Re: [CentOS] Inquiry:How to enable "NAT" on CentOS 5 ?

[hadi motamedi]

Sorry. It seems that I didn't illustrate what I mean correctly . I mean that
it is appeared to me that my CentOS 5 server will support for NAT by default
(as I checked it on VirtualBox) but after Asterisk & DECT installation it
does not . Can you please let me know which settings maybe influenced and
need to be double-checked ?
Thank you in advance



On Mon, Nov 23, 2009 at 7:54 AM, Barry Brimer  wrote:

>  > Dear All
> > On my CentOS 5 , I installed the Asterisk 1.4.13 and DECT application
> > software and then when I want to try for "NAT" I issue as the followings
> :
> > #iptables -t nat -A POSTROUTING -s 10.20.30.0/24 -o eth0 -j MASQUERADE
> > But it didn't get through . So I checked if the "NAT" is enabled on
> > my CentOS server , as the followings :
> > #echo "1" > /proc/sys/net/ipv4/ip_forward
> > But still I cannot try for "NAT" . Can you please let me know which other
> > setings maybe influenced and need to be checked for enabling the "NAT" ?
>
> You have your outgoing traffic NATed .. but you need a PREROUTING rule to
> forward the traffic to your Asterisk server.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] APIC error on CPU0: 00(60)

[Andrey Garkin]

Hi All!

I have a some problem:

On the my motherboard Intel DG45NB with Processor Box  Intel Core 2 Duo  
E6300 , i see in the  dmesg(log file):
dmesg | grep CPU0
APIC error on CPU0: 00(60)
or the sometime:
dmesg | grep CPU1
APIC error on CPU1: 00(60)


How can I fix this problem??? This Bug is my motherboard or the kernel???
The system good working is uptime... Without reboot...
Other error in the log file - not found.
My kernel 2.6.18-164.6.1.el5
My system CentOS 5.4...

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What's wrong with yum-priorities?

[Kai Schaetzl]

Well, I think reality is that most of us have had very good experience 
with yum-priorities. There is no thing as absolute security.
And I'm going to continue to use it, it certainly allows for a more fine-
grained control than protect-base.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] APIC error on CPU0: 00(60)

[James Pearson]

Andrey Garkin wrote:
> Hi All!
> 
> I have a some problem:
> 
> On the my motherboard Intel DG45NB with Processor Box  Intel Core 2 Duo  
> E6300 , i see in the  dmesg(log file):
> dmesg | grep CPU0
> APIC error on CPU0: 00(60)
> or the sometime:
> dmesg | grep CPU1
> APIC error on CPU1: 00(60)
> 
> 
> How can I fix this problem??? This Bug is my motherboard or the kernel???
> The system good working is uptime... Without reboot...
> Other error in the log file - not found.
> My kernel 2.6.18-164.6.1.el5
> My system CentOS 5.4...



James Pearson
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Logo origin

[Geerd-Dietger Hoffmann]

Hello

I was just asked what the logo means and I had to admit that I really
had no idea, as it was chosen way before my time. Can someone please
enlighten me about the logo. I have tried google but nothing really
came up :)

Some pointers would be very helpful.

Cheers Didi

--

My www page: www.ribalba.de
Email / Jabber: riba...@gmail.com
Skype : ribalba
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

[Gordon McLellan]

On Sun, Nov 22, 2009 at 9:33 PM, Tom H  wrote:
> On Mon, Nov 23, 2009 at 2:38 AM, Gordon McLellan  
> wrote:
>> KERNEL=="eth?", SYSFS{address}=="00:21:e9:17:64:b5", NAME="eth1"  #
>> Now, all three network cards get assigned as eth0! eth1 and eth2 are
>> no longer found. The pci-express nics (onboard) get detected first,
>> and the pci nic is last, so it ends up "owning" the eth0 alias.
>
> Changing SYSFS to ATTR should do it.
> ___

Tom,

Now I get in the syslog: Unknown key: ATTR{address}

I also tried ATTRS{address} seen in some examples, same error.

Digging around google a bit more I came up with different rules, and
fingers crossed, they seem to work!

SUBSYSTEM=="net", SYSFS{address}=="00:1b:21:4d:c3:e8", NAME="eth0"  # pro/1000gt
SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:30", NAME="eth1"  # internal 1
SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:31", NAME="eth2"  # internal 2

I also performed chmod +x on the 60-net.rules file, I noticed some
other files in rules.d were marked as executable, so I figured it
couldn't hurt!

Gordon
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] smtp+pop3+imap+tls+webmail+anti spam+anti virus

[Robert Moskowitz]

Eugeneapolinary Ju wrote:
> hi!
>
> does anyone has a good howto, docs how to set up an smtp, pop3, imap server, 
> with webmail, and has anti virus solution, and even spam filtering? :D [plus 
> secure connection for the clients :D ]
>
> wich softwares are the best for this? [e.g.: "vsftpd is the most secure ftp 
> server"..]
>
> users would be from /etc/passwd [so not virtual users]

There is a tutorial for using Postfix, Courier, Squirelmail, and mySQL 
on FC10 at:

http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10

We have gotten this working on Amahi (amahi.org), see: 
http://wiki.amahi.org/index.php/Amahi_Mail_System

I have been running this since mid september (I was bigfoot's beta 
tester). I run 4 domains and about 30 users on a 1Ghz/512Mb Compaq SFF 
server. I process around 5000+ smtp connections/day or which only half 
get processed as 'reasonable' connections and 2/3 of that get canned as 
spam resulting in ~700/day good messages. So the system really works to 
filter out the trash.

We are working on moving Amahi to FC11 and develop a Centos version.

I tried contribs.org, but I could not 'live' with the limitation of an 
email address in only one domain and the workaround to deal with it. My 
address of 'rgm' is used in a number of my domains, for example.

The mySQL tables for the above setup are easy to manage. All the mail 
ends up in /home/vmail//user, making it easy to manage. I ran 
SCALIX for about 7 years, and all the mail in a SQL database was nothing 
but a pain.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

[Gordon McLellan]

On Mon, Nov 23, 2009 at 8:04 AM, Gordon McLellan  wrote:
> Digging around google a bit more I came up with different rules, and
> fingers crossed, they seem to work!
>
> SUBSYSTEM=="net", SYSFS{address}=="00:1b:21:4d:c3:e8", NAME="eth0"  # 
> pro/1000gt
> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:30", NAME="eth1"  # 
> internal 1
> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:31", NAME="eth2"  # 
> internal 2
>

Replying to myself here, as I'm going crazy anyway.

It turns out it was just a fluke the server booted up with the correct
order.  Another reboot and the nic's are all screwed up again, the
built in and external card sharing eth0, the second built in as eth1.

On the second server, things are the same even with the new rules, nic
drvier order is seemingly chosen at random with each boot.

Any other thoughts and suggestions!?

Gordon
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

[Les Mikesell]

Gordon McLellan wrote:
> On Mon, Nov 23, 2009 at 8:04 AM, Gordon McLellan  
> wrote:
>> Digging around google a bit more I came up with different rules, and
>> fingers crossed, they seem to work!
>>
>> SUBSYSTEM=="net", SYSFS{address}=="00:1b:21:4d:c3:e8", NAME="eth0"  # 
>> pro/1000gt
>> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:30", NAME="eth1"  # 
>> internal 1
>> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:31", NAME="eth2"  # 
>> internal 2
>>
> 
> Replying to myself here, as I'm going crazy anyway.
> 
> It turns out it was just a fluke the server booted up with the correct
> order.  Another reboot and the nic's are all screwed up again, the
> built in and external card sharing eth0, the second built in as eth1.
> 
> On the second server, things are the same even with the new rules, nic
> drvier order is seemingly chosen at random with each boot.
> 
> Any other thoughts and suggestions!?

Normally, the nic devices are renamed to match the DEVICE= name specified in 
the 
/etc/sysconfig/ifcfg-eth? file with the matching HWADDR= mac address even if 
they were detected as something else.  Can you use these and still layer the 
bonding on top of them (they don't have to have an IPADDR)?  Note that they get 
the name of the DEVICE= inside the file, not the eth? of the filename if they 
happen to differ, and it may not work if you don't have matches for every nic.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] SNAT question

[Peter Peltonen]

Hi,

I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables.

I have the following setup:

eth0: connects to internet with static public IP 1.2.3.1 (obscured
here for privacy)
eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy)
eth2: connects to LAN with static private IP 192.168.0.1

Traffic to hosts in the DMZ/Internet through eth0/1 work fine.

I tried masqueradig the LAN with following:

ptables -A FORWARD -i eth2 -j ACCEPT
iptables -A FORWARD -o eth2 -j ACCEPT
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT
--to-source 1.2.3.1

After this I can ssh to a server in the Internet from the LAN using
the server's IP address but not its name. The w command on the server
tells me that my address has not been masqueraded (its 192.168.0.2,
the LAN client's private IP).

What am I doing wrong?

Best,
Peter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SNAT question

[Giovanni Tirloni]

On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen
 wrote:
> Hi,
>
> I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables.
>
> I have the following setup:
>
> eth0: connects to internet with static public IP 1.2.3.1 (obscured
> here for privacy)
> eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for 
> privacy)
> eth2: connects to LAN with static private IP 192.168.0.1
>
> Traffic to hosts in the DMZ/Internet through eth0/1 work fine.
>
> I tried masqueradig the LAN with following:
>
> ptables -A FORWARD -i eth2 -j ACCEPT
> iptables -A FORWARD -o eth2 -j ACCEPT
> iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT
> --to-source 1.2.3.1
>
> After this I can ssh to a server in the Internet from the LAN using
> the server's IP address but not its name. The w command on the server
> tells me that my address has not been masqueraded (its 192.168.0.2,
> the LAN client's private IP).

If you can ssh to a server on the Internet then your connectivity is
working.  You might want to check if DNS is allowed and working from
the LAN hosts to the Internet.

The fact that 'w' shows your internal IP address is because you're
connecting from the LAN to the gateway, which doesn't trigger the SNAT
because it's not forwarding any packets... only accepting your
connection.

-- 
Giovanni.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

[Ross Walker]

On Nov 23, 2009, at 8:29 AM, Gordon McLellan   
wrote:

> On Mon, Nov 23, 2009 at 8:04 AM, Gordon McLellan  > wrote:
>> Digging around google a bit more I came up with different rules, and
>> fingers crossed, they seem to work!
>>
>> SUBSYSTEM=="net", SYSFS{address}=="00:1b:21:4d:c3:e8", NAME="eth0"   
>> # pro/1000gt
>> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:30", NAME="eth1"   
>> # internal 1
>> SUBSYSTEM=="net", SYSFS{address}=="00:e0:81:b5:7a:31", NAME="eth2"   
>> # internal 2
>>
>
> Replying to myself here, as I'm going crazy anyway.
>
> It turns out it was just a fluke the server booted up with the correct
> order.  Another reboot and the nic's are all screwed up again, the
> built in and external card sharing eth0, the second built in as eth1.
>
> On the second server, things are the same even with the new rules, nic
> drvier order is seemingly chosen at random with each boot.
>
> Any other thoughts and suggestions!?

Don't touch udev, expecting admins to write udev rules for network  
interface binding is just not realistic. Udev rules are meant to be  
static across hardware reconfigurations while ifcfg files are meant to  
be modified to suit your current configuration.

Use HWADDR="00:1b:21:4d:c3:e8" in the ifcfg files along with NAME=eth0  
for eth0 and so on.

modprobe.conf associates an alias with a driver, and the ifcfg files  
associate a MAC address with an alias.

Also for CentOS 5 you can specify the bonding interface options in the  
ifcfg files (so you can have varying types of bonded interfaces) with  
MODPROBE_OPTIONS="".

-Ross



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SNAT question

[Peter Peltonen]

Hi,

On Mon, Nov 23, 2009 at 4:15 PM, Giovanni Tirloni  wrote:
> On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen
>  wrote:
>> Hi,
>>
>> I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and 
>> iptables.
>>
>> I have the following setup:
>>
>> eth0: connects to internet with static public IP 1.2.3.1 (obscured
>> here for privacy)
>> eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for 
>> privacy)
>> eth2: connects to LAN with static private IP 192.168.0.1
>>
>> Traffic to hosts in the DMZ/Internet through eth0/1 work fine.
>>
>> I tried masqueradig the LAN with following:
>>
>> ptables -A FORWARD -i eth2 -j ACCEPT
>> iptables -A FORWARD -o eth2 -j ACCEPT
>> iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT
>> --to-source 1.2.3.1
>>
>> After this I can ssh to a server in the Internet from the LAN using
>> the server's IP address but not its name. The w command on the server
>> tells me that my address has not been masqueraded (its 192.168.0.2,
>> the LAN client's private IP).
>
> If you can ssh to a server on the Internet then your connectivity is
> working.  You might want to check if DNS is allowed and working from
> the LAN hosts to the Internet.
>
> The fact that 'w' shows your internal IP address is because you're
> connecting from the LAN to the gateway, which doesn't trigger the SNAT
> because it's not forwarding any packets... only accepting your
> connection.

Hmm,I am SSHing not to the gateway but to a server in the Internet, so
shouldn't it masquerade the address and w show the gateway's IP and
not the client's -- isn't this the whole point of the SNAT?

No other service than SSH seems to work. If I do "telnet mydnsip 53"
there is no response, it just hangs. I also have correct DNS in
/etc/resolv.conf.

Best,
Peter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] APIC error on CPU0: 00(60)

[John R Pierce]

Andrey Garkin wrote:
> Hi All!
>
> I have a some problem:
>
> On the my motherboard Intel DG45NB with Processor Box  Intel Core 2 Duo  
> E6300 , i see in the  dmesg(log file):
> dmesg | grep CPU0
> APIC error on CPU0: 00(60)
> or the sometime:
> dmesg | grep CPU1
> APIC error on CPU1: 00(60)
>
>
> How can I fix this problem??? This Bug is my motherboard or the kernel???
> The system good working is uptime... Without reboot...
> Other error in the log file - not found.
> My kernel 2.6.18-164.6.1.el5
> My system CentOS 5.4...
>   



usual fix is to upgrade the BIOS on the board.   I don't see a DG45NB on 
Intel's site, rather, a DG43NB.   Latest BIOS for that board is 
NBG4310H.86A 0098 here,  
http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18145&ProdId=2979&=eng
 




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Logo origin

[Stephen John Smoogen]

On Mon, Nov 23, 2009 at 4:02 AM, Geerd-Dietger Hoffmann
 wrote:
> Hello
>
> I was just asked what the logo means and I had to admit that I really
> had no idea, as it was chosen way before my time. Can someone please
> enlighten me about the logo. I have tried google but nothing really
> came up :)
>
> Some pointers would be very helpful.

The logo was found on an ancient stone. It was thought to ward off Old
Ones like Cthulhu and such but just made the developers insaner. It
was later discovered to be based on an ancient symbol of Chaos which
explained its uselessness against Old One's who guard the secrets of
anaconda and rpm.

http://en.wikipedia.org/wiki/Symbol_of_Chaos


> Cheers Didi
>
> --
>
> My www page: www.ribalba.de
> Email / Jabber: riba...@gmail.com
> Skype : ribalba
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Recommend Mail Server

[Susan Day]

Hi;
I don't want sendmail. What's a good secure email server that I can yum? I
really only need smtp right now, but who knows what the future will bring?
TIA,
Suzie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Dhiraj Chatpar]

Postfix.. Check it out at http://www.postfix.org. Its very powerful and is
the future of mailing.

Rgds
Dhiraj


Charles de 
Gaulle
- "The better I get to know men, the more I find myself loving dogs."

On Mon, Nov 23, 2009 at 21:15, Susan Day  wrote:

> Hi;
> I don't want sendmail. What's a good secure email server that I can yum? I
> really only need smtp right now, but who knows what the future will bring?
> TIA,
> Suzie
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Kaplan, Andrew H.]

Hi there --
 
The postfix e-mail server is one possibility. 



From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Susan Day
Sent: Monday, November 23, 2009 10:45 AM
To: CentOS mailing list
Subject: [CentOS] Recommend Mail Server


Hi;
I don't want sendmail. What's a good secure email server that I can yum? I
really only need smtp right now, but who knows what the future will bring?
TIA,
Suzie



The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Eero Volotinen]

Susan Day wrote:
> Hi;
> I don't want sendmail. What's a good secure email server that I can yum? 
> I really only need smtp right now, but who knows what the future will bring?

Postfix

--
Eero,
RHCE
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[John R Pierce]

Susan Day wrote:
> Hi;
> I don't want sendmail. What's a good secure email server that I can 
> yum? I really only need smtp right now, but who knows what the future 
> will bring?

SMTP only provides for relaying mail.a mail server typically needs 
a  MTA (message transfer agent, smtp such as sendmail, postfix), a MDA 
(message delivery agent, such as procmail), and a MUA (message user 
agent, such as POP, IMAP, and various local unix mail readers).

any mail server is only as secure as you configure it. the usual 
alternative to sendmail is postfix, which many people find simpler to 
configure than sendmail.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bash variable expansion moment

[Philip Gwyn]

On 16-Nov-2009 ken wrote:
> On 11/15/2009 06:32 PM Stephen Harris wrote:
>> On Sun, Nov 15, 2009 at 06:21:40PM -0500, ken wrote:
>> 
 
>> 
>> echo This is line "${BASH_LINENO[0]}" $@
>> 
>>   
> 
> That's all I needed.  Thanks.

You might also want to check out bash's built in `caller` command.

-Philip

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[zeroironhack]

See sendmail, postfix, Exim, qmail, dovecot, cyrus, Zimbra all related
mail world.

regards,
Santiago N.



El lun, 23-11-2009 a las 08:55 -0800, John R Pierce escribió:
> Susan Day wrote:
> > Hi;
> > I don't want sendmail. What's a good secure email server that I can 
> > yum? I really only need smtp right now, but who knows what the future 
> > will bring?
> 
> SMTP only provides for relaying mail.a mail server typically needs 
> a  MTA (message transfer agent, smtp such as sendmail, postfix), a MDA 
> (message delivery agent, such as procmail), and a MUA (message user 
> agent, such as POP, IMAP, and various local unix mail readers).
> 
> any mail server is only as secure as you configure it. the usual 
> alternative to sendmail is postfix, which many people find simpler to 
> configure than sendmail.
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Ron Loftin]

On Mon, 2009-11-23 at 10:45 -0500, Susan Day wrote:
> Hi;
> I don't want sendmail. What's a good secure email server that I can
> yum? I really only need smtp right now, but who knows what the future
> will bring?

As others have already suggested, consider Postfix.

I'm putting in my $0.02(US) so I can add my experience when I first had
a need for a decent MTA.  I had used Sendmail in the past, but I didn't
want to fight with the arcane syntax of the config files, and at that
time the add-on management tools and scripts were not nearly as friendly
to a beginner.

When Postfix was suggested to me, I started reading the docs on their
Web site, and discovered that the learning curve is nowhere near as
steep as it is with Sendmail.  So far, Postfix has done everything I
have needed, and with a LOT less pain.

As always, YMMV.

> TIA,
> Suzie
> ___

-- 
Ron Loftin  relof...@twcny.rr.com

"God, root, what is difference ?"   Piter from UserFriendly

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-DS Configuration/Setup Issue

[gene . poole]

All,

Thanks for all of the input!

Actually, I fixed the issue by using a single yum command:

yum -y reinstall centos-ds*

It seems that I was using my laptop to work on my server via putty and 
something 'broke'  which caused the original install to have issues.  But, 
the above command corrected all of the dependencies and other issues.

All is working fine now!

One last question:  Where can I find a definitive how to on creating a 
LDIF file?

Thanks,
Gene Poole




From:
Gene Poole/MST/MACYS
To:
CentOS@centos.org
Date:
11/20/2009 09:49 AM
Subject:
CentOS-DS Configuration/Setup Issue


All,

I'm running CentOS 5.4 and I've installed the CentOS Directory Server by 
running yum -y install centos-ds* without any errors.  But as soon as I 
attempt to run the setup I get the following:

[r...@jpdsys3 ~]# /usr/sbin/setup-ds-admin.pl
Can't locate Setup.pm in @INC (@INC contains: /usr/lib64/dirsrv/perl 
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi 
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl 
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) 
at /usr/sbin/setup-ds-admin.pl line 24.
BEGIN failed--compilation aborted at /usr/sbin/setup-ds-admin.pl line 24.

How can I find out what's missing?

Thanks,
Gene Poole

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Gilbert Sebenste]

On Mon, 23 Nov 2009, Ron Loftin wrote:

> As others have already suggested, consider Postfix.
>
> I'm putting in my $0.02(US) so I can add my experience when I first had
> a need for a decent MTA.  I had used Sendmail in the past, but I didn't
> want to fight with the arcane syntax of the config files, and at that
> time the add-on management tools and scripts were not nearly as friendly
> to a beginner.
>
> When Postfix was suggested to me, I started reading the docs on their
> Web site, and discovered that the learning curve is nowhere near as
> steep as it is with Sendmail.  So far, Postfix has done everything I
> have needed, and with a LOT less pain.
>
> As always, YMMV.

+1. Let me throw in something else. If youa re sending more than one email 
at a time (to more than one person simultaneously), Postfix will beat 
Sendmail. It can handle high loads better than Sendmail as well. Is it the 
fastest MTA out there? Doing some Google Fu some time ago, it's right 
there with the very fastest ones. For my job, I need to send out emergency 
notifications to 400 people at once. With Sendmail, that took over 7 
minutes. With Postfix, that takes seconds, and mostly because of the 
"handshaking" with the downstream host. If it's fast, I haven't even got 
time to send the message, get to a command prompt and type "mailq" and see 
it leaving the outbox queue...because it is already gone!

Gilbert

***
Gilbert Sebenste 
(My opinions only!)  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Timo Schoeler]

thus Susan Day spake:
> Hi;
> I don't want sendmail. What's a good secure email server that I can yum?
> I really only need smtp right now, but who knows what the future will bring?
> TIA,
> Suzie

postfix rocks. :)

HTH,

Timo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Timo Schoeler]

>> As others have already suggested, consider Postfix.
>>
>> I'm putting in my $0.02(US) so I can add my experience when I first had
>> a need for a decent MTA.  I had used Sendmail in the past, but I didn't
>> want to fight with the arcane syntax of the config files, and at that
>> time the add-on management tools and scripts were not nearly as friendly
>> to a beginner.
>>
>> When Postfix was suggested to me, I started reading the docs on their
>> Web site, and discovered that the learning curve is nowhere near as
>> steep as it is with Sendmail.  So far, Postfix has done everything I
>> have needed, and with a LOT less pain.
>>
>> As always, YMMV.
>
> +1. Let me throw in something else. If youa re sending more than one email
> at a time (to more than one person simultaneously), Postfix will beat
> Sendmail. It can handle high loads better than Sendmail as well. Is it the
> fastest MTA out there? Doing some Google Fu some time ago, it's right
> there with the very fastest ones. For my job, I need to send out emergency
> notifications to 400 people at once. With Sendmail, that took over 7
> minutes. With Postfix, that takes seconds, and mostly because of the
> "handshaking" with the downstream host. If it's fast, I haven't even got
> time to send the message, get to a command prompt and type "mailq" and see
> it leaving the outbox queue...because it is already gone!
>
> Gilbert

I can second this; having deployed a bunch of mailing list servers 
myself, I can tell postfix is _very_ efficient. One can tweak it even 
further using multiple instances [0], thusly each 'tuneable' to special 
purposes (e.g., serving mailing lists).

exim [1] also is very powerful and on some topics even more 
configureable, but IMHO not as easily implemented as postfix and, due to 
it's design, not as efficient.

[0] -- http://www.postfix.org/MULTI_INSTANCE_README.html

[1] -- http://exim.org/

> ***
> Gilbert Sebenste 
> (My opinions only!)  **
> ***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Susan Day]

On Mon, Nov 23, 2009 at 11:55 AM, John R Pierce  wrote:

> Susan Day wrote:
> > Hi;
> > I don't want sendmail. What's a good secure email server that I can
> > yum? I really only need smtp right now, but who knows what the future
> > will bring?
>
> SMTP only provides for relaying mail.a mail server typically needs
> a  MTA (message transfer agent, smtp such as sendmail, postfix), a MDA
> (message delivery agent, such as procmail), and a MUA (message user
> agent, such as POP, IMAP, and various local unix mail readers).
>
> any mail server is only as secure as you configure it. the usual
> alternative to sendmail is postfix, which many people find simpler to
> configure than sendmail.
>

Thanks!
Suzie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Gilbert Sebenste wrote:
> On Mon, 23 Nov 2009, Ron Loftin wrote:
> 
>> As others have already suggested, consider Postfix.
>>
>> I'm putting in my $0.02(US) so I can add my experience when I first had
>> a need for a decent MTA.  I had used Sendmail in the past, but I didn't
>> want to fight with the arcane syntax of the config files, and at that
>> time the add-on management tools and scripts were not nearly as friendly
>> to a beginner.
>>
>> When Postfix was suggested to me, I started reading the docs on their
>> Web site, and discovered that the learning curve is nowhere near as
>> steep as it is with Sendmail.  So far, Postfix has done everything I
>> have needed, and with a LOT less pain.
>>
>> As always, YMMV.
> 
> +1. Let me throw in something else. If youa re sending more than one email 
> at a time (to more than one person simultaneously), Postfix will beat 
> Sendmail. It can handle high loads better than Sendmail as well. Is it the 
> fastest MTA out there? Doing some Google Fu some time ago, it's right 
> there with the very fastest ones. For my job, I need to send out emergency 
> notifications to 400 people at once. With Sendmail, that took over 7 
> minutes.

That doesn't make any sense unless you have a backed up queue with at 
least many thousands of messages - in which case you should tune 
sendmail to use multiple queue directories.

> With Postfix, that takes seconds, and mostly because of the 
> "handshaking" with the downstream host.

SMTP handshaking has to follow standards.  The difference must really be 
in DNS lookup time.  Sendmail does several more DNS lookups per delivery 
than postfix, but unless something is broken, DNS should be fast and 
certainly shouldn't account for 7 minutes on 400 messages.

> If it's fast, I haven't even got 
> time to send the message, get to a command prompt and type "mailq" and see 
> it leaving the outbox queue...because it is already gone!

That should be the same for sendmail.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Susan Day wrote:
> Hi;
> I don't want sendmail. What's a good secure email server that I can yum? 
> I really only need smtp right now, but who knows what the future will bring?


Postfix is probably a reasonable choice, but I'm curious as to how you 
reached the decision that you don't want to use the standard, 
mostly-preconfigured tool without already knowing anything about the 
other choices.  Sendmail may have a long history of exploits back in the 
day with it was monolithic and ran as root, but now it is probably the 
most carefully audited piece of code shipped in the distribution.  The 
milter interface developed for sendmail (and now also implemented in 
postfix) lets you add functionality that wasn't designed in, so it is 
hard to imagine a mail job or environment that either couldn't handle.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Via EPIA m10000 Nemehiah

[Ben Mohilef]

> I dont seem to have any problems ( use this machine as a cheap h/w
> random number generator, so its always under load ~ 1 )
> 

Same board, same model.  Thanks for the information.

This looked and felt like an acpi induced problem. I discovered that acpid was 
turned on for some 
reason, so I turned off the acpid daemon and it has behaved well for the last 
day.  Are you booting 
yours with acpi=off  as well  ??

Thanks again. 

regards,

benm


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Drew]

I know everyone else has said it but postfix is a great replacement
for sendmail.

Another tool I've found that I like is ssmtp. It's not a replacement
for sendmail/postfix by any stretch but if you want a simple down &
dirty tool to send email from an internal server to your main email
server it's good. I use it on a server at home and on test rigs at
work for emailing results of cron jobs to my own account. Don't know
if it's available in yum as I haven't used it on a CentOS box yet.


-- 
Drew

"Nothing in life is to be feared. It is only to be understood."
--Marie Curie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Is there a CentOS selinux mailing list?

[m . roth]

The subject says it all. I've still got that irritating problem of selinux
complaining with smagent writing to its own logfile, and as I mentioned
here, weeks ago, I've done everything that sealert says, a number of
times, and it didn't fix it, and I've determined that it's clearly an
error handling failure of selinux.

So, I'm hoping to find someone else who's run into the same thing

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Gilbert Sebenste]

Hello all,

As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network 
switch. The switch detects it, but it only shows that it is giving me 100 
mb/sec throughput. That card is rated for 1 GB...is there a way to force 
it to try to use 1 GB/sec? System-config-network isn't helping me here.

Thanks for any help!

***
Gilbert Sebenste 
(My opinions only!)  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Eero Volotinen]

Gilbert Sebenste wrote:
> Hello all,
> 
> As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network 
> switch. The switch detects it, but it only shows that it is giving me 100 
> mb/sec throughput. That card is rated for 1 GB...is there a way to force 
> it to try to use 1 GB/sec? System-config-network isn't helping me here.

Check using ethtool that it is really connected with 1GB. Anyway, lot of 
stuff like harddisk affects speed of line.

You need enought fast harddisks (possibly with raid) to saturate full 
1GB line .. on both ends..

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Les Mikesell]

Gilbert Sebenste wrote:
> Hello all,
> 
> As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network 
> switch. The switch detects it, but it only shows that it is giving me 100 
> mb/sec throughput. That card is rated for 1 GB...is there a way to force 
> it to try to use 1 GB/sec? System-config-network isn't helping me here.

Does ethtool say it is running at 1Gb?  What is the source of the data? 
  Many things can't generate much more than 100Mb, especially going too 
or from a disk.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Craig White]

On Mon, 2009-11-23 at 10:45 -0500, Susan Day wrote:
> Hi;
> I don't want sendmail. What's a good secure email server that I can
> yum? I really only need smtp right now, but who knows what the future
> will bring?
> TIA,

as root...

yum install postfix system-switch-mail
# edit /etc/postfix/main.conf
system-switch-mail # choose postfix, confirm
# done

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a CentOS selinux mailing list?

[Craig White]

On Mon, 2009-11-23 at 11:01 -0700, m.r...@5-cent.us wrote:
> The subject says it all. I've still got that irritating problem of selinux
> complaining with smagent writing to its own logfile, and as I mentioned
> here, weeks ago, I've done everything that sealert says, a number of
> times, and it didn't fix it, and I've determined that it's clearly an
> error handling failure of selinux.
> 
> So, I'm hoping to find someone else who's run into the same thing

the problem with sealert's is that the paths are relative so just
running the command without doing a 'cd /path/affected/by/selinux/'
doesn't actually work.

to specifically answer your question, no, I don't know of a specific
CentOS-SELinux list but the general SELinux list is certainly all you
need...

https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Susan Day]

On Mon, Nov 23, 2009 at 1:23 PM, Craig White  wrote:

> yum install postfix system-switch-mail
> # edit /etc/postfix/main.conf
> system-switch-mail # choose postfix, confirm
> # done
>

Craig, I stopped qmail, which I had installed outside of yum, turning off
sendmail first, then I just did a yum install postfix and (I believe)
/etc/init.d/postfix start or some such and it's sending email. All well, or
should I do a yum remove postfix and then your commands?
TIA,
Suzie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a CentOS selinux mailing list?

[m . roth]

> On Mon, 2009-11-23 at 11:01 -0700, m.r...@5-cent.us wrote:
>> The subject says it all. I've still got that irritating problem of
>> selinux
>> complaining with smagent writing to its own logfile, and as I mentioned
>> here, weeks ago, I've done everything that sealert says, a number of
>> times, and it didn't fix it, and I've determined that it's clearly an
>> error handling failure of selinux.
>>
>> So, I'm hoping to find someone else who's run into the same thing
> 
> the problem with sealert's is that the paths are relative so just
> running the command without doing a 'cd /path/affected/by/selinux/'
> doesn't actually work.

Wait - you mean I have to cd to /var/log/httpd, to run setsebool
httpd_unified on? That makes no sense.

And I made the roles, etc, as close as I could, both on smagent and on its
log file.
>
> to specifically answer your question, no, I don't know of a specific
> CentOS-SELinux list but the general SELinux list is certainly all you
> need...
>
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Ah, ok, that's what I want, then. I looked over to selinux's site, and all
they have is a developers' list, which is not who I should bother.

Thanks!

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a CentOS selinux mailing list?

[Craig White]

On Mon, 2009-11-23 at 11:41 -0700, m.r...@5-cent.us wrote:
> > On Mon, 2009-11-23 at 11:01 -0700, m.r...@5-cent.us wrote:
> >> The subject says it all. I've still got that irritating problem of
> >> selinux
> >> complaining with smagent writing to its own logfile, and as I mentioned
> >> here, weeks ago, I've done everything that sealert says, a number of
> >> times, and it didn't fix it, and I've determined that it's clearly an
> >> error handling failure of selinux.
> >>
> >> So, I'm hoping to find someone else who's run into the same thing
> > 
> > the problem with sealert's is that the paths are relative so just
> > running the command without doing a 'cd /path/affected/by/selinux/'
> > doesn't actually work.
> 
> Wait - you mean I have to cd to /var/log/httpd, to run setsebool
> httpd_unified on? That makes no sense.
> 
> And I made the roles, etc, as close as I could, both on smagent and on its
> log file.

No, for setsebool, it's just a boolean policy and of course switching
the pwd is meaningless but for setting file contexts, it's very
meaningful...sorry for the lack of clarity.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Craig White]

On Mon, 2009-11-23 at 13:30 -0500, Susan Day wrote:
> 
> On Mon, Nov 23, 2009 at 1:23 PM, Craig White 
> wrote:
> yum install postfix system-switch-mail
> # edit /etc/postfix/main.conf
> system-switch-mail # choose postfix, confirm
> # done
> 
> Craig, I stopped qmail, which I had installed outside of yum, turning
> off sendmail first, then I just did a yum install postfix and (I
> believe) /etc/init.d/postfix start or some such and it's sending
> email. All well, or should I do a yum remove postfix and then your
> commands?

No but you need to do this then...

chkconfig postfix on
chkconfig sendmail off

and if there is some mechanism for starting qmail on startup, you will
have to disable it...perhaps there is a sysv initscript that you can
discover here...

chkconfig --list

Craig



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Microsoft .mdb files in Open office

[linux-crazy]

Hi,

  Is there is anyway to Open Microsoft .mdb files in open office on
Centos 5.3 ?

Thanks
 linux
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Susan Day]

On Mon, Nov 23, 2009 at 1:46 PM, Craig White  wrote:

> No but you need to do this then...
>
> chkconfig postfix on
> chkconfig sendmail off
>
> and if there is some mechanism for starting qmail on startup, you will
> have to disable it...perhaps there is a sysv initscript that you can
> discover here...
>
> chkconfig --list
>

Thanks!
Suzie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Robert Moskowitz]

Susan Day wrote:
> Hi;
> I don't want sendmail. What's a good secure email server that I can 
> yum? I really only need smtp right now, but who knows what the future 
> will bring?

See my slightly prior post on:  Re: [CentOS] 
smtp+pop3+imap+tls+webmail+anti spam+anti virus

It points you to:  
http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10

Now granted this is for FC10, but I suspect it would be easy to fit into 
Centos.

Also the patch to Postfix is for quota support.  If you don't need 
quotas, you canprobably skip that part.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Gilbert Sebenste]

On Mon, 23 Nov 2009, Les Mikesell wrote:

> Gilbert Sebenste wrote:
>> Hello all,
>>
>> As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network
>> switch. The switch detects it, but it only shows that it is giving me 100
>> mb/sec throughput. That card is rated for 1 GB...is there a way to force
>> it to try to use 1 GB/sec? System-config-network isn't helping me here.
>
> Does ethtool say it is running at 1Gb?  What is the source of the data?
>  Many things can't generate much more than 100Mb, especially going too
> or from a disk.

Nope, it says at 100 mb. I wonder why? Yep, I know I can only probably go 
somewhat faster, but it would be nice. Here's ethtool's output before I
did something below...

ethtool eth0
Settings for eth0:
 Supported ports: [ TP ]
 Supported link modes:   10baseT/Half 10baseT/Full
 100baseT/Half 100baseT/Full
 1000baseT/Full
 Supports auto-negotiation: Yes
 Advertised link modes:  10baseT/Half 10baseT/Full
 100baseT/Half 100baseT/Full
 1000baseT/Full
 Advertised auto-negotiation: Yes
 Speed: 100Mb/s
 Duplex: Full
 Port: Twisted Pair
 PHYAD: 0
 Transceiver: internal
 Auto-negotiation: on
 Supports Wake-on: g
 Wake-on: d
 Current message level: 0x0037 (55)
 Link detected: yes


But then I tried this. Typing:

ethtool --change eth0 speed 1000 duplex full autoneg on

DID work! But I wonder why it didn't pick up on that automagically.

ethtool eth0
Settings for eth0:
 Supported ports: [ TP ]
 Supported link modes:   10baseT/Half 10baseT/Full
 100baseT/Half 100baseT/Full
 1000baseT/Full
 Supports auto-negotiation: Yes
 Advertised link modes:  10baseT/Half 10baseT/Full
 100baseT/Half 100baseT/Full
 1000baseT/Full
 Advertised auto-negotiation: Yes
 Speed: 1000Mb/s
 Duplex: Full
 Port: Twisted Pair
 PHYAD: 0
 Transceiver: internal
 Auto-negotiation: on
 Supports Wake-on: g
 Wake-on: d
 Current message level: 0x0037 (55)
 Link detected: yes

And thanks, Les, for the ethtool reminder/tip!

***
Gilbert Sebenste 
(My opinions only!)  **
Staff Meteorologist, Northern Illinois University  
E-mail: seben...@weather.admin.niu.edu  ***
web: http://weather.admin.niu.edu  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Eero Volotinen]

Susan Day wrote:
> On Mon, Nov 23, 2009 at 1:46 PM, Craig White  > wrote:
> 
> No but you need to do this then...
> 
> chkconfig postfix on
> chkconfig sendmail off
> 
> and if there is some mechanism for starting qmail on startup, you will
> have to disable it...perhaps there is a sysv initscript that you can

qmail usually uses daemon-tools. check supervise man page.

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[fred smith]

On Mon, Nov 23, 2009 at 08:55:38AM -0800, John R Pierce wrote:
> Susan Day wrote:
> > Hi;
> > I don't want sendmail. What's a good secure email server that I can 
> > yum? I really only need smtp right now, but who knows what the future 
> > will bring?
> 
> SMTP only provides for relaying mail.a mail server typically needs 
> a  MTA (message transfer agent, smtp such as sendmail, postfix), a MDA 
> (message delivery agent, such as procmail), and a MUA (message user 
> agent, such as POP, IMAP, and various local unix mail readers).
> 
> any mail server is only as secure as you configure it. the usual 
> alternative to sendmail is postfix, which many people find simpler to 
> configure than sendmail.

:)
but then what ISN'T simpler to configure than sendmail?
:)


-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us  
Do you not know? Have you not heard? 
The LORD is the everlasting God, the Creator of the ends of the earth. 
  He will not grow tired or weary, and his understanding no one can fathom.
- Isaiah 40:28 (niv) -
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Microsoft .mdb files in Open office

[cornel panceac]

2009/11/23 linux-crazy 

> Hi,
>
>  Is there is anyway to Open Microsoft .mdb files in open office on
> Centos 5.3 ?
>
> Thanks
>  linux
> _
>
> try mdbtools:
http://sourceforge.net/projects/mdbtools/files/



-- 
Linux counter #213090
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Microsoft .mdb files in Open office

[Les Mikesell]

linux-crazy wrote:
> Hi,
> 
>   Is there is anyway to Open Microsoft .mdb files in open office on
> Centos 5.3 ?

Short of running Access under wine or a virtual machine with windows, I 
don't think so.  Depending on your usage, it might be feasible to 
convert the tables to a postgresql or mysql database that could 
subsequently be accessed from access and common linux tools, even 
simultaneously.  There might be some convoluted ways to access them 
through a proxy to a running windows program if it is always available.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Les Mikesell]

Gilbert Sebenste wrote:
> 
>>>
>>> As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network
>>> switch. The switch detects it, but it only shows that it is giving me 100
>>> mb/sec throughput. That card is rated for 1 GB...is there a way to force
>>> it to try to use 1 GB/sec? System-config-network isn't helping me here.
>> Does ethtool say it is running at 1Gb?  What is the source of the data?
>>  Many things can't generate much more than 100Mb, especially going too
>> or from a disk.
> 
> Nope, it says at 100 mb. I wonder why? Yep, I know I can only probably go 
> somewhat faster, but it would be nice. Here's ethtool's output before I
> did something below...
> 
> ethtool eth0
> Settings for eth0:
>  Supported ports: [ TP ]
>  Supported link modes:   10baseT/Half 10baseT/Full
>  100baseT/Half 100baseT/Full
>  1000baseT/Full
>  Supports auto-negotiation: Yes
>  Advertised link modes:  10baseT/Half 10baseT/Full
>  100baseT/Half 100baseT/Full
>  1000baseT/Full
>  Advertised auto-negotiation: Yes
>  Speed: 100Mb/s

I'd expect that to mean that it was connected to a 100Mb switch port or 
a managed switch configured to force 100Mb.

> 
> But then I tried this. Typing:
> 
> ethtool --change eth0 speed 1000 duplex full autoneg on
> 
> DID work! But I wonder why it didn't pick up on that automagically.

But then that wouldn't have worked either.

> And thanks, Les, for the ethtool reminder/tip!

Mii-tool does some of the same things but won't show/force 1000BaseT. 
Also, you can put ETHTOOL_OPTS=... in your ifcfg-eth? files if you need 
to force something odd.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Eero Volotinen]

>> ethtool eth0
>> Settings for eth0:
>>  Supported ports: [ TP ]
>>  Supported link modes:   10baseT/Half 10baseT/Full
>>  100baseT/Half 100baseT/Full
>>  1000baseT/Full
>>  Supports auto-negotiation: Yes
>>  Advertised link modes:  10baseT/Half 10baseT/Full
>>  100baseT/Half 100baseT/Full
>>  1000baseT/Full
>>  Advertised auto-negotiation: Yes
>>  Speed: 100Mb/s
> 
> I'd expect that to mean that it was connected to a 100Mb switch port or 
> a managed switch configured to force 100Mb.
> 
>> But then I tried this. Typing:
>>
>> ethtool --change eth0 speed 1000 duplex full autoneg on
>>
>> DID work! But I wonder why it didn't pick up on that automagically.
> 
> But then that wouldn't have worked either.
> 
>> And thanks, Les, for the ethtool reminder/tip!
> 
> Mii-tool does some of the same things but won't show/force 1000BaseT. 
> Also, you can put ETHTOOL_OPTS=... in your ifcfg-eth? files if you need 
> to force something odd.
> 

Are you using cat 5e or cat 6 (gigabit certified) cable?

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Gilbert Sebenste]

On Mon, 23 Nov 2009, Les Mikesell wrote:

> I'd expect that to mean that it was connected to a 100Mb switch port or
> a managed switch configured to force 100Mb.

Managed switch, yes.

>> But then I tried this. Typing:
>>
>> ethtool --change eth0 speed 1000 duplex full autoneg on
>>
>> DID work! But I wonder why it didn't pick up on that automagically.
>
> But then that wouldn't have worked either.

Hmmm. Why not? It did on my other servers.

> Mii-tool does some of the same things but won't show/force 1000BaseT.
> Also, you can put ETHTOOL_OPTS=... in your ifcfg-eth? files if you need
> to force something odd.

Great! Thanks for the tips. Take care.

***
Gilbert Sebenste 
(My opinions only!)  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Gilbert Sebenste]

On Mon, 23 Nov 2009, Eero Volotinen wrote:

> Are you using cat 5e or cat 6 (gigabit certified) cable?

Yes.

***
Gilbert Sebenste 
(My opinions only!)  **
Staff Meteorologist, Northern Illinois University  
E-mail: seben...@weather.admin.niu.edu  ***
web: http://weather.admin.niu.edu  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[John R. Dennison]

On Mon, Nov 23, 2009 at 01:59:40PM -0500, Robert Moskowitz wrote:
> 
> It points you to:  
> http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10
> 
> Now granted this is for FC10, but I suspect it would be easy to fit into 
> Centos.

Please, for the love of god and country, do not follow garbage
like this.  Under "1. Preliminary Note" is this text:

"You should make sure that the firewall is off (at least for
now) and that SELinux is disabled (this is important!)".  

Documents that advocate disabling SELinux should be tossed
in a pile and set on fire.  Documents that tell you to
disable your firewall with no mention in the remaining
portion of the document to reenable it post install or
how to properly configure it should join the burn pile.

Howtoforge, while perhaps useful for *something* at *some*
point in time, more often than not provides information
which will either break your system outright or lead to
tears and suffering before bedtime.




John

-- 
When there are too many policemen, there can be no liberty.  When there are
too many soldiers, there can be no peace.  When there are too many lawyers,
there can be no justice.

-- Lin Yutang (10 October 1895 - 26 March 1976), Chinese writer and translator,
as quoted in Alexander, James (2005). The World's Funniest Laws. Cheam: Crombie
Jardine. pp. page 6


pgpOxz2DLLVXs.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Gilbert Sebenste]

On Mon, 23 Nov 2009, Gilbert Sebenste wrote:

> On Mon, 23 Nov 2009, Les Mikesell wrote:
>
>> I'd expect that to mean that it was connected to a 100Mb switch port or
>> a managed switch configured to force 100Mb.
>
> Managed switch, yes.

D'oh! make that unmanaged switch, sorry.

***
Gilbert Sebenste 
(My opinions only!)  **
Staff Meteorologist, Northern Illinois University  
E-mail: seben...@weather.admin.niu.edu  ***
web: http://weather.admin.niu.edu  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

fred smith wrote:
> On Mon, Nov 23, 2009 at 08:55:38AM -0800, John R Pierce wrote:
>> Susan Day wrote:
>>> Hi;
>>> I don't want sendmail. What's a good secure email server that I can 
>>> yum? I really only need smtp right now, but who knows what the future 
>>> will bring?
>> SMTP only provides for relaying mail.a mail server typically needs 
>> a  MTA (message transfer agent, smtp such as sendmail, postfix), a MDA 
>> (message delivery agent, such as procmail), and a MUA (message user 
>> agent, such as POP, IMAP, and various local unix mail readers).
>>
>> any mail server is only as secure as you configure it. the usual 
>> alternative to sendmail is postfix, which many people find simpler to 
>> configure than sendmail.
> 
> :)
> but then what ISN'T simpler to configure than sendmail?
> :)

Hardly anything, given that it is almost completely done for you in the 
supplied /etc/mail/sendmail.mc file.  You just have to fix the 
intentionally-borked DAEMON_OPTIONS if you want to receive outside mail, 
fill in SMART_HOST if you'd like another machine to relay for you, and 
add entries in the access file for networks you want to relay for. And 
restarting the sendmail service will do the updates you need after 
changing these files.

Beyond that, you'd probably want to add a milter like MimeDefang so you 
can do anything complex and non-standard in perl.

-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Craig White]

On Mon, 2009-11-23 at 13:25 -0600, Les Mikesell wrote:
> fred smith wrote:
> > On Mon, Nov 23, 2009 at 08:55:38AM -0800, John R Pierce wrote:
> >> Susan Day wrote:
> >>> Hi;
> >>> I don't want sendmail. What's a good secure email server that I can 
> >>> yum? I really only need smtp right now, but who knows what the future 
> >>> will bring?
> >> SMTP only provides for relaying mail.a mail server typically needs 
> >> a  MTA (message transfer agent, smtp such as sendmail, postfix), a MDA 
> >> (message delivery agent, such as procmail), and a MUA (message user 
> >> agent, such as POP, IMAP, and various local unix mail readers).
> >>
> >> any mail server is only as secure as you configure it. the usual 
> >> alternative to sendmail is postfix, which many people find simpler to 
> >> configure than sendmail.
> > 
> > :)
> > but then what ISN'T simpler to configure than sendmail?
> > :)
> 
> Hardly anything, given that it is almost completely done for you in the 
> supplied /etc/mail/sendmail.mc file.  You just have to fix the 
> intentionally-borked DAEMON_OPTIONS if you want to receive outside mail, 
> fill in SMART_HOST if you'd like another machine to relay for you, and 
> add entries in the access file for networks you want to relay for. And 
> restarting the sendmail service will do the updates you need after 
> changing these files.

This reminds me of the Woody Allen movie where they asked the couple,
how often they had sex and the man said, "hardly ever, maybe only twice
a week" and the woman said "it seems like all of the time...maybe twice
a week"

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[nate]

Gilbert Sebenste wrote:
> Hello all,
>
> As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network
> switch. The switch detects it, but it only shows that it is giving me 100
> mb/sec throughput. That card is rated for 1 GB...is there a way to force
> it to try to use 1 GB/sec? System-config-network isn't helping me here.
>

What kind of switch? many/most? NICs will often set the speed to 100
or 10Mbps if they can't auto negotiate the connection

Check the switch config to make sure that it's not trying to force
the connection to some lower speed.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Robert Moskowitz]

John R. Dennison wrote:
> On Mon, Nov 23, 2009 at 01:59:40PM -0500, Robert Moskowitz wrote:
>   
>> It points you to:  
>> http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10
>>
>> Now granted this is for FC10, but I suspect it would be easy to fit into 
>> Centos.
>> 
>
>   Please, for the love of god and country, do not follow garbage
>   like this.  Under "1. Preliminary Note" is this text:
>
>   "You should make sure that the firewall is off (at least for
>   now) and that SELinux is disabled (this is important!)".  
>
>   Documents that advocate disabling SELinux should be tossed
>   in a pile and set on fire.  Documents that tell you to
>   disable your firewall with no mention in the remaining
>   portion of the document to reenable it post install or
>   how to properly configure it should join the burn pile.
>   

Wow!  I never noticed that, just read right past that.  Thanks for the 
pointing that out.

I am working on the firewall setup for the Amahi work, so tend not to 
pay proper note to things like this.


>   Howtoforge, while perhaps useful for *something* at *some*
>   point in time, more often than not provides information
>   which will either break your system outright or lead to
>   tears and suffering before bedtime.
>
>
>
>
>   John
>
>   
> 
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch

[Gilbert Sebenste]

On Mon, 23 Nov 2009, nate wrote:

> What kind of switch? many/most? NICs will often set the speed to 100
> or 10Mbps if they can't auto negotiate the connection
>
> Check the switch config to make sure that it's not trying to force
> the connection to some lower speed.

I checked; it's not. All seems well. If it isn't, I'll back off and go 
back to 100 megs.

***
Gilbert Sebenste 
(My opinions only!)  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Via EPIA m10000 Nemehiah

[Karanbir Singh]

On 23/11/09 17:50, Ben Mohilef wrote:
> This looked and felt like an acpi induced problem. I discovered that acpid 
> was turned on for some
> reason, so I turned off the acpid daemon and it has behaved well for the last 
> day.  Are you booting
> yours with acpi=off  as well  ??

nope, just the straight kernel and initrd. nothing special in there.

this is actually quite a boring standard install with almost nothing 
changed on there from what is left behind by a minimal 5.1 install ( and 
its been updated nightly since then )

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Via EPIA m10000 Nemehiah

[Tim Nelson]

- "Karanbir Singh"  wrote:
> On 23/11/09 17:50, Ben Mohilef wrote:
> > This looked and felt like an acpi induced problem. I discovered that
> acpid was turned on for some
> > reason, so I turned off the acpid daemon and it has behaved well for
> the last day.  Are you booting
> > yours with acpi=off  as well  ??
> 
> nope, just the straight kernel and initrd. nothing special in there.
> 
> this is actually quite a boring standard install with almost nothing 
> changed on there from what is left behind by a minimal 5.1 install (
> and 
> its been updated nightly since then )
> 
> - KB

Is it possible you have an application that runs at odd times that is compiled 
for the wrong arch? IIRC the C3 is i586 compatible (almost i686 but missing 
something stupid like 'cmov' instruction). I've got a handful of C3 based 
systems in my personal lab and run into 'oddities' every now and then because 
of this...

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Via EPIA m10000 Nemehiah

[Karanbir Singh]

On 23/11/09 21:34, Tim Nelson wrote:

> Is it possible you have an application that runs at odd times that is 
> compiled for the wrong arch? IIRC the C3 is i586 compatible (almost i686 but 
> missing something stupid like 'cmov' instruction). I've got a handful of C3 
> based systems in my personal lab and run into 'oddities' every now and then 
> because of this...

The Nemehiah is a full i686, cmov etc included.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Via EPIA m10000 Nemehiah

[Tim Nelson]

- "Karanbir Singh"  wrote:
> On 23/11/09 21:34, Tim Nelson wrote:
> 
> > Is it possible you have an application that runs at odd times that
> is compiled for the wrong arch? IIRC the C3 is i586 compatible (almost
> i686 but missing something stupid like 'cmov' instruction). I've got a
> handful of C3 based systems in my personal lab and run into 'oddities'
> every now and then because of this...
> 
> The Nemehiah is a full i686, cmov etc included.
> 
> - KB

Ah yes... I'm thinking of the "Samuel 2" C3... different core. Thanks for the 
info.

--Tim
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS4 issue

[Giovanni Tirloni]

On Mon, Nov 23, 2009 at 3:00 AM, Philip Manuel  wrote:
>
>
> Philip Manuel wrote:
>> We are running kernel 2.6.18-164.6.1.el5 with exporting 3 aoe provided
>> ext4 directories. For a couple of weeks we had a small number of users
>> using the system with no issues, today we added 7 users and the system
>> crashed and did not perform correctly since.
>>
>> Nov 23 10:20:03 sulphur rpc.idmapd[5199]: nfsdcb: id '-2' too big!
>> Nov 23 10:42:25 sulphur nfsd[27306]: nfssvc: Setting version failed:
>> errno 16 (Device or resource busy)

Check your nfsnobody user and try changing its id to something below
65536, on client and server.

http://www.fedoraforum.org/forum/archive/index.php/t-134487.html

-- 
Giovanni.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS4 issue

[Philip Manuel]

That's a little confusing, does that mean all the clients need to change 
as well as the server ? Has no-one else hit this issue?  We are running 
all our clients and servers on x86_64.

Thanks

Phil

Giovanni Tirloni wrote:
> On Mon, Nov 23, 2009 at 3:00 AM, Philip Manuel  wrote:
>   
>> Philip Manuel wrote:
>> 
>>> We are running kernel 2.6.18-164.6.1.el5 with exporting 3 aoe provided
>>> ext4 directories. For a couple of weeks we had a small number of users
>>> using the system with no issues, today we added 7 users and the system
>>> crashed and did not perform correctly since.
>>>
>>> Nov 23 10:20:03 sulphur rpc.idmapd[5199]: nfsdcb: id '-2' too big!
>>> Nov 23 10:42:25 sulphur nfsd[27306]: nfssvc: Setting version failed:
>>> errno 16 (Device or resource busy)
>>>   
>
> Check your nfsnobody user and try changing its id to something below
> 65536, on client and server.
>
> http://www.fedoraforum.org/forum/archive/index.php/t-134487.html
>
>   
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Les Mikesell wrote:
> Susan Day wrote:
>   
>> Hi;
>> I don't want sendmail. What's a good secure email server that I can yum? 
>> I really only need smtp right now, but who knows what the future will bring?
>> 
>
>
> Postfix is probably a reasonable choice, but I'm curious as to how you 
> reached the decision that you don't want to use the standard, 
> mostly-preconfigured tool without already knowing anything about the 
> other choices.  Sendmail may have a long history of exploits back in the 
> day with it was monolithic and ran as root, but now it is probably the 
> most carefully audited piece of code shipped in the distribution.  The 
> milter interface developed for sendmail (and now also implemented in 
> postfix) lets you add functionality that wasn't designed in, so it is 
> hard to imagine a mail job or environment that either couldn't handle.
>
>   


I don't see sendmailX on Centos at the moment...do you? It is therefore 
still monolithic as far as Centos is concerned.

postfix comes with mysql/postgresql support and with connection pooling 
at that and which can be used directly in a lot of built-in features of 
postfix. Unless the supporting stuff in the milters are as efficient as 
what you can get in postfix, sendmail + milters might be hard pressed to 
handle some environments that postfix can.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Eero Volotinen wrote:
> Susan Day wrote:
>   
>> On Mon, Nov 23, 2009 at 1:46 PM, Craig White > > wrote:
>>
>> No but you need to do this then...
>>
>> chkconfig postfix on
>> chkconfig sendmail off
>>
>> and if there is some mechanism for starting qmail on startup, you will
>> have to disable it...perhaps there is a sysv initscript that you can
>> 
>
> qmail usually uses daemon-tools. check supervise man page.
>
>   

Just something like 'touch /service/qmail-smtpd/down' will keep qmail 
from receiving mail via smtp. The path may not necessarily be the same. 
Likewise 'touch /service/qmail-send/down' will keep qmail from running.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Susan Day wrote:
>
> On Mon, Nov 23, 2009 at 1:23 PM, Craig White  > wrote:
>
> yum install postfix system-switch-mail
> # edit /etc/postfix/main.conf
> system-switch-mail # choose postfix, confirm
> # done
>
>
> Craig, I stopped qmail, which I had installed outside of yum, turning 
> off sendmail first, then I just did a yum install postfix and (I 
> believe) /etc/init.d/postfix start or some such and it's sending 
> email. All well, or should I do a yum remove postfix and then your 
> commands?

What kind of email is it sending? Email accepted via smtp? What about 
system generated mail? Check that the symlinks are not still pointing to 
qmail. ls -l /usr/sbin/sendmail, ls -l /usr/lib/sendmail. If both these 
are pointing to something under /etc/alternatives then check those 
symlinks in /etc/alternatives. (mta-mailq, mta, mta-sendmail, etc)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Les Mikesell wrote:
> Gilbert Sebenste wrote:
>   
>> On Mon, 23 Nov 2009, Ron Loftin wrote:
>>
>> 
>>> As others have already suggested, consider Postfix.
>>>
>>> I'm putting in my $0.02(US) so I can add my experience when I first had
>>> a need for a decent MTA.  I had used Sendmail in the past, but I didn't
>>> want to fight with the arcane syntax of the config files, and at that
>>> time the add-on management tools and scripts were not nearly as friendly
>>> to a beginner.
>>>
>>> When Postfix was suggested to me, I started reading the docs on their
>>> Web site, and discovered that the learning curve is nowhere near as
>>> steep as it is with Sendmail.  So far, Postfix has done everything I
>>> have needed, and with a LOT less pain.
>>>
>>> As always, YMMV.
>>>   
>> +1. Let me throw in something else. If youa re sending more than one email 
>> at a time (to more than one person simultaneously), Postfix will beat 
>> Sendmail. It can handle high loads better than Sendmail as well. Is it the 
>> fastest MTA out there? Doing some Google Fu some time ago, it's right 
>> there with the very fastest ones. For my job, I need to send out emergency 
>> notifications to 400 people at once. With Sendmail, that took over 7 
>> minutes.
>> 
>
> That doesn't make any sense unless you have a backed up queue with at 
> least many thousands of messages - in which case you should tune 
> sendmail to use multiple queue directories.
>
>   
Maybe he is not using the esmtp mailer. Not doing pipe-lining can make 
that difference.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] hard drive errors

[lostson]

Hello 
 
 I seem to be getting some messages via email and in var/log/messages as
well, i think its a hard drive gone bad but was wondering if anyone has
seen something similar to this or would have some ideas if its fixable
or not, here are the messages 

This email was generated by the smartd daemon running on:

   host name: localhost.localdomain
  DNS domain: localdomain
  NIS domain: (none)

The following warning/error was logged by the smartd daemon:

Device: /dev/hda, 993 Currently unreadable (pending) sectors

For details see host's SYSLOG (default: /var/log/messages).


Nov 23 18:20:22 localhost kernel: hda: dma_intr: status=0x51
{ DriveReady SeekComplete Error }
Nov 23 18:20:22 localhost kernel: hda: dma_intr: error=0x84
{ DriveStatusError BadCRC }
Nov 23 18:20:22 localhost kernel: ide: failed opcode was: unknown
Nov 23 18:20:22 localhost kernel: hda: dma_intr: status=0x51
{ DriveReady SeekComplete Error }
Nov 23 18:20:22 localhost kernel: hda: dma_intr: error=0x84
{ DriveStatusError BadCRC }
Nov 23 18:20:22 localhost kernel: ide: failed opcode was: unknown
Nov 23 18:20:22 localhost kernel: hda: dma_intr: status=0x51
{ DriveReady SeekComplete Error }
Nov 23 18:20:22 localhost kernel: hda: dma_intr: error=0x84
{ DriveStatusError BadCRC }
Nov 23 18:20:22 localhost kernel: ide: failed opcode was: unknown

 thanks for any ideas.

 LostSon

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hard drive errors

[nate]

lostson wrote:
> Hello
>
>  I seem to be getting some messages via email and in var/log/messages as
> well, i think its a hard drive gone bad but was wondering if anyone has
> seen something similar to this or would have some ideas if its fixable
> or not, here are the messages

Run manufacturer diagnostics and replace the disk

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
> Les Mikesell wrote:
>> Susan Day wrote:
>>   
>>> Hi;
>>> I don't want sendmail. What's a good secure email server that I can yum? 
>>> I really only need smtp right now, but who knows what the future will bring?
>>> 
>>
>> Postfix is probably a reasonable choice, but I'm curious as to how you 
>> reached the decision that you don't want to use the standard, 
>> mostly-preconfigured tool without already knowing anything about the 
>> other choices.  Sendmail may have a long history of exploits back in the 
>> day with it was monolithic and ran as root, but now it is probably the 
>> most carefully audited piece of code shipped in the distribution.  The 
>> milter interface developed for sendmail (and now also implemented in 
>> postfix) lets you add functionality that wasn't designed in, so it is 
>> hard to imagine a mail job or environment that either couldn't handle.
>>
>>   
> 
> 
> I don't see sendmailX on Centos at the moment...do you? It is therefore 
> still monolithic as far as Centos is concerned.

By not-monolithic, I mean that now submission queuing, forwarding, and local 
delivery are all different processes, each running with limited credentials 
most 
of the time.  And milters also can run under different uids.

> postfix comes with mysql/postgresql support and with connection pooling 
> at that and which can be used directly in a lot of built-in features of 
> postfix.

You probably really want ldap for that sort of thing.


> Unless the supporting stuff in the milters are as efficient as 
> what you can get in postfix, sendmail + milters might be hard pressed to 
> handle some environments that postfix can.

