Life goes on. And version 32 of Fedora linux is now available. So I've downloaded it and burned it to DVD. and then I started to upgrade my servers from 31 to 32.
And my email stopped working.
I have a fairly complicated email system, because I run my own mail servers, also have aol and gmail addresses, and use a homebrew despamming system, all of which works very well. Until it stopped working.
Fetchmail wasn't fetching from my mail server.
Initially, the only clue I had was that I wasn't getting any email. And that's pretty much impossible, I get several emails per hour (mostly spam), so obviously there was a blockage somewhere in my systems. So I checked my main mail server, and the mail was getting as far as that, but then the thing that grabbed it (called fetchmail) wasn't grabbing. And the only thing that I'd changed was, of course, the linux upgrade.
So first, I logged into th email server, and deleted all the obvious spam, because I knew that it would clog up if I unblocked whatever was the probem. I got the outstanding email down to 25 messages.
Then I ran
env LC_ALL=C fetchmail -vvv --nodetach --nosyslog
What that does, is show me the messages from fetchmail as it goes about trying to fetch mail, and it was immediately clear that it didn't like the SSL security certificate that it found on dovecot (which is the program that runs on the mail server that lets fetchmail fetch the messages). So I looked that the dovecot configuration file for the mail server, and the certificate it referenced, was the one that fetchmail didn't like. That's probably because I installed it five years ago, and it's well out of date.
But I use letsencrypt.org to make all my security certs (a few dozen of them!), and I already have a good and valid cert. All I had to do was copy that to the mail server, tell dovecot where it was, restart dovecot, and the mail started to flow again.
Then I did the same for all my other mail servers, and changed the cert update system so that the mail servers would be automatically updated when I update the cert.
And now my email system works again.
Ironic that you built a whole mail system to deal with spam and the first comment on this post is spam :D I know it's not your host/system but still ironic.ReplyDelete
And it's a good demonstration of the need for an anti-spam system!ReplyDelete
I did look through some of the approach/tools you outlined. I don't mind using gmail as my main aggregator where it pulls from different pop accounts. It does a decent job on filtering - over aggressive in some cases. Thanks for sharing what you use.ReplyDelete