Further Debian Stretch as a server notes

rounding up the fairies

Following on from this (my blog) i continue my bug upgrade hunt.  Its not over.

I have mentioned many of these items before in this blog, it is not my job to tell you what they are.

Apache/Perl

Rkhunter say:

Warning: The command ‘/usr/bin/lwp-request’ has been replaced by a script: /usr/bin/lwp-request:
Perl script text executable

Might explain why perl did not exec via my ‘old’ cgi scripts as Jessie

Opendkim /Postfix

I ‘needed’ an extra line (also in /etc/default/opendkim)

PidFile /var/run/opendkim/opendkim.pid

in opendkim.conf – mail was being sent without dkim

I appear to not have dkim signatures in outbound email., opendkim-testkey thinks its config is good  i think it might be easier to reconfigure postfix from scratch.  It is not milter_protocol= 6 and 2 does not work.  Um no idea.   Opendkim seems up but not connected.

Opendkim was not working. Eventually this clued (not here) me in that the openkim config files where fine but the systemd script was buggered

So if your config files are right but the daemon refuses to follow orders try this

edit /lib/systemd/system/opendkim.service

from this

[Unit]
Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/opendkim/opendkim.pid
User=opendkim
UMask=0007
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

to

[Unit]
Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target nss-lookup.target[Service]
Type=forking
PIDFile=/var/run/opendkim/opendkim.pid
User=opendkim
UMask=0007
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock -p inet:8891:localhost
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

run (as root)

  • systemctl daemon-reload
  • /etc/init.d/opendkim restart

I hate systemd – that caused me six days of bug hunting it is limiting

Postfix needs a blog post on its own.

Opendmarc

I needed to re-enable it to start on boot oh the joys of systemd where init.d is thought as an unreliable forgetful moron and systemd knows best when clearly it is as fucked up (my blog)

It still did connect so it is a journey in systemd to fix (see opendkim magic above)

dmarc reports does not like interval and day together which appeared ok in Jessie

It is still a bit broken so nobody is being sent reports – not that many dmarc enabled domains who ‘specailise’ in just that really care about (my blog).  HistoryFile does not record data – why – no idea

-rw-rw-r– 1 opendmarc opendmarc 0 Jul 10 10:08 opendmarc.log

So a headscratcher. – and not something i can fix.

Postgres 9.4

I chowned a snakeoiil key – tested more cosmetic this than a issue which continues from Jessie..

Logwatch

Is a use full thing in my opinion although a little lacking in places moves from 7am to midnight for timing

Bind

Stops telling you if you do not have a specific spf record even though i have text records containing spf for the benefit of all the mostly retarded who run microsoft windows servers who have issues

mod_defensibile

Jury is out on if this is broken or the dns is bad. Or alternatively no rbl listed ip’s visited.

To fix

opendmarc loging, postfix startup, mod_defensible

Would i recommend the upgrade – at this point no.

One response

  1. Pingback: debian stretch update 9.2 screw ups with systemd | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s