Admin Life Errors, Fixes, and Encounters

7Jun/10Off

setup domainkeys with postfix and freebsd on a jail

How to setup domainkeys for yahoo on freebsd 7.3 (I'm sure it works with older versions of freebsd) on postfix 2.7. This may seem long but it works! It's not that long of a process...

Fist, Install postfix and configure. This is a very basic setup, I'll have a more advanced postfix install in the near future.

cd /usr/ports/mail/postfix
make install clean
cd /etc
ln -s /usr/local/etc/postfix postfix
cd /etc/postfix
vi main.cf

// change the following
/////////////////////////////////////
myhostname = mail1.domain.com
mydomain = mail1.domain.com
myorigin = $mydomain
inet_interfaces = 56.56.56.56
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks = 56.56.56.56,127.0.0.1

install dkfilters

cd /usr/ports/mail/dkfilter
make install clean

//Setting up the outbound filter
/////////////////////////////

Generate a private/public key pair using OpenSSL:

cd /usr/local/etc/
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

start up dkfilters, don't forget to change IP 56.56.56.56 to your own IP

/usr/local/bin/dkfilter.out --keyfile=/usr/local/etc/private.key --selector=selector1 --domain=mail1.domain.com --method=nofws 56.56.56.56:10027 56.56.56.56:10028 &

add to master.cf, 2nd line if a jail server

############################################
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
#-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[56.56.56.56]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime
56.56.56.56:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=67.213.69.0/24
-o smtpd_authorized_xforward_hosts=56.56.56.0/24

I got this error in the /var/log/maillog
postfix/local[11933]: fatal: open database /etc/aliases.db: No such file or directory
// to fix it...

cd /etc
newaliases

# change resolv.conf if you haven't done so yet...
# update hosts with correct IPs of machine

// restart postfix

/usr/local/sbin/postfix stop
/usr/local/sbin/postfix start

May 31 22:00:22 mail1 postfix/postfix-script[12148]: stopping the Postfix mail system
May 31 22:00:22 mail1 postfix/master[12023]: terminating on signal 15
May 31 22:00:25 mail1 postfix/postfix-script[12224]: starting the Postfix mail system
May 31 22:00:25 mail1 postfix/master[12225]: daemon started -- version 2.7.0, configuration /usr/local/etc/postfix

didn't work with yahoo, i got this error
domainkeys=permerror (no key);
FIX: in my dns i added (in godaddy)

host: selector1._domainkey.mail1
TXT value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIshG7shxiCH280IycLOzF3cSTBE27rGypfK3SWiE37A9Z9OR7GDApCFBFfLWyQKaDPA+e4+mPvAVizOfn6Zj8FnuOL+BrOYUJJG/PbCT4t+V5Aagi/l7Z6VXfoKbzYcESNVPntROEzUZLyWXWYzI2qbgjWi2RxQVoRxl3uWXihQIDAQAB; t=y

error after installing postfix and trying to start it up...

Jun 1 14:32:14 mail1 postfix/postfix-script[60663]: starting the Postfix mail system
// Jun 1 14:32:14 mail1 postfix/master[60664]: fatal: bind 56.56.56.56 port 25: Address already in use

vi /etc/rc.conf
add sendmail_enable="NO"

restart jail or machine

error with SPF
check to see if it can find a value for your spf

nslookup -type=TXT domain.com

For a sub domain

nslookup -type=TXT mail1.domain.com

Stay tuned for a more up-to-date version in the next week or two.

2Jun/10Off

how to add a new munin node with freebsd

Here is what I did to add a new munin node in freebsd to an existing munin server.

cd /usr/ports/sysutils/munin-node/
make install clean

When asked about the logs, answer yes. We want munin to rotate the logs.

Would you like me to set up log rotation [y]?

After the munin install this is what we see and need to do.

********************************************************************
Unless this file already existed, a sample configuration file
has been placed in /usr/local/etc/munin/munin-node.conf.

Please edit it according to your needs.

********************************************************************

The Munin client will *not* be started automatically. To allow it
to start, put this line in /etc/rc.conf:

munin_node_enable="YES"

Then, it will be started on the next boot. If this line is already
present, the client will be started now. Otherwise, edit
/etc/rc.conf and execute this command:

/usr/local/etc/rc.d/munin-node start
********************************************************************

Lets do the easy stuff first for munin.

vi /etc/rc.conf

add munin_node_enable="YES" somewhere in the file. I like to keep all the enable options together

munin_node_enable="YES"

The plugins directory in freebsd is empty, so for munin node to work we need to add symbolic links.

cd /usr/local/etc/munin/plugins

ln -s /usr/local/share/munin/plugins/cpu cpu
ln -s /usr/local/share/munin/plugins/df df
ln -s /usr/local/share/munin/plugins/df_inode df_inode
ln -s /usr/local/share/munin/plugins/if_errcoll_ if_errcoll_fxp0
ln -s /usr/local/share/munin/plugins/if_ if_fxp0
ln -s /usr/local/share/munin/plugins/load load
ln -s /usr/local/share/munin/plugins/memory memory
ln -s /usr/local/share/munin/plugins/netstat netstat
ln -s /usr/local/share/munin/plugins/ntp_offset ntp_offset
ln -s /usr/local/share/munin/plugins/open_files open_files
ln -s /usr/local/share/munin/plugins/processes processes
ln -s /usr/local/share/munin/plugins/sendmail_mailqueue sendmail_mailqueue
ln -s /usr/local/share/munin/plugins/sendmail_mailstats sendmail_mailstats
ln -s /usr/local/share/munin/plugins/sendmail_mailtraffic sendmail_mailtraffic
ln -s /usr/local/share/munin/plugins/swap swap
ln -s /usr/local/share/munin/plugins/vmstat vmstat

Next, lets look at the conf file

vi /usr/local/etc/munin/munin-node.conf

update the allow line to the IP address of the munin server

allow ^192\.168\.1\.105$

everything else is good, save and exit

for the munin server
add the IP address of that machine

vi /usr/local/etc/munin/munin.conf

Add this to the end of munin.conf

[server1.domain.com]
address 192.168.1.203
use_node_name yes
notify_alias server1

load.notify_alias load

df.notify_alias df

# /
df._dev_mirror_gm0s1a.warning :85
df._dev_mirror_gm0s1a.critical :90

# /tmp
df._dev_mirror_gm0s1e.warning :80
df._dev_mirror_gm0s1e.critical :90

# /usr
df._dev_mirror_gm0s1f.warning :80
df._dev_mirror_gm0s1f.critical :90

# /var
df._dev_mirror_gm0s1d.warning :80
df._dev_mirror_gm0s1d.critical :90

If you haven't done so you can start munin-node from

cd /usr/local/etc/rc.d/
./munin-node start

If munin node doesn't update after 5..10 minutes look at the munin main log to find any errors that you may have.

cd /var/log/munin-main
vi munin-update.log

24May/10Off

Setup gmirror RAID 1 on FreeBSD

We are going to setup RAID 1 on FreeBSD 7.3 using gmirror. gmirror is a software based RAID system. I did this using FreeBSD 7.3 but this works with older versions of FreeBSD as well (i've done it as back as FreeBSD 6.2 . First things first, make sure you have the same hard drive size and if possible the same brand / model.

After installing freebsd but before existing the system installer

press ALT-F4 to be taken to the command prompt
type in csh to get a good shell

csh

Create a mirror/duplex

kern.geom.debugflags=16
gmirror label -v -b round-robin gm0 /dev/ad0

That's it, RAID 1 is now setup on the system
Now we tell the system to load it up everytime we boot up.

echo geom_mirror_load="YES" > /boot/loader.conf

make sure fstab uses raid, but first lets make a backup

cp /etc/fstab /etc/fstab.orig
vi /etc/fstab

Insert the word mirror after /dev and change ad to gm.
For example, /dev/ad0s1a becomes /dev/mirror/gm0s1a

double check that you didn't mistype anything or else the system may not boot up.

After that, ALT-F1 to switch back to the install interface. Reboot the machine.

When the system is done rebooting, we add the 2nd drive into the RAID array

gmirror insert gm0 /dev/ad2

To see what's happening with the RAID type in

gmirror list | more

To see the synchronizing status

gmirror status

Once the synchronizing is done, simply reboot and your done setting up RAID on FreeBSD

5Feb/10Off

Installing Apache Tomcat 6 on FreeBSD

So you want to install Tomcat 6 on FreeBSD, this is how I did it.

cd /usr/ports/www/tomcat6
make install clean

use the default Options for diablo-jdk

Then you get some nice "licensing restrictions"

Because of licensing restrictions, you must fetch the distribution
manually.

Please access

http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd6-i386-1.6.0_07-b02.tar.bz2

with a web browser and "Accept" the End User License Agreement for
"Caffe Diablo 1.6.0".

Please open http://java.sun.com/javase/downloads/index.jsp
in a web browser and follow the "Download" link for
"JDK US DST Timezone Update Tool - 1_3_21" to obtain the
time zone update file, tzupdater-1_3_21-2009p.zip.

Please place the downloaded file(s) in /usr/ports/distfiles.

*** Error code 1

Stop in /usr/ports/java/diablo-jdk16.
*** Error code 1

Stop in /usr/ports/java/diablo-jdk16.
*** Error code 1

Stop in /usr/ports/www/tomcat6.

So we go to the freebsd foundation website and download diablo caffe.
Then we go to the sun websute to download the Timezone update and what do you know, Sun has version 1.3.25 and not 1.3.21.

So we do an "cvsup -g -L 2 /root/cvs-supfile" on our system to update the ports collection.
... wait 10..20 minutes as the system wasn't up to date ...

While that's going, we copy (sftp) the file over to the server "diablo-caffe-freebsd6-i386-1.6.0_07-b02.tar.bz2"

cp /home/user_name/diablo-caffe-freebsd6-i386-1.6.0_07-b02.tar.bz2 /usr/ports/distfiles

The ports collection was updated but it didn't do anything, still need 1.3.21... Maybe because it's an old version of FreeBSD (6.2) o_0
Luckily for me, I had tzupdater-1_3_21-2009p.zip from a pervious install on another server (email me if you need the file)
I rsync the file accross

rsync -ave ssh /usr/ports/distfiles/tzupdater-1_3_21-2009p.zip [email protected]:/home/user_name/tzupdater-1_3_21-2009p.zip

cp /home/user_name/tzupdater-1_3_21-2009p.zip /usr/ports/distfiles
cd /usr/ports/www/tomcat6
make install clean

The installation continues. Then it finishes without issue.

cd /usr/local/apache-tomcat-6.0
vi RUNNING.txt

To run it, we need to set up the JAVA_HOME environment variable... I'm on the bash shell (GO BASH) and we installed the JDK not JRE so I do

JAVA_HOME=/usr/local/diablo-jdk1.6.0
cd /usr/local/etc/rc.d/
./tomcat6 start

and nothing happened... Probably because it's not in /etc/rc.conf

cd /usr/local/apache-tomcat-6.0/logs/
ls -l

no logs in the log folder...

cd /usr/local/apache-tomcat-6.0/bin/

./startup.sh

Now we have logs

tail catalina.out

The following line shows up...

Feb 5, 2010 10:17:01 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8180

so we go to http://192.168.1.101:8180 and just like that it comes up..

If you want to change the port, edit /usr/local/apache-tomcat-6.0/conf/server.xml

Now that was a long install, hope it helps someone.