1 (edited by angeloklin 2020-10-17 07:12:32)

Topic: Testing: Generate passwords with `openssl` on FreeBSD-iRedMail v1.3.2

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): Unreleased v1.3.2 from Github, commit 2eee21f
- Deployed with iRedMail Easy or the downloadable installer? Download from Github
- Linux/BSD distribution name and version: FreeBSD 12.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL 12.x
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Testing the generation of passwords with `openssl` on FreeBSD.
Testing the above to address `iRedMail.sh` freeze when configuring the databases during the post-config phase of the installation.

NOTE.1: Just started. Will update the entry when it reaches the impacted step.

NOTE.2: FreeBSD `12.1-RELEASE` has `openssl 1.1.1d` builtin (from LibreSSL). iRedMail will compile a new version. The point being is that `openssl` is available at all times to generate passwords.

# = = = = = = = = = =
# edit: ./conf/global
# Generate password with `openssl`. Does openssl works the same across *IXes?
# 
# Command used to generate a random string.
# Usage: str="$(${RANDOM_STRING})"
if [ X"${KERNEL_NAME}" == X'OPENBSD' ]; then
    export RANDOM_STRING='eval </dev/random tr -cd [:alnum:] | fold -w 32 | head -1'
elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then
    export RANDOM_STRING='openssl rand -base64 32'
else
    # Linux
    export RANDOM_STRING='eval </dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &>/dev/null || head -c 32)'
fi
+++ '[' XFREEBSD == XOPENBSD ']'
+++ '[' XFREEBSD == XFREEBSD ']'
+++ export 'RANDOM_STRING=openssl rand -base64 32'
+++ RANDOM_STRING='openssl rand -base64 32'

# = = = = = = = = = =
root@server:~/iRedMail-1.3.2 # cat config 

export STORAGE_BASE_DIR='/var/vmail'
export WEB_SERVER='NGINX'
export BACKEND_ORIG='PGSQL'
export BACKEND='PGSQL'
export VMAIL_DB_BIND_PASSWD='/EUG+YffwrJpy2JqZjEPQlHzMdTl7wIZWfGc6iKKW6Q='
export VMAIL_DB_ADMIN_PASSWD='/lUsWpq14akWjZUkUL7EjRhdW3cubk1P98mELSy04ZA='
export MLMMJADMIN_API_AUTH_TOKEN='p2HCGXLl/dpYiH9Lrq0DyK9rQFWWbXkMMpYImslQVjo='
export NETDATA_DB_PASSWD='gu+qh5/lqYHN3pO7C3nWYuHiQ9zjw4Z5E3UVNK1aWhE='
export PGSQL_ROOT_PASSWD='pass'
export FIRST_DOMAIN='katra.local'
export DOMAIN_ADMIN_PASSWD_PLAIN='pass'
export USE_IREDADMIN='YES'
export USE_ROUNDCUBE='YES'
export USE_FAIL2BAN='YES'
export AMAVISD_DB_PASSWD='nAbq5v4d1iQtMsmF/M8sBnronw8ca4eqbVaozMUqzwo='
export IREDADMIN_DB_PASSWD='QYdc6vdZq60TDqTlitcnKywLuHuYLkTA8v86wC/Vjlk='
export RCM_DB_PASSWD='u39AU+CAyS8AER5Sk1aljM5ZW+oQBbAAUNTo0jSVZyg='
export SOGO_DB_PASSWD='lzoZ97wgI+v8Bw/jCrWYNkjvGJ8dEt7jDpZlJMA39xc='
export SOGO_SIEVE_MASTER_PASSWD='29IgxCNxtqgVkUnRyG8hxWkWsp9puafU/qAklh35rUQ='
export IREDAPD_DB_PASSWD='4y4IOuKqaxWb1AbfQswH3Eg8VhwC1eFG0/GaW1VE2j0='
export FAIL2BAN_DB_PASSWD='1gnnsjnyYgs+0CIY0D5Z1pi6kSiWwmYa5ntxISFJ950='
#EOF

BTW: Having some fun with code. The fresh v7.73.0 of `curl` does not build with certain flags. Happens that iRedMail is (un)setting such flags. There is an upstrem fix in the `curl` code and it will be propagated to FreeBSD ports soon. The build problem affects all platforms.

