Re: [CentOS] About I386 not fitting on one DVD

[Ljubomir Ljubojevic]

Always Learning wrote:
> Centos 5.6 X86_64 is on two DVDs. Can not determine if -R or +R. However
> when installing, disk 2 is never required.


I used it on my first and only install. Of course I chose some extra 
packages, and that is why infrequently used packages are on the disk 2.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] About I386 not fitting on one DVD

[Ljubomir Ljubojevic]

david wrote:
> Just a thought
> 
> If the I386 (or i686, never could figure out why the name change) 
> disk doesn't quite fit on the DVD+, and needs a DVD-, this might put 
> some folks at an inconvenience.
> 
> I wonder if the difference between fitting and not fitting is small 
> enough, so that some amount of pruning might make it fit on the DVD+R 
> image.  Some ways to prune could be:

CentOS 6.1 i386(mostly for compatibility sake I think) will come out on 
2 DVD-s also, that was already announced around a week ago, so that is 
already settled.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Ljubomir Ljubojevic]

Always Learning wrote:
> On Sat, 2011-07-16 at 20:06 -0400, Mark Weaver wrote:
> 
>> On 7/16/2011 6:50 PM, Always Learning wrote:
>>>
>>> If there was an automatic ban on List mail containing HTML parts, it is
>>> likely the latest crap would not be distributed to everyone.
>>>
>>> A possible test of the Content-Type: header for
>>>
>>>  multipart/mixed;
>>>
>>> or
>>>
>>>  text/html;
>>>
>>>
>>> might stop the spam.
> 
> 
>> you mean like the default settings of Mailman list software that the 
>> CentOS list "doesn't" run on? I have five lists running on one of my 
>> CentOS servers and crap like that doesn't ever make it to the list.
> 
> It is the method I use with Exim to block unwanted HTML emails.
> 
> I also do not accept external mail if the HELO/EHLO is not identical to
> the host name used by the sending server. Its a marvellous method of
> removing lots of spam. Unfortunately some large organisations (i.e.
> Ebay, British Telecommunications (BT) and others) are so utterly
> incompetent they fail - so their emails get rejected. If they want to
> send us emails, they have to obey our rules.
> 
> 
I use it too. Reverse-DNS check is best SPAM repellent there is. Only 
mail from properly set mail servers is accepted.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Ljubomir Ljubojevic]

Keith Roberts wrote:
> On Sat, 16 Jul 2011, Keith Roberts wrote:
> 
>> To: CentOS mailing list 
>> From: Keith Roberts 
>> Subject: Re: [CentOS] firewall?
>>
>> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>>
>> *snip*
>>
>>>  I wrote about "physical presence *outside* of your network", like if
>>>  you
>>>  are on a large WISP that uses bridged network (bad design) and your
>>>  Wireless client is bridged, and you have single NIC firewall in place,
>>>  entire WISP's network will be able to sniff your traffic and hack into
>>>  unprotected workstations/desktops. And there are those scenarios, much
>>>  more then you can think.
>> Which is why one poster mentioned that you need to be familiar with 
>> IPtables and Networking before trying to make your machine(s) network(s) 
>> secure?
>>
>> I read some time ago something about tunneling different protocols 
>> through firewalls? which sounded quite scary.
> 
> This is what I was refering to:
> 
> Data Driven Attacks Using HTTP Tunneling
> 
> "... HTTP Tunneling Example
> 
> HTTP tunneling can be used to access ports that are 
> normally inaccessible from a network. Consider Figure 1 
> below. The attacker's host is shown on the left with the 
> target systems on the right. The router at the edge has the 
> following policies:"
> 
> http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling
> 
> Sounds a bit scary to me, as any website needs to have port 
> 80 open to allow access to that website.
> 

That example is based on the premise that attacker will exploit existing 
security bug/hole to gain access to the system. And they refer in that 
article to IIS (Micro$oft Web server, with holes like swiss cheese).

If you check the frequency of Apache (httpd) security bugs on CentOS 
5.x, I think you will see several Denial Of Service bugs, but only one 
or two that would allow code execution. And bug reports for Apache are 
made to secure mailing list so rest of the world is not aware of them 
until they are already fixed.

So I would not be overly concerned about HTTP tunneling attacks.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in CentOS 5.6?

[Rudi Ahlers]

On Wed, Jul 6, 2011 at 6:17 AM, John R Pierce  wrote:
> On 07/05/11 9:04 PM, Charles Polisher wrote:
>> The PostgreSQL wiki seems to say that database tables are
>> allocated in 1GB extents. In workloads with which I am
>> familiar, with an RDBMS the extents don't bounce
>> around all that much, i.e. the vast majority of writes do
>> not result in a change to the underlying database's storage
>> allocation. Once in a while a new extent is allocated.
>> http://www.postgresql.org/docs/current/static/storage-file-layout.html
>> I suppose there could be exceptions, but I haven't run
>> across one personally.
>
> you misread that.
>
>    When a table or index exceeds 1 GB, it is divided into
>    gigabyte-sized/segments/. The first segment's file name is the same
>    as the filenode; subsequent segments are named filenode.1,
>    filenode.2, etc. This arrangement avoids problems on platforms that
>    have file size limitations. ...
>
>
> Each file is no larger than 1GB (by default), but its written and
> expanded as needed, not in any fixed size increment.
>
>
>> The "WAL" files you refer to are apparently database
>> transaction logs. According to the wiki, these too
>> are allocated in extents (WAL segments) of 16MB each.
>
> The wal logs are 16M files, also written sequentially as needed, and
> nearly continuously on a insert/update intensive database.  they are not
> reused, rather, old wal files are deleted (unless you're archiving), and
> new ones are created continuously.
>
>
> --
> john r pierce                            N 37, W 122
> santa cruz ca                         mid-left coast
>
> ___



Hi Everyone,

I just tried to install EXT4 onto a CentOS 5 machine but it failed.
Does anyone know in which repository it is?



root@usaxen01:[~]$ cat /etc/redhat-release
CentOS release 5 (Final)

root@usaxen01:[~]$ uname -a
Linux usaxen01 2.6.18-8.1.15.el5xen #1 SMP Mon Oct 22 09:01:12 EDT
2007 x86_64 x86_64 x86_64 GNU/Linux


root@usaxen01:[~]$ yum -y install e4fsprogs
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Excluding Packages in global exclude list
Finished
Parsing package install arguments
Nothing to do




-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Ljubomir Ljubojevic]

Always Learning wrote:
> On Sat, 2011-07-16 at 13:25 +0200, Rudi Ahlers wrote:
> 
>> But, sadly google can't teach someone to start making their own
>> choices or to think for themselves
> 
> Learning Linux/Centos on one's own, and without good text books, is a
> very daunting task even for those with over 40 years computer
> programming experience. I describe it as a steep learning curve but, as
> usual, I succeeded. Others may be confused and lack the background
> knowledge to put 'strange' things in context or to make sense of what
> seems illogical.

That was not directed to people wanting to learn something, but to the 
drones wanting everything "chewed up". Asking specific question was 
never a problem to respond to and educate for the most people.

I don't think I have been on a forums or mailing list that refused to 
point someone in the right direction. "Give a man a fish, you have fed 
him for today.  Teach a man to fish, and you have fed him for a 
lifetime" most people use as a moto. But there are always those who want 
it all served on the silver platter.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ext4 in CentOS 5.6?

[Ljubomir Ljubojevic]

Rudi Ahlers wrote:
> Hi Everyone,
> 
> I just tried to install EXT4 onto a CentOS 5 machine but it failed.
> Does anyone know in which repository it is?
> 
> root@usaxen01:[~]$ cat /etc/redhat-release
> CentOS release 5 (Final)
> 
> root@usaxen01:[~]$ uname -a
> Linux usaxen01 2.6.18-8.1.15.el5xen #1 SMP Mon Oct 22 09:01:12 EDT
> 2007 x86_64 x86_64 x86_64 GNU/Linux

Your kernel is old: "Starting with kernel-2.6.18-128.el5, ext4 support 
is enabled.". You should be on CentOS 5.3 at least.

And be careful to leave boot partition on ext3.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Keith Roberts]

On Sun, 17 Jul 2011, Ljubomir Ljubojevic wrote:

*snip*

>>> I read some time ago something about tunneling different protocols
>>> through firewalls? which sounded quite scary.
>>
>> This is what I was refering to:
>>
>> Data Driven Attacks Using HTTP Tunneling
>>
>> "... HTTP Tunneling Example
>>
>> HTTP tunneling can be used to access ports that are
>> normally inaccessible from a network. Consider Figure 1
>> below. The attacker's host is shown on the left with the
>> target systems on the right. The router at the edge has the
>> following policies:"
>>
>> http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling
>>
>> Sounds a bit scary to me, as any website needs to have port
>> 80 open to allow access to that website.
>>
>
> That example is based on the premise that attacker will exploit existing
> security bug/hole to gain access to the system. And they refer in that
> article to IIS (Micro$oft Web server, with holes like swiss cheese).
>
> If you check the frequency of Apache (httpd) security bugs on CentOS
> 5.x, I think you will see several Denial Of Service bugs, but only one
> or two that would allow code execution. And bug reports for Apache are
> made to secure mailing list so rest of the world is not aware of them
> until they are already fixed.
>
> So I would not be overly concerned about HTTP tunneling attacks.

OK thanks for that advice Ljubomir.

Kind Regards,

Keith

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Always Learning]

On Sun, 2011-07-17 at 10:37 +0200, Ljubomir Ljubojevic wrote:

> I don't think I have been on a forums or mailing list that refused to 
> point someone in the right direction. "Give a man a fish, you have fed
> him for today.  Teach a man to fish, and you have fed him for a 
> lifetime" most people use as a moto. But there are always those who
> want it all served on the silver platter.

I prefer gold platters :-)



-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] About I386 not fitting on one DVD

[Robert Heller]

At Sat, 16 Jul 2011 22:31:51 -0700 CentOS mailing list  
wrote:

> 
> On 07/16/11 7:50 PM, david wrote:
> > If the I386 (or i686, never could figure out why the name change)
> 
> I386 was the original 386 CPU, which ran at speeds from 16 to 33Mhz
> i486 includes a few additional instructions on the 486 processor, and 
> IIRC, ran at speeds from 25 to 100Mhz

i486's included the FPU on-chip -- i386 either had a separate FPU chip
or used a kernel-supplied software FPU emulator (yes, 0.xx and 1.xx
kernels had the option of a software floating point math support).

> i586 is the original pentium, at 60, 66, 90, 100 up to about 133Mhz

AMD made K6's up to 500mhz -- i586 processors

> i686 is the pentium pro and pentium-II, -III, -IV and everything newer.
> 
> i686 added a few minor new instructions but also has additional memory 
> management functionality missing from the earlier versions.
> 
> its just gotten silly to try and keep backwards support for the early 
> versions of the CPUs that have been obsolete for so long.
> 
> really, we should have compiler targets for optimizing on the P4 
> 'netburst' CPUs and another for the core processors as they are all 
> pipelined differently.   as it turns out, however, the core 2 and core 
> I3/5/7 do pretty well with pentium-II and -III style optimization 
> strategies, as well as, of course, the x86_64 support.
> 
> 

-- 
Robert Heller -- 978-544-6933 / hel...@deepsoft.com
Deepwoods Software-- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] HP Network Printer Issue - Resend

[Eugene Poole]

I sent the following message back in June, but I must have missed the reply:

   I'm attempting to install and configure HPLIP (HP Linux Imaging and
   Printing) software on my CentOS 5.3 x86_64 system without success. I've
   got a HP Officejet Pro 8500 multi-function printer connected via
   ethernet.
   I'm getting a message saying that it cannot locate the libcups
   module in
   the /usr/lib64 and /usr/lib directories. However, I can locate then
   correct modules using the find command. I can print to this printer
   using
   multiple versions of Fedora and multiple versions of Windows.
   Does anyone have any suggestions why it is not working?

Has anyone seen an issue like this?  I'm continuing to run CentOS 5.3 
because VMware Server 2.02 works well there. And I haven't found a 
tutorial or 'How To' showing how to move to kernel based virtualization 
(KVM) on the later versions of CentOS.


TIA
Gene

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP Network Printer Issue - Resend

[Scott Robbins]

On Sun, Jul 17, 2011 at 08:35:55AM -0400, Eugene Poole wrote:
> I sent the following message back in June, but I must have missed the reply:
> 
> 
> I'm attempting to install and configure HPLIP (HP Linux Imaging and
> Printing) software on my CentOS 5.3 x86_64 system without success. I've
> got a HP Officejet Pro 8500 multi-function printer connected via ethernet.
> I'm getting a message saying that it cannot locate the libcups module in
> the /usr/lib64 and /usr/lib directories. However, I can locate then
> correct modules using the find command. 


If I remember correctly, (but I may not) some of the older versions of
hplip rpms didn't work that well.  I would use the rpmforge version,
which I believe is a later version.  If you still have no luck, then I
would try installing it from source.  I have a page on doing that at
http://home.roadrunner.com/~computertaijutsu/hplip.html


-- 

Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Buffy: Looks like a job for wiccan-girl. What do you say,
Will? Big time danger.
Willow: Hey, I eat danger for breakfast.
Xander: But, oddly enough, she panics in the face of breakfast
foods.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] issues when add driverdisk to centos5.6 using NFS method

[郑栋辉]

Hi, I am Ken.. I am trying to add dud(driver update disk) to centos5.6
using network method, I can successfully add dud to centos5.6 using
http and ftp method, but fail when using nfs method. However those all
three methods are officially supported in the centos5.6.

As indicated in the centos5.6 website, we can see they not only
support http, ftp, but also nfs.
http://centos.org/docs/5/html/Installation_Guide-en-US/s1-kickstart2-options.html
--
driverdisk (optional)
Driver diskettes can be used during kickstart installations. You
must copy the driver diskettes's contents to the root directory of a
partition on the system's hard drive. Then you must use the driverdisk
command to tell the installation program where to look for the driver
disk.

driverdisk  [--type=]

Alternatively, a network location can be specified for the driver diskette:

driverdisk --source=ftp://path/to/dd.img
driverdisk --source=http://path/to/dd.img
driverdisk --source=nfs:host:/path/to/img

*
   Partition containing the driver disk.
*
  --type= File system type (for example, vfat or ext2).
--
In my experiment, I make my dud address in the kickstart file like below:

driverdisk --source=nfs:9.122.90.239:/deployment/dud-2.6.18-128-64.centos.iso

but it fails to load the dud when centos begin to install.

do you have any suggestion to me? Thanks


-- 
BEST WISHES!
郑栋辉
Zheng donghui
Dept.of Computer Science & Engineering, Shanghai Jiaotong University
Tel: (+86)  1356-418-5078
Email: zhd...@gmail.com
MSN: zhd...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP Network Printer Issue - Resend

[Ljubomir Ljubojevic]

Eugene Poole wrote:
> Has anyone seen an issue like this?  I'm continuing to run CentOS 5.3 
> because VMware Server 2.02 works well there. And I haven't found a 
> tutorial or 'How To' showing how to move to kernel based virtualization 
> (KVM) on the later versions of CentOS.

Tutorial, or better yet an explanation how to use:
http://www.linux-kvm.org/page/How_To_Migrate_From_Vmware_To_KVM

read the bottom part of the page:

Starting at v0.12, Qemu-kvm has native support to VMware's disk images 
v6 (seems to be compatible with v7, used by VMware Server). So VMware 
images can could be run with Qemu-kvm without any modification (make 
backups and do it at your own risks though !).

Look at your VMX configuration file:

 scsi0:0.fileName = "zimbra-01.vmdk"
 uuid.bios = "56 4d 3f 3d 32 80 5b f2-94 31 21 c9 b2 c3 93 b9"
 ethernet0.generatedAddress = "00:0c:29:c3:93:b9"

And then build the command-line:

kvm -drive file=zimbra-01.vmdk,boot=on \
   -net nic,macaddr=00:0c:29:c3:93:b9 -net tap \
   -uuid 564d3f3d-3280-5bf2-9431-21c9b2c393b9

The UUID is optional, but might be useful for applications using it for 
validation (i.e. Windows), and the MAC address as well.

Second way could be to convert the disk image:

kvm-img convert -O qcow2 zimbra-01.vmdk zimbra.qcow2


Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Celebrating Centos 6.0 Day World-wide

[Rajagopal Swaminathan]

Greetings,

On Sat, Jul 9, 2011 at 11:47 PM, Always Learning  wrote:
>
> On Sat, 2011-07-09 at 20:13 +0200, Ljubomir Ljubojevic wrote:
>>
> yum install gstreamer*
>

Is yum install vlc* better that gstreamer?

Ignorant queation:
And whch repos should be included 1. for gstreamer and 2. for VLC?

-- 
Regards,

Rajagopal
Mumbai, India
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Keith Roberts]

On Sun, 17 Jul 2011, Always Learning wrote:

> To: CentOS mailing list 
> From: Always Learning 
> Subject: Re: [CentOS] firewall?
> 
>
> On Sun, 2011-07-17 at 10:37 +0200, Ljubomir Ljubojevic wrote:
>
>> I don't think I have been on a forums or mailing list that refused to
>> point someone in the right direction. "Give a man a fish, you have fed
>> him for today.  Teach a man to fish, and you have fed him for a
>> lifetime" most people use as a moto. But there are always those who
>> want it all served on the silver platter.
>
> I prefer gold platters :-)

Yes, me too. Preferably studded with Rubies, Diamonds and 
Emeralds!

Keith

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] About I386 not fitting on one DVD

[david]

At 10:31 PM 7/16/2011, you wrote:
>On 07/16/11 7:50 PM, david wrote:
> > If the I386 (or i686, never could figure out why the name change)
>
>I386 was the original 386 CPU, which ran at speeds from 16 to 33Mhz
>i486 includes a few additional instructions on the 486 processor, and
>IIRC, ran at speeds from 25 to 100Mhz
>i586 is the original pentium, at 60, 66, 90, 100 up to about 133Mhz
>i686 is the pentium pro and pentium-II, -III, -IV and everything newer.
>
>i686 added a few minor new instructions but also has additional memory
>management functionality missing from the earlier versions.
>
>its just gotten silly to try and keep backwards support for the early
>versions of the CPUs that have been obsolete for so long.
>
>really, we should have compiler targets for optimizing on the P4
>'netburst' CPUs and another for the core processors as they are all
>pipelined differently.   as it turns out, however, the core 2 and core
>I3/5/7 do pretty well with pentium-II and -III style optimization
>strategies, as well as, of course, the x86_64 support.
>
>
>--
>john r pierceN 37, W 122
>santa cruz ca mid-left coast


Folks
My initial post was perhaps mis-stated.  I don't have any problem 
with dropping processors before the Pentium class machines (aka 
I686), my question was only a naming question.

Why are some RPMs named  el6.i386, and some with el6.i686.  It must 
make automated package selection algorithms more difficult.

David 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Ljubomir Ljubojevic]

Keith Roberts wrote:
>> On Sun, 2011-07-17 at 10:37 +0200, Ljubomir Ljubojevic wrote:
>>
>>> I don't think I have been on a forums or mailing list that refused to
>>> point someone in the right direction. "Give a man a fish, you have fed
>>> him for today.  Teach a man to fish, and you have fed him for a
>>> lifetime" most people use as a moto. But there are always those who
>>> want it all served on the silver platter.
>> I prefer gold platters :-)
> 
> Yes, me too. Preferably studded with Rubies, Diamonds and 
> Emeralds!
> 
I am more interested on the food on the platter. True open source geek, 
I know ;-)

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-6 firewall how to open a port

[Timothy Murphy]

I'm running CentOS-6 on an HP MicroServer (since this morning)
and I'd like to open an non-standard port,
for use on a laptop  attached to the internet through the server.

Do I have to explicitly add an iptables rule?
If so, and I want to open (say) udp port 500 ,
what command should I give?

I've always used shorewall in the past,
and will probably do so now if the default firewall is difficult to use.
But I thought I would try it first as an experiment.

My recollection is that in old versions of CentOS
one could non-standard ports through system-config-firewall ;
but it seems that now this can only be used for standard ports;

I looked at 
but didn't find it very enlightening.

Any advice or suggestions gratefully received.




-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Celebrating Centos 6.0 Day World-wide

[Ljubomir Ljubojevic]

Rajagopal Swaminathan wrote:
> Greetings,
> 
> On Sat, Jul 9, 2011 at 11:47 PM, Always Learning  wrote:
>> On Sat, 2011-07-09 at 20:13 +0200, Ljubomir Ljubojevic wrote:
>> yum install gstreamer*
>>
> 
> Is yum install vlc* better that gstreamer?
> 
> Ignorant queation:
> And whch repos should be included 1. for gstreamer and 2. for VLC?
> 
Depends on what you are going to use it for.

GStreamer is library used by number of Audio-video apps.

VLC is Audio-video app with it's own codecs (as I recall).

So if you will use VLC for listening to MP3 and similar proprietary 
formats installing VLC will be enough.

If you prefer some other app, like Amarok, Totem,... for MP3, etc... 
then you need underlying library of codecs (GStreamer, xine,..).

More then one repository has both vlc and GStreamer, but I suggest using 
rpmforge/repoforge[1]. Install their release package and use yum to install.

[1]: http://repoforge.org/use/

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-6 firewall how to open a port

[Ljubomir Ljubojevic]

Timothy Murphy wrote:
> I'm running CentOS-6 on an HP MicroServer (since this morning)
> and I'd like to open an non-standard port,
> for use on a laptop  attached to the internet through the server.
> 
> Do I have to explicitly add an iptables rule?
> If so, and I want to open (say) udp port 500 ,
> what command should I give?
> 
> I've always used shorewall in the past,
> and will probably do so now if the default firewall is difficult to use.
> But I thought I would try it first as an experiment.
> 
> My recollection is that in old versions of CentOS
> one could non-standard ports through system-config-firewall ;
> but it seems that now this can only be used for standard ports;
> 
> I looked at 
> but didn't find it very enlightening.
> 
> Any advice or suggestions gratefully received.
> 

Use System -> Administration -> Firewall from GUI.
Or "/usr/bin/system-config-firewall" from SSH/console TUI.

Ljubomir


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] About I386 not fitting on one DVD

[Ljubomir Ljubojevic]

david wrote:
> At 10:31 PM 7/16/2011, you wrote:
>> On 07/16/11 7:50 PM, david wrote:
>>> If the I386 (or i686, never could figure out why the name change)
>> I386 was the original 386 CPU, which ran at speeds from 16 to 33Mhz
>> i486 includes a few additional instructions on the 486 processor, and
>> IIRC, ran at speeds from 25 to 100Mhz
>> i586 is the original pentium, at 60, 66, 90, 100 up to about 133Mhz
>> i686 is the pentium pro and pentium-II, -III, -IV and everything newer.
>>
>> i686 added a few minor new instructions but also has additional memory
>> management functionality missing from the earlier versions.
>>
>> its just gotten silly to try and keep backwards support for the early
>> versions of the CPUs that have been obsolete for so long.
>>
>> really, we should have compiler targets for optimizing on the P4
>> 'netburst' CPUs and another for the core processors as they are all
>> pipelined differently.   as it turns out, however, the core 2 and core
>> I3/5/7 do pretty well with pentium-II and -III style optimization
>> strategies, as well as, of course, the x86_64 support.
>>
>>
>> --
>> john r pierceN 37, W 122
>> santa cruz ca mid-left coast
> 
> 
> Folks
> My initial post was perhaps mis-stated.  I don't have any problem 
> with dropping processors before the Pentium class machines (aka 
> I686), my question was only a naming question.
> 
> Why are some RPMs named  el6.i386, and some with el6.i686.  It must 
> make automated package selection algorithms more difficult.
> 
Packages are created by large number of various people for number of 
different distros. i386 marks packages that will run on older CPU's, 
i686 packages that will run only on PII and newer CPU's. It is simple as 
that. Changing everything to i686 would only wreck havoc for distros 
supporting older CPU's. This would be the jest of the (I am sure more 
complex) matter.

Ljubomir

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-6 firewall how to open a port

[david]

At 08:53 AM 7/17/2011, you wrote:
>Timothy Murphy wrote:
> > I'm running CentOS-6 on an HP MicroServer (since this morning)
> > and I'd like to open an non-standard port,
> > for use on a laptop  attached to the internet through the server.
> >

(snip)


> > Any advice or suggestions gratefully received.
> >
>
>Use System -> Administration -> Firewall from GUI.
>Or "/usr/bin/system-config-firewall" from SSH/console TUI.
>
>Ljubomir
>

I loaded my system with text-install and network, and find no file 
named "/usr/bin/system-config-firewall".  My guess is that it comes 
with a package that I haven't installed.  Can you identify that package?

Thanks
David 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-6 firewall how to open a port

[Rudi Ahlers]

On Sun, Jul 17, 2011 at 6:05 PM, david  wrote:
> At 08:53 AM 7/17/2011, you wrote:
>>Timothy Murphy wrote:
>> > I'm running CentOS-6 on an HP MicroServer (since this morning)
>> > and I'd like to open an non-standard port,
>> > for use on a laptop  attached to the internet through the server.
>> >
>
> (snip)
>
>
>> > Any advice or suggestions gratefully received.
>> >
>>
>>Use System -> Administration -> Firewall from GUI.
>>Or "/usr/bin/system-config-firewall" from SSH/console TUI.
>>
>>Ljubomir
>>
>
> I loaded my system with text-install and network, and find no file
> named "/usr/bin/system-config-firewall".  My guess is that it comes
> with a package that I haven't installed.  Can you identify that package?
>
> Thanks
> David
>
> ___



yum install system-config-network


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[John R Pierce]

On 07/17/11 1:24 AM, Ljubomir Ljubojevic wrote:
> If you check the frequency of Apache (httpd) security bugs on CentOS
> 5.x, I think you will see several Denial Of Service bugs, but only one
> or two that would allow code execution. And bug reports for Apache are
> made to secure mailing list so rest of the world is not aware of them
> until they are already fixed.
>
> So I would not be overly concerned about HTTP tunneling attacks.

most successful exploits of 'nix web servers involve poorly implemented 
user code, such as exploitable PHP, perl cgi, etc, things that allow sql 
insertion attacks, etc etc.

http://xkcd.com/327/



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] svnserve with encryption on CentOS

[Les Mikesell]

On 7/16/11 1:35 PM, David Mehler wrote:

> I've done some more reading/googling and from what i'm seeing high
> security isn't doable with svnserve even with sasl, passwords from the
> client need to be stored on disk plain, this isn't desirable in my
> case.

Yes, that's why there is the ssh+svn variation.  But the client plain text 
password on disk is more of a linux issue.  The windows and mac clients use OS 
facilities to keep the password encrypted and only accessible by that user.

> Do you host a repository via apache? The problem I'm having is not
> it's ease of setup, I can do that, the issue is one of data
> visibility. I'm not wanting someone to be able to go to
> http://domain.com/svn/project1 and see trunk code. I know that I can
> use basic authentication to prevent this, but would rather the repo
> not be viewable at all to any anonymous users.

The repos where I use http do have anonymous read access (but behind a 
firewall).  If I didn't want that I'd use basic auth with 'require valid-user' 
for the location - and probably force https use so the password exchange would 
be encrypted.  Some other parts of the company use https with a client 
certificate requirement in addition to the password.  I don't have access to 
that configuration but I don't think it would be difficult other than 
maintaining per-client certificates if you don't already have infrastructure 
for 
that.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Devin Reade]

Ljubomir Ljubojevic  wrote:

> I use it too. Reverse-DNS check is best SPAM repellent there is. Only 
> mail from properly set mail servers is accepted.

That's fine if your check is that a reverse DNS entry exists,
or that the HELO/ELHO exists in forward DNS or, if your MTA is
smart enough, it does a reverse-forward* check, but if
you only check that the HELO/ELHO matches the reverse entry
then you're blocking a bunch of valid mailers because there is
no specification requirement that those two match (and they don't
in the general case).

(*) reverse-forward here means do a reverse lookup on the connecting
IP, then doing a forward lookup on the result, and then ensure that
original IP is one of the 'A' records resolved from the forward 
lookup.

Devin
-- 
I don't suffer from insanity.  I enjoy every minute of it. 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] issues when add driverdisk to centos5.6 using NFS method

[Keith Roberts]

On Sun, 17 Jul 2011, 郑栋辉 wrote:


To: centos@centos.org
From: 郑栋辉 
Subject: [CentOS] issues when add driverdisk to centos5.6 using NFS method

Hi, I am Ken.. I am trying to add dud(driver update disk) to centos5.6
using network method, I can successfully add dud to centos5.6 using
http and ftp method, but fail when using nfs method. However those all
three methods are officially supported in the centos5.6.

As indicated in the centos5.6 website, we can see they not only
support http, ftp, but also nfs.
http://centos.org/docs/5/html/Installation_Guide-en-US/s1-kickstart2-options.html
--
driverdisk (optional)
   Driver diskettes can be used during kickstart installations. You
must copy the driver diskettes's contents to the root directory of a
partition on the system's hard drive. Then you must use the driverdisk
command to tell the installation program where to look for the driver
disk.

   driverdisk  [--type=]

   Alternatively, a network location can be specified for the driver diskette:

   driverdisk --source=ftp://path/to/dd.img
   driverdisk --source=http://path/to/dd.img
   driverdisk --source=nfs:host:/path/to/img

   *
  Partition containing the driver disk.
   *
 --type= File system type (for example, vfat or ext2).
--
In my experiment, I make my dud address in the kickstart file like below:

driverdisk --source=nfs:9.122.90.239:/deployment/dud-2.6.18-128-64.centos.iso

but it fails to load the dud when centos begin to install.

do you have any suggestion to me? Thanks


Hello Ken.

I don't use NFS, can you actually reach your NFS machine 
from another machine on your LAN to get some sort of file 
listings from it, like an apache directory listing? This 
would tell you that the machine is actually reachable.


As with any network problems, I would recommend installing 
Wireshark on both machines you want to be able to talk to 
each other via your LAN. You can then run Wireshark on both 
machines and get a realtime diagnosis of what's happening on 
each network interface, complete with any error messages.


Much better than trying to 'pin the tail on the donkey 
blindfolded' so to speak, which I consider diagnosing 
network problems can be compared to, without being able 
to actually see the packets flowing between the two networks 
with some sort of diagnostics software.


Kind Regards,

Keith Roberts






--
BEST WISHES!
郑栋辉
Zheng donghui
Dept.of Computer Science & Engineering, Shanghai Jiaotong University
Tel: (+86)  1356-418-5078
Email: zhd...@gmail.com
MSN: zhd...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


--
-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] cent0s-6 and virtualbox

[Michel Donais]

I want to get a look at Cents-6
The computer is a portable Thinkpad T-42
The base OS is Windows XP Professionnal 

I tried to use both Microsoft Virtual PC and Oracle Virtual Box with the same 
result
I boot from the CD (wich have been burned from an ISO downloaded from a Centos 
-6 repo).
The version is CentOS-6.0-i386-bin-DVD.iso

With each virtual machine I get this result at the beginning of the 
installation:
"This kernel requires the following features not present on the cpu pae"
"Unable to boot - please use a kernel appropriate for your CPU"

I undeerstand that perhaps the computer processor is too old.
But is there a patch to overpass this problem?

 ---
Michel Donais___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Upgrade from CentOS 5.4 to 5.6

[Nguyen Vu Hung]

Hi all,

I am running 5.4

After running

sudo yum clean all
sudo yum update

We got it upgraded to 5.6

cat /etc/redhat-release
CentOS release 5.6 (Final)

So, how can I get it my CentOS from 5.6 to 6.0?

[vuhung@-08 ~]$ sudo yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.vietoss.com
* extras: mirror.vietoss.com
* updates: mirror.vietoss.com
Setting up Update Process
No Packages marked for Update


TIA,

Vu Hung

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Upgrade from CentOS 5.4 to 5.6 -> 6.0

[Nguyen Vu Hung]

Hi all,

I am running 5.4

After running

sudo yum clean all
sudo yum update

We got it upgraded to 5.6

cat /etc/redhat-release
CentOS release 5.6 (Final)

So, how can I get it my CentOS from 5.6 to 6.0?

[vuhung@-08 ~]$ sudo yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.vietoss.com
* extras: mirror.vietoss.com
* updates: mirror.vietoss.com
Setting up Update Process
No Packages marked for Update


TIA,

Vu Hung

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade from CentOS 5.4 to 5.6 -> 6.0

[Alexander Dalloz]

Am 17.07.2011 19:59, schrieb Nguyen Vu Hung:
> Hi all,
> 
> I am running 5.4
> 
> After running
> 
> sudo yum clean all
> sudo yum update
> 
> We got it upgraded to 5.6
> 
> cat /etc/redhat-release
> CentOS release 5.6 (Final)
> 
> So, how can I get it my CentOS from 5.6 to 6.0?
> 
> [vuhung@-08 ~]$ sudo yum update
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> * base: mirror.vietoss.com
> * extras: mirror.vietoss.com
> * updates: mirror.vietoss.com
> Setting up Update Process
> No Packages marked for Update
> 
> 
> TIA,
> 
> Vu Hung

As explained in the documentation there is no upgrade path between major
versions supported. You may run an upgrade using the install media (DVD)
at your very own risk. The general recommendation is: do a fresh install.

Alexander


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade from CentOS 5.4 to 5.6 -> 6.0

[Digimer]

On 07/17/2011 01:59 PM, Nguyen Vu Hung wrote:
> Hi all,
> 
> I am running 5.4
> 
> After running
> 
> sudo yum clean all
> sudo yum update
> 
> We got it upgraded to 5.6
> 
> cat /etc/redhat-release
> CentOS release 5.6 (Final)
> 
> So, how can I get it my CentOS from 5.6 to 6.0?
> 
> [vuhung@-08 ~]$ sudo yum update
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
>  * base: mirror.vietoss.com
>  * extras: mirror.vietoss.com
>  * updates: mirror.vietoss.com
> Setting up Update Process
> No Packages marked for Update
> 
> 
> TIA,
> 
> Vu Hung

As far as I know, upgrading between major EL versions is not supported.
A full re-install is recommended.

If you wish to try anyway, you will probably need to change the repos to
point to the EL6 repos instead of the EL5 repos.

-- 
Digimer
E-Mail:  digi...@alteeve.com
Freenode handle: digimer
Papers and Projects: http://alteeve.com
Node Assassin:   http://nodeassassin.org
"At what point did we forget that the Space Shuttle was, essentially,
a program that strapped human beings to an explosion and tried to stab
through the sky with fire and math?"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade from CentOS 5.4 to 5.6 -> 6.0

[Nguyen Vu Hung]

Hello,

(2011/07/18 1:06), Digimer wrote:
>
> As far as I know, upgrading between major EL versions is not supported.
> A full re-install is recommended.
Currently, the OS is installed on a vmware, and arcording to the tech staff,
due to technical, they can not install CentOS 6 or anything other than
CentOS 5.4 :)

>
> If you wish to try anyway, you will probably need to change the repos to
> point to the EL6 repos instead of the EL5 repos.
>
This seems reasonable (yet a little risky) and I definitely will try to
do that.
Anyone has done that before?

BR,

Nguyen Vu Hung

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade from CentOS 5.4 to 5.6 -> 6.0

[Luigi Rosa]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nguyen Vu Hung said the following on 17/07/11 20:19:

> Currently, the OS is installed on a vmware, and arcording to the tech staff,
> due to technical, they can not install CentOS 6 or anything other than CentOS 
> 5.4 :)

I already installed CentOS (and RHEL) 6 on VMware ESXi 4.1 and VMware
Workstation 7.1.4. I already put in production a mail server with CentOS 6 on
VMware ESXi 4

The so called "technical problems" are a plain lie: RedHat 6 is around for many
months and VMware supports it.


Ciao,
luigi

- -- 
/
+--[Luigi Rosa]--
\

You cannot propel yourself forward by patting yourself on the back.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4jKyUACgkQ3kWu7Tfl6ZRlrACgxLyV6RmmaNyBY9wWTiqnqvsW
qhYAn0ODIMuJuhA6gJPf0JESQE9NjdIj
=a64v
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cent0s-6 and virtualbox

[Ljubomir Ljubojevic]

Michel Donais wrote:
> I want to get a look at Cents-6
> The computer is a portable Thinkpad T-42
> The base OS is Windows XP Professionnal 
>  
> I tried to use both Microsoft Virtual PC and Oracle Virtual Box with the 
> same result
> I boot from the CD (wich have been burned from an ISO downloaded from a 
> Centos -6 repo).
> The version is CentOS-6.0-i386-bin-DVD.iso
>  
> With each virtual machine I get this result at the beginning of the 
> installation:
> "This kernel requires the following features not present on the cpu pae"
> "Unable to boot - please use a kernel appropriate for your CPU"
>  
> I undeerstand that perhaps the computer processor is too old.
> But is there a patch to overpass this problem?
>  
>  ---
> Michel Donais
> 

In one word: No.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] issues when add driverdisk to centos5.6 using NFS method

[Ljubomir Ljubojevic]

Keith Roberts wrote:
> I don't use NFS, can you actually reach your NFS machine from another 
> machine on your LAN to get some sort of file listings from it, like an 
> apache directory listing? This would tell you that the machine is 
> actually reachable.

#showmount -e 

will list available NFS shares.

Common problems can be version of NFS, firewalled ports and NFS server 
not allowing access to particular IP/subnet.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 11:06 -0600, Devin Reade wrote:

> That's fine if your check is that a reverse DNS entry exists,
> or that the HELO/ELHO exists in forward DNS or, if your MTA is
> smart enough, it does a reverse-forward* check, but if
> you only check that the HELO/ELHO matches the reverse entry
> then you're blocking a bunch of valid mailers because there is
> no specification requirement that those two match (and they don't
> in the general case).

What is the point of some super stupid over-paid Computer Professional
(usually a Windoze lover) configuring his or her (although women are
more careful than men) mail server to send emails with false
credentials ?

Example: HELO/EHLO my identity is stupid.example.com

when that server is operating on IP address xxx.yyy.zzz.aaa

and stupid.example.com has a DNS 'A' record for IP address
bbb.eee.sss.ttt ?

Incidentally the mail server's IP address xxx.yyy.zzz.aaa has a host
name of ridiculous.example.com

> you're blocking a bunch of valid mailers

What is 'valid' in this situation ?

> there is no specification requirement that those two match
> (and they don't in the general case).

When you telephone someone from your office, do you usually give a false
name and contact telephone number ?  No, of course you do not. Why
tolerate false details from a source who is often a spammer.

Mail Admins should unite against spammers not deliberately emulate them.

Here a a few examples:   http://sys.u226.com/t21/t21p003.php


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cent0s-6 and virtualbox

[Always Learning]

On Sun, 2011-07-17 at 13:52 -0400, Michel Donais wrote:

> Thinkpad T-42

http://en.wikipedia.org/wiki/ThinkPad

ThinkPad T40-series
Includes the T40, T41, T42, T43, and associated p series (for
performance; e.g., T43p). A typical 14.1-inch (360 mm) T4x
weighs 4.9 lb (2.2 kg), slightly less than the 600-series, and
features an Intel Pentium M Processor (ranging from the Intel
Pentium M at 1.73 GHz to the Intel Pentium M 770 at 2.13 GHz), 

Hope that helps.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] authconfig-gtk-6.1.9-1.fc14.i686.rpm missing durring URL Install ?

[Armelius Cameron]

Hello,
This is a rather strange problem. I am using the i386 netinstall CD to boot 
and do a URL (HTTP) install since my machine only has CD drive and can't boot 
from USB either.

During the install, the installer was looking for package authconfig-
gtk-6.1.9-1.fc14.i686.rpm and claims that it's missing. I checked the RPMs 
under packages, and for sure it wasn't there. But look at the package name. 
Why is the installer asking for .fc14. package ?
authconfig-gtk-6.1.4-6.el6.i686.rpm exists instead, but I don't understand why 
the .fc14. package was requested. Anyone else sees this ?

My install, of course, did not succeed.

Thanks
AC

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] authconfig-gtk-6.1.9-1.fc14.i686.rpm missing durring URL Install ?

