date:20030131

looping Apache with IMP

2003-01-31 Thread Russell Coker

I am running some Apache machines as IMP webmail servers.  I have a problem of 
Apache processes going into an infinite loop.

I have attached the gdb function list of two different variants on the looping 
theme (every day I accumulate a few processes in each of these variants).  
The virtual size is about 140M, largely because of the shared memory of ~80M.  
There should not be any cause for memory allocation problems (the machine has 
4G of RAM of which 2G is disk cache because nothing else uses it).

Now, is it possible to convince gdb to show me the parameters to malloc() and 
realloc() even though I'm not running the debugging version of gdb?

I am hesitant to install the debugging gdb because it will involve some 
down-time for the users, and it might even make the problem disappear (which 
is not what I want - I want it fixed and the fix to be in Debian).

I'm running Debian/unstable because I need the latest horde2, imp3, and php4 
packages.  I have also customised all those packages a bit (which is why I 
haven't filed a bug report yet).

The issue here is that there is either a bug in libc6, or PHP is passing bad 
parameters to malloc() and realloc() functions which libc6 isn't handling 
properly.

Any ideas?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

#0  0x40136dea in mallopt () from /lib/libc.so.6
#1  0x40135fed in malloc () from /lib/libc.so.6
#2  0x4024ff35 in _emalloc () from /usr/lib/apache/1.3/libphp4.so
#3  0x4025015b in _erealloc () from /usr/lib/apache/1.3/libphp4.so
#4  0x402bbae4 in ps_srlzr_encode_php () from /usr/lib/apache/1.3/libphp4.so
#5  0x402bbf8b in ps_srlzr_decode_php () from /usr/lib/apache/1.3/libphp4.so
#6  0x402bc36f in ps_srlzr_decode_php () from /usr/lib/apache/1.3/libphp4.so
#7  0x402be8e5 in zm_activate_session () from /usr/lib/apache/1.3/libphp4.so
#8  0x402be935 in zm_deactivate_session () from /usr/lib/apache/1.3/libphp4.so
#9  0x4026aec6 in module_registry_cleanup ()
   from /usr/lib/apache/1.3/libphp4.so
#10 0x4026cba2 in zend_hash_apply () from /usr/lib/apache/1.3/libphp4.so
#11 0x40268150 in zend_deactivate_modules ()
   from /usr/lib/apache/1.3/libphp4.so
#12 0x40274b4d in php_request_shutdown () from /usr/lib/apache/1.3/libphp4.so
#13 0x40271b03 in apache_php_module_main () from /usr/lib/apache/1.3/libphp4.so
#14 0x402725ae in php_restore_umask () from /usr/lib/apache/1.3/libphp4.so
#15 0x40272615 in php_restore_umask () from /usr/lib/apache/1.3/libphp4.so
#16 0x08053b34 in ap_invoke_handler ()
#17 0x0806368c in ap_some_auth_required ()
#18 0x080636e8 in ap_process_request ()
#19 0x0805ce2b in ap_child_terminate ()
#20 0x0805d05e in ap_child_terminate ()
#21 0x0805d2e8 in ap_child_terminate ()
#22 0x0805d76a in ap_child_terminate ()
#23 0x0805dcbd in main ()
#24 0x400e29f1 in __libc_start_main () from /lib/libc.so.6

#0  0x40136dea in mallopt () from /lib/libc.so.6
#1  0x401374da in mallopt () from /lib/libc.so.6
#2  0x4013630f in realloc () from /lib/libc.so.6
#3  0x402501d9 in _erealloc () from /usr/lib/apache/1.3/libphp4.so
#4  0x40302e72 in zif_var_export () from /usr/lib/apache/1.3/libphp4.so
#5  0x40302fd2 in zif_var_export () from /usr/lib/apache/1.3/libphp4.so
#6  0x40302fd2 in zif_var_export () from /usr/lib/apache/1.3/libphp4.so
#7  0x40303132 in php_var_serialize () from /usr/lib/apache/1.3/libphp4.so
#8  0x402bbb6d in ps_srlzr_encode_php () from /usr/lib/apache/1.3/libphp4.so
#9  0x402bbf8b in ps_srlzr_decode_php () from /usr/lib/apache/1.3/libphp4.so
#10 0x402bc36f in ps_srlzr_decode_php () from /usr/lib/apache/1.3/libphp4.so
#11 0x402be8e5 in zm_activate_session () from /usr/lib/apache/1.3/libphp4.so
#12 0x402be935 in zm_deactivate_session () from /usr/lib/apache/1.3/libphp4.so
#13 0x4026aec6 in module_registry_cleanup ()
   from /usr/lib/apache/1.3/libphp4.so
#14 0x4026cba2 in zend_hash_apply () from /usr/lib/apache/1.3/libphp4.so
#15 0x40268150 in zend_deactivate_modules ()
   from /usr/lib/apache/1.3/libphp4.so
#16 0x40274b4d in php_request_shutdown () from /usr/lib/apache/1.3/libphp4.so
#17 0x40271b03 in apache_php_module_main () from /usr/lib/apache/1.3/libphp4.so
#18 0x402725ae in php_restore_umask () from /usr/lib/apache/1.3/libphp4.so
#19 0x40272615 in php_restore_umask () from /usr/lib/apache/1.3/libphp4.so
#20 0x08053b34 in ap_invoke_handler ()
#21 0x0806368c in ap_some_auth_required ()
#22 0x080636e8 in ap_process_request ()
#23 0x0805ce2b in ap_child_terminate ()
#24 0x0805d05e in ap_child_terminate ()
#25 0x0805d2e8 in ap_child_terminate ()
#26 0x0805d76a in ap_child_terminate ()
#27 0x0805dcbd in main ()
#28 0x400e29f1 in __libc_start_main () from /lib/libc.so.6

142M

Re: Exim and LDAP

2003-01-31 Thread ragnar

Hi,

> > Well, short of creating thousands of new aliases, and a
> > way for them to maintain them,

> > can anyone figure out a creative way
> > in an Exim/LDAP filter to match the localpart of 'First.Last'
> > against the sn and givenname attributes?

On one project I had to do "creating thousands of new aliases"
each night. It uses a bash script to scan more than 10.000
small text files and extract some 4000 aliases.
It is not perfect but it has worked for more than a year
so I have stoped thinking about it.

It could help to promt for and create an entry with the
reqested content of 'First.Last'. Auto creation of that
could mess things up.

Probaly not relevant, on another system I do extra work when
creating an account with /usr/local/sbin/adduser.local

Best
[EMAIL PROTECTED]

--
Support freedom, -- give bandwith and diskspace
 to Freenet  -- http://freenetproject.org


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: Denial of Service via UCE

2003-01-31 Thread Greg Wright

This issue happened with us.

Your ONLY solution is to try and co-locate a server upstream from your
site, run a NIX based server (I am a windows guy, Im not evangelising,
its just Windows apps are (mostly??) all based on the IIS SMTP mail
sink, and have to accept the ENTIRE message before being able to filter
its content.. Useless..)

You want to attempt to identify the spam by its content as early in the
transfer as possible. For us, we did it by creating a list of valid
email addresses, and rejecting EVERYTHING else. We also tried, but
weren't overly successful with basic content filtering using Sendmail.

The result, instead of receiving a 7kb spam undeliverable, we received a
few hundred bytes of the header data until we got the MAIL
TO:[EMAIL PROTECTED] detected it as an invalid incoming message and
dropped it immediately.

This way, we limited the exposure, we stopped the cost from bearing on
us, we also stopped the link saturation.

We also tried Snort with on-the-fly PIX rules, but this is unworkable as
the number of hosts cause the PIX to take longer to apply the ACL's that
is workable. The theory was great, mind you. Pity SMTP is designed to
try and get around an uncontactable mail server and just passed the
message to our backup MX (hosted offsite for redundancy)

Do NOT accept that it will go away in a few days. Our issue lasted over
2 months. Solid. (We logged 2Gb of data in the first few hours of the
problem occurring. Filled the disks on our Exchange mail server after
another few hours, despite the Network Associates Webshield system being
able to handle the deluge, exchange just didn't cope!

I still have a screenshot of the number of messages we received during
the most busy hour. Which was well over the tens of thousands... (at 7k
per message average)

Our logfiles had to be cleaned almost daily to reduce the amount of disk
space consumed by logs alone.

This is one of the most unbelievably effective DOS attacks, because most
all SMTP servers are already willing 'zombies' waiting to attack a host,
and the SMTP protocol was designed to not give up easily. So, a single
message can rety a number of times, multipled by the number of hosts
trying to send email and its pretty obvious how damaging this can be..

I truly feel for your situation.

Regards,
Greg

-Original Message-
From: Peter Billson [mailto:[EMAIL PROTECTED]] 
Sent: Friday, 31 January 2003 5:33 AM
To: Pulu 'Anau
Cc: [EMAIL PROTECTED]
Subject: Re: Denial of Service via UCE

Pulu,
  You may want to ask someone with a fatter pipe to act as your MX where
they can bit-bucket the UCE then forward on the good stuff to you.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Pulu 'Anau wrote:
> 
> Hi, this is not particularly a debian related question but this is the
> most knowledgable list that I track, and I hope someone here might
have a
> "miracle answer" that we can't think of.

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Time servers (ntp) wanted

2003-01-31 Thread Michelle Konzack

Hello Adrian, 

Am 11:10 2003-01-28 +0100 hat Adrian 'Dagurashibanipal' von Bidder
geschrieben:
>
>Yo!
>
>In short: If you have a computer with a static IP address, I'd be glad
>if you'd run ntpd and offered it for public use on the time.fortytwo.ch
>DNS round robin. Expected traffic is very low - I hope to get as many
>time servers as I can, so the load will be spread as far as possible.

Curently I habe only a 39 Computer-Local-LAN but with my own ntp-server, 
exactly xntp3 which get the time-Information with the DCF-77 receiver... 
from Braunschweig/Germany. 

>The longer version:
>
>In the comp.protocols.time.ntp newsgroup, it was discussed that some of
>the public time servers (as listed somewhere on ntp.org) are having
>problems with too much traffic.

How many requests ??? 

I run a 10 yeears old VLB-Board with an Cx486dx40 and 16 Mbyte of 
memory running Woody. I update the Computers every 5 Minutes for 
testing and there is around no load... 

I think, the Timeservers use a little bit bigger machine, but can 
handle several 1000th hit a second... 

>
##  Get the Power of Debian/GNU-Linux
##


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Exim AUTH testing

2003-01-31 Thread David H. Clymer

I'm attempting to set up SMTP authentication using exim. I can get it to
work if i dont check for null values, but when i try to add some extra
logic to do that i get an error that I dont quite understand, and so It
isnt really helpful in debugging this issue.

note: i'm only working on the AUTH PLAIN facility ATM

original config:

 plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if eq{$2}{${lookup mysql{SELECT password FROM
user WHERE username='$1'}{$value}fail}}{1}{0}}
   server_set_id = $1

original result (excerpt from: exim -d9 -bs):

plain authenticator:
  $1 = [EMAIL PROTECTED]
  $2 = hackme
expanded string: 1
SMTP>> 235 Authentication succeeded
235 Authentication succeeded


null checking config:

 plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if !eq{$1}{} and{ !eq{$2}{}} and
{eq{$2}{${lookup mysql{SELECT password FROM user WHERE
username='$1'}{$value}fail}}}{1}{0}}
   server_set_id = $1

null checking result (exerpt from exim -d9 -bs):

plain authenticator:
  $1 = [EMAIL PROTECTED]
  $2 = hackme
expanded string: nd{ !eq{hackme and {eq{hackme}{hackme}}{1}{0}}
SMTP>> 435 Unable to authenticate at present: nd{ !eq{hackme and
{eq{hackme}{hackme}}{1}{0}}
435 Unable to authenticate at present: nd{ !eq{hackme and
{eq{hackme}{hackme}}{1}{0}}
LOG: 0 MAIN REJECT
  Authentication failed for : 435 Unable to authenticate at present: nd{
!eq{hackme and {eq{hackme}{hackme}}{1}{0}}

what does the nd{ * signify? it looks like its the last part of "and".
if that is the case, why is the expanded string truncated at that point?
i'm a bit confused. if anyone can unconfuse me or just help me help
myself, that would be great.

davidc


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

mod_vhost_alias and throttling

2003-01-31 Thread Duane Powers

hi list,

I'm using mod_vhost_alias for both name and ip based virtual hosting, 
I'd like to enable b/w limits for the vhosts, I've looked at 
mod_throttle, but it doesn't appear to play nice with mod_vhost_alias.
I'm thinking I can't throttle through the switch, since name-based 
vhosts share ip's, so I'm wondering how you guys and girls get around 
this? urls and tips welcome.

Thanks
~duane
--
	 D U A N E P O W E R S
	  [EMAIL PROTECTED]
  __
.´  `.
: :' !   Enjoy
`. `´   Debian/GNU Linux
  `-   Now even on the 5 Euro banknote!


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

looping Apache with IMP

Re: Exim and LDAP

RE: Denial of Service via UCE

Re: Time servers (ntp) wanted

Exim AUTH testing

mod_vhost_alias and throttling

6 matches

Site Navigation

Mail list logo

Footer information