diff --git a/docs/debug-asan_rspamd.md b/docs/debug-asan_rspamd.md new file mode 100644 index 000000000..6ef6673d2 --- /dev/null +++ b/docs/debug-asan_rspamd.md @@ -0,0 +1,27 @@ +A quick guide to deeply a malfunctioning Rspamd. + +``` +docker-compose exec rspamd-mailcow bash + +if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then + sed -i 's/apt-stable/apt-stable-asan/i' /etc/apt/sources.list.d/rspamd.list +fi + +apt-get update ; apt-get upgrade rspamd + +nano /docker-entrypoint.sh + +# Before "exec "$@"" add the following lines: + +export G_SLICE=always-malloc +export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0 + +``` + +Restart Rspamd: `docker-compose restart rspamd-mailcow` + +Your memory consumption will increase by a lot, it will also steadily grow, which is not related to a possible memory leak you are looking for. + +Leave the container running for a few minutes, hours or days (it should match the time you usually wait for the leak to "happen") and restart it: `docker-compose restart rspamd-mailcow`. + +Now enter the container by running `docker-compose exec rspamd-mailcow bash`, change the directory to /tmp and copy the asan Files to your desired location or upload them via termbin.com (`cat /tmp/rspamd-asan.* | nc termbin.com 9999`). diff --git a/docs/debug-reset_tls.md b/docs/debug-reset_tls.md new file mode 100644 index 000000000..b2584e0f4 --- /dev/null +++ b/docs/debug-reset_tls.md @@ -0,0 +1,17 @@ +In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets: + +``` +source mailcow.conf +docker-compose down +rm -rf data/assets/ssl +mkdir data/assets/ssl +openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes +cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ +docker-compose up -d +``` + +This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow. + +If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later. + +Please also note that previous TLSA records will be invalid. diff --git a/mkdocs.yml b/mkdocs.yml index 0f209a0bf..6e91ac88b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -57,7 +57,8 @@ nav: - 'Remove Persistent Data': 'debug-rm_volumes.md' - 'Common Problems': 'debug-common_problems.md' - 'Admin login to SOGo': 'debug-admin_login_sogo.md' - - 'Reset TLS certificates': 'debug-reset-tls.md' + - 'Reset TLS certificates': 'debug-reset_tls.md' + - 'Advanced: Find memory leaks in Rspamd': 'debug-asan_rspamd.md' - 'Backup & Restore': - 'Helper script': - 'Backup': 'b_n_r_backup.md'