Regigate appliance tech

From regify WIKI
Jump to: navigation, search

Debugging regigate

Set regigate debug level in HA mode

$ vim /d1/etc/rfmilter/route-1/conf.json

Change "logLevel" to be "verb" instead of "info" and save. Now restart rfmilter using

$ svc -t /service/rfmilter1-1/

You can inspect the log now using:

$ tail -f /d1/log/rfmilter/debug-1.log

Please, don't forget to reset log level to "info" after you fixed your issues.

Set regigate debug level in normal mode

$ vim /etc/rfmilter/route-1/conf.json

Change "logLevel" to be "verb" instead of "info" and save. Now restart rfmilter using

$ svc -t /service/rfmilter-1/

You can inspect the log now using:

$ tail -f /var/log/rfmilter/debug-1.log

Please, don't forget to reset log level to "info" after you fixed your issues.

Test valid provider connection

There are several tests available for you to be executed on regigate:

 $ curl -k https://regify.company.com:9001/
 curl: (7) Failed connect to regify.company.com:9001; No route to host

The above result means, firewall not setup correctly or wrong regigate IP entered at provider, which equals firewall not set up.

 $ curl -k https://regify.company.com:9001/
 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert 

Above you can see an SSL handshake error because of certificate issue. Maybe the cert from regigate needs to get signed again by the regify provider.

As a final test for full functionality, you can do this (for HA mode, you have to replace /etc with /d1/etc):

$ curl -k --key /etc/rfmilter/route-1/client.key -E /etc/rfmilter/route-1/client.crt https://regify.company.com:9001/
{"status":"INVALID","code":2,"desc":"","version":"4.0.10.5814"}

The return of a valid JSON encoded string (even if it says invalid) points you to a working regigate connection.

Updating Rule-Lists automatically

If you created rules that are using lists (eg user-list or domain-list), you may feel the need to write such lists (eg by some LDAP synchronization) and update the regigate lists automatically. It is important that the initial list is generated using the appliance menu (even if empty). Upon this you can update the lists automatically if needed.

The lists are located in the filesystem:

/service/rfmilter-n/rules/ 

or, if using HA mode:

/service/rfmilter[12]-n/rules/

A list is ending with the extension .txt. Please do not touch the automatically generated .cdb files. If you updated such a list file in these folders, the list needs to be compiled (compilation is for better speed and creates the .cdb file).
This is done by restarting the rfmilter service as root:

svc -t /service/rfmilter-n

or, if using HA mode:

svc -t /service/rfmilter[12]-n

If you updated several lists, you may want to restart all rfmilter instances at once by calling:

svc -t /service/rfmilter*

Hint: If an e-mail is sent to regigate in exactly the moment where the rfmilter is not available because of the restart, the sending MTA will get a 4.x.x error (temporary problem). Normally, an MTA then will try it again in a minute and the e-mail(s) will only be a little late.

Generic questions

I can't paste the signed certificate / the rules / user lists?

Please note the following hints in order to paste:

  • If you paste the cert/rules/list and ctrl+d does not work, try pressing the enter key first and then ctrl.d.
  • Be sure to copy directly from PuTTY to the browser window and back.
  • Every intermediate software is not allowed to add other line-breaks. If you need to use an external editor in between, please make sure he is not adding or changing the line-breaks.

How to see the current mail-queues

Simply type

regimailq

This script will show you all messages currently stuck in the queues. The number suffixes match the route ids shown in the appliance menu.

(Available as of regigate appliance V4.1.1 or newer)

regigate appliance diagnostics

If you want the regify support to help you on a specific appliance issue (eg routes and rule configuration), please go to your SSH appliance menu and visit Appliance -> Other Settings -> Support Diagnostics. Please enter an e-mail address as destination. This will send the regigate appliance configuration to the given address. Passwords and sensitive information are not part of this report.