Rocky, Alma, Springdale 9 QT Install: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
No edit summary
 
(79 intermediate revisions by the same user not shown)
Line 1: Line 1:
Vpopmail Many-Domain MySQL backend
[[Main_Page#RHEL_9_&_Derivatives|Back]]<br>
Minimal Install RHEL9 Derivative Sprindale Alma Rocky
=Enterprise Linux 9 Minimal Install=
QMT Install
==QMT Install ('Many-Domain')==
# curl -o /usr/local/bin/qt_install https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_install_cos9.sh
<nowiki>#</nowiki> curl -o /usr/local/bin/qt_install https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_install_cos9.sh
# chmod 755 /usr/local/bin/qt_install
<nowiki>#</nowiki> chmod 755 /usr/local/bin/qt_install
# qt_install
<nowiki>#</nowiki> qt_install
# toaststat
    <span style="color:red"> ...installing... </span>
<nowiki>#</nowiki> toaststat<br>
Status of toaster services
send: up (pid 1323) 1517 seconds
smtp: up (pid 1324) 1517 seconds
submission: up (pid 1325) 1517 seconds
send/log: up (pid 1316) 1517 seconds
smtp/log: up (pid 1311) 1517 seconds
submission/log: up (pid 1314) 1517 seconds<br>
systemd service:              clamd@scan:      [<span style="color:green"> OK </span>]
systemd service:        clamav-freshclam:      [<span style="color:green"> OK </span>]
systemd service:            spamassassin:      [<span style="color:green"> OK </span>]
systemd service:                  dovecot:      [<span style="color:green"> OK </span>]
systemd service:                  mariadb:      [<span style="color:green"> OK </span>]
systemd service:                    httpd:      [<span style="color:green"> OK </span>]
systemd service:                    named:      [<span style="color:green"> OK </span>]
systemd service:                    ntpd:      [<span style="color:green"> OK </span>]
systemd service:                    sshd:      [<span style="color:green"> OK </span>]
systemd service:                  network:      [<span style="color:green"> OK </span>]
systemd service:                    crond:      [<span style="color:green"> OK </span>]
systemd service:                    acpid:      [<span style="color:green"> OK </span>]
systemd service:                      atd:      [<span style="color:green"> OK </span>]
systemd service:                  autofs:      [<span style="color:green"> OK </span>]
systemd service:                  smartd:      [<span style="color:green"> OK </span>]
systemd service:              irqbalance:      [<span style="color:green"> OK </span>] (Multiple processors only)<br>
<nowiki>#</nowiki> [https://raw.githubusercontent.com/qmtoaster/scripts/master/conntest conntest]
Enter a valid remote email account to which QMT will send mail: <email address>
IMAPS: postmaster@domain.tld --> <span style="color:green">success</span>
Submission: postmaster@domain.tld --> <span style="color:green">success</span>
SMTPS: postmaster@domain.tld --> <span style="color:green">success</span>


Status of toaster services
[http://wiki.qmailtoaster.org/index.php?title=Simscan Scanners]
send: up (pid 101809) 1684421 seconds
[http://wiki.qmailtoaster.org/index.php?title=Alias_Domains Many Domain Install (Alias Domain)]
smtp: up (pid 101807) 1684421 seconds
Qmail-1.03-3.3.11 (OpenSSL3)
smtps: up (pid 101808) 1684421 seconds
[https://github.com/qmtoaster/patches/blob/master/EL9/README.md Patches] applied
submission: up (pid 101812) 1684421 seconds
send/log: up (pid 101806) 1684421 seconds
smtp/log: up (pid 101811) 1684421 seconds
smtps/log: up (pid 101810) 1684421 seconds
submission/log: up (pid 101827) 1684421 seconds


