Did fail2ban log something in log files under /var/log/* after a reboot?
Re: openbsd fail2ban(failed)
Re: How I got Amavis + ClamAV stable
FYI https://docs.iredmail.org/concurrent.processing.html
The cause is ClamAV (not Amavisd), it requires more and more memory these years.
So for a low traffic mail server, reduce the concurrently processed messages to just 1 is an ideal and acceptable solution.
Re: dovecot broken after latest iRedEasy update applied
Just update all applications to use /opt/iredmail/ssl/*.
Re: openbsd fail2ban(failed)
Unfortunately, not.
# ls -al /var/log/fail2ban.log
-rwxr-xr-x 1 root wheel 0 Mar 30 02:54 /var/log/fail2ban.log
Re: openbsd fail2ban(failed)
Try this: open file /etc/rc.d/fail2ban, append " -xv" (there's a leading whitespace) to the first line, like this:
#!/bin/ksh -xv
Then restart OS and check console during system starts up.
Re: openbsd fail2ban(failed)
Here is the relevant section from /var/log/daily.out:
#!/bin/ksh -xv
daemon="/usr/local/bin/fail2ban-client"
+ daemon=/usr/local/bin/fail2ban-client
. /etc/rc.d/rc.subr
+ . /etc/rc.d/rc.subr
# $OpenBSD: rc.subr,v 1.160 2022/10/19 21:04:45 ajacoutot Exp $
#
# Copyright (c) 2010, 2011, 2014-2022 Antoine Jacoutot <ajacoutot@openbsd.org>
# Copyright (c) 2010, 2011 Ingo Schwarze <schwarze@openbsd.org>
# Copyright (c) 2010, 2011, 2014 Robert Nagy <robert@openbsd.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
_rc_actions="start stop restart reload check configtest"
+ _rc_actions=start stop restart reload check configtest
readonly _rc_actions
+ readonly _rc_actions
_rc_check_name() {
[[ $1 == +([_[:alpha:]])+(|[_[:alnum:]]) ]]
}
_rc_do() {
if [ -n "${_RC_DEBUG}" ]; then
echo "doing $@" && "$@"
else
"$@" >/dev/null 2>&1
fi
}
_rc_err() {
[ -n "${1}" ] && echo "${1}" 1>&2
[ -n "${2}" ] && exit "${2}" || exit 1
}
_rc_parse_conf() {
typeset -l _key
local _l _rcfile _val
set -A _allowed_keys -- \
accounting amd_master check_quotas ipsec library_aslr \
multicast nfs_server pexp pf pkg_scripts shlib_dirs spamd_black
[ $# -gt 0 ] || set -- /etc/rc.conf /etc/rc.conf.local
for _rcfile; do
[[ -f $_rcfile ]] || continue
while IFS=' ' read -r _l; do
[[ $_l == [!#=]*=* ]] || continue
_key=${_l%%*([[:blank:]])=*}
[[ $_key == *_@(execdir|flags|logger|rtable|timeout|user) ]] ||
[[ " ${_allowed_keys[*]} " == *" $_key "* ]] ||
continue
[[ $_key == "" ]] && continue
_val=${_l##*([!=])=*([[:blank:]])}
_val=${_val%%#*}
_val=${_val%%*([[:blank:]])}
# remove leading and trailing quotes (backwards compat)
[[ $_val == @(\"*\"|\'*\') ]] &&
_val=${_val#?} _val=${_val%?}
eval "${_key}=\${_val}"
done < $_rcfile
done
# special care needed for spamlogd to avoid starting it up and failing
# all the time
if [ X"${spamd_flags}" = X"NO" -o X"${spamd_black}" != X"NO" ]; then
spamlogd_flags=NO
fi
# special care needed for pflogd to avoid starting it up and failing
# if pf is not enabled
if [ X"${pf}" = X"NO" ]; then
pflogd_flags=NO
fi
# special care needed if nfs_server=YES to startup nfsd and mountd with
# sane default flags
if [ X"${nfs_server}" = X"YES" ]; then
[ X"${nfsd_flags}" = X"NO" ] && nfsd_flags="-tun 4"
[ X"${mountd_flags}" = X"NO" ] && mountd_flags=
fi
}
# return if we only want internal functions
[ -n "${FUNCS_ONLY}" ] && return
+ [ -n ]
_rc_not_supported() {
local _a _enotsup _what=${1}
for _a in ${_rc_actions}; do
[ "${_what}" == "configtest" ] &&
! typeset -f rc_configtest >/dev/null && _enotsup=NO &&
break
[ "${_what}" == "restart" ] && _what="stop"
if [ "${_what}" == "${_a}" ]; then
eval _enotsup=\${rc_${_what}}
break
fi
done
[ X"${_enotsup}" == X"NO" ]
}
_rc_usage() {
local _a _allsup
for _a in ${_rc_actions}; do
_rc_not_supported ${_a} || _allsup="${_allsup:+$_allsup|}${_a}"
done
_rc_err "usage: $0 [-df] ${_allsup}"
}
_rc_write_runfile() {
[ -d ${_RC_RUNDIR} ] || mkdir -p ${_RC_RUNDIR} &&
cat >${_RC_RUNFILE} <<EOF
daemon_class=${daemon_class}
daemon_execdir=${daemon_execdir}
daemon_flags=${daemon_flags}
daemon_logger=${daemon_logger}
daemon_rtable=${daemon_rtable}
daemon_timeout=${daemon_timeout}
daemon_user=${daemon_user}
pexp=${pexp}
rc_reload=${rc_reload}
rc_reload_signal=${rc_reload_signal}
rc_stop_signal=${rc_stop_signal}
rc_usercheck=${rc_usercheck}
EOF
}
_rc_rm_runfile() {
rm -f ${_RC_RUNFILE}
}
_rc_exit() {
local _pfix
[ -z "${INRC}" -o X"$1" != X"ok" ] && _pfix="($1)"
echo ${INRC:+'-n'} "${_pfix}"
[[ $1 == @(ok|killed) ]] && exit 0 || exit 1
}
_rc_alarm()
{
trap - ALRM
kill -ALRM ${_TIMERSUB} 2>/dev/null # timer may not be running anymore
kill $! 2>/dev/null # kill last job if it's running
}
_rc_sendsig() {
pkill -${1:-TERM} -T "${daemon_rtable}" -xf "${pexp}"
}
_rc_wait_for_start() {
trap "_rc_alarm" ALRM
while ((SECONDS < daemon_timeout)); do
if _rc_do rc_check; then
[ X"${rc_bg}" = X"YES" ] || [ -z "$$" ] && break
fi
sleep .5
done & wait
pkill -ALRM -P $$
return
}
rc_exec() {
local _rcexec="su -fl -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
[ "${daemon_rtable}" -eq "$(id -R)" ] ||
_rcexec="route -T ${daemon_rtable} exec ${_rcexec}"
${_rcexec} "${daemon_logger:+set -o pipefail; } \
${daemon_execdir:+cd ${daemon_execdir} && } \
$@ \
${daemon_logger:+ 2>&1 |
logger -isp ${daemon_logger} -t ${_name}}"
}
rc_start() {
rc_exec "${daemon} ${daemon_flags}"
}
rc_check() {
pgrep -T "${daemon_rtable}" -q -xf "${pexp}"
}
rc_reload() {
_rc_sendsig ${rc_reload_signal}
}
rc_stop() {
_rc_sendsig ${rc_stop_signal}
}
rc_cmd() {
local _exit _n _ret _timer
# optim: don't sleep(1) in the first loop
_1stloop=true
[ -n "${1}" ] && echo "${_rc_actions}" | grep -qw -- ${1} || _rc_usage
[ "$(id -u)" -eq 0 ] ||
[ X"${rc_usercheck}" != X"NO" -a X"$1" = "Xcheck" ] ||
_rc_err "$0: need root privileges"
if _rc_not_supported $1; then
[ -n "${INRC}" ] && exit 1
_rc_err "$0: $1 is not supported"
fi
[ -n "${_RC_DEBUG}" ] || _n="-n"
[[ ${1} == start ]] || _rc_do _rc_parse_conf ${_RC_RUNFILE}
case "$1" in
check)
echo $_n "${INRC:+ }${_name}"
_rc_do rc_check && _rc_exit ok || _rc_exit failed
;;
configtest)
echo $_n "${INRC:+ }${_name}"
_rc_do rc_configtest && _rc_exit ok || _rc_exit failed
;;
start)
if [ X"${daemon_flags}" = X"NO" ]; then
_rc_err "$0: need -f to force $1 since ${_name}_flags=NO"
fi
[ -z "${INRC}" ] && _rc_do rc_check && exit 0
echo $_n "${INRC:+ }${_name}"
