Ciphermail and MariaDB

Bingo, that was it! Thanks Martijn!

~ Laz Peterson
Paravis, LLC
Ph: 951.319.3240 x201

···

On Jul 5, 2015, at 12:49 PM, Martijn Brinkers <martijn(a)ciphermail.com> wrote:

On 07/05/2015 07:51 PM, Laz C. Peterson wrote:

Hello Martijn, thank you for these .deb files. I have set up the
test server and all looks to be running smoothly except for (so far)
one thing I have noticed.

When importing certificates or keys under “Certificates” menu, we are
getting an error that says:

Keys: The private key file could not be imported. Cause:
ClassNotFoundException:
org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi$BCPKCS12KeyStore
Certificates: An unexpected application exception has occurred.
org/bouncycastle/asn1/ANS1InputStream

Could it be that you upgraded an existing server and forgot to restart
tomcat? I just tested it with a fresh installation on Ubuntu 14.04 and
was able to import a p12 (pfx) file without any problem.

Since I am not tossing this into production just yet, I don’t know of
a way to test the certificates/keys automatically importing from
incoming emails. If you have a way to do that without being a live
relay, I would be happy to test.

Also, the /etc/djigzo folder no longer contains the symbolic links to
the CipherMail configuration files. (/etc/djigzo-web is fine.)

This was already changed with the last release (2.10.0-3). I decided
that it was not worth the effort to symlink all config files from /etc/
to the real dir. Some config files were symlinked from /etc/ and some
were not.

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Martijn, we are seeing this in the logs on both servers we set up to use MySQL. Looks like there is one more reference to the PostgreSQL database, yes?

I tried to grep the /usr/share/djigzo folder but did not find that particular reference.

05 Jul 2015 23:27:16 | WARN SQL Error: 1146, SQLState: 42S02 (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | ERROR Table 'djigzo.user' doesn't exist (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Unable to open a stateless session. Database is probably not active. (mitm.common.hibernate.HibernateUtils) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Database is not active. (mitm.application.djigzo.james.smtpserver.CheckDatabaseBlockingRcptCmdHandler) [default Worker #2]

~Laz

···

On 7/4/15 2:27 PM, Martijn Brinkers wrote:

Hi,

It turned out that adding support for MySQL (MariaDB) was more work than
just changing the Hibernate dialect. We had to make sure that the
required changes did not require existing users to update the database.
Modifying all the unit tests to support different databases was also
quite a bit of work. That said, now we have it working for MySQL, in
principle adding support for other database (if ever) is now relative easy.

We have uploaded an RPM which does not depend on Postgres and contains
the required configuration files for MySQL.

The RPMs can be downloaded from

Backend;

http://www.ciphermail.com/downloads/other/djigzo-2.10.3-0.noarch-no-database.rpm

Web GUI:

http://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-0.noarch.rpm

Instructions:

1. Install RPMs

Install the RPMs using the quick install guide
(Quick setup — CipherMail Documentation)

Note: skip the parts about postgres

2. Install and configure MySQL (MariaDB)

Install MySQL

yum -y install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb

max_allowed_packet should be set to a high value (in mysql config)

$ vi /etc/my.cnf.d/server.cnf

Add the following line below [server]

max_allowed_packet = 128M

Note: the max size depends on the largest email, CRL you want to support.

systemctl restart mariadb

3. Create database user and database

mysql -u root

CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo';
CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON djigzo.* TO 'djigzo'@'localhost';

Note 1: The database should be set to UTF8
Note 2: ALL permission should probably be changed to a lower privilege
but we did not yet check what the minimal required privileges are.

4. Import database scheme

$ mysql -u djigzo --password=djigzo djigzo <
/usr/share/djigzo/conf/database/sql/djigzo.mysql.sql

5. Tell CipherMail to use MySQL

$ vi /usr/share/djigzo/wrapper/djigzo.wrapper.conf

Uncomment the line:

wrapper.java.additional.15=-Dciphermail.hibernate.database.type=mysql

6. Restart

/etc/init.d/djigzo restart

Because if licensing issues, we use the JDBC driver from MariaDB
(Download MariaDB Server - MariaDB.org). If you insist on using
the driver from MySQL, you need to remove the MariaDB jdbc driver, add
the MySQL JDBC driver and configure the hibernate config file to use the
MySQL driver.

The RPM is probably not final so it might change. We are thinking of
splitting up the packages (RPM, deb) into a back-end package which does
not automatically configure Postgres and a database specific back-end
package which depends on the main back-end package.

Let me know how it goes.

Kind regards,

Martijn Brinkers

On 06/30/2015 09:37 AM, django(a)nausch.org <mailto:django(a)nausch.org> wrote:

Griasde Martijn!

Quoting "Martijn Brinkers" martijn(a)djigzo.com <mailto:martijn(a)djigzo.com>:

Interesting. Why is Postgres not allowed?

It's a political decision - we can use following prioroties ans databeses:

1st Oracle 12
2nd MariaDB

Anyway, perhaps it's not of legal reasons but some technical reason.

FULLACK

That said, Maria DB is not directly supported but you can see whether
you can make it work with Maria DB.

That's a very good idea If you can tell me technical details about
changing the backend database, I'll do it, test it and give feedback to
you!

The database layer uses Hibernate (which is an ORM library).

My colleague Klaus, my database specialist, assumed, that your are using
Hibernate.

This however has never tested but it you are willing to spend some
time testing it, I can assist you.

Oh yes, I'll make this tests! So please tell me, what I should do!

Thanks for help!!!

Best regards
Django

Yes you are right :frowning:

I'll fix it. The RPMs have the same problem (since they are built from
the same source).

