Running debian stretch thoughts

As a server (my blog not as workstation (my blog)

The improvements first.

Postfix with postmulti

I had this ‘forced’ on me by systemd (my blog) not running the simple one instance that supposedly everybody else does and is ok with.  While i am still a bit newbish with the postfix command replacement it feels a better solution especially with logging which my older extra instances did not offer – as to what instance was doing.

There is no real config change but seems a more modern config despite that not changing and already having scripts that ise multiple postfix configs.

Postfix is a lot less tolerant of clients such as

connect from unknown[12.130.172.232]

Who don’t do much but like to test things and despite our config from before denying such activity [ddos,spammers,clueless,bot nets] it feels as if they are discarded more quickly

Tls probers (waste of time clients) have sslv3 requests redirected to something more modern tls. Milters where odd to debug.  See the mailgraph heading below for a downside.

Dnssec

My manual method of signing zones still works – the daemon software in jessie i could not figure out – mostly because most people never used it or compiled a better version and never used the debian package being out of date.  It is something i might look at in the future

Signing zones currently takes a minute and is something i spend twelve minutes a year doing.

Not sure of and probably blame me department

cyrus imap

I am on the fence on this upgrade and feel the config still needs looking at despite working it seems a little no there et after i did seem to lose a lot of config commands to get it to work along with those bloody sockets i had to delete..

Hard to fix and runtime issues with solutions.

mod_defensible

Appears to work but now does not log – kind of/maybe situation – apache says it wrote 403 errors, but the confirmation from before means i take one softwares fact as a unknown.

Hairy eyeball those emails from root to to get these – you did read them right ?.

Mailgraph

Is not updating its png images, html updates with the date and time – think this is not a systemd thing once again not /etc/default or init.d issue.- not an urgent issue and might be something due to postmulti since spam is logged in the chart and the mail.log has stuff in it.

I get

Well it recorded the one spam

Which is not an accurate representation of activity – files do update but no postfix activity in charts.   Not working.i guess due to incompatible parsing of:

postfix-instancex/smtpd[*]: disconnect from unknown[14.161.40.101]
 helo=1 auth=0/1 quit=1 commands=2/3

My theory anyhow

logwatch

I had to adjust the cron job to get the more detailed report once again for stretch to reflect as jessie. not hard.

p0f

Has had a redesign  – we only used for port 25 scanning with amavis and now does not work with the old config.   With postfix improvements i might let this fall in to non use.

X Logout leaves running processes

Don’t ask me why but it does cache cleaner, and hplip and systemd seem unhappy with something.

rkhunter

Need –pkgmgr DPKG in cron.daily as extra parameters

logrotate

I need

TMPDIR=/var/tmp
export TMPDIR
/usr/sbin/logrotate /etc/logrotate.conf
TMPDIR=/tmp
export TMPDIR

Or i get mail errors

Yara

Can now be ‘easily’ installed without’breaking’ debian.so i might be adding to the virus scanner which gets little cause for use with our mail config refusing bad content before it gets to a scanner.

Opendmarc

reporting (my blog) command appears to now send reports from more than just the first reporting host who got on with it and did not complain.  I guess the atps and other dns lines might be deemed redundant.

apt

The package maanager does ttry o do more than it should trying to restart things – an easy example yesterday apt upgraded apache2 documents and tried to add the module and failed when the conf file it tried to read did not exist where debian assumed it was.

So i had to restart apache.manually.

Overall not a disaster.   Something i might think as a good idea at some point but then again it as a server does a lot of jobs.I guess upgrading one server with one task would be less stressful.

3 responses

  1. Pingback: mod_defensible in Debian stetch | Bananas in the Falklands

  2. Pingback: Yara rules | Bananas in the Falklands

  3. Pingback: mailgraph and logwatch reporting curiosities with postmulti and some regex’es for fun. | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s