View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Fedora, systemctl, and enabling/disabling services at boot
Log in to Ask a Question

Fedora, systemctl, and enabling/disabling services at boot

general

Excuse me if there is a better forum to post this in, but since it didn't seem to fall under any of the more specific forum titles, this seemed like the best place to post this.

I have a bit of a mystery going on and could use a little crowd-sourced sleuthing. Since my VMs are going to have "maintenance" this week and will get rebooted, my problem is about to manifest itself again, so I might as well get my question out there.

My Linodes run Fedora 17, under which I use Postfix for mail. I also run OpenDKIM to handle DKIM mail signing. The overwhelming majority of the time, everything runs smoothly and without a hitch. I regularly get DMARC reports from various mail servers around the 'Net, routinely showing my IPs passing both SPF and DKIM tests (and an alarming number of spammer IPs trying to spoof my domains and failing the same tests, but that's beside the point).

But that's no my problem.

What's funky is that on the rare occasions my machines need rebooted, my non-standard services are not getting started correctly. By default, Fedora uses Sendmail for mail handling. Sure enough, whenever my Linodes reboot, I can see Sendmail running and enabled and both Postfix and OpenDKIM are stopped and disabled.

Here's the kicker: I know how to use systemctl to enable/disable and start/stop these services, but my changes are NOT being preserved. For example, I can type in the following (as root) and everything will work as expected:

# systemctl stop sendmail.service
# systemctl disable sendmail.service
# systemctl start opendkim.service
# systemctl start postfix.service
# systemctl enable opendkim.service
# systemctl enable postfix.service

All status messages return the correct results. I can go under /etc/rc.d and see the symbolic links being created at the appropriate run levels. Everything works fine for days, weeks, months… until the reboot. Then without fail, Postfix and OpenDKIM are dead and disabled again and Sendmail is happily routing my mail and thus nothing gets signed via DKIM. In other words, everything (with respect to these three services) gets set back to default.

The real head scratcher for me is I know I'm doing this right. I've chatted with several of my readers who are just as fluent with Linux as I am (if not more so), and they tend to agree. Some tried pointing me to the older chkconfig command for enabling and disabling services, but I had to remind them that chkconfig is deprecated in Fedora 17 and when you use it it passes the buck to systemctl behind the scenes. I'm issuing all of these changes as root and do NOT use SELinux, so there's no reason I can think of within the system to prevent my changes from becoming permanent.

I'm wondering if Linode has some sort of protection mechanism in place that prevents these type of changes. If so, I don't see why this would be restricted just to mail. None of my other heavily-customized services lose their settings on reboot; Apache, MySQL, iptables, etc., all work as expected and my changes stay intact. It's only these three services that don't seem to persist. But I'm running out of possibilities within the system for identifying a culprit, and the only other thing I can think of is something at the VM host level preventing me from making this a permanent change.

Does anyone have any ideas why I'm seeing this behavior? It's had me baffled now for months.

5 Replies

Good job Fedora Dev's - now that EVERYONE is moving their servers to tablets, the whole get rid of 'chkconfig' in favor of 'systemd' makes perfect sense.

What happens if you just remove 'sendmail'? It will probably still try to start it on boot, but it will just error out instead of messing with 'postfix'.

Well, I could remove Sendmail, but then my box wouldn't send any mail after boot until I get a chance to log in and manually start Postfix. I'd rather it send something (since I have no idea when my users might place an order or do something else that might generate a message) and deal with soft DMARC failures than it send nothing at all…. :|

systemctl disable sendmail.service, systemctl enable postfix.service is the right way to do it.

If you want to have both sendmail and postfix installed, one extra command you may want to run is alternatives –set mta /usr/sbin/sendmail.postfix

OR you can just remove sendmail once postfix is installed, that's how I do it.

Hrm… never heard of "alternatives". Then again, if it's something that came over from Debian as the man page suggests, that might explain why (and it may betray my age and old-school Red Hat/Fedora lock-in :oops: ).

Out of curiosity, I tried this:

# alternatives --display mta
mta - status is auto.
 link currently points to /usr/sbin/sendmail.sendmail
/usr/sbin/sendmail.postfix - priority 30
 slave mta-pam: /etc/pam.d/smtp.postfix
 slave mta-mailq: /usr/bin/mailq.postfix
 slave mta-newaliases: /usr/bin/newaliases.postfix
 slave mta-rmail: /usr/bin/rmail.postfix
 slave mta-sendmail: /usr/lib/sendmail.postfix
 slave mta-mailqman: /usr/share/man/man1/mailq.postfix.1.gz
 slave mta-newaliasesman: /usr/share/man/man1/newaliases.postfix.1.gz
 slave mta-aliasesman: /usr/share/man/man5/aliases.postfix.5.gz
 slave mta-rmailman: (null)
 slave mta-sendmailman: /usr/share/man/man1/sendmail.postfix.1.gz
/usr/sbin/sendmail.sendmail - priority 90
 slave mta-pam: /etc/pam.d/smtp.sendmail
 slave mta-mailq: /usr/bin/mailq.sendmail
 slave mta-newaliases: /usr/bin/newaliases.sendmail
 slave mta-rmail: /usr/bin/rmail.sendmail
 slave mta-sendmail: /usr/lib/sendmail.sendmail
 slave mta-mailqman: /usr/share/man/man1/mailq.sendmail.1.gz
 slave mta-newaliasesman: /usr/share/man/man1/newaliases.sendmail.1.gz
 slave mta-aliasesman: /usr/share/man/man5/aliases.sendmail.5.gz
 slave mta-rmailman: /usr/share/man/man8/rmail.sendmail.8.gz
 slave mta-sendmailman: /usr/share/man/man8/sendmail.sendmail.8.gz
Current `best' version is /usr/sbin/sendmail.sendmail.

So it looks like under "alternatives" Sendmail is still the default.

I tried "alternatives –set mta /usr/sbin/sendmail.postfix" as root and got the following:

# alternatives --set mta /usr/sbin/sendmail.postfix
# alternatives --display mta
mta - status is manual.
 link currently points to /usr/sbin/sendmail.postfix
/usr/sbin/sendmail.postfix - priority 30
 slave mta-pam: /etc/pam.d/smtp.postfix
 slave mta-mailq: /usr/bin/mailq.postfix
 slave mta-newaliases: /usr/bin/newaliases.postfix
 slave mta-rmail: /usr/bin/rmail.postfix
 slave mta-sendmail: /usr/lib/sendmail.postfix
 slave mta-mailqman: /usr/share/man/man1/mailq.postfix.1.gz
 slave mta-newaliasesman: /usr/share/man/man1/newaliases.postfix.1.gz
 slave mta-aliasesman: /usr/share/man/man5/aliases.postfix.5.gz
 slave mta-rmailman: (null)
 slave mta-sendmailman: /usr/share/man/man1/sendmail.postfix.1.gz
/usr/sbin/sendmail.sendmail - priority 90
 slave mta-pam: /etc/pam.d/smtp.sendmail
 slave mta-mailq: /usr/bin/mailq.sendmail
 slave mta-newaliases: /usr/bin/newaliases.sendmail
 slave mta-rmail: /usr/bin/rmail.sendmail
 slave mta-sendmail: /usr/lib/sendmail.sendmail
 slave mta-mailqman: /usr/share/man/man1/mailq.sendmail.1.gz
 slave mta-newaliasesman: /usr/share/man/man1/newaliases.sendmail.1.gz
 slave mta-aliasesman: /usr/share/man/man5/aliases.sendmail.5.gz
 slave mta-rmailman: /usr/share/man/man8/rmail.sendmail.8.gz
 slave mta-sendmailman: /usr/share/man/man8/sendmail.sendmail.8.gz
Current `best' version is /usr/sbin/sendmail.sendmail.

While the "link currently points to" bit looks OK, the "Current 'best' version" bit is a bit troubling. It's still pointing to Sendmail. I wonder if that has anything to do with the "priority" numbers, which I assume "rate" Sendmail higher (90) than Postfix (30).

Well, I ran that on one of my Linodes but haven't run it on the other. Since both are live websites, I don't want to shut then down right now during peak readership times. However, both will get rebooted in the next couple of days during a "maintenance" event on the physical host boxes. I'll compare the results and see if "alternatives" had any change on the outcome.

OK, the Linode on which I ran the "alternatives" line was rebooted this morning and, sure enough, Postfix was running and Sendmail was stopped. I seem to be having a separate problem with OpenDKIM, but that's independent of this and something I'll have to pursue another time.

Thanks for the input. I've run "alternatives" on the second Linode, which is set to reboot tomorrow.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct