52] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
Attachments
websqllog.PNG
websqllog.PNG (17.1 KiB) Viewed 2275792 times
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson »

I Dont know what happens but i am missing the button Greylist after today
Emails are arriving no problem, just the button is disapeared.
i've tried to restart the

Code: Select all

sudo systemctl start sqlgrey
and even restart but nothing helps.
Attachments
Schermafbeelding 2019-01-21 om 15.11.28.png
Schermafbeelding 2019-01-21 om 15.11.28.png (26.36 KiB) Viewed 2275784 times
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk »

As we live in different time-zones and some of us need to sleep sometimes, except Shawn.., I did some changes to disable IPV6 today. :)

Unbound is just an example, so you need to modify the ip addresses/network/ Domain mask where used :!:
I still need to check the rpc ipv6, if its needed or not. EFA is up and running (Without IPV6)

disable ipv6 centos7 EFA

REMARK: I use the conventional naming on the interfaces aka eth(x) and not the ens(X) du the net.ifnames=0 boot kernel parameter
do not disable ipv6 in the boot options !!!
reboot when ready !!!

first check ipv6

Code: Select all

netstat -tunlp
ip addr show | grep net6
ifconfig -a | grep inet6
Chrony

Code: Select all

/etc/sysconfig/chronyd
# Command-line options for chronyd
#OPTIONS=""
OPTIONS="-4"

Code: Select all

systemctl restart chronyd

Code: Select all

ntpdate
/etc/sysconfig/ntpdate
# Options for ntpdate
#OPTIONS="-p 2"
OPTIONS="-4 -p 2"

network

Code: Select all

/etc/sysconfig/network
# Created by anaconda and henk
NETWORKING_IPV6=no
IPV6INIT=no
IPV6_AUTOCONF=no
DHCPV6=no
IPV6FORWARDING=no

interface

Code: Select all

/etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by parse-kickstart
IPV6INIT=no
IPV6_AUTOCONF=no
BOOTPROTO="none"
DEVICE=eth0
ONBOOT=yes
UUID=blalalala
TYPE=Ethernet
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
NAME="eth0"
IPADDR="172.16.1.15"
NETMASK="255.255.0.0"
GATEWAY="172.16.1.1"
DNS1="127.0.0.1"
#DNS2="::1"
ZONE=public

Disable ipv6

Code: Select all

vi /etc/sysctl.d/disableipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6= 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0

Code: Select all

sysctl -p

Code: Select all

sudo systemctl restart networking
set mailscanner to 443

Code: Select all

/var/www/html/mailscanner/.htaccess
Options -Indexes
Listen 0.0.0.0:443


Stil need to check if there are more ports or service needed and how to add dhcp bacula-client pop3 pop3s ntp :?:

Code: Select all

firewall-cmd --get-active-zones
public
interfaces: eth0

Code: Select all

firewall-cmd --get-default-zone
public

Code: Select all

firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry docker-swarm dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target jenkins kadmin kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls managesieve mdns minidlna mongodb mosh mountd ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh syncthing syncthing-gui synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server

Code: Select all

 firewall-cmd --zone=public --list-ports
443/tcp 587/tcp 80/tcp

Code: Select all

firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client http smtp
ports: 443/tcp 587/tcp 80/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Sellinux

Code: Select all

getenforce
Enforcing

Code: Select all

sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31

SSH

Code: Select all

/etc/ssh/ssh_config
# ssh_config(5) man page.
AddressFamily inet
# Host

Code: Select all

/etc/ssh/sshd_config
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
AddressFamily inet
ListenAddress 0.0.0.0

Code: Select all

/etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
#Listen 80
Listen 0.0.0.0:80

Add Servertokens OS Signaure and TraceEnable to ssl conf

Code: Select all

/etc/httpd/conf.d/ssl.conf
#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
Listen 443 https
ServerTokens OS
ServerSignature On
TraceEnable Off

SQLGREY

Code: Select all

/etc/sqlgrey/sqlgrey.conf
## Socket
# On which socket do SQLgrey wait for queries
# use the following if you need to bind on a public IP address
# inet = <public_ip>:2501
# to bind on a UNIX socket, use the following:
# unix = /path/to/socket
# default :
# inet = 2501 # bind to localhost:2501
inet = 127.0.0.1:2501

Code: Select all

sudo systemctl start sqlgrey
Postfix

Code: Select all

/etc/postfix/main.cf
inet_interfaces = $myhostname, localhost
# Enable IPv4, and IPv6 if supported
#inet_protocols = ipv4, ipv6
inet_protocols = ipv4

relayhost = [FQDN mail server]
#mynetworks = 127.0.0.0/8 [::1]/128
mynetworks = 127.0.0.0/8, 172.16.0.0/16

Code: Select all

/etc/postfix/transport
###### START eFa ADDED DOMAINS ######
private.lan smtp:[<<fqdn mail server>>]

Code: Select all

postmap /etc/postfix/transport

Code: Select all

/etc/postfix/header_checks
HEADER_CHECKS(5)
/^Received:\ from\ sansspam.private.lan\ \(localhost\ \[127.0.0.1/ IGNORE
#/^Received:\ from\ sansspam.private.lan\ \(localhost\ \[::1/ IGNORE

Code: Select all

/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.15 sansspam.private.lan sansspam

dovecot

Code: Select all

/etc/dovecot/dovecot.conf
Decide what protocols to use.
# Protocols we want to be serving.!!!
#protocols = imap pop3 lmtp
protocols = pop3

# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
listen = *


unbound

Code: Select all

/etc/unbound/conf.d/unbound.conf
# The server clause sets the main parameters.
server:
interface: 127.0.0.1
outgoing-interface: 172.16.1.15
do-ip4: yes
do-ip6: no
cache-min-ttl: 900
hide-identity: yes
hide-version: yes

private-domain: "private.lan."
private-address: 172.16.0.0/16

domain-insecure: "private.lan."

# control which clients are allowed to make (recursive) queries
access-control: 127.0.0.0/8 allow

# (this now fails on all GoDaddy customer domains, so disabled)
use-caps-for-id: no
local-zone: "17.172.in-addr.arpa." transparent

remote-control:
control-interface: 127.0.0.1

# Stub and Forward zones
forward-zone:
name: "private.lan"
forward-addr: 172.16.1.17 # SAMBA AD
forward-first: yes

forward-zone:
name: "17.172.in-addr.arpa."
forward-addr: 172.16.1.17 # SAMBA AD
forward-first: yes

Code: Select all

/etc/unbound/conf.d/forwarders.conf
forward-zone:
name: "."
forward-addr: 172.16.1.1
forward-first: yes


RPC? Need to check
[root@sansspam NetworkManager]# systemctl cat rpcbind.socket
# /usr/lib/systemd/system/rpcbind.socket
[Unit]
Description=RPCbind Server Activation Socket

[Socket]
ListenStream=/var/run/rpcbind.sock

# RPC netconfig can't handle ipv6/ipv4 dual sockets
BindIPv6Only=ipv6-only
ListenStream=0.0.0.0:111
ListenDatagram=0.0.0.0:111
ListenStream=[::]:111
ListenDatagram=[::]:111

[Install]
WantedBy=sockets.target

systemctl reboot
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
jkissane
Posts: 15
Joined: 14 Dec 2018 10:32

Re: EFA 4 beta

Post by jkissane »

Just tried an install of this into a fresh VM using the kickstart file, the install went ok although looks like it shut itself down rather than rebooting when it finished (wasn't watching it sorry). After I powered it on again, it went through the initial setup and looks to be alive & well. I was able to log in via both ssh & the web interface.
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk »

:clap: :clap: :clap: :clap: :clap: :clap:
Total download size: 1.2 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): eFa-4.0.0-5.eFa.el7.x86_64.rpm | 99 kB 00:00:00
(2/2): MailWatch-1.2.12-3.eFa.el7.x86_64.rpm | 1.1 MB 00:00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.1 MB/s | 1.2 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 1:MailWatch-1.2.12-3.eFa.el7.x86_64 1/4
Updating : 1:eFa-4.0.0-5.eFa.el7.x86_64 2/4

Preparing to update eFa...
checkmodule: loading policy configuration from /var/eFa/lib/selinux/eFa.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 19) to /var/eFa/lib/selinux/eFa.mod
Update completed successfully!
Cleanup : 1:eFa-4.0.0-4.eFa.el7.x86_64 3/4
Cleanup : 1:MailWatch-1.2.12-2.eFa.el7.x86_64 4/4
Verifying : 1:MailWatch-1.2.12-3.eFa.el7.x86_64 1/4
Verifying : 1:eFa-4.0.0-5.eFa.el7.x86_64 2/4
Verifying : 1:eFa-4.0.0-4.eFa.el7.x86_64 3/4
Verifying : 1:MailWatch-1.2.12-2.eFa.el7.x86_64 4/4

Updated:
MailWatch.x86_64 1:1.2.12-3.eFa.el7 eFa.x86_64 1:4.0.0-5.eFa.el7

Complete!
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk »

jamerson wrote: 21 Jan 2019 14:54 I Dont know what happens but i am missing the button Greylist after today
Emails are arriving no problem, just the button is disapeared.
i've tried to restart the

Code: Select all

sudo systemctl start sqlgrey
and even restart but nothing helps.
I have the same issue, no errors whatsover. Did you also run yum update today?
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Post Reply