The query is defined in the filw

james-smtphandlerchain.xml

SELECT 1 FROM user

For now you can you try:

SELECT 1 FROM cm_users

I'll see whether I can come up with a solution which does not depend on
the database to use.

I'll probably have a version ready today

Kind regards,

Martijn

···

On 07/06/2015 04:18 PM, Laz C. Peterson wrote:

Martijn, we are seeing this in the logs on both servers we set up to use MySQL. Looks like there is one more reference to the PostgreSQL database, yes?

I tried to grep the /usr/share/djigzo folder but did not find that particular reference.

05 Jul 2015 23:27:16 | WARN SQL Error: 1146, SQLState: 42S02 (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | ERROR Table 'djigzo.user' doesn't exist (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Unable to open a stateless session. Database is probably not active. (mitm.common.hibernate.HibernateUtils) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Database is not active. (mitm.application.djigzo.james.smtpserver.CheckDatabaseBlockingRcptCmdHandler) [default Worker #2]

~Laz

On 7/4/15 2:27 PM, Martijn Brinkers wrote:

Hi,

It turned out that adding support for MySQL (MariaDB) was more work than
just changing the Hibernate dialect. We had to make sure that the
required changes did not require existing users to update the database.
Modifying all the unit tests to support different databases was also
quite a bit of work. That said, now we have it working for MySQL, in
principle adding support for other database (if ever) is now relative easy.

We have uploaded an RPM which does not depend on Postgres and contains
the required configuration files for MySQL.

The RPMs can be downloaded from

Backend;

http://www.ciphermail.com/downloads/other/djigzo-2.10.3-0.noarch-no-database.rpm

Web GUI:

http://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-0.noarch.rpm

Instructions:

1. Install RPMs

Install the RPMs using the quick install guide
(Quick setup — CipherMail Documentation)

Note: skip the parts about postgres

2. Install and configure MySQL (MariaDB)

Install MySQL

yum -y install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb

max_allowed_packet should be set to a high value (in mysql config)

$ vi /etc/my.cnf.d/server.cnf

Add the following line below [server]

max_allowed_packet = 128M

Note: the max size depends on the largest email, CRL you want to support.

systemctl restart mariadb

3. Create database user and database

mysql -u root

CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo';
CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON djigzo.* TO 'djigzo'@'localhost';

Note 1: The database should be set to UTF8
Note 2: ALL permission should probably be changed to a lower privilege
but we did not yet check what the minimal required privileges are.

4. Import database scheme

$ mysql -u djigzo --password=djigzo djigzo <
/usr/share/djigzo/conf/database/sql/djigzo.mysql.sql

5. Tell CipherMail to use MySQL

$ vi /usr/share/djigzo/wrapper/djigzo.wrapper.conf

Uncomment the line:

wrapper.java.additional.15=-Dciphermail.hibernate.database.type=mysql

6. Restart

/etc/init.d/djigzo restart

Because if licensing issues, we use the JDBC driver from MariaDB
(Download MariaDB Server - MariaDB.org). If you insist on using
the driver from MySQL, you need to remove the MariaDB jdbc driver, add
the MySQL JDBC driver and configure the hibernate config file to use the
MySQL driver.

The RPM is probably not final so it might change. We are thinking of
splitting up the packages (RPM, deb) into a back-end package which does
not automatically configure Postgres and a database specific back-end
package which depends on the main back-end package.

Let me know how it goes.

Kind regards,

Martijn Brinkers

On 06/30/2015 09:37 AM, django(a)nausch.org <mailto:django(a)nausch.org> wrote:

Griasde Martijn!

Quoting "Martijn Brinkers" martijn(a)djigzo.com <mailto:martijn(a)djigzo.com>:

Interesting. Why is Postgres not allowed?

It's a political decision - we can use following prioroties ans databeses:

1st Oracle 12
2nd MariaDB

Anyway, perhaps it's not of legal reasons but some technical reason.

FULLACK

That said, Maria DB is not directly supported but you can see whether
you can make it work with Maria DB.

That's a very good idea If you can tell me technical details about
changing the backend database, I'll do it, test it and give feedback to
you!

The database layer uses Hibernate (which is an ORM library).

My colleague Klaus, my database specialist, assumed, that your are using
Hibernate.

This however has never tested but it you are willing to spend some
time testing it, I can assist you.

Oh yes, I'll make this tests! So please tell me, what I should do!

Thanks for help!!!

Best regards
Django

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

Actually can you test it with

SELECT 1

The test is just to test whether the database is active or not. The
result is not important. It's just a test whether the select returns an
error or not.

Kind regards,

Martijn

···

On 07/06/2015 04:28 PM, Martijn Brinkers wrote:

Yes you are right :frowning:

I'll fix it. The RPMs have the same problem (since they are built from
the same source).

The query is defined in the filw

james-smtphandlerchain.xml

SELECT 1 FROM user

For now you can you try:

SELECT 1 FROM cm_users

I'll see whether I can come up with a solution which does not depend on
the database to use.

I'll probably have a version ready today

Kind regards,

Martijn

On 07/06/2015 04:18 PM, Laz C. Peterson wrote:

Martijn, we are seeing this in the logs on both servers we set up to use MySQL. Looks like there is one more reference to the PostgreSQL database, yes?

I tried to grep the /usr/share/djigzo folder but did not find that particular reference.

05 Jul 2015 23:27:16 | WARN SQL Error: 1146, SQLState: 42S02 (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | ERROR Table 'djigzo.user' doesn't exist (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Unable to open a stateless session. Database is probably not active. (mitm.common.hibernate.HibernateUtils) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Database is not active. (mitm.application.djigzo.james.smtpserver.CheckDatabaseBlockingRcptCmdHandler) [default Worker #2]

~Laz

On 7/4/15 2:27 PM, Martijn Brinkers wrote:

Hi,

It turned out that adding support for MySQL (MariaDB) was more work than
just changing the Hibernate dialect. We had to make sure that the
required changes did not require existing users to update the database.
Modifying all the unit tests to support different databases was also
quite a bit of work. That said, now we have it working for MySQL, in
principle adding support for other database (if ever) is now relative easy.

We have uploaded an RPM which does not depend on Postgres and contains
the required configuration files for MySQL.

The RPMs can be downloaded from

Backend;

http://www.ciphermail.com/downloads/other/djigzo-2.10.3-0.noarch-no-database.rpm

Web GUI:

http://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-0.noarch.rpm

Instructions:

1. Install RPMs

Install the RPMs using the quick install guide
(Quick setup — CipherMail Documentation)

Note: skip the parts about postgres

2. Install and configure MySQL (MariaDB)

Install MySQL

yum -y install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb

max_allowed_packet should be set to a high value (in mysql config)

$ vi /etc/my.cnf.d/server.cnf

Add the following line below [server]

max_allowed_packet = 128M

Note: the max size depends on the largest email, CRL you want to support.

systemctl restart mariadb

3. Create database user and database

mysql -u root

CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo';
CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON djigzo.* TO 'djigzo'@'localhost';

Note 1: The database should be set to UTF8
Note 2: ALL permission should probably be changed to a lower privilege
but we did not yet check what the minimal required privileges are.

4. Import database scheme

$ mysql -u djigzo --password=djigzo djigzo <
/usr/share/djigzo/conf/database/sql/djigzo.mysql.sql

5. Tell CipherMail to use MySQL

$ vi /usr/share/djigzo/wrapper/djigzo.wrapper.conf

Uncomment the line:

wrapper.java.additional.15=-Dciphermail.hibernate.database.type=mysql

6. Restart

/etc/init.d/djigzo restart

Because if licensing issues, we use the JDBC driver from MariaDB
(Download MariaDB Server - MariaDB.org). If you insist on using
the driver from MySQL, you need to remove the MariaDB jdbc driver, add
the MySQL JDBC driver and configure the hibernate config file to use the
MySQL driver.

The RPM is probably not final so it might change. We are thinking of
splitting up the packages (RPM, deb) into a back-end package which does
not automatically configure Postgres and a database specific back-end
package which depends on the main back-end package.

Let me know how it goes.

Kind regards,

Martijn Brinkers

On 06/30/2015 09:37 AM, django(a)nausch.org <mailto:django(a)nausch.org> wrote:

Griasde Martijn!

Quoting "Martijn Brinkers" martijn(a)djigzo.com <mailto:martijn(a)djigzo.com>:

Interesting. Why is Postgres not allowed?

It's a political decision - we can use following prioroties ans databeses:

1st Oracle 12
2nd MariaDB

Anyway, perhaps it's not of legal reasons but some technical reason.

FULLACK

That said, Maria DB is not directly supported but you can see whether
you can make it work with Maria DB.

That's a very good idea If you can tell me technical details about
changing the backend database, I'll do it, test it and give feedback to
you!

The database layer uses Hibernate (which is an ORM library).

My colleague Klaus, my database specialist, assumed, that your are using
Hibernate.

This however has never tested but it you are willing to spend some
time testing it, I can assist you.

Oh yes, I'll make this tests! So please tell me, what I should do!

Thanks for help!!!

Best regards
Django

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

Hi,

I have uploaded a new version.

- "SELECT 1" is now used to check whether the database is available.
This works for Postgres and MySQL.
- For Potgres support there is now a separate package which configures
Postgres. This package depends on the main back-end package.

Ubuntu/Debian

https://www.ciphermail.com/downloads/other/djigzo_2.10.3-1_all.deb
https://www.ciphermail.com/downloads/other/djigzo-web_2.10.3-1_all.deb
https://www.ciphermail.com/downloads/other/djigzo-postgres_2.10.3-1_all.deb

RedHat/CentOS

https://www.ciphermail.com/downloads/other/djigzo-2.10.3-1.noarch.rpm
https://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-1.noarch.rpm
https://www.ciphermail.com/downloads/other/djigzo-postgres-2.10.3-1.noarch.rpm

If you want to use CipherMail with MySQL, you do not need to postgres
package.

Kind regards,

Martijn Brinkers

···

On 07/06/2015 04:41 PM, Martijn Brinkers wrote:

Actually can you test it with

SELECT 1

The test is just to test whether the database is active or not. The
result is not important. It's just a test whether the select returns an
error or not.

Kind regards,

Martijn

On 07/06/2015 04:28 PM, Martijn Brinkers wrote:

Yes you are right :frowning:

I'll fix it. The RPMs have the same problem (since they are built from
the same source).

The query is defined in the filw

james-smtphandlerchain.xml

SELECT 1 FROM user

For now you can you try:

SELECT 1 FROM cm_users

I'll see whether I can come up with a solution which does not depend on
the database to use.

I'll probably have a version ready today

Kind regards,

Martijn

On 07/06/2015 04:18 PM, Laz C. Peterson wrote:

Martijn, we are seeing this in the logs on both servers we set up to use MySQL. Looks like there is one more reference to the PostgreSQL database, yes?

I tried to grep the /usr/share/djigzo folder but did not find that particular reference.

