Cool, thanks Martijn! I have tested the initial release quite a bit over the past day or so. Actually thinking about going live tomorrow or Thursday. With of course a fallback to the existing CipherMail installation if any issues arise.
The architecture goes like this … Two sites on two independent networks/datacenters, MySQL 5.5 database at each location with bidirectional master-master replication for the back-end. For the mail services, at each location, we have one primary MX for local delivery and one backup MX for store/forward. The primary MX delivers to Dovecot at its respective site, which then synchronizes using dsync (which works very well I might add). Our users are able to authenticate, send and receive from each site entirely independent of the other site. Now, with CipherMail able to use MySQL as its DB, we can configure each site's current primary MX as a relay destination, and allow CipherMail to take over as primary MX duty. CipherMail will be each site’s gateway in and out for both internal and external domains, relaying to the Postfix server that lives with Dovecot or sending to the outside world. We have tested sending encrypted email out from one site and having the external user access the web portal from the second site. Everything works great so far. Our particular setup is more for disaster recovery, but the exact same setup could be applied for failover and load balancing. (Of course, a single database using PostgreSQL would be sufficient for two CipherMail servers to share at a single site. But the replication process for PostgreSQL was a bit complicated and immature at this time to apply for WAN.) I will upgrade the packages later on today and give it a go. Thanks again. ~ Laz Peterson Paravis, LLC > On Jul 7, 2015, at 6:06 AM, Martijn Brinkers <[email protected]> wrote: > > Hi, > > I have uploaded a new version. > > - "SELECT 1" is now used to check whether the database is available. > This works for Postgres and MySQL. > - For Potgres support there is now a separate package which configures > Postgres. This package depends on the main back-end package. > > Ubuntu/Debian > > https://www.ciphermail.com/downloads/other/djigzo_2.10.3-1_all.deb > https://www.ciphermail.com/downloads/other/djigzo-web_2.10.3-1_all.deb > https://www.ciphermail.com/downloads/other/djigzo-postgres_2.10.3-1_all.deb > > RedHat/CentOS > > https://www.ciphermail.com/downloads/other/djigzo-2.10.3-1.noarch.rpm > https://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-1.noarch.rpm > https://www.ciphermail.com/downloads/other/djigzo-postgres-2.10.3-1.noarch.rpm > > If you want to use CipherMail with MySQL, you do not need to postgres > package. > > Kind regards, > > Martijn Brinkers > > On 07/06/2015 04:41 PM, Martijn Brinkers wrote: >> Actually can you test it with >> >> SELECT 1 >> >> The test is just to test whether the database is active or not. The >> result is not important. It's just a test whether the select returns an >> error or not. >> >> Kind regards, >> >> Martijn >> >> On 07/06/2015 04:28 PM, Martijn Brinkers wrote: >>> Yes you are right :( >>> >>> I'll fix it. The RPMs have the same problem (since they are built from >>> the same source). >>> >>> The query is defined in the filw >>> >>> james-smtphandlerchain.xml >>> >>> SELECT 1 FROM user >>> >>> For now you can you try: >>> >>> SELECT 1 FROM cm_users >>> >>> I'll see whether I can come up with a solution which does not depend on >>> the database to use. >>> >>> I'll probably have a version ready today >>> >>> Kind regards, >>> >>> Martijn >>> >>> >>> On 07/06/2015 04:18 PM, Laz C. Peterson wrote: >>>> Martijn, we are seeing this in the logs on both servers we set up to use >>>> MySQL. Looks like there is one more reference to the PostgreSQL database, >>>> yes? >>>> >>>> I tried to grep the /usr/share/djigzo folder but did not find that >>>> particular reference. >>>> >>>> 05 Jul 2015 23:27:16 | WARN SQL Error: 1146, SQLState: 42S02 >>>> (org.hibernate.util.JDBCExceptionReporter) [default Worker #2] >>>> 05 Jul 2015 23:27:16 | ERROR Table 'djigzo.user' doesn't exist >>>> (org.hibernate.util.JDBCExceptionReporter) [default Worker #2] >>>> 05 Jul 2015 23:27:16 | WARN Unable to open a stateless session. Database >>>> is probably not active. (mitm.common.hibernate.HibernateUtils) [default >>>> Worker #2] >>>> 05 Jul 2015 23:27:16 | WARN Database is not active. >>>> (mitm.application.djigzo.james.smtpserver.CheckDatabaseBlockingRcptCmdHandler) >>>> [default Worker #2] >>>> >>>> ~Laz >>>> >>>> On 7/4/15 2:27 PM, Martijn Brinkers wrote: >>>>> Hi, >>>>> >>>>> It turned out that adding support for MySQL (MariaDB) was more work than >>>>> just changing the Hibernate dialect. We had to make sure that the >>>>> required changes did not require existing users to update the database. >>>>> Modifying all the unit tests to support different databases was also >>>>> quite a bit of work. That