Re: Sendmail vs. ?
Nick Jennings wrote: > It seems that you've had little experience with anything but sendmail, > so you're opinion may be rather biased. > > I have used sendmail, exim, postfix and qmail and I think that exim and > postfix are very good, high performance yet easily configurable and > maintainable mail servers. Qmail I here gives better performance, but > it's a hassle to maintain. > > I migrated from sendmail to exim and it was extremely easy (thanks to > exim's amble documentation). > Here comes the holy war Seriously though, I use qmail+vpopmail and its easy, fast, secure and fun. The only pain is on instalation. Aside from that it could be a little of a pain to migrate your accounts but a little scripting and kazam, it will be done. Its real easy to administer and has a bunch of quota options per domain and stuff like that. Everyone hates its /var/qmail structure and i am not the exception but i think its well worth it when combined with vpopmail's structure: /home/vpopmail/domains/*/users/* I love the thing and i think it has earned its reputation for being a very secure server...although we all know that its never the software's fault. G'Luck Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Qmail relay control
Mhm cant seem to find a file for allowed relay-from hosts on qmail such as the one in sendmail i need (as everybody) to deny relaying from everywhere but a well defined set of ip's. Please, pretttyplease, prettypleasewithacherryontop help me! Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: strange smtp blockings
Jaume Teixi wrote: >hello, > >one of my servers has problems sending mail to anothers: Connection Deferred > >its not a sendmail issue because telnetting the hosts at 25 also is blocked >rblcheck doesn-t show any block for its ip >other ips on same range are not blocked on that hosts >it happens on some kind of hosts on different networks and with different mail systems >on hosts.allow i-ve sendmail: all and on hosts.deny ALL: PARANOID > >I cannot understand this issue, any points? > >tx! > >jaume teixi. > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > My guess is you got banned for open relayingcheck www.mail-abuse.org...i happen to be a first hand expert on this issue...heh..:) Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Building NAS
Im not really experienced but I would say im trying to do the same thing here. As of now, the globalfs's (http://www.globalfilesystem.org ) site has proved to be agood source of information, and also they have a proposal for SAN that you probably want to look at. Alex > > >1) What kind of network overhead can i expect to see on the diffrent >network protocols? >2) Currently im heading for Ext3fs as filesystem but ive been looking >at XFS which sounds very promising too. If anyone have some experince >and can spread some light on it i would be very grateful. >3) Where in the systems is it most likely that i will experince >bottlenecks? >4) Just general comments on the system and if anyone have any >experinces building a NAS. I have looked at VA-linux NAS solutions >which in overall look alike the system i thought i would build for my >company allthough i think their systems are way to expensive which is >also why we are going to build our own ;-) > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Building NAS
I think i bit my own tail on this one. Im pretty exited about this SAN stuff but thats not at all what you meant... its actually ocurred to me that it says NAS...hehe Sorry for all the noise Oh yeah, the proposal for a SAN is the globalfs itself combined with neat par. scsi or fc stuff i think its pretty cool but as i said, it doesnt answer your question Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Cistron-Radius Users
Hi, Ive a client that wants to choos his radius platform. Despite my say that its not that important and that a cistron/debian/Big Baad carrier class hardware radius would more than take care of him (c'mon...its like 2000 users tops!), he still wants the lucent navis thingie. cant blame him, it has some mean java apps for configuration and a very propietary language for (get this) "Policy speciffication" (which is long for fallback authent). The only thing that would move him is if I get some success stories from using cistron radiusthe bigger the number the better. So, you guys know of BIG names (or numbers) using cistron radius?? Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ISP administratoin program
Freeside! Freeside!! http://www.sisd.com/freeside/ Not that i use it or anything, but it looks like a nice starting point to an ISP that wants to build his own stuff Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Sendmail->vpopmail
Hey debisps and whatnot, I need to migrate some mailboxes in standard mbox format from a solaris box+sendmail to a Debian qmail+vpopmail solution I had never seen this sendmail mbox format in this way (until i stfw) im shure though, that youll immediatly recognize it: /mnt/[a-n]/[a-z]/user.leftmost-domain-name-component Say /mnt/[n-z]/[a-z]/auser.foo (for foo.bar) This should, of course, be converted to maildir+vmailmgr format which goes (as you know): /vmailhome/domains/domain/user/allmailshere Say /vmailhome/domains/foo.bar/auser/Maildir/hismails Now the sole mbox's filename is not enough to build the proper vpopmail boxes (through a script) now, we are talking of about 15gigs of mail here and, of course, I need a script to do this. No problem, i can script that and have many mbox2maildir tools available (in perl its 10 lines). The problem is that I dont know in which of sendmail's many files can i find a direct mapping: [EMAIL PROTECTED] unixusername (auser.foo) [EMAIL PROTECTED] unixusername (anotheruser.lee) Or a way to generate such a thing.if i had this, i could script this in ten minutes, and have the conversion done in an hour tops.The confusion arrises from the fact that im not shure if auser.foo and auser.foo.bar (from say [EMAIL PROTECTED]) are the same guy, or go to the same domain or whatever!.. if i dont have a table as that explained above. Let alone thati cant get the endings of their domains for auser.foo and auser.foo.bar how can i tell which is foo.bar.net and which is foo.bar ...for that matter, how the hell do i create the vmailmgr's directories if i dont know (for real) how the domains should end... Any ideas from those sendmail gurus out there??? Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: centralize passwords
