Re: [qmailtoaster] qmail using ramdisk
If I am running files on a ramdisk, how will a journaling file system help? On Thu, June 6, 2024 10:40 am, Remo Mattei wrote: > HI, > Keep in mind that you do have journaling file system as well. > > Remo > >> On Jun 6, 2024, at 10:20â¯AM, William Silverstein >> wrote: >> >> I didn't think about the qmail log files, which would be good. >> >> Where is qmail-queue? What is that? Do you mean /var/qmail/queue? I >> don't >> want to risk mail being lost if the system was unexpectedly shutdown. >> >> >> >> >> >> On Thu, June 6, 2024 5:39 am, Jeff Koch wrote: >>> We've used ramdisks to hold the qmail-queue and it did make a big >>> difference in speed. Depending on the size of ram disk you could also >>> consider including /var/log/qmail which also uses a lot of IO.à >>> Although >>> we backed up the ram disk before planned reboots we weren't >>> particularly >>> concerned if those two directories were accidentally wiped. >>> >>> Jeff >>> >>> On 6/6/2024 3:28 AM, William Silverstein wrote: >>>> I wondered if using a RAM disk (maybe 32 GB) in Qmail would speed up >>>> processing, i.e., handling scanning (using qmail-scanner)? >>>> >>>> Is this a crazy idea? >>>> >>>> >>>> >>> >> >> >> -- >> William G. Silverstein, Esq. >> Litigation Counsel >> Licensed in California. >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> <mailto:qmailtoaster-list-h...@qmailtoaster.com> > -- William G. Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qmail using ramdisk
I didn't think about the qmail log files, which would be good. Where is qmail-queue? What is that? Do you mean /var/qmail/queue? I don't want to risk mail being lost if the system was unexpectedly shutdown. On Thu, June 6, 2024 5:39 am, Jeff Koch wrote: > We've used ramdisks to hold the qmail-queue and it did make a big > difference in speed. Depending on the size of ram disk you could also > consider including /var/log/qmail which also uses a lot of IO. Although > we backed up the ram disk before planned reboots we weren't particularly > concerned if those two directories were accidentally wiped. > > Jeff > > On 6/6/2024 3:28 AM, William Silverstein wrote: >> I wondered if using a RAM disk (maybe 32 GB) in Qmail would speed up >> processing, i.e., handling scanning (using qmail-scanner)? >> >> Is this a crazy idea? >> >> >> > -- William G. Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qmail using ramdisk
What would be a good size? On Thu, June 6, 2024 3:50 am, Eric Broch wrote: > It should. Do you need 32 GB? > > On 6/6/2024 1:28 AM, William Silverstein wrote: >> I wondered if using a RAM disk (maybe 32 GB) in Qmail would speed up >> processing, i.e., handling scanning (using qmail-scanner)? >> >> Is this a crazy idea? >> >> >> > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > -- William G. Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] qmail using ramdisk
I wondered if using a RAM disk (maybe 32 GB) in Qmail would speed up processing, i.e., handling scanning (using qmail-scanner)? Is this a crazy idea? -- William G. Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic
I suspect that it could be done either way. I have been using
--deploy-hook since I started using letsencrypt. I'll look at the
/etc/letsencrypt/renewal-hooks when I build my new server (soon, I hope).
On Tue, April 16, 2024 7:34 am, Eric Broch wrote:
> I thought William S. had mentioned something about a Let's Encrypt hook
> instead of a cron job. From what I've been reading, one's script simply
> goes in /etc/letsencrypt/renewal-hooks/{pre,post,deploy] or something like
> that, true? Then I suppose one calls certbot renew --deploy-hook or
> something like that. The documentation seemed sparse, anyway...
>
> Pipe in William if you have something.
>
>
>
> On Tue, Apr 16, 2024 at 6:33â¯AM Gary Bowling wrote:
>
>>
>> I'll help edit it if someone else that is currently going through it
>> wants
>> to start it. Maybe set up a google doc and give some people edit
>> access.
>> Or give read only access and we can drop comments/suggestions back here
>> for
>> someone to edit. It's been a long time since I set it up from scratch,
>> so
>> I'm a bit rusty on that.
>>
>>
>> It shouldn't be too hard to come up with something. I like to do
>> everything "standard" via the RH/Rocky way of doing it. That way dnf
>> updates work and I don't have as much maintenance. So I don't compile,
>> customize anything unless I'm forced to.
>>
>>
>> The only special part on my install is the script to "cat" the certs and
>> create a servercert.pem. Especially with your new updates, if it works
>> with
>> ECDSA certs, then no need for that custom rsa 2048 config part.
>>
>>
>> With that, it should just be installing httpd, certbot, and doing a
>> standard config for the server name. The only complication being if you
>> use
>> different names.. e.g. webmail.domain.com and mail.domain.com or
>> something. It's much simpler if you use the same name for both since
>> letsencrypt queries back to the dns name you set up on apache to
>> validate.
>> If you don't use the same name, you either have to set up a dummy
>> virtualhost in apache to do the challenge validation on that name, or
>> you
>> have to use another challenge method like DNS-01 to update your certs.
>> Toaster doc should probably have examples of both.
>>
>>
>> Here's a generic letsencrypt setup for Rocky 8/9 and apache. Needs some
>> tweaks to do the challenge verification back to your roundcube apache
>> virtualhost instead of the default /var/www/html/ query. Or if you have
>> separate names you can use the /var/www/html/ for the dummy virtualhost
>> to
>> get your mail server certs, but you'll still need another one for the
>> roundcube virtualhost.
>>
>>
>>
>> https://www.cyberciti.biz/faq/how-to-secure-apache-with-lets-encrypt-certificates-on-rhel-8/
>>
>>
>> Hope this helps.. Gary
>>
>>
>> On 4/15/2024 1:33 PM, Eric Broch wrote:
>>
>> Anyone feel like doing a write-up and I'll put it on the wiki?
>>
>> On 4/15/2024 11:18 AM, Gary Bowling wrote:
>>
>>
>>
>> Ah, right. Actually it looks like I can just place my script that I
>> currently run in my cron job in the /etc/letsencrypt/renewal-hooks/post/
>> directory and it will run as a "post renew" script.
>>
>>
>> Thanks for that.
>>
>> Gary
>>
>>
>> On 4/15/2024 1:04 PM, William Silverstein wrote:
>>
>> I would not use a cron script. I use --deploy-hook option on the
>> certbot-auto to handle it.
>>
>>
>> On Mon, April 15, 2024 9:59 am, Gary Bowling wrote:
>>
>> Great. One question. Seems like everything on my server uses
>> /var/qmail/control/servercert.pem for the cert. Dovecot and qmail
>> all use that file. And I have a cron job that runs once a month to
>> check for a new letsencrypt cert and if there is one it copies it
>> over to servercert.pem to update my mail server.
>>
>>
>>
>>
>>
>> Is that the correct way to handle that? Or is that something that
>> is
>> left over from my old server that I moved over?
>>
>>
>>
>>
>> Thanks, Gary
>>
>>
>>
>>
>> On 4/15/2024 12:44 PM, Eric Broch wrote:
>>
>>
>> Neither,
>>
>> /var/qmail/control/dh2048.pem
>> /var/qmail/control/rsa2048.pem
>>
>>
>> On 4/15/2024 10:33 AM, Gary Bowling wrote:
>>
>>
>>
>>
>>
>> Thanks, will still require rsa?
&g
Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic
I would not use a cron script. I use --deploy-hook option on the certbot-auto to handle it. On Mon, April 15, 2024 9:59 am, Gary Bowling wrote: > > > > > Great. One question. Seems like everything on my server uses > /var/qmail/control/servercert.pem for the cert. Dovecot and qmail > all use that file. And I have a cron job that runs once a month to > check for a new letsencrypt cert and if there is one it copies it > over to servercert.pem to update my mail server. > > > > > > Is that the correct way to handle that? Or is that something that is > left over from my old server that I moved over? > > > > > Thanks, Gary > > > > > On 4/15/2024 12:44 PM, Eric Broch wrote: > > > Neither, > > /var/qmail/control/dh2048.pem > /var/qmail/control/rsa2048.pem > > >On 4/15/2024 10:33 AM, Gary Bowling wrote: > > > > > > Thanks, will still require rsa? > > > > On 4/15/2024 10:47 AM, Eric Broch wrote: > > > My next iteration on EL9 will remove keysize it's deprecated, > has been for a while. Should have the new code out within the > week. > > SSL_CTX_set_tmp_rsa_callback · openssl/openssl · > Discussion #23769 (github.com) > > > >On 4/15/2024 6:25 AM, Gary Bowling wrote: > > > > > > Hey Jeff, glad you're making progress. Be aware that when > you get a new cert from Letsencrypt that the default now > retrieves an ECDSA cert. Which is fine for apache, but > doesn't work on qmail, or at least it didn't for me. To fix > that you'll need to configure letsencrypt to give you an RSA > 2048 cert. > > > > > > There are two ways to do that. If you want all your certs to > be RSA 2048, you can add this to the > /etc/letsencrypt/cli.ini file. > > key-type = rsa >rsa-key-size = 2048 > > > > > If you just want to do that for your keys you use in qmail, > then you can put the above in the > /etc/letsencrypt/renewal/domain.conf file. Where "domain" is > the name of the cert you're renewing. Certbot creates the > file so it should already be there. > > > > > Gary > > > > > On 4/14/2024 10:39 PM, Jeff Koch wrote: > >I may have resolved this. I did > the Rocy9 > distro install of apache and > copied the > mod_http2.so file over to our > install of apache. Seems > to work (no errors) > but I won't know for sure until > we setup Lets > Encrypt SSL certbot tomorrow > > Jeff > >On 4/14/2024 3:11 PM, Jeff Koch wrote: > > > Hi - we're setting up a new mailserver with Rocky 9 and > the learning curve is slow as is usual with > the first time with a new distro. > > Anyway because our various scripts look for apache at > /usr/local/apache/ we've decided to compile > our own binary with the latest apache and > have run into trouble / errors related to > 'nghttp2'. > > We did download, compile and install the latest > nghttp2-1.61.0 from github. The configure and make > went well and http1.1 works but apache > generates the following error when we > activate mod_http2 > >  (Cannot load modules/mod_http2.so into server: >/usr/local/apache2/modules/mod_http2.so: undefined > symbol: > nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation) > > If anyone on the list has compiled their own httpd > 2.4.59 with Rocky 9 would you mind sharing the > details ? > > Thanks, Jeff Koch > > > > > - > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > - > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com For > additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > - > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com For > additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com -- William G. Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] MySQL conversion to MariaDB question
I am a little confused. Does this mean that Mariadb should not be used with QMT? On Thu, April 11, 2024 7:22 am, Eric Broch wrote: > I saw no reason to maintain two versions of the software. > > > On 4/11/2024 3:26 AM, Qmail wrote: >> FYI >> >> When I did roll on to Rocky8 and now Rocky 9 I found out that >> the 10.3.35-MariaDB Server version - is the last version compliant >> with Qmail software. >> >> I think recall it is libmysqlclient >> that no longer is compliant and therefore causing errors. >> >> /Finn >> >> >> Den 11-04-2024 kl. 08:00 skrev Tony White: >>> Hi Eric, >>>   Is there a specific reason you do not offer both MySQL >>> and MariaDB during the install/setup of QMT please? This >>> is for Rocky 9 only 8 offers both. >>> >>> -- >>> regards >>> Anthony White >>> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > -- William G. Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Spamdyke and Spamcop - blacklisting
On Fri, March 22, 2024 4:40 am, Gary Bowling wrote: > > > > > In the spamdyke config, the default is to use spamcop for > blacklisting. I've had a lot of trouble recently with spamcop. They > keep adding the outlook.com servers to their database. Which means > every company that uses Microsoft office 365 for mail gets blocked. > This has caused me a lot of problems as there are a lot of companies > in the US that use office365 for mail hosting. > > > > > > I am wondering if in these days we should be blacklisting server ip > addresses. So many users are on shared services that blocking entire > servers by ip seems like a bad idea. They also block entire ip > ranges from hosting providers. > Shared hosting has been around since the 1990s. That was part of the idea behind blacklisting. That by blocking IP ranges, it would encourage providers to stop spam because it would cause harm to more than just the spamming customer. -- William G. Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Outlook users get "unsupported encryption type" error after Windows update
On Thu, October 13, 2022 5:50 am, Fabio Mecchia wrote: > Hi, I also > got this problem long ago, I don't remember if this was correct but try to > add this key to your windows registry : > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb] > -> Add this key"ProtectionPolicy"=dword:0001 > What does this key do? What does setting this 1 do? What is the normal setting(s)? I'd rather not just blindly change setting w/o understanding what is going on and how that may affect other things. -- William Silverstein, Esq. Litigation Counsel Licensed in California. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
