After upgrading my home NAS server, reinstalling FreeBSD and changing a bit the configuration of my services running on this machine, I wanted to reconfigure my notification system to receive periodic emails about the status of zfs, security, and so on. So, here is just a quick tutorial how to configure smartd, zfs-periodic (to take zfs snapshots hourly/daily/...) and OpenSMTPD to forward all the emails which are sent to the local "root" account to my gmail email address.
- FreeBSD 10.3
# uname -a FreeBSD nas.home 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016 firstname.lastname@example.org:/usr/obj/usr/src/sys/GENERIC amd64
# pkg install smartmontools
- enable it at boot time (you can also use
sysrccommand to edit your
# echo 'smartd_enable="YES"' >> /etc/rc.conf
- we need to create the config file
# cp /usr/local/etc/smartd.conf.sample /usr/local/etc/smartd.conf
- and activate the daily check (you can find your devices using
# echo 'daily_status_smart_devices="/dev/ada0 /dev/ada1 /dev/ada2 /dev/ada3 /dev/ada4”' >> /etc/periodic.conf
ZFS snapshot automation tools
There are different packages which can work for you, for example:
sysutils/zfstools. But I am using since 2009
sysutils/zfs-periodic and was working really nice for me so I don't see any point to change it.
- install the package
# pkg install zfs-periodic
- add to /etc/periodic.conf
hourly_output="root" hourly_show_success="NO" hourly_show_info="YES" hourly_show_badconfig="NO" hourly_zfs_snapshot_enable="YES" hourly_zfs_snapshot_pools="YOUR-POOL-NAME" hourly_zfs_snapshot_keep=4 daily_zfs_snapshot_enable="YES" daily_zfs_snapshot_pools="YOUR-POOL-NAME" daily_zfs_snapshot_keep=7 weekly_zfs_snapshot_enable="YES" weekly_zfs_snapshot_pools="YOUR-POOL-NAME" weekly_zfs_snapshot_keep=5 monthly_zfs_snapshot_enable="YES" monthly_zfs_snapshot_pools="YOUR-POOL-NAME" monthly_zfs_snapshot_keep=2
This configuration should be enough and should work, is really simple, but here are some additional things I added to my
/etc/periodic.conf file (for next entries you don't need
zfs-periodic to be installed, they are part of FreeBSD):
# check ZFS daily_status_zfs_enable="YES" # list ZFS pools daily_status_zfs_zpool_list_enable="YES" # enable daily ZFS scrub daily_scrub_zfs_enable="YES" # empty string selects all pools daily_scrub_zfs_pools="POOL1 POOL2" # days between scrubs daily_scrub_zfs_default_threshold=“7" # check ports for security issues daily_status_security_portaudit_enable="YES"
There are many useful things which you can add, for more check
Now, all these notifications from
periodic will be emailed to the local root account. I prefer to have them forwarded to my gmail account. So here is how I did it. I used OpenSMTPD which is an implementation of the server-side SMTP protocol. Yes, Sendmail is coming as default with FreeBSD but I disabled it. I used it for many years, some years ago, but these days I prefer to work with Postfix.
- first we need to stop the sendmail service which is running by default
# service sendmail stop Stopping sendmail. Waiting for PIDS: 741. sendmail_submit not running? (check /var/run/sendmail.pid). Stopping sendmail_msp_queue. Waiting for PIDS: 744.
- and disable sendmail at boot (we don't want it to run again after a restart). Add to your
# Disable Sendmail MTA sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO"
- let's install the OpenSMTPD package
# pkg install opensmtpd New packages to be INSTALLED: opensmtpd: 5.9.2p1_1,1 [...SKIP...] If you are upgrading from OpenSMTPD version 5.7.3 or earlier, please follow the procedure below to update the permissions on the OpenSMTPD spool directories: 1. Stop 'smtpd' service: # /usr/local/sbin/smtpctl stop 2. Update permissions: # chown -R _smtpq:wheel /var/spool/smtpd/corrupt # chown -R root:_smtpq /var/spool/smtpd/offline # chown -R _smtpq:wheel /var/spool/smtpd/purge # chown -R _smtpq:wheel /var/spool/smtpd/queue # chown -R _smtpq:wheel /var/spool/smtpd/temporary # chmod -R 770 /var/spool/smtpd/offline # chmod -R 700 /var/spool/smtpd/purge 3. Start 'smtpd' service: # service smtpd start
We don’t upgrade a previous installed version so we can just ignore the above message
- enable it at boot (add to
# OpenSMTPD smtpd_enable="YES"
Let’s try to configure OpenSMTPD.
# cp /etc/mail/aliases /usr/local/etc/mail/aliases
- uncomment the root line in
/usr/local/etc/mail/aliasesto have it like this
# Pretty much everything else in this file points to "root", so # you would do well in either reading root's mailbox or forwarding # root's email from here. root: GMAIL-USERNAME@gmail.com
- create a "secrets" file in
/usr/local/etc/mail/with the content
- now we have to generate the aliases and secrets db to be used in opensmtpd config file:
# cd /usr/local/etc/mail/ # /usr/local/libexec/opensmtpd/makemap aliases # /usr/local/libexec/opensmtpd/makemap secrets
- let’s see if the db files were created:
# pwd /usr/local/etc/mail # ls -ltr *.db -rw-r--r-- 1 root wheel 131072 Jul 16 19:36 secrets.db -rw-r--r-- 1 root wheel 131072 Jul 16 19:37 aliases.db
- now we need a config file for opensmtpd
/usr/local/etc/mail/smtpd.conf. Here is the content
listen on 127.0.0.1 table aliases db:/usr/local/etc/mail/aliases.db table secrets db:/usr/local/etc/mail/secrets.db accept for local alias <aliases> deliver to mbox accept for any relay via tls+auth://email@example.com:587 auth <secrets> as GMAIL-USER@gmail.com
- let’s start once OpenSMTPD (we already added it to
/etc/rc.confto start automatically after restart)
# service smtpd start Performing sanity check on smtpd configuration: configuration OK Starting smtpd.
- check to see if the service is listening to port 25
# netstat -an | grep LIST tcp4 0 0 127.0.0.1.25 *.* LISTEN tcp6 0 0 ::1.25 *.* LISTEN
- now, let’s send a test email to local root account to see if it will be forwarded to my gmail email address: GMAIL-USER@gmail.com
# echo "This is a test" | mail -s "Testing OpenSTPD" root
- if we check the log files, we will see that the email was sent, indeed
# tail -f /var/log/maillog Jul 16 19:41:21 nas smtpd: smtp-in: Closing session 67c64e075759c7af Jul 16 19:41:21 nas smtpd: smtp-out: Connecting to tls://74.125.136.xxx:587 (ea-in-f109.1exxx.net) on session 67c64e105d261179... Jul 16 19:41:21 nas smtpd: smtp-out: Connected on session 67c64e105d261179 Jul 16 19:41:22 nas smtpd: smtp-out: Started TLS on session 67c64e105d261179: version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 Jul 16 19:41:22 nas smtpd: smtp-out: Server certificate verification succeeded on session 67c64e105d261179 Jul 16 19:41:23 nas smtpd: relay: Ok for d7ace5ca896de069: session=67c64e105d261179, from=<GMAIL-USER@gmail.com>, to=<GMAIL-USER@gmail.com>, rcpt=<firstname.lastname@example.org>, source=192.168.0.20, relay=126.96.36.199 (ea-in-f109.1exxx.net), delay=2s, stat=250 2.0.0 OK 1468698419 z5sm4117476wme.5 - gsmtp Jul 16 19:41:33 nas smtpd: smtp-out: Closing session 67c64e105d261179: 1 message sent.
It seems that everything is working, so we are done!!!