This section describes the Halon programs. These are:
- smtpd which is main SMTP server process, and what runs the connect, HELO, AUTH, MAIL, RCPT, EOD, pre- and post delivery script hooks.
- rated that manages operations from the rate() function and synchronise this information in the cluster.
- httprd that processes background requests from the http() function.
- dlpd that scans a message file for content patterns, file types, and such.
- hsh that can be used to run standard library functions.
5.2.1. Default paths¶
Each of the programs have default paths for configurations, Unix domain sockets, temporary directories, and the queue. Those are specified in the JSON schemas, but repeated below for your convenience.
smtpd loads its startup configuration from /etc/halon/smtpd.yaml, which have the following defaults:
||/etc/halon/smtpd-policy.yaml||Active queue policies|
||/etc/halon/smtpd-suspend.yaml||Active queue suspends|
||/etc/halon/smtpd-delivery.yaml||Active queue delivery settings|
||Used by DMARC functions|
rated loads its startup configuration from /etc/halon/rated.yaml, which have the following defaults:
httprd loads its startup configuration from /etc/halon/httprd.yaml, which have the following defaults:
dlpd loads its startup configuration from /etc/halon/dlpd.yaml, which have the following defaults:
5.2.2. File permissions¶
Each of the programs are compiled with default paths for Unix domain sockets, temporary directories, and the queue.
The permissions and user/group settings need to be configured however, but the default configuration files comes
with recommended settings as you can see in the /opt/halon/examples directory. This default configuration gives
users of group
staff the privilege of administration via the control sockets.
Below is a description of why those permissions were chosen:
- smtpd runs as user “halon” with umask 0027. This leaves messages on disk with read/write for user “halon”, and read for group “halon”. The control socket is owned by group “staff” with chmod 0660 which makes it read/writeable by both “staff”.
- rated runs as “nobody”, and its IPC socket is owned by user/group “halon” with chmod 0660 so that smtpd and queued can communicate with it. Like the other two above, its control socket is owned by group “staff” with chmod 0660.
- httprd also runs as “nobody”, and its IPC socket is also owned by user/group “halon” with chmod 0660. It doesn’t have a control socket.
- dlpd runs as “halon” with umask 0027 so that it can read the message files and write extracted message parts. Its IPC socket is owned by user/group “halon” with chmod 0600 so that smtpd can communicate with it. Like the others, its control socket is owned by group “staff” with chmod 0660.
This section describes various ways of troubleshooting.
220.127.116.11. Startup errors¶
If the program doesn’t start, this is usually due to an erroneous configuration change. To avoid this, checking the script and configuration with halonconfig (and doing a test deploy with live stage) before configuration deployment is recommended. Certain types of errors can however not be detected by the syntax checker. By default, errors are logged to syslog (which with systemd is managed by journald):
# journalctl -xe -u halon-smtpd ... Dec 12 03:12:47 mta1 smtpd: - listen on 192.0.2.5:25 Dec 12 03:12:47 mta1 smtpd: Could not load configuration: bind: Cannot assign requested address ...
If you want to see statup errors directly on the console you can start smtpd in the foreground:
# LD_LIBRARY_PATH=/opt/halon/lib /opt/halon/sbin/smtpd -f smtpd: Starting Halon (5.3.0) smtpd: serverid: inbound smtpd: - listen on 192.0.2.5:25 smtpd: Could not load configuration: bind: Cannot assign requested address