while true; do # no real loop, only needed to break
# running during start is mostly useful for daemons
# whose child will not return a config parsing error to
# the parent during startup; e.g. bgpd, httpd...
if typeset -f rc_configtest >/dev/null; then
_rc_do rc_configtest || break
fi
if typeset -f rc_pre >/dev/null; then
_rc_do rc_pre || break
fi
# prevent hanging the boot sequence
_rc_do _rc_wait_for_start & _TIMERSUB=$!
trap "_rc_alarm" ALRM
_rc_do rc_start; _ret=$?
kill -ALRM ${_TIMERSUB}
wait ${_TIMERSUB} 2>/dev/null # don't print Alarm clock
# XXX for unknown reason, rc_check can fail (e.g. redis)
# while it just succeeded in _rc_wait_for_start;
# check to cope with failing daemons returning 0
#[[ "${_ret}" == @(0|142) ]] && _rc_do rc_check || break
[[ "${_ret}" == @(0|142) ]] || break
[[ "${_ret}" == 142 ]] && [ X"${rc_bg}" != X"YES" ] &&
_exit="timeout"
_rc_do _rc_write_runfile
_rc_exit ${_exit:=ok}
done
# handle failure
_rc_do _rc_rm_runfile
typeset -f rc_post >/dev/null && _rc_do rc_post
_rc_exit failed
;;
stop)
_rc_do rc_check || exit 0
echo $_n "${INRC:+ }${_name}"
_rc_do rc_stop & _timer=$!
while ((SECONDS < daemon_timeout)); do
# last chance: send a SIGTERM first in case the process
# used another signal to stop (e.g. SIGQUIT with nginx)
# or a non-default rc_stop() function; do it 2s before
# timeout to re-enter the loop one last time which will
# give 1s for SIGTERM to terminate the process
((SECONDS == daemon_timeout-2)) &&
_rc_do _rc_sendsig TERM && sleep .5
pkill -0 -P "$$" 2>/dev/null || _rc_do rc_check ||
break
${_1stloop} && _1stloop=false || sleep .5
done
kill -ALRM ${_timer} 2>/dev/null
wait ${_timer} # don't print Alarm clock
[[ $? == 0 ]] || _exit=failed
# KILL the process
_rc_do rc_check && _rc_do _rc_sendsig KILL && _exit="killed"
_rc_do _rc_rm_runfile
if typeset -f rc_post >/dev/null; then
_rc_do rc_post || _exit=failed
fi
_rc_exit ${_exit:=ok}
;;
reload)
echo $_n "${INRC:+ }${_name}"
_rc_do rc_check || _rc_exit failed
if typeset -f rc_configtest >/dev/null; then
_rc_do rc_configtest || _rc_exit failed
fi
_rc_do rc_reload & _timer=$!
while ((SECONDS < daemon_timeout)); do
pkill -0 -P "$$" 2>/dev/null || break
${_1stloop} && _1stloop=false || sleep .5
done
kill -ALRM ${_timer} 2>/dev/null
wait ${_timer} # don't print Alarm clock
_ret=$?
[[ ${_ret} == 142 ]] && _exit=timeout || [[ ${_ret} == 0 ]] ||
_exit=failed
_rc_exit ${_exit:=ok}
;;
restart)
if typeset -f rc_configtest >/dev/null; then
_rc_do rc_configtest || _rc_exit failed
fi
$0 ${_RC_DEBUG} ${_RC_FORCE} stop &&
$0 ${_RC_DEBUG} ${_RC_FORCE} start
;;
*)
_rc_usage
;;
esac
}
_name=${0##*/}
+ _name=fail2ban
_rc_check_name "${_name}" || _rc_err "invalid rc.d script name: ${_name}"
+ _rc_check_name fail2ban
[ -n "${KSH_VERSION}" ] || _rc_err "$0: wrong shell, use /bin/ksh"
+ [ -n @(#)PD KSH v5.2.14 99/07/13.2 ]
[ -n "${daemon}" ] || _rc_err "$0: daemon is not set"
+ [ -n /usr/local/bin/fail2ban-client ]
unset _RC_DEBUG _RC_FORCE
+ unset _RC_DEBUG _RC_FORCE
while getopts "df" c; do
case "$c" in
d) _RC_DEBUG=-d;;
f) _RC_FORCE=-f;;
*) _rc_usage;;
esac
done
+ getopts df c
shift $((OPTIND-1))
+ shift 0
_RC_RUNDIR=/var/run/rc.d
+ _RC_RUNDIR=/var/run/rc.d
_RC_RUNFILE=${_RC_RUNDIR}/${_name}
+ _RC_RUNFILE=/var/run/rc.d/fail2ban
# parse /etc/rc.conf{.local} for the daemon variables
_rc_do _rc_parse_conf
+ _rc_do _rc_parse_conf
rc_reload_signal=${rc_reload_signal:=HUP}
+ rc_reload_signal=HUP
rc_stop_signal=${rc_stop_signal:=TERM}
+ rc_stop_signal=TERM
eval _rcexecdir=\${${_name}_execdir}
+ eval _rcexecdir=${fail2ban_execdir}
_rcexecdir=${fail2ban_execdir}
+ _rcexecdir=
eval _rcflags=\${${_name}_flags}
+ eval _rcflags=${fail2ban_flags}
_rcflags=${fail2ban_flags}
+ _rcflags=
eval _rclogger=\${${_name}_logger}
+ eval _rclogger=${fail2ban_logger}
_rclogger=${fail2ban_logger}
+ _rclogger=
eval _rcrtable=\${${_name}_rtable}
+ eval _rcrtable=${fail2ban_rtable}
_rcrtable=${fail2ban_rtable}
+ _rcrtable=
eval _rctimeout=\${${_name}_timeout}
+ eval _rctimeout=${fail2ban_timeout}
_rctimeout=${fail2ban_timeout}
+ _rctimeout=
eval _rcuser=\${${_name}_user}
+ eval _rcuser=${fail2ban_user}
_rcuser=${fail2ban_user}
+ _rcuser=
# set default values; duplicated in rcctl(8)
getcap -f /etc/login.conf.d/${_name}:/etc/login.conf ${_name} 1>/dev/null 2>&1 && \
daemon_class=${_name} || daemon_class=daemon
+ getcap -f /etc/login.conf.d/fail2ban:/etc/login.conf fail2ban
+ > /dev/null
+ 2>&1
+ daemon_class=daemon
[ -z "${daemon_rtable}" ] && daemon_rtable=0
+ [ -z ]
+ daemon_rtable=0
[ -z "${daemon_timeout}" ] && daemon_timeout=30
+ [ -z ]
+ daemon_timeout=30
[ -z "${daemon_user}" ] && daemon_user=root
+ [ -z ]
+ daemon_user=root
# use flags from the rc.d script if daemon is not enabled
[ -n "${_RC_FORCE}" -o "$1" != "start" ] && [ X"${_rcflags}" = X"NO" ] &&
unset _rcflags
+ [ -n -o check != start ]
+ [ X = XNO ]
[ -n "${_rcexecdir}" ] && daemon_execdir=${_rcexecdir}
+ [ -n ]
[ -n "${_rcflags}" ] && daemon_flags=${_rcflags}
+ [ -n ]
[ -n "${_rclogger}" ] && daemon_logger=${_rclogger}
+ [ -n ]
[ -n "${_rcrtable}" ] && daemon_rtable=${_rcrtable}
+ [ -n ]
[ -n "${_rctimeout}" ] && daemon_timeout=${_rctimeout}
+ [ -n ]
[ -n "${_rcuser}" ] && daemon_user=${_rcuser}
+ [ -n ]
if [ -n "${_RC_DEBUG}" ]; then
echo -n "${_name}_flags "
[ -n "${_rcflags}" ] || echo -n "empty, using default "
echo ">${daemon_flags}<"
fi
+ [ -n ]
readonly daemon_class
+ readonly daemon_class
unset _rcexecdir _rcflags _rclogger _rcrtable _rctimeout _rcuser
+ unset _rcexecdir _rcflags _rclogger _rcrtable _rctimeout _rcuser
# the shell will strip the quotes from daemon_flags when starting a daemon;
# make sure pexp matches the process (i.e. doesn't include the quotes)
pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
+ eval echo /usr/local/bin/fail2ban-client
echo /usr/local/bin/fail2ban-client
+ echo /usr/local/bin/fail2ban-client
+ pexp=/usr/local/bin/fail2ban-client
rc_bg=YES
+ rc_bg=YES
rc_reload=NO
+ rc_reload=NO
rc_pre() {
install -d -o root -m 0700 /var/run/fail2ban
}
rc_start() {
${rcexec} "${daemon} start ${daemon_flags} ${_bg}"
}
rc_check() {
pgrep -q -f "fail2ban-server"
}
rc_stop() {
${rcexec} "${daemon} stop"
}
rc_cmd $1
+ rc_cmd check
_enotsup=${rc_check}
fail2ban(failed).