In short:

# ./functions/packages_freebsd.sh

# Curl. DEPENDENCE.
cat > /var/db/ports/ftp_curl/options <<EOF
OPTIONS_FILE_UNSET+=ALTSVC  # new experimental flag, default is ON
                            # Not present in iRedMail, added and forced to OFF
OPTIONS_FILE_SET+=TLS_SRP   # offending flag IF UNSET, changing to SET for now
                            # iRedMail default is UNSET

References:
- https://www.freshports.org/ftp/curl/
- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250384
- https://github.com/curl/curl/pull/6094

2

Re: Testing: Generate passwords with `openssl` on FreeBSD-iRedMail v1.3.2

Finally got it all working.
- iRedMail 1.3.2 (from Github)
- FreeBSD 12.1
- Postgres 12.x
- Fail2ban (with ipfw)
- Curl with the change in settings until the fix is updated in ports
- OpenSSL to generate db and other internal passwords

# = = = = = = = = = =
# final part of # bash -xv iRedMail.sh
. . .
********************************************************************
* Congratulations, mail server setup completed successfully. Please
* read below file for more information:
*
*   - /root/iRedMail-1.3.2/iRedMail.tips
*
* And it's sent to your mail account postmaster@katra.local.
*
********************* WARNING **************************************
*
* Please reboot your system to enable all mail services.
*
********************************************************************
+ echo 'export status_cleanup="DONE"'

# = = = = = = = = = =
# ./runtime/install.log
. . .
cc  -shared  -L/usr/local/lib/perl5/5.32/mach/CORE -lperl -L/usr/local/lib -fstack-protector-strong  body_0.o  scanner1.o  scanner2.o  scanner3.o  scanner4.o  scanner5.o  scanner6.o  scanner7.o  -o blib/arch/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so        
chmod 755 blib/arch/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
Manifying 1 pod document
make install PREFIX=/tmp/.spamassassin85269XVVCDbtmp/ignored INSTALLSITEARCH=/var/db/spamassassin/compiled/5.032/3.004004 
"/usr/local/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- body_0.bs blib/arch/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.bs 644
Manifying 1 pod document
Files found in blib/arch: installing files in blib/lib into architecture dependent library tree
Installing /var/db/spamassassin/compiled/5.032/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
Installing /var/db/spamassassin/compiled/5.032/3.004004/Mail/SpamAssassin/CompiledRegexps/body_0.pm
Installing /tmp/.spamassassin85269XVVCDbtmp/ignored/lib/perl5/site_perl/man/man3/Mail::SpamAssassin::CompiledRegexps::body_0.3
Appending installation info to /tmp/.spamassassin85269XVVCDbtmp/ignored/lib/perl5/5.32/mach/perllocal.pod
cp /tmp/.spamassassin85269XVVCDbtmp/bases_body_0.pl /var/db/spamassassin/compiled/5.032/3.004004/bases_body_0.pl
cd /
rm -rf /tmp/.spamassassin85269XVVCDbtmp
[ INFO ] Updating ClamAV database (freshclam), please wait ...
 + < DEBUG > Send info of chosed packages to iRedMail team to help improve iRedMail:
 + < DEBUG > 
 + < DEBUG >     PGSQL=YES
 + < DEBUG >     WEB_SERVER=NGINX
 + < DEBUG >     ROUNDCUBE=YES
 + < DEBUG >     SOGO=
 + < DEBUG >     NETDATA=
 + < DEBUG >     FAIL2BAN=YES
 + < DEBUG >     IREDADMIN=YES
 + < DEBUG > 

# = = = = = = = = = =
# ./runtime/install.status
export status_clamav_config="DONE"
export status_amavisd_initialize_db="DONE"
export status_amavisd_config="DONE"
export status_sa_config="DONE"
export status_iredapd_install="DONE"
export status_iredapd_initialize_db="DONE"
export status_iredapd_cron_setup="DONE"
export status_iredapd_config="DONE"
export status_iredapd_syslog_setup="DONE"
export status_iredapd_setup="DONE"
export status_iredadmin_install="DONE"
export status_iredadmin_web_config="DONE"
export status_iredadmin_initialize_db="DONE"
export status_iredadmin_cron_setup="DONE"
export status_iredadmin_config="DONE"
export status_iredadmin_rc_setup="DONE"
export status_iredadmin_setup="DONE"
export status_rcm_install="DONE"
export status_rcm_initialize_db="DONE"
export status_rcm_config="DONE"
export status_rcm_cron_setup="DONE"
export status_rcm_plugin_managesieve="DONE"
export status_rcm_plugin_password="DONE"
export status_rcm_plugin_enigma="DONE"
export status_rcm_setup="DONE"
export status_cleanup_set_cron_file_permission="DONE"
export status_cleanup_disable_selinux="DONE"
export status_cleanup_remove_sendmail="DONE"
export status_cleanup_replace_mysql_config="DONE"
export status_cleanup_update_compile_spamassassin_rules="DONE"
export status_cleanup_update_clamav_signatures="DONE"
export status_cleanup_feedback="DONE"
export status_cleanup="DONE"

# = = = = = = = = = =
# /var/log/messages
. . .
Oct 17 18:55:29 server pkg-static[98078]: roundcube-php74-1.4.9,1 installed
Oct 17 18:55:53 server pkg-static[82952]: py38-psycopg2-2.8.6 installed
Oct 17 18:56:36 server pkg-static[35798]: py38-sqlite3-3.8.6_7 installed
Oct 17 18:56:38 server pkg-static[95399]: py38-sqlalchemy10-1.0.14 installed
Oct 17 18:56:58 server pkg-static[35477]: py38-pycryptodome-3.9.8 installed
Oct 17 18:56:59 server pkg-static[3627]: py38-dnspython-1.16.0 installed
Oct 17 18:57:03 server pkg-static[36577]: py38-webpy-0.61 installed
Oct 17 18:57:07 server pkg-static[72287]: py38-simplejson-3.17.2 installed
Oct 17 18:57:29 server pkg-static[70392]: libinotify-20180201_2 installed
Oct 17 18:57:30 server pkg-static[67013]: py38-pyinotify-0.9.6 installed
Oct 17 18:57:31 server pkg-static[53591]: py38-fail2ban-0.11.1_1 installed
Oct 17 18:57:34 server pkg-static[94706]: logwatch-7.5.1 installed

3

Re: Testing: Generate passwords with `openssl` on FreeBSD-iRedMail v1.3.2

- Fixed the port compile options for ftp/curl. Thanks.
- I don't have issue with the command used by iRedMail for password generation. Did you notice any error while going through the iRedMail installation wizard?

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

4

Re: Testing: Generate passwords with `openssl` on FreeBSD-iRedMail v1.3.2

ZhangHuangbin wrote:

- Fixed the port compile options for ftp/curl. Thanks.

Welcome!

ZhangHuangbin wrote:

- I don't have issue with the command used by iRedMail for password generation. Did you notice any error while going through the iRedMail installation wizard?

We debug this on 17413-install hangs while creating database.
Looks like you found the issue with `eval` on FreeBSD 12.1-RELEASE-p10.

Cheers!

5

Re: Testing: Generate passwords with `openssl` on FreeBSD-iRedMail v1.3.2

angeloklin wrote:

We debug this on 17413-install hangs while creating database.
Looks like you found the issue with `eval` on FreeBSD 12.1-RELEASE-p10.

Yes it's fixed in latest git version. smile
Thank you very much for the feedback and help.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee