Re: calculation of mail traffic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El Jueves, 20 de Marzo de 2003 02:50, [EMAIL PROTECTED] escribió: > [EMAIL PROTECTED] said: > > Well.. I can also grep "From:" to see wich addresses are sending more > > mails than usual, don't I? > > You're joking, right? From: is easily faked, and any bulk spammer fakes it. Yes, "From:" is easily faked, but if I see an IP that uses many differents "From:"s I can block it, and if I see a "From:" that should not be allowed, I can block it, too... > > Unless you block your clients from sending on port 25, you can't tell what > mail they're sending. I think I've not said outgoing mail server and incoming mail server are two different computers... > If you do block port 25, I wouldn't expect your commercial clients to be > happy. I would never block port 25... why? > > If you force (by firewall rules or otherwise) them to use mail.bigisp.com > as their outgoing relay, they might feel you're invading their privacy. > Would you want someone checking your phone calls (for other than billing > purposes)? I'm sorry but I think we're not talking about the same... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+eX0cGOU6HQZ81TcRAoJAAKCukO5Qj67riCKUtIceFYhmVT+6RwCgh+KI 8lwYGR5xGtd+iZiZiTTQr6k= =0muG -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: VPN
Ciao Samuele, I've tried both ssh and ipsec. SSH+PPPD is quite easy to set up and works just fine but has sometimes some minor problems with the connection link not being taken down. IPSec+FreeS/wan is (maybe) a cleaner solution but has some strong requirements you should take into considration. Imho pptpd should be avoided at all: i run it only to communicate with an adsl modem (so i don't have any real life experience) and i'm not really happy with it. Moreover it seems to be less reliable then the above. Samuele wrote: Hi there. I have to set up a VPN service on some Debian (woody) servers, and since I have no experienced with this I am searching for advices and hints about the best implementation among: . SSH + PPPD (as explained in the VPN HOWTO) . IPSec + FreeSwan (which seems to be more secure) . OpenVPN . tinc . pptpd ... Suggestions and advices are welcome. Bye. -- Samuele Catusian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multi-Link Machine
There is a solution for your problem, 1. Forget ifconfig, and route 2. Get knowlege about ip and tc (iproute package) 3. Compile QoS into kernel. 4. Check Linux-advanced iprouting-howto http://www.linuxdocs.org/HOWTOs/Adv-Routing-HOWTO.html My project is also like this but I not finished yet. R. Idézve: Dátum: 2003/3/9 4:38:59. Feladó: Brad Lay <[EMAIL PROTECTED]>. >I have a linux machine with 2.4.19 on it, and 2 Internet links. > >eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I >want to route certain ips ranges over this link. 144.135.23.0/24 for eg. > >eth1 is the internal interface on 192.168.0.0/24 > >eth2 is an adsl connection with a static ip which I want to be the default >route for any traffic left over. > >I can get this to sort of work, but traceroute'ing to anything I set >static routes [1] with, doesn't work because I assume that it trys to come >back via the default route. Is that right? > >Also I need to break the adsl connection into 2 parts, its a 512kbit link, >so I would like to take 384kbit and 128kbit of the link, and assign >128kbit to 192.168.0.192/27 which would be done on eth1, but I don't want >to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste >to shape it down to 128kbit now isnt it :) > >Is any of this possible or am I just dreaming? > >[1] route add -net ip.add.re.ss netmask 255.255.255.255 gw > >Thanks in advance. > > >[NOTE: I've been to lartc.org and emailed them also, hoping to find some >help, so no point telling me about them again, as I already have been and >read the howto :-)] > >Regards, > >Brad Lay >([EMAIL PROTECTED]) > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
QoS and tc
Does anyone know any site where I can get knowledges about the technology of setting up QoS in linux kernel. I would like to understand the philosophy of this technology. What are classes, what are qdiscs, how they are connecting to eachother. Maybe it is my supidity, but the manual pages and the linux howto describes somthing, but I can't understand these. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: VPN