said, now we have it working for MySQL, in >>>>> principle adding support for other database (if ever) is now relative >>>>> easy. >>>>> >>>>> We have uploaded an RPM which does not depend on Postgres and contains >>>>> the required configuration files for MySQL. >>>>> >>>>> The RPMs can be downloaded from >>>>> >>>>> Backend; >>>>> >>>>> http://www.ciphermail.com/downloads/other/djigzo-2.10.3-0.noarch-no-database.rpm >>>>> >>>>> <http://www.ciphermail.com/downloads/other/djigzo-2.10.3-0.noarch-no-database.rpm> >>>>> >>>>> Web GUI: >>>>> >>>>> http://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-0.noarch.rpm >>>>> <http://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-0.noarch.rpm> >>>>> >>>>> Instructions: >>>>> >>>>> 1. Install RPMs >>>>> >>>>> Install the RPMs using the quick install guide >>>>> (https://www.ciphermail.com/documents/quick-install-guide.txt >>>>> <https://www.ciphermail.com/documents/quick-install-guide.txt>) >>>>> >>>>> Note: skip the parts about postgres >>>>> >>>>> 2. Install and configure MySQL (MariaDB) >>>>> >>>>> Install MySQL >>>>> >>>>> yum -y install mariadb-server mariadb >>>>> systemctl start mariadb >>>>> systemctl enable mariadb >>>>> >>>>> max_allowed_packet should be set to a high value (in mysql config) >>>>> >>>>> $ vi /etc/my.cnf.d/server.cnf >>>>> >>>>> Add the following line below [server] >>>>> >>>>> max_allowed_packet = 128M >>>>> >>>>> Note: the max size depends on the largest email, CRL you want to support. >>>>> >>>>> systemctl restart mariadb >>>>> >>>>> 3. Create database user and database >>>>> >>>>> mysql -u root >>>>> >>>>> CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo'; >>>>> CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci; >>>>> GRANT ALL ON djigzo.* TO 'djigzo'@'localhost'; >>>>> >>>>> Note 1: The database should be set to UTF8 >>>>> Note 2: ALL permission should probably be changed to a lower privilege >>>>> but we did not yet check what the minimal required privileges are. >>>>> >>>>> 4. Import database scheme >>>>> >>>>> $ mysql -u djigzo --password=djigzo djigzo < >>>>> /usr/share/djigzo/conf/database/sql/djigzo.mysql.sql >>>>> >>>>> 5. Tell CipherMail to use MySQL >>>>> >>>>> $ vi /usr/share/djigzo/wrapper/djigzo.wrapper.conf >>>>> >>>>> Uncomment the line: >>>>> >>>>> wrapper.java.additional.15=-Dciphermail.hibernate.database.type=mysql >>>>> >>>>> 6. Restart >>>>> >>>>> /etc/init.d/djigzo restart >>>>> >>>>> Because if licensing issues, we use the JDBC driver from MariaDB >>>>> (https://downloads.mariadb.org/connector-java/ >>>>> <https://downloads.mariadb.org/connector-java/>). If you insist on using >>>>> the driver from MySQL, you need to remove the MariaDB jdbc driver, add >>>>> the MySQL JDBC driver and configure the hibernate config file to use the >>>>> MySQL driver. >>>>> >>>>> The RPM is probably not final so it might change. We are thinking of >>>>> splitting up the packages (RPM, deb) into a back-end package which does >>>>> not automatically configure Postgres and a database specific back-end >>>>> package which depends on the main back-end package. >>>>> >>>>> Let me know how it goes. >>>>> >>>>> Kind regards, >>>>> >>>>> Martijn Brinkers >>>>> >>>>> >>>>> On 06/30/2015 09:37 AM, [email protected] <mailto:[email protected]> >>>>> wrote: >>>>>> Griasde Martijn! >>>>>> >>>>>> Quoting "Martijn Brinkers" [email protected] >>>>>> <mailto:[email protected]>: >>>>>> >>>>>>> Interesting. Why is Postgres not allowed? >>>>>> It's a political decision - we can use following prioroties ans >>>>>> databeses: >>>>>> >>>>>> 1st Oracle 12 >>>>>> 2nd MariaDB >>>>>> >>>>>>> Anyway, perhaps it's not of legal reasons but some technical reason. >>>>>> FULLACK >>>>>> >>>>>>> That said, Maria DB is not directly supported but you can see whether >>>>>>> you can make it work with Maria DB. >>>>>> That's a very good idea If you can tell me technical details about >>>>>> changing the backend database, I'll do it,, test it and give feedback to >>>>>> you! >>>>>> >>>>>>> The database layer uses Hibernate (which is an ORM library). >>>>>> My colleague Klaus, my database specialist, assumed, that your are using >>>>>> Hibernate. >>>>>> >>>>>>> This however has never tested but it you are willing to spend some >>>>>>> time testing it, I can assist you. >>>>>> Oh yes, I'll make this tests! So please tell me, what I should do! >>>>>> >>>>>> Thanks for help!!! >>>>>> >>>>>> >>>>>> Best regards >>>>>> Django >>>>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> https://lists.djigzo.com/lists/listinfo/users >>>> >>> >>> >> >> > > > -- > CipherMail email encryption > > Open source email encryption gateway with support for S/MIME, OpenPGP > and PDF messaging. > > https://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > _______________________________________________ > Users mailing list > [email protected] > https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
