Mail Toaster 6
Home Page: https://github.com/msimerson/Mail-Toaster-6/wiki
License: BSD 3-Clause "New" or "Revised" License
Mail Toaster version 6
To build a Mail Toaster, start here
Hi, after updating FreeBSD from 10.2 to 10.3, running pkg update followed by Mail Toaster update instructions:
sudo sh
. mail-toaster.sh
provision host
provision base
update all jails in order as shown in https://github.com/msimerson/Mail-Toaster-6/wiki/Jails
After completion, mail doesn't come in, and no one can login. Dovecot is not running which explains login issue.
Entering jail dovecot
/sbin/mount_nullfs /usr/ports /jails/dovecot/usr/ports
/sbin/mount_nullfs /var/cache/pkg /jails/dovecot/var/cache/pkg
0 problem(s) in the installed packages found.
[root@dovecot ~]# /usr/local/etc/rc.d/dovecot start
==Error==
Config file /data/etc/dovecot.conf does not exist. If this is
a new installation, please create the config files as outlined in
# pkg info -D dovecot2
/usr/local/etc/rc.d/dovecot: WARNING: /data/etc/dovecot.conf is not readable.
/usr/local/etc/rc.d/dovecot: WARNING: failed precmd routine for dovecot
The only dovecot.conf is found in:
/usr/local/etc/dovecot/example-config/dovecot.conf
No mail comes in because haraka is not running:
Entering jail haraka
/sbin/mount_nullfs /usr/ports /jails/haraka/usr/ports
/sbin/mount_nullfs /var/cache/pkg /jails/haraka/var/cache/pkg
jexec: jail "haraka" not found
jexec: jail "haraka" not found
all done!
/sbin/umount /jails/haraka/usr/ports
/sbin/umount /jails/haraka/var/cache/pkg
Please post fix for all of this as soon as possible.
Thanks.
You talk about services instead of servers. Where do all these 'pools' of services reside?
CLOSE
Dovecot used to depend on the vchkpw file being present to determine if vpopmail was available:
===> dovecot2-2.2.21 depends on file: /usr/local/vpopmail/bin/vchkpw - found
Now it instead depends on the vpopmail package being installed.
===> dovecot2-2.2.26.0_1 depends on package: vpopmail>=0 - not found
This is causing vpopmail and its dependency chain to get installed from sources and takes much longer than being installed by packages.
- Make vpopmail depend on vpopmail-the-package, instead of
vchkpw-the-silly-looking-path-under-LOCALBASE
https://github.com/haraka/Haraka/blob/master/Changes
msimerson update release date
Looks like your changes:
2.8.11 - Nov 24, 2016
**dkim_sign: per-domain key finding fixed #1707**provision haraka about 1 hour ago. SSDD
Hi Matt,
Serving multiple domains for our MT6 Servers. Certs are in /etc/ssl/certs/domainname.tld/
An SSL cert is expiring. Altered the domainname.pem to include the new crt sent by CA. Restarted nginx browsed to the server, found the ssl cert dates were that of old certificate. Restarted haproxy, same result.
In /etc/ssl/certs/domainname mv domain.tld.pem to newpem.domainname and restarted nginx. Same result where we should have seen ssl handshake error since the cert for the domain has incorrect name.
In /jails/haproxy/etc/ssl/private also have the domainname.pem files. Tried mv domainname.pem to newsdomainpem.new and restart haproxy. Same result, browsing mail.domainname.tld and viewing certificate is the same. Displays the original expiry date.
I am at a loss as to what is usingthe pem files and cannot update ssl certs.
What is the correct location for the .pem files for domains?
Thanks.
Found emails sent out of our smtp MT6 server were being rejected. The cause is invalid HELO name (haraka). Just a suggestion, you ought to get fqdn in /etc/rc.conf in the haraka jail.
H=smtpd.mydomain.tld (haraka) [XX.193.XXX.23]:57062 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected MAIL [email protected]: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
Once I changed /etc/rc.conf hostname= to fqdn, no mail is rejected.
What would be the best method for customization of the base jail?
For example:
Mysql with ZFS can be optimized, specially when working with InnoDB tables
See this reference: https://www.patpro.net/blog/index.php/2014/03/09/2617-mysql-on-zfs-on-freebsd/
So what needs to be done:
Hi, I am wondering if you can help find out why legit email sent from our servers is considered spam by google.
Just had an email sent to my email address (which is in haraka server) from one of our cpanel servers. Without showing all the headers would the following Karma scoring be enough to tell?
X-Haraka-Karma: score: 2, good: 2, bad: 28, connections: 61, history: -26, awards: 004,005,086,100,131,182,256
The mail with the above Karma score did not end up in my spam by the way. But the very same email when sent to a client from the same cpanel server ends up in spam.
Thanks.
It would be good to update the ClamAV build script to use the latest unofficial release.
Please explain a little better on what both positive and negative values do.
example:
181 = data.headers | fail | match | from_match | -1 | Envelope From does not match Message From:
182 = data.headers | pass | match | from_match | 1 | Envelope From matches Message From:
183 = data.headers | fail | equals | UA | -1 | Uncommon MUA
184 = data.headers | fail | match | direct-to-mx | -1 | Not relayed
185 = data.headers | fail | match | missing | -1 | Missing a required header
-1 = a bad hit ? The sender gets a -1 added to their karma score and if the total score goes to either -8 or -9 mail is reject with very bad karma? If yes, do the positive and negative apply to everything in karma.ini?
Installed Mail-Toaster 6 in a FreeBSD 10.3 vm.
Since our current Mail-Toaster is not working, logged into old Mail-Toaster server ran:
#jailmanage mysql
mysqldump vpopmail > /root/vpopmaill.sql
Rsync'd the vpopmail.sql to new Mail-Toaster Server and ran:
#jailmanage mysql
#mysql vpopmail < vpopmail.sql
However running #~vpopmail/bin/vuserinfo [email protected] displays no such user
Vpopmail db definitely has the users and domains when running jailmanage mysql, #mysql vpopmail,
mysql> select * from vpopmail;
All domains/users and clear passwords are displayed.
Why then when running ~vpopmail/bin/vuserinfo [email protected] show as no such user??
Please help.
Thank you.
When trying to re-provision Haraka the process doesn;t complete:
.
.
.
*** starting haraka ***
sysrc -R /jails/stage haraka_enable=YES
haraka_enable: -> YES
haraka_flags: -> -c /usr/local/haraka
jexec stage service haraka start
loaded TLD files: 1=1490 2=5990 3=2318
loaded 8040 Public Suffixes
loglevel: LOGINFO
Starting up Haraka version 2.8.8
[INFO] [-] [core] Loading plugins
[INFO] [-] [core] Loading plugin: process_title
[INFO] [-] [core] Loading plugin: log.syslog
[INFO] [-] [core] Loading plugin: access
[INFO] [-] [access] skipping helo.checks.regexps
[INFO] [-] [core] Loading plugin: connect.p0f
[INFO] [-] [core] Loading plugin: connect.geoip
[INFO] [-] [connect.geoip] provider maxmind with 6 DBs
[INFO] [-] [core] Loading plugin: connect.fcrdns
[INFO] [-] [core] Loading plugin: dnsbl
[INFO] [-] [core] Loading plugin: helo.checks
[INFO] [-] [core] Loading plugin: tls
[INFO] [-] [core] Loading plugin: auth/auth_vpopmaild
[INFO] [-] [core] Loading plugin: mail_from.is_resolvable
[INFO] [-] [core] Loading plugin: spf
[INFO] [-] [core] Loading plugin: rcpt_to.qmail_deliverable
[INFO] [-] [core] Loading plugin: bounce
[INFO] [-] [core] Loading plugin: data.headers
[INFO] [-] [core] Loading plugin: data.uribl
[INFO] [-] [core] Loading plugin: attachment
[INFO] [-] [core] Loading plugin: clamd
[INFO] [-] [clamd] Loading excludes file
[INFO] [-] [core] Loading plugin: avg
[INFO] [-] [core] Loading plugin: spamassassin
[INFO] [-] [core] Loading plugin: rspamd
[INFO] [-] [core] Loading plugin: dkim_sign
[INFO] [-] [core] Loading plugin: karma
[INFO] [-] [core] Loading plugin: queue/smtp_forward
[INFO] [-] [core] Loading plugin: limit
[INFO] [-] [core] Loading plugin: watch
[INFO] [-] [core] Loading plugin: redis
*** waiting for Haraka to start listeners ***
*** testing Haraka ***
The process stops ^^^^
Created new VM and installed MT6 this time using FreeBSD 10.2 ISO.
