Re: [CentOS] CentOS Server Backup Options

[Michael Schumacher]

Hi,

On Monday, March 12, 2012 you wrote:

>> What do you guys recommend for backing up a small CentOS server in a
>> business environment.  It will have (3) 300gb drives in a raid 5 array but I
>> don't anticipate more than about 25gb of data that needs to be backed up
>> each night.

> I stumbled on http://storebackup.org/ the other day. It looks pretty good for
> disc-disc backup. 

I am using storeBackup for three years now and LOVE it. I am backing
up three servers to two independent backup servers and get a new
backup every four hours. storeBackup uses hard links on the target
disk, so you do not need much physical space on the backup servers. A
backup of a 250GB server takes less than 15 minutes.

This is certainly no solution if you need an insurance against
hardware failures, but it is a perfect backup to store densely older
versions of the server content.

Having the servers and the backup servers on RAID6 and having
storeBackup makes me sleep well.

best regards
---
Michael Schumacher
PAMAS Partikelmess- und Analysesysteme GmbH
Dieselstr.10, D-71277 Rutesheim
Tel +49-7152-99630
Fax +49-7152-996333
Geschäftsführer: Gerhard Schreck
Handelsregister B Stuttgart HRB 252024

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Thunderbird and Firefox 10 font rendering

[Toralf Lund]

On 08/03/12 17:34, Johnny Hughes wrote:
> On 03/08/2012 07:49 AM, Toralf Lund wrote:
>> On 08/03/12 14:35, John Doe wrote:
>>> I use both 3.6.26 (from centOS 5) and 10.0.2 (binary from mozilla).
>>> And, after setting the same font settings in both, I cannot see any real 
>>> differences...
>>> Only tiny difference I could find if I screenshot both and zoom a lot is 
>>> lighter pixels in the anti-aliasing of 10.x.
>>> But that might just depend on the position in the display maybe...
>> Like I said elsewhere, I looks like the version 10 applications do not
>> pick up the settings from System->Preferences->Fonts->Details... in
>> GNOME. I've just verified that Firefox does on a system with an older
>> CentOS version, although there are no direct updates like for other
>> programs - I have to hit reload to see updates in the contents area, and
>> restart to get updated display in menus etc.
>>
>> If it's not too much too ask, could you check if these settings have and
>> effect for you?
>>
> Firefox 10.0.1, at least the version in CentOS6 that is included, has
> its own unique font settings.
>
> Please open the Edit =>  Preferences ... then click the "Content" tab.
>
> In the Content Area, you will see a "Fonts&  Colors" area, and there is
> where you will pick your Firefox font.  There is also an Advanced section.
I'm not talking about selecting fonts, but rather configuration of how 
exactly the letter shapes are drawn for any font.

- Toralf

>
>


This e-mail, including any attachments and response string, may contain 
proprietary information which is confidential and may be legally privileged. It 
is for the intended recipient only. If you are not the intended recipient or 
transmission error has misdirected this e-mail, please notify the author by 
return e-mail and delete this message and any attachment immediately. If you 
are not the intended recipient you must not use, disclose, distribute, forward, 
copy, print or rely on this e-mail in any way except as permitted by the author.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Thunderbird and Firefox 10 font rendering

[Toralf Lund]

On 08/03/12 15:36, John Doe wrote:
> From: John Doe
>
>> Hum... playing with the gnome font settings does not change anything
>> in either firefoxes...
Really? I'm trying this again now... What I'm doing is:

 1. Start firefox
 2. Select System->Preferences->Fonts from the desktop panel menu.
 3. In the "Font Preferences" window, click "Details...".
 4. Select "None" under "Smoothing:" in the "Font Rendering Details"
window - where "Grayscale" or "Subpixel (LCDs)" was selected in the
past.
 5. Restart firefox

... while inspecting the texts in the desktop menu and the firefox menu 
bar. Now, the destop menu text clearly changes after the step 4 - the 
letters get a somewhat thinner and more jagged appearance. The firefox 
menu bar stays the same. However, on the system running firefox 3.6.26, 
after step 5 it changes, too, so that it looks like the one on the 
desktop. With firefox 10, there is no change even after this step.

Note that I'm testing the old firefox on a system that has not got the 
latest set of updates, though, i.e. it's still essentially on CentOS 
5.7. In other words, other packages may be affecting the behaviour.

> But if you meant changing something else than rendering: if change
> the "Application font", it changes in both firefoxes instantaneously...
Yep. That works for me, too.
> Maybe check in /etc/fonts/conf.d/...
It contains a lot of files, but I suppose I'll have to look through all 
of them...

- Toralf

>
> JD
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


This e-mail, including any attachments and response string, may contain 
proprietary information which is confidential and may be legally privileged. It 
is for the intended recipient only. If you are not the intended recipient or 
transmission error has misdirected this e-mail, please notify the author by 
return e-mail and delete this message and any attachment immediately. If you 
are not the intended recipient you must not use, disclose, distribute, forward, 
copy, print or rely on this e-mail in any way except as permitted by the author.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Thunderbird and Firefox 10 font rendering

[Toralf Lund]

On 12/03/12 09:11, Toralf Lund wrote:
> On 08/03/12 15:36, John Doe wrote:
>> From: John Doe
>>
>>> Hum... playing with the gnome font settings does not change anything
>>> in either firefoxes...
> Really? I'm trying this again now... What I'm doing is:
>
>   1. Start firefox
>   2. Select System->Preferences->Fonts from the desktop panel menu.
>   3. In the "Font Preferences" window, click "Details...".
>   4. Select "None" under "Smoothing:" in the "Font Rendering Details"
>  window - where "Grayscale" or "Subpixel (LCDs)" was selected in the
>  past.
>   5. Restart firefox
Actually, that works mainly as a way of testing on the "old" system 
(which is what I focused on now.) On the new one, texts look rather as 
if they have no smoothing already, so the inverse test is more 
appropriate...

- Toralf

>
> ... while inspecting the texts in the desktop menu and the firefox menu
> bar. Now, the destop menu text clearly changes after the step 4 - the
> letters get a somewhat thinner and more jagged appearance. The firefox
> menu bar stays the same. However, on the system running firefox 3.6.26,
> after step 5 it changes, too, so that it looks like the one on the
> desktop. With firefox 10, there is no change even after this step.
>
> Note that I'm testing the old firefox on a system that has not got the
> latest set of updates, though, i.e. it's still essentially on CentOS
> 5.7. In other words, other packages may be affecting the behaviour.
>
>> But if you meant changing something else than rendering: if change
>> the "Application font", it changes in both firefoxes instantaneously...
> Yep. That works for me, too.
>> Maybe check in /etc/fonts/conf.d/...
> It contains a lot of files, but I suppose I'll have to look through all
> of them...
>
> - Toralf
>
>> JD
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>
> This e-mail, including any attachments and response string, may contain 
> proprietary information which is confidential and may be legally privileged. 
> It is for the intended recipient only. If you are not the intended recipient 
> or transmission error has misdirected this e-mail, please notify the author 
> by return e-mail and delete this message and any attachment immediately. If 
> you are not the intended recipient you must not use, disclose, distribute, 
> forward, copy, print or rely on this e-mail in any way except as permitted by 
> the author.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hfs with extended attribute support

[Wessel van der Aart]

i figured that if you use filesystems and protocols most native to the 
mac os you´ll get the best results in stability on the client side, 
that´s why i thought of HFS. but ext4 seems to do the job well.
i´ll definitely checkout samba too. do you also serve homedirs to them? 
had any issues?

Thanks,
Wessel

On 03/08/2012 06:07 PM, Lamar Owen wrote:

  Sorry it didn't work out for you. Linus, for one, has a pretty poor 
opinion of HFS in general.and I'm not thrilled with it myself, due 
to some issues I had with Tiger on a PowerMac G4 and heavily corrupted 
filesystems, journaled or not. And I have some of the 'rescue' tools 
like DiskWarrior, and I've still lost some data. Hopefully your 
experience with ext4 will work out better. Mac OS X does very well with 
SMB/CIFS shares, too, if AppleTalk doesn't work out for you. (I run Mac 
OS X here in a few areas, and even Tiger works well with a Samba server, 
but I haven't tried any ACL's with it). 
___ CentOS mailing list 
CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] php-pear problem on yum update

[Nikos Gatsis - Qbit]

Thank you all for answering
Finally I exclude php-pear for updating.
Leonard you are right, for some reason rpm forge has install some packs 
for pear.
I'll leave it as is, I cant afford causing problems. We have a lot of 
web pages and databases running so we cant take any risk.

Thank you again


On 09/03/2012 7:00 μμ, centos-requ...@centos.org wrote:
> Hello Nikos, On Fri, 2012-03-09 at 11:16 +0200, Nikos Gatsis - Qbit 
> wrote:
>> >  I have never Install a package out of yum so this conflict is very
>> >  strange to me.
>> >  I try to clean up yum, and update with --skip-broken with no luck.
> The .rf packages come from the Repoforge (formerly RPMForge) repo. The
> conflict you see is caused by similar packages being provided by
> multiple repos. You can only fix that by excluding them from all but one
> repo.
>
>> >  Is good to install php packages excluding php-pear?
>> >  Actually I dont use it.
> The fact that you have so many PEAR packages on your system suggest
> someone on your system might be using them. Don't blow them away unless
> you want to break existing PHP websites that use them.
>
> All that said, for me the easiest approach managing PEAR packages is
> just using PEAR itself to install and update modules. Install the
> php-pear rpm once, then exclude it from the updates in your base repo
> config.
>
> (If you take this approach yourself make a list of the installed pear
> module rpms before you uninstall them with yum. After uninstalling the
> rpms you have to reinstall the modules using "pear install".)
>
> Regards,
> Leonard.

-- 

*Γατσής Νίκος - Gatsis Nikos*
Web developer
tel.: 2108256721 - 2108256722
fax: 2108256712
email: ngat...@qbit.gr
http://www.qbit.gr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] perl .spec / srpm

[Nick]

Hi

Can anyone here point me in the direction of a .spec or SRPM for Perl 5.12.4 for
CentOS6?  Or even any newer version would do.

Whilst I'm asking, ditto a Perl-enabled version of OpenLDAP (latest stable
release)?  IIRC, the version in the base repo has the Perl extensions disabled.

Thanks,

Nick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM CentOS i386

[Anton Zaytsev]

Hi Ljubomir, thanx for reply.
I need for CentOS 5 exactly. It will be *great* if you'd share them.

Are they compatable with the latest kernel? I have found some rpms in
CentOSplus repo, but they are for 2.6.18-92.1.13 only.

On Wed, Mar 7, 2012 at 12:30 PM, Ljubomir Ljubojevic wrote:

> On 03/02/2012 06:28 PM, William Hooper wrote:
> > On Fri, Mar 2, 2012 at 11:58 AM, Anton Zaytsev
>  wrote:
> >> Hi, guys.
> >>
> >> I did search over internet but found nothing useful.
> >> Is there a way to install KVM on CentOS i386?
> >
> > To quote the FAQ:
> >
> > "Upstream only provides KVM support on 64-bit (x86_64) so CentOS
> > support is the same. You must do a 64-bit install to use KVM."
> >
> > http://wiki.centos.org/FAQ/CentOS6
> >
> >
>
> I used Farkas Levente's kvm-84 on CentOS 5.x i386 for several years
> without any issue. Still have them in my repository.
>
> But for CentOS 6.x there is no 32-bit packages, 64-bit only.
>
> --
>
> Ljubomir Ljubojevic
> (Love is in the Air)
> PL Computers
> Serbia, Europe
>
> Google is the Mother, Google is the Father, and traceroute is your
> trusty Spiderman...
> StarOS, Mikrotik and CentOS/RHEL/Linux consultant
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] init/upstart issue? ypbind and autofs

[Lars Hecking]

> Once you make the network interface no longer NM managed you can then perform 
> a service network restart in your post and all network functionality should 
> then become available.

 This may be desired or true in theory, but is not working.

 I have NM_CONTROLLED="no" in ifcfg-eth0, and it works according to the logs
 ("Ignoring connection 'System eth0' and its device due to 
NM_CONTROLLED/BRIDGE/VLAN"),
 but NIS is not working. yp.conf is correct as created through dhcp,
 domainname returns the correct domain, and ypbind is running. Yet ypwhich
 returns cannot communicate with ypbind. Once I stop NetworkManager, it
 starts working.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] perl .spec / srpm

[John Doe]

From: Nick 

> Can anyone here point me in the direction of a .spec or SRPM for Perl 5.12.4 
> for
> CentOS6?  Or even any newer version would do.

Maybe try to tweak:
http://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/source/SRPMS/p/perl-5.14.2-212.fc18.src.rpm

> Whilst I'm asking, ditto a Perl-enabled version of OpenLDAP (latest stable
> release)?  IIRC, the version in the base repo has the Perl extensions 
> disabled.

Why not get the srpm and change the configure...?
http://vault.centos.org/6.2/os/Source/SPackages/openldap-2.4.23-20.el6.src.rpm

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] perl .spec / srpm

[Johnny Hughes]

On 03/12/2012 10:27 AM, Nick wrote:
> Hi
>
> Can anyone here point me in the direction of a .spec or SRPM for Perl 5.12.4 
> for
> CentOS6?  Or even any newer version would do.
>
> Whilst I'm asking, ditto a Perl-enabled version of OpenLDAP (latest stable
> release)?  IIRC, the version in the base repo has the Perl extensions 
> disabled.
>
>

This is where all the CentOS-6.2 SRPMS live:

http://vault.centos.org/6.2/os/Source/SPackages/

OR

http://vault.centos.org/6.2/updates/Source/SPackages/






signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] perl .spec / srpm

[Nick]

Thanks for the links.

On 12/03/12 16:06, John Doe wrote:
> Maybe try to tweak:
> http://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/source/SRPMS/p/perl-5.14.2-212.fc18.src.rpm

On 12/03/12 16:49, Johnny Hughes wrote:
> This is where all the CentOS-6.2 SRPMS live:
>
> http://vault.centos.org/6.2/os/Source/SPackages/

I have considered that - thing is, stock RPMs, and that one in particular,
contain a lot of vendor supplied patches which at the very least complicate
matters.  Red Hat's reputation for making the occasional gaffe wrt. Perl is one
of the motivations for building our own Perl direct from source.  (The other is
that Perl 5.10 is already EOLed upstream [1].)

>> Whilst I'm asking, ditto a Perl-enabled version of OpenLDAP (latest stable
>> release)?  IIRC, the version in the base repo has the Perl extensions 
>> disabled.
> 
> Why not get the srpm and change the configure...?
> http://vault.centos.org/6.2/os/Source/SPackages/openldap-2.4.23-20.el6.src.rpm


Likewise - in fact, I did exactly that for the Centos5 package, and I remember
it incurred quite a lot of work for me, reverse-engineering the various vendor
patches such that my modified build parameters would get applied correctly (one
of the patches dropped a makefile symbol, as I recall - but this was a while 
ago).