El mié, 26-06-2002 a las 13:20, Erick Lopez Carreon escribió: > Hello: > > I am looking for the best way to centralize passwords > of my network, I need: > > - To centralize the access to the maquinas nix of the > network, I have read something of NIS and of PAM to > use shadow this I call passwords to him of the system Erick: Do i know u??? Well neways... NIS was designed for this but does have some shortcommings...id use it though Also, if its a simple need you can use webmin's "cluster" capability which allows you to (asynchronically) synchronize [heh] passwd files between servers. > > - That the passwords of the users win of the server > samba are sincronizen better with those of smbpasswd > and even with those of shadow Yeahas far as i can tell you can do this toocheck the samba howtos included in woody's samba/samba-doc packages > > - That squid autentifique and that the pairs > usuario/password are sincronizen or are the same ones > of the system, since normally a user with a mail > account also has access to the Internet at the moment > use authentication NCSA No problem.squid authentificates against practically everything known to man specially, if youve syncronized to samba, you can use the smb_auth auth module which ive used extensively. Also, you can centralize most of what you say to a mysql backend by pam and have everything auth therenot to mention (because i dont know squat about them) the ldap posibilitiesyou chose three (smb,passwd and squid) very well supported thingies if you need flexibility in password storage/auth. > > > Some idea? > > Thanks in advance. > > = > Erick Ivaan Lopez Carreon > CuahutliMexica > Ing. en Electronica > Soñador aficionado. > www.fsl.org.mx > > __ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RCS control for config files
Heyas debian zealots, Ive finnaly come to a point where i think im needing revision control for my configuration files on some servers So i thought id come in and ask you guys if there is some vertical stuff explicitly for this purpose or if you yourselves simply cvs ci your /etc directory et all.. Or any tips would be appreciated (like "i use emacs and rcs...works for me") Alex Borges Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RCS control for config files
Wow.tx a lot guys, thats a lot of very rich options i shouldve posted it to slashdot too...:) Alex El lun, 01-07-2002 a las 16:41, Alex Borges escribió: > Heyas debian zealots, > > Ive finnaly come to a point where i think im needing revision control > for my configuration files on some servers > > So i thought id come in and ask you guys if there is some vertical stuff > explicitly for this purpose or if you yourselves simply cvs ci your /etc > directory et all.. > > Or any tips would be appreciated (like "i use emacs and rcs...works for > me") > > > > Alex Borges > > Step One Group > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Admin for E-MAIL users only
Wide questionthis is refering to If all can be done through webmin, then through webmin it is El jue, 04-07-2002 a las 11:55, rj escribió: > What is the best way to delegate some root privileges for a user > which could only create e-mail accounts and make newaliases? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail vs. ?
Nick Jennings wrote: It seems that you've had little experience with anything but sendmail, so you're opinion may be rather biased. I have used sendmail, exim, postfix and qmail and I think that exim and postfix are very good, high performance yet easily configurable and maintainable mail servers. Qmail I here gives better performance, but it's a hassle to maintain. I migrated from sendmail to exim and it was extremely easy (thanks to exim's amble documentation). Here comes the holy war Seriously though, I use qmail+vpopmail and its easy, fast, secure and fun. The only pain is on instalation. Aside from that it could be a little of a pain to migrate your accounts but a little scripting and kazam, it will be done. Its real easy to administer and has a bunch of quota options per domain and stuff like that. Everyone hates its /var/qmail structure and i am not the exception but i think its well worth it when combined with vpopmail's structure: /home/vpopmail/domains/*/users/* I love the thing and i think it has earned its reputation for being a very secure server...although we all know that its never the software's fault. G'Luck Alex
Re: centralize passwords
El mié, 26-06-2002 a las 13:20, Erick Lopez Carreon escribió: > Hello: > > I am looking for the best way to centralize passwords > of my network, I need: > > - To centralize the access to the maquinas nix of the > network, I have read something of NIS and of PAM to > use shadow this I call passwords to him of the system Erick: Do i know u??? Well neways... NIS was designed for this but does have some shortcommings...id use it though Also, if its a simple need you can use webmin's "cluster" capability which allows you to (asynchronically) synchronize [heh] passwd files between servers. > > - That the passwords of the users win of the server > samba are sincronizen better with those of smbpasswd > and even with those of shadow Yeahas far as i can tell you can do this toocheck the samba