nginx.service is not active, cannot reload.

[bunyevacz]

The main problem with install.sh, it is monolithic, so if it stops it can't be restarted without error. For me it stopped with git clone timeout. Can this install.sh chopped up into chunks? a) import all the keys b) install prerequisites c) test running processes d) install program a, b, c, etc.

I fixed the install.sh, with the following modification:

$SYSTEMCTL_PATH reload nginx

modified to:

$SYSTEMCTL_PATH start nginx
$SYSTEMCTL_PATH reload nginx

at install.sh:600: https://github.com/nodemailer/wildduck/blob/734a6b974856237d4fdf2ac87e8222bbc4ac2165/setup/install.sh#L600

After this modification, I successfully installed the bundle, and it is working (webmail, mailserver, etc).

Is pull request welcome for breaking install.sh to multiple file? I believe it would help troubleshooting, if installation is unsuccesful.

[andris9]

Yeah, definitely, if you think you can make the install script better, then it's all welcomed. I just hacked the current script together, it's not anything too great.

[bunyevacz]

Hi,

I have created a pull request: https://github.com/nodemailer/wildduck/pull/84

I tried to be minimally intrusive, it is basically your script choped up into smaller sections. So when it breaks, it is easier to see where exactly. It is tested on ubuntu 16.04.4.

There are still room for improvement:

• create certs, dkim (especially dkim! I have a dkim signature mismatch on all outbound emails), as separate files, so it can be modified after the installation (add the dkim cert afterwards, regenerate it with install.sh)
• use sudo instead of root
• on subsequent install.sh launch many things do not need to be redone (apt keys import, apt installs)

So I still want to break out these things (acme.sh, dkim signature, etc) into self contained subscript, so it can be launched separately.

I hope you like the pull request. There are some unused shell functions, for password request. It will be needed once the install.sh can be launched without root. (and asks for the user password, and issue sudo commands).

With the current root method the main problem that many dirs are created with root:root owner in the users $HOME directory...

[andris9]

Btw I updated the commit hashes as the Wildduck version listed in install script handled incoming message rate limiting invalidly. If you already use the older version then you might want to upgrade haraka-plugin-wildduck and flush Redis as otherwise all users get rate limited sooner or later for their incoming email.

[bunyevacz]

As I use kvm servers. Maybe it would be easier, just to install everything from ground up. But dont know how to migrate data yet.

I need definietly look into upgrading. And how it should be done. Any suggestions?

[andris9]

You can update code via git. For example if you want to upgrade wildduck in /opt/wildduck to 538da537ca3cef0bbd714da70085cfd4cc734b49 then run the following commands:

(root) $ sudo su deploy
(deploy) $ cd /var/opt/wildduck.git
(deploy) $ git fetch origin 538da537ca3cef0bbd714da70085cfd4cc734b49
(deploy) $ git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck checkout 538da537ca3cef0bbd714da70085cfd4cc734b49
(deploy) $ cd /opt/wildduck
(deploy) $ npm install --production 
(deploy) $ exit
(root) $ systemctl restart wildduck

Edit: added npm install also to the list of commands, otherwise you might end up with missing dependencies

[bunyevacz]

something like this?:

Jun  8 15:09:47 mail zone-mta[1202]: info Sender/default/1360[3] 163df7203c70003521.001 DEFERRED[recipient] 
from=no-reply@microsoft.com to=jlajlp@awe.com src=0.0.0.0 
dst=mail.awe.com[192.168.10.10] id=<a85d2dc1-0b1a-475d-bd17-d4d21f932477@BL2FFO11FD018.protection.gbl> 
(450-4.2.1 The user you are trying to contact is receiving mail at a rate 
that prevents additional messages from being delivered. 
Please resend your message at a later time. If the user is able to receive mail at that time, 
your message will be delivered.)

I thought it is this haraka-plugin-wildduck commit causing problem: https://github.com/nodemailer/haraka-plugin-wildduck/commit/05b08074371e7e3b836088cfe3c225735fe377ea

But this looks like a zone-mta error to me. And message (indeed) do not reach the inbox. Also the hook_script seems to not executing right (in original install.sh either). I'm investigating...

In /opt dir, I have

haraka
wildduck
wildduck-webmail
zone-mta

I updated zone-mta:

(root) $ sudo su deploy
(deploy) $ cd /var/opt/zone-mta.git
(deploy) $ git fetch origin f5f6a80ef6571c24afbb013eb18d74ec6e81ea1e
(deploy) $ git --git-dir=/var/opt/zone-mta.git --work-tree="/opt/zone-mta" checkout -- package.json
(deploy) $ git --git-dir=/var/opt/zone-mta.git --work-tree="/opt/zone-mta" checkout f5f6a80ef6571c24afbb013eb18d74ec6e81ea1e
(deploy) $ cd /opt/zone-mta/
(deploy) $ npm install --production 
(deploy) $ exit
(root) $ systemctl restart zone-mta

zonemta-wildduck is already at v1.11.2:

git --git-dir=/var/opt/zonemta-wildduck.git --work-tree="/opt/zone-mta/plugins/wildduck/" status

Updated wildduck:

(deploy) $ git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck diff -- emails/00*json
diff --git a/emails/00-example.json b/emails/00-example.json
index 2e2f326..b056776 100644
--- a/emails/00-example.json
+++ b/emails/00-example.json
@@ -1,5 +1,5 @@
 {
-    "disabled": true,
+    "disabled": false,

     "flag": true,

(deploy) $ git fetch origin 538da537ca3cef0bbd714da70085cfd4cc734b49
(deploy) $ git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck checkout 538da537ca3cef0bbd714da70085cfd4cc734b49
fatal: reference is not a tree: 538da537ca3cef0bbd714da70085cfd4cc734b49
(deploy) $ git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck pull
(deploy) $ git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck checkout 538da537ca3cef0bbd714da70085cfd4cc734b49
(deploy) $ cd /opt/wildduck
(deploy) $ npm install --production 
(deploy) $ exit 
(userr)  $ systemctl restart wildduck

Updated haraka-plugin-wildduck:

(deploy) $ cd haraka-plugin-wildduck.git/
(deploy) $ git --git-dir=/var/opt/haraka-plugin-wildduck.git --work-tree=/opt/haraka/plugins/wildduck checkout 174b29552188295c7eebb422af7837b20a6e61e6
(deploy) $ git --git-dir=/var/opt/haraka-plugin-wildduck.git --work-tree=/opt/haraka/plugins/wildduck checkout package.json
(deploy) $ git --git-dir=/var/opt/haraka-plugin-wildduck.git --work-tree=/opt/haraka/plugins/wildduck checkout 174b29552188295c7eebb422af7837b20a6e61e6
(deploy) $ cd /opt/haraka/plugins/wildduck/
(deploy) $ npm install --unsafe-perm --production --progress=false
(deploy) $ exit
(userr) $ systemctl restart haraka

Checked Redis:

$ redis-cli
127.0.0.1:6379> keys "*"
(empty list or set)
127.0.0.1:6379> quit

Flushed the Redis database:

 redis-cli
127.0.0.1:6379> flushall
OK
127.0.0.1:6379> exit

And without reboot, mails started flowing into the account. However half day was lost:-| I still need some clever way to monitor this setup. syslog is a bit cumbersome. Especially to get notified when someone rejects our email.

[bunyevacz]

I think this issue can be closed. The setup script is chopped up, and the wiki page has some up to date updating info.