Profile Details

Toggle Sidebar
Recent updates
  • Yes, you have the ClearOS CA cert. This shows how to create server certs, using a private CA cert for signing. That is the 'key' part. I have plenty of examples of self-signing certs at:

    http://www.htt-consult.com/Centos7-mailserver.html

    I need to add running a private CA like the OP is asking.

  • postfix.org has an example of creating your own CA cert and then signing your own server certs with it. See:

    http://www.postfix.org/TLS_README.html

    section:

    Private Certification Authority

    I need to work some on developing this.

    Probably later next week.

  • Make sure you have adequate random entropy to strongly create all those certs. Consider installing haveged. In fact install it on all your servers, as randomness is needed for every TLS setup and message.

    I really don't think the cert management interface is rich enough. I don't expect to dig into this for a couple weeks so could be wrong on my assessment.

  • After base install, add windows networks and flexshare from the marketplace and you are set to configure your NAS. Set up for 'simple' windows file sharing and web access.

    Or you can run as a full NT-style domain PDC with roaming profiles support (how I do it).

  • Robert Moskowitz
    Robert Moskowitz's reply was accepted as an answer

    Re: Postfix not forwarding loqwatch report

    Yeah, telnet is like that; so easy to forget you have to provide a port. Been there, done that too often.

    z9m9z is only as complex as it needs to be. I run a number of virtual hosts from it. The challenge here is what has been done to the default Centos postfix configuration by ClearOS.

    I took a quick look at /etc/postfix/main.cf and saw that I had set the domain to htt-consult.com. That would convince postfix to do a local delivery. So I changed it to home.htt and ran a test with:

    sendmail -i rgm@htt-consult.com < xfce.lst

    and that was properly relayed through z9m9z. So the problem was mine in ClearOS in improper configuration of the Mail Settings dialog.

    One for your tips and tricks for those that use an external (to ClearOS) mail service. The ClearOS mail domain MUST be different from your external mail service domain.

    Oh, and if you want help developing a rich featured email service, I am available.

  • In my set up, ClearOS is not a gateway. It is just a server. And servers have processes that generate mail reports to forward to the admin.

    On a more 'normal' server setup, the server may well be in the same domain as all of the other systems, thus this problem. home.htt domain is just a hold over from my setup some 7 - 8 years back.

    I think a regular admin, would fall into the same setup I did.

    Say Google is hosting your mail service. And you have a Sonicwall gateway (my brother-in-law has a number of clients like this). Then you setup ClearOS as your file/print server and maybe another function or two (local Cloud?). I might think the common thought would be to use your domain name in the mail setup, just as I did. Should be some subzone like smb.foobar.com

    Anyway, one more little change. Now all I have to do is either buy one of the cheap OEM copies of Win7 and install it on an old box here, or buy a reconditioned box with Win7 installed. Then I can start testing out an actual client.

  • Yeah, telnet is like that; so easy to forget you have to provide a port. Been there, done that too often.

    z9m9z is only as complex as it needs to be. I run a number of virtual hosts from it. The challenge here is what has been done to the default Centos postfix configuration by ClearOS.

    I took a quick look at /etc/postfix/main.cf and saw that I had set the domain to htt-consult.com. That would convince postfix to do a local delivery. So I changed it to home.htt and ran a test with:

    sendmail -i rgm@htt-consult.com < xfce.lst

    and that was properly relayed through z9m9z. So the problem was mine in ClearOS in improper configuration of the Mail Settings dialog.

    One for your tips and tricks for those that use an external (to ClearOS) mail service. The ClearOS mail domain MUST be different from your external mail service domain.

    Oh, and if you want help developing a rich featured email service, I am available.