My opinion: If you want to use reliable ipsec The only choice is FreeSwan/IPSec. We could solve any problems with it (not so easy but works). R. Idézve: Dátum: 2003/3/19 11:51:36. Feladó: Samuele <[EMAIL PROTECTED]>. > Hi there. >I have to set up a VPN service on some Debian (woody) servers, and since I >have no experienced with this I am searching for advices and hints about >the best implementation among: > > . SSH + PPPD (as explained in the VPN HOWTO) > . IPSec + FreeSwan (which seems to be more secure) > . OpenVPN > . tinc > . pptpd > ... > >Suggestions and advices are welcome. > >Bye. > >-- >Samuele Catusian > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: QoS and tc
On Thu, 20 Mar 2003, [windows-1250] Szőts Róbert wrote: > Does anyone know any site where I can get knowledges about the > technology of setting up QoS in linux kernel. http://www.docum.org/ -- Miernik _ / / tel.: +48608233394 / / mailto:[EMAIL PROTECTED] __/___/ ICQ UIN: 4004001 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: anti virus software for mail server
"J.J. van Gorkum" <[EMAIL PROTECTED]> writes: > amavisd-new (amavisd-ng has some mime decoding problems... especially > pgp/gpg encrypted mail) As the maintainer of AMaViS-ng I am looking forward to your bug report about the issues you have encountered. Regards, -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Combining 2 Ethernet NICS -> 1 IP address SOLUTION THANKS
On Wed, 2003-03-19 at 18:18, J.J. van Gorkum wrote: > On Wed, 2003-03-19 at 03:46, alan graham wrote: > > I have been trying unsuccessfully to find doco on combining 2 Ethernet > > NICS, such that only one IP address is presented to clients. > > > apt-get install ifenslave > > less /usr/src/kernel-source-2.4.20/Documentation/networking/bonding.txt > > That is all you need. > -- > JJ van Gorkum Knowledge Zone > If UNIX isn't the solution, you've got the wrong problem. Cheers, just what I was searching for. Just need to check that the old SMC interface supports MII link status reporting... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: calculation of mail traffic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El Jueves, 20 de Marzo de 2003 02:50, [EMAIL PROTECTED] escribió: > [EMAIL PROTECTED] said: > > Well.. I can also grep "From:" to see wich addresses are sending more > > mails than usual, don't I? > > You're joking, right? From: is easily faked, and any bulk spammer fakes it. Yes, "From:" is easily faked, but if I see an IP that uses many differents "From:"s I can block it, and if I see a "From:" that should not be allowed, I can block it, too... > > Unless you block your clients from sending on port 25, you can't tell what > mail they're sending. I think I've not said outgoing mail server and incoming mail server are two different computers... > If you do block port 25, I wouldn't expect your commercial clients to be > happy. I would never block port 25... why? > > If you force (by firewall rules or otherwise) them to use mail.bigisp.com > as their outgoing relay, they might feel you're invading their privacy. > Would you want someone checking your phone calls (for other than billing > purposes)? I'm sorry but I think we're not talking about the same... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+eX0cGOU6HQZ81TcRAoJAAKCukO5Qj67riCKUtIceFYhmVT+6RwCgh+KI 8lwYGR5xGtd+iZiZiTTQr6k= =0muG -END PGP SIGNATURE-
Re: VPN
Ciao Samuele, I've tried both ssh and ipsec. SSH+PPPD is quite easy to set up and works just fine but has sometimes some minor problems with the connection link not being taken down. IPSec+FreeS/wan is (maybe) a cleaner solution but has some strong requirements you should take into considration. Imho pptpd should be avoided at all: i run it only to communicate with an adsl modem (so i don't have any real life experience) and i'm not really happy with it. Moreover it seems to be less reliable then the above. Samuele wrote: Hi there. I have to set up a VPN service on some Debian (woody) servers, and since I have no experienced with this I am searching for advices and hints about the best implementation among: . SSH + PPPD (as explained in the VPN HOWTO) . IPSec + FreeSwan (which seems to be more secure) . OpenVPN . tinc . pptpd ... Suggestions and advices are welcome. Bye. -- Samuele Catusian