05 Jul 2015 23:27:16 | WARN SQL Error: 1146, SQLState: 42S02 (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | ERROR Table 'djigzo.user' doesn't exist (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Unable to open a stateless session. Database is probably not active. (mitm.common.hibernate.HibernateUtils) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Database is not active. (mitm.application.djigzo.james.smtpserver.CheckDatabaseBlockingRcptCmdHandler) [default Worker #2]

~Laz

On 7/4/15 2:27 PM, Martijn Brinkers wrote:

Hi,

It turned out that adding support for MySQL (MariaDB) was more work than
just changing the Hibernate dialect. We had to make sure that the
required changes did not require existing users to update the database.
Modifying all the unit tests to support different databases was also
quite a bit of work. That said, now we have it working for MySQL, in
principle adding support for other database (if ever) is now relative easy.

We have uploaded an RPM which does not depend on Postgres and contains
the required configuration files for MySQL.

The RPMs can be downloaded from

Backend;

http://www.ciphermail.com/downloads/other/djigzo-2.10.3-0.noarch-no-database.rpm

Web GUI:

http://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-0.noarch.rpm

Instructions:

1. Install RPMs

Install the RPMs using the quick install guide
(Quick setup — CipherMail Documentation)

Note: skip the parts about postgres

2. Install and configure MySQL (MariaDB)

Install MySQL

yum -y install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb

max_allowed_packet should be set to a high value (in mysql config)

$ vi /etc/my.cnf.d/server.cnf

Add the following line below [server]

max_allowed_packet = 128M

Note: the max size depends on the largest email, CRL you want to support.

systemctl restart mariadb

3. Create database user and database

mysql -u root

CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo';
CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON djigzo.* TO 'djigzo'@'localhost';

Note 1: The database should be set to UTF8
Note 2: ALL permission should probably be changed to a lower privilege
but we did not yet check what the minimal required privileges are.

4. Import database scheme

$ mysql -u djigzo --password=djigzo djigzo <
/usr/share/djigzo/conf/database/sql/djigzo.mysql.sql

5. Tell CipherMail to use MySQL

$ vi /usr/share/djigzo/wrapper/djigzo.wrapper.conf

Uncomment the line:

wrapper.java.additional.15=-Dciphermail.hibernate.database.type=mysql

6. Restart

/etc/init.d/djigzo restart

Because if licensing issues, we use the JDBC driver from MariaDB
(Download MariaDB Server - MariaDB.org). If you insist on using
the driver from MySQL, you need to remove the MariaDB jdbc driver, add
the MySQL JDBC driver and configure the hibernate config file to use the
MySQL driver.

The RPM is probably not final so it might change. We are thinking of
splitting up the packages (RPM, deb) into a back-end package which does
not automatically configure Postgres and a database specific back-end
package which depends on the main back-end package.

Let me know how it goes.

Kind regards,

Martijn Brinkers

On 06/30/2015 09:37 AM, django(a)nausch.org <mailto:django(a)nausch.org> wrote:

Griasde Martijn!

Quoting "Martijn Brinkers" martijn(a)djigzo.com <mailto:martijn(a)djigzo.com>:

Interesting. Why is Postgres not allowed?

It's a political decision - we can use following prioroties ans databeses:

1st Oracle 12
2nd MariaDB

Anyway, perhaps it's not of legal reasons but some technical reason.

FULLACK

That said, Maria DB is not directly supported but you can see whether
you can make it work with Maria DB.

That's a very good idea If you can tell me technical details about
changing the backend database, I'll do it, test it and give feedback to
you!

The database layer uses Hibernate (which is an ORM library).

My colleague Klaus, my database specialist, assumed, that your are using
Hibernate.

This however has never tested but it you are willing to spend some
time testing it, I can assist you.

Oh yes, I'll make this tests! So please tell me, what I should do!

Thanks for help!!!

Best regards
Django

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

Cool, thanks Martijn!

I have tested the initial release quite a bit over the past day or so. Actually thinking about going live tomorrow or Thursday. With of course a fallback to the existing CipherMail installation if any issues arise.

The architecture goes like this …

Two sites on two independent networks/datacenters, MySQL 5.5 database at each location with bidirectional master-master replication for the back-end. For the mail services, at each location, we have one primary MX for local delivery and one backup MX for store/forward. The primary MX delivers to Dovecot at its respective site, which then synchronizes using dsync (which works very well I might add). Our users are able to authenticate, send and receive from each site entirely independent of the other site.

Now, with CipherMail able to use MySQL as its DB, we can configure each site's current primary MX as a relay destination, and allow CipherMail to take over as primary MX duty. CipherMail will be each site’s gateway in and out for both internal and external domains, relaying to the Postfix server that lives with Dovecot or sending to the outside world.

We have tested sending encrypted email out from one site and having the external user access the web portal from the second site. Everything works great so far. Our particular setup is more for disaster recovery, but the exact same setup could be applied for failover and load balancing.

(Of course, a single database using PostgreSQL would be sufficient for two CipherMail servers to share at a single site. But the replication process for PostgreSQL was a bit complicated and immature at this time to apply for WAN.)

I will upgrade the packages later on today and give it a go. Thanks again.

~ Laz Peterson
Paravis, LLC

···

On Jul 7, 2015, at 6:06 AM, Martijn Brinkers <martijn(a)ciphermail.com> wrote:

Hi,

I have uploaded a new version.

- "SELECT 1" is now used to check whether the database is available.
This works for Postgres and MySQL.
- For Potgres support there is now a separate package which configures
Postgres. This package depends on the main back-end package.

Ubuntu/Debian

https://www.ciphermail.com/downloads/other/djigzo_2.10.3-1_all.deb
https://www.ciphermail.com/downloads/other/djigzo-web_2.10.3-1_all.deb
https://www.ciphermail.com/downloads/other/djigzo-postgres_2.10.3-1_all.deb

RedHat/CentOS

https://www.ciphermail.com/downloads/other/djigzo-2.10.3-1.noarch.rpm
https://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-1.noarch.rpm
https://www.ciphermail.com/downloads/other/djigzo-postgres-2.10.3-1.noarch.rpm

If you want to use CipherMail with MySQL, you do not need to postgres
package.

Kind regards,

Martijn Brinkers

On 07/06/2015 04:41 PM, Martijn Brinkers wrote:

Actually can you test it with

SELECT 1

The test is just to test whether the database is active or not. The
result is not important. It's just a test whether the select returns an
error or not.

Kind regards,

Martijn

On 07/06/2015 04:28 PM, Martijn Brinkers wrote:

Yes you are right :frowning:

I'll fix it. The RPMs have the same problem (since they are built from
the same source).

The query is defined in the filw

james-smtphandlerchain.xml

SELECT 1 FROM user

For now you can you try:

SELECT 1 FROM cm_users

I'll see whether I can come up with a solution which does not depend on
the database to use.

I'll probably have a version ready today

Kind regards,

Martijn

On 07/06/2015 04:18 PM, Laz C. Peterson wrote:

Martijn, we are seeing this in the logs on both servers we set up to use MySQL. Looks like there is one more reference to the PostgreSQL database, yes?

I tried to grep the /usr/share/djigzo folder but did not find that particular reference.

05 Jul 2015 23:27:16 | WARN SQL Error: 1146, SQLState: 42S02 (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | ERROR Table 'djigzo.user' doesn't exist (org.hibernate.util.JDBCExceptionReporter) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Unable to open a stateless session. Database is probably not active. (mitm.common.hibernate.HibernateUtils) [default Worker #2]
05 Jul 2015 23:27:16 | WARN Database is not active. (mitm.application.djigzo.james.smtpserver.CheckDatabaseBlockingRcptCmdHandler) [default Worker #2]

~Laz

On 7/4/15 2:27 PM, Martijn Brinkers wrote:

Hi,

It turned out that adding support for MySQL (MariaDB) was more work than
just changing the Hibernate dialect. We had to make sure that the
required changes did not require existing users to update the database.
Modifying all the unit tests to support different databases was also
quite a bit of work. That said, now we have it working for MySQL, in
principle adding support for other database (if ever) is now relative easy.

We have uploaded an RPM which does not depend on Postgres and contains
the required configuration files for MySQL.

The RPMs can be downloaded from

Backend;

http://www.ciphermail.com/downloads/other/djigzo-2.10.3-0.noarch-no-database.rpm

Web GUI:

http://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-0.noarch.rpm

Instructions:

1. Install RPMs

Install the RPMs using the quick install guide
(Quick setup — CipherMail Documentation)

Note: skip the parts about postgres

2. Install and configure MySQL (MariaDB)

Install MySQL

yum -y install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb

max_allowed_packet should be set to a high value (in mysql config)

$ vi /etc/my.cnf.d/server.cnf

Add the following line below [server]

max_allowed_packet = 128M

Note: the max size depends on the largest email, CRL you want to support.

systemctl restart mariadb

3. Create database user and database

mysql -u root

CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo';
CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON djigzo.* TO 'djigzo'@'localhost';

Note 1: The database should be set to UTF8
Note 2: ALL permission should probably be changed to a lower privilege
but we did not yet check what the minimal required privileges are.

4. Import database scheme

$ mysql -u djigzo --password=djigzo djigzo <
/usr/share/djigzo/conf/database/sql/djigzo.mysql.sql

5. Tell CipherMail to use MySQL

$ vi /usr/share/djigzo/wrapper/djigzo.wrapper.conf

Uncomment the line:

wrapper.java.additional.15=-Dciphermail.hibernate.database.type=mysql

6. Restart

/etc/init.d/djigzo restart

Because if licensing issues, we use the JDBC driver from MariaDB
(Download MariaDB Server - MariaDB.org). If you insist on using
the driver from MySQL, you need to remove the MariaDB jdbc driver, add
the MySQL JDBC driver and configure the hibernate config file to use the
MySQL driver.

The RPM is probably not final so it might change. We are thinking of
splitting up the packages (RPM, deb) into a back-end package which does
not automatically configure Postgres and a database specific back-end
package which depends on the main back-end package.

Let me know how it goes.

Kind regards,

Martijn Brinkers

On 06/30/2015 09:37 AM, django(a)nausch.org <mailto:django(a)nausch.org> wrote:

Griasde Martijn!

Quoting "Martijn Brinkers" martijn(a)djigzo.com <mailto:martijn(a)djigzo.com>:

Interesting. Why is Postgres not allowed?

It's a political decision - we can use following prioroties ans databeses:

1st Oracle 12
2nd MariaDB

Anyway, perhaps it's not of legal reasons but some technical reason.

FULLACK

That said, Maria DB is not directly supported but you can see whether
you can make it work with Maria DB.

That's a very good idea If you can tell me technical details about
changing the backend database, I'll do it, test it and give feedback to
you!

The database layer uses Hibernate (which is an ORM library).

My colleague Klaus, my database specialist, assumed, that your are using
Hibernate.

This however has never tested but it you are willing to spend some
time testing it, I can assist you.

Oh yes, I'll make this tests! So please tell me, what I should do!

Thanks for help!!!

Best regards
Django

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

HI Martijn,

pardon for the silence last days, my doc told me to take a look on to
my live and not on to my pc. :confused:

I have uploaded a new version.

RedHat/CentOS

https://www.ciphermail.com/downloads/other/djigzo-2.10.3-1.noarch.rpm

https://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-1.noarch.rp
m

https://www.ciphermail.com/downloads/other/djigzo-postgres-2.10.3-1.no

arch.rpm

If you want to use CipherMail with MySQL, you do not need to
postgres package.

O.K. I'm on the way and make a new installations based on the new rpms!

muchos gracias for your great work!

cul8r
Django

···

Am 07.07.2015 um 15:06 schrieb Martijn Brinkers:

HI Martijn,

pardon for the silence last days, my doc told me to take a look on to
my live and not on to my pc. :confused:

Which is more important than any pc in the world

I have uploaded a new version.

RedHat/CentOS

https://www.ciphermail.com/downloads/other/djigzo-2.10.3-1.noarch.rpm

https://www.ciphermail.com/downloads/other/djigzo-web-2.10.3-1.noarch.rp
m

https://www.ciphermail.com/downloads/other/djigzo-postgres-2.10.3-1.no

arch.rpm

If you want to use CipherMail with MySQL, you do not need to
postgres package.

O.K. I'm on the way and make a new installations based on the new rpms!

Let me know how it goes.

Kind regards,

Martijn Brinkers

···

On 07/07/2015 06:21 PM, Django wrote:

Am 07.07.2015 um 15:06 schrieb Martijn Brinkers:

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

Sounds like a nice setup :slight_smile:

A couple of questions, since I'm not familiar with the HA options of MySQL.

Reads will be fast since they can be read from the local database. With
writes I guess a write is blocked until all databases have finished the
transaction? If so the write speed will depend on the latency between
the datacenters. The majority of databases access is read only so that
should not be a problem.

How does the system handle a connection failure? It can happen that the
databases get out of sync when a connection between the databases is
lost. Should you manually tell which server is the "good" server?

Kind regards,

Martijn Brinkers

···

On 07/07/2015 03:26 PM, Laz C. Peterson wrote:

Cool, thanks Martijn!

I have tested the initial release quite a bit over the past day or
so. Actually thinking about going live tomorrow or Thursday. With
of course a fallback to the existing CipherMail installation if any
issues arise.

The architecture goes like this …

Two sites on two independent networks/datacenters, MySQL 5.5 database
at each location with bidirectional master-master replication for the
back-end. For the mail services, at each location, we have one
primary MX for local delivery and one backup MX for store/forward.
The primary MX delivers to Dovecot at its respective site, which then
synchronizes using dsync (which works very well I might add). Our
users are able to authenticate, send and receive from each site
entirely independent of the other site.

Now, with CipherMail able to use MySQL as its DB, we can configure
each site's current primary MX as a relay destination, and allow
CipherMail to take over as primary MX duty. CipherMail will be each
site’s gateway in and out for both internal and external domains,
relaying to the Postfix server that lives with Dovecot or sending to
the outside world.

We have tested sending encrypted email out from one site and having
the external user access the web portal from the second site.
Everything works great so far. Our particular setup is more for
disaster recovery, but the exact same setup could be applied for
failover and load balancing.

(Of course, a single database using PostgreSQL would be sufficient
for two CipherMail servers to share at a single site. But the
replication process for PostgreSQL was a bit complicated and immature
at this time to apply for WAN.)

I will upgrade the packages later on today and give it a go. Thanks
again.

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

I’m running out the door to a meeting, so my response will be a little brief for now.

But yes, reads are fast. And writes are done entirely independent of the remote database. Each database is setup to log all writes to a binary log that the remote server can access using a special account given replication access. So that way, no process has to wait until the remote side gives the “okay”. To make this safe, you can configure each server to a specific multiple for the auto-increment IDs, such as giving server 1 the 1/3/5/etc and server 2 will write all 2/4/6/8/etc … That way you do not have the issue of running into a clashing unique ID if two writes happened at the same time or if the databases were temporarily out of communication.

When a connection is out for any period of time, the remote server (or both of them in a master-master configuration) will access the binary log when the communication is re-established and catch up. The MySQL configuration allows you to configure the maximum amount of binary logs to store, because they do take up quite a bit of space if you have lots of writes. So in the case where the two databases are disconnected for a period of time that exceeds the binary logs, you will have to re-create the configuration by dumping the most updated database, importing to the remote server, then setting up the master-master replication again.

My configuration is set to keep logs for 10 days, which is generally about 3.5GB worth of binary logs. So not that bad. Rarely our servers are disconnected for longer than a few minutes at a time, so consistency has not been an issue. When it *IS* an issue, for example when there is a single database at a remote site with non-enterprise internet, that can be a big pain to get back in sync if the database size is very large. But for any legit datacenter or proper connection, I have never had a problem.

If the databases do get out of sync and it is a serious problem, both databases will continue to serve out their reads/writes as if they were totally independent of each other. The admin will have to figure out how he will merge any inconsistent data manually, and then re-establish the replication setup after that is done. I haven’t had to do that (yet), but it is most definitely doable.

So far, we have not had any simultaneous writes done to the same record at the same time without the ability to synchronize before the next write is done (from whichever side). Our MySQL-based databases are generally much friendlier than our SQL Server databases. Those are a total nightmare since each developer has a very different way of misconfiguring their entire database design, and I would never think of replicating in this fashion (though Microsoft seems to think it is doable without any problems).

For a CipherMail configuration, I really do not think that there is much possibility to run into any clashing data.

Anyhow, got to run. Take care Martijn!

~ Laz Peterson
Paravis, LLC

···

On Jul 7, 2015, at 9:29 AM, Martijn Brinkers <martijn(a)ciphermail.com> wrote:

On 07/07/2015 03:26 PM, Laz C. Peterson wrote:

Cool, thanks Martijn!

I have tested the initial release quite a bit over the past day or
so. Actually thinking about going live tomorrow or Thursday. With
of course a fallback to the existing CipherMail installation if any
issues arise.

The architecture goes like this …

Two sites on two independent networks/datacenters, MySQL 5.5 database
at each location with bidirectional master-master replication for the
back-end. For the mail services, at each location, we have one
primary MX for local delivery and one backup MX for store/forward.
The primary MX delivers to Dovecot at its respective site, which then
synchronizes using dsync (which works very well I might add). Our
users are able to authenticate, send and receive from each site
entirely independent of the other site.

Now, with CipherMail able to use MySQL as its DB, we can configure
each site's current primary MX as a relay destination, and allow
CipherMail to take over as primary MX duty. CipherMail will be each
site’s gateway in and out for both internal and external domains,
relaying to the Postfix server that lives with Dovecot or sending to
the outside world.

We have tested sending encrypted email out from one site and having
the external user access the web portal from the second site.
Everything works great so far. Our particular setup is more for
disaster recovery, but the exact same setup could be applied for
failover and load balancing.

(Of course, a single database using PostgreSQL would be sufficient
for two CipherMail servers to share at a single site. But the
replication process for PostgreSQL was a bit complicated and immature
at this time to apply for WAN.)

I will upgrade the packages later on today and give it a go. Thanks
again.

Sounds like a nice setup :slight_smile:

A couple of questions, since I'm not familiar with the HA options of MySQL.

Reads will be fast since they can be read from the local database. With
writes I guess a write is blocked until all databases have finished the
transaction? If so the write speed will depend on the latency between
the datacenters. The majority of databases access is read only so that
should not be a problem.

How does the system handle a connection failure? It can happen that the
databases get out of sync when a connection between the databases is
lost. Should you manually tell which server is the "good" server?

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Maybe I missed it in the chain of this email, is there a path to migrate from an existing postgresql installation to MariaDB/MySQL?

···

-----Original Message-----
From: users-bounces(a)lists.djigzo.com [mailto:users-
bounces(a)lists.djigzo.com] On Behalf Of Martijn Brinkers
Sent: Tuesday, July 07, 2015 12:29 PM
To: users(a)lists.djigzo.com
Subject: Re: Ciphermail and MariaDB

On 07/07/2015 03:26 PM, Laz C. Peterson wrote:
> Cool, thanks Martijn!
>
> I have tested the initial release quite a bit over the past day or so.
> Actually thinking about going live tomorrow or Thursday. With of
> course a fallback to the existing CipherMail installation if any
> issues arise.
>
> The architecture goes like this …
>
> Two sites on two independent networks/datacenters, MySQL 5.5 database
> at each location with bidirectional master-master replication for the
> back-end. For the mail services, at each location, we have one
> primary MX for local delivery and one backup MX for store/forward.
> The primary MX delivers to Dovecot at its respective site, which then
> synchronizes using dsync (which works very well I might add). Our
> users are able to authenticate, send and receive from each site
> entirely independent of the other site.
>
> Now, with CipherMail able to use MySQL as its DB, we can configure
> each site's current primary MX as a relay destination, and allow
> CipherMail to take over as primary MX duty. CipherMail will be each
> site’s gateway in and out for both internal and external domains,
> relaying to the Postfix server that lives with Dovecot or sending to
> the outside world.
>
> We have tested sending encrypted email out from one site and having
> the external user access the web portal from the second site.
> Everything works great so far. Our particular setup is more for
> disaster recovery, but the exact same setup could be applied for
> failover and load balancing.
>
> (Of course, a single database using PostgreSQL would be sufficient for
> two CipherMail servers to share at a single site. But the replication
> process for PostgreSQL was a bit complicated and immature at this time
> to apply for WAN.)
>
> I will upgrade the packages later on today and give it a go. Thanks
> again.

Sounds like a nice setup :slight_smile:

A couple of questions, since I'm not familiar with the HA options of MySQL.

Reads will be fast since they can be read from the local database. With writes I
guess a write is blocked until all databases have finished the transaction? If so
the write speed will depend on the latency between the datacenters. The
majority of databases access is read only so that should not be a problem.

How does the system handle a connection failure? It can happen that the
databases get out of sync when a connection between the databases is lost.
Should you manually tell which server is the "good" server?

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Maybe I missed it in the chain of this email, is there a path to
migrate from an existing postgresql installation to MariaDB/MySQL?

Not really :slight_smile: .. in theory it should work if you rename all tables and
columns and import the data. I haven't tested this. The names of the
tables and columns are different for MySQL because of naming conflicts.
Another option might be to use some tool to export the database to an
intermediate form (for example xml) and then import into MySQL.

Kind regards,

Martijn Brinkers

···

On 07/11/2015 09:01 PM, Dino Edwards wrote:

-----Original Message----- From: users-bounces(a)lists.djigzo.com
[mailto:users- bounces(a)lists.djigzo.com] On Behalf Of Martijn
Brinkers Sent: Tuesday, July 07, 2015 12:29 PM To:
users(a)lists.djigzo.com Subject: Re: Ciphermail and
MariaDB

On 07/07/2015 03:26 PM, Laz C. Peterson wrote:

Cool, thanks Martijn!

I have tested the initial release quite a bit over the past day
or so. Actually thinking about going live tomorrow or Thursday.
With of course a fallback to the existing CipherMail installation
if any issues arise.

The architecture goes like this …

Two sites on two independent networks/datacenters, MySQL 5.5
database at each location with bidirectional master-master
replication for the back-end. For the mail services, at each
location, we have one primary MX for local delivery and one
backup MX for store/forward. The primary MX delivers to Dovecot
at its respective site, which then synchronizes using dsync
(which works very well I might add). Our users are able to
authenticate, send and receive from each site entirely
independent of the other site.

Now, with CipherMail able to use MySQL as its DB, we can
configure each site's current primary MX as a relay destination,
and allow CipherMail to take over as primary MX duty. CipherMail
will be each site’s gateway in and out for both internal and
external domains, relaying to the Postfix server that lives with
Dovecot or sending to the outside world.

We have tested sending encrypted email out from one site and
having the external user access the web portal from the second
site. Everything works great so far. Our particular setup is
more for disaster recovery, but the exact same setup could be
applied for failover and load balancing.

(Of course, a single database using PostgreSQL would be
sufficient for two CipherMail servers to share at a single site.
But the replication process for PostgreSQL was a bit complicated
and immature at this time to apply for WAN.)

I will upgrade the packages later on today and give it a go.
Thanks again.

Sounds like a nice setup :slight_smile:

A couple of questions, since I'm not familiar with the HA options
of MySQL.

Reads will be fast since they can be read from the local database.
With writes I guess a write is blocked until all databases have
finished the transaction? If so the write speed will depend on the
latency between the datacenters. The majority of databases access
is read only so that should not be a problem.

How does the system handle a connection failure? It can happen that
the databases get out of sync when a connection between the
databases is lost. Should you manually tell which server is the
"good" server?

Kind regards,

Martijn Brinkers

-- CipherMail email encryption

Open source email encryption gateway with support for S/MIME,
OpenPGP and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

-- CipherMail email encryption

Open source email encryption gateway with support for S/MIME,
OpenPGP and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________ Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

Twitter: http://twitter.com/CipherMail

Yes, you must use some type of intermediate between the two. I tried a direct PSQL -> MySQL and failed, then didn’t spend too much more time on it.

One thing that could possibly work is creating the database and schema using the included SQL file that Martijn created. Then using an app such as MySQL Workbench to import the data from a PostgreSQL export. I haven’t tried this yet, as I manually recreated the settings, users, domains and the imported whatever keys were there.

~ Laz Peterson
Paravis, LLC

···

On Jul 11, 2015, at 1:54 PM, Martijn Brinkers <martijn(a)ciphermail.com> wrote:

On 07/11/2015 09:01 PM, Dino Edwards wrote:

Maybe I missed it in the chain of this email, is there a path to
migrate from an existing postgresql installation to MariaDB/MySQL?

Not really :slight_smile: .. in theory it should work if you rename all tables and
columns and import the data. I haven't tested this. The names of the
tables and columns are different for MySQL because of naming conflicts.
Another option might be to use some tool to export the database to an
intermediate form (for example xml) and then import into MySQL.

Kind regards,

Martijn Brinkers

-----Original Message----- From: users-bounces(a)lists.djigzo.com
[mailto:users- bounces(a)lists.djigzo.com] On Behalf Of Martijn
Brinkers Sent: Tuesday, July 07, 2015 12:29 PM To:
users(a)lists.djigzo.com Subject: Re: Ciphermail and
MariaDB

On 07/07/2015 03:26 PM, Laz C. Peterson wrote:

Cool, thanks Martijn!

I have tested the initial release quite a bit over the past day
or so. Actually thinking about going live tomorrow or Thursday.
With of course a fallback to the existing CipherMail installation
if any issues arise.

The architecture goes like this …

Two sites on two independent networks/datacenters, MySQL 5.5
database at each location with bidirectional master-master
replication for the back-end. For the mail services, at each
location, we have one primary MX for local delivery and one
backup MX for store/forward. The primary MX delivers to Dovecot
at its respective site, which then synchronizes using dsync
(which works very well I might add). Our users are able to
authenticate, send and receive from each site entirely
independent of the other site.

Now, with CipherMail able to use MySQL as its DB, we can
configure each site's current primary MX as a relay destination,
and allow CipherMail to take over as primary MX duty. CipherMail
will be each site’s gateway in and out for both internal and
external domains, relaying to the Postfix server that lives with
Dovecot or sending to the outside world.

We have tested sending encrypted email out from one site and
having the external user access the web portal from the second
site. Everything works great so far. Our particular setup is
more for disaster recovery, but the exact same setup could be
applied for failover and load balancing.

(Of course, a single database using PostgreSQL would be
sufficient for two CipherMail servers to share at a single site.
But the replication process for PostgreSQL was a bit complicated
and immature at this time to apply for WAN.)

I will upgrade the packages later on today and give it a go.
Thanks again.

Sounds like a nice setup :slight_smile:

A couple of questions, since I'm not familiar with the HA options
of MySQL.

Reads will be fast since they can be read from the local database.
With writes I guess a write is blocked until all databases have
finished the transaction? If so the write speed will depend on the
latency between the datacenters. The majority of databases access
is read only so that should not be a problem.

How does the system handle a connection failure? It can happen that
the databases get out of sync when a connection between the
databases is lost. Should you manually tell which server is the
"good" server?

Kind regards,

Martijn Brinkers

-- CipherMail email encryption

Open source email encryption gateway with support for S/MIME,
OpenPGP and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

-- CipherMail email encryption

Open source email encryption gateway with support for S/MIME,
OpenPGP and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________ Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users