1 Topic by maxomomo

  • maxomomo
  • Member
  • Offline
  • Registered: 2017-01-29
  • Posts: 7

Topic: Update from 0.9.6 to 0.9.7

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 / 0.9.7
- Linux/BSD distribution name and version: Centos 7.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

today i went through the update procedure from here: https://docs.iredmail.org/upgrade.iredmail.0.9.6-0.9.7

I've seen several problems:

1) iredapd upgrade: see following log: got syntax ERROR (using version:  iRedAPD-2.1)

----
# bash upgrade_iredapd.sh
* Detected Linux/BSD distribution: RHEL
* Found iRedAPD directory: /opt/iredapd, symbol link of /opt/iRedAPD-2.0
* Found iRedAPD config file: /opt/iredapd/settings.py
CREATE INDEX
ERROR:  syntax error at or near "\"
LINE 11: \i /tmp/wblist_rdns.sql;
         ^
* Checking dependent Python modules:
  + [required] python-sqlalchemy
  + [required] dnspython
* Create directory /opt/iRedAPD-2.1.
* Copying new version to /opt/iRedAPD-2.1
* Copy old config file: settings.py (/opt/iredapd/settings.py -> /opt/iRedAPD-2.1/settings.py)
* Copy custom plugins: /opt/iRedAPD-2.0/plugins/custom_*.py.
* Set correct owner and permission for /opt/iRedAPD-2.1: root:root, 0500.
* Set permission for iRedAPD config file: /opt/iRedAPD-2.1/settings.py -> 0400.
* Re-create symbol link: /opt/iredapd -> /opt/iRedAPD-2.1
* Create symbol link: /opt/iredapd/rc_scripts/iredapd.service -> /etc/systemd/system/multi-user.target.wants//iredapd.service.
* Remove deprecated plugins.
* Rename old plugins.
* Remove all *.pyc files.
* Restarting iRedAPD service.
Redirecting to /bin/systemctl restart iredapd.service
* Upgrade completed.

----

What does the error mean, do i have to do something about it? iredapd service is up and running.

2) fail2ban:
0.9.7 changed the configuratiuon (more modular) and added/enabled nginx-auth jail. why isn't this documented in the update documentation at all?

3) freshclam
#UpdateLogFile ...          # <- Comment out this parameter
LogSyslog true              # <- Make sure you have this line. If not present, please add it manually.

0.9.6 version already had commented out #UpdateLogFile
and line
LogSyslog yes is already there

I assume true and yes are both o.k. here?

a manual freshclam run states that all Files are O.K.

4) The rest of the update procedure seems to have gone o.k.

Would be nice to get some feedback here,

Thanks,

Max

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Update from 0.9.6 to 0.9.7

maxomomo wrote:

1) iredapd upgrade: see following log: got syntax ERROR (using version:  iRedAPD-2.1)

It's an error caused by iRedAPD upgrade script. You have to create SQL table "wblist.wblist_rdns" manually now:

CREATE TABLE wblist_rdns (
    id      SERIAL PRIMARY KEY,
    -- reverse DNS name of sender IP address
    rdns    VARCHAR(255) NOT NULL DEFAULT '',
    -- W=whitelist, B=blacklist
    wb      VARCHAR(10) NOT NULL DEFAULT 'B'
);
CREATE UNIQUE INDEX idx_wblist_rdns_rdns ON wblist_rdns (rdns);
CREATE INDEX idx_wblist_rdns_wb ON wblist_rdns (wb);
INSERT INTO wblist_rdns (rdns, wb) VALUES ('.dynamic.163data.com.cn', 'B');

Above SQL commands are part of file /opt/iRedAPD-2.1/SQL/iredapd.pgsql.

maxomomo wrote:

2) fail2ban:
0.9.7 changed the configuratiuon (more modular) and added/enabled nginx-auth jail. why isn't this documented in the update documentation at all?

Missed, feel free to add it by yourself. I ADDED it in upgrade tutorial later.

maxomomo wrote:

I assume true and yes are both o.k. here?

Yes.

3 Reply by maxomomo

  • maxomomo
  • Member
  • Offline
  • Registered: 2017-01-29
  • Posts: 7

Re: Update from 0.9.6 to 0.9.7

ZhangHuangbin wrote:

Missed, feel free to add it by yourself. I ADDED it in upgrade tutorial later.

So where can i find the upgraded tutorial? Or did i  misunderstand you, and it isn't documented anywhere yet?

Another issue seen in logs: on stopping fail2ban service i am getting these errors in log:

---
ERROR iptables -w -D INPUT -p tcp -m multiport --dports http,https,smtp,sub
                                                              iptables -w -F f2b-postfix
                                                              iptables -w -X f2b-postfix -- stdout: ''
Nov 12 14:14:31  fail2ban.action[5454]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports http,https,smtp,sub
                                                              iptables -w -F f2b-postfix
                                                              iptables -w -X f2b-postfix -- stderr: 'iptables: Too many links.\n'
Nov 12 14:14:31 fail2ban.action[5454]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports http,https,smtp,sub
                                                              iptables -w -F f2b-postfix
                                                              iptables -w -X f2b-postfix -- returned 1
Nov 12 14:14:31  fail2ban.actions[5454]: ERROR Failed to stop jail 'postfix-sasl' action 'iptables-multiport': Error
----

any idea?

4 Reply by maxomomo

  • maxomomo
  • Member
  • Offline
  • Registered: 2017-01-29
  • Posts: 7

Re: Update from 0.9.6 to 0.9.7

another potential problem with fail2ban and sogo:

the filter in sogo-iredmail won't match failed sogo logins, if the timezone for sogo is not correctly set.
Apparently sogo isn't using the system timezone but the sogo default timezone from /etc/sogo/sogo.conf.

I had to set the timezone in /etc/sogo/sogo.conf manually, otherwise the fail2ban filters for sogo wouldn't match any failed login attempt because of the wrong timestamps in /var/log/sogo/sogo.log.

P.S: any idea regarding the  ERROR Failed to stop jail 'postfix-sasl' action messages when stopping fail2ban?

Max

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Update from 0.9.6 to 0.9.7

maxomomo wrote:

So where can i find the upgraded tutorial? Or did i  misunderstand you, and it isn't documented anywhere yet?

https://docs.iredmail.org/upgrade.iredm … 0.9.7.html

maxomomo wrote:

P.S: any idea regarding the  ERROR Failed to stop jail 'postfix-sasl' action messages when stopping fail2ban?

iRedMail doesn't modify the default 'iptables-multiport' action (/etc/fail2ban/action.d/iptables-multiport.conf), so it might be a Fail2ban issue.

btw, usually this doesn't impact the usage while stopping fail2ban.