Everything but monitor jail installed.
Jailmange vpopmail and ~vpopmail/bin/vuserinfo [email protected] works
JID IP Address Hostname Path
1 172.16.15.3 dns /jails/dns
2 172.16.15.4 mysql /jails/mysql
4 172.16.15.15 dovecot /jails/dovecot
5 172.16.15.10 webmail /jails/webmail
6 172.16.15.12 haproxy /jails/haproxy
7 172.16.15.5 clamav /jails/clamav
8 172.16.15.14 avg /jails/avg
9 172.16.15.16 redis /jails/redis
10 172.16.15.13 rspamd /jails/rspamd
11 172.16.15.17 geoip /jails/geoip
12 172.16.15.6 spamassassin /jails/spamassassin
13 172.16.15.9 haraka /jails/haraka
15 172.16.15.8 vpopmail /jails/vpopmail
Problem is no one can login:
Nov 1 08:20:26 dovecot dovecot: imap-login: Disconnected (auth failed, 1 attempts in 17 secs): user=[email protected], method=CRAM-MD5, rip=xx.xxx.xx.xx, lip=172.16.15.15, TLS, session=
What has to be fixed?
An option should make it possible to have a shared PHP provisioned jail for:
Reason is, on servers with a reduced amount of RAM, you don't waste memory.
This should be option if you want independent jails this should be an option (if they are not depending on Mysql...)
#provision haraka
.
.
.
Stopping jails:.
jail -r haraka
zroot/data/haraka filesystem exists
zroot/jails/haraka.last filesystem exists
zfs destroy zroot/jails/haraka.last
zroot/jails/haraka filesystem exists
zfs rename zroot/jails/haraka zroot/jails/haraka.last
zfs rename zroot/jails/haraka.ready zroot/jails/haraka
*** haraka already in /etc/jail.conf ***
*** service jail start haraka ***
Starting jails: cannot start jail "haraka":
jail: haraka: mount: /jails/haraka/data/avg: No such file or directory
.
Success! A new 'haraka' jail is provisioned
Send mail to [email protected]
It comes back with
DKIM check: neutral
Result: neutral (message not signed)
The dkim_sign is enabled in plugins
dkim_sign.ini contains:
disabled = no
#selector = mail
#domain = example.com
headers_to_sign = From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version
Why then is mail not dkim signed?
How would one have a setup where there are several mt6 servers and if anyone of the servers failed, the other servers would be performing all functions just as if no server failed and users would not know anything failed.
Obviously the downed server would have to be replaced but no mail services would stop being available.
I would think yahoo and gmail amoungst others have their mail systems set up like this.,
Run initial commands and provision haraka
mail-toaster.sh 100% of 18 kB 6460 kBps 00m00s
loading config from mail-toaster.conf
mysql enabled
toaster host: mxbt1.barontel.com
email domain: barontel.com
shell: /bin/csh
safe name: stage
loading config from mail-toaster.conf
mysql enabled
toaster host: mxbt1.barontel.com
email domain: barontel.com
shell: /bin/csh
safe name: stage
provision-host.sh 100% of 8412 B 12 MBps 00m00s
loading config from mail-toaster.conf
mysql enabled
toaster host: mxbt1.barontel.com
email domain: barontel.com
shell: /bin/csh
safe name: stage
*** updating FreeBSD with security patches ***
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.3-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
No updates needed to update system to 10.3-RELEASE-p11.
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
*** updating FreeBSD pkg collection ***
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
*** updating FreeBSD ports tree ***
Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found.
Fetching snapshot tag from your-org.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Mon Oct 31 16:44:05 EDT 2016 to Mon Oct 31 19:26:20 EDT 2016.
Fetching 5 metadata patches... done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 10 patches.
(10/10) 100.00% done.
done.
Applying patches...
done.
Fetching 0 new ports or files... done.
Removing old files and directories... done.
Extracting new files:
/usr/ports/Mk/Scripts/
/usr/ports/Mk/bsd.port.mk
/usr/ports/audio/lv2/
/usr/ports/benchmarks/iperf3/
/usr/ports/graphics/vips/
/usr/ports/math/dynare/
/usr/ports/math/matio/
/usr/ports/math/scilab/
/usr/ports/net-p2p/sonarr/
/usr/ports/security/gnupg1/
Building new INDEX files... done.
*** enabling NTPd ***
ntpd_enable: YES -> YES
ntpd_sync_on_start: YES -> YES
Stopping ntpd.
Waiting for PIDS: 89787, 89787.
Starting ntpd.
sendmail_enable="NO"
preserving sendmail flags
ListenAddress 104.193.49.47
ListenAddress 192.168.1.95
preserving /etc/ssh/sshd_config ListenAddress
*** disabling syslog network listener ***
syslogd_flags: -b 172.16.15.1 -a 172.16.15.0/12:* -cc -> -ss
Stopping syslogd.
Waiting for PIDS: 89964.
Starting syslogd.
*** checking for host listeners on all IPs ***
preserving pf.conf settings
*** TLS certificates already exist ***
jail_enable: YES -> YES
rc.d/jail is already patched
jail_list="dns mysql vpopmail dovecot webmail haproxy clamav avg redis rspamd geoip spamassassin haraka monitor"
preserving existing jail order
*** installing jailmanage ***
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The most recent version of packages are already installed
/usr/local/sbin/jailmanage 100% of 7614 B 11 MBps 00m00s
cloned_interfaces="lo1"
ifconfig_lo1="172.16.15.1 netmask 255.255.255.0"
syslogd_flags="-ss"
NOTICE: changing syslogd flags
*** configuring syslog to accept messages from jails ***
syslogd_flags: -ss -> -b 172.16.15.1 -a 172.16.15.0/12:* -cc
Stopping syslogd.
Waiting for PIDS: 96040.
Starting syslogd.
*** removing /etc/hosts toaster additions ***
*** adding /etc/hosts entries ***
172.16.15.1 syslog
172.16.15.2 base
172.16.15.254 stage
172.16.15.3 dns
172.16.15.4 mysql
172.16.15.8 vpopmail
172.16.15.15 dovecot
172.16.15.10 webmail
172.16.15.12 haproxy
172.16.15.5 clamav
172.16.15.14 avg
172.16.15.16 redis
172.16.15.13 rspamd
172.16.15.17 geoip
172.16.15.6 spamassassin
172.16.15.9 haraka
172.16.15.11 monitor
172.16.15.22 minecraft
172.16.15.23 joomla
172.16.15.24 php7
172.16.15.25 memcached
172.16.15.26 sphinxsearch
172.16.15.27 elasticsearch
Success! Your host is ready to install Mail Toaster 6!