  • z9m9z.htt-consult.com is my mail server and receives emails from all over the world to port 25. Check that you are resolving to 50.253.254.3, as there once was a DNS secondary with old records from an old ISP, but I removed that server from the authoritative list a number of years ago...

    z9m9z is running Redsleave6 on a CubieTruck using Postfix etal. It replacement CubieTruck with Centos7-armv7hl is 'almost' ready (see http://www.htt-consult.com/Centos7-mailserver.html for the setup; I am having SELinux issues). It handles 7-8K emails per day. it is accessed both externally and internally (by IMAP clients and SMTP from internal servers).

    But if you look at the /var/log/maillog messages, Postfix did not even TRY to deliver the message to z9m9z. It made a decision that the mail was local, ignoring the domain in the TO: and dropped the mail into /var/spool/mail/rgm. So the challenge is on ClearOS to get it to recognize that it has to ship the mail out.

    1) Do you mean the smtp server inside of ClearOS (my hostname is homebase.home.htt).
    2) I do not want to run mail on homebase. It only is to deliver mail services like logwatch and cron generate ot z9m9z.
    3) It is open. I recieve too much spam from all over the world for it not to be open :)

  • Postfix not forwarding loqwatch report

    I have installed logwatch and added the following to /etc/aliases and then ran newaliases:

    root: rgm@htt-consult.com

    But unlike all of my Centos7 servers, the logwatch report is dropping in the local mail. Here are the lines from /var/log.maillog:

    May 26 03:11:12 homebase postfix/pickup[23825]: 377FC2006FE52: uid=0 from=<root>
    May 26 03:11:12 homebase postfix/cleanup[27527]: 377FC2006FE52: message-id=<20170526071112.377FC2006FE52@server.lan>
    May 26 03:11:12 homebase postfix/qmgr[977]: 377FC2006FE52: from=<root@htt-consult.com>, size=17965, nrcpt=1 (queue active)
    May 26 03:11:12 homebase postfix/local[27536]: 377FC2006FE52: to=<rgm@htt-consult.com>, orig_to=<root>, relay=local, delay=4.7, delays=4.5/0.14/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
    May 26 03:11:12 homebase postfix/qmgr[977]: 377FC2006FE52: removed

    A 'dig -t MX htt-consult.com' results in:

    ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t MX htt-consult.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30991
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;htt-consult.com. IN MX

    ;; ANSWER SECTION:
    htt-consult.com. 43200 IN MX 30 z9m9z.htt-consult.com.
    htt-consult.com. 43200 IN MX 40 rigel.htt-consult.com.

    ;; AUTHORITY SECTION:
    htt-consult.com. 43200 IN NS rigel.htt-consult.com.

    ;; ADDITIONAL SECTION:
    z9m9z.htt-consult.com. 43200 IN A 50.253.254.3
    rigel.htt-consult.com. 43200 IN A 192.168.224.2

    ;; Query time: 7 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri May 26 08:51:55 EDT 2017
    ;; MSG SIZE rcvd: 134


    So the server should know where to send mail to rgm@htt-consult.com. I also configured SMTP/E-Mail Notification Settings to point to:

    z9m9z.htt-consult.com, use port 25 with TLS, use my email addr and password for login. But Postfix did not even try.

    So what do I do to properly get my logs forwarded? I should point out that my ClearOS6 server is forwarding logwatch reports, and cron job outputs just fine.

  • Robert Moskowitz
    Robert Moskowitz's reply was accepted as an answer

    Re: Adding vncserver and gnome desktop

    I did use the clearos-epel.repo provided. It seems this is a problem with Centos7, and I will have to submit a bug report.

    I HAVE gotten it installed enough to use. I HAVE gotten vncserver working well enough (errors generated but I get connected) to use.

    No background (all black), no leafpad (using geany), no NetworkManager, no sensor applet (that may be that Centos is so far behind Fedora).

    But I got my remote GUI to my server for when I need it. One nice thing is that I can start a real long running rsync backup or such and let the vnc client close and not worry about the rsync getting interrupted as it might in an ssh session.

    And having Thunar for the GUI file manager is helpful as well.