Re: Multi-Link Machine
There is a solution for your problem, 1. Forget ifconfig, and route 2. Get knowlege about ip and tc (iproute package) 3. Compile QoS into kernel. 4. Check Linux-advanced iprouting-howto http://www.linuxdocs.org/HOWTOs/Adv-Routing-HOWTO.html My project is also like this but I not finished yet. R. Idézve: Dátum: 2003/3/9 4:38:59. Feladó: Brad Lay <[EMAIL PROTECTED]>. >I have a linux machine with 2.4.19 on it, and 2 Internet links. > >eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I >want to route certain ips ranges over this link. 144.135.23.0/24 for eg. > >eth1 is the internal interface on 192.168.0.0/24 > >eth2 is an adsl connection with a static ip which I want to be the default >route for any traffic left over. > >I can get this to sort of work, but traceroute'ing to anything I set >static routes [1] with, doesn't work because I assume that it trys to come >back via the default route. Is that right? > >Also I need to break the adsl connection into 2 parts, its a 512kbit link, >so I would like to take 384kbit and 128kbit of the link, and assign >128kbit to 192.168.0.192/27 which would be done on eth1, but I don't want >to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste >to shape it down to 128kbit now isnt it :) > >Is any of this possible or am I just dreaming? > >[1] route add -net ip.add.re.ss netmask 255.255.255.255 gw > >Thanks in advance. > > >[NOTE: I've been to lartc.org and emailed them also, hoping to find some >help, so no point telling me about them again, as I already have been and >read the howto :-)] > >Regards, > >Brad Lay >([EMAIL PROTECTED]) > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > >
QoS and tc
Does anyone know any site where I can get knowledges about the technology of setting up QoS in linux kernel. I would like to understand the philosophy of this technology. What are classes, what are qdiscs, how they are connecting to eachother. Maybe it is my supidity, but the manual pages and the linux howto describes somthing, but I can't understand these. Thanks.
Re: VPN
My opinion: If you want to use reliable ipsec The only choice is FreeSwan/IPSec. We could solve any problems with it (not so easy but works). R. Idézve: Dátum: 2003/3/19 11:51:36. Feladó: Samuele <[EMAIL PROTECTED]>. > Hi there. >I have to set up a VPN service on some Debian (woody) servers, and since I >have no experienced with this I am searching for advices and hints about >the best implementation among: > > . SSH + PPPD (as explained in the VPN HOWTO) > . IPSec + FreeSwan (which seems to be more secure) > . OpenVPN > . tinc > . pptpd > ... > >Suggestions and advices are welcome. > >Bye. > >-- >Samuele Catusian > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > >
Re: QoS and tc
On Thu, 20 Mar 2003, [windows-1250] Szőts Róbert wrote: > Does anyone know any site where I can get knowledges about the > technology of setting up QoS in linux kernel. http://www.docum.org/ -- Miernik _ / / tel.: +48608233394 / / mailto:[EMAIL PROTECTED] __/___/ ICQ UIN: 4004001
Re: anti virus software for mail server
"J.J. van Gorkum" <[EMAIL PROTECTED]> writes: > amavisd-new (amavisd-ng has some mime decoding problems... especially > pgp/gpg encrypted mail) As the maintainer of AMaViS-ng I am looking forward to your bug report about the issues you have encountered. Regards, -Hilko
Re: Combining 2 Ethernet NICS -> 1 IP address SOLUTION THANKS
On Wed, 2003-03-19 at 18:18, J.J. van Gorkum wrote: > On Wed, 2003-03-19 at 03:46, alan graham wrote: > > I have been trying unsuccessfully to find doco on combining 2 Ethernet > > NICS, such that only one IP address is presented to clients. > > > apt-get install ifenslave > > less /usr/src/kernel-source-2.4.20/Documentation/networking/bonding.txt > > That is all you need. > -- > JJ van Gorkum Knowledge Zone > If UNIX isn't the solution, you've got the wrong problem. Cheers, just what I was searching for. Just need to check that the old SMC interface supports MII link status reporting...
