Hints on global deadman alerting methods - kapacitor

Kapacitor configuration file contains following comment in [deadman] section:
# NOTE: for this to be of use you must also globally configure at least one alerting method.
But there is no more hints about how to set this global alerting method. Some alert handlers sections have a global boolean parameter but not the basic or old-school ones like snmp, httppost or even log. Is it not available?
Kapacitor documentation shortly introduces an [Alert] section. Would it be possible to set a global log event handler here?

From my understanding this means that in order to use the global configuration for the [deadman] node, you need to set the default parameters for one of the possible Kapacitor [Alert node] properties (smtp, mqtt, slack, ...)
The list of supported [Alert node] is available in the documentation
This configuration is done in the Kapacitor configuration file.
Here is an example of the email property
[smtp]
# Configure an SMTP email server
# Will use TLS and authentication if possible
# Only necessary for sending emails from alerts.
enabled = true
host = "smtp.host.com"
port = 465
username = "notify#host.com"
password = "password"
# From address for outgoing mail
from = "notify#host.com"
# List of default To addresses.
to = ["dest1#host.com","dest2#host.com"]
# Skip TLS certificate verify when connecting to SMTP server
no-verify = false
# Close idle connections after timeout
idle-timeout = "30s"
# If true the all alerts will be sent via Email
# without explicitly marking them in the TICKscript.
global = false
# Only applies if global is true.
# Sets all alerts in state-changes-only mode,
# meaning alerts will only be sent if the alert state changes.
state-changes-only = false

Related

NGINX: Must change "www-data" user to "pool" user in nginx.conf

it turns out I've no clue what I'm doing. :(
My Goal is to create a separate pool with a custom user to host my site. My web content is placed within "/home/custom_user/www/html" (this is, because it makes it a little bit more easy to configure "vsftp" otherwise I was made to add my custom user to the "www-data" group to be able to upload files into "/var/www/xxx").
My custom pool config looks like:
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = custom_user
group = custom_user
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php/php8.1-fpm-my-app.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = custom_user ; here I tried "www-data" too
listen.group = custom_user ; here I tried "www-data" too
Within my sites config I point to the socket of my app
fastcgi_pass unix:/var/run/php/php8.1-fpm-my-app.sock;
Soo ... long story short: Is it possible to run the main nginx thread under "www-data" user and my custom pool under "custom_user"?
Shall I stop trying to create a custom pool and put all in "/var/www" and try to configure vsftp properly, because I will never ever run a second page on this server?
Thanks, Christian

Airflow- configure smtp with office365 without credentials

When a task/DAG fails I want to send an email to someone, and this does not work. We are using Office365 for this within the organisation and there should not be a need to authenticate with credentials user or password, as it is not done in other running projects. We are using the latest Airflow version released: 2.1.4
I have tried with the configuration in airflow config:
[email]
email_backend = airflow.utils.email.send_email_smtp
email_conn_id = smtp_default
default_email_on_retry = True
default_email_on_failure = True
[smtp]
smtp_host = <the smtp host(Office365)>
smtp_starttls = True
smtp_ssl = False
smtp_port = 25
smtp_mail_from = <the from email>
smtp_timeout = 30
smtp_retry_limit = 5
As I try this I get the following error in the airflow log when a task fails:
WARNING - section/key [smtp/smtp_user] not found in config
...
ERROR - Failed to send email to: ['<my email>']
Therefore I suppose I need to have a user if I use these options in the config.
There is also this information in the log:
PendingDeprecationWarning: Fetching SMTP credentials from configuration variables will be deprecated in a future release. Please set credentials using a connection instead.
I have been looking at this airflow documentation:
https://airflow.apache.org/docs/apache-airflow/stable/howto/email-config.html
But it does not help me to understand how I should set up a connection to our smtp-server that is with Office365. The problem is as well that I don't have a user or password. I could possibly get them, but as it works without them in other running projects I am looking to do something similar.
Does anybody have some guidance in this matter?
Thank you
I have two client setup SMTP with authorizaiton, just setup as manual then work. My new client, their mail relay have no need to authenticate with user or password, I just config empty string as folow then works.
It will left PendingDeprecationWarning in log.
[smtp]
...
smtp_starttls = False
smtp_ssl = False
smtp_user =
smtp_password =

Adding custom headers to exim4

Im trying to add custom headers to my Exim4 config for all my emails to show up in CloudWatch. To get it working i updated the config with below:
.ifdef DCconfig_smarthost DCconfig_satellite
# configtype=smarthost or configtype=satellite
#
# Send all non-local mail to a single other machine (smarthost).
#
# This means _ALL_ non-local mail goes to the smarthost. This will most
# probably not do what you want for domains that are listed in
# relay_domains. The most typical use for relay_domains is to control
# relaying for incoming e-mail on secondary MX hosts. In that case,
# it doesn't make sense to send the mail to the smarthost since the
# smarthost will probably send the message right back here, causing a
# loop.
#
# If you want to use a smarthost while being secondary MX for some
# domains, you'll need to copy the dnslookup_relay_to_domains router
# here so that mail to relay_domains is handled separately.
smarthost:
debug_print = "R: smarthost for $local_part#$domain"
driver = manualroute
headers_add = X-SES-CONFIGURATION-SET: CloudWatch
headers_add = X-SES-MESSAGE-TAGS: customer=senet, application=twentyfour
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = ignore
same_domain_copy_routing = yes
no_more
.endif
This actually works well where i updated the debug message on the router and while sending emails from the CLI that specific message was shown.
When i check the exim config exim -bP config i see that also there the info is set properly:
begin routers
smarthost:
debug_print = "R: smarthost for $local_part#$domain"
driver = manualroute
headers_add = X-SES-CONFIGURATION-SET: CloudWatch
headers_add = X-SES-MESSAGE-TAGS: customer=senet, application=twentyfour
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * email-smtp.eu-central-1.amazonaws.com:587 byname
host_find_failed = ignore
same_domain_copy_routing = yes
no_more
COND_LOCAL_SUBMITTER = "${if match_ip{$sender_host_address}{:#[]}{1}{0}}"
The only problem is that i don't see any of these 2 headers in my actual email.
Thanks in advance,
Best,
Pim

How to allow on postfix/iredmail to set arbitrary from header?

I've set up mail server with iRedMail. It should act as an SMTP server for web app. Postfix is restricted only for localhost usage.
Let's assume that I create an account web#example.com.
What I need is to allow set arbitrary from header, e.g. bar#example.com, or even baz#my-second-domain.com
Currently this is rejecting:
postfix/smtpd[7386]: NOQUEUE: reject: RCPT from ***[127.0.0.1]: 550 5.1.0 <notlviv#pb.org.ua>: Sender address rejected: User unknown in virtual mailbox table; from=<notlviv#pb.org.ua> to=<some#email.com> proto=ESMTP helo=<[127.0.0.1]>
How can this be allowed?
Ok, figured out:
smtpd_reject_unlisted_sender = yes # set to no
# Sender restrictions
smtpd_sender_restrictions =
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_unlisted_sender # comment this

Net::SMTPAuthenticationError

I'm trying to set up my rails 4 app so it sends email. Does anyone know why I am getting:
Net::SMTPAuthenticationError
534-5.7.9 Application-specific password required.
??????
I am using devise and have just set up a separate "share" mailer to send email. I've tried going to accounts.google.com/b/0/DisplayUnlockCaptcha as suggested in other responses to questions like this but nothing is changing when I restart the server and try to send an email as a user.
any ideas? Cheers!
config/environments/development.rb:
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# In the development environment your application's code is reloaded on
# every request. This slows down response time but is perfect for development
# since you don't have to restart the web server when you make code changes.
config.cache_classes = false
# Do not eager load code on boot.
config.eager_load = false
# Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
# Don't care if the mailer can't send.
# config.action_mailer.raise_delivery_errors = true
config.action_mailer.delivery_method = :smtp
# Gmail SMTP server setup
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:domain => "mail.google.com",
:port => 587,
:authentication => :plain,
:user_name => "myrealaddress#gmail.com",
:password => "myrealpassword",
:enable_starttls_auto => true
}
# Print deprecation notices to the Rails logger.
config.active_support.deprecation = :log
# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = :page_load
# Debug mode disables concatenation and preprocessing of assets.
# This option may cause significant delays in view rendering with a large
# number of complex assets.
config.assets.debug = true
# Adds additional error checking when serving assets at runtime.
# Checks for improperly declared sprockets dependencies.
# Raises helpful error messages.
config.assets.raise_runtime_errors = true
# Raises error for missing translations
# config.action_view.raise_on_missing_translations = true
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
# false prevents mail from being sent in development environment
config.action_mailer.perform_deliveries = true
end
mailer/share:
class Share < ActionMailer::Base
default_url_options[:host] = "localhost:3000"
default from: "myrealaddress#gmail.com"
def profile(profile, destination)
#profile = profile
mail(to: destination, subject: "sent you stuff")
end
end
The error is because two-factor authentication is enabled for your account. All you need to do to use a gmail account with two-factor authentication enabled is generate a new app password to use with your mailer configuration.
A new app password for gmail can be generated here - https://security.google.com/settings/security/apppasswords.
When generating a new password choose Mail for the Select App setting and Other(Custom name) for the Select Device setting.
Once you have the new password update your mailer configuration with the random string that Google generates for you and you should be set.