I got this message today: $ doveadm pw -s SHA512-CRYPT Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No such file or directory It seems if you have no tty, you can’t create a password. Surely there is a better way to do this? # w 7:21PM up 19 days, 4 mins, 0 users, load averages: 0.48, 0.77, 0.67 USER TTY FROM LOGIN@ IDLE WHAT # That’s on a FreeBSD 8.4-RELEASE-p3 jail. To access […]
doveadm cannot work without a tty Read More »
Here are a few posts for future reading: How to add a jailed server to OpenVPN? Running OpenVPN in a ezjail jail Restarting OpenVPN in jail erase tun0 configuration OpenVPN Client in a jail
Interesting jail/OpenVPN reading Read More »
I’ve been meeting a few challenges with running an instance of bacula-fd in each of my jails. Most of them are related to networking. Perhaps my deployment strategies are imposing too many restrictions. The challenges arise on the jail hosts which are not behind my firewall at home. Each of those servers is accessible through a VPN, but the individual jails on those servers are not. The backup of the jail host is
Accessing every jail from a VPN Read More »
I’ve been using Bacula since early 2004. I’ve been using FreeBSD since 1998. Jails are a relatively newcomer. I starting using it later in 2004. But it’s only recently that I’ve started using them intensively. Backups are always a touchy subject. With ezjail, the files you need to backup are greatly reduced. You’re not backing up the base OS, just the local files. I’ve created a fileset which seems to do the right
ezjail-jail: making a full backup of a FreeBSD jail with Bacula Read More »
I first mentioned this idea yesterday. This morning I started implementing it. UPDATE: this strategy is mentioned in Scenic BGP Route | TechSNAP 137 at about 0:47:30. I back up my mail. On a regular and frequent basis. However, I wanted something more. What about the email which comes in between backups? How can I capture them and restore them after restoring my backup? Yesterday I had an idea: Keep a copy of
Mail backups using newsyslog.conf for rotation Read More »
I’ve taken to the concept of sending a copy of each incoming email to a second server, for backup. This could be achieved by an alias. Store them in mbox format. Use newsyslog to rotate it over time. UPDATE: this strategy is mentioned in Scenic BGP Route | TechSNAP 137 at about 0:47:30. As part of disaster recovery, my Maildir would be restored from backup. The emails which arrived after the backup would
Using mbox for mail backup Read More »
My mail server of choice is Postfix. I’ve been using it since 1992. It is what I install on all my servers. But that is going go change today. I just installed nullmailer on my DHCP server. When your machine just sends outgoing email, just as notices, you don’t need a full blown MTA. Something like nullmailer should suffice. The system I’m working on is a FreeBSD jail running FreeBSD 9.1-RELEASE-p4. I’m about
Using nullmailer instead of a full blown mail server Read More »
I use FreeBSD Jails. I use them a lot. I have jails for websites. I have jails for regression testing, mail servers, OpenVPN servers, etc. I like jails for many reasons. One of which is being able to create a new jail which is pretty much identical to another jail, except for a few things. In this case, I wanted to create a new jail to do regression testing for Bacula, the best
Using ezjail-admin archive to create a new jail, almost like an existing jail Read More »
Following on from the StartCOM verus Apple issues I mentioned yesterday, I have created a new 4K certificate from StartCOM. Apple has no problem with that certificate. I was in the process of setting up some test servers: Dovecot with a 2048-bit cert Dovecot with a 4096-bit cert Cyrus with a 2048-bit cert Cyrus with a 4096-bit cert I started with Dovecot and was testing each one as I set it up. As
One StartCOM cert works; the other does not Read More »
I decided to set up some of my mail servers to require certification authentication on the submission port (587). In my case, I want to forward mail from my server at home to my public servers out there on the Internet. I don’t want just anyone to be able to submit mail here, so the easiest way for me do to this was with certification. I could have done it with IP addresses,
Postfix client certificate verification Read More »