OpenBSD Auto learn spam/ham crontab
- iRedMail version 1.6.8 PGSQL edition
- Deployed with downloadable installer
- OpenBSD 7.3 GENERIC.MP#5 amd64
- Store mail accounts in PGSQL
- Web server Nginx
- Manage mail accounts with iRedAdmin & command line
Please note that in your excellent support documents for auto learn spam/ham crontab:
docs.iredmail.org/dovecot.imapsieve.html#setup-cron-job-to-scan-and-learn-spamham-messages
In the crontab section:
Run command crontab -e -u root to setup cron job for root user, scan emails every 10 minutes:
# iRedMail: Scan reported mails.
*/10 * * * * /bin/bash /etc/dovecot/sieve/scan_reported_mails.sh
results in error: "/bin/sh: /bin/bash: not found"
I think the crontab (for OpenBSD) might need to be changed to:
# iRedMail: Scan reported mails.
*/10 * * * * /bin/sh /etc/dovecot/sieve/scan_reported_mails.sh
Re: OpenBSD Auto learn spam/ham crontab
Now I have new errors:
rmdir: /var/vmail/imapsieve_copy/processing/spam: Directory not empty
rmdir: /var/vmail/imapsieve_copy/processing/ham: Directory not empty
Re: OpenBSD Auto learn spam/ham crontab
results in error: "/bin/sh: /bin/bash: not found"
Updated doc to mention using /usr/local/bin/bash instead of /bin/bash on FreeBSD/OpenBSD.
The shell script is written in Bash shell syntax, so neither /bin/sh nor /bin/ksh is ok (although ksh usually works fine).
gmail bouncing my mails
I don't remember this happening in the past nor have I made changes.
Here's the bounce message:
This is the mail system at host mail.lifeassetsllc.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<MY Mom's Email address@gmail.com>: host
gmail-smtp-in.l.google.com[2607:f8b0:4023:c0d::1b] said: 550-5.7.25
[2607:f130:0:f7:216:3eff:fe7c:9ec5] The IP address sending this 550-5.7.25
message does not have a PTR record setup, or the corresponding 550-5.7.25
forward DNS entry does not point to the sending IP. As a policy, 550-5.7.25
Gmail does not accept messages from IPs with missing PTR records.
550-5.7.25 For more information, go to 550-5.7.25
https://support.google.com/mail/answer/ … -practices 550-5.7.25 To
learn more about Gmail's sender policy, go to 550 5.7.25
https://support.google.com/mail/answer/81126.
c16-20020a63d510000000b005dc89319b58si10225642pgg.682 - gsmtp (in reply to
end of DATA command)
along with an attachment to the email:
Return-Path: <myemail@lifemodelsllc.com>
Received: from mail.lifeassetsllc.com (mail.lifeassetsllc.com [127.0.0.1])
by mail.lifeassetsllc.com (Postfix) with ESMTP id 4VPG2G66Xkz981
for <Mom's Email@gmail.com>; Tue, 23 Apr 2024 17:48:06 -0400 (EDT)
Authentication-Results: mail.lifeassetsllc.com (amavisd-new);
dkim=pass (2048-bit key) reason="pass (just generated, assumed good)"
header.d=lifemodelsllc.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
lifemodelsllc.com; h=x-mailer:to:message-id:subject:date
:mime-version:from:content-transfer-encoding:content-type; s=
dkim; t=1713908886; x=1716500887; bh=LBnQoLnGzd7IzsBFwBpFTRcEKeZ
5Srpx1hUgwsSfUns=; b=LipMWy2PMA3dWem0EqRaA90h+Za7NsajUv56ImeczuB
Bk9lOTjvPLz/EPlo+iSf5IbwoG1WmF8IC2tcq+M76K+oBvf2Lxg4Bd57bESGGbmg
h5+nuYpN14z9tIJpK2EavsMWidtTFrvbz/bkcENHD6MQr3KJhVH8l250ieKpHe6b
LZM2+4meAsZ2+dxlrEQyoESIXAvsw4fcyF8nW905ALo/61Ht7gYUTyoEgbbPT4Lf
sc1WowHCJcLGg6V26DGIuBS1ai6nmQRLVxNCTNVI+RtiUKJ1Do44nFlB1q10csCO
xGTnNgtvOOvJlV4u2+ThAi1aVewZVPYv7CDfWXs2y6g==
X-Virus-Scanned: amavisd-new at mail.lifeassetsllc.com
Received: from mail.lifeassetsllc.com ([127.0.0.1])
by mail.lifeassetsllc.com (mail.lifeassetsllc.com [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id zxcdGlLsCAie for <mom's email@gmail.com>;
Tue, 23 Apr 2024 17:48:06 -0400 (EDT)
Received: from smtpclient.apple (pool-173-72-11-197.cmdnnj.fios.verizon.net [173.72.11.197])
by mail.lifeassetsllc.com (Postfix) with ESMTPSA id 4VPG2G0PCrzB11
for <my mom@gmail.com>; Tue, 23 Apr 2024 17:48:06 -0400 (EDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-DB29DAB6-0059-46BC-B499-7BACC19EA598
Content-Transfer-Encoding: 7bit
From: "Me" <my email@lifemodelsllc.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 23 Apr 2024 17:48:04 -0400
Subject: =?utf-8?Q?Screenshot_2024-04-23_at_5.47.45=E2=80=AFPM?=
Message-Id: <84B5D76A-1DC3-4ED2-AFF6-C2601C999919@lifemodelsllc.com>
To: Mom <mom's email@gmail.com>
X-Mailer: iPhone Mail (21E236)
The reverse DNS and other records are/were set by my hosting company. What, per the bounce, should they be set to? Not sure why this error popped up, and I certainly can't debug how to fix it.
Thanks everyone.
Andrew
Re: gmail bouncing my mails
You sending your mail trough IPv6, so the ipv6 (static) needs PTR aswell, and needs to be included in the SPF and registered in https://www.gmail.com/postmaster/
Re: OpenBSD Auto learn spam/ham crontab
Updated doc to mention using /usr/local/bin/bash instead of /bin/bash on FreeBSD/OpenBSD.
The shell script is written in Bash shell syntax, so neither /bin/sh nor /bin/ksh is ok (although ksh usually works fine).
That fix seems to have resolved my issue, thank you for this solution, and for all of the work that you do!
Re: Before purchare question
- iRedMail is free and open source.
How could a user of the non-paid version donate to support the open-source efforts?
Re: Before purchare question
How could a user of the non-paid version donate to support the open-source efforts?
Send to our PayPal account directly: paypal @ iredmail . org. We received maybe $2000-5000 in total since 2007. I don't recommend OSS developers to make a live with just donation.
By the way, if you don't have many mailboxes, consider our upcoming "iRedMail Enterprise Edition" instead of "iRedMail + iRedAdmin-Pro": https://www.iredmail.org/ee.html
Currently 2 pricing models are available:
- $15 per mailbox per year.
- $3000 per server with unlimited mailboxes.
Re: openbsd fail2ban(failed)
Should the "-x" flag be added to the "/etc/rc.d/fail2ban" file? Or is the startup script not loading with the appropriate permissions? Or does the /var/run/fail2ban directory have incorrect permissions?
I added the "-x" flag and it works on OpenBSD 7.5 with upcoming iRedMail release.
Could you help verify it?
diff --git a/samples/fail2ban/openbsd/rc b/samples/fail2ban/openbsd/rc
index c17846b9..b64f690c 100755
--- a/samples/fail2ban/openbsd/rc
+++ b/samples/fail2ban/openbsd/rc
@@ -12,7 +12,7 @@ rc_pre() {
}
rc_start() {
- ${rcexec} "${daemon} start ${daemon_flags} ${_bg}"
+ ${rcexec} "${daemon} -x start ${daemon_flags} ${_bg}"
}
rc_check() {