By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Linux Provisioning

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Configure AWS SES as relay host in aaPanel

I have a lightsail instance with an Ubuntu 20 installation. I set up aaPanel as the main control panel. Because lightsail instances have locked port 25 for smtp service, I configured AWS SES as mail provider. aaPanel has a tool to configure a relayhost using postfix service. First, I verified my domain with SES by a TXT validation, my domain is properly configured in SES, also I made a test send and it was successful. By the way, my lightsail instance and SES domains are in the same region (us-west-1). Now, on my console, I entered these commands: ``` sudo postconf relayhost=in-v3.mailjet.com:2587 sudo postconf smtp_tls_security_level=encrypt sudo postconf smtp_sasl_auth_enable=yes sudo postconf smtp_sasl_password_maps=hash:/etc/postfix/sasl_password sudo postconf smtp_sasl_securty_options=noanonynous sudo vi /etc/postfix/sasl_password ``` In vi editor, enter this line: email-smtp.us-east-1.amazonaws.com:2587 [api]:[secret] ``` sudo postmap /etc/postfix/sasl_password sudo chown root:root /etc/postfix/sasl_password* sudo chmod 600 /etc/postfix/sasl_password* sudo systemctl restart postfix ``` In lightsail network section, I opened ports 2587, 25, and 465. And with this, I suppose I can send email by relayhost on aaPanel. When I made a test with the mailer tool on aaPanel, this is the log: ``` Jul 22 19:25:48 softnia postfix/qmgr[13083]: E2C8F81CD7: from=<>, size=3462, nrcpt=1 (queue active) Jul 22 19:25:48 softnia postfix/trivial-rewrite[90585]: warning: /etc/postfix/main.cf, line 75: overriding earlier entry: relayhost=email-smtp.us-east-1.amazonaws.com:2587 Jul 22 19:25:48 softnia postfix/trivial-rewrite[90585]: warning: /etc/postfix/main.cf, line 77: overriding earlier entry: smtp_sasl_password_maps=hash:/etc/postfix/sasl_password Jul 22 19:25:48 softnia postfix/lmtp[90586]: warning: /etc/postfix/main.cf, line 75: overriding earlier entry: relayhost=email-smtp.us-east-1.amazonaws.com:2587 Jul 22 19:25:48 softnia postfix/lmtp[90586]: warning: /etc/postfix/main.cf, line 77: overriding earlier entry: smtp_sasl_password_maps=hash:/etc/postfix/sasl_password Jul 22 19:25:48 softnia postfix/bounce[90587]: warning: /etc/postfix/main.cf, line 75: overriding earlier entry: relayhost=email-smtp.us-east-1.amazonaws.com:2587 Jul 22 19:25:48 softnia postfix/bounce[90587]: warning: /etc/postfix/main.cf, line 77: overriding earlier entry: smtp_sasl_password_maps=hash:/etc/postfix/sasl_password Jul 22 19:25:48 softnia postfix/lmtp[90586]: E2C8F81CD7: to=<root@softnia.com>, relay=none, delay=38331, delays=38331/0.01/0/0, dsn=4.4.1, status=deferred (connect to softnia.com[private/dovecot-lmtp]: No such file or directory) ``` This is the postfix configuration file: ``` # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = softnia.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = relayhost = email-smtp.us-east-1.amazonaws.com:2587 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all virtual_mailbox_domains = sqlite:/etc/postfix/sqlite_virtual_domains_maps.cf virtual_alias_maps = sqlite:/etc/postfix/sqlite_virtual_alias_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_catchall_maps.cf virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_mailbox_maps.cf smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_use_tls = yes smtp_tls_security_level = may smtpd_tls_security_level = may virtual_transport = lmtp:unix:private/dovecot-lmtp smtpd_milters = inet:127.0.0.1:11332 non_smtpd_milters = inet:127.0.0.1:11332 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_protocol = 6 milter_default_action = accept message_size_limit = 102400000 recipient_bcc_maps = hash:/etc/postfix/recipient_bcc sender_bcc_maps = hash:/etc/postfix/sender_bcc recipient_bcc_maps = hash:/etc/postfix/recipient_bcc sender_bcc_maps = hash:/etc/postfix/sender_bcc recipient_bcc_maps = hash:/etc/postfix/recipient_bcc sender_bcc_maps = hash:/etc/postfix/sender_bcc recipient_bcc_maps = hash:/etc/postfix/recipient_bcc sender_bcc_maps = hash:/etc/postfix/sender_bcc smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/softnia.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/softnia.com/fullchain.pem tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_password smtp_sasl_securty_options = noanonynous ``` As you can see, my base domain is softnia.com, which is appropriately configurated in lightsail and SES.
1
answers
0
votes
26
views
profile picture
asked 2 months ago

Automatically reboot EC-2 linux servers of a target-group if OS update requires a reboot

We're having some Ubuntu instances that are registered targets of Target Groups behind an Elastic Load Balancer. Also, those servers make use of the "unattended-upgrades" package to install security relevant packages. Some of those newly installed packages require the server to be rebooted. Therefore it sends an email to our System Engineers to let them know. So now, in order to reboot those instances they need to be deregistered from their Target Group, rebooted, and registered again with the Target Group. Those Target Groups have redundant targets - so the missing one target is okay for the time it takes to make it become functional again. So now my actual question. Can this easily be automated or is there some light-weighted solution available? If possible I would like to avoid a "full-blown" fleet management software. However, I can see how it can get complicated fast but still thought to ask. My first thought was some sort of AWS-CLI scripting that unregisters the instance from the target-group and registers itself again after the reboot succeeded. If there are enough other targets available to cover for a few minutes. Or maybe have the instance shut down and let an auto-scaling group boot up a new instance. However, that new instance would need to be updated from the base-image first as well then. Any idea where or what to look for? Thanks, M
1
answers
0
votes
39
views
asked 2 months ago

425 Failed to establish connection. Error EElFTPSError: Invalid server reply

I'm trying to configure a ftp server on a EC2 instance (Amazon Linux 2 AMI). I followed some steps I found online but I getting the following error message: ``` FTP login with username rcmv2 <<< 220 (vsFTPd 3.0.2) >>> USER rcmv2 <<< 331 Please specify the password. >>> PASS *********** <<< 230 Login successful. >>> FEAT <<< 211-Features: EPRT EPSV MDTM PASV REST STREAM SIZE TVFS UTF8 211 End >>> CWD . <<< 250 Directory successfully changed. >>> PWD <<< 257 "/" >>> CWD / <<< 250 Directory successfully changed. >>> PWD <<< 257 "/" Opening directory /... >>> PWD <<< 257 "/" >>> CWD / <<< 250 Directory successfully changed. >>> TYPE A <<< 200 Switching to ASCII mode. >>> PASV <<< 227 Entering Passive Mode (0,0,0,0,4,23). >>> LIST >>> ABOR >>> CWD / <<< 425 Failed to establish connection. Error EElFTPSError: Invalid server reply ``` This is the content of my vsftpd.conf: ``` anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES chroot_local_user=YES allow_writeable_chroot=YES listen=NO listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES userlist_file=/etc/vsftpd/user_list userlist_deny=NO pasv_enable=YES pasv_min_port=1024 pasv_max_port=1048 pasv_address=xx.xxx.xxx.xx user_sub_token=$USER local_root=/home/$USER/ftp ``` These are my EC2 instance inbound rules: ![Enter image description here](https://repost.aws/media/postImages/original/IMuZhiUKKHRtG3STXP8z3JQQ) There are the groups of my ftp user: ``` # groups rcmv2 rcmv2 : rcmv2 root ``` The permissions of the /home/rcmv2/ftp directory: ``` # ls -l total 0 drwxrwxrwx 3 rcmv2 rcmv2 19 Jul 12 10:14 ftp ``` The permissions of the /home/rcmv2/ftp/files directory: ``` # ls -l total 0 drwxrwxrwx 2 rcmv2 rcmv2 6 Jul 12 10:14 files ``` The user 'rcmv2' is included in the '/etc/vsftpd/user_list' file. I think its something related with the permissions. Can someone help me to understand what is wrong?
2
answers
0
votes
35
views
asked 2 months ago