Shortly after midnight tonight I am going to reboot servers for a kernel upgrade. I keep hoping they’ll fix the Ethernet drivers but not exactly holding my breath.
The issues with SSL on the mail server have been fixed. It was caused by the new certificate ca-bundle file only having the intermediate files in it while last years had our site certificate followed by the intermediates. I had to cat both files together into a third which made dovecot and postfix happy. The web server was unaffected by this because it’s configuration includes both files so all of the necessary certificates were available to it.
I am having problems with our new Comodo certificate. It works fine with Apache web server but with the Dovecot mail server it is telling me the key does not match the cert but it does, I have verified this.
I am thinking the software is too outdated and I am trying to build the new openssl and dovecot for this machine. To put it mildly it is giving me fits. If mail does not work, please try to use webmail https://www.eskimo.com/mail or login to a shell server and use alpine configured to talk to local spool.
I am working hard to resolve this but running into numerous problems. I want to get the latest openssl in place which has support for elliptical curve cryptography, this will become important as quantum computers become more robust and we learn how to program them. But it will not find one of the shared libraries even though it is there and included in the path. Argh!
Anyway I’m working hard to resolve.
I’m going to be working on mail for a little bit to replace encryption certificates because the old is expiring today. There may be times when encryption does not work temporarily.
Turns out Thunderbird is broken. For some reason TLS does not work in the current Thunderbird either with our mail server or Googles IMAP, but STARTTLS does. Investigating further.
I broke our client mail server trying to install new SSL certificates. I do not know why yet but am restoring the previous configuration. Unfortunately this needs to be resolved soon or our old certificate expires in a couple of days. I am restoring the unbroken configuration from backup and then will try changing one thing at a time until I figure out what went wrong.
I did an sa-update -D which tells spamassassin to re-upload the default ruleset and then I restarted it. After doing this spamassassin begin scoring spam again properly.
All I can figure is a cron-scheduled sa-update downloaded a broken set of rules.
A recent Microcode update for Intel CPUs basically turned our i7-6850k into an i7-6850 (locked multiplier) reducing the speed of the CPU substantially.
This platform does not require the Linux Microcode anyway as the Microcode provided by the BIOS is already not vulnerable to meltdown and spectre exploits.
In order to restore full operating speed a reboot is necessary to back out this microcode upgrade. This machine provides the /home directory for all machines here and also the following shell servers: centos7, fedora, mint, opensuse, scientific, and ubuntu, as well as our web server.
Anyone logged into those shell servers will be disconnected as they reboot and any home directory I/O will freeze for several minutes on all the other machines.
This work is scheduled for 1AM and should conclude by 1:15AM if all goes according to plan.
Ubuntu.eskimo.com is restored to service.
Ubuntu is back up but it is up as 17.10. I am presently applying updates to bring it current then will upgrade to 18.04. This will require several reboots along the way so please do not use this machine unless you’re okay with being disconnected without warning for update reboots.