[CentOS] postfix - reject of incoming mail due to helo check??
Hi list, I have been getting the following types of log messages Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find your hostname, [71.46.229.50]; from= to= proto=ESMTP helo= a rdns check shows all is well with 71.46.229.50 - it belongs to the from senders domain name. ;; ANSWER SECTION: 50.229.46.71.in-addr.arpa. 777INPTRmail2.orangebankfl.com. It seems it is being rejected due to the helo domain name - which does not have a correct rdns. My problem is that I do not specify the helo check?? this is the relevant portion of main.cf smtpd_helo_required = yes smtpd_delay_reject = yes #added 20090410 strict_rfc821_envelopes = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_client, reject_unauthenticated_sender_login_mismatch, permit smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map smtpd_client_restrictions = check_client_access hash:/etc/postfix/access smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/roleaccount_exceptions, check_helo_access pcre:/etc/postfix/helo_checks, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, check_policy_service unix:postgrey/socket, permit # reject_unauthenticated_sender_login_mismatch smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous #, noplaintext broken_sasl_auth_clients = yes so no reject_unknown_helo_hostname check - so why is it throwing them out? Thanks for anyone's insight. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On 02/02/2012 11:01 AM, Rob Kampen wrote: > Hi list, > I have been getting the following types of log messages > > Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT > from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find > your hostname, [71.46.229.50]; from= > to= proto=ESMTP helo= > > a rdns check shows all is well with 71.46.229.50 - it belongs to the > from senders domain name. > > ;; ANSWER SECTION: > 50.229.46.71.in-addr.arpa. 777INPTRmail2.orangebankfl.com. > > It seems it is being rejected due to the helo domain name - which does > not have a correct rdns. > > My problem is that I do not specify the helo check?? > > this is the relevant portion of main.cf > > > smtpd_helo_required = yes > smtpd_delay_reject = yes > #added 20090410 > strict_rfc821_envelopes = yes > smtpd_helo_restrictions = > permit_mynetworks, > reject_non_fqdn_helo_hostname, > reject_invalid_helo_hostname, > permit > > smtpd_sender_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_non_fqdn_sender, > reject_unknown_client, > reject_unauthenticated_sender_login_mismatch, > permit > > smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map > > smtpd_client_restrictions = > check_client_access hash:/etc/postfix/access > > smtpd_recipient_restrictions = > reject_unauth_pipelining, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > check_sender_access hash:/etc/postfix/sender_access, > check_recipient_access hash:/etc/postfix/roleaccount_exceptions, > check_helo_access pcre:/etc/postfix/helo_checks, > reject_rbl_client sbl-xbl.spamhaus.org, > reject_rbl_client cbl.abuseat.org, > reject_rbl_client dul.dnsbl.sorbs.net, > check_policy_service unix:postgrey/socket, > permit > > # reject_unauthenticated_sender_login_mismatch > > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > #, noplaintext > broken_sasl_auth_clients = yes > > > > so no reject_unknown_helo_hostname check - so why is it throwing them out? > mail.floridianbank.com != mail2.floridianbank.com culprit => reject_non_fqdn_helo_hostname but I would not disable it. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Double Copies Double Copies [SOLVED] it's self
On 02/02/2012 02:59 AM, Mark LaPierre wrote: > On 01/31/2012 08:16 PM, Mark LaPierre wrote: >> Hey Y'all, why am I getting double copies of every email on this list >> today when it wasn't happening yesterday? Isn't happening on any of my >> other email. >> > > I didn't change anything since I wrote the last time. It's working fine > now. Only one copy of each email. Hmmm? Must be an AOL issue that > they fixed. Funny that it only affected the CentOS mail. > They must have been marked as not-read. I had that when I switched from IMAP to POP3 protocol. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip route and nexthop: the "CentOS" way
On 01/02/12 21:06, Les Mikesell wrote: >> Hmm... >> >> I just tried this and besides needing ip route "add" default >> >> It does not seem to work when I unplug the cable on my primary link. Well, I should disclose that is an experiment, and I may not have explained the config fully - see the pages I referenced for more authoritative information. I did think I had it working but I am less sure now, and caching looks like it may be a problem. I should emphasise that the main question I have here is: is RHEL's scheme for configuring routing flexible enough to accommodate such configurations? And if it isn't, is there anything I should bear in mind when hacking a script to do this sort of thing, in order to avoid breaking my system or generally fighting against the system's assumptions? > I don't think CentOS is smart enough to automatically drop routes > associated with a NIC that is down like a Cisco would. If you put > routes in /etc/sysconfig/network-scripts/routes-eth? to match the > device names, the ifup and ifdown scripts will add/remove routes when > you manually run time to enable/disable a particular NIC, Right; and then one NIC's state controls the routing configuration for both. I can't see an easy way around that. > but that doesn't get you automatic failover. > And with ethernet type devices it > is pretty rare for the link to go away at the same time the packets > stop getting through anyway. Just to clarify, by "that" do you mean custom "routes in [..]/routes-eth?" or the nexthop configuration I mentioned? It'd guess the former, but I'm more interested in the latter. Based on some tests I suspect it works initially, then if things change, the routing cache will keep the old non-working config until someone flushes it. Note, I'm not sure about this either (due to the general fog of fatigue), and I'm thinking I should try a an entirely different approach. Thanks, N ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip route and nexthop: the "CentOS" way
On 02/02/2012 11:28 AM, Nick wrote: > And if it isn't, is there anything I should bear in mind when hacking a script > to do this sort of thing, in order to avoid breaking my system or generally > fighting against the system's assumptions? > I would have ping the gateway of primary link (maybe both) and some outside IP on that path, and in case of timeouts I would activate changes or something. Like "heartbeat" tests. But I recommend you read: http://www.shorewall.net/Shorewall_and_Routing.html and then consider using shorewall in MultiISP environment. I do not think Basic routing is able to deal with changing circumstances, at least not fast enough. One solution would be running dynamic routing protocols, like OSPF or OLSR, which involves running then on several routers/systems, or using some active script like shorewall. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip route and nexthop: the "CentOS" way
On 02/02/2012 05:41 AM, Ljubomir Ljubojevic wrote: > On 02/02/2012 11:28 AM, Nick wrote: >> And if it isn't, is there anything I should bear in mind when hacking a >> script >> to do this sort of thing, in order to avoid breaking my system or generally >> fighting against the system's assumptions? >> > I would have ping the gateway of primary link (maybe both) and some > outside IP on that path, and in case of timeouts I would activate > changes or something. Like "heartbeat" tests. > Yes, we use a perl script that pings two different sites on the net using specific routes to direct the pings out specific interfaces, if after a configurable number of pings get lost out the primary interface the perl script changes the default route to the secondary interface while still trying to ping out the primary interface, when a configurable number of pings out the primary interface succeed the perl script changes the default route back to the primary. > But I recommend you read: > http://www.shorewall.net/Shorewall_and_Routing.html > > and then consider using shorewall in MultiISP environment. I do not > think Basic routing is able to deal with changing circumstances, at > least not fast enough. One solution would be running dynamic routing > protocols, like OSPF or OLSR, which involves running then on several > routers/systems, or using some active script like shorewall. > -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On Thu, Feb 02, 2012 at 11:01:52PM +1300, Rob Kampen wrote: > 50.229.46.71.in-addr.arpa. 777INPTRmail2.orangebankfl.com. However: % getent hosts mail2.orangebankfl.com. 71.43.202.234 mail2.orangebankfl.com 71.46.229.50 != 71.43.202.234 Senders DNS is broken. rDNS lookup validation is failing. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] confidence in partitioning tool (6.2)
On Tue, Jan 31, 2012 at 7:21 AM, Larry Martell wrote: > On Tue, Jan 31, 2012 at 7:11 AM, Marko Vojinovic wrote: >> On Tuesday 31 January 2012 05:34:21 Larry Martell wrote: >>> On Mon, Jan 30, 2012 at 10:15 PM, Arun Khan wrote: >>> > On Mon, Jan 30, 2012 at 9:57 PM, Ken godee wrote: >>> >> Maybe a little different answer than you're looking for >>> >> >>> >> But why not install VMware Workstation (free)? >>> > >>> > The OP does not have admin rights to the Windows OS. I presume he >>> > would need it to install any piece of software (I use Virtual Box). >>> >>> I can't even defrag the disk without admin rights :-( >>> >>> I'm going to make one more push to get admin, and if not, just go >>> ahead and install CentOS and see what happens. >> >> Beware that resizing a Windows partition which has not been defrag'ed is a >> Bad >> Idea, and works only if you are lucky enough that Windows didn't use the end- >> portion of the partition. Maybe it will work on a freshly installed and not- >> ever-seriously-used Windows, but it's a gamble. > > I've found that there is an automated defrag scheduled for 1:45am on > Wednesdays. I probably won't be up then, but perhaps nothing will move > around between then and the morning. > >> If it doesn't work, you're looking at data loss and corruption of the ntfs >> partition (fixing of the latter may require you to have admin privileges...). >> >> If your Windows admin doesn't want to provide you with the privileges, why >> don't you ask him to resize the partition for you? > > Yeah, I'm in a remote location (at home) and it's a huge company with > centralized admin services and I'm working for a small division, but > perhaps I can get them to remote in and do it. They're just not very > responsive, so it's a slow process. I was able to get temporary admin rights, and then I successfully installed CentOS and can also boot into Windows. Thanks everyone for all the info and advise. On to bigger and better things! -larry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tftp in 6.2
>I use tftp + pxe booting routinely on EL6.2. To get help, you're going
>to need to share much more information about your setup, the errors/log
>messages, and what you've tried to do thus far.
Right, but that's in a ro setup.
SELinux is disabled on this machine, perms on /var/lib/tftpboot are 777.
Xinetd's tft is defiend as follows:
service tftp
{
socket_type= dgram
protocol = udp
wait= yes
user = root
server= /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
Even with the verbosity turned up, I at most see only notices of connections in
syslog.
Thanks,
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On 02/02/12 10:01, Rob Kampen wrote: > Hi list, > I have been getting the following types of log messages > > Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT > from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find > your hostname, [71.46.229.50]; from= > to= proto=ESMTP helo= > > a rdns check shows all is well with 71.46.229.50 - it belongs to the > from senders domain name. > > ;; ANSWER SECTION: > 50.229.46.71.in-addr.arpa. 777INPTRmail2.orangebankfl.com. > > It seems it is being rejected due to the helo domain name - which does > not have a correct rdns. > No, the error is: Client host rejected: cannot find your hostname, [71.46.229.50] > > smtpd_sender_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_non_fqdn_sender, > reject_unknown_client, > reject_unauthenticated_sender_login_mismatch, > permit > and you have reject_unknown_client above. Postfix is attempting a rDNS lookup against the client IP [71.46.229.50], it temp failed for whatever reason (not that uncommon) so the client is "unknown" and you rejected it accordingly. See the Postfix documentation entry for more info: reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client) Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address. This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above. The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name or name->address lookup failed due to a temporary problem. I would recommend removing reject_unknown_client from your smtpd_sender_restrictions. Hope that helps. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On 2012-02-02 15:39, Ned Slider wrote: > > I would recommend removing reject_unknown_client from your > smtpd_sender_restrictions. > I would not recommend that, I would recommend you fix your DNS. If you have a lot of mail throughput perhaps run a caching-DNS server or proxy to improve performance and reduce timeouts. -- Message sent via my webmail account. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 84, Issue 2
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CEEA-2012:0088 CentOS 5 igb-kmod Update (Johnny Hughes)
2. CESA-2012:0086 Moderate CentOS 4 openssl Update (Johnny Hughes)
--
Message: 1
Date: Wed, 1 Feb 2012 21:11:48 +
From: Johnny Hughes
Subject: [CentOS-announce] CEEA-2012:0088 CentOS 5 igb-kmod Update
To: centos-annou...@centos.org
Message-ID: <20120201211148.ga14...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Enhancement Advisory 2012:0088
Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-0088.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
1e95d3b4772e0d6dfa54cdf005739f3734514d294ccf9d08a085af219089e581
kmod-igb-PAE-rhel5u7-3.0.6_k2_1.1-1.el5_7.i686.rpm
1a87f094a6ffcc5b2e43064ba008c24626135743b52111fdfac8de5ebdbc7ece
kmod-igb-rhel5u7-3.0.6_k2_1.1-1.el5_7.i686.rpm
c24ea761bec86b3c0ff07cfec83194b948f1394c4b3b4d8bbf61aee2d2016236
kmod-igb-xen-rhel5u7-3.0.6_k2_1.1-1.el5_7.i686.rpm
x86_64:
677836da32eeb018599f6d2eba83d3065abda4dbcbe1e5a355c4196c0923cd0d
kmod-igb-rhel5u7-3.0.6_k2_1.1-1.el5_7.x86_64.rpm
63fba780d87b7230c650f72498c3f12b4946d0825d6a8513ffb3668c379db43a
kmod-igb-xen-rhel5u7-3.0.6_k2_1.1-1.el5_7.x86_64.rpm
Source:
45aa12e16a42b59b026e84eb97697ac5ab3a1b20eb1c454af23844ea825cac1d
igb-kmod-3.0.6_k2_1.1-1.el5_7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Wed, 1 Feb 2012 22:15:00 +
From: Johnny Hughes
Subject: [CentOS-announce] CESA-2012:0086 Moderate CentOS 4 openssl
Update
To: centos-annou...@centos.org
Message-ID: <20120201221500.ga17...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2012:0086 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0086.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d4fa42294b698cd8aaa87f4ec25fddc7d0a5c2d73dce9359ad3dec7b0598679d
openssl-0.9.7a-43.18.el4.i386.rpm
51f2bff72ebece544abce0b2f8011fd8ea06f6e6d2892ffc1338f8b0c6472d33
openssl-0.9.7a-43.18.el4.i586.rpm
7393bc427484b8193c15c29682c5a9310c06de2ea0659ed78d684c0390e2fe34
openssl-0.9.7a-43.18.el4.i686.rpm
8961d9591e4459caa351fd121072065b9daa8b5fe7627c4f82aa3dfdbeedd768
openssl-devel-0.9.7a-43.18.el4.i386.rpm
21ad59a320f9474a7e2a4cf66d757602c144336c3540f77a2e9135155e5088d3
openssl-devel-0.9.7a-43.18.el4.i586.rpm
4cc71135a0f70a225efa6a7ddbeda9077c6e17cf908b7268ed336e9e19170eff
openssl-perl-0.9.7a-43.18.el4.i386.rpm
790224367954fb3a8372917b40629f8a818f2712b0608a0c6c585016250e6f23
openssl-perl-0.9.7a-43.18.el4.i586.rpm
x86_64:
7393bc427484b8193c15c29682c5a9310c06de2ea0659ed78d684c0390e2fe34
openssl-0.9.7a-43.18.el4.i686.rpm
ce06078bb4af51e619c9b79ef32c0e8123c25047ff745372f797f9778a739aa1
openssl-0.9.7a-43.18.el4.x86_64.rpm
8961d9591e4459caa351fd121072065b9daa8b5fe7627c4f82aa3dfdbeedd768
openssl-devel-0.9.7a-43.18.el4.i386.rpm
3e06f7b8628d216c10f17be7cf14a0f10cf40d71e72cf730529b3c9f0d2453b0
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm
4cc71135a0f70a225efa6a7ddbeda9077c6e17cf908b7268ed336e9e19170eff
openssl-perl-0.9.7a-43.18.el4.i386.rpm
9ea2118dc5a1b2ece627189dcdc42e3e5ed3f6428a13366d137a8ca90ef6bed2
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm
Source:
d65c37417f26fc83627b9c997946baa91a3ba7cc09347e47f0349f2460358346
openssl-0.9.7a-43.18.el4.src.rpm
--
Tru Huynh
CentOS Project { http://www.centos.org/ }
irc: tru_tru, #cen...@irc.freenode.net
--
___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 84, Issue 2
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On 02/02/12 15:44, Giles Coochey wrote: > On 2012-02-02 15:39, Ned Slider wrote: >> >> I would recommend removing reject_unknown_client from your >> smtpd_sender_restrictions. >> > > I would not recommend that, I would recommend you fix your DNS. If you > have a lot of mail throughput perhaps run a caching-DNS server or proxy > to improve performance and reduce timeouts. > What makes you think it's his DNS that is/was broken? But yes, a caching name server is almost obligatory for anyone running a mail server. There is a reason the default rejection code is 450 and that is because temporary failures in DNS lookups are not uncommon, otherwise it would be a permanent rejection. IMHO this setting is more likely to delay legitimate mail with temporary DNS issues, as is the case here, than it is to block spam. There are more reliable indicators of spam that are less likely to cause FPs than relying on a rDNS lookup. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On 02/02/2012 17:35, Ned Slider wrote: > On 02/02/12 15:44, Giles Coochey wrote: >> On 2012-02-02 15:39, Ned Slider wrote: >>> I would recommend removing reject_unknown_client from your >>> smtpd_sender_restrictions. >>> >> I would not recommend that, I would recommend you fix your DNS. If you >> have a lot of mail throughput perhaps run a caching-DNS server or proxy >> to improve performance and reduce timeouts. >> > What makes you think it's his DNS that is/was broken? I didn't take much notice to the overall context of the error. The sender's DNS is broken, the sender may be the same organisation as the receiver. > > But yes, a caching name server is almost obligatory for anyone running a > mail server. Agreed. > > There is a reason the default rejection code is 450 and that is because > temporary failures in DNS lookups are not uncommon, otherwise it would > be a permanent rejection. IMHO this setting is more likely to delay > legitimate mail with temporary DNS issues, as is the case here, than it > is to block spam. There are more reliable indicators of spam that are > less likely to cause FPs than relying on a rDNS lookup. > > There are times when you might want to just receive anything on port 25, missing rDNS is a good indication of a bot. I don't use absolute rules myself for accepting or rejecting emails on my gateways, but rather a score based system. However, the sender will have a large number of deferred messages in their queue if we assume that the missing rDNS is a global problem and their users will eventually be receiving warning messages and later bounces for a good proportion of emails they send. I don't see any reason to go out of my way to workaround their problem. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SSD Drives
Has anyone installed a high I/O application such as an email server on SSD drives? Was thinking about doing two SSD's in RAID1. It would solve my I/O latency issues but I have heard that SSD's wear out quickly in high I/O situations? Something like each memory location only has X many writes before its done. Just wandering if anyone has tested it and if newer SSD's are better about this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On 2/2/2012 1:19 PM, Matt wrote: > Has anyone installed a high I/O application such as an email server on > SSD drives? Was thinking about doing two SSD's in RAID1. It would > solve my I/O latency issues but I have heard that SSD's wear out > quickly in high I/O situations? Something like each memory location > only has X many writes before its done. Just wandering if anyone has > tested it and if newer SSD's are better about this? > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos it all depends on how much writing you do AND how much spare space the drives have. The more spare flash the drives have the longer they'll live due to being able to spread the writing wear over a larger area. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On Thu, 2 Feb 2012, William Warren wrote: > On 2/2/2012 1:19 PM, Matt wrote: >> Has anyone installed a high I/O application such as an email server on >> SSD drives? Was thinking about doing two SSD's in RAID1. It would >> solve my I/O latency issues but I have heard that SSD's wear out >> quickly in high I/O situations? Something like each memory location >> only has X many writes before its done. Just wandering if anyone has >> tested it and if newer SSD's are better about this? >> > it all depends on how much writing you do AND how much spare space the > drives have. The more spare flash the drives have the longer they'll > live due to being able to spread the writing wear over a larger area. > How very timely, I'm just starting to investigate something similar myself. I don't have much to contribute however this forum post: http://www.xtremesystems.org/forums/showthread.php?271063-SSD-Write-Endurance-25nm-Vs-34nm seems as though it'll be interesting, if I can ever make it through 3500+ pages to get to the conclusion. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On 02/02/12 14:05, Mike wrote: > On Thu, 2 Feb 2012, William Warren wrote: > >> On 2/2/2012 1:19 PM, Matt wrote: >>> Has anyone installed a high I/O application such as an email server on >>> SSD drives? Was thinking about doing two SSD's in RAID1. It would >>> solve my I/O latency issues but I have heard that SSD's wear out >>> quickly in high I/O situations? Something like each memory location >>> only has X many writes before its done. Just wandering if anyone has >>> tested it and if newer SSD's are better about this? >>> >> it all depends on how much writing you do AND how much spare space the >> drives have. The more spare flash the drives have the longer they'll >> live due to being able to spread the writing wear over a larger area. >> > How very timely, I'm just starting to investigate something similar > myself. I don't have much to contribute however this forum post: > http://www.xtremesystems.org/forums/showthread.php?271063-SSD-Write-Endurance-25nm-Vs-34nm > seems as though it'll be interesting, if I can ever make it through 3500+ > pages to get to the conclusion. > If you're worried about io reliability, then buy a (way more expensive) SLC drive, rather than the consumer level MLC... We have some SLC drives here that from their manufacturer have been rated at 3 or more years of 100% write 24x7... Peter. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On 02/03/2012 06:35 AM, Ned Slider wrote: > On 02/02/12 15:44, Giles Coochey wrote: >> On 2012-02-02 15:39, Ned Slider wrote: >>> I would recommend removing reject_unknown_client from your >>> smtpd_sender_restrictions. >>> I think this will allow the mail through - but when I look at my logs just in the last week we have over 5400 rejects due to unknown client and only 24 of these are from this client - all the rest are junk. My confusion is that a reverse lookup of the IP gives me the clients domain (dropping the mail(x) subdomain) thus I assumed it was the helo domain name - which does not have rDNS - that was causing the reject - maybe it was just a timing error. Also, as I run bind - it may be a cache error and I need to leave it for 24+ hours Final question for the list - does anyone use "reject_unknown_client" - it has given me the most grief with legitimate clients that have poorly administered domains. >> I would not recommend that, I would recommend you fix your DNS. If you >> have a lot of mail throughput perhaps run a caching-DNS server or proxy >> to improve performance and reduce timeouts. >> we already run bind - the problem should not be temp timeouts. The domain with the problem is not under my control. > What makes you think it's his DNS that is/was broken? > > But yes, a caching name server is almost obligatory for anyone running a > mail server. > > There is a reason the default rejection code is 450 and that is because > temporary failures in DNS lookups are not uncommon, otherwise it would > be a permanent rejection. IMHO this setting is more likely to delay > legitimate mail with temporary DNS issues, as is the case here, than it > is to block spam. There are more reliable indicators of spam that are > less likely to cause FPs than relying on a rDNS lookup. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On 2/2/2012 2:15 PM, Peter A wrote: > On 02/02/12 14:05, Mike wrote: >> On Thu, 2 Feb 2012, William Warren wrote: >> >>> On 2/2/2012 1:19 PM, Matt wrote: Has anyone installed a high I/O application such as an email server on SSD drives? Was thinking about doing two SSD's in RAID1. It would solve my I/O latency issues but I have heard that SSD's wear out quickly in high I/O situations? Something like each memory location only has X many writes before its done. Just wandering if anyone has tested it and if newer SSD's are better about this? >>> it all depends on how much writing you do AND how much spare space the >>> drives have. The more spare flash the drives have the longer they'll >>> live due to being able to spread the writing wear over a larger area. >>> >> How very timely, I'm just starting to investigate something similar >> myself. I don't have much to contribute however this forum post: >> http://www.xtremesystems.org/forums/showthread.php?271063-SSD-Write-Endurance-25nm-Vs-34nm >> seems as though it'll be interesting, if I can ever make it through 3500+ >> pages to get to the conclusion. >> > If you're worried about io reliability, then buy a (way more expensive) > SLC drive, rather than the consumer level MLC... We have some SLC drives > here that from their manufacturer have been rated at 3 or more years of > 100% write 24x7... > > Peter. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos exactly hence why i said stay with OCZ or Intel..MLC drives are the best. But also the smaller the process node the shorter the lifespan of the flash. MLC drives will also over provision more spare flash area most times. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On 02/02/12 17:01, William Warren wrote: > On 2/2/2012 2:15 PM, Peter A wrote: >> If you're worried about io reliability, then buy a (way more expensive) >> SLC drive, rather than the consumer level MLC... We have some SLC drives >> here that from their manufacturer have been rated at 3 or more years of >> 100% write 24x7... >> >> Peter. >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > exactly hence why i said stay with OCZ or Intel..MLC drives are the > best. But also the smaller the process node the shorter the lifespan of > the flash. MLC drives will also over provision more spare flash area > most times. Aeh... that's exactly the opposite of what I said. MLC (multi level cell) SSDs store more than one bit per cell. In current devices that's mostly 2 bits per cell, but more is around the corner. On an SLC (single level cell) there is only one bit per cell - true binary just like what we have in RAM and others. SLC devices are superior in reliability because it simply takes a lot more disturbing of a cell to make it lose enough charge that a 1 gets interpreted as a 0. The devices are also usually faster, especially on a re-write basis. A Oracle 96GB flash card (SLC) physically has 128GB. Most consumer MLC devices with 128GB are sold as 120GB visible... Again in favor of the SLC. Only problem is that you pay for what you get. SLC devices are significantly more expensive. Fusion I/O and all the other server ssd vendors do the same - they give you a cheap MLC device with limited performance and reliability and a high end, much more pricey SLC unit. Peter. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix - reject of incoming mail due to helo check??
On 02/02/2012 10:08 PM, Rob Kampen wrote: > Final question for the list - does anyone use "reject_unknown_client" - > it has given me the most grief with legitimate clients that have poorly > administered domains. My restrictions are: permit_mynetworks permit_sasl_authenticated reject_unknown_hostname permit_mx_backup reject_unauth_destination reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_rbl_client sbl.spamhaus.org dnsbl.sorbs.net and I am very happy with them. SPAM is very limited, and false positives are rare. I usually send worning mail to the admin of the domain in question. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Red Hat Extends Linux Support
Hey Y'all, What do you think this means for CentOS long term support? http://www.serverwatch.com/server-news/red-hat-extends-linux-support.html -- _ °v° /(_)\ ^ ^ Mark LaPierre Registerd Linux user No #267004 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat Extends Linux Support
On 02/02/2012 11:48 PM, Mark LaPierre wrote: > Hey Y'all, > > What do you think this means for CentOS long term support? > > http://www.serverwatch.com/server-news/red-hat-extends-linux-support.html > That CentOS team will have access to src.rpm's not fo r 7 but for 10 years. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat Extends Linux Support
On 02/02/12 2:48 PM, Mark LaPierre wrote: > What do you think this means for CentOS long term support? > > http://www.serverwatch.com/server-news/red-hat-extends-linux-support.html I'd guess that the CentOS team will be supporting EL5 for the additional 3 years, as long as RH makes the SRPM's readily available... -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Double Copies Double Copies [SOLVED] itself
On Thursday, 02 February, 2012 @01:59 UTC, Mark LaPierre spake thusly: > I didn't change anything since I wrote the last time. It's working > fine now. Only one copy of each email. Hmmm? Must be an AOL issue > that they fixed. Funny that it only affected the CentOS mail. I saw exactly 4. http://i41.photobucket.com/albums/e273/Darr247/DoubleCopiesDoubleCopies.png ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] new mysql installation, kinda stuck
I installed centos 6 as a webserver. It installed mysql. However, I guess I need mysql-server for me to use it for php and my website. I installed that. I am unable to give root a password and can go no further. I have tried mysql-secure-installation and I just get stuck at errors and no progression. I have tried mysqladmin -u root password and the accompanying one that includes the hostname. ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) I am unable to use mysql with php or do anything at all with it. It was strange it installed mysql but I guess this version is different and needs more packages to work within a webserver. all attempts at using mysql without mysql-server installed just results in nothing being found (like mysqld) and the like...so I had to install the server. In 5.x I could just use mysqladmin and add roots, delete anonymous, etc. However, this time I am stuck. I uninstalled mysql-server, the perl thing that comes with it, and mysql itself, then reinstalled them, that got me no where. gotta be something I am missing here. thanks for listening. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new mysql installation, kinda stuck- sorta solved
after a few yum remove / reinstalls I got this working by doing the following... (not fully set up yet, just the very first step) #yum install mysql mysql-server #service mysqld start #chkconfig --levels 235 mysqld on #mysql --user=root -p (this is not the syntax I would have normaly used, but only this seemed to get past the hump) #mysql-secure-installation it asked for password and I entered the new password. It then said, okay, and asked if I wanted to change the password, I did. (wanted a tough one). then I finished the mysql-secure-installation questions. Although secure-installation is set up to just hit enter on a new install as no password has yet been added, that results in an error 100% of the time. Using a different syntax mysql -u root password resulted in complete failure when trying the mysql-secure-installation. Trying to by pass the secure installation and what I would assume was normal for adding the two root password commands (the one above and one with the hostname and password) resulted in failure (guess it is a new version with new stuff). I am happy that mysql has finally automated that little 'wide open' mysql server thing. It was not smooth to do this though. With a fresh install of mysql and the server the secureinstallation script should have took when I had no password. It does not (or not in my case)...wheee. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new mysql installation, kinda stuck- sorta solved
Bob Hoffman writes: > after a few yum remove / reinstalls I got this working by doing the > following... > > (not fully set up yet, just the very first step) > > #yum install mysql mysql-server > #service mysqld start > #chkconfig --levels 235 mysqld on > > #mysql --user=root -p First time you log in you don't need "-p" as there is no password to input yet. That's your first mistake. "mysql -u root" would've worked just as good. To avoid problems, after the install is done just execute mysql-secure-installation which will guide you through setting up the root password. When you run into this kind of problems you can just remove or rename /var/lib/mysql and restart the service, it should "reset" you back to square one. Of course, make a backup first! Cheerio -- Nux! www.nux.ro ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip route and nexthop: the "CentOS" way
On 02/01/2012 11:03 AM, Nick wrote: > I believe I can configure the routing table manually like this: > ip route default scope global \ > nexthop via 192.168.1.1 dev eth1 weight 1 \ > nexthop via 192.168.0.1 dev eth0 weight 2 > > This kind of thing doesn't seem to fit into the scheme of > /etc/sysconfig/network-scripts/route-eth? described there, since the route > isn't > "for" any single interface. It doesn't really matter that the route isn't "for" a specific interface. The route just has to be valid when the file is evaluated. You'd want to create route-eth1 and add a single line starting with "default" and containing the rest of the command you listed above. > And how do I stop CentOS from trying to pick its own default gateway settings > (since /etc/sysconfig/network likely won't have a GATEWAY parameter)? If you're not specifying one elsewhere, the system won't "pick" one as far as I know. Having said that, I don't think that the kernel will do automatic route detection failures. IIRC, "weight" is used for load balancing, and connections will be pinned to whatever route is selected. You probably don't want to do any of this. Instead, you'd want to use a package that's set up to handle the routes and rules that are required for multiple ISP handling, and scripts that are written to detect link failure and adjust the system accordingly. Consider: http://www.shorewall.net/MultiISP.html#LinkMonitor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