[Always Learning]

On Sun, 2011-07-17 at 16:51 -0400, Armelius Cameron wrote:

> This is a rather strange problem. I am using the i386 netinstall CD to boot 
> and do a URL (HTTP) install since my machine only has CD drive and can't boot 
> from USB either.
> 
> During the install, the installer was looking for package authconfig-
> gtk-6.1.9-1.fc14.i686.rpm and claims that it's missing. I checked the RPMs 
> under packages, and for sure it wasn't there. But look at the package name. 
> Why is the installer asking for .fc14. package ?
> authconfig-gtk-6.1.4-6.el6.i686.rpm exists instead, but I don't understand 
> why 
> the .fc14. package was requested. Anyone else sees this ?

What version of Centos were you attempting to install ?


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Alexander Dalloz]

Am 17.07.2011 22:30, schrieb Always Learning:

> Here a a few examples:   http://sys.u226.com/t21/t21p003.php

Just to understand you, could you please explain one of your "examples"?

The 2nd one in your list:

Organisation:British Telecommunications, EU
HELO / EHLO: smtpe1.intersmtp.com
HELO IP: 62.239.224.89
MX IP:   62.239.224.234
MX DNS A record: smtp61.intersmtp.com

Here smtpe1.intersmtp.com resolves properly forward and reverse, if that
is what counts for you.

Alexander
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 23:15 +0200, Alexander Dalloz wrote:


> The 2nd one in your list:
> 
> Organisation:British Telecommunications, EU
> HELO / EHLO: smtpe1.intersmtp.com
> HELO IP: 62.239.224.89
> MX IP:   62.239.224.234
> MX DNS A record: smtp61.intersmtp.com
> 
> Here smtpe1.intersmtp.com resolves properly forward and reverse, if that
> is what counts for you.

BUT the IP address used for the mail server was, as the list shows,
62.239.224.234 which, at the time, had a host name of
smtp61.intersmtp.com

smtpe1.intersmtp.com still does NOT properly resolve.

host smtpe1.intersmtp.com
smtpe1.intersmtp.com has address 62.239.224.89

host 62.239.224.89
89.224.239.62.in-addr.arpa domain name pointer smtpe1.intersmtp.COM.

*almost* correct. In Linux, like Unix and the pre-Microsoft days,
uppercase letters have a different numerical value to lowercase letters.

Uppercase 'COM' is definitely not the same as lowercase 'com'.

No wonder some call 'BT' Balls-up Telecoms.

Do your Mail Transfer Agents use valid or bogus HELO/EHLO names ?

-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Alexander Dalloz]

Am 17.07.2011 23:24, schrieb Always Learning:
> 
> On Sun, 2011-07-17 at 23:15 +0200, Alexander Dalloz wrote:
> 
> 
>> The 2nd one in your list:
>>
>> Organisation:British Telecommunications, EU
>> HELO / EHLO: smtpe1.intersmtp.com
>> HELO IP: 62.239.224.89
>> MX IP:   62.239.224.234
>> MX DNS A record: smtp61.intersmtp.com
>>
>> Here smtpe1.intersmtp.com resolves properly forward and reverse, if that
>> is what counts for you.
> 
> BUT the IP address used for the mail server was, as the list shows,
> 62.239.224.234 which, at the time, had a host name of
> smtp61.intersmtp.com

What do you mean by that? Was the connecting mailserver the one with IP
62.239.224.234? If you mean that the mailserver should have been the one
listed as MX, you are simply wrong and you do not know what an MX is.

> smtpe1.intersmtp.com still does NOT properly resolve.
> 
> host smtpe1.intersmtp.com
> smtpe1.intersmtp.com has address 62.239.224.89
> 
> host 62.239.224.89
> 89.224.239.62.in-addr.arpa domain name pointer smtpe1.intersmtp.COM.
> 
> *almost* correct. In Linux, like Unix and the pre-Microsoft days,
> uppercase letters have a different numerical value to lowercase letters.
> 
> Uppercase 'COM' is definitely not the same as lowercase 'com'.

In DNS as well in mail addresses in the public zone the letter case does
not matter.

> No wonder some call 'BT' Balls-up Telecoms.
> 
> Do your Mail Transfer Agents use valid or bogus HELO/EHLO names ?

No, though there is no RFC which states that the HELO/EHLO name must be
eqal to any MX record. In your example the greeting name resolves fine
and is ok in this regard.

Someone who does not want to receive mail from legitimate senders can
just switch off his MTA ;-)

Alexander


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Patrick Lists]

On 07/17/2011 11:24 PM, Always Learning wrote:
> *almost* correct. In Linux, like Unix and the pre-Microsoft days,
> uppercase letters have a different numerical value to lowercase letters.
>
> Uppercase 'COM' is definitely not the same as lowercase 'com'.

Please correct me if I am wrong but afaik upper-/lowercase does not 
matter in DNS. Also, I am not aware of e.g. Postfix actually rejecting 
(with reject_unknown_client_hostname) a FQDN with capitals when a FQDN 
in lowercase was expected.

Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 23:33 +0200, Alexander Dalloz wrote:

> >> Organisation:British Telecommunications, EU
> >> HELO / EHLO: smtpe1.intersmtp.com
> >> HELO IP: 62.239.224.89
> >> MX IP:   62.239.224.234
> >> MX DNS A record: smtp61.intersmtp.com

> > BUT the IP address used for the mail server was, as the list shows,
> > 62.239.224.234 which, at the time, had a host name of
> > smtp61.intersmtp.com

> What do you mean by that? Was the connecting mailserver the one with IP
> 62.239.224.234? If you mean that the mailserver should have been the one
> listed as MX, you are simply wrong and you do not know what an MX is.

In the list there is limited space for explanations. There is no
abbreviation for 'receiving MTA' so I used 'MX'. I have changed it to
ACTUAL. Hope that helps. (You will probably need to refresh/reload the
web page)


> In DNS as well in mail addresses in the public zone the letter case does
> not matter.

I know. It was a joke about the COM and com :-)

> No, though there is no RFC which states that the HELO/EHLO name must be
> eqal to any MX record. In your example the greeting name resolves fine
> and is ok in this regard.

If the 'greeting name' (HELO/EHLO) does not resolve to the IP address
used by the sending server, then the mail is not accepted.

> Someone who does not want to receive mail from legitimate senders can
> just switch off his MTA ;-)

Legitimate senders should not use fake, false, misleading credentials.

Incidentally your own ISP is one of the worse users in England of 'fake'
HELO/EHLO names.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Ljubomir Ljubojevic]

Devin Reade wrote:
> Ljubomir Ljubojevic  wrote:
> 
>> I use it too. Reverse-DNS check is best SPAM repellent there is. Only 
>> mail from properly set mail servers is accepted.
> 
> That's fine if your check is that a reverse DNS entry exists,
> or that the HELO/ELHO exists in forward DNS or, if your MTA is
> smart enough, it does a reverse-forward* check, but if
> you only check that the HELO/ELHO matches the reverse entry
> then you're blocking a bunch of valid mailers because there is
> no specification requirement that those two match (and they don't
> in the general case).
> 
> (*) reverse-forward here means do a reverse lookup on the connecting
> IP, then doing a forward lookup on the result, and then ensure that
> original IP is one of the 'A' records resolved from the forward 
> lookup.
> 
> Devin

I only check reverse DNS entry for FQDN, I think HELO/EHLO is not checked.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 23:36 +0200, Patrick Lists wrote:

> On 07/17/2011 11:24 PM, Always Learning wrote:
> > Uppercase 'COM' is definitely not the same as lowercase 'com'.
> 
> Please correct me if I am wrong but afaik upper-/lowercase does not 
> matter in DNS. Also, I am not aware of e.g. Postfix actually rejecting 
> (with reject_unknown_client_hostname) a FQDN with capitals when a FQDN 
> in lowercase was expected.

Nee hoor. You are correct. kopie, kopie :-)


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Stephen Harris]

On Sun, Jul 17, 2011 at 11:36:49PM +0200, Patrick Lists wrote:
> On 07/17/2011 11:24 PM, Always Learning wrote:
> > *almost* correct. In Linux, like Unix and the pre-Microsoft days,
> > uppercase letters have a different numerical value to lowercase letters.
> >
> > Uppercase 'COM' is definitely not the same as lowercase 'com'.
> 
> Please correct me if I am wrong but afaik upper-/lowercase does not 
> matter in DNS. Also, I am not aware of e.g. Postfix actually rejecting 
> (with reject_unknown_client_hostname) a FQDN with capitals when a FQDN 
> in lowercase was expected.

Postfix HELO verification simply does the relevant DNS lookups; if they
succeed then the HELO is OK.

Postfix IP verification does the IP rDNS lookup, then a forward lookup
of the result; if the result set includes the original IP then it
succeeds.

Case doesn't matter unless the underlying DNS libraries somehow break
on case.  Which they shouldn't :-)

In the example given earlier:

   HELO / EHLO: smtpe1.intersmtp.com
   HELO IP: 62.239.224.89
   MX IP:   62.239.224.234
   MX DNS A record: smtp61.intersmtp.com

The HELO name successfully resolves to 62.239.224.89, so passes.

Now the source IP address isn't given but if it was 62.239.224.89 then
postfix would have done
  62.239.224.89 -> smtpe1.intersmtp.COM.
and then
  smtpe1.intersmtp.COM. -> 62.239.224.89
Since the final IP address matches the source IP address then the connecting
IP address check would also have passed.

You'll note the MX IP and A records aren't actually involved, in this
case!

After 5+ years of running these checks myself, I finally got fed up with
all the stupid companies who had broken DNS (including banks and ISPs
and Fortune 500 companies - my "white list" made 99 entries!) that
I eventually turned it off and just use the Zen RBL.  It lets through
spam that the stricter checks would reject, but it's good enough.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Ljubomir Ljubojevic]

Always Learning wrote:
> Do your Mail Transfer Agents use valid or bogus HELO/EHLO names ?
> 

Mine uses proper name, but then again I am one of the few in my country 
to offer POP3 on SSL port 465. And I am small local WISP.

And when I say *few*, I mean I do not actually *know* of any mail server 
in Serbia offering this.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 23:52 +0200, Ljubomir Ljubojevic wrote:
> Always Learning wrote:
> > Do your Mail Transfer Agents use valid or bogus HELO/EHLO names ?
> > 
> 
> Mine uses proper name, but then again I am one of the few in my country 
> to offer POP3 on SSL port 465. And I am small local WISP.
> 
> And when I say *few*, I mean I do not actually *know* of any mail server 
> in Serbia offering this.

Congratulations.  

I fear with the introduction of IP6, it may be more difficult to
separate spammers from non-spammers using fake IDs.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] authconfig-gtk-6.1.9-1.fc14.i686.rpm missing durring URL Install ?

[Armelius Cameron]

On Sunday, July 17, 2011 05:14:49 pm Always Learning wrote:
> On Sun, 2011-07-17 at 16:51 -0400, Armelius Cameron wrote:
> > This is a rather strange problem. I am using the i386 netinstall CD to
> > boot and do a URL (HTTP) install since my machine only has CD drive and
> > can't boot from USB either.
> > 
> > During the install, the installer was looking for package authconfig-
> > gtk-6.1.9-1.fc14.i686.rpm and claims that it's missing. I checked the
> > RPMs under packages, and for sure it wasn't there. But look at the
> > package name. Why is the installer asking for .fc14. package ?
> > authconfig-gtk-6.1.4-6.el6.i686.rpm exists instead, but I don't
> > understand why the .fc14. package was requested. Anyone else sees this ?
> 
> What version of Centos were you attempting to install ?

Centos 6. Sorry, forgot to mention that.

AC
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-6 firewall how to open a port

[Timothy Murphy]

Timothy Murphy wrote:

> I'm running CentOS-6 on an HP MicroServer (since this morning)
> and I'd like to open an non-standard port,
> for use on a laptop  attached to the internet through the server.
> 
> Do I have to explicitly add an iptables rule?
> If so, and I want to open (say) udp port 500 ,
> what command should I give?
...
> My recollection is that in old versions of CentOS
> one could non-standard ports through system-config-firewall ;
> but it seems that now this can only be used for standard ports;

Apologies.
There is a perfectly clear option "Other Ports"
on running system-config-firewall as root.

There does seem to be a bug/feature: if you enter
the same procedure by Administration=>Firewall (in KDE)
you cannot make any changes (at least I could not)
even after giving the superuser password, when requested.

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cent0s-6 and virtualbox

[Christopher Chan]

On Monday, July 18, 2011 01:52 AM, Michel Donais wrote:
> I want to get a look at Cents-6
> The computer is a portable Thinkpad T-42
> The base OS is Windows XP Professionnal
> I tried to use both Microsoft Virtual PC and Oracle Virtual Box with the
> same result
> I boot from the CD (wich have been burned from an ISO downloaded from a
> Centos -6 repo).
> The version is CentOS-6.0-i386-bin-DVD.iso
> With each virtual machine I get this result at the beginning of the
> installation:
> "This kernel requires the following features not present on the cpu pae"
> "Unable to boot - please use a kernel appropriate for your CPU"
> I undeerstand that perhaps the computer processor is too old.
> But is there a patch to overpass this problem?

You need to have a cpu that has a hardware visor. Otherwise, the only 
other option will be qemu which is slow.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cent0s-6 and virtualbox

[Steve Clark]

On 07/17/2011 09:32 PM, Christopher Chan wrote:

On Monday, July 18, 2011 01:52 AM, Michel Donais wrote:

I want to get a look at Cents-6
The computer is a portable Thinkpad T-42
The base OS is Windows XP Professionnal
I tried to use both Microsoft Virtual PC and Oracle Virtual Box with the
same result
I boot from the CD (wich have been burned from an ISO downloaded from a
Centos -6 repo).
The version is CentOS-6.0-i386-bin-DVD.iso
With each virtual machine I get this result at the beginning of the
installation:
"This kernel requires the following features not present on the cpu pae"
"Unable to boot - please use a kernel appropriate for your CPU"
I undeerstand that perhaps the computer processor is too old.
But is there a patch to overpass this problem?

You need to have a cpu that has a hardware visor. Otherwise, the only
other option will be qemu which is slow.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


In virtualbox click the option under cpu that it has PAE.

--
Stephen Clark
*NetWolves*
Sr. Software Engineer III
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cent0s-6 and virtualbox

[Christopher Chan]

On Monday, July 18, 2011 09:32 AM, Christopher Chan wrote:
> On Monday, July 18, 2011 01:52 AM, Michel Donais wrote:
>> I want to get a look at Cents-6
>> The computer is a portable Thinkpad T-42
>> The base OS is Windows XP Professionnal
>> I tried to use both Microsoft Virtual PC and Oracle Virtual Box with the
>> same result
>> I boot from the CD (wich have been burned from an ISO downloaded from a
>> Centos -6 repo).
>> The version is CentOS-6.0-i386-bin-DVD.iso
>> With each virtual machine I get this result at the beginning of the
>> installation:
>> "This kernel requires the following features not present on the cpu pae"
>> "Unable to boot - please use a kernel appropriate for your CPU"
>> I undeerstand that perhaps the computer processor is too old.
>> But is there a patch to overpass this problem?
>
> You need to have a cpu that has a hardware visor. Otherwise, the only
> other option will be qemu which is slow.

Oops, taking that back, virtualbox is not like kvm or xen. It looks like 
that it does not need a hardware hypervisor.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Les Mikesell]

On 7/17/11 4:48 PM, Always Learning wrote:
>
> If the 'greeting name' (HELO/EHLO) does not resolve to the IP address
> used by the sending server, then the mail is not accepted.

That's ummm, kind of random. There's no reason to expect this.

>> Someone who does not want to receive mail from legitimate senders can
>> just switch off his MTA ;-)
>
> Legitimate senders should not use fake, false, misleading credentials.

There is no requirement for the greeting name to match any IP, and isn't likely 
to work for multi-homed and/or clustered machines.

-- 
   Les Mikesell
 lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] redhat-release file on C6

[Stephen Harris]

Curious as to why redhat-release says "CentOS Linux release" in C6, but
on C5 it merely says 'CentOS release".  This causes programs that try to
parse the file (eg Xen Tools) to fail 'cos it can't parse properly.

Yeah, it can be worked around, but it seems an unnecessary change :-(

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 21:07 -0500, Les Mikesell wrote:

> On 7/17/11 4:48 PM, Always Learning wrote:
> >
> > Legitimate senders should not use fake, false, misleading credentials.

> There is no requirement for the greeting name to match any IP, and isn't 
> likely 
> to work for multi-homed and/or clustered machines.

Which type of 'multi-homing' were you thinking about ?

http://en.wikipedia.org/wiki/Multihoming

* Single Link, Multiple IP address (Spaces)
* Multiple Interfaces, Single IP address per interface
* Multiple Links, Single IP address (Space)
* Multiple Links, Multiple IP address (Spaces)

Which type of 'cluster' were you thinking about ?

http://en.wikipedia.org/wiki/Computer_cluster

* High-availability (HA) clusters
* Load-balancing clusters
* Compute clusters

If any of these share the same IP address, they can share the same host
name.

I am not well acquainted with either of the above two methods,
multi-homed and clusters, but I can not understand why any of them
should resort to using fake identities when sending-out emails. 

Can you help me understand why bogus identities are necessary in these
circumstances ?

Thank you.

-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Stephen Harris]

On Sun, Jul 17, 2011 at 09:07:38PM -0500, Les Mikesell wrote:
> There is no requirement for the greeting name to match any IP, and isn't 
> likely 

RFC2821 says:
   -  The domain name given in the EHLO command MUST BE either a primary
  host name (a domain name that resolves to an A RR) or, if the host
  has no name, an address literal as described in section 4.1.1.1.

So, pretty much, HELO or EHLO greeting _must_ match to an IP.

(RFC821 actually wanted the HELO to match the connecting host, but
2821 just says it must be an A record or an address literal).

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cent0s-6 and virtualbox

[Scott Robbins]

On Mon, Jul 18, 2011 at 09:51:42AM +0800, Christopher Chan wrote:


> On Monday, July 18, 2011 09:32 AM, Christopher Chan wrote:
> > On Monday, July 18, 2011 01:52 AM, Michel Donais wrote:


> >> The version is CentOS-6.0-i386-bin-DVD.iso
> >> With each virtual machine I get this result at the beginning of the
> >> installation:
> >> "This kernel requires the following features not present on the cpu pae"
> >> "Unable to boot - please use a kernel appropriate for your CPU"
> >> I undeerstand that perhaps the computer processor is too old.
> >> But is there a patch to overpass this problem?

Hrrm, seems as if the ISO may be using a PAE kernel by default.  PAE is
a kernel that will be able to make use of more than 4GB of RAM with
i686.  

Ah, I see it's apparently a decision by RH.  I assume there's some logic
in it, though I don't know what it is. 


http://jp.centos.org/modules/newbb/viewtopic.php?topic_id=26352&forum=14


See if it's possible to add
PAE to the machine settings in VirtualBox.   Settings=>System=>Processor

There's a checkbox for PAE.  Try checking that off and seeing if it
helps.



-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Buffy: I told you. I said end of the world. And you're like, 
'Pooh-pooh, Southern California, pooh-pooh.' 
Giles: I'm so very sorry. My contrition completely dwarfs the 
impending apocalypse. 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Les Mikesell]

On 7/17/11 9:18 PM, Always Learning wrote:
>
>>> Legitimate senders should not use fake, false, misleading credentials.
>
>> There is no requirement for the greeting name to match any IP, and isn't 
>> likely
>> to work for multi-homed and/or clustered machines.
>
> Which type of 'multi-homing' were you thinking about ?
>
> http://en.wikipedia.org/wiki/Multihoming
>
> * Single Link, Multiple IP address (Spaces)
> * Multiple Interfaces, Single IP address per interface
> * Multiple Links, Single IP address (Space)
> * Multiple Links, Multiple IP address (Spaces)

Multiple interfaces, multiple IP addresses.  Sendmail isn't going to track 
which 
interface it is sending on and adjust its greeting.

> Which type of 'cluster' were you thinking about ?
>
> http://en.wikipedia.org/wiki/Computer_cluster
>
> * High-availability (HA) clusters
> * Load-balancing clusters
> * Compute clusters
>
> If any of these share the same IP address, they can share the same host
> name.

There are any number of topologies that use multiple IP addresses for what 
appears to be one name.  A load balancer might be involved, they may or may not 
accept on the same IP's as they use for outbound connections, they may or may 
not know the outbound ip.

> I am not well acquainted with either of the above two methods,
> multi-homed and clusters, but I can not understand why any of them
> should resort to using fake identities when sending-out emails.

Just because it doesn't match the IP doesn't make it fake.

> Can you help me understand why bogus identities are necessary in these
> circumstances ?

You are the one defining it as bogus.  Consider a system where one or more of 
it's routes to the internet go through nat routers or the nat functionality of 
a 
load balancer.  The program sending the mail won't even know the IP you see.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 22:37 -0400, Stephen Harris wrote:

> On Sun, Jul 17, 2011 at 09:07:38PM -0500, Les Mikesell wrote:
> > There is no requirement for the greeting name to match any IP, and isn't 
> > likely 

> RFC2821 says:
>-  The domain name given in the EHLO command MUST BE either a primary
>   host name (a domain name that resolves to an A RR) or, if the host
>   has no name, an address literal as described in section 4.1.1.1.
> 
> So, pretty much, HELO or EHLO greeting _must_ match to an IP.
> 
> (RFC821 actually wanted the HELO to match the connecting host, but
> 2821 just says it must be an A record or an address literal).

Thank you Stephen. This is most useful.

I have just received spam about an enlargement to part of the male body,
sent to a special email address I created solely to see a Murdock/News
International newspaper on-line:-


exclusivepreview.timesonline.co.uk@xx

It seems spammers have successfully hacked Rupert Murdock's London Times
newspaper and copied hundreds of thousands of email addresses or has a
member of staff sold the email addresses to spammers to make some money?

To combat the menace of SPAM lazy mail administrators must act
responsibly and end their inexcusable attitude that results in their
mail servers emulating spammers by using false identities in their
HELO/EHLO. The greater the distinction between a spammer's mail server
and a genuine mail server, the easier it becomes to block spam.



-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Les Mikesell]

On 7/17/11 9:37 PM, Stephen Harris wrote:
> On Sun, Jul 17, 2011 at 09:07:38PM -0500, Les Mikesell wrote:
>> There is no requirement for the greeting name to match any IP, and isn't 
>> likely
>
> RFC2821 says:
> -  The domain name given in the EHLO command MUST BE either a primary
>host name (a domain name that resolves to an A RR) or, if the host
>has no name, an address literal as described in section 4.1.1.1.
>
> So, pretty much, HELO or EHLO greeting _must_ match to an IP.
>
> (RFC821 actually wanted the HELO to match the connecting host, but
> 2821 just says it must be an A record or an address literal).

That's a long way for saying it MUST be the name of that particular host (which 
might be one of many in a cluster sharing a name) or that it MUST use the name 
of the interface that it happens to use for a particular connection, or that 
its 
own interface IP MUST be what connects to the target with no NAT involved. 
Saying any of those things would make it very difficult for mail services to 
scale.

-- 
   Les Mikesell
lesmikes...@gmail.com'

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cent0s-6 and virtualbox

[Michel Donais]

> Hrrm, seems as if the ISO may be using a PAE kernel by default.  PAE is
> a kernel that will be able to make use of more than 4GB of RAM with
> i686.
>
> Ah, I see it's apparently a decision by RH.  I assume there's some logic
> in it, though I don't know what it is.
>
>
> http://jp.centos.org/modules/newbb/viewtopic.php?topic_id=26352&forum=14
>
>
> See if it's possible to add
> PAE to the machine settings in VirtualBox.   Settings=>System=>Processor
>
The box is already checked but the CPU doesn't have PAE capability so it's 
useless.

It won't be a bad thing thatthe install may do a choice of a cpu with or not 
the capability of PAE as it was in the past.


---
Michel Donais 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 21:57 -0500, Les Mikesell wrote:

> Multiple interfaces, multiple IP addresses.  Sendmail isn't going to track 
> which 
> interface it is sending on and adjust its greeting.

Sendmail ?  Golly some of us have advanced to more advance systems like
Exim ;-)

When I complained to Cable & Wireless who operate mail sending from all
the UK police forces, they adopted a seemingly unique solution by having
the identical host name mapped to their different IP addresses. That
solution solved it for me.

> > Which type of 'cluster' were you thinking about ?

> There are any number of topologies that use multiple IP addresses for what 
> appears to be one name.  A load balancer might be involved, they may or may 
> not 
> accept on the same IP's as they use for outbound connections, they may or may 
> not know the outbound ip.

It is not inbound (to them) that interests me but outbound. Every IP
address can have a host name, so in theory there is no reason for the
use of fake (non-existent or wrong) host names when sending emails. 

When a computer application is configured to send emails, part of the
configuration process permits a host name to be chosen. In theory there
seems no sensible reason for a fake host name to be used and that must,
I would have thought, apply to multi-homed, clustered, load-balancers
etc. There is absolutely nothing to stop several IP addresses having the
identical host name.

> Just because it doesn't match the IP doesn't make it fake.

There are three reasons why a host name may not match the IP address it
is operating on.

(1) there is no A record so that host name does not exist;

(2) there is no reverse name for the IP address;

(3) the host name belongs to a different IP address;


> > Can you help me understand why bogus identities are necessary in these
> > circumstances ?

> You are the one defining it as bogus.  Consider a system where one or more of 
> it's routes to the internet go through nat routers or the nat functionality 
> of a 
> load balancer.  The program sending the mail won't even know the IP you see.

See my point above about configuring an application to send emails and
the choice there is to use a genuine host name which belongs to the IP
address that application is using to send emails.

Bogus host names are simply a symptom of a disorganised and neglected
mail sending (and perhaps also receiving) system where no one takes any
pride in doing an important job responsibly.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Always Learning]

On Sun, 2011-07-17 at 22:12 -0500, Les Mikesell wrote:

> On 7/17/11 9:37 PM, Stephen Harris wrote:

> > (RFC821 actually wanted the HELO to match the connecting host, but
> > 2821 just says it must be an A record or an address literal).

> That's a long way for saying it MUST be the name of that particular host 
> (which 
> might be one of many in a cluster sharing a name) or that it MUST use the 
> name 
> of the interface that it happens to use for a particular connection, or that 
> its 
> own interface IP MUST be what connects to the target with no NAT involved. 
> Saying any of those things would make it very difficult for mail services to 
> scale.

Sorry if I seem thick but I am having problems understanding why, with
the use of NAT, the HELO/EHLO and their external IP address can not
match.  Also what influences does scaling have on the ability of sending
mail servers (MTAs) to operate with host names that match their IP
addresses ?

Thanks.

-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Les Mikesell]

On 7/17/11 10:26 PM, Always Learning wrote:
>
> Sorry if I seem thick but I am having problems understanding why, with
> the use of NAT, the HELO/EHLO and their external IP address can not
> match.

I suppose it is not impossible if you force a 1 to 1 correspondence.

> Also what influences does scaling have on the ability of sending
> mail servers (MTAs) to operate with host names that match their IP
> addresses ?

NATs are often pools of addresses, often managed by different groups than the 
host services, and sometimes used in sets with different address mappings to 
allow load balancing and failover across multiple isp connections. If mail is 
your only service, you might give all of those addresses the reverse DNS name 
that matches your HELO name, but most places would probably just do what the 
standards require.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Emmanuel Noobadmin]

On 7/18/11, Always Learning  wrote:
> Sorry if I seem thick but I am having problems understanding why, with
> the use of NAT, the HELO/EHLO and their external IP address can not
> match.  Also what influences does scaling have on the ability of sending
> mail servers (MTAs) to operate with host names that match their IP
> addresses ?

I'm trying to make sense of your suggestion and the objections raised,
since I do want to cut down on spam coming into my own server but at
the same time I don't want to cut off legit senders.

So far it seems to me that in for larger corps, this is what the
problem might be.

Say they have 3 different connections for redundancy, one serves
aaa.bbb.ccc.1x, another serve aaa.bbb.ccc.2x and the last .3x

And they have a bunch of services running on various servers, say 10
of them. each with their own hostname e.g. mail1.xyzcorp.com,
mail2.xyzcorp.com

For troubleshooting/tracing purposes, they use different HELO/EHLO
names for the servers and each mail server has their own IP range in
the aaa.bbb.ccc.xx net.

Since they have less outgoing connections than SMTP servers, their
router load balance the outgoing amongst the 3 connections.

So in this case, mail2.xyzcorp.com which HELO with aaa.bbb.ccc.11 may
get sent out via the aaa.bbb.ccc.20 or aaa.bbb.ccc.30 connection and
by your rules get blocked despite being legit.


At least that's how I'm understanding it but I don't admin any site
large enough to know if things are ever set up like that.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[Les Mikesell]

On 7/17/11 10:22 PM, Always Learning wrote:
>
>> Multiple interfaces, multiple IP addresses.  Sendmail isn't going to track 
>> which
>> interface it is sending on and adjust its greeting.
>
> Sendmail ?  Golly some of us have advanced to more advance systems like
> Exim ;-)

Does it vary it's HELO per interface?  How is it aware of upstream NATs?

> When I complained to Cable&  Wireless who operate mail sending from all
> the UK police forces, they adopted a seemingly unique solution by having
> the identical host name mapped to their different IP addresses. That
> solution solved it for me.

I'm somewhat shocked that they made such a change when there is no standard 
that 
requires it.

> It is not inbound (to them) that interests me but outbound. Every IP
> address can have a host name, so in theory there is no reason for the
> use of fake (non-existent or wrong) host names when sending emails.

IP addresses do not correspond to hosts.  They correspond to interfaces.  There 
is not a 1 to 1 correspondence between hosts and IPs.

> When a computer application is configured to send emails, part of the
> configuration process permits a host name to be chosen. In theory there
> seems no sensible reason for a fake host name to be used and that must,
> I would have thought, apply to multi-homed, clustered, load-balancers
> etc. There is absolutely nothing to stop several IP addresses having the
> identical host name.

If you like to waste IP addresses, you could add some just to give them names 
that would keep you happy.

>> Just because it doesn't match the IP doesn't make it fake.
>
> There are three reasons why a host name may not match the IP address it
> is operating on.
>
> (1) there is no A record so that host name does not exist;
>
> (2) there is no reverse name for the IP address;

There isn't much correspondence between 1 and 2 either.  The host name, the 
forward DNS entry and reverse DNS entry are all very different things, 
generally 
managed by different sets of people, even in cases where there is a one to one 
correspondence, which there often isn't.

> (3) the host name belongs to a different IP address;

Or many of them.

> Bogus host names are simply a symptom of a disorganised and neglected
> mail sending (and perhaps also receiving) system where no one takes any
> pride in doing an important job responsibly.

Or people following what the standard says and expecting others to do the same.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[hadi motamedi]

On 7/16/11, Fajar Priyanto  wrote:
> Do this:
> 1. Make sure your Centos has two network card. One connected to
> internet, one to local lan. Make sure the Centos can already browsing
> internet.
> Example internet: eth0 192.168.1.1
> local: eth1 192.168.2.1
>
> 2. Activate ip forwarding in /etc/sysconfig/sysctl.conf
> net.ipv4.ip_forward = 1
>
> Run sysctl -r to reload the new setting
>
> 3. Type this iptables command to share internet:
> iptables ­-t nat -­A POSTROUTING ­-o eth0 -­j MASQUERADE
>
> 4. Set your windows box to use 192.168.2.1 as it's default gateway.
> Don't forget to give it DNS too like 8.8.8.8
>
> 5. I'd suggest you join your Linux Local User Group to have more help.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Thank you very much for your help. At now, I have put my windows
machine behind my centos 5.6 firewall server with just one NIC. The
windows machine can ping 192.9.9.3 but it cannot browse Internet like
connecting to google. I have set its DNS too. Can you please let me
know what step is missing?
Thank you
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[John R. Dennison]

On Mon, Jul 18, 2011 at 12:24:02AM -0400, hadi motamedi wrote:
>
> Thank you very much for your help. At now, I have put my windows
> machine behind my centos 5.6 firewall server with just one NIC. The
> windows machine can ping 192.9.9.3 but it cannot browse Internet like
> connecting to google. I have set its DNS too. Can you please let me
> know what step is missing?

No.

It's about time you started doing something on your own.

Either learn how to manage your own systems or those that you are being
paid to manage or going to school to manage or pay someone competent to
do it for you.

Stop misusing this list.  We are not here to solve your issues.

If you want to consider private consultation please contact me off list
for my rates and payment methods.  I'm sure there are any number of
other list members that would also be willing to do solve your problems
at their normal per diem rates as well.

Note to everyone else:  STOP spoon-feeding him.




John
-- 
There are men -- now in power in this country -- who do not respect
dissent, who cannot cope with turmoil, and who believe that the people of
America are ready to support repression as long as it is done with a quiet
voice and a business suit.

John V. Lindsay (1921-2000), US politician, Congressman, Mayor of New York City


pgpiYet2NIEaz.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[hadi motamedi]

On 7/18/11, John R. Dennison  wrote:
> On Mon, Jul 18, 2011 at 12:24:02AM -0400, hadi motamedi wrote:
>>
>> Thank you very much for your help. At now, I have put my windows
>> machine behind my centos 5.6 firewall server with just one NIC. The
>> windows machine can ping 192.9.9.3 but it cannot browse Internet like
>> connecting to google. I have set its DNS too. Can you please let me
>> know what step is missing?
>
> No.
>
> It's about time you started doing something on your own.
>
> Either learn how to manage your own systems or those that you are being
> paid to manage or going to school to manage or pay someone competent to
> do it for you.
>
> Stop misusing this list.  We are not here to solve your issues.
>
> If you want to consider private consultation please contact me off list
> for my rates and payment methods.  I'm sure there are any number of
> other list members that would also be willing to do solve your problems
> at their normal per diem rates as well.
>
> Note to everyone else:  STOP spoon-feeding him.
>
>
>
>
>   John
> --
> There are men -- now in power in this country -- who do not respect
> dissent, who cannot cope with turmoil, and who believe that the people of
> America are ready to support repression as long as it is done with a quiet
> voice and a business suit.
>
> John V. Lindsay (1921-2000), US politician, Congressman, Mayor of New York
> City
>
Thank you very much for your reply. Can you please let me know what is
the centos mailing list for basic users like me?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Cody Jackson]

On 7/17/11, hadi motamedi  wrote:
> Thank you very much for your reply. Can you please let me know what is
> the centos mailing list for basic users like me?

This one is great:

https://google.com

Cody Jackson
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Christopher Chan]

On Monday, July 18, 2011 01:14 PM, hadi motamedi wrote:

> Thank you very much for your reply. Can you please let me know what is
> the centos mailing list for basic users like me?

Try ubuntu-us...@lists.ubuntu.com

They always have spoon and milk powder ready and then some.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[hadi motamedi]

On 7/18/11, Christopher Chan  wrote:
> On Monday, July 18, 2011 01:14 PM, hadi motamedi wrote:
>
>> Thank you very much for your reply. Can you please let me know what is
>> the centos mailing list for basic users like me?
>
> Try ubuntu-us...@lists.ubuntu.com
>
> They always have spoon and milk powder ready and then some.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
It is very hard for me to miss technical support from you gentlemen
and centos experts. Please let me to just listen to the list.
Thank you again
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[Christopher Chan]

On Monday, July 18, 2011 01:30 PM, hadi motamedi wrote:
> On 7/18/11, Christopher Chan  wrote:
>> On Monday, July 18, 2011 01:14 PM, hadi motamedi wrote:
>>
>>> Thank you very much for your reply. Can you please let me know what is
>>> the centos mailing list for basic users like me?
>>
>> Try ubuntu-us...@lists.ubuntu.com
>>
>> They always have spoon and milk powder ready and then some.
>>
> It is very hard for me to miss technical support from you gentlemen
> and centos experts. Please let me to just listen to the list.
> Thank you again


Why don't you just buy a book, read it, experiment on a spare computer? 
You can listen all you like but it will do you squat unless you actually 
try and think about why you have been given a certain command or piece 
of advice. It will forever be just 'theory'.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewall?

[hadi motamedi]

On 7/18/11, Christopher Chan  wrote:
> On Monday, July 18, 2011 01:30 PM, hadi motamedi wrote:
>> On 7/18/11, Christopher Chan  wrote:
>>> On Monday, July 18, 2011 01:14 PM, hadi motamedi wrote:
>>>
 Thank you very much for your reply. Can you please let me know what is
 the centos mailing list for basic users like me?
>>>
>>> Try ubuntu-us...@lists.ubuntu.com
>>>
>>> They always have spoon and milk powder ready and then some.
>>>
>> It is very hard for me to miss technical support from you gentlemen
>> and centos experts. Please let me to just listen to the list.
>> Thank you again
>
>
> Why don't you just buy a book, read it, experiment on a spare computer?
> You can listen all you like but it will do you squat unless you actually
> try and think about why you have been given a certain command or piece
> of advice. It will forever be just 'theory'.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Thank you for your help. I learned a lot from your post that enabled
me to share Internet connection on my centos 5.6 machine. At now , the
windows machine is behind the centos firewall and it can even ping
192.9.9.3 but just cannot resolve the url (even with DNS set for it).
I just need to know how to give it Internet service?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SPAM on the List

[夜神 岩男]

On Mon, 2011-07-18 at 04:04 +0100, Always Learning wrote:
> On Sun, 2011-07-17 at 22:37 -0400, Stephen Harris wrote:
> 
> > On Sun, Jul 17, 2011 at 09:07:38PM -0500, Les Mikesell wrote:
> > > There is no requirement for the greeting name to match any IP, and isn't 
> > > likely 
> 
> > RFC2821 says:
> >-  The domain name given in the EHLO command MUST BE either a primary
> >   host name (a domain name that resolves to an A RR) or, if the host
> >   has no name, an address literal as described in section 4.1.1.1.
> > 
> > So, pretty much, HELO or EHLO greeting _must_ match to an IP.
> > 
> > (RFC821 actually wanted the HELO to match the connecting host, but
> > 2821 just says it must be an A record or an address literal).

> It seems spammers have successfully hacked Rupert Murdock's London Times
> newspaper and copied hundreds of thousands of email addresses or has a
> member of staff sold the email addresses to spammers to make some money?

Though it is certainly possible that a breach of some sort is
responsible for your spam, sniffing for email headers on high activity
parts of a network would be sufficient to collect a large number of
active email addresses to try (sniffing at Tor gateways could provide
interesting results, come to think of it). Another big winner for
mailbox collection is to not crack the information provider's site, but
to instead crack the email service provider and obtain a list of all
active accounts on that server (which would likely span multiple
domains).

Getting a hold of email accounts can happen any number of ways, most of
them uncontrollable by the account holder. Its a mailbox -- an open
destination for the world to send you stuff. You can't be too surprised
when the world does in fact send you stuff.

Traditional solutions include hiring a secretary to screen your mail
(today this would be setting up SpamAssassin) or ignoring all but
personal messages on verified stationary (today this would be digitally
signed mail) and instead going out to retreive your information at need
instead of having it sent to you at availability.

The diffrence between deposit/fetch and send/receive is profound. This
is part of why I'm surprised that newsreaders and forums have fallen
from favor amongst technical discussion groups. The "Logging into forums
is a PITA" or "setting up another client is a PITA" arguments obviously
won the debate -- though I think spam is a lot deeper into PITA
territory than either at the present time.

-Iwao


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade from CentOS 5.4 to 5.6 -> 6.0 (becoming slightly OT...)

[Patrick Derwael]

-BEGIN PGP SIGNED MESSAGE-
>>Nguyen Vu Hung said the following on 17/07/11 20:19:

>> Currently, the OS is installed on a vmware, and arcording to the tech
staff,
>> due to technical, they can not install CentOS 6 or anything other than
CentOS 5.4 :)

>I already installed CentOS (and RHEL) 6 on VMware ESXi 4.1 and VMware
>Workstation 7.1.4. I already put in production a mail server with CentOS 6
>on VMware ESXi 4

>The so called "technical problems" are a plain lie: RedHat 6 is around for
>many months and VMware supports it.


>Ciao,
>luigi

>- -- 
>/
>+--[Luigi Rosa]--
>\

>You cannot propel yourself forward by patting yourself on the back.

Luigi, 
I was about to do the same as you: install 6 on VM Workstation 7.1.4
(dev/test machine) and later on VM Server 2.0.2 (production).

As VM does not officially support CentOS6, can you tell me which OS version
you have selected? (RH5, CentOS, Other 2.6 kernel?)
Is there any other do's and don't I should be aware of?


Thanks!

Patrick Derwael


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos