EFA 4 beta

Testing of eFa 4
jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 21 Jan 2019 21:28

henk wrote:
21 Jan 2019 20:38
jamerson wrote:
21 Jan 2019 14:54
I Dont know what happens but i am missing the button Greylist after today
Emails are arriving no problem, just the button is disapeared.
i've tried to restart the

Code: Select all

sudo systemctl start sqlgrey
and even restart but nothing helps.
I have the same issue, no errors whatsover. Did you also run yum update today?
yes, yesterday we fixed some repo and had to upload the new repo with yum update.
the MailWatch update overwrote functions.php a new update will be released tonight so you the issue will be fixed.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

User avatar
shawniverson
Posts: 2814
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 21 Jan 2019 21:30

This missing greylist came from yesterday's update, so, I added it to the issue list and and going to prepare a fix
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

henk
Posts: 383
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk » 21 Jan 2019 21:37

Just found this about rpc bind
https://access.redhat.com/solutions/2798411

Code: Select all

dracut -v -f 
systemctl reboot

Code: Select all

systemctl status rpcbind.socket
About sqlgrey
in maillog

Jan 21 21:42:56 sansspam sqlgrey: Couldn't unlink "/var/run/sqlgrey.pid" [Permission denied]
Jan 21 21:45:30 sansspam sqlgrey: Process Backgrounded
Jan 21 21:49:41 sansspam sqlgrey: dbaccess: can't connect to DB: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2 "No such file or directory")
Jan 21 21:49:41 sansspam sqlgrey: dbaccess: error: couldn't get now() from DB: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2 "No such file or directory")
Jan 21 21:49:41 sansspam sqlgrey: dbaccess: can't connect to DB: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2 "No such file or directory")
Jan 21 21:49:41 sansspam sqlgrey: dbaccess: error: couldn't access config table: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2 "No such file or directory")

[root@sansspam mysql]# systemctl status sqlgrey
● sqlgrey.service - SQLgrey Postfix Grey-listing Policy service
Loaded: loaded (/usr/lib/systemd/system/sqlgrey.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-01-21 22:26:08 CET; 6min ago
Process: 5304 ExecStart=/usr/sbin/sqlgrey -d (code=exited, status=0/SUCCESS)
Main PID: 5680 (sqlgrey)
CGroup: /system.slice/sqlgrey.service
└─5680 /usr/bin/perl -w /usr/sbin/sqlgrey -d

Jan 21 22:26:08 sansspam.private.lan sqlgrey[5680]: Process Backgrounded
Jan 21 22:26:08 sansspam.private.lan sqlgrey[5680]: 2019/01/21-22:26:08 sqlgrey (type Net::Server::Multiplex) starting! pid(5680)
Jan 21 22:26:08 sansspam.private.lan sqlgrey[5680]: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jan 21 22:26:08 sansspam.private.lan sqlgrey[5680]: Setting gid to "989 989"
Jan 21 22:26:08 sansspam.private.lan sqlgrey[5680]: Setting uid to "992"
Jan 21 22:26:08 sansspam.private.lan systemd[1]: Started SQLgrey Postfix Grey-listing Policy service.
Jan 21 22:26:09 sansspam.private.lan sqlgrey[5680]: dbaccess: can't connect to DB: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2 "No suc...directory")
Jan 21 22:26:09 sansspam.private.lan sqlgrey[5680]: dbaccess: error: couldn't get now() from DB: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.so...directory")
Jan 21 22:26:09 sansspam.private.lan sqlgrey[5680]: dbaccess: can't connect to DB: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2 "No suc...directory")
Jan 21 22:26:09 sansspam.private.lan sqlgrey[5680]: dbaccess: error: couldn't access config table: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql....directory")
Hint: Some lines were ellipsized, use -l to show in full.


Check mysqlserver
I noticed the mysql settings twice in mariadb-server.cnf. I do not remember adding parameters manual, can you check this in your build?
mariadb-server.cnf

Notice the space on position 1

# This group is only read by MariaDB-10.1 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.1]
innodb-defragment = 1
innodb_buffer_pool_instances = 1
innodb_buffer_pool_size = 1G
innodb_file_per_table = 1
innodb_log_buffer_size = 32M
innodb_log_file_size = 125M
join_buffer_size = 512K
key_cache_segments = 4
max_allowed_packet = 16M
max_heap_table_size = 32M
query_cache_size = 0M
query_cache_type = OFF
read_buffer_size = 2M
read_rnd_buffer_size = 1M
skip-external-locking
skip-host-cache
sort_buffer_size = 4M
thread_cache_size = 16
tmp_table_size = 32M
bind-address = 127.0.0.1
innodb-defragment = 1
innodb_buffer_pool_instances = 1
innodb_buffer_pool_size = 1G
innodb_file_per_table = 1
innodb_log_buffer_size = 32M
innodb_log_file_size = 125M
join_buffer_size = 512K
key_cache_segments = 4
max_allowed_packet = 16M
max_heap_table_size = 32M
query_cache_size = 0M
query_cache_type = OFF
read_buffer_size = 2M
read_rnd_buffer_size = 1M
skip-external-locking
skip-host-cache
sort_buffer_size = 4M
thread_cache_size = 16
tmp_table_size = 32M

I just Shawn's post about the issue, but still it usefull info, I think ;)
I will be back,tomorrow.

User avatar
shawniverson
Posts: 2814
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 21 Jan 2019 22:17

Also build/update related and will include fixes.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

Alleyviper
Posts: 69
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper » 21 Jan 2019 22:51

Hi there,

Are updates to the build available with yum update?

User avatar
shawniverson
Posts: 2814
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 22 Jan 2019 02:43

Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

Alleyviper
Posts: 69
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper » 22 Jan 2019 02:57

Alleyviper wrote:
21 Jan 2019 22:51
Hi there,

Are updates to the build available with yum update?

Got it
Note: yum update and yum-cron are now being tested moving forward in the testing repo.

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 22 Jan 2019 10:14

after the update of 22 jan 2019 ( included CLAM AV ) see below, emails are delayet released and the greylist is holding like 130 emails for over 24 hr and did not released them yet.
what i noticed is the Clam Av version is not showen on the services

Code: Select all

MailWatch Version: 1.2.12

Operating System Version: CentOS Linux 7 (Core)

MailScanner Version: 5.1.3

ClamAV Version: 

SpamAssassin Version: 3.4.2 

PHP Version: 7.2.14

MySQL Version: 10.1.35-MariaDB

GeoIP Database Version: GeoLite2 Country database 2019-01-15 16:42:37
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

User avatar
shawniverson
Posts: 2814
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 22 Jan 2019 11:32

Looks like a clam update came down and reset permissions on the /var/run/clamd.scan :think:

Rebooting takes care of it, but that another thing that needs fixed...
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 22 Jan 2019 11:36

shawniverson wrote:
22 Jan 2019 11:32
Looks like a clam update came down and reset permissions on the /var/run/clamd.scan :think:

Rebooting takes care of it, but that another thing that needs fixed...
Hi Shwniverson,
i've rebooted the box but it still the same, emails hangs there now forever :)
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

Alleyviper
Posts: 69
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper » 22 Jan 2019 11:37

Hi there,

Had the same issue and detected the same thing :ugeek:

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 22 Jan 2019 12:00

Alleyviper wrote:
22 Jan 2019 11:37
Hi there,

Had the same issue and detected the same thing :ugeek:
rebooting the box appear to fix it, however it will be fixed in the next

Code: Select all

yum-updates
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

Alleyviper
Posts: 69
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper » 22 Jan 2019 12:12

Hi there,

But yum updates are already available?
Checked. Not yet :naughty:

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 22 Jan 2019 12:23

Alleyviper wrote:
22 Jan 2019 12:12
Hi there,

But yum updates are already available?
Checked. Not yet :naughty:
they are not yet availble, probably tonight.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

henk
Posts: 383
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk » 22 Jan 2019 16:42

I reverted the yum update from yesterday. Changed the next things ending up in a working version
One error left: Jan 22 16:34:07 sansspam sqlgrey: Couldn't unlink "/var/run/sqlgrey.pid" [Permission denied])

1. Change user apache to php-fpm in sudoers ( commit 12ae1becaea958f5f206b59667d2b996659edf2b on github)

Code: Select all

sed -i 's/apache/php-fpm/' /etc/sudoers.d/mailwatch
2. Set dependency on mariadb.service for sqlgray

Code: Select all

/etc/systemd/system/multi-user.target.wants/sqlgrey.service
[Unit]
Description=SQLgrey Postfix Grey-listing Policy service
After=syslog.target network.target mariadb.service

[Service]
Type=forking
PIDFile=/var/run/sqlgrey.pid
ExecStart=/usr/sbin/sqlgrey -d

[Install]
WantedBy=multi-user.target

3. Set dependency on mailscanner.service for msmilter.service

Code: Select all

/etc/systemd/system/multi-user.target.wants/msmilter.service
[Unit]
Description=LSB: MSMilter daemon
Documentation=man:systemd-sysv-generator(8)
SourcePath=/usr/lib/MailScanner/init/msmilter-init
After=network-online.target remote-fs.target rsyslog.service mailscanner.service
Wants=network-online.target

[Service]
Type=forking
Restart=no
TimeoutSec=1min
IgnoreSIGPIPE=no
KillMode=process
GuessMainPID=no
RemainAfterExit=yes
ExecStart=/usr/lib/MailScanner/init/msmilter-init start
ExecStop=/usr/lib/MailScanner/init/msmilter-init stop
EnvironmentFile=-/etc/MailScanner/defaults
PIDFile=/var/run/MSMilter.pid

[Install]
WantedBy=multi-user.target

4. Change root to valid user in aliases

Code: Select all

/etc/aliases
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
#postmaster: root
postmaster: validuser@yourdomain.lan
make active

Code: Select all

newaliases

5. Needed to fix the rpc-bind issue, since I reverted the updates from yesterday.

Code: Select all

systemctl daemon-reload
dracut -v -f  && systemctl reboot
Usefull note.

Remove all non relevant ifcfg* files from /etc/sysconfig/network-scripts as networkmanager will try to load extensions ( like .bak or .sav or .henk etc)
So if you want to backup an interface, save it in a different director

henk
Posts: 383
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk » 22 Jan 2019 22:03

As sqlgrey has no permissions in /var/run, just create a sqlgrey dir with sufficient permissions for sqlgrey.
the mariadb.service dependency is also need on boot as mentioned earlier.
The Err message on stopping the service : efa4 sqlgrey: Couldn't unlink "/var/run/sqlgrey.pid" [Permission denied]

Code: Select all

/etc/sqlgrey/sqlgrey.conf
## PID
# where to store the process PID
# pidfile = /var/run/sqlgrey.pid
pidfile = /var/run/sqlgrey/sqlgrey.pid

Code: Select all

mkdir /var/run/sqlgrey
chown -R sqlgrey:sqlgrey /var/run/sqlgrey
Now change the pidfile location to the new location

Code: Select all

/etc/systemd/system/multi-user.target.wants/sqlgrey.service
[Unit]
Description=SQLgrey Postfix Grey-listing Policy service
After=syslog.target network.target mariadb.service

[Service]
Type=forking
PIDFile=/var/run/sqlgrey/sqlgrey.pid
ExecStart=/usr/sbin/sqlgrey -d

[Install]
WantedBy=multi-user.target

Code: Select all

systemctl daemon-reload
systemctl restart sqlgrey

User avatar
shawniverson
Posts: 2814
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 22 Jan 2019 23:22

Dr. is in. Reviewing and preparing list of new issues to tackle :D
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 23 Jan 2019 00:42

shawniverson wrote:
22 Jan 2019 23:22
Dr. is in. Reviewing and preparing list of new issues to tackle :D
Dr. we need the medicine :) :clap: :clap: :clap:
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

User avatar
shawniverson
Posts: 2814
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 23 Jan 2019 04:43

Repo updated with new fixes.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 23 Jan 2019 09:51

shawniverson wrote:
23 Jan 2019 04:43
Repo updated with new fixes.
The medcine works :)

Code: Select all

MailWatch Version: 1.2.12

Operating System Version: CentOS Linux 7 (Core)

MailScanner Version: 5.1.3

ClamAV Version: 0.101.1 

SpamAssassin Version: 3.4.2 

PHP Version: 7.2.14

MySQL Version: 10.1.35-MariaDB

GeoIP Database Version: GeoLite2 Country database 2019-01-15 16:42:37 
however on the admin email we keep recieving this error
from (Cron Daemon) <root@efa.org>

Code: Select all

/etc/cron.hourly/mailwatch_relay.sh:

/usr/bin/php -q /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_postfix_relay.php
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

henk
Posts: 383
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk » 23 Jan 2019 11:17

it's a miracle, the speed of changes. In one word: amazing :clap:
Reverted and applyed to yum update.

Preparing to update eFa...
checkmodule: loading policy configuration from /var/eFa/lib/selinux/eFa.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 19) to /var/eFa/lib/selinux/eFa.mod
Error updating eFa, Please visit https://efa-project.org to report the error.
warning: %post(eFa-1:4.0.0-7.eFa.el7.x86_64) scriptlet failed, exit status 1
Non-fatal POSTIN scriptlet failure in rpm package 1:eFa-4.0.0-7.eFa.el7.x86_64

Since it was non fatal I continued:
The important line: warning: /etc/clamd.d/scan.conf created as /etc/clamd.d/scan.conf.rpmnew

Code: Select all

Mailscanner --debug --lint
Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 2159.

Code: Select all

/etc/clamd.d/scan.conf.rpmnew
shows new entries:
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
#LocalSocketGroup virusgroup

Just learned that x generates a red X
getent group
clamupdate:x:994:clamscan
virusgroup:x:993:clamupdate,clamscan
apache:x:48:
php-fpm:x:991:
clamscan:x:990:
postfix:x:89:
mtagroup:x:1000:clamscan,postfix,mail,apache,php-fpm

tempFix to proceed testing:
chown -R clamscan:mtagroup /var/run/clamd.scan

Code: Select all

spamassassin --debug --lint
Jan 23 11:46:23.506 [1839] dbg: rules: ran body rule __BODY_TEXT_LINE ======> got hit: "I"
...
Jan 23 11:46:23.575 [1839] dbg: rules: ran body rule __LOWER_E ======> got hit: "e"
Jan 23 11:46:23.575 [1839] dbg: rules: ran body rule __LOWER_E ======> got hit: "e"
....
To avoid the looping test

Code: Select all

/etc/mail/spamassassin/local.cf 
meta __E_LIKE_LETTER (0)
meta __LOWER_E (0)

Now login thru the GUI
By changing the mpm_prefork_module to mpm_event_module in /etc/httpd/conf.modules.d/00-mpm.conf the mpm warnings are gone! :violin:
Also the strange behaviour of the Gui is solved :clap:

Not able to view MailScanner configuration In Mozilla. Logout with message: your session timed out
Mozilla private window works. Chrome also work fine

## Update: on a different pc Mozilla works fine, ( before you will ask me: yes the OS versions are the same and also the brouwer version match)

Will continue testing

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 24 Jan 2019 22:43

I noticed the "  file.name.pdf" are blocked
Would love to get this fixed in the next medicine.

Thank you for the hard working.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

vervoto1
Posts: 4
Joined: 24 Feb 2015 07:17

Re: EFA 4 beta

Post by vervoto1 » 26 Jan 2019 20:05

found a typo in the postfix master.cf

smtpd_sasl_security_options
-o smtpd_sasl_security_options=noanaonymous

is generating an error when a server from the LAN wants to connect..

change to noanonymous and it works like a charm.

Found another one in the first Init.. if the machine is running LXC under a vmware machine that does not have an RTC the init script fails as timedatectl returns an error.. if you comment out the 2 'timedatectl' lines below in /usr/sbin/eFa-commit it works.. bit of a dirty workaround though

Code: Select all

if [[ $configtzone -eq 1 ]]; then
  virtplatform=`/usr/sbin/virt-what`

  [ $verbose -eq 1 ] && echo -e "$green[eFa]$clean - Configure timezone"
  if [[ "$virtplatform" != "lxc" ]]; then                            
    if [[ $ISUTC -eq true || $ISUTC -eq 1 ]]; then                   
                                                                     
#      timedatectl set-local-rtc 1           
      [ $? -ne 0 ] && exit 1                                         
    else                                                             
#      timedatectl set-local-rtc 0    
      [ $? -ne 0 ] && exit 1                                         
    fi                                                               
  fi

User avatar
shawniverson
Posts: 2814
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 26 Jan 2019 20:17

Thanks for update, adding to the next round of fixes :D hopefully we'll have an RC2 ready here soon and can start adding back some features...
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

jamerson
Posts: 130
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA 4 beta

Post by jamerson » 27 Jan 2019 12:56

shawniverson wrote:
26 Jan 2019 20:17
Thanks for update, adding to the next round of fixes :D hopefully we'll have an RC2 ready here soon and can start adding back some features...
is this related to the outbound ?
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

Post Reply