Re: [vchkpw] My single point of failure... failed
DAve wrote: Tren Blackburn wrote: Hi DAve; -Original Message- From: DAve [mailto:[EMAIL PROTECTED] Sent: Friday, October 05, 2007 11:39 AM To: vpopmail Subject: [vchkpw] My single point of failure... failed I got bit hard this morning and I am looking for a solution. I have been slowly getting our email system up to snuff moving from a pair of servers to two gateway AV scanners, three vpopmail toasters, and two outbound qmail servers. The toasters mount the Maildirs via NFS, the AV scanners talk to the toasters via milter-ahead, and the NFS mailstore hosts MySQL for vpopmail. I've just gotten load balancers installed and moved the outbound traffic there first, getting a good load test on vpopmaild for smtp-auth. I had promised to provide the scripts and now I am actually seeing how well they work. Problems arose when my NFS server went stupid this morning and all mail stopped. AV scanners couldn't verify mailboxes because the toasters couldn't see MySQL, the outbound servers couldn't do smtp-auth for the same reason. It wouldn't have mattered anyway because my Maildirs were offline. NFS is my single point of failure, even though it is RAID5, dual NIC, dual power supply (SUN Enterprise 250), it went offline. I need to fix that, I can cluster MySQL but I am looking for ways to have either a clustered NFS with rw permissions and appropriate locking/syncing, or NFS failover from the toasters. I am looking at GFS and active/active NFS and HaNFS. Has anyone gone down this path yet? I have. There's a couple ways of doing this. I've never played with GFS so I can't comment on that. The easiest solution I've found is doing an Active/Standby configuration between 2 nodes using DRBD to replicate the data in real time. There's quite a few solutions out there to handle resource seizure on node failure. If you want absolutely simple, go heartbeat v1. If you want to break your mailstore into 2 pieces (I have no idea how large of a mailstore you're working with. Mine is breaking 70G pretty soon) then you can do an Active/Active configuration using the High Availability manager from LinuxHA.net. I like that product mainly because it's written specifically for 2 node active/active clusters. And if you really want to muddy the waters, you can go with heartbeat v2 (I still have a bad taste in my mouth from it though) It's always best to keep major components on their own sets of boxen. My MySQL servers are a 2 node load balanced multi-master replicated pair. My Mailstore is a 2 node Active/Passive pair as described above (I cheat a bit and do some iSCSI exports on the passive box to the Windows people who demanded I share my storage with them. It's also handled by the HA software, so if the box exporting the iSCSI targets goes down, it shuffles across to the NFS box, and vice-versa) My inbound/outbound SMTP is across 4 dedicated load-balanced boxen. IMAP4(s)/POP3(s) is on its own pair and same with Web. If any of this seems useful to you let me know. No one should have to go through the nightmare of a key server going down. I hate getting yelled at. :) I am at least on the right or similar track. Here is some more background. Currently the gateways run MailScanner/sendmail/spamassassin/clamav/bitdefender, we have vpopmail/chkuser on the eclusters (toasters) providing pop and webmail, and the outbound servers provide smtp and smtp-auth (to become smtp-auth only) also running spamassassin and clamav via simscan. Everything sits behind a PIX and everything will eventually sit behind two Coyote Point EQ350si devices. Right now only the outbound servers are being load balanced. I am liking the look of HaNFS and DRDB but I have to look toward the future which involves sending half my mail system to a remote NOC. We have a dedicated 1GB fiber to provide a private LAN between the NOCs. My concern is over resyncing the mailstores after a fiber failure, which I KNOW will happen sooner or later. Not real sure if active/active or active/passive will be the best option, resyncing in general doesn't look inviting. My mailstore is only 60GB, few clients use webmail, most download everything all day. But it would certainly be a concern. When I setup MySQL as a cluster I will also be installing a local RO slave on each ecluster (toaster), just for auth purposes. I am assuming you found no problems running vpopmail/qmail on your mailstores? How do you handle failover? Any problems with qmail-local during deliveries? Thanks for the response. DAve This is my setup, it seems to work fairly well. I was using NFS for the mail stores at one point but because I couldn't get a handle on my performance problems I dropped it and put the mail stores on the local machine. I have two machines with two drives in each machine. Disk sda1 on each machine is the OS, sda2 is configured via drbd (in retrospect I should have raided my drbd device . . . too late now). I have
[vchkpw] Info on upgrading vpopmail.
Hello, I have a question regarding vpopmail upgrades. The UPGRADE documentation states: When recompiling vpopmail, you need to recompile all binaries that link into the vpopmail libraries. These include QmailAdmin, qmail-smtpd (if you have the chkuser patch applied), Courier-IMAP etc. I have a test machine that I upgraded to vpopmail 5.4.23. I recompiled/reinstalled qmailadmin and vqadmin. I didn't recompile courier-imap nor did I recompile qmail-smtpd. I was able to telnet and successfully login to ports 25, 110, 143. So, is it necessary to recompile qmail-smtpd and Courier? I didn't recompile qmail-smtp because I'm not using the chkuser patch - I am using john simpsons combined patch 1.7.01. Would I still need to recompile? Thanks for the help, Matt
Re: [vchkpw] Mysql table
John Simpson wrote: On 2007-09-19, at 1532, mlist wrote: Please try creating a domain with a long name, up around 80-90 characters long. ... I did as you said and I recieved errors. Here is the command I used and the errors returned. ... vmysql: error creating table 'a_com': Incorrect table name 'a_com' Error. Failed while attempting to add domain to auth backend you missed the other error message. mysql has a limit of 64 bytes for a table name (at least mysql versions 5.1, 5.0, and 5.1 do, i'm assuming earlier versions had the same limit.) also see RFC 1035 section 2.3.4. each portion of a domain name (i.e. the abc in abc.com) can be no longer than 63 bytes, and no full hostname (i.e. www.abc.com) can be longer than 255 bytes. and since mysql has a limit of 64 bytes for a table name, you have a... maybe not a bug, but a design flaw. the name a(63 times).com IS a valid domain name, but a(63 times)_com is NOT a valid table name. perhaps you shouldn't store each domain's data in a separate table? i've never understood the reason for creating separate tables for each domain anyway- but since i don't normally use a SQL back-end for mailbox information, it's not something i really worry about. Well then . . . that explains it. Thanks Rick, Joshua, and John. I'm no full-time DBA wouldn't it take less time to query through a specific table looking for data than it would to query one massive table? Any one else have any thoughts? I'm curious to know which would perform better. Matt
[vchkpw] segfault vdeluser 5.4.21
Okay, running into a new problem suddenly. I thought I had seen this problem on the list before - but my searches came up with nothing - so I appologize if this is duplicated. Now when I try to delete a user I get a segfault: mail:/home/vpopmail/bin # vdeluser [EMAIL PROTECTED] Segmentation fault I did find one post about a month ago addressing a similar issue. The author suggests to add an entry into the valias table: adding a valias as this in the valias table: alias domain valias_line default foo.bar | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox and the vdeluser work correctly. Which it did (but it did leave that alias in the table . . . not sure if it should delete it or not - but I would imagine so). I ran an strace on that and it does in fact segfault when examining the valias table: . . . read(5, # Default limits file. This fil..., 4096) = 1161 read(5, , 4096) = 0 close(5)= 0 munmap(0xb7f9, 4096)= 0 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 read(4, 0x8061ea8, 8192)= -1 EAGAIN (Resource temporarily unavailable) fcntl64(4, F_SETFL, O_RDWR) = 0 write(4, \1\0\0\0\16, 5) = 5 read(4, \7\0\0\1\0\0\0\2\0\0\0, 16384) = 11 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 read(4, 0x8061ea8, 8192)= -1 EAGAIN (Resource temporarily unavailable) fcntl64(4, F_SETFL, O_RDWR) = 0 write(4, P\0\0\0\3select valias_line from val..., 84) = 84 read(4, [EMAIL PROTECTED]..., 16384) = 91 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ So, does any one have suggestions on how I can delete that? . . . crap. So I knew I saw this same problem somewhere else. It's noted in the 5.4.22 changelog. Why oh why didn't I go with 5.4.22 ??? I'll post this anyways for posterity. Matt
Re: [vchkpw] Mysql table
Rick Widmer wrote: mlist wrote: John Simpson wrote: and since mysql has a limit of 64 bytes for a table name, you have a... maybe not a bug, but a design flaw. the name a(63 times).com IS a valid domain name, but a(63 times)_com is NOT a valid table name. Definitely a design flaw, even before the domain name length increase. I believe Ken once told me it was a mistake, but he never removed it because people were using it. I think the name length issue is a good reason to depreciate the feature. I'm looking to reduce the number of options to ./configure, and this looks like a good candidate. perhaps you shouldn't store each domain's data in a separate table? i've never understood the reason for creating separate tables for each domain anyway- but since i don't normally use a SQL back-end for mailbox information, it's not something i really worry about. Well then . . . that explains it. Thanks Rick, Joshua, and John. I'm no full-time DBA wouldn't it take less time to query through a specific table looking for data than it would to query one massive table? Any one else have any thoughts? I'm curious to know which would perform better. If I remember right, speed was the reason for separate tables, but testing showed it was not faster. I think the single table works better because all your mail users are accessing the same table, and its indexes so they stay loaded all the time. If you use separate tables it is always thrashing the cache as different files need to be accessed. I was going to ask about why that option was still available (seeing as how it's widely disliked) but I didn't want to seem ungrateful. If in the future it is deprecated does anyone have an idea on how to convert many tables to one? I'm sure I could piece together a shell script but I know there are a lot better scripters out there than me. Matt
Re: [vchkpw] Mysql table
Please try creating a domain with a long name, up around 80-90 characters long. Then try to add a user, delete that user then delete that domain. If it all works, you are in good shape and I'll change the note in INSTALL to say you don't have to do anything special if you are using --disable-many-domains. If you have problems, let me know what happens and I'll figure something out. I expect it will probably work. Rick Rick, I did as you said and I recieved errors. Here is the command I used and the errors returned. mail:~ # vadddomain a.com Please enter password for postmaster: enter password again: qmail-newu: fatal: bad format in users/assign vmysql: error creating table 'a_com': Incorrect table name 'a_com' Error. Failed while attempting to add domain to auth backend qmail-newu: fatal: bad format in users/assign Error: no authentication database connection I'm not sure about that last error if it's refering to mysql database connectivity or not - the database is connected and I can establish authenticated smtp/pop3/imap connections. I thought I'd try adding another, smaller domain: mail:~ # vadddomain mytest.com Please enter password for postmaster: enter password again: qmail-newu: fatal: bad format in users/assign Error: (vadduser) Domain does not exist However, the database table is created and the directory is created too. I then tried to delete the domain: mail:~ # vdeldomain mytest.com Error: Domain does not exist Again, however the table is still in the DB. I'm not sure where to proceed. I'm running SLES10 2.6.16-21. I appreciate the help. Matt
Re: [vchkpw] Mysql table
mlist wrote: Please try creating a domain with a long name, up around 80-90 characters long. Then try to add a user, delete that user then delete that domain. If it all works, you are in good shape and I'll change the note in INSTALL to say you don't have to do anything special if you are using --disable-many-domains. If you have problems, let me know what happens and I'll figure something out. I expect it will probably work. Rick Rick, I did as you said and I recieved errors. Here is the command I used and the errors returned. mail:~ # vadddomain a.com Please enter password for postmaster: enter password again: qmail-newu: fatal: bad format in users/assign vmysql: error creating table 'a_com': Incorrect table name 'a_com' Error. Failed while attempting to add domain to auth backend qmail-newu: fatal: bad format in users/assign Error: no authentication database connection I'm not sure about that last error if it's refering to mysql database connectivity or not - the database is connected and I can establish authenticated smtp/pop3/imap connections. I thought I'd try adding another, smaller domain: mail:~ # vadddomain mytest.com Please enter password for postmaster: enter password again: qmail-newu: fatal: bad format in users/assign Error: (vadduser) Domain does not exist However, the database table is created and the directory is created too. I then tried to delete the domain: mail:~ # vdeldomain mytest.com Error: Domain does not exist Again, however the table is still in the DB. I'm not sure where to proceed. I'm running SLES10 2.6.16-21. I appreciate the help. Matt Well I made some slight progress. Turns out that a. . . .com domains was still in my assign file. I deleted it out (along with the dozen or so blank newlines after it) and then was able to add/delete normal size domains. I tried again to add that a . . . .com domain and it gave me the same error and proceeded to break adding/deleting normal size domains. Matt