Jakub Lucký's questions

Atualizei meu servidor Debian (de bullseye para bookworm), hospedado na Hetzner. Eu uso o Storage Box + borg como um meio de backup. No entanto, desde a atualização, todas as minhas tentativas de execução borgterminam com Connection timed out. Não sei como me recuperar disso.

Mudança de versão do borg: 1.1.16-3 -> 1.2.4-1 (nota: este é o versionamento do Debian, mas deve corresponder às versões reais do borg

Script chamado (resumido):

BACKUP_DIR=/mnt/backup/mysql
export BORG_REPO=ssh://[email protected]:23/./my-dir
export BORG_PASSPHRASE='mysecurepassphrase'

borg create                         \
--stats                         \
--list                          \
--show-rc                       \
--compression lz4               \
 ::'{hostname}-db-{now}'        \
 $BACKUP_DIR 

saída conforme fornecida quando executada com--debug

Sun Feb 25 07:53:31 PM CET 2024 Starting backup

using builtin fallback logging configuration
33 self tests completed in 0.05 seconds
SSH command line: ['ssh', '-p', '23', '[email protected]', 'borg-1.2', 'serve', '--debug']
Remote: ssh: connect to host XYZ.your-storagebox.de port 23: Connection timed out
Connection closed by remote host. Is borg working on the server?
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/borg/archiver.py", line 5213, in main
    exit_code = archiver.run(args)
                ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/borg/archiver.py", line 5144, in run
    return set_ec(func(args))
                  ^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/borg/archiver.py", line 161, in wrapper
    repository = RemoteRepository(location.omit_archive(), create=create, exclusive=argument(args, exclusive),
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/borg/remote.py", line 578, in __init__
    raise ConnectionClosedWithHint('Is borg working on the server?') from None
borg.remote.ConnectionClosedWithHint: Connection closed by remote host. Is borg working on the server?

Platform: Linux ABC 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
Linux: Unknown Linux
Borg: 1.2.4  Python: CPython 3.11.2 msgpack: 1.0.3 fuse: None [pyfuse3,llfuse]
PID: 42470  CWD: /root
sys.argv: ['/usr/bin/borg', 'create', '--remote-path=borg-1.2', '--debug', '--progress', '--stats', '--list', '--show-rc', '--compression', 'lz4', '::{hostname}-db-{now}', 'my-dir']
SSH_ORIGINAL_COMMAND: None

terminating with error status, rc 2

Nota importante: A caixa de armazenamento está disponível, pois posso fazer backup de outra máquina nela (através do borg)

Recentemente, adicionei spamassassin ao meu servidor de e-mail, pois as listas negras não eram suficientemente eficazes.

Para esclarecer: eu uso Postfix como SMTP + Dovecot como LDA, postgrey para lista cinza e postfwd para limitação de taxa.

Para adicionar Spamassassin, eu uso o guia: https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassassin Mesmo que funcione, Não vejo por que isso acontece. O que me incomoda é o master.cf:

smtp       inet  n       -       y       -       -       smtpd
-o content_filter=spamassassin

dovecot unix    -       n       n       -       -      pipe
  flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension}

spamassassin unix -     n       n       -       -       pipe
user=debian-spamd argv=/usr/bin/spamc -f -e  
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

Não entendo por que de repente o sendmail está envolvido. Existe uma maneira de configurar isso mais corretamente?

Aqui também está o meu postconf -ncaso seja necessário.

append_at_myorigin = yes
biff = no
broken_sasl_auth_clients = yes
default_destination_concurrency_limit = 1
delay_warning_time = 8h
disable_vrfy_command = yes
dovecot_destination_concurrency_limit = 1
dovecot_destination_recipient_limit = 1
enable_original_recipient = yes
local_destination_concurrency_limit = 1
mailbox_size_limit = 100000000
maximal_queue_lifetime = 6d
message_size_limit = 52428800
myhostname = REDACTED
myorigin = /etc/mailname
smtp_helo_name = REDACTED
smtp_use_tls = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_delay_reject = no
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040 permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = REDACTED
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain
smtpd_soft_error_limit = 5
smtpd_tls_cert_file = REDACTED
smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = REDACTED
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_transport = dovecot