Smartmontools, ZFS Snapshots with zfs-periodic and OpenSMTPD on FreeBSD 10.3 NAS

Sat 16 July 2016

After upgrading my home NAS server, reinstalling FreeBSD and changing a bit the configuration of my services running on this machine, I wanted to reconfigure my notification system to receive periodic emails about the status of zfs, security, and so on. So, here is just a quick tutorial how to configure smartd, zfs-periodic (to take zfs snapshots hourly/daily/...) and OpenSMTPD to forward all the emails which are sent to the local "root" account to my gmail email address.

  • FreeBSD 10.3
# uname -a
FreeBSD nas.home 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
  • install Smartmontools package
# pkg install smartmontools
  • enable it at boot time (you can also use sysrc command to edit your rc.conf file)
# echo 'smartd_enable="YES"' >> /etc/rc.conf
  • we need to create the config file
# cp /usr/local/etc/smartd.conf.sample /usr/local/etc/smartd.conf
  • and activate the daily check (you can find your devices using dmesg)
# echo 'daily_status_smart_devices="/dev/ada0 /dev/ada1 /dev/ada2 /dev/ada3 /dev/ada4”' >> /etc/periodic.conf

ZFS snapshot automation tools

There are different packages which can work for you, for example: sysutils/zfs-snapshot-mgmt, sysutils/zfsnap, sysutils/zfstools. But I am using since 2009 sysutils/zfs-periodic and was working really nice for me so I don't see any point to change it.

  • install the package
# pkg install zfs-periodic
  • add to /etc/periodic.conf
hourly_output="root"
hourly_show_success="NO"
hourly_show_info="YES"
hourly_show_badconfig="NO"
hourly_zfs_snapshot_enable="YES"
hourly_zfs_snapshot_pools="YOUR-POOL-NAME"
hourly_zfs_snapshot_keep=4
daily_zfs_snapshot_enable="YES"
daily_zfs_snapshot_pools="YOUR-POOL-NAME"
daily_zfs_snapshot_keep=7
weekly_zfs_snapshot_enable="YES"
weekly_zfs_snapshot_pools="YOUR-POOL-NAME"
weekly_zfs_snapshot_keep=5
monthly_zfs_snapshot_enable="YES"
monthly_zfs_snapshot_pools="YOUR-POOL-NAME"
monthly_zfs_snapshot_keep=2

This configuration should be enough and should work, is really simple, but here are some additional things I added to my /etc/periodic.conf file (for next entries you don't need zfs-periodic to be installed, they are part of FreeBSD):

# check ZFS
daily_status_zfs_enable="YES"
# list ZFS pools
daily_status_zfs_zpool_list_enable="YES"
# enable daily ZFS scrub
daily_scrub_zfs_enable="YES"
# empty string selects all pools
daily_scrub_zfs_pools="POOL1 POOL2"
# days between scrubs
daily_scrub_zfs_default_threshold=“7"
# check ports for security issues
daily_status_security_portaudit_enable="YES"

There are many useful things which you can add, for more check /etc/default/periodic.conf file.

Now, all these notifications from periodic will be emailed to the local root account. I prefer to have them forwarded to my gmail account. So here is how I did it. I used OpenSMTPD which is an implementation of the server-side SMTP protocol. Yes, Sendmail is coming as default with FreeBSD but I disabled it. I used it for many years, some years ago, but these days I prefer to work with Postfix.

  • first we need to stop the sendmail service which is running by default
# service sendmail stop
Stopping sendmail.
Waiting for PIDS: 741.
sendmail_submit not running? (check /var/run/sendmail.pid).
Stopping sendmail_msp_queue.
Waiting for PIDS: 744.
  • and disable sendmail at boot (we don't want it to run again after a restart). Add to your /etc/rc.conf
# Disable Sendmail MTA
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
  • let's install the OpenSMTPD package
# pkg install opensmtpd
New packages to be INSTALLED:
    opensmtpd: 5.9.2p1_1,1

    [...SKIP...]