172.16.15.2
provision-base.sh 100% of 7339 B 11 MBps 00m00s
loading config from mail-toaster.conf
mysql enabled
toaster host: mxbt1.barontel.com
email domain: barontel.com
shell: /bin/csh
safe name: stage
zroot/jails/base-10.3-RELEASE@p11 snapshot exists
172.16.15.2
provision-base.sh 100% of 7339 B 11 MBps 00m00s
loading config from mail-toaster.conf
mysql enabled
toaster host: mxbt1.barontel.com
email domain: barontel.com
shell: /bin/csh
safe name: stage
zroot/jails/base-10.3-RELEASE@p11 snapshot exists
# provision haraka
172.16.15.9
provision-haraka.sh 100% of 14 kB 30 MBps 00m00s
loading config from mail-toaster.conf
mysql enabled
toaster host: mxbt1.barontel.com
email domain: barontel.com
shell: /bin/csh
safe name: stage
zroot/jails/base-10.3-RELEASE@p11 snapshot exists
zroot/data/redis filesystem exists
*** stage cleanup ***
service jail stop stage
Stopping jails:.
jail -r stage
zroot/data/haraka filesystem exists
zroot/data/geoip filesystem exists
*** stage jail filesystem setup ***
zfs clone zroot/jails/base-10.3-RELEASE@p11 zroot/jails/stage
sysrc -R /jails/stage hostname=haraka
hostname: base -> haraka
*** creating data volume ***
zroot/data/haraka filesystem exists
zroot/data/haraka filesystem exists
mkdir -p /jails/stage/data
mount_nullfs /data/haraka /jails/stage/data
mount /jails/stage/usr/ports
mount /jails/stage/var/cache/pkg
*** devfs BPF ruleset already present ***
*** stage jail haraka startup ***
Setting hostname: haraka.
Starting syslogd.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
32-bit compatibility ldconfig path: /usr/lib32
Clearing /tmp (X related).
Starting cron.
Mon Oct 31 19:50:58 EDT 2016
zroot/data/geoip filesystem exists
mkdir -p /jails/stage/usr/local/share/GeoIP
mount_nullfs /data/geoip /jails/stage/usr/local/share/GeoIP
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
*** installing node & npm ***
pkg -j stage install -y node npm gmake
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 10 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
node: 6.7.0
npm: 3.9.2
gmake: 4.2.1_1
c-ares: 1.12.0
openssl: 1.0.2j,1
icu: 57.1,1
libuv: 1.9.1
python27: 2.7.12
libffi: 3.2.1
python2: 2_3
Number of packages to be installed: 10
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:
bsddb databases/py-bsddb
gdbm databases/py-gdbm
sqlite3 databases/py-sqlite3
tkinter x11-toolkits/py-tkinter
===========================================================================
Message from node-6.7.0:
Note: If you need npm (Node Package Manager), please install www/npm.
*** installing Haraka ***
jexec stage pkg install -y git
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 16 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
git: 2.9.2_2
expat: 2.2.0
p5-Error: 0.17024
perl5: 5.20.3_15
cvsps: 2.1_2
pcre: 8.39
p5-Authen-SASL: 2.16_1
p5-Digest-HMAC: 1.03_1
p5-GSSAPI: 0.28_1
curl: 7.50.3
p5-Net-SMTP-SSL: 1.03
p5-IO-Socket-SSL: 2.038
p5-Net-SSLeay: 1.78
p5-IO-Socket-IP: 0.37_1
p5-Socket: 2.021
p5-Mozilla-CA: 20160104
Number of packages to be installed: 16
The process will require 84 MiB more space.
[haraka] [1/16] Installing perl5-5.20.3_15...
[haraka] [1/16] Extracting perl5-5.20.3_15: 100%
[haraka] [2/16] Installing p5-Net-SSLeay-1.78...
[haraka] [2/16] Extracting p5-Net-SSLeay-1.78: 100%
[haraka] [3/16] Installing p5-IO-Socket-IP-0.37_1...
[haraka] [3/16] Extracting p5-IO-Socket-IP-0.37_1: 100%
[haraka] [4/16] Installing p5-Socket-2.021...
[haraka] [4/16] Extracting p5-Socket-2.021: 100%
[haraka] [5/16] Installing p5-Mozilla-CA-20160104...
[haraka] [5/16] Extracting p5-Mozilla-CA-20160104: 100%
[haraka] [6/16] Installing p5-Digest-HMAC-1.03_1...
[haraka] [6/16] Extracting p5-Digest-HMAC-1.03_1: 100%
[haraka] [7/16] Installing p5-GSSAPI-0.28_1...
[haraka] [7/16] Extracting p5-GSSAPI-0.28_1: 100%
[haraka] [8/16] Installing p5-IO-Socket-SSL-2.038...
[haraka] [8/16] Extracting p5-IO-Socket-SSL-2.038: 100%
[haraka] [9/16] Installing expat-2.2.0...
[haraka] [9/16] Extracting expat-2.2.0: 100%
[haraka] [10/16] Installing p5-Error-0.17024...
[haraka] [10/16] Extracting p5-Error-0.17024: 100%
[haraka] [11/16] Installing cvsps-2.1_2...
[haraka] [11/16] Extracting cvsps-2.1_2: 100%
[haraka] [12/16] Installing pcre-8.39...
[haraka] [12/16] Extracting pcre-8.39: 100%
[haraka] [13/16] Installing p5-Authen-SASL-2.16_1...
[haraka] [13/16] Extracting p5-Authen-SASL-2.16_1: 100%
[haraka] [14/16] Installing curl-7.50.3...
[haraka] [14/16] Extracting curl-7.50.3: 100%
[haraka] [15/16] Installing p5-Net-SMTP-SSL-1.03...
[haraka] [15/16] Extracting p5-Net-SMTP-SSL-1.03: 100%
[haraka] [16/16] Installing git-2.9.2_2...
===> Creating groups.
Creating group 'git_daemon' with gid '964'.
===> Creating users
Creating user 'git_daemon' with uid '964'.
[haraka] [16/16] Extracting git-2.9.2_2: 100%
Message from perl5-5.20.3_15:
The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:
#!/usr/local/bin/perl
or
#!/usr/bin/env perl
The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from cvsps-2.1_2:
===> NOTICE:
The cvsps port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:
https://bugs.freebsd.org/bugzilla
More information about port maintainership is available at:
*************************** GITWEB *************************************
If you installed the GITWEB option please follow these instructions:
In the directory /usr/local/share/examples/git/gitweb you can find all files to
make gitweb work as a public repository on the web.
All you have to do to make gitweb work is:
jexec stage npm install -g strongloop/modern-syslog Haraka ws express
/usr/local/bin/haraka -> /usr/local/lib/node_modules/Haraka/bin/haraka
/usr/local/bin/spf -> /usr/local/lib/node_modules/Haraka/bin/spf
/usr/local/bin/dkimverify -> /usr/local/lib/node_modules/Haraka/bin/dkimverify
/usr/local/bin/haraka_grep -> /usr/local/lib/node_modules/Haraka/bin/haraka_grep
[email protected] install /usr/local/lib/node_modules/Haraka/node_modules/iconv
node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.7.0"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/Haraka/node_modules/iconv/.node-gyp"
gmake: Entering directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
CXX(target) Release/obj.target/iconv/src/binding.o
CC(target) Release/obj.target/iconv/deps/libiconv/lib/iconv.o
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:209:
../deps/libiconv/lib/jisx0208.h:2381:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:210:
../deps/libiconv/lib/jisx0212.h:2161:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:213:
../deps/libiconv/lib/gb2312.h:2539:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:214:
In file included from ../deps/libiconv/lib/isoir165.h:81:
../deps/libiconv/lib/isoir165ext.h:760:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0200)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:217:
In file included from ../deps/libiconv/lib/cns11643.h:38:
../deps/libiconv/lib/cns11643_inv.h:15373:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:218:
../deps/libiconv/lib/big5.h:4124:12: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:220:
../deps/libiconv/lib/ksc5601.h:2988:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:235:
In file included from ../deps/libiconv/lib/gb18030.h:186:
../deps/libiconv/lib/gb18030uni.h:185:23: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (i >= 0 && i <= 39419) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:235:
../deps/libiconv/lib/gb18030.h:249:25: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (i >= 0 && i < 0x100000) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:241:
In file included from ../deps/libiconv/lib/cp950.h:130:
../deps/libiconv/lib/cp950ext.h:39:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0xf9)) {
~~~^~~~~~~
../deps/libiconv/lib/cp950ext.h:39:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0xf9)) {
~ ^ ~
../deps/libiconv/lib/cp950ext.h:39:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0xf9)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:242:
In file included from ../deps/libiconv/lib/big5hkscs1999.h:46:
../deps/libiconv/lib/hkscs1999.h:2957:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x02d0)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:243:
In file included from ../deps/libiconv/lib/big5hkscs2001.h:48:
../deps/libiconv/lib/hkscs2001.h:63:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0x8c)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2001.h:63:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0x8c)) {
~ ^ ~
../deps/libiconv/lib/hkscs2001.h:63:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0x8c)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:70:
In file included from ../deps/libiconv/lib/converters.h:245:
In file included from ../deps/libiconv/lib/big5hkscs2008.h:48:
../deps/libiconv/lib/hkscs2008.h:59:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0x87)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2008.h:59:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0x87)) {
~ ^ ~
../deps/libiconv/lib/hkscs2008.h:59:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0x87)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:153:
lib/aliases.gperf:362:28: warning: static variable 'aliases' is used in an inline function with external linkage
[-Wstatic-in-inline]
register int o = aliases[key].name;
^
lib/aliases.gperf:348:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:777:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
lib/aliases.gperf:365:44: warning: static variable 'stringpool_contents' is used in an inline function with external linkage
[-Wstatic-in-inline]
register const char *s = o + stringpool;
^
lib/aliases.gperf:775:37: note: expanded from macro 'stringpool'
#define stringpool ((const char *) &stringpool_contents)
^
lib/aliases.gperf:348:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:425:34: note: 'stringpool_contents' declared here
static const struct stringpool_t stringpool_contents =
^
lib/aliases.gperf:368:25: warning: static variable 'aliases' is used in an inline function with external linkage
[-Wstatic-in-inline]
return &aliases[key];
^
lib/aliases.gperf:348:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:777:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
16 warnings generated.
SOLINK_MODULE(target) Release/obj.target/iconv.node
COPY Release/iconv.node
gmake: Leaving directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
[email protected] install /usr/local/lib/node_modules/Haraka/node_modules/dtrace-provider
node scripts/install.js
[email protected] install /usr/local/lib/node_modules/modern-syslog
node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.7.0"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/modern-syslog/.node-gyp"
gmake: Entering directory '/usr/local/lib/node_modules/modern-syslog/build'
CXX(target) Release/obj.target/core/core.o
SOLINK_MODULE(target) Release/obj.target/core.node
COPY Release/core.node
gmake: Leaving directory '/usr/local/lib/node_modules/modern-syslog/build'
/usr/local/lib
+-- [email protected]
| +-- [email protected]
| | +-- [email protected]
| | | -- [email protected] | | -- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| | -- [email protected] | +-- [email protected] | +-- [email protected] | +-- [email protected] | +-- [email protected] | +-- [email protected] | | +-- [email protected] | | -- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| | -- [email protected] | +-- [email protected] | +-- [email protected] | +-- [email protected] | | +-- [email protected] | | -- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | | +-- [email protected]
| | | -- [email protected] | | -- [email protected]
| +-- [email protected]
| +-- [email protected]
| | -- [email protected] | +-- [email protected] | -- [email protected]
+-- [email protected]
| +-- [email protected]
| +-- [email protected]
| +-- [email protected]
| | -- [email protected] | +-- [email protected] | +-- [email protected] | | +-- [email protected] | | | +-- [email protected] | | | +-- [email protected] | | | +-- [email protected] | | | | -- [email protected]
| | | +-- [email protected]
| | | -- [email protected] | | +-- [email protected] | | -- [email protected]
| | -- [email protected] | +-- [email protected] | +-- [email protected] | +-- [email protected] | | -- [email protected]
| +-- [email protected]
| | +-- [email protected]
| | -- [email protected] | +-- [email protected] | | -- [email protected]
| +-- [email protected]
| | -- [email protected] | | +-- [email protected] | | -- [email protected]
| | +-- [email protected]
| | -- [email protected] | +-- [email protected] | +-- [email protected] | | -- [email protected]
| +-- [email protected]
| | -- [email protected] | +-- [email protected] | +-- [email protected] | | +-- [email protected] | | -- [email protected]
| +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | | -- [email protected] | | +-- [email protected] | | | +-- [email protected] | | | | +-- [email protected] | | | | | -- [email protected]
| | | | +-- [email protected]
| | | | -- [email protected] | | | | -- [email protected]
| | | | +-- [email protected]
| | | | +-- [email protected]
| | | | +-- [email protected]
| | | | | -- [email protected] | | | | | +-- [email protected] | | | | | -- [email protected]
| | | | -- [email protected] | | | -- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | | -- [email protected] | | +-- [email protected] | | -- [email protected]
| | -- [email protected] | +-- [email protected] | | -- [email protected]
| +-- [email protected]
| +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | -- [email protected] | +-- [email protected] | +-- [email protected] | +-- [email protected] | | -- [email protected]
| -- [email protected] +-- [email protected] (git://github.com/strongloop/modern-syslog.git#bba6a20eb226d8dfdecf25bdb3ca96e583b42372) | -- [email protected]
-- [email protected] +-- [email protected] -- [email protected]
jexec stage npm install -g haraka-plugin-log-reader
/usr/local/lib
`-- [email protected]
*** installing Haraka, stage 2 ***
jexec stage haraka -i /data
warning: Unable to create file: /data/README already exists
warning: Unable to create file: /data/package.json already exists
warning: Unable to create file: /data/config/internalcmd_key already exists
warning: EEXIST, File exists '/data/config/smtp.ini'
warning: EEXIST, File exists '/data/config/loglevel'
warning: EEXIST, File exists '/data/config/plugins'
warning: EEXIST, File exists '/data/config/dkim/dkim_key_gen.sh'
*** configuring Haraka ***
*** install p0f ***
pkg -j stage install -y p0f
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
p0f: 3.09b
Number of packages to be installed: 1
[haraka] [1/1] Installing p0f-3.09b...
[haraka] [1/1] Extracting p0f-3.09b: 100%
*** installing p0f startup file ***
sysrc -R /jails/stage p0f_enable=YES
p0f_enable: -> YES
jexec stage service p0f start
Starting p0f.
--- p0f 3.09b by Michal Zalewski [email protected] ---
[!] Consider specifying -u in daemon mode (see README).
[+] Loaded 322 signatures from '/usr/local/etc/p0f.fp'.
[+] Intercepting traffic on interface 'em0'.
[+] Custom filtering rule enabled: dst port 25 or dst port 587 or dst port 465 [+VLAN]
[+] Listening on API socket '/tmp/.p0f_socket' (max 20 clients).
[+] Daemon process created, PID 96808 (stderr not kept).
Good luck, you're on your own now!
*** enabling Haraka spamassassin plugin ***
zroot/data/clamav filesystem exists
zroot/data/avg filesystem exists
*** configuring Haraka avg plugin ***
*** update tmpdir in avg.ini ***
*** rejecting brutefore AUTH signature ***
ylmf-pc
zroot/data/geoip filesystem exists
*** starting haraka ***
sysrc -R /jails/stage haraka_enable=YES
haraka_enable: -> YES
haraka_flags: -> -c /data
jexec stage service haraka start
loaded TLD files: 1=1501 2=6003 3=2319
loaded 8048 Public Suffixes
loglevel: LOGINFO
Starting up Haraka version 2.8.10
[INFO] [-] [core] Loading plugins
[INFO] [-] [core] Loading plugin: process_title
[INFO] [-] [core] Loading plugin: log.syslog
[INFO] [-] [core] Loading plugin: relay
[INFO] [-] [core] Loading plugin: access
[INFO] [-] [access] skipping helo.checks.regexps
[INFO] [-] [core] Loading plugin: connect.p0f
[INFO] [-] [core] Loading plugin: connect.geoip
[INFO] [-] [connect.geoip] provider maxmind with 6 DBs
[INFO] [-] [core] Loading plugin: connect.fcrdns
[INFO] [-] [core] Loading plugin: dnsbl
[INFO] [-] [core] Loading plugin: helo.checks
[INFO] [-] [core] Loading plugin: tls
[INFO] [-] [core] Loading plugin: auth/auth_vpopmaild
[INFO] [-] [core] Loading plugin: mail_from.is_resolvable
[INFO] [-] [core] Loading plugin: spf
[INFO] [-] [core] Loading plugin: rcpt_to.qmail_deliverable
[INFO] [-] [core] Loading plugin: bounce
[INFO] [-] [core] Loading plugin: data.headers
[INFO] [-] [core] Loading plugin: data.uribl
[INFO] [-] [core] Loading plugin: attachment
[INFO] [-] [core] Loading plugin: clamd
[INFO] [-] [clamd] Loading excludes file
[INFO] [-] [core] Loading plugin: avg
[INFO] [-] [core] Loading plugin: spamassassin
[INFO] [-] [core] Loading plugin: rspamd
[INFO] [-] [core] Loading plugin: dkim_sign
[INFO] [-] [core] Loading plugin: karma
[INFO] [-] [core] Loading plugin: queue/smtp_forward
[INFO] [-] [core] Loading plugin: limit
[INFO] [-] [core] Loading plugin: watch
[INFO] [-] [core] Loading plugin: redis
*** waiting for Haraka to start listeners ***
*** testing Haraka ***
checking for port 25 listener in staged jail
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root node 96932 176 tcp4 172.16.15.254:25 :
it worked
*** promoting jail haraka ***
service jail stop stage
Stopping jails: stage.
jail -r stage
stage: removed
nameserver 172.16.15.3
umount /jails/stage/dev
unmount /jails/stage/usr/ports
unmount /jails/stage/var/cache/pkg
zroot/data/haraka filesystem exists
/data/haraka on /jails/stage/data (nullfs, local)
unmount data fs /jails/stage/data
zroot/data/geoip filesystem exists
/data/geoip on /jails/stage/usr/local/share/GeoIP (nullfs, local)
unmount data fs /jails/stage/usr/local/share/GeoIP
zfs rename zroot/jails/stage zroot/jails/haraka.ready
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (0)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (1)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (2)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (3)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (4)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (5)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (6)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (7)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (8)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (9)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (10)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (11)
service jail stop haraka
Stopping jails:.
jail -r haraka
zroot/data/haraka filesystem exists
zroot/jails/haraka.last filesystem exists
zfs destroy zroot/jails/haraka.last
zroot/jails/haraka filesystem exists
zfs rename zroot/jails/haraka zroot/jails/haraka.last
zfs rename zroot/jails/haraka.ready zroot/jails/haraka
*** haraka already in /etc/jail.conf ***
*** service jail start haraka ***
Starting jails: cannot start jail "haraka":
jail: haraka: mount: /jails/haraka/data/avg: No such file or directory
.
Success! A new 'haraka' jail is provisioned
In the past munin was used to monitor the jail activity and host information.
I can't see this anymore in the MT6 version.
Is there no need to trend, load, disk usage, nginx, php and mysql usage over time?
After running provision haraka ....
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (0)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (1)
cannot unmount '/jails/stage': Device busy
.
.
.
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (11)
service jail stop haraka
Stopping jails: haraka.
jail -r haraka
zroot/data/haraka filesystem exists
zroot/jails/haraka filesystem exists
zfs rename zroot/jails/haraka zroot/jails/haraka.last
cannot unmount '/jails/haraka': Device busy
waiting for ZFS filesystem to quiet (0)
.
.
.
cannot unmount '/jails/haraka': Device busy
trying to force rename (6)
waiting for ZFS filesystem to quiet (6)
zfs rename zroot/jails/haraka.ready zroot/jails/haraka
*** service jail start haraka ***
Starting jails: cannot start jail "haraka":
jail: haraka: mount: /jails/haraka/data/avg: No such file or directory
.
Success! A new 'haraka' jail is provisioned
Entering jail haraka
/sbin/mount_nullfs /usr/ports /jails/haraka/usr/ports
/sbin/mount_nullfs /var/cache/pkg /jails/haraka/var/cache/pkg
jexec: jail "haraka" is dying
jexec: jail "haraka" is dying
all done!
/sbin/umount /jails/haraka/usr/ports
/sbin/umount /jails/haraka/var/cache/pkg
Any idea how to fix this?
Thanks.
The option:
[x] UPDATE_AND_COMPILE Download and compile rulesets (recommended)
No longer present with spamassassin-3.4.1._9
Where then are the rule sets?
provision base
.
.
.
*** stage jail base startup ***
ifconfig: interface lo1 does not exist
jail: /sbin/ifconfig lo1 inet 172.16.15.254 netmask 255.255.255.255 alias: failed
Workaround:
Continuing:
*** stage jail base startup ***
Setting hostname: base.
Starting syslogd.
syslogd: timed out waiting for child
/etc/rc: WARNING: failed to start syslogd
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Clearing /tmp (X related).
Starting cron.
Sun Sep 25 03:40:26 EDT 2016
Updating FreeBSD repository catalogue...
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/meta.txz: No address record
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/packagesite.txz: No address record
Unable to update repository FreeBSD
Presumably above error is freebsd.org not Mail-Toaster-6
As part of the base jail provisioning step, a self-signed TLS certificate is generated and left in /etc/ssl. When TLS is used (haproxy, haraka, dovecot), the files (key, certs, ca-cert) are installed into the necessary jails.
If the site has a real certificate, the sysadmin is expected to manually copy it into place before building the rest of the service jails.
The best way to introduce Let's Encrypt is...
You need to add some code to your script that does: ifconfig lo1 create
Currently it fails.
I create a page to remedy this for now. See other issue.
You made reference to pools. MT6 currently uses zfs but those zfs pools are not exported. And even if they were, the primary zfs exporting server would be a single point of failure
Automatically install new/updated certificates to:
What the hell are you are you saying by me causing error
Not sure why, now rerunning provision vpopmail worked
However rerunning provision dovecot seems to install OK but it won't run..
*** dovecot already in /etc/jail.conf ***
*** service jail start dovecot ***
Starting jails: dovecot.
Success! A new 'dovecot' jail is provisioned
root@mxbt1:~ # ps auxw |grep dovecot
root 1260 0.0 0.1 18832 2328 0 S+ 4:20PM 0:00.00 grep dovecot
root@mxbt1:~ # jailmanage dovecot
Entering jail dovecot
/sbin/mount_nullfs /usr/ports /jails/dovecot/usr/ports
/sbin/mount_nullfs /var/cache/pkg /jails/dovecot/var/cache/pkg
[dovecot] Fetching vuln.xml.bz2: 100% 648 KiB 663.2kB/s 00:01
0 problem(s) in the installed packages found.
[root@dovecot ~]# /usr/local/etc/rc.d/dovecot start
==Error==
Config file /data/etc/dovecot.conf does not exist. If this is
a new installation, please create the config files as outlined in
# pkg info -D dovecot2
/usr/local/etc/rc.d/dovecot: WARNING: /data/etc/dovecot.conf is not readable.
/usr/local/etc/rc.d/dovecot: WARNING: failed precmd routine for dovecot
The file IS there:
total 1
lrwxr-xr-x 1 root wheel 30 Oct 31 02:09 dovecot.conf -> /data/dovecot/etc/dovecot.conf
After seeing your message about updating mail-toaster.sh
# sudo sh
# fetch .... mail-toaster.sh
# . mail-toaster.sh
# service jail stop
# provision host
# provision base
# service jail start
# provision vpopmail
.
.
[MSG] Installing of Qmail::Deliverable successful
ln -s /var/service /service
supervising qmail-smtpd
supervising qmail-send
supervising vpopmaild
supervising qmail-deliverabled
svscan_enable: -> YES
svscan not running?
Starting svscan.
testing vpopmail
checking for port 25 listener in staged jail
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
89 tcpserver 54951 3 tcp4 172.16.15.254:25 :
checking for port 80 listener in staged jail
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
www lighttpd 54114 4 tcp4 172.16.15.254:80 :
checking for port 89 listener in staged jail
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root tcpserver 54953 3 tcp4 172.16.15.254:89 :
checking for port 8998 listener in staged jail
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root perl 54955 4 tcp4 172.16.15.254:8998 :
checking for process lighttpd in staged jail
pgrep: Invalid jail ID `stage'
#
Made a change in plugins. Fixed.
When rebuilding the haraka jail, all config settings should be preserved.
Some (the ones manually specified) config settings are preserved and some are not (in general, anything Matt doesn't personally use).
Store the haraka install directory in a /data/haraka volume that is preserved across haraka jail installs.
I would like to migrate an MT5 server to a new MT6 server. Even though I have used MT5 for many years, I am new to MT6, so please bear with me.
I begin with a fresh FreeBSD 10.3-RELEASE server, and follow the instructions on these pages:
https://github.com/msimerson/Mail-Toaster-6/wiki/FreeBSD
https://github.com/msimerson/Mail-Toaster-6/wiki/Jails
After having completed all steps up to "provision dovecot" (except for dspam that is stricken), I try to provision the haraka jail:
provision haraka
(...)
*** waiting for Haraka to start listeners ***
*** testing Haraka ***
root node 98329 89 tcp4 172.16.15.254:25 :
it worked <===== THIS IS WHAT I WOULD LIKE TO SEE
(...)
Success! A new 'haraka' jail is provisioned <===== THIS IS WHAT I WOULD LIKE TO SEE
But this is what happens:
(...)
*** starting haraka ***
sysrc -R /jails/stage haraka_enable=YES
haraka_enable: -> YES
haraka_flags: -> -c /usr/local/haraka
jexec stage service haraka start
loaded TLD files: 1=1408 2=5987 3=2318
loaded 8020 Public Suffixes
loglevel: LOGINFO
Starting up Haraka version 2.8.8
[INFO] [-] [core] Loading plugins
[INFO] [-] [core] Loading plugin: process_title
[INFO] [-] [core] Loading plugin: log.syslog
[INFO] [-] [core] Loading plugin: access
[INFO] [-] [access] skipping helo.checks.regexps
[INFO] [-] [core] Loading plugin: connect.p0f
[INFO] [-] [core] Loading plugin: connect.geoip
[INFO] [-] [connect.geoip] provider maxmind with 6 DBs
[INFO] [-] [core] Loading plugin: connect.fcrdns
[INFO] [-] [core] Loading plugin: dnsbl
[INFO] [-] [core] Loading plugin: helo.checks
[INFO] [-] [core] Loading plugin: tls
[INFO] [-] [core] Loading plugin: auth/auth_vpopmaild
[INFO] [-] [core] Loading plugin: mail_from.is_resolvable
[INFO] [-] [core] Loading plugin: spf
[INFO] [-] [core] Loading plugin: rcpt_to.qmail_deliverable
[INFO] [-] [core] Loading plugin: bounce
[INFO] [-] [core] Loading plugin: data.headers
[INFO] [-] [core] Loading plugin: data.uribl
[INFO] [-] [core] Loading plugin: attachment
[INFO] [-] [core] Loading plugin: clamd
[INFO] [-] [clamd] Loading excludes file
[INFO] [-] [core] Loading plugin: avg
[INFO] [-] [core] Loading plugin: spamassassin
[INFO] [-] [core] Loading plugin: rspamd
[INFO] [-] [core] Loading plugin: dkim_sign
[INFO] [-] [core] Loading plugin: karma
[INFO] [-] [core] Loading plugin: queue/smtp_forward
[INFO] [-] [core] Loading plugin: limit
[INFO] [-] [core] Loading plugin: watch
[INFO] [-] [core] Loading plugin: redis
*** waiting for Haraka to start listeners ***
*** testing Haraka ***
(HERE THE TEST EXITS, AND THE SCRIPT DOES NOT COMPLETE WITH "Success" AS THE OTHER SCRIPTS.)
Follow the instructions on the web page, on a new FreeBSD 10.3-RELEASE server.
Any ideas what I should do? Very thankful for a kick in the right direction...
On newly installed MT6, notice there are a lot of files not in /data/haraka/config
would you recommend rsync'ing old-server:/data/haraka/config/ /data/haraka/config ?
Was in process of updating vpopmail
# sudo sh
# . mail-toaster.sh
# provision host
# provision base
# provision vpopmail
172.16.15.8
provision-vpopmail.sh 100% of 7032 B 18 MBps 00m00s
loading config from mail-toaster.conf
mysql enabled
toaster host: mxbt1.barontel.com
email domain: barontel.com
shell: /bin/csh
safe name: stage
zroot/jails/base-10.2-RELEASE@p25 snapshot exists
*** stage cleanup ***
service jail stop stage
Stopping jails:.
jail -r stage
zroot/data/vpopmail filesystem exists
*** stage jail filesystem setup ***
zfs clone zroot/jails/base-10.2-RELEASE@p25 zroot/jails/stage
sysrc -R /jails/stage hostname=vpopmail
hostname: base -> vpopmail
*** creating data volume ***
zroot/data/vpopmail filesystem exists
zroot/data/vpopmail filesystem exists
mkdir -p /jails/stage/usr/local/vpopmail
mount_nullfs /data/vpopmail /jails/stage/usr/local/vpopmail
mount /jails/stage/usr/ports
mount /jails/stage/var/cache/pkg
*** stage jail stage startup ***
Setting hostname: vpopmail.
Starting syslogd.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
32-bit compatibility ldconfig path: /usr/lib32
Clearing /tmp (X related).
Starting cron.
Fri Nov 25 00:51:37 EST 2016
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
*** setting up data fs for qmail control files ***
jexec stage ln -s /usr/local/vpopmail/qmail-control /var/qmail/control
jexec stage ln -s /usr/local/vpopmail/qmail-users /var/qmail/users
*** installing qmail ***
pkg -j stage install -y netqmail daemontools ucspi-tcp
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 3 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
netqmail: 1.06_3
daemontools: 0.76_18
ucspi-tcp: 0.88_2
Number of packages to be installed: 3
The process will require 2 MiB more space.
341 KiB to be downloaded.
[vpopmail] Fetching netqmail-1.06_3.txz: 100% 226 KiB 231.4kB/s 00:01
[vpopmail] Fetching daemontools-0.76_18.txz: 100% 51 KiB 52.7kB/s 00:01
[vpopmail] Fetching ucspi-tcp-0.88_2.txz: 100% 64 KiB 65.1kB/s 00:01
Checking integrity... done (0 conflicting)
[vpopmail] [1/3] Installing netqmail-1.06_3...
===> Creating groups.
Creating group 'qmail' with gid '82'.
Creating group 'qnofiles' with gid '81'.
===> Creating users
Creating user 'alias' with uid '81'.
Creating user 'qmaild' with uid '82'.
Creating user 'qmaill' with uid '83'.
Creating user 'qmailp' with uid '84'.
Creating user 'qmailq' with uid '85'.
Creating user 'qmailr' with uid '86'.
Creating user 'qmails' with uid '87'.
[vpopmail] [1/3] Extracting netqmail-1.06_3: 100%
A /usr/local/etc/rc.d/qmailsmtpd and a /usr/local/etc/rc.d/qmailsend
symlink were created.
[vpopmail] [2/3] Installing daemontools-0.76_18...
[vpopmail] [2/3] Extracting daemontools-0.76_18: 100%
[vpopmail] [3/3] Installing ucspi-tcp-0.88_2...
[vpopmail] [3/3] Extracting ucspi-tcp-0.88_2: 100%
Message from netqmail-1.06_3:
ATTENTION:
You can enable qmail as your default mailer executing:
/var/qmail/scripts/enable-qmail
Message from ucspi-tcp-0.88_2:
===> NOTICE:
The ucspi-tcp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:
https://bugs.freebsd.org/bugzilla
More information about port maintainership is available at:
https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
mail_qmail_SET=DNS_CNAME DOCS MAILDIRQUOTA_PATCH
mail_qmail_UNSET=RCDLINK
*** enabling qmail ***
jexec stage /var/qmail/scripts/enable-qmail
===> I hope you know what you are doing:
===> You just told your system to not
===> automaticaly start sendmail on your
===> next startup.
===> (i.e., added sendmail_enable="NONE" to rc.conf)
===> Do not forget to choose an appropriate qmail startup
===> script. Go through /var/qmail/boot, choose one
===> and copy the chosen script as /var/qmail/rc
===> For example, "cp /var/qmail/boot/proc+df /var/qmail/rc"
[email protected]
[email protected]
[email protected]
*** installing maildrop ***
pkg -j stage install -y maildrop
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 3 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
maildrop: 2.8.4
courier-unicode: 1.4
pcre: 8.39
Number of packages to be installed: 3
The process will require 7 MiB more space.
2 MiB to be downloaded.
[vpopmail] Fetching maildrop-2.8.4.txz: 100% 328 KiB 336.3kB/s 00:01
[vpopmail] Fetching courier-unicode-1.4.txz: 100% 101 KiB 103.7kB/s 00:01
[vpopmail] Fetching pcre-8.39.txz: 100% 1 MiB 581.6kB/s 00:02
Checking integrity... done (0 conflicting)
[vpopmail] [1/3] Installing courier-unicode-1.4...
[vpopmail] [1/3] Extracting courier-unicode-1.4: 100%
[vpopmail] [2/3] Installing pcre-8.39...
[vpopmail] [2/3] Extracting pcre-8.39: 100%
[vpopmail] [3/3] Installing maildrop-2.8.4...
[vpopmail] [3/3] Extracting maildrop-2.8.4: 100%
*** installing maildrop filter file ***
fetch: /qmail/filter.txt: No such file or directory
Would the main protection for spam be karma.ini?
Currently, an unbound.conf.local file must exist in $CWD and gets installed at [re]build time. That file should instead live within an unbound data volume.
my.cnf should be updated to not listen on all addresses
Mysql listen on all addresses, by default
Or listen on Jail IP, or skip the check for port 3306..
In the other issue where provision vpopmail would not complete you asked if FreeBSD was < 10.3. I answered it was originally 10.2 but upgraded to 10.3 with freebsd-update -r 10.3-RELEASE upgrade.
#zfs list
.
.
zroot/jails/base-10.2-RELEASE 282M 717G 248M /jails/base-10.2-RELEASE
Presumably what follows below truly answers your question about FreeBSD < 10.3
root@old-mxbt1:~ # jailmanage vpopmail
Entering jail vpopmail
/sbin/mount_nullfs /usr/ports /jails/vpopmail/usr/ports
/sbin/mount_nullfs /var/cache/pkg /jails/vpopmail/var/cache/pkg
0 problem(s) in the installed packages found.
[root@vpopmail ~]# uname -a
FreeBSD vpopmail 10.2-RELEASE-p24 FreeBSD 10.2-RELEASE-p24 #0: Sat Oct 22 01:03:53 UTC 2016 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64
Deliver to local.domain by qmail:25 local interface.
Deliver to internet.domain. via default gw.
2016-11-14T14:58:48.848Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [rcpt_to.qmail_deliverable] qmail-command in dot-qmail
2016-11-14T14:58:48.850Z [NOTICE] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] sender [email protected] code=CONT msg=""
2016-11-14T14:58:48.853Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [rcpt_to.qmail_deliverable] not local
2016-11-14T14:58:48.853Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] hook=rcpt plugin=rcpt_to.qmail_deliverable function=hook_rcpt params="[email protected]" retval=OK msg=""
2016-11-14T14:58:48.854Z [NOTICE] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] recipient [email protected] code=OK msg="" sender="[email protected]"
2016-11-14T14:58:48.963Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [clamd] pass:clean
2016-11-14T14:58:48.971Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [avg] time=7ms code=200 response="ok"
2016-11-14T14:58:48.972Z [NOTICE] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] message mid="[email protected]" size=1021 rcpts=1/0/0 delay=0.016 code=CONT msg=""
2016-11-14T14:58:48.973Z [ERROR] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [dkim_sign] skipped: missing dkim private key
2016-11-14T14:58:48.973Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [queue/smtp_forward] forwarding to 127.0.0.8:25
2016-11-14T14:58:48.974Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] hook=queue_outbound plugin=queue/smtp_forward function=hook_queue params="" retval=DENY msg="sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)"
2016-11-14T14:58:48.975Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] hook=deny plugin=karma function=hook_deny params="902" retval=OK msg=""
2016-11-14T14:58:48.975Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] deny(soft?) overriden by deny hook
2016-11-14T14:58:48.975Z [NOTICE] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] queue code=CONT msg=" (C49D1EBB-5135-4716-8E50-5551275DE12B.1)"
2016-11-14T14:58:48.980Z [NOTICE] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] queue code=OK msg="Message Queued"
2016-11-14T14:58:48.980Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [karma] score: 8, good: 8012, bad: 2178, connections: 10259, history: 5834, awards: 163, pass:relaying, fail:deny:queue/smtp_forward
2016-11-14T14:58:48.982Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [karma] score: 8, good: 8012, bad: 2178, connections: 10259, history: 5834, awards: 163, pass:relaying, fail:deny:queue/smtp_forward
2016-11-14T14:58:48.983Z [NOTICE] [C49D1EBB-5135-4716-8E50-5551275DE12B.1] [core] disconnect ip=10.60.11.61 rdns="DNSERROR" helo="loacal.domain" relay=Y early=N esmtp=Y tls=Y pipe=N errors=0 txns=1 rcpts=1/0/0 msgs=1/0/0 bytes=1021 lr="" time=0.174
2016-11-14T14:58:48.984Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1.1] [outbound] Looking up A records for: mx2.internet.domain
2016-11-14T14:58:48.985Z [INFO] [C49D1EBB-5135-4716-8E50-5551275DE12B.1.1] [outbound] Attempting to deliver to: 91.242.220.133:25 (0) (5)
2016-11-14T14:58:49.469Z [NOTICE] [C49D1EBB-5135-4716-8E50-5551275DE12B.1.1] [outbound] delivered file=1479135528976_0_36131_1198.haraka domain="internet.domain" host="mx2.internet.domain" ip=91.242.220.133 port=25 mode=SMTP tls=N auth=N response="" delay=0.493 fails=0 rcpts=1/0/0
Send one email to:
[email protected]
[email protected]
local.domain is serving by qmail backend. Standart Mail-Toaster installation.
Why messages to local.domain are delivered via outside interface ?
Host is serving local.domain - it's true internet domain. I changed it only for example.
In a MT6 environment one can have multiple domains and haproxy will provide the right SSL certificate for each of your domain names.
You'll need your ca-bundle or intermediate certificate(s) and your private key and of course your crt from the place you purchased the signed certificate from.
You'll want to mount your haproxy jail because you're going to need to restart haproxy
#jailmanage haproxy
#cat server.key intermediate.crt signed_crt.crt > mydomain.pem
place mydomain.pem in /etc/ssl/private/
#cat server.key.crt ca-bundle.crt other-signed_crt.crt > myotherdomain.pem
place myotherdomain.pem in /etc/ssl/private
create a file for haproxy to find the certs:
#vim /etc/ssl/private/crt-list.txt and insert the lines as they are below changing the name to your .pem file names.
/etc/ssl/private/mydomain.pem
/etc/ssl/private/myotherdomain.pem
save the file :wq
#vim /usr/local/etc/haproxy.conf
comment out '#' the line in the heading frontend https-in:
bind *:443 ssl crt /etc/ssl/private
and insert:
bind *:443 ssl crt-list /etc/ssl/private/crt-list.txt
Save the file: :wq
#/usr/local/etc/rc.d/haproxy restart
Your done.
#exit
.
As per your reply to an issue.
We had FreeBSD 10.2-RELEASE and all jails are now running 10.3-RELEASE. Still cannot delete the base-10.2-RELEASE
# zfs destroy base-10.2-RELEASE
cannot open 'base-10.2-RELEASE': dataset does not exist
# zfs list
NAME USED AVAIL REFER MOUNTPOINT
zroot 58.3G 713G 96K /zroot
zroot/ROOT 2.25G 713G 96K none
zroot/ROOT/default 2.25G 713G 2.25G /
zroot/data 51.7G 713G 636K /data
zroot/data/avg 253M 713G 253M /data/avg
zroot/data/clamav 244M 713G 244M /data/clamav
zroot/data/dovecot 276K 713G 276K /data/dovecot
zroot/data/geoip 77.8M 713G 77.8M /data/geoip
zroot/data/haproxy 96K 713G 96K /data/haproxy
zroot/data/haraka 700K 713G 700K /data/haraka
zroot/data/mysql 42.0M 713G 42.0M /data/mysql
zroot/data/redis 3.75M 713G 3.75M /data/redis
zroot/data/spamassassin 856K 713G 856K /data/spamassassin
zroot/data/vpopmail 51.1G 713G 51.1G /data/vpopmail
zroot/data/webmail 104K 713G 104K /data/webmail
zroot/jails 3.59G 713G 120K /jails
zroot/jails/avg 214M 713G 435M /jails/avg
zroot/jails/avg.last 101M 713G 322M /jails/avg.last
zroot/jails/base-10.2-RELEASE 349M 713G 252M /jails/base-10.2-RELEASE
zroot/jails/base-10.3-RELEASE 277M 713G 248M /jails/base-10.3-RELEASE
zroot/jails/clamav 77.0M 713G 292M /jails/clamav
zroot/jails/clamav.last 18.4M 713G 266M /jails/clamav.last
zroot/jails/dns 38.1M 713G 253M /jails/dns
zroot/jails/dns.last 8.23M 713G 255M /jails/dns.last
zroot/jails/dovecot 159M 713G 373M /jails/dovecot
zroot/jails/dovecot.last 69.9M 713G 291M /jails/dovecot.last
zroot/jails/geoip 138M 713G 352M /jails/geoip
zroot/jails/geoip.last 110M 713G 357M /jails/geoip.last
zroot/jails/haproxy 34.8M 713G 249M /jails/haproxy
zroot/jails/haproxy.last 34.8M 713G 249M /jails/haproxy.last
zroot/jails/haraka 230M 713G 444M /jails/haraka
zroot/jails/haraka.last 213M 713G 460M /jails/haraka.last
zroot/jails/monitor 95.1M 713G 310M /jails/monitor
zroot/jails/monitor.last 91.9M 713G 317M /jails/monitor.last
zroot/jails/mysql 121M 713G 336M /jails/mysql
zroot/jails/mysql.last 92.8M 713G 340M /jails/mysql.last
zroot/jails/redis 34.8M 713G 249M /jails/redis
zroot/jails/redis.last 4.79M 713G 252M /jails/redis.last
zroot/jails/rspamd 136M 713G 351M /jails/rspamd
zroot/jails/rspamd.last 135M 713G 356M /jails/rspamd.last
zroot/jails/spamassassin 107M 713G 321M /jails/spamassassin
zroot/jails/spamassassin.last 116M 713G 330M /jails/spamassassin.last
zroot/jails/vpopmail 162M 713G 376M /jails/vpopmail
zroot/jails/vpopmail.last 160M 713G 381M /jails/vpopmail.last
zroot/jails/webmail 142M 713G 356M /jails/webmail
zroot/jails/webmail.last 205M 713G 398M /jails/webmail.last
zroot/tmp 252K 713G 252K /tmp
zroot/usr 751M 713G 96K /usr
zroot/usr/home 96K 713G 96K /usr/home
zroot/usr/ports 750M 713G 750M /usr/ports
zroot/usr/src 96K 713G 96K /usr/src
zroot/var 11.6M 713G 96K /var
zroot/var/audit 96K 713G 96K /var/audit
zroot/var/crash 96K 713G 96K /var/crash
zroot/var/log 3.61M 713G 3.61M /var/log
zroot/var/mail 7.65M 713G 7.65M /var/mail
zroot/var/tmp 96K 713G 96K /var/tmp
# zfs list -t snapshot
NAME USED AVAIL REFER MOUNTPOINT
zroot/jails/base-10.2-RELEASE@p12 71.1M - 243M -
zroot/jails/base-10.2-RELEASE@p16 26.1M - 252M -
zroot/jails/base-10.2-RELEASE@p17 8K - 252M -
zroot/jails/base-10.3-RELEASE@p11 29.4M - 248M -
zroot/jails/base-10.3-RELEASE@p12 136K - 248M -
# zfs destroy zroot/jails/base-10.2-RELEASE@p12
cannot destroy 'zroot/jails/base-10.2-RELEASE@p12': snapshot has dependent clones
use '-R' to destroy the following datasets:
zroot/jails/webmail.last
# zfs destroy zroot/jails/base-10.2-RELEASE@p16
cannot destroy 'zroot/jails/base-10.2-RELEASE@p16': snapshot has dependent clones
use '-R' to destroy the following datasets:
zroot/jails/monitor.last
# zfs destroy zroot/jails/base-10.2-RELEASE@p17
#
How would you handle this?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.