Feedback on first Debian 12 test

Nico94 · June 28, 2023, 11:15am

SYSTEM INFORMATION
OS type and version	Debian Linux 12
Webmin version	2.021
Usermin version	1.861
Virtualmin version	7.7
Theme version	20.21
Package updates	All installed packages are up to date

Hi guys,

I noticed that the install script on GitHut https://raw.githubusercontent.com/virtualmin/virtualmin-install/master/virtualmin-install.sh can from now on be run on Debian 12 systems. Cool, thanks!

So I tested it on a fresh Debian 12 install. The install script runs without errors, as well as the Post-Installation Wizard and the Check Configuration process.

Still, there seems to be some troubles with spamassassin. Webmin’s module shows the following error:

**Warning!** SpamAssassin does not appear to be set up in the system's Procmail configuration file /etc/procmailrc, so any configuration done using this module will have no effect unless users have it set up individually.

And it is impossible to make any change there without getting this error:

### Failed to apply changes : Failed to restart spamassassin.service: Unit spamassassin.service not found.

Witch is confirmed when trying to look at spamassassin’s status in command line:

$ systemctl status spamassassin
Unit spamassassin.service could not be found.

There also seems to be an issue with Fail2Ban. It is not running after installation and refuses to start. There is a warning about ipv6 and an error concerning the postfix-sasl jail not finding its log file:

$ systemctl status fail2ban
× fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2023-06-28 13:06:44 CEST; 5s ago
   Duration: 81ms
       Docs: man:fail2ban(1)
    Process: 42850 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 42850 (code=exited, status=255/EXCEPTION)
        CPU: 66ms

Jun 28 13:06:44 vps.domain.com systemd[1]: Started fail2ban.service - Fail2Ban Service.
Jun 28 13:06:44 vps.domain.com fail2ban-server[42850]: 2023-06-28 13:06:44,688 fail2ban.configreader   [42850]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Jun 28 13:06:44 vps.domain.com fail2ban-server[42850]: 2023-06-28 13:06:44,700 fail2ban                [42850]: ERROR   Failed during configuration: Have not found any log file for postfix-sasl jail
Jun 28 13:06:44 vps.domain.com fail2ban-server[42850]: 2023-06-28 13:06:44,707 fail2ban                [42850]: ERROR   Async configuration of server failed
Jun 28 13:06:44 vps.domain.com systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Jun 28 13:06:44 vps.domain.com systemd[1]: fail2ban.service: Failed with result 'exit-code'

That’s all for now

ID10T · June 28, 2023, 2:45pm

They made changes and no longer install rsyslog by default. Can you check to see if it is added on yours? If not, does it help to add it?

https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#changes-to-system-logging

Nico94 · June 28, 2023, 4:05pm

Confirmed: installing rsyslog + restart Postfix allows fail2ban to start.

Concerning spamassassin, would it be possible that the service “spamassassin” is now called “spamd”? If yes, Webmin’s module should be adapted.

Finally, concerning the error (also in spamassassin’s module):

**Warning!** SpamAssassin does not appear to be set up in the system's Procmail configuration file /etc/procmailrc, so any configuration done using this module will have no effect unless users have it set up individually.

I found that the content of /etc/procmailrc is probably bugged. As described here Spamassassin on fresh install rocky linux - #9 by Jamie I replaced the content of the file, witch was this one:

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
DROPPRIVS=yes
:0
$DEFAULT

By this:

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
EXITCODE=$?
:0
* ?/bin/test "$EXITCODE" = "73"
/dev/null
EXITCODE=0
:0
* ?/bin/test "$VIRTUALMIN" != ""
{
INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
}
ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
DROPPRIVS=yes
:0
$DEFAULT

And it seems to do the trick.

Joe · June 28, 2023, 4:24pm

You do not need rsyslog.

Nico94 · June 28, 2023, 4:42pm

OK, noted … but:

If so, fail2ban’s configuration needs to be fixed because it looks like it is not working (at least not out of the box).
Is it explicitly recommended not to install it?

Joe · June 28, 2023, 4:54pm

Yeah, Ilia noted that in one of his comments about his testing. It’ll be fixed in virtualmin-config soon.

No, but I don’t install it on my systems. It’s not necessary on a system that logs to the journal. And, journald can log to text logs, and has a syslog interface for apps, so there is no reason to have rsyslog, unless you just prefer it.

I don’t know why fail2ban doesn’t work out of the box. It’s probably bug-like that the Debian package configuration doesn’t set it up so it works for a default system. But, we can fix that kind of config problem in virtualmin-config. It just hasn’t been done yet. (Debian 12 is not a supported distro yet, so it is expected to have problems.)

Jamie · June 29, 2023, 4:12am

Regarding spamassassin vs spamd , what output do you get if you run systemctl is-enabled spamassassin ?

Nico94 · June 29, 2023, 6:20am

$ systemctl status spamassassin
Unit spamassassin.service could not be found.


$ systemctl is-enabled spamassassin
Failed to get unit file state for spamassassin.service: No such file or directory


$ apt install spamassassin
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
spamassassin is already the newest version (4.0.0-6).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


$ systemctl status spamd
* spamd.service - Perl-based spam filter using text analysis
     Loaded: loaded (/lib/systemd/system/spamd.service; enabled; preset: enabled)
     Active: active (running) since Thu 2023-06-29 08:11:56 CEST; 7min ago
   Main PID: 37176 (spamd)
      Tasks: 3 (limit: 4645)
     Memory: 135.0M
        CPU: 1.085s
     CGroup: /system.slice/spamd.service
             |-37176 /usr/bin/perl "-T -w" /usr/sbin/spamd --pidfile=/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir
             |-37469 "spamd child"
             `-37470 "spamd child"

mockingbird · June 30, 2023, 3:54am

With rsyslog removed, I could not get fail2ban to start because of this error:

“Failed during configuration: Have not found any log file for…”

The only way I solved it was by editing jail.local and adding “backend = systemd” to each entry. The backend is already set to auto in jail.conf.

Joe · June 30, 2023, 5:03am

Yeah, that sounds like a bug in the Debian 12 fail2ban package. We’ll fix it in virtualmin-config, when we get time (I should be able to do some development this weekend).

alexp999 · June 30, 2023, 10:02am

It looks like Ilia has been working on it already, I think?

Shirehosting · July 1, 2023, 7:57am

Ilia posted a fix 2 weeks ago for this in the other Deb 12 thread.

Deb 12 is running fine on our test server so far …

system · August 30, 2023, 7:57am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.