    If you are upgrading from OpenSMTPD version 5.7.3 or earlier, please
    follow the procedure below to update the permissions on the OpenSMTPD
    spool directories:

      1. Stop 'smtpd' service:

         # /usr/local/sbin/smtpctl stop

      2. Update permissions:

         # chown -R _smtpq:wheel /var/spool/smtpd/corrupt
         # chown -R root:_smtpq /var/spool/smtpd/offline
         # chown -R _smtpq:wheel /var/spool/smtpd/purge
         # chown -R _smtpq:wheel /var/spool/smtpd/queue
         # chown -R _smtpq:wheel /var/spool/smtpd/temporary
         # chmod -R 770 /var/spool/smtpd/offline
         # chmod -R 700 /var/spool/smtpd/purge

      3. Start 'smtpd' service:

         # service smtpd start

We don’t upgrade a previous installed version so we can just ignore the above message

  • enable it at boot (add to /etc/rc.conf)
# OpenSMTPD
smtpd_enable="YES"

Let’s try to configure OpenSMTPD.

# cp /etc/mail/aliases /usr/local/etc/mail/aliases
  • uncomment the root line in /usr/local/etc/mail/aliases to have it like this
# Pretty much everything else in this file points to "root", so
# you would do well in either reading root's mailbox or forwarding
# root's email from here.

 root:  GMAIL-USERNAME@gmail.com
  • create a "secrets" file in /usr/local/etc/mail/ with the content
credentials GMAIL-USERNAME:GMAIL-PASSWORD
  • now we have to generate the aliases and secrets db to be used in opensmtpd config file:
# cd /usr/local/etc/mail/
# /usr/local/libexec/opensmtpd/makemap aliases
# /usr/local/libexec/opensmtpd/makemap secrets
  • let’s see if the db files were created:
# pwd
/usr/local/etc/mail
# ls -ltr *.db
-rw-r--r--  1 root  wheel  131072 Jul 16 19:36 secrets.db
-rw-r--r--  1 root  wheel  131072 Jul 16 19:37 aliases.db
  • now we need a config file for opensmtpd /usr/local/etc/mail/smtpd.conf. Here is the content
listen on 127.0.0.1

table aliases db:/usr/local/etc/mail/aliases.db
table secrets db:/usr/local/etc/mail/secrets.db

accept for local alias <aliases> deliver to mbox

accept for any relay via tls+auth://credentials@smtp.gmail.com:587 auth <secrets> as GMAIL-USER@gmail.com
  • let’s start once OpenSMTPD (we already added it to /etc/rc.conf to start automatically after restart)
# service smtpd start
Performing sanity check on smtpd configuration:
configuration OK
Starting smtpd.
  • check to see if the service is listening to port 25
# netstat -an | grep LIST
tcp4       0      0 127.0.0.1.25           *.*                    LISTEN
tcp6       0      0 ::1.25                 *.*                    LISTEN
  • now, let’s send a test email to local root account to see if it will be forwarded to my gmail email address: GMAIL-USER@gmail.com
# echo "This is a test" | mail -s "Testing OpenSTPD" root
  • if we check the log files, we will see that the email was sent, indeed
# tail -f /var/log/maillog
Jul 16 19:41:21 nas smtpd[78403]: smtp-in: Closing session 67c64e075759c7af
Jul 16 19:41:21 nas smtpd[78403]: smtp-out: Connecting to tls://74.125.136.xxx:587 (ea-in-f109.1exxx.net) on session 67c64e105d261179...
Jul 16 19:41:21 nas smtpd[78403]: smtp-out: Connected on session 67c64e105d261179
Jul 16 19:41:22 nas smtpd[78403]: smtp-out: Started TLS on session 67c64e105d261179: version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
Jul 16 19:41:22 nas smtpd[78403]: smtp-out: Server certificate verification succeeded on session 67c64e105d261179
Jul 16 19:41:23 nas smtpd[78403]: relay: Ok for d7ace5ca896de069: session=67c64e105d261179, from=<GMAIL-USER@gmail.com>, to=<GMAIL-USER@gmail.com>, rcpt=<root@nas.home>, source=192.168.0.20, relay=74.125.136.109 (ea-in-f109.1exxx.net), delay=2s, stat=250 2.0.0 OK 1468698419 z5sm4117476wme.5 - gsmtp
Jul 16 19:41:33 nas smtpd[78403]: smtp-out: Closing session 67c64e105d261179: 1 message sent.

It seems that everything is working, so we are done!!!