I’m currently working through “demoting” my NS instance from a 2-nic gateway/firewall/threat prevention/etc server down to a “normal” server inside my LAN all behind a UTM device and a separate server to handle incoming mail. In doing so, I am removing all the services/packages that I no longer need under it’s new role. To help with this, I created a new NS VM with a single nic and started to install applications one by one to see what was installed, so I could remove the unwanted stuff from my current server. In doing this, I noticed some strangeness in the way a couple of the nethserver mail applications are packaged.
Firstly, installing just Email, also installs all the components that I would expect to be part of SMTP Proxy, such as: nethserver-mail-filter, nethserver-antivirus, clamav, rspamd, unbound, etc and strangely: nethserver-httpd-admin-service.
Following this, the SMTP Proxy application was still available to install. Selecting just that installed: nethserver-firewall-base-ui. Huh.
Seeing what would be uninstalled, if I selected to uninstall the AntiVirus, that seemed to remove the correct components from the SMTP Proxy application. OK, it left a few packages behind that had to be manually removed, but mostly did what I would expect. Well, apart from when I checked the Software Center. SMTP Proxy was now available to install (again) as expected. But it now showed that Email was also available to install !!!
Running through all the other packages to remove didn’t produce any further “head scratching” (well, apart from the odd orphaned file here and there) until I tried to remove the components I added from this guide: Set up a blacklist server. As part of that, I had to install firehol from one of it’s own repositories. Now, when I try to remove that package, it wants to remove as a dependency: nethserver-firewall-base (and hence all of it’s dependencies as well). Obviously a nethserver package isn’t one of it’s dependencies, so I’m not sure why trying to remove it, it wants to nuke the nethserver-firewall-base.
Having got all that off my chest, the exercise went far smoother than I expected and everything appears (fingers crossed) to be running normally. Oh, after adjusting all my “user” network services to use the Green interface (via port forwarding), instead of the Red.