Thursday, September 21, 2017

Nextcloud configuration

Nextcloud configuration issues on Debian 9 Stretch

In an attempt to get email and storage fixed, I am trying to get dovecot, postfix and nextcloud to integrate. With varying levels of success - what else is new?
Anyway, nextcloud greets with the fact I do not have OPcache enabled, and I should add to php.ini.

WRONG

NOT php.ini

So, I did... I added
opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=2
to every php.ini I could find.

The /etc/php/7.0/apache2/php.ini seems most logical, and is even mentioned in nextcloud channels. To no avail...
Tried /etc/php/7.0/cli/php.ini, which seems unlogical, but I don't know how nextcloud processes php.
That didn't help, either!

but opcache.ini

In fact, find opcache.ini, and edit it. Add above code, or lower buffers, files and memory to half the values, of what you can afford; proportionally.

service apache2 reload
As a result, your nextcloud will no longer nag you with caching stuff (apart from memcache, that is - do I need Redis?!?)

Saturday, September 16, 2017

Debian Stretch and opendkim: connection refused, no listener at port 8891

Debian stretch opendkim behaviour changed

opendkim fails to sign!

In a nutshell... if you face this:
postfix/submission/smtpd[17385]: warning: connect to Milter service inet:localhost:8891: Connection refused

and you cannot find a listener process at port 8891:
netstat -nltp | grep 8891
returns nothing,
and you find this in the /var/log/mail.log:
opendkim[18055]: OpenDKIM Filter v2.11.0 starting (args: -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock)
(which, by the way, explains the error...) and you have been checking /etc/opendkim.conf, and all other configuration files, and you are sure you have
Socket inet:8891@localhost

or
smtpd_milters = inet:127.0.0.1:8891
in your /etc/postfix/main.cf, rest assured, you're not alone.

opendkim.conf is ignored

Instead, edit /lib/systemd/system/opendkim.service:
# ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
Save the file, reload, and restart:
systemctl daemon-reload service opendkim restart
Now, you have a listener at port 8891...
Also, you will see this in mail.log:
OpenDKIM Filter v2.11.0 starting (args: -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost)

Result

My SPF as well as DKIM are accepted by gmail:
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@xxxxx header.s=mail header.b=h8Rqwad8; spf=pass (google.com: domain of frank@xxxxx designates 12.34.56.78 as permitted sender)

This took me a day, hope it will help someone.