MimeDefang gets this right - it runs as a multiplexor that connects multiple 
processes as needed so you don't have a 1:1 ratio of mailers to backend milters 
and you don't have fast step waiting on slow steps to complete.  See page 31 of
http://www.mimedefang.org/static/mimedefang-lisa04.pdf.  Most other approaches 
use simple pipelines that make everything wait while spamassin runs and have to 
reparse the mime headers to break out attachments for each scanning step.  Some 
very large sites are running it.

-- 
   Les Mikesell
lesmikes...@gmail.com





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Les Mikesell wrote:
> Christopher Chan wrote:
>   
>> Les Mikesell wrote:
>> 
>>> Susan Day wrote:
>>>   
>>>   
 Hi;
 I don't want sendmail. What's a good secure email server that I can yum? 
 I really only need smtp right now, but who knows what the future will 
 bring?
 
 
>>> Postfix is probably a reasonable choice, but I'm curious as to how you 
>>> reached the decision that you don't want to use the standard, 
>>> mostly-preconfigured tool without already knowing anything about the 
>>> other choices.  Sendmail may have a long history of exploits back in the 
>>> day with it was monolithic and ran as root, but now it is probably the 
>>> most carefully audited piece of code shipped in the distribution.  The 
>>> milter interface developed for sendmail (and now also implemented in 
>>> postfix) lets you add functionality that wasn't designed in, so it is 
>>> hard to imagine a mail job or environment that either couldn't handle.
>>>
>>>   
>>>   
>> I don't see sendmailX on Centos at the moment...do you? It is therefore 
>> still monolithic as far as Centos is concerned.
>> 
>
> By not-monolithic, I mean that now submission queuing, forwarding, and local 
> delivery are all different processes, each running with limited credentials 
> most 
> of the time.  And milters also can run under different uids.
>
>   

All that means naught if there is a remote root exploit. sendmail 8.12.x 
already worked like that.

>> postfix comes with mysql/postgresql support and with connection pooling 
>> at that and which can be used directly in a lot of built-in features of 
>> postfix.
>> 
>
> You probably really want ldap for that sort of thing.
>
>
>   

You probably really want to reconsider using ldap for anything that gets 
loads of changes daily.

>> Unless the supporting stuff in the milters are as efficient as 
>> what you can get in postfix, sendmail + milters might be hard pressed to 
>> handle some environments that postfix can.
>> 
>
> MimeDefang gets this right - it runs as a multiplexor that connects multiple 
> processes as needed so you don't have a 1:1 ratio of mailers to backend 
> milters 
> and you don't have fast step waiting on slow steps to complete.  See page 31 
> of
> http://www.mimedefang.org/static/mimedefang-lisa04.pdf.  Most other 
> approaches 
> use simple pipelines that make everything wait while spamassin runs and have 
> to 
> reparse the mime headers to break out attachments for each scanning step.  
> Some 
> very large sites are running it.
>
>   

I fail to see how that becomes an advantage for sendmail. I can very 
well pair postfix and mimedefang for just spamassassin and the rest of 
the stuff handled by native postfix features. That at the very least 
cuts out another layer to go through for postfix. In the end, sendmail 
is at a disadvantage having to depend on a third party for extra features.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
>
>> By not-monolithic, I mean that now submission queuing, forwarding, and local 
>> delivery are all different processes, each running with limited credentials 
>> most 
>> of the time.  And milters also can run under different uids.
>>
>>   
> 
> All that means naught if there is a remote root exploit. sendmail 8.12.x 
> already worked like that.

How do you have a remote root exploit if you aren't running as root?

>>> Unless the supporting stuff in the milters are as efficient as 
>>> what you can get in postfix, sendmail + milters might be hard pressed to 
>>> handle some environments that postfix can.
>>> 
>> MimeDefang gets this right - it runs as a multiplexor that connects multiple 
>> processes as needed so you don't have a 1:1 ratio of mailers to backend 
>> milters 
>> and you don't have fast step waiting on slow steps to complete.  See page 31 
>> of
>> http://www.mimedefang.org/static/mimedefang-lisa04.pdf.  Most other 
>> approaches 
>> use simple pipelines that make everything wait while spamassin runs and have 
>> to 
>> reparse the mime headers to break out attachments for each scanning step.  
>> Some 
>> very large sites are running it.
>>

> I fail to see how that becomes an advantage for sendmail. 

It lets you control load very precisely.  You can limit sendmail to some number 
of instances that can be much larger than the number of big/slow scanning 
backend processes that you permit and the sendmails don't wait for the milters 
until/unless they need one of their functions and you don't have to start a new 
process for each message.


> I can very 
> well pair postfix and mimedefang for just spamassassin and the rest of 
> the stuff handled by native postfix features. 

Where does your virus scan go?  Since spamassassin is perl, MimeDefang can run 
it internally.

 > That at the very least
> cuts out another layer to go through for postfix. In the end, sendmail 
> is at a disadvantage having to depend on a third party for extra features.

On the contrary, having the ability to extend through external software gives 
you unlimited options.  Note that postfix eventually got around to copying this 
feature.  Also with mimedefang you can do most of your special configuration in 
perl instead of having to learn yet another syntax.

-- 
   Les Mikesell
lesmikes...@gmail.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Ian Forde]

Sent from my iPhone

On Nov 23, 2009, at 6:14 PM, Les Mikesell  wrote:

>
> On the contrary, having the ability to extend through external  
> software gives
> you unlimited options.  Note that postfix eventually got around to  
> copying this
> feature.  Also with mimedefang you can do most of your special  
> configuration in
> perl instead of having to learn yet another syntax.
>
Hmm... I wouldn't exactly call that an advantage... I'd much rather  
plug in a kilter and spend 20 minutes configuring it properly than  
have to wrestle custom perl for getting mail flowing...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Ian Forde]

On Nov 23, 2009, at 5:34 PM, Christopher Chan > wrote:



Les Mikesell wrote:




You probably really want ldap for that sort of thing.


You probably really want to reconsider using ldap for anything that  
gets

loads of changes daily.


In the case of a mail relay, at one point  years back I decided to  
drop (not bounce) all email to bogus recipients at the relay level  
rather than let it get to (yuck) Exchange, which would bounce it. The  
trick was having an updated recipient list. My first thought was to  
query Active Directory for each user, thus getting an up-to-date result.


This turned out to be a *bad* idea for a couple of reasons. 1) if I  
can't reach AD, mail won't queue up on the relays, which is one of  
their major functions. 2) I'm making the relays directly dependent on  
AD latency. 3) any flood of email from outside can cause a large  
amount of queries against AD, causing a DOS that the relays are  
supposed to shield the internal network from.


So instead, I found a script to gather the list of users from AD, did  
some modifications and wrote some wrappers. The result? A script that  
runs from cron to get the list of valid addresses, convert them into  
an access file that sendmail (or postfix, in the first case years ago)  
can use instead. There's a little more latency, but as long as I do  
some sanity checking (too many changes? Send an alert and don't change  
the access file) it works just fine. Ldap-based, yes. But loosely  
coupled. A good compromise in my experience...___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Ian Forde wrote:
> 
> Sent from my iPhone
> 
> On Nov 23, 2009, at 6:14 PM, Les Mikesell  wrote:
> 
>> On the contrary, having the ability to extend through external  
>> software gives
>> you unlimited options.  Note that postfix eventually got around to  
>> copying this
>> feature.  Also with mimedefang you can do most of your special  
>> configuration in
>> perl instead of having to learn yet another syntax.
>>
> Hmm... I wouldn't exactly call that an advantage... I'd much rather  
> plug in a kilter and spend 20 minutes configuring it properly than  
> have to wrestle custom perl for getting mail flowing...

There are canned examples for anything remotely common.  How do you handle 
something your program wasn't intended to do?  When you are doing it in perl 
you 
can do whatever you want.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Ian Forde wrote:
>
> On Nov 23, 2009, at 5:34 PM, Christopher Chan 
>  > wrote:
>
>> Les Mikesell wrote:

>>>
>>> You probably really want ldap for that sort of thing.
>>
>> You probably really want to reconsider using ldap for anything that gets
>> loads of changes daily.
>
> In the case of a mail relay, at one point  years back I decided to 
> drop (not bounce) all email to bogus recipients at the relay level 
> rather than let it get to (yuck) Exchange, which would bounce it. The 
> trick was having an updated recipient list. My first thought was to 
> query Active Directory for each user, thus getting an up-to-date result.
>
> This turned out to be a *bad* idea for a couple of reasons. 1) if I 
> can't reach AD, mail won't queue up on the relays, which is one of 
> their major functions. 2) I'm making the relays directly dependent on 
> AD latency. 3) any flood of email from outside can cause a large 
> amount of queries against AD, causing a DOS that the relays are 
> supposed to shield the internal network from.
>
> So instead, I found a script to gather the list of users from AD, did 
> some modifications and wrote some wrappers. The result? A script that 
> runs from cron to get the list of valid addresses, convert them into 
> an access file that sendmail (or postfix, in the first case years ago) 
> can use instead. There's a little more latency, but as long as I do 
> some sanity checking (too many changes? Send an alert and don't change 
> the access file) it works just fine. Ldap-based, yes. But loosely 
> coupled. A good compromise in my experience...

Precisely why a buffer like this for sites with a very large user base 
might want to use cdb. postfix supports cdb and sendmail can get cdb 
support from sf.net/sendmail-cdb. Both need the tinycdb library though. 
Even mysql/postgresql could do with a break for legit users.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Les Mikesell wrote:
> Christopher Chan wrote:
>   
>>
>> 
>>> By not-monolithic, I mean that now submission queuing, forwarding, and 
>>> local 
>>> delivery are all different processes, each running with limited credentials 
>>> most 
>>> of the time.  And milters also can run under different uids.
>>>
>>>   
>>>   
>> All that means naught if there is a remote root exploit. sendmail 8.12.x 
>> already worked like that.
>> 
>
> How do you have a remote root exploit if you aren't running as root?
>
>   

Ask the sendmail advisories for 8.12.x.

 Unless the supporting stuff in the milters are as efficient as 
 what you can get in postfix, sendmail + milters might be hard pressed to 
 handle some environments that postfix can.
 
 
>>> MimeDefang gets this right - it runs as a multiplexor that connects 
>>> multiple 
>>> processes as needed so you don't have a 1:1 ratio of mailers to backend 
>>> milters 
>>> and you don't have fast step waiting on slow steps to complete.  See page 
>>> 31 of
>>> http://www.mimedefang.org/static/mimedefang-lisa04.pdf.  Most other 
>>> approaches 
>>> use simple pipelines that make everything wait while spamassin runs and 
>>> have to 
>>> reparse the mime headers to break out attachments for each scanning step.  
>>> Some 
>>> very large sites are running it.
>>>
>>>   
>
>   
>> I fail to see how that becomes an advantage for sendmail. 
>> 
>
> It lets you control load very precisely.  You can limit sendmail to some 
> number 
> of instances that can be much larger than the number of big/slow scanning 
> backend processes that you permit and the sendmails don't wait for the 
> milters 
> until/unless they need one of their functions and you don't have to start a 
> new 
> process for each message.
>
>
>   

Sorry, I meant to say, an advantage for sendmail over postfix.

>> I can very 
>> well pair postfix and mimedefang for just spamassassin and the rest of 
>> the stuff handled by native postfix features. 
>> 
>
> Where does your virus scan go?  Since spamassassin is perl, MimeDefang can 
> run 
> it internally.
>   

You know the answer to that one. If I am going to use MimeDefang for 
spamassassin and postfix obviously does not have anti-virus features 
(unless you call using body_checks to check for known patterns 
anti-virus support) where do you think I would plug in anti-virus 
support? Again, in a sendmail + mimedefang versus postfix + mimedefang, 
sendmail is the loser.

>  > That at the very least
>   
>> cuts out another layer to go through for postfix. In the end, sendmail 
>> is at a disadvantage having to depend on a third party for extra features.
>> 
>
> On the contrary, having the ability to extend through external software gives 
> you unlimited options.  Note that postfix eventually got around to copying 
> this 
> feature.  Also with mimedefang you can do most of your special configuration 
> in 
> perl instead of having to learn yet another syntax.
>
>   

Simply because it made sense to use available existing tools that 
support spamassassin and virus scanners than make yet another interface. 
No more smtp proxying. Good riddance amavisd. postfix was after all a 
replacement for sendmail and it would be incomplete without milter support.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Craig White]

On Tue, 2009-11-24 at 11:00 +0800, Christopher Chan wrote:
> Ian Forde wrote:
> >
> > On Nov 23, 2009, at 5:34 PM, Christopher Chan 
> >  > > wrote:
> >
> >> Les Mikesell wrote:
> 
> >>>
> >>> You probably really want ldap for that sort of thing.
> >>
> >> You probably really want to reconsider using ldap for anything that gets
> >> loads of changes daily.
> >
> > In the case of a mail relay, at one point  years back I decided to 
> > drop (not bounce) all email to bogus recipients at the relay level 
> > rather than let it get to (yuck) Exchange, which would bounce it. The 
> > trick was having an updated recipient list. My first thought was to 
> > query Active Directory for each user, thus getting an up-to-date result.
> >
> > This turned out to be a *bad* idea for a couple of reasons. 1) if I 
> > can't reach AD, mail won't queue up on the relays, which is one of 
> > their major functions. 2) I'm making the relays directly dependent on 
> > AD latency. 3) any flood of email from outside can cause a large 
> > amount of queries against AD, causing a DOS that the relays are 
> > supposed to shield the internal network from.
> >
> > So instead, I found a script to gather the list of users from AD, did 
> > some modifications and wrote some wrappers. The result? A script that 
> > runs from cron to get the list of valid addresses, convert them into 
> > an access file that sendmail (or postfix, in the first case years ago) 
> > can use instead. There's a little more latency, but as long as I do 
> > some sanity checking (too many changes? Send an alert and don't change 
> > the access file) it works just fine. Ldap-based, yes. But loosely 
> > coupled. A good compromise in my experience...
> 
> Precisely why a buffer like this for sites with a very large user base 
> might want to use cdb. postfix supports cdb and sendmail can get cdb 
> support from sf.net/sendmail-cdb. Both need the tinycdb library though. 
> Even mysql/postgresql could do with a break for legit users.

considering that LDAP is optimized for high amounts of read and minimal
writes, the problem with any SMTP daemon querying an LDAP server getting
bogged down suggests that other problems are at hand and should be
solved. I mean if the primary user/authentication system can't handle
the load, you got problems.

I admire the workarounds but damn, you have to solve the problems anyway
because this surely isn't the only place where this is a problem.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Craig White wrote:
> On Tue, 2009-11-24 at 11:00 +0800, Christopher Chan wrote:
>   
>> Ian Forde wrote:
>> 
>>> On Nov 23, 2009, at 5:34 PM, Christopher Chan 
>>> >> > wrote:
>>>
>>>   
 Les Mikesell wrote:
 
> You probably really want ldap for that sort of thing.
>   
 You probably really want to reconsider using ldap for anything that gets
 loads of changes daily.
 
>>> In the case of a mail relay, at one point  years back I decided to 
>>> drop (not bounce) all email to bogus recipients at the relay level 
>>> rather than let it get to (yuck) Exchange, which would bounce it. The 
>>> trick was having an updated recipient list. My first thought was to 
>>> query Active Directory for each user, thus getting an up-to-date result.
>>>
>>> This turned out to be a *bad* idea for a couple of reasons. 1) if I 
>>> can't reach AD, mail won't queue up on the relays, which is one of 
>>> their major functions. 2) I'm making the relays directly dependent on 
>>> AD latency. 3) any flood of email from outside can cause a large 
>>> amount of queries against AD, causing a DOS that the relays are 
>>> supposed to shield the internal network from.
>>>
>>> So instead, I found a script to gather the list of users from AD, did 
>>> some modifications and wrote some wrappers. The result? A script that 
>>> runs from cron to get the list of valid addresses, convert them into 
>>> an access file that sendmail (or postfix, in the first case years ago) 
>>> can use instead. There's a little more latency, but as long as I do 
>>> some sanity checking (too many changes? Send an alert and don't change 
>>> the access file) it works just fine. Ldap-based, yes. But loosely 
>>> coupled. A good compromise in my experience...
>>>   
>> Precisely why a buffer like this for sites with a very large user base 
>> might want to use cdb. postfix supports cdb and sendmail can get cdb 
>> support from sf.net/sendmail-cdb. Both need the tinycdb library though. 
>> Even mysql/postgresql could do with a break for legit users.
>> 
> 
> considering that LDAP is optimized for high amounts of read and minimal
> writes, the problem with any SMTP daemon querying an LDAP server getting
> bogged down suggests that other problems are at hand and should be
> solved. I mean if the primary user/authentication system can't handle
> the load, you got problems.
>
>   

I was trumpeting postfix's mysql/postgresql support and then Les says 
LDAP is the way to go and then I point out that LDAP don't like heavy 
write environments and you are starting the circle again.


/me tramples LDAP underfoot, gets a horse to trample LDAP, gets a tank 
to complete the job.


LDAP ain't THE SOLUTION for everything you know.


> I admire the workarounds but damn, you have to solve the problems anyway
> because this surely isn't the only place where this is a problem.


Ian pointed how he needs to 'replicate' a local copy of user 'accounts' 
from Exchange so that he does not kill Exchange. I just pointed out that 
this sort of thing can be done also for sites with a very large user 
base that will want something that is more efficient that Berkeley DB. 
You can chain lookups in postfix. Check cdb, then check 
mysql/postgresql. If the account exists in the cdb, then there is no 
need to check mysql/postgresql. So essentially only non-existent 
addresses and recently created addresses will result in hits to 
mysql/postgresql. This is not a work around. This is performance 
enhancement. Whacking a local cdb will be faster than whacking a 
mysql/postgresql database. Geez.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
>  
> Ian pointed how he needs to 'replicate' a local copy of user 'accounts' 
> from Exchange so that he does not kill Exchange. I just pointed out that 
> this sort of thing can be done also for sites with a very large user 
> base that will want something that is more efficient that Berkeley DB. 

There might be a few places big enough where using cdb vs. the built in bdb for 
the virtuser table would matter.  But very few.

> You can chain lookups in postfix. Check cdb, then check 
> mysql/postgresql. If the account exists in the cdb, then there is no 
> need to check mysql/postgresql. So essentially only non-existent 
> addresses and recently created addresses will result in hits to 
> mysql/postgresql. This is not a work around. This is performance 
> enhancement. Whacking a local cdb will be faster than whacking a 
> mysql/postgresql database. Geez.

If you have a reasonably fast internal mailer you can just let mimedefang on 
your external relay check against it with smtp in real time.  Exchange isn't 
one 
of those, though.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
> > 
>> How do you have a remote root exploit if you aren't running as root?
>>
>>   
> 
> Ask the sendmail advisories for 8.12.x.

Wasn't the last bug found and fixed 5 or 6 years ago?

>>> I fail to see how that becomes an advantage for sendmail. 
>>> 
>> It lets you control load very precisely.  You can limit sendmail to some 
>> number 
>> of instances that can be much larger than the number of big/slow scanning 
>> backend processes that you permit and the sendmails don't wait for the 
>> milters 
>> until/unless they need one of their functions and you don't have to start a 
>> new 
>> process for each message.
>>
>>
>>   
> 
> Sorry, I meant to say, an advantage for sendmail over postfix.

I've been using it with sendmail for many years.  Postfix has only recently 
added milter support and only very recently made it good enough to work with 
mimedefang.  I don't know if it does the session multiplexing as efficiently - 
maybe...

> You know the answer to that one. If I am going to use MimeDefang for 
> spamassassin and postfix obviously does not have anti-virus features 
> (unless you call using body_checks to check for known patterns 
> anti-virus support) where do you think I would plug in anti-virus 
> support? Again, in a sendmail + mimedefang versus postfix + mimedefang, 
> sendmail is the loser.

If you just started to use email, perhaps.

>> On the contrary, having the ability to extend through external software 
>> gives 
>> you unlimited options.  Note that postfix eventually got around to copying 
>> this 
>> feature.  Also with mimedefang you can do most of your special configuration 
>> in 
>> perl instead of having to learn yet another syntax.
>>
>>   
> 
> Simply because it made sense to use available existing tools that 
> support spamassassin and virus scanners than make yet another interface. 
> No more smtp proxying. Good riddance amavisd. postfix was after all a 
> replacement for sendmail and it would be incomplete without milter support.

And it was incomplete for a long time.  Which is why sendmail is the standard.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Les Mikesell wrote:
> Christopher Chan wrote:
>   
>>> 
>>> How do you have a remote root exploit if you aren't running as root?
>>>
>>>   
>>>   
>> Ask the sendmail advisories for 8.12.x.
>> 
>
> Wasn't the last bug found and fixed 5 or 6 years ago?
>
>   

Which is great. Just saying that if there is one still lurking around, 
the current model of operation might still be vulnerable.

 I fail to see how that becomes an advantage for sendmail. 
 
 
>>> It lets you control load very precisely.  You can limit sendmail to some 
>>> number 
>>> of instances that can be much larger than the number of big/slow scanning 
>>> backend processes that you permit and the sendmails don't wait for the 
>>> milters 
>>> until/unless they need one of their functions and you don't have to start a 
>>> new 
>>> process for each message.
>>>
>>>
>>>   
>>>   
>> Sorry, I meant to say, an advantage for sendmail over postfix.
>> 
>
> I've been using it with sendmail for many years.  Postfix has only recently 
> added milter support and only very recently made it good enough to work with 
> mimedefang.  I don't know if it does the session multiplexing as efficiently 
> - 
> maybe...
>
>   

I was the under the impression that it was mimedefang that handled that 
and not sendmail? In any case, postfix has long had very good multiplexing.

>> You know the answer to that one. If I am going to use MimeDefang for 
>> spamassassin and postfix obviously does not have anti-virus features 
>> (unless you call using body_checks to check for known patterns 
>> anti-virus support) where do you think I would plug in anti-virus 
>> support? Again, in a sendmail + mimedefang versus postfix + mimedefang, 
>> sendmail is the loser.
>> 
>
> If you just started to use email, perhaps.
>
>   

Ho hum. I do not know why you keep insisting that letting mimedefang 
handle say lookups to mysql and perform decisions based on those is 
faster than if sendmail had native support. It is after all, one less 
layer to going through and not run in something that is interpreted.

>>> On the contrary, having the ability to extend through external software 
>>> gives 
>>> you unlimited options.  Note that postfix eventually got around to copying 
>>> this 
>>> feature.  Also with mimedefang you can do most of your special 
>>> configuration in 
>>> perl instead of having to learn yet another syntax.
>>>
>>>   
>>>   
>> Simply because it made sense to use available existing tools that 
>> support spamassassin and virus scanners than make yet another interface. 
>> No more smtp proxying. Good riddance amavisd. postfix was after all a 
>> replacement for sendmail and it would be incomplete without milter support.
>> 
>
> And it was incomplete for a long time.  Which is why sendmail is the standard.
>
>   

More and more distributions are using postfix as the default even though 
it does not allow delivery to root. That 'is' will soon become 'was' 
despite its incomplete milter support. I guess milters are not all that 
standard then. So many alternatives to milters out there that got 
established when milters just were not stable enough (no fault of 
sendmail) so that today milters are not quite as well known as stuff 
like resource hog amavisd.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Robert Moskowitz]

Christopher Chan wrote:
> Craig White wrote:
>   
>> On Tue, 2009-11-24 at 11:00 +0800, Christopher Chan wrote:
>>   
>> 
>>> Ian Forde wrote:
>>> 
>>>   
 On Nov 23, 2009, at 5:34 PM, Christopher Chan 
 >>> > wrote:

   
 
> Les Mikesell wrote:
> 
>   
>> You probably really want ldap for that sort of thing.
>>   
>> 
> You probably really want to reconsider using ldap for anything that gets
> loads of changes daily.
> 
>   
 In the case of a mail relay, at one point  years back I decided to 
 drop (not bounce) all email to bogus recipients at the relay level 
 rather than let it get to (yuck) Exchange, which would bounce it. The 
 trick was having an updated recipient list. My first thought was to 
 query Active Directory for each user, thus getting an up-to-date result.

 This turned out to be a *bad* idea for a couple of reasons. 1) if I 
 can't reach AD, mail won't queue up on the relays, which is one of 
 their major functions. 2) I'm making the relays directly dependent on 
 AD latency. 3) any flood of email from outside can cause a large 
 amount of queries against AD, causing a DOS that the relays are 
 supposed to shield the internal network from.

 So instead, I found a script to gather the list of users from AD, did 
 some modifications and wrote some wrappers. The result? A script that 
 runs from cron to get the list of valid addresses, convert them into 
 an access file that sendmail (or postfix, in the first case years ago) 
 can use instead. There's a little more latency, but as long as I do 
 some sanity checking (too many changes? Send an alert and don't change 
 the access file) it works just fine. Ldap-based, yes. But loosely 
 coupled. A good compromise in my experience...
   
 
>>> Precisely why a buffer like this for sites with a very large user base 
>>> might want to use cdb. postfix supports cdb and sendmail can get cdb 
>>> support from sf.net/sendmail-cdb. Both need the tinycdb library though. 
>>> Even mysql/postgresql could do with a break for legit users.
>>> 
>>>   
>> 
>> considering that LDAP is optimized for high amounts of read and minimal
>> writes, the problem with any SMTP daemon querying an LDAP server getting
>> bogged down suggests that other problems are at hand and should be
>> solved. I mean if the primary user/authentication system can't handle
>> the load, you got problems.
>>
>>   
>> 
>
> I was trumpeting postfix's mysql/postgresql support and then Les says 
> LDAP is the way to go and then I point out that LDAP don't like heavy 
> write environments and you are starting the circle again.
>   

And how many LDAP implementations have mysql/postgresql behind the LDAP 
syntax?

So LDAP is frequently WORST than just a direct SQL table lookup.

At least the few that I have dealt with. I LIKE LDAP. Much better than 
DAP any day of the year ;)

>
> /me tramples LDAP underfoot, gets a horse to trample LDAP, gets a tank 
> to complete the job.
>
>
> LDAP ain't THE SOLUTION for everything you know.
>
>
>   
>> I admire the workarounds but damn, you have to solve the problems anyway
>> because this surely isn't the only place where this is a problem.
>> 
>
>
> Ian pointed how he needs to 'replicate' a local copy of user 'accounts' 
> from Exchange so that he does not kill Exchange. I just pointed out that 
> this sort of thing can be done also for sites with a very large user 
> base that will want something that is more efficient that Berkeley DB. 
> You can chain lookups in postfix. Check cdb, then check 
> mysql/postgresql. If the account exists in the cdb, then there is no 
> need to check mysql/postgresql. So essentially only non-existent 
> addresses and recently created addresses will result in hits to 
> mysql/postgresql. This is not a work around. This is performance 
> enhancement. Whacking a local cdb will be faster than whacking a 
> mysql/postgresql database. Geez.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>   
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Les Mikesell wrote:
> Christopher Chan wrote:
>   
>>  
>> Ian pointed how he needs to 'replicate' a local copy of user 'accounts' 
>> from Exchange so that he does not kill Exchange. I just pointed out that 
>> this sort of thing can be done also for sites with a very large user 
>> base that will want something that is more efficient that Berkeley DB. 
>> 
>
> There might be a few places big enough where using cdb vs. the built in bdb 
> for 
> the virtuser table would matter.  But very few.
>
>   

Just saying that postfix has all the guns needed for a big party.

>> You can chain lookups in postfix. Check cdb, then check 
>> mysql/postgresql. If the account exists in the cdb, then there is no 
>> need to check mysql/postgresql. So essentially only non-existent 
>> addresses and recently created addresses will result in hits to 
>> mysql/postgresql. This is not a work around. This is performance 
>> enhancement. Whacking a local cdb will be faster than whacking a 
>> mysql/postgresql database. Geez.
>> 
>
> If you have a reasonably fast internal mailer you can just let mimedefang on 
> your external relay check against it with smtp in real time.  Exchange isn't 
> one 
> of those, though.
>
>   

That internal mailer still has to whack something. You would just be 
adding another layer again with the smtp latency. What is with the love 
of uber number of layers?


Exchange...man...blasted thing cannot handle 20 users with multi 
gibibyte mailboxes on a dual Xeon with 3 gibibytes of RAM (HP DL360 [or 
was it a 380...] G3) without choking. Glad I have left that place even 
though all I had left to do was pick the phone and renew contracts and 
the Exchange box was the German team's baby. Kudos Centos and Redhat. :-D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

> And how many LDAP implementations have mysql/postgresql behind the LDAP 
> syntax?
>   

Okay, I will be honest, I do not have that much ldap experience but I 
was under the impression that they used Berkeley DB or something. I did 
not know that some had a sql backend...

> So LDAP is frequently WORST than just a direct SQL table lookup

We LOVE LAYERS. The Linux Kernel loves layers. We have to follow suit!

> .
>
> At least the few that I have dealt with. I LIKE LDAP. Much better than 
> DAP any day of the year ;)
>
>   

Which ones are those?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
> 
>> If you have a reasonably fast internal mailer you can just let mimedefang on 
>> your external relay check against it with smtp in real time.  Exchange isn't 
>> one 
>> of those, though.
>>
>>   
> 
> That internal mailer still has to whack something. You would just be 
> adding another layer again with the smtp latency. What is with the love 
> of uber number of layers?

You are removing a layer if you just pass through the recipient check to the 
ultimate source (the internal delivery machine) before accepting, and it does 
in 
fact need to be able to handle the lookups at the speed real messages come in. 
However, your external relay is likely to get whacked with a dictionary attack 
that it needs to be able to reject quickly so you can't do that if the delivery 
box is slow.

I used qmail for one of my domains a while back and it's practice of accepting 
everything, then sending bounces got a dictionary attack onto some kind of 
'good 
to spam' list and I got about 50,000 messages/day for non-existing users for 
years afterwards.  That was a problem until I put a sendmail with the good 
users 
in a virtuser table in front of it.  Interestingly, the messages would come in 
from a large number of different IP addresses but in a sorted order and with 
clearly coordinated timing.


-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

Les Mikesell wrote:
> Christopher Chan wrote:
>   
>> 
>> 
>>> If you have a reasonably fast internal mailer you can just let mimedefang 
>>> on 
>>> your external relay check against it with smtp in real time.  Exchange 
>>> isn't one 
>>> of those, though.
>>>
>>>   
>>>   
>> That internal mailer still has to whack something. You would just be 
>> adding another layer again with the smtp latency. What is with the love 
>> of uber number of layers?
>> 
>
> You are removing a layer if you just pass through the recipient check to the 
> ultimate source (the internal delivery machine) before accepting, and it does 
> in 
> fact need to be able to handle the lookups at the speed real messages come 
> in. 
> However, your external relay is likely to get whacked with a dictionary 
> attack 
> that it needs to be able to reject quickly so you can't do that if the 
> delivery 
> box is slow.
>   

OH are we? So what happens when the frontend hands off to the internal 
delivery machine? Does not the internal delivery machine again do 
another lookup?

> I used qmail for one of my domains a while back and it's practice of 
> accepting 
> everything, then sending bounces got a dictionary attack onto some kind of 
> 'good 
> to spam' list and I got about 50,000 messages/day for non-existing users for 
> years afterwards.  That was a problem until I put a sendmail with the good 
> users 
> in a virtuser table in front of it.  Interestingly, the messages would come 
> in 
> from a large number of different IP addresses but in a sorted order and with 
> clearly coordinated timing.
>
>   


/me shudders to think of anyone running a pure qmail-1.03 for a mx.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
> 
>> Wasn't the last bug found and fixed 5 or 6 years ago?
>>
>>   
> 
> Which is great. Just saying that if there is one still lurking around, 
> the current model of operation might still be vulnerable.

That was a joke, since you can never know when the last bug is found, but I'm 
comfortable with old code where you know at least some of the bugs have been 
fixed.


>> I've been using it with sendmail for many years.  Postfix has only recently 
>> added milter support and only very recently made it good enough to work with 
>> mimedefang.  I don't know if it does the session multiplexing as efficiently 
>> - 
>> maybe...
>>
>>   
> 
> I was the under the impression that it was mimedefang that handled that 
> and not sendmail? In any case, postfix has long had very good multiplexing.

MimeDefang multiplexes the client calls to the backend handlers, but the model 
was designed around sendmail.  It might happen to work as well with postfix.

> 
> Ho hum. I do not know why you keep insisting that letting mimedefang 
> handle say lookups to mysql and perform decisions based on those is 
> faster than if sendmail had native support. It is after all, one less 
> layer to going through and not run in something that is interpreted.

It's not faster for that operation, but compared to database lookups a couple 
more CPU instructions aren't significant and it is more powerful.  What you get 
is a point where you can do any additional operations if you want, regardless 
of 
whether the MTA author considered it or not.  And, in cases where the program 
you want to access isn't an already running daemon like mysql, you get a way to 
run it that doesn't need a 1:1 relationship to the mailer processes.


-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Christopher Chan]

>> Ho hum. I do not know why you keep insisting that letting mimedefang 
>> handle say lookups to mysql and perform decisions based on those is 
>> faster than if sendmail had native support. It is after all, one less 
>> layer to going through and not run in something that is interpreted.
>> 
>
> It's not faster for that operation, but compared to database lookups a couple 
> more CPU instructions aren't significant and it is more powerful.  What you 
> get 
> is a point where you can do any additional operations if you want, regardless 
> of 
> whether the MTA author considered it or not.  And, in cases where the program 
> you want to access isn't an already running daemon like mysql, you get a way 
> to 
> run it that doesn't need a 1:1 relationship to the mailer processes.
>
>   


I doubt that making calls via mimedefang is just a 'couple more' cpu 
instructions over internal calls within postfix.


But yes, it would be nice for other non-daemonized stuff.


So just chalk sendmail down one notch for lack of multiplexed 
mysql/postgresql support versus postfix will you? mimedefang cannot 
completely rectify that for sendmail.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
> 
>>> 
>> You are removing a layer if you just pass through the recipient check to the 
>> ultimate source (the internal delivery machine) before accepting, and it 
>> does in 
>> fact need to be able to handle the lookups at the speed real messages come 
>> in. 
>> However, your external relay is likely to get whacked with a dictionary 
>> attack 
>> that it needs to be able to reject quickly so you can't do that if the 
>> delivery 
>> box is slow.
>>   
> 
> OH are we? So what happens when the frontend hands off to the internal 
> delivery machine? Does not the internal delivery machine again do 
> another lookup?

Yes, but it is pretty unlikely that the results will be different since they 
are 
both done quickly against the authoritative source.  Unlike if you had made an 
intermediate copy of the database.

>> I used qmail for one of my domains a while back and it's practice of 
>> accepting 
>> everything, then sending bounces got a dictionary attack onto some kind of 
>> 'good 
>> to spam' list and I got about 50,000 messages/day for non-existing users for 
>> years afterwards.  That was a problem until I put a sendmail with the good 
>> users 
>> in a virtuser table in front of it.  Interestingly, the messages would come 
>> in 
>> from a large number of different IP addresses but in a sorted order and with 
>> clearly coordinated timing.
>>
>>   
> 
> 
> /me shudders to think of anyone running a pure qmail-1.03 for a mx.

But no one could convince the author that it was anything short of perfect - or 
that anyone else was qualified to touch the code.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] APIC error on CPU0: 00(60)

[Andrey Garkin]

John R Pierce ?:

Andrey Garkin wrote:
  

Hi All!

I have a some problem:

On the my motherboard Intel DG45NB with Processor Box  Intel Core 2 Duo  
E6300 , i see in the  dmesg(log file):

dmesg | grep CPU0
APIC error on CPU0: 00(60)
or the sometime:
dmesg | grep CPU1
APIC error on CPU1: 00(60)


How can I fix this problem??? This Bug is my motherboard or the kernel???
The system good working is uptime... Without reboot...
Other error in the log file - not found.
My kernel 2.6.18-164.6.1.el5
My system CentOS 5.4...
  





usual fix is to upgrade the BIOS on the board.   I don't see a DG45NB on 
Intel's site, rather, a DG43NB.   Latest BIOS for that board is 
NBG4310H.86A 0098 here,  
http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18145&ProdId=2979&=eng 





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  
Yes! My motherboard is DG43NB. Yesterday I successful is upgrade my BIOS 
version. *NBG4310H.86A


*But now I am see:
APIC error on CPU0: 00(60)
APIC error on CPU0: 60(60)
APIC error on CPU0: 60(60)

More and More error...
What is it???



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommend Mail Server

[Les Mikesell]

Christopher Chan wrote:
>>> Ho hum. I do not know why you keep insisting that letting mimedefang 
>>> handle say lookups to mysql and perform decisions based on those is 
>>> faster than if sendmail had native support. It is after all, one less 
>>> layer to going through and not run in something that is interpreted.
>>> 
>> It's not faster for that operation, but compared to database lookups a 
>> couple 
>> more CPU instructions aren't significant and it is more powerful.  What you 
>> get 
>> is a point where you can do any additional operations if you want, 
>> regardless of 
>> whether the MTA author considered it or not.  And, in cases where the 
>> program 
>> you want to access isn't an already running daemon like mysql, you get a way 
>> to 
>> run it that doesn't need a 1:1 relationship to the mailer processes.
>>
>>   
> 
> 
> I doubt that making calls via mimedefang is just a 'couple more' cpu 
> instructions over internal calls within postfix.
> 
> 
> But yes, it would be nice for other non-daemonized stuff.
> 
> 
> So just chalk sendmail down one notch for lack of multiplexed 
> mysql/postgresql support versus postfix will you? mimedefang cannot 
> completely rectify that for sendmail.

I've never had anything in mysql that I've wanted sendmail to check so it never 
occurred to me that the support was lacking in the first place.  But if I had, 
I'd have done it in MimeDefang anyway and still not noticed that it wasn't 
built 
into sendmail.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos