We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Is it safe to update?
Is it safe to update?
Hi!
Running yum update returns a couple of packages to be upgraded from the rpm-repo. (clamav, clamd, etc.)
On a prevous server when I updated these with VestaCP the Clam installation broke and so i stopped receiving emails.
That was a random anomaly and it's safe to update these packages or I should ignore them?
Running yum update returns a couple of packages to be upgraded from the rpm-repo. (clamav, clamd, etc.)
On a prevous server when I updated these with VestaCP the Clam installation broke and so i stopped receiving emails.
That was a random anomaly and it's safe to update these packages or I should ignore them?
Re: Is it safe to update?
I'd say it's perfectly safe. If you're worried though you should make sure you have backups and run the update on a test-server first before doing it in a production environment. Easy as that.
When exim is your main concern I'd recommend using a fallback mailserver to enable you to still receive and later relay emails in the unlikely event your primary mailserver has issues.
When exim is your main concern I'd recommend using a fallback mailserver to enable you to still receive and later relay emails in the unlikely event your primary mailserver has issues.
Re: Is it safe to update?
What do you mean with setup a fallback mailserver? There is no mail cluster yet?
Re: Is it safe to update?
Using a fallback mailserver has nothing to do with clustering. You setup a new mailserver as a relay working behind a secondary MX record, so that in the event your primary mailserver goes down for whatever reason the sender's MTA will use the second MX record to deliver mail to your fallback server. As soon as your primary server is back up, the fallback server will notice and supply all mail received during the downtime. Senders don't get those nasty "delivery failed" error messages, and recipients get their email - albeit with a small delay. It has some disadvantages as your users will still have to cope with the mailserver downtime. It doesn't solve everything, but it's a simple and cheap solution to at least part of the problem. You could also use a couple servers the same way to filter spam and then relay clean email to a mailserver(-cluster). That way you achieve separation of roles, less load on the actual mailserver(s), high availability, better spam/virus protection, et cetera. All depends on what you want and what your budget is. But I've gone a bit off topic ;-)krok wrote:What do you mean with setup a fallback mailserver? There is no mail cluster yet?
Re: Is it safe to update?
Hi!
Thanks, I'll try it on my secondary server which should not cause any downtime or problems since it's only a dns-cluster and SMTP relay. I'll post an update with the results.
--------UPDATE
I've ran the update, the following problems occured:
SOLUTION AT THE BOTTOM!
update process:
Updating : clamav-0.98.4-1.el6.rf.x86_64 2/6
warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew
Updating : clamd-0.98.4-1.el6.rf.x86_64 3/6
warning: /etc/clamd.conf created as /etc/clamd.conf.rpmnew
service clamd status returns:
clamd is stopped
service clamd start returns:
Starting Clam AntiVirus Daemon: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be removed: Permission denied
ERROR: Can't unlink the socket file /var/run/clamav/clamd.sock
[FAILED]
Also i'm not able to receive emails from other servers
Rebooting the server does not help, starting still returns FAILED
Fixing the /etc/clamd.conf & /etc/freshclam.conf and service clamd start returns:
Starting Clam AntiVirus Daemon: ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger
[FAILED]
Restoring the config files and service clamd start returns:
Starting Clam AntiVirus Daemon: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
ERROR: Can't unlink the socket file /var/run/clamav/clamd.sock
[FAILED]
chown clam /var/run/clamav and service clamd start finally fixed the startup problem:
Starting Clam AntiVirus Daemon: [ OK ]
And also, emails are arriving again. So the solution without all the hassle is: chown the clamav folder back for the clam user.
Thanks, I'll try it on my secondary server which should not cause any downtime or problems since it's only a dns-cluster and SMTP relay. I'll post an update with the results.
--------UPDATE
I've ran the update, the following problems occured:
SOLUTION AT THE BOTTOM!
update process:
Updating : clamav-0.98.4-1.el6.rf.x86_64 2/6
warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew
Updating : clamd-0.98.4-1.el6.rf.x86_64 3/6
warning: /etc/clamd.conf created as /etc/clamd.conf.rpmnew
service clamd status returns:
clamd is stopped
service clamd start returns:
Starting Clam AntiVirus Daemon: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be removed: Permission denied
ERROR: Can't unlink the socket file /var/run/clamav/clamd.sock
[FAILED]
Also i'm not able to receive emails from other servers
Rebooting the server does not help, starting still returns FAILED
Fixing the /etc/clamd.conf & /etc/freshclam.conf and service clamd start returns:
Starting Clam AntiVirus Daemon: ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger
[FAILED]
Restoring the config files and service clamd start returns:
Starting Clam AntiVirus Daemon: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
ERROR: Can't unlink the socket file /var/run/clamav/clamd.sock
[FAILED]
chown clam /var/run/clamav and service clamd start finally fixed the startup problem:
Starting Clam AntiVirus Daemon: [ OK ]
And also, emails are arriving again. So the solution without all the hassle is: chown the clamav folder back for the clam user.
Re: Is it safe to update?
Milka wrote:Using a fallback mailserver has nothing to do with clustering. You setup a new mailserver as a relay working behind a secondary MX record, so that in the event your primary mailserver goes down for whatever reason the sender's MTA will use the second MX record to deliver mail to your fallback server. As soon as your primary server is back up, the fallback server will notice and supply all mail received during the downtime. Senders don't get those nasty "delivery failed" error messages, and recipients get their email - albeit with a small delay. It has some disadvantages as your users will still have to cope with the mailserver downtime. It doesn't solve everything, but it's a simple and cheap solution to at least part of the problem. You could also use a couple servers the same way to filter spam and then relay clean email to a mailserver(-cluster). That way you achieve separation of roles, less load on the actual mailserver(s), high availability, better spam/virus protection, et cetera. All depends on what you want and what your budget is. But I've gone a bit off topic ;-)krok wrote:What do you mean with setup a fallback mailserver? There is no mail cluster yet?
Great! but could you clarify what is the purpose of the mail cluster then? i have 2 vesta servers and would like to setup one of them as a fallback server. i wonder if this is possible using my 2 servers? i only have dns cluster setup atm.
Re: Is it safe to update?
Hi
As of now i don't thing VestaCP supports any out-of-box mail "clustering" or any automated options like dns-cluster. The manual method would be to simply add another MX record with lower priority so in case your first server could not be reached by the other servers they'll try to send the mail to the lower priority mail server where you set up your mail accounts too. (If I understand the situation correctly). This is probably not a proper fallback configuration as it would not deliver the messages when the primary server is up.
As of now i don't thing VestaCP supports any out-of-box mail "clustering" or any automated options like dns-cluster. The manual method would be to simply add another MX record with lower priority so in case your first server could not be reached by the other servers they'll try to send the mail to the lower priority mail server where you set up your mail accounts too. (If I understand the situation correctly). This is probably not a proper fallback configuration as it would not deliver the messages when the primary server is up.
Re: Is it safe to update?
Yeah that was my first thought, but i would like something that just hold the mail so it will be sent when the main server is up again so the email wont get lost. is that how the mail cluster work that will be released later on?
Re: Is it safe to update?
The first part you describe is correct, but the fallback server doesn't contain mail accounts at all. That wouldn't make sense. It just functions as a relay, passing on all mail to the mailserver as soon as it's up and running again.szimre wrote:Hi
As of now i don't thing VestaCP supports any out-of-box mail "clustering" or any automated options like dns-cluster. The manual method would be to simply add another MX record with lower priority so in case your first server could not be reached by the other servers they'll try to send the mail to the lower priority mail server where you set up your mail accounts too. (If I understand the situation correctly). This is probably not a proper fallback configuration as it would not deliver the messages when the primary server is up.
Re: Is it safe to update?
No, that's how a fallback would work. A cluster would solve your problem very well too. Using both would be even better, but as I said before, that depends on your wishes and your budget.krok wrote:Yeah that was my first thought, but i would like something that just hold the mail so it will be sent when the main server is up again so the email wont get lost. is that how the mail cluster work that will be released later on?