mysql mysqld
== Install certificate ==
systemd service:              clamd@scan:      [ OK  ]
  [[Certificate]] *Note: The certificate must be 2048 bits or more
systemd service:         clamav-freshclam:       [  OK  ]
== Test certificate ==
systemd service:             spamassassin:       [  OK  ]
  # curl --verbose smtps://mail.domain.tld
systemd service:                 dovecot:       [ OK  ]
  # curl --verbose imaps://mail.domain.tld
systemd service:                   mysqld:      [  OK  ]
or
systemd service:                   httpd:       [  OK  ]
  # openssl s_client mail.domain.tld:465
systemd service:                    named:      [ OK  ]
  # openssl s_client mail.domain.tld:993
systemd service:                 chronyd:       [  OK  ]
<pre>
systemd service:                     sshd:      [  OK  ]
<nowiki>*</nowiki> Server certificate:
systemd service:                    crond:      [  OK ]
<nowiki>*</nowiki>  subject: CN=mail.domain.tld
systemd service:                   acpid:      [  OK  ]
<nowiki>*</nowiki> start date: Jul 30 09:16:16 2024 GMT
systemd service:                      atd:      [  OK ]
<nowiki>*</nowiki> expire date: Oct 28 09:16:15 2024 GMT
systemd service:                   autofs:      [  OK  ]
<nowiki>*</nowiki> subjectAltName: host "mail.domain.tld" matched cert's "mail.domain.tld"
systemd service:                  smartd:      [  OK ]
<nowiki>*</nowiki> issuer: C=US; O=Let's Encrypt; CN=R11
systemd service:              irqbalance:      [  OK  ]
<nowiki>*</nowiki> SSL certificate verify ok.
</pre>


# conntest
If the following error is encountered when testing the new certificate the certificate is most likely less than 2048 bits
Enter a valid remote email account to which QMT will send mail via Submission & SMTPS:me@remote.org
IMAPS: postmaster@whitehorsetc.com [success]
Submission: postmaster@whitehorsetc.com --> ebroch.whtc@gmail.com [success]
SMTPS: postmaster@whitehorsetc.com --> ebroch.whtc@gmail.com [success]


  Scanners: rspam, spamassassin, dspam
806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354
  Qmail-1.03-3.3.8 (Implements TLSv1.3)
 
Usually Let's Encrypt certificates are at least 2048 bits, but encountering 256 bits keys is possible. Correct by specifying the number of bits:
 
certbot renew --cert-name -d domain.tld -d mail.domain.tld --apache <span style="color:red">--rsa-key-size 2048 --key-type rsa</span>

Latest revision as of 08:34, 18 October 2024

Back

Enterprise Linux 9 Minimal Install

QMT Install ('Many-Domain')

# curl -o /usr/local/bin/qt_install https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_install_cos9.sh
# chmod 755 /usr/local/bin/qt_install
# qt_install
    ...installing... 
# toaststat
Status of toaster services send: up (pid 1323) 1517 seconds smtp: up (pid 1324) 1517 seconds submission: up (pid 1325) 1517 seconds send/log: up (pid 1316) 1517 seconds smtp/log: up (pid 1311) 1517 seconds submission/log: up (pid 1314) 1517 seconds
systemd service: clamd@scan: [ OK ] systemd service: clamav-freshclam: [ OK ] systemd service: spamassassin: [ OK ] systemd service: dovecot: [ OK ] systemd service: mariadb: [ OK ] systemd service: httpd: [ OK ] systemd service: named: [ OK ] systemd service: ntpd: [ OK ] systemd service: sshd: [ OK ] systemd service: network: [ OK ] systemd service: crond: [ OK ] systemd service: acpid: [ OK ] systemd service: atd: [ OK ] systemd service: autofs: [ OK ] systemd service: smartd: [ OK ] systemd service: irqbalance: [ OK ] (Multiple processors only)
# conntest Enter a valid remote email account to which QMT will send mail: <email address> IMAPS: postmaster@domain.tld --> success Submission: postmaster@domain.tld --> success SMTPS: postmaster@domain.tld --> success
Scanners
Many Domain Install (Alias Domain)
Qmail-1.03-3.3.11 (OpenSSL3)
Patches applied

Install certificate

 Certificate *Note: The certificate must be 2048 bits or more

Test certificate

 # curl --verbose smtps://mail.domain.tld
 # curl --verbose imaps://mail.domain.tld

or

 # openssl s_client mail.domain.tld:465
 # openssl s_client mail.domain.tld:993 
* Server certificate:
*  subject: CN=mail.domain.tld
*  start date: Jul 30 09:16:16 2024 GMT
*  expire date: Oct 28 09:16:15 2024 GMT
*  subjectAltName: host "mail.domain.tld" matched cert's "mail.domain.tld"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.

If the following error is encountered when testing the new certificate the certificate is most likely less than 2048 bits

806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354

Usually Let's Encrypt certificates are at least 2048 bits, but encountering 256 bits keys is possible. Correct by specifying the number of bits:

certbot renew --cert-name -d domain.tld -d mail.domain.tld --apache --rsa-key-size 2048 --key-type rsa