This is why my first step is to see if anyone's already done the work already.
If not, then I start trying to tweak/hack base RPMs or

N

1. http://news.perlfoundation.org/2011/05/perl-514.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] init/upstart issue? ypbind and autofs

[m . roth]

Lars Hecking wrote:
>
>> Once you make the network interface no longer NM managed you can then
>> perform a service network restart in your post and all network
>> functionality should then become available.
>
>  This may be desired or true in theory, but is not working.
>
>  I have NM_CONTROLLED="no" in ifcfg-eth0, and it works according to the
> logs
>  ("Ignoring connection 'System eth0' and its device due to
> NM_CONTROLLED/BRIDGE/VLAN"),
>  but NIS is not working. yp.conf is correct as created through dhcp,
>  domainname returns the correct domain, and ypbind is running. Yet ypwhich
>  returns cannot communicate with ypbind. Once I stop NetworkManager, it
>  starts working.

Yeah. Here, we do chkconfig NetworkManager off, and stop it. Then we have
a lot fewer issues.

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Stateless client

[Rushton Martin]

I'm trying to configure an old 64-bit desktop machine as a client for a
CentOS server.  The client must have no modifiable storage at all so my
options seem to be:
1)  Stateless network boot
2)  Live DVD

I've been looking at the latter route, does anyone know if there is a
convenient hook so that the live dvd will automatically download  and
execute a file during bootstrapping?  I need to have some state, but
held on the server.  If there are any instructions for hacking the
CentOS live dvd, please point me at them.

I'd prefer not to go for a complete stateless network boot, the server
will be booted in a number of configurations and it would mean
reconfiguring xCAT or similar on each set of disks.  Just to be even
more awkward, there is no external network connection to the server,
which will be running a 64-bit variant.

Martin Rushton
HPC System Manager, Weapons Technologies
Tel: 01959 514777, Mobile: 07939 219057
email: jmrush...@qinetiq.com
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
This email and any attachments to it may be confidential and are
intended solely for the use of the individual to whom it is 
addressed. If you are not the intended recipient of this email,
you must neither take any action based upon its contents, nor 
copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. QinetiQ may 
monitor email traffic data and also the content of email for 
the purposes of security. QinetiQ Limited (Registered in England
& Wales: Company Number: 3796233) Registered office: Cody Technology 
Park, Ively Road, Farnborough, Hampshire, GU14 0LX  http://www.qinetiq.com.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Stateless client

[m . roth]

Rushton Martin wrote:
> I'm trying to configure an old 64-bit desktop machine as a client for a
> CentOS server.  The client must have no modifiable storage at all so my
> options seem to be:
> 1)Stateless network boot
> 2)Live DVD
>
> I've been looking at the latter route, does anyone know if there is a
> convenient hook so that the live dvd will automatically download  and
> execute a file during bootstrapping?  I need to have some state, but
> held on the server.  If there are any instructions for hacking the
> CentOS live dvd, please point me at them.

Not CentOS, but perhaps you might be interested in LPS


No mounted storage at all, and built by a team from the US DoD, who
*ought* to be paranoid enough for you. I've put it on a USB key, and have
been saying for a month or so I need to try it (this would be for work,
where I *have* to use a PIV "smart card" to get in from outside).

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[Joseph Spenner]

 From: Brian Mathis 
To: CentOS mailing list  
Sent: Sunday, March 11, 2012 5:38 PM
Subject: Re: [CentOS] CentOS Server Backup Options
 
On Sun, Mar 11, 2012 at 8:12 PM, Scott Walker
 wrote:
> What do you guys recommend for backing up a small CentOS server in a
> business environment.  It will have (3) 300gb drives in a raid 5 array but I
> don't anticipate more than about 25gb of data that needs to be backed up
> each night.
> I want a lot of backups with a rotation scheme that included daily, weekly,
> and monthly copies.  I want the daily copies of the data kept until the next
> week, and the weekly copy being kept for four weeks, and the monthly copies
> being kept for a year.
>
> The vendor is recommending a RD1000 Removable Disk device.  This looks like
> it has great specs.  Each cartridge holds 160gb (non-compressed) and the
> drive costs about $420 but seems that with each removable cartridge costing
> $128, we may be limited to how many cartridges we could have, thus perhaps
> not retaining backup instances as long as I like.
>
> I asked about a HP DAT160 tape drive.  Each tape holds 160gb
> (non-compressed) and the drive costs about $730, and each tape only costs
> about $24, so it would be economical to have lots of backup instances saved
> for a long period of time.
>
> I have been using tape and the backup rotation scheme mentioned above for
> over 20 years.  The vendor is telling me they don't recommend tape drives
> anymore and all of their customers are using removable hard drive for local
> backups.  Am I missing something?  My instincts tell me the tape drive is
> the right solution for a system with a small amount of data, where the
> system is used only from 8am - 5pm (so backup speed is not critical) and
> where we want to save backup instances for a long time before overwriting
> them.
>
> Any input would be welcomed.

A relatively inexpensive solution is to use a system with removable SATA disks 
(for the backup media) and use an open source backup application called Bacula 
( http://bacula.org )
I have a SuperMicro with 8x1TB SATA disks.  I keep one for the OS and 
application, and swap out the other 7 every week.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Cron marks mailto value as UNSAFE

[James B. Byrne]

CentOS-6.2

We moved a cron job from a CentOS-5.7 host to a CentOS-6.2
host.  The MAILTO variable is set to supp...@harte-lyne.ca
in  both instances.  On the CentOS-6 host instead of
receiving the mail with the output we see this in
/var/log/cron instead:

Mar 12 14:49:01 inet09 CROND[6639]: (cron theheart) UNSAFE
(supp...@harte-lyne.ca )

The CentOS-5 host uses Sendmail as the MTA, the CentOS-6
uses Postfix. We can send mail to supp...@harte-lyne.ca
from the command line on both hosts.

The permissions of the files in /var/spool/cron are:
# ll /var/spool/cron
total 12
-rw---. 1 root root   34 Mar  9 16:41 root
-rw---. 1 root root 4245 Mar 12 14:53 theheart

Selinux is set to Permissive (for the time being):

# sestatus
SELinux status: enabled
SELinuxfs mount:/selinux
Current mode:   permissive
Mode from config file:  permissive
Policy version: 24
Policy from config file:targeted

What is causing cron to complain. What is unsafe and how
do I rectify this?

-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[Steve Lindemann]

On 3/11/2012 6:12 PM, Scott Walker wrote:
> What do you guys recommend for backing up a small CentOS server in a
> business environment.  It will have (3) 300gb drives in a raid 5 array but I
> don't anticipate more than about 25gb of data that needs to be backed up
> each night.
> I want a lot of backups with a rotation scheme that included daily, weekly,
> and monthly copies.  I want the daily copies of the data kept until the next
> week, and the weekly copy being kept for four weeks, and the monthly copies
> being kept for a year.
>
> The vendor is recommending a RD1000 Removable Disk device.  This looks like
> it has great specs.  Each cartridge holds 160gb (non-compressed) and the
> drive costs about $420 but seems that with each removable cartridge costing
> $128, we may be limited to how many cartridges we could have, thus perhaps
> not retaining backup instances as long as I like.
>
> I asked about a HP DAT160 tape drive.  Each tape holds 160gb
> (non-compressed) and the drive costs about $730, and each tape only costs
> about $24, so it would be economical to have lots of backup instances saved
> for a long period of time.
>
> I have been using tape and the backup rotation scheme mentioned above for
> over 20 years.  The vendor is telling me they don't recommend tape drives
> anymore and all of their customers are using removable hard drive for local
> backups.  Am I missing something?  My instincts tell me the tape drive is
> the right solution for a system with a small amount of data, where the
> system is used only from 8am - 5pm (so backup speed is not critical) and
> where we want to save backup instances for a long time before overwriting
> them.
>
> Any input would be welcomed.

I believe in tape... it's just not a viable option with the large disk 
sizes we have today unless you have a lot of money for a fast, 
multi-drive solution.  I can backup a bit over 500GB daily in 3 hours to 
external disk.  Using a single tape drive that would (and did) take far 
too long.

So today I use TB size drives dropped into an external docking station. 
  The docking station plugs into the server using eSATA.  Then it's a 
relatively simple script run by cron to handle the daily backup.  I'm 
happy to share the script if you're interested but it has long lines 
that don't do well in email.  I'll send it offline if you'd like to use 
it as an example.  Buying multiple drives allows us to do media rotation 
just like we did with tape.

The big difference with disks is that I just do full backups each time. 
  In our situation there is time for that and it saves a lot of grief 
when trying to restore something in particular.  None of this running 
back thru the incrementals to get at what you want.  Of course, with 
incremental backups the typical daily time would be much much shorter.

For backing up multiple production servers I have a backup server and a 
private GB network to each system.  Each server runs a backup script at 
night (via cron) to backup to the backup server.  Then we backup the 
backup server to the external disk during the day.  At least one 
external disk is off site at any given time.

I'm aware of the fancy tools to do the job for you but I like the 
simplicity of our home grown solution.  And the only thing I absolutely 
need for a restore is tar.  No databases, no extra applications, just 
tar.  The catch is that I'm not sure it would scale up to a huge number 
of servers gracefully.

It's nice to know what works for the other guy but you gotta look for 
what will work for you.  Good luck.

//Steve
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cron marks mailto value as UNSAFE

[Craig White]

On Mar 12, 2012, at 12:03 PM, James B. Byrne wrote:

> CentOS-6.2
> 
> We moved a cron job from a CentOS-5.7 host to a CentOS-6.2
> host.  The MAILTO variable is set to supp...@harte-lyne.ca
> in  both instances.  On the CentOS-6 host instead of
> receiving the mail with the output we see this in
> /var/log/cron instead:
> 
> Mar 12 14:49:01 inet09 CROND[6639]: (cron theheart) UNSAFE
> (supp...@harte-lyne.ca )
> 
> The CentOS-5 host uses Sendmail as the MTA, the CentOS-6
> uses Postfix. We can send mail to supp...@harte-lyne.ca
> from the command line on both hosts.
> 
> The permissions of the files in /var/spool/cron are:
> # ll /var/spool/cron
> total 12
> -rw---. 1 root root   34 Mar  9 16:41 root
> -rw---. 1 root root 4245 Mar 12 14:53 theheart
> 
> Selinux is set to Permissive (for the time being):
> 
> # sestatus
> SELinux status: enabled
> SELinuxfs mount:/selinux
> Current mode:   permissive
> Mode from config file:  permissive
> Policy version: 24
> Policy from config file:targeted
> 
> What is causing cron to complain. What is unsafe and how
> do I rectify this?

the surest way I know to make selinux complain is to copy a file created on one 
computer or an unrelated directory and copy/move it to another as it will fail 
to get the correct security contexts whereas generally using the tools for the 
purpose will avoid that. In other words, if you 'su - theheart' and then 
'crontab -e' you should get the correct selinux file contexts.

To remedy, I would suspect that you need to do 'restorecon -v /var/spool/cron'

Craig
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[m . roth]

Steve Lindemann wrote:
> On 3/11/2012 6:12 PM, Scott Walker wrote:
>> What do you guys recommend for backing up a small CentOS server in a
>> business environment.  It will have (3) 300gb drives in a raid 5 array
>> but I don't anticipate more than about 25gb of data that needs to be

>>
>> The vendor is recommending a RD1000 Removable Disk device.  This looks
>> like it has great specs.  Each cartridge holds 160gb (non-compressed)
>> and the drive costs about $420 but seems that with each removable
>> cartridge costing $128, we may be limited to how many cartridges we

>> over 20 years.  The vendor is telling me they don't recommend tape
>> drives anymore and all of their customers are using removable
>> hard drive for local backups.  Am I missing something?  My instincts
>> tell me the tape drive is the right solution for a system with a small
>> amount of data, where the

>> Any input would be welcomed.
>
> I believe in tape... it's just not a viable option with the large disk
> sizes we have today unless you have a lot of money for a fast,
> multi-drive solution.  I can backup a bit over 500GB daily in 3 hours to
> external disk.  Using a single tape drive that would (and did) take far
> too long.
>
> So today I use TB size drives dropped into an external docking station.
>   The docking station plugs into the server using eSATA.  Then it's a
> relatively simple script run by cron to handle the daily backup.  I'm

Yup. Our home directories (NFS mounted) are on 2TB (or are being moved to
them) drives; and we have online nightly b/u's that way. The semiweekly
offline b/u's are to 3TB drives, dropped into an eSATA bay. The eSATA bay
is about an order of magnitude cheaper than your vendor's recommending,
and the eSATA uses bare drives, not even needing sleds. *Much* cheaper and
easier.

For that matter, if you have to restore from it, assuming you don't need
everything, it's much faster and easier.

> The big difference with disks is that I just do full backups each time.

We use rsync w/ hard links.

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[Les Mikesell]

On Mon, Mar 12, 2012 at 2:27 PM, Steve Lindemann  wrote:
>
> I believe in tape... it's just not a viable option with the large disk
> sizes we have today unless you have a lot of money for a fast,
> multi-drive solution.  I can backup a bit over 500GB daily in 3 hours to
> external disk.  Using a single tape drive that would (and did) take far
> too long.

I think both amanda and backula would use disk as temporary holding
space.  Amanda will compute the best mix of incrementals and fulls to
fit on the tape and run the backups to disk in parallel, starting the
tape write when it has one complete file.

> The big difference with disks is that I just do full backups each time.
>  In our situation there is time for that and it saves a lot of grief
> when trying to restore something in particular.  None of this running
> back thru the incrementals to get at what you want.  Of course, with
> incremental backups the typical daily time would be much much shorter.

Backuppc will let you do normal fulls and incremental backups, but
will transparently merge them when doing a restore.

> For backing up multiple production servers I have a backup server and a
> private GB network to each system.  Each server runs a backup script at
> night (via cron) to backup to the backup server.  Then we backup the
> backup server to the external disk during the day.  At least one
> external disk is off site at any given time.

The one down side of backuppc is that due to the extensive use of
hardlinks to de-dup the content, it can be impractical to use normal
approaches to copy a large archive for offsite rotation.  Some people
rotate the whole thing, letting the next incremental run catch up with
the differences, some just run another instance over the network from
a different location (often practical with rsync as the transfer
method), and some use an image-copy scheme to copy the whole
filesystem or device.

> I'm aware of the fancy tools to do the job for you but I like the
> simplicity of our home grown solution.  And the only thing I absolutely
> need for a restore is tar.  No databases, no extra applications, just
> tar.  The catch is that I'm not sure it would scale up to a huge number
> of servers gracefully.

Backuppc has a command line tool that will generate a tar image out of
its storage format, and a way to do that from the web interface.  You
can make them periodically for archive copies that could be
re-installed without backuppc.  But, backuppc itself is just a perl
script using files in a linux file system (with some
compression/linking tricks to hold about 10x what you would expect).

-- 
   Les Mikesell
  lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cron marks mailto value as UNSAFE

[Alexander Dalloz]

Am 12.03.2012 20:03, schrieb James B. Byrne:
> CentOS-6.2
> 
> We moved a cron job from a CentOS-5.7 host to a CentOS-6.2
> host.  The MAILTO variable is set to supp...@harte-lyne.ca
> in  both instances.  On the CentOS-6 host instead of
> receiving the mail with the output we see this in
> /var/log/cron instead:
> 
> Mar 12 14:49:01 inet09 CROND[6639]: (cron theheart) UNSAFE
> (supp...@harte-lyne.ca )

Check which non-printable character you have there in the MAILTO line
(probably after the mail address). Use od or hexdump to see which
illegal (from cron's point of view) character(s) you have in there.

> The CentOS-5 host uses Sendmail as the MTA, the CentOS-6
> uses Postfix. We can send mail to supp...@harte-lyne.ca
> from the command line on both hosts.
> 
> The permissions of the files in /var/spool/cron are:
> # ll /var/spool/cron
> total 12
> -rw---. 1 root root   34 Mar  9 16:41 root
> -rw---. 1 root root 4245 Mar 12 14:53 theheart

Care for usership by user theheart for his own cronjob?

> Selinux is set to Permissive (for the time being):
> 
> # sestatus
> SELinux status: enabled
> SELinuxfs mount:/selinux
> Current mode:   permissive
> Mode from config file:  permissive
> Policy version: 24
> Policy from config file:targeted
> 
> What is causing cron to complain. What is unsafe and how
> do I rectify this?

Alexander


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] postfix and spam, I am impressed

[Bob Hoffman]

I have had the same email address since 1997 (when microsoft stole 
bob.com from me thanks to network solutions...)

In the early days I of course was free with my email and used it everwhere.
Fast forward to 2012, some 15 years later.

woof..the amount of spam sent to me has always just kept getting worse 
and worse.

On my centos 5 server I just used sendmail with spamassassin and it 
killed a lot. Still, 100s, sometimes more made it through. Then 
thunderbird would weed out more, learned as it went...
Still, had an inbox with a lot of junk.

Now I have set up a centos 6 box using postfix. Today I decided to try 
to add smtpd restrictions. After a lot of reading and testing I 'seem' 
to be doing incredible.
I wanted to share my current working postfix smtpd restrictions area so 
that others who are interested can start with it.

I just added the helo and sender restrictions and have noticed no 
problems yet.
There were many things some sites said to add, but they killed some very 
legitimate mail.

So...yesterday a few hundred mails in my box as usual. Plus I set up 
procmail to not delete spam so I could test. That gave me hundreds more

30 minutes since putting this up I went from 1 every few seconds to 1 in 
30 minutes. And that was tagged by spamassassin as spam. 1.

Not sure if this setup is perfect, but it is working quite well. Yes, 
the mail takes a few seconds longer and there is probably more I could 
do, but this ROCKS!!!

smtpd_delay_reject = yes
smtpd_helo_required = yes

smtpd_client_restrictions = permit_mynetworks,permit

smtpd_helo_restrictions =
 permit_mynetworks,
 reject_non_fqdn_helo_hostname,
 reject_invalid_helo_hostname,
 permit

smtpd_sender_restrictions =
 permit_mynetworks,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain,
 permit

smtpd_recipient_restrictions =
 reject_non_fqdn_recipient,
 reject_unknown_recipient_domain,
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_destination,
 reject_invalid_hostname,
 reject_unauth_pipelining,
 reject_rbl_client zen.spamhaus.org,
 reject_rbl_client truncate.gbudb.net,
 reject_rbl_client dnsbl.njabl.org
 reject_rbl_client cbl.abuseat.org
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client dnsbl.sorbs.net,
 sleep 1,
  permit

smtpd_data_restrictions =
  permit_mynetworks,
  reject_multi_recipient_bounce,
 permit

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cron marks mailto value as UNSAFE

[Bob Hoffman]

On Mar 12, 2012, at 12:03 PM, James B. Byrne wrote:

>/  CentOS-6.2
/>/
/>/  We moved a cron job from a CentOS-5.7 host to a CentOS-6.2
/>/  host.  The MAILTO variable is set tosupport at harte-lyne.ca  

/>/  in  both instances.  On the CentOS-6 host instead of
/>/  receiving the mail with the output we see this in
/>/  /var/log/cron instead:
/>/
/>/  Mar 12 14:49:01 inet09 CROND[6639]: (cron theheart) UNSAFE
/>/  (support at harte-lyne.ca  
  )
/>/
/>/  The CentOS-5 host uses Sendmail as the MTA, the CentOS-6
/>/  uses Postfix. We can send mail tosupport at harte-lyne.ca  

/>/  from the command line on both hosts.
/>/
/>/  The permissions of the files in /var/spool/cron are:
/>/  # ll /var/spool/cron
/>/  total 12
/>/  -rw---. 1 root root   34 Mar  9 16:41 root
/>/  -rw---. 1 root root 4245 Mar 12 14:53 theheart
/>/
/>/  Selinux is set to Permissive (for the time being):
/>/
/>/  # sestatus
/>/  SELinux status: enabled
/>/  SELinuxfs mount:/selinux
/>/  Current mode:   permissive
/>/  Mode from config file:  permissive
/>/  Policy version: 24
/>/  Policy from config file:targeted
/>/
/>/  What is causing cron to complain. What is unsafe and how
/>/  do I rectify this?
/

Not sure if you are just trying to use root or using an alias, but I found 
several
instances in the manual that said I MUST send root mail to an alias when using 
certian
aspects of postifx/procmail, etc... something to do with the delivery.

Not sure if this has anything to do with it, but I would try adding
root:  in the /etc/aliases file
then run 'newaliases'
then try something.

hope this helps.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hfs with extended attribute support

[Nataraj]

On 03/12/2012 05:11 AM, Wessel van der Aart wrote:
> i figured that if you use filesystems and protocols most native to the 
> mac os you´ll get the best results in stability on the client side, 
> that´s why i thought of HFS. but ext4 seems to do the job well.
> i´ll definitely checkout samba too. do you also serve homedirs to them? 
> had any issues?
>
> Thanks,
> Wessel
>
> On 03/08/2012 06:07 PM, Lamar Owen wrote:
>
>   Sorry it didn't work out for you. Linus, for one, has a pretty poor 
> opinion of HFS in general.and I'm not thrilled with it myself, due 
> to some issues I had with Tiger on a PowerMac G4 and heavily corrupted 
> filesystems, journaled or not. And I have some of the 'rescue' tools 
> like DiskWarrior, and I've still lost some data. Hopefully your 
> experience with ext4 will work out better. Mac OS X does very well with 
> SMB/CIFS shares, too, if AppleTalk doesn't work out for you. (I run Mac 
> OS X here in a few areas, and even Tiger works well with a Samba server, 
> but I haven't tried any ACL's with it). 
> ___ CentOS mailing list 
> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

While I have no personal experience with it, I did notice that Apple
supports NFS with kerberos authentication which is documented on their
support site.  It might be worth looking into.

Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Patrick Lists]

On 12-03-12 22:12, Bob Hoffman wrote:
[snip]
> Not sure if this setup is perfect, but it is working quite well. Yes,
> the mail takes a few seconds longer and there is probably more I could
> do, but this ROCKS!!!

Totally agree. I'm definitely not a postfix expert but below I have 
listed some rules I have in my config.

> smtpd_delay_reject = yes
> smtpd_helo_required = yes

I also have:
disable_vrfy_command = yes
strict_rfc821_envelopes = yes

> smtpd_client_restrictions = permit_mynetworks,permit

In smtpd_client_restrictions I have:

smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname,
check_client_access pcre:/etc/postfix/dynamic_ip_client_block,
reject_rbl_client bl.spameatingmonkey.net,
reject_rhsbl_sender uribl.spameatingmonkey.net,
reject_rhsbl_client uribl.spameatingmonkey.net,
reject_rhsbl_sender urired.spameatingmonkey.net,
reject_rhsbl_client urired.spameatingmonkey.net,
reject_rbl_client zen.spamhaus.org

The dynamic IP client list is quite effective. You can get the file:
wget -v http://www.hardwarefreak.com/fqrdns.pcre


> smtpd_helo_restrictions =
>   permit_mynetworks,
>   reject_non_fqdn_helo_hostname,
>   reject_invalid_helo_hostname,
>   permit
>
> smtpd_sender_restrictions =
>   permit_mynetworks,
>   reject_non_fqdn_sender,
>   reject_unknown_sender_domain,
>   permit

In smtpd_sender_restrictions I also use

reject_rhsbl_sender fresh15.spameatingmonkey.net


> smtpd_recipient_restrictions =
>   reject_non_fqdn_recipient,
>   reject_unknown_recipient_domain,
>   permit_mynetworks,
>   permit_sasl_authenticated,
>   reject_unauth_destination,
>   reject_invalid_hostname,
>   reject_unauth_pipelining,
>   reject_rbl_client zen.spamhaus.org,
>   reject_rbl_client truncate.gbudb.net,
>   reject_rbl_client dnsbl.njabl.org
>   reject_rbl_client cbl.abuseat.org
>   reject_rbl_client bl.spamcop.net,
>   reject_rbl_client dnsbl.sorbs.net,
>   sleep 1,
>permit
>
> smtpd_data_restrictions =
>permit_mynetworks,
>reject_multi_recipient_bounce,
>   permit

Not sure if these rules are correct. I only have

smtpd_data_restrictions =
reject_unauth_pipelining

On my CentOS 5 box I don't user "permit" at all.

Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[m . roth]

Bob Hoffman wrote:
> I have had the same email address since 1997 (when microsoft stole
> bob.com from me thanks to network solutions...)

I remember reading about you, vaguely.

> Now I have set up a centos 6 box using postfix. Today I decided to try
> to add smtpd restrictions. After a lot of reading and testing I 'seem'
> to be doing incredible.
> I wanted to share my current working postfix smtpd restrictions area so
> that others who are interested can start with it.

Here's a question: is there any way to inspect an email's headers, and
reject it if the alleged FWDN in the From:" doesn't match the oldest
"Received: "?

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Jure Pečar]

On Mon, 12 Mar 2012 17:12:13 -0400
Bob Hoffman  wrote:

> On my centos 5 server I just used sendmail with spamassassin and it 
> killed a lot. Still, 100s, sometimes more made it through. Then 
> thunderbird would weed out more, learned as it went...
> Still, had an inbox with a lot of junk.

Maybe you should read some http://www.acme.com/mail_filtering/ ... altough
from 2005, one of the best sendmail writeups I'm aware of.

> Now I have set up a centos 6 box using postfix. Today I decided to try 
> to add smtpd restrictions. After a lot of reading and testing I 'seem' 
> to be doing incredible.

I've switched to postfix back in 2001 and yes, it is amazing. Now that
you're free of spam, you can dive into policyd and various content
filtering schemes available. It's amazing how far email has come, yet it's
even more amazing that none of the major linux distros have everything in
one place, well integrated and polished and we poor sysadmins still have to
stich solutions together ... heck, I still have to patch sasl for it to
auth against crypted passwords ... maybe I should stop before I start
ranting ;)


-- 

Jure Pečar
http://jure.pecar.org
http://f5j.eu
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Bob Hoffman]

on/Mon Mar 12 18:39:23 EDT 2012
Jure Pecar wrote
/==
/On Mon, 12 Mar 2012 17:12:13 -0400
/Bob Hoffmanhttp://lists.centos.org/mailman/listinfo/centos>>  wrote:

/>/  On my centos 5 server I just used sendmail with spamassassin and it
//>/  killed a lot. Still, 100s, sometimes more made it through. Then
//>/  thunderbird would weed out more, learned as it went...
//>/  Still, had an inbox with a lot of junk.
/
/Maybe you should read somehttp://www.acme.com/mail_filtering/  ... altough
/from 2005, one of the best sendmail writeups I'm aware of.

/>/  Now I have set up a centos 6 box using postfix. Today I decided to try
//>/  to add smtpd restrictions. After a lot of reading and testing I 'seem'
///  to be doing incredible.
/
/I've switched to postfix back in 2001 and yes, it is amazing. Now that
/you're free of spam, you can dive into policyd and various content
/filtering schemes available. It's amazing how far email has come, yet it's
/even more amazing that none of the major linux distros have everything in
/one place, well integrated and polished and we poor sysadmins still have to
/stich solutions together ... heck, I still have to patch sasl for it to
/auth against crypted passwords ... maybe I should stop before I start
/ranting ;)
=

yea, it would only accept normal passwords, but I figured since it
was using tls/ssl that the whole shebang was encypted anyway so
it should be fine, right?


Also, still getting spam of course, nut a smidgeon compared to before.
I would say 99.9% is being tagged by spam assassin as [spam].
Still afraid of false positives so gonna watch for a while with spamassassin
before I dev null them buggers.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[Nataraj]

On 03/12/2012 12:37 PM, m.r...@5-cent.us wrote:
>> So today I use TB size drives dropped into an external docking station.
>>   The docking station plugs into the server using eSATA.  Then it's a
>> relatively simple script run by cron to handle the daily backup.  I'm
> Yup. Our home directories (NFS mounted) are on 2TB (or are being moved to
> them) drives; and we have online nightly b/u's that way. The semiweekly
> offline b/u's are to 3TB drives, dropped into an eSATA bay. The eSATA bay
> is about an order of magnitude cheaper than your vendor's recommending,
> and the eSATA uses bare drives, not even needing sleds. *Much* cheaper and
> easier.
>


What hardware are you using for docking stations?  Do you use multiple
drives per ESATA port?  What is your ESATA controller?

 I've been using Thermaltake ST0014U's for some time now with USB
interfaces and I recently tried plugging them into the ESATA port (using
onboard Intel controller/AHCI driver) of a Dell R210 running CentOS 6. 
It doesn't seem to work with the port multiplier and I can only use one
of the two drive slots.  Even if there aren't two drives, only one of
the slots work.  Both slots work with USB.  I get the following errors
from the driver:

ar  5 16:06:33 myserver kernel: ata6.15: Port Multiplier 1.1, 0x197b:0x2352 r0, 
2 ports, feat 0x0/0x0
Mar  5 16:06:33 myserver kernel: ata6.15: Asynchronous notification not 
supported, hotplug won't
Mar  5 16:06:33 myserver kernel: work on fan-out ports. Use warm-plug 
instead.
Mar  5 16:06:33 myserver kernel: ata6.00: hard resetting link

Mar  5 16:06:33 myserver kernel: ata6.00: SATA link up 3.0 Gbps (SStatus 123 
SControl 320)
Mar  5 16:06:33 myserver kernel: ata6.01: hard resetting link
Mar  5 16:06:33 myserver kernel: ata6.15: qc timeout (cmd 0xe4)
Mar  5 16:06:33 myserver kernel: ata6.01: failed to read SCR 2 (Emask=0x4)
Mar  5 16:06:33 myserver kernel: ata6.01: failed to read SCR 2 (Emask=0x40)
Mar  5 16:06:33 myserver kernel: ata6.01: COMRESET failed (errno=-5)
Mar  5 16:06:33 myserver kernel: ata6.01: failed to read SCR 0 (Emask=0x40)
Mar  5 16:06:33 myserver kernel: ata6.01: reset failed, giving up
Mar  5 16:06:33 myserver kernel: ata6.15: hard resetting link
Mar  5 16:06:33 myserver kernel: ata6.15: SATA link up 3.0 Gbps (SStatus 123 
SControl 300)
Mar  5 16:06:33 myserver kernel: ata6.00: hard resetting link
Mar  5 16:06:33 myserver kernel: ata6.00: SATA link up 3.0 Gbps (SStatus 123 
SControl 320)
Mar  5 16:06:33 myserver kernel: ata6.01: hard resetting link
Mar  5 16:06:33 myserver kernel: ata6.01: SATA link down (SStatus 0 SControl 
320)
Mar  5 16:06:33 myserver kernel: ata6.00: qc timeout (cmd 0xec)
Mar  5 16:06:33 myserver kernel: ata6.00: failed to IDENTIFY (I/O error, 
err_mask=0x4)
Mar  5 16:06:33 myserver kernel: ata6.15: hard resetting link



I would ideally like to get several drives on a single ESATA controller
(At least 4 would be nice, though I know it won't have amazing
performance if I access multiple drives at once).

Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[Les Mikesell]

On Mon, Mar 12, 2012 at 6:22 PM, Nataraj  wrote:
> >
> I would ideally like to get several drives on a single ESATA controller
> (At least 4 would be nice, though I know it won't have amazing
> performance if I access multiple drives at once).
>

If you have internal space there are trayless hotswap SATA bays that
work pretty well, including some for 2.5" drives that you should be
able to get up to 1TB now (larger ones are thicker than the bays will
take).

-- 
   Les Mikesell
  lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM CentOS i386

[Ljubomir Ljubojevic]

On 03/12/2012 04:39 PM, Anton Zaytsev wrote:
> Hi Ljubomir, thanx for reply.
> I need for CentOS 5 exactly. It will be *great* if you'd share them.
>
> Are they compatable with the latest kernel? I have found some rpms in
> CentOSplus repo, but they are for 2.6.18-92.1.13 only.
>
> On Wed, Mar 7, 2012 at 12:30 PM, Ljubomir Ljubojevicwrote:
>>
>> I used Farkas Levente's kvm-84 on CentOS 5.x i386 for several years
>> without any issue. Still have them in my repository.
>>
>> But for CentOS 6.x there is no 32-bit packages, 64-bit only.
>>

Here is my repo for it:
http://rpms.plnet.rs/plnet-centos5-i386/RPMS.plnet/

They are kmod module, so they should fit all kernels. They install to 
current kernel, and are automatically incorporated to every kernel 
installed from that moment on.

But be warned, I have not used them in couple of years, so you must 
first test them on non-production system.

You can use .repo files from this release file:
http://rpms.plnet.rs/plnet-centos5-i386/RPMS.plnet-releases/plnet-ser-release-1.0-0.el5.noarch.rpm
if you want you install them easier.


-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[Nataraj]

Over the years I have run into several situations where for one reason
or another a backup utility such as dump or tar couldn't read a
particular backup.  For that reason, I like to periodically do a backup
using another backup format.  So I might use backuppc for my main backup
system, but once a month do a full backup using dump onto a completely
separate media.

I have been sucessfully using 8GB dual layer DVDs for some of my
backups/archiving and now that the price of Blu ray has come down I am
about to experiment with that.  I have been writing dump format files to
the DVD's and then writing an SHA256 checksum for each dump file so it's
very easy to verify the integrity of the dump.

I am also about to try daily emcrypted backups to http://rsync.net along
with periodic archival to blu-ray disk for one of my backup needs.

I have noticed that two of the recently mentioned backup packages,
duplicity and storebackup appear to support some kind of block level
deduplication where you can backup a large file, database or possibly
even a disk partition, incrementally over the network.  I am interested
in trying that for backup up of mysql databases.


Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Server Backup Options

[Nataraj]

On 03/12/2012 04:28 PM, Les Mikesell wrote:
> On Mon, Mar 12, 2012 at 6:22 PM, Nataraj  wrote:
>> I would ideally like to get several drives on a single ESATA controller
>> (At least 4 would be nice, though I know it won't have amazing
>> performance if I access multiple drives at once).
>>
> If you have internal space there are trayless hotswap SATA bays that
> work pretty well, including some for 2.5" drives that you should be
> able to get up to 1TB now (larger ones are thicker than the bays will
> take).
>
Unfortunately in this case I don't.  This is my economical home server
that one of my clients gave to me.   I'm thinking about putting an
NVIDIA card in the single PCI Express slot and using it for my desktop,
so the only remaining interfaces are ESATA and USB.

Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Nataraj]

On 03/12/2012 02:25 PM, m.r...@5-cent.us wrote:
> Bob Hoffman wrote:
>> I have had the same email address since 1997 (when microsoft stole
>> bob.com from me thanks to network solutions...)
> I remember reading about you, vaguely.
> 
>> Now I have set up a centos 6 box using postfix. Today I decided to try
>> to add smtpd restrictions. After a lot of reading and testing I 'seem'
>> to be doing incredible.
>> I wanted to share my current working postfix smtpd restrictions area so
>> that others who are interested can start with it.
> 
> Here's a question: is there any way to inspect an email's headers, and
> reject it if the alleged FWDN in the From:" doesn't match the oldest
> "Received: "?
>
>mark
>
That would be a good test.  Postfix does have the ability to match
regular expressions on headers, but the tests are limited to testing a
single line at a time.  You can however write one of several types of
postfix content inspection modules using your favorite programming or
scripting language.  If you use one of the before queue inspection
methods and you have a busy mail server, you have to watch out that you
don't introduce delays that could cause clients to time out.

You might also look around to see if there's something out there that
would already do that.

Check out http://www.postfix.org/CONTENT_INSPECTION_README.html  I don't
think it's that hard to throw together a perl or python script to do
this.  I have more experience with the policy daemon though.

Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Les Mikesell]

On Mon, Mar 12, 2012 at 9:48 PM, Nataraj  wrote:
> On 03/12/2012 02:25 PM, m.r...@5-cent.us wrote:
>> Bob Hoffman wrote:
>>> I have had the same email address since 1997 (when microsoft stole
>>> bob.com from me thanks to network solutions...)
>> I remember reading about you, vaguely.
>> 
>>> Now I have set up a centos 6 box using postfix. Today I decided to try
>>> to add smtpd restrictions. After a lot of reading and testing I 'seem'
>>> to be doing incredible.
>>> I wanted to share my current working postfix smtpd restrictions area so
>>> that others who are interested can start with it.
>> 
>> Here's a question: is there any way to inspect an email's headers, and
>> reject it if the alleged FWDN in the From:" doesn't match the oldest
>> "Received: "?
>>
>>        mark
>>
> That would be a good test.  Postfix does have the ability to match
> regular expressions on headers, but the tests are limited to testing a
> single line at a time.  You can however write one of several types of
> postfix content inspection modules using your favorite programming or
> scripting language.  If you use one of the before queue inspection
> methods and you have a busy mail server, you have to watch out that you
> don't introduce delays that could cause clients to time out.
>
> You might also look around to see if there's something out there that
> would already do that.
>
> Check out http://www.postfix.org/CONTENT_INSPECTION_README.html  I don't
> think it's that hard to throw together a perl or python script to do
> this.  I have more experience with the policy daemon though.

With sendmail, using MimeDefang as a milter was one of the best
approaches, because then you could control all of the other usual
(spamassassin, clamav, etc.) or custom steps with a small snippet of
perl.   I think the postfix milter interface is at least theoretically
compatible these days but I haven't tried them together.  The way
MimeDefang multiplexes the fast/slow operations and extracts the
attachments only once for any number of scans is particularly
efficient.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Ron Loftin]

On Mon, 2012-03-12 at 23:15 +0100, Patrick Lists wrote:
> On 12-03-12 22:12, Bob Hoffman wrote:
> [snip]
> > Not sure if this setup is perfect, but it is working quite well. Yes,
> > the mail takes a few seconds longer and there is probably more I could
> > do, but this ROCKS!!!
> 
> Totally agree. I'm definitely not a postfix expert but below I have 
> listed some rules I have in my config.
> 
> > smtpd_delay_reject = yes
> > smtpd_helo_required = yes
> 
> I also have:
> disable_vrfy_command = yes
> strict_rfc821_envelopes = yes
> 
> > smtpd_client_restrictions = permit_mynetworks,permit
> 
> In smtpd_client_restrictions I have:
> 
> smtpd_client_restrictions =
>   permit_mynetworks,
>   permit_sasl_authenticated,
>   reject_unknown_reverse_client_hostname,
>   check_client_access pcre:/etc/postfix/dynamic_ip_client_block,
>   reject_rbl_client bl.spameatingmonkey.net,
>   reject_rhsbl_sender uribl.spameatingmonkey.net,
>   reject_rhsbl_client uribl.spameatingmonkey.net,
>   reject_rhsbl_sender urired.spameatingmonkey.net,
>   reject_rhsbl_client urired.spameatingmonkey.net,
>   reject_rbl_client zen.spamhaus.org
> 
> The dynamic IP client list is quite effective. You can get the file:
> wget -v http://www.hardwarefreak.com/fqrdns.pcre
> 
> 
> > smtpd_helo_restrictions =
> >   permit_mynetworks,
> >   reject_non_fqdn_helo_hostname,
> >   reject_invalid_helo_hostname,
> >   permit
> >
> > smtpd_sender_restrictions =
> >   permit_mynetworks,
> >   reject_non_fqdn_sender,
> >   reject_unknown_sender_domain,
> >   permit
> 
> In smtpd_sender_restrictions I also use
> 
>   reject_rhsbl_sender fresh15.spameatingmonkey.net
> 
> 
> > smtpd_recipient_restrictions =
> >   reject_non_fqdn_recipient,
> >   reject_unknown_recipient_domain,
> >   permit_mynetworks,
> >   permit_sasl_authenticated,
> >   reject_unauth_destination,
> >   reject_invalid_hostname,
> >   reject_unauth_pipelining,
> >   reject_rbl_client zen.spamhaus.org,
> >   reject_rbl_client truncate.gbudb.net,
> >   reject_rbl_client dnsbl.njabl.org
> >   reject_rbl_client cbl.abuseat.org
> >   reject_rbl_client bl.spamcop.net,
> >   reject_rbl_client dnsbl.sorbs.net,
> >   sleep 1,
> >permit
> >
> > smtpd_data_restrictions =
> >permit_mynetworks,
> >reject_multi_recipient_bounce,
> >   permit
> 
> Not sure if these rules are correct. I only have
> 
> smtpd_data_restrictions =
>   reject_unauth_pipelining
> 
> On my CentOS 5 box I don't user "permit" at all.
> 
> Regards,
> Patrick
> ___

I'm going to chuck in my 2 cents worth here, as I've been using Postfix
as a first-line filter for some years now.

All of the above suggestions are very useful.  The only point that I
haven't seen in this thread is that mail server/filter configs are
extremely user-dependent.  I started out with some of the more
restrictive options discussed here, but I had to relax a few of them for
the client involved.  It seems that they were doing business with some
folks ( both customers and suppliers ) who were using poorly-configured
mail servers, and some of the options given above can cause "legitimate"
traffic from such poorly-configured servers to be rejected.

In short, like you should do for any application, do the appropriate
research so that you UNDERSTAND what the recommended options are doing
for you ( or TO you ) and tailor your selection(s) to meet YOUR specific
needs.  In the case of using Postfix to filter mail to reduce the
inbound spam to an old, feature-poor mail server, it took some research
and some experimenting with different recommendations to achieve the
solution that met the needs of a particular user community.

Like I said, this is just my $0.02 (US) worth.  Enjoy. ;^>

-- 
Ron Loftin  relof...@twcny.rr.com

"God, root, what is difference ?"   Piter from UserFriendly

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Nataraj]

On 03/12/2012 09:08 PM, Ron Loftin wrote:
>
> I'm going to chuck in my 2 cents worth here, as I've been using Postfix
> as a first-line filter for some years now.
>
> All of the above suggestions are very useful.  The only point that I
> haven't seen in this thread is that mail server/filter configs are
> extremely user-dependent.  I started out with some of the more
> restrictive options discussed here, but I had to relax a few of them for
> the client involved.  It seems that they were doing business with some
> folks ( both customers and suppliers ) who were using poorly-configured
> mail servers, and some of the options given above can cause "legitimate"
> traffic from such poorly-configured servers to be rejected.
>
> In short, like you should do for any application, do the appropriate
> research so that you UNDERSTAND what the recommended options are doing
> for you ( or TO you ) and tailor your selection(s) to meet YOUR specific
> needs.  In the case of using Postfix to filter mail to reduce the
> inbound spam to an old, feature-poor mail server, it took some research
> and some experimenting with different recommendations to achieve the
> solution that met the needs of a particular user community.
>
> Like I said, this is just my $0.02 (US) worth.  Enjoy. ;^>
>

Yes, this is very much true.  It takes a bit of tuning to find the right
settings for each mail environment.  Turn things up too high and your
phone will ring off the hook with user complaints about rejecting mail
that they want to receive.  Fortunately you can define multiple
smtpd_restriction_classes and apply different policies by matching on
who the recipient, sender, client domain etc is.  An example would be:

NOTE THIS example is hypothetical, I don't suggest that anyone try to
use my extra_restrictive class on a production system without testing.

smtpd_restriction_classes = extra_restrictive, restrictive, permissive

extra_restrictive =
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client hostkarma.junkemailfilter.com =127.0.0.2
reject_rbl_client dnsbl.sorbs.net
reject_rhsbl_sender whois.rfc-ignorant.org
reject_rhsbl_sender postmaster.rfc-ignorant.org
reject_rhsbl_sender abuse.rfc-ignorant.org
reject_rhsbl_sender hostkarma.junkemailfilter.com=127.0.0.2
reject_rbl_client l2.apews.org

restrictive =
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net

permissive =
reject_rbl_client pbl.spamhaus.org

smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
check_recipient_access proxy:pgsql:/etc/postfix/vpm_recipient_access
##
# NOTE: YOU MUST ALWAYS check for valid recipients before checking
# for sender exceptions, otherwise anyone who passes the
# sender exceptions will be allowed to use us as a relay.
##
check_sender_access hash:/etc/postfix/smtpd_sender_access
check_recipient_access hash:/etc/postfix/smtpd_recipient_access
check_policy_service unix:private/vpm-pfpolicy
reject_unauth_destination



Then is smtpd_recipient_access I have:

domain1.comrestrictive
ab...@domain1.comextra_restrictive
postmas...@domain1.comextra_restrictive
registrar_domain_cont...@domain1.com extra_restrictive
domain2.compermissive


Nataraj


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and spam, I am impressed

[Nataraj]

On 03/12/2012 10:06 PM, Nataraj wrote:
> On 03/12/2012 09:08 PM, Ron Loftin wrote:
>> I'm going to chuck in my 2 cents worth here, as I've been using Postfix
>> as a first-line filter for some years now.
>>
>> All of the above suggestions are very useful.  The only point that I
>> haven't seen in this thread is that mail server/filter configs are
>> extremely user-dependent.  I started out with some of the more
>> restrictive options discussed here, but I had to relax a few of them for
>> the client involved.  It seems that they were doing business with some
>> folks ( both customers and suppliers ) who were using poorly-configured
>> mail servers, and some of the options given above can cause "legitimate"
>> traffic from such poorly-configured servers to be rejected.
>>
>> In short, like you should do for any application, do the appropriate
>> research so that you UNDERSTAND what the recommended options are doing
>> for you ( or TO you ) and tailor your selection(s) to meet YOUR specific
>> needs.  In the case of using Postfix to filter mail to reduce the
>> inbound spam to an old, feature-poor mail server, it took some research
>> and some experimenting with different recommendations to achieve the
>> solution that met the needs of a particular user community.
>>
>> Like I said, this is just my $0.02 (US) worth.  Enjoy. ;^>
>>
pbl.spamhaus.org (dynamic IP address RBL) is generally quite safe for
most sites to use from postfix.  The rest of the spamhaus RBL's such as
the combination that you get from zen.spamhaus.org are mostly safe
(better than all others that I've tried), but not 100%.   Most others
that I've tried I have gotten a fair number of false positives over time
(This includes dul.dnsbl.sorbs.net, the sorbs dynamic IP RBL).  Many
people feel that most other RBL's need to be used with a scoring
mechanism, such as that provided by spamassasin, instead of directly
from postfix to avoid getting too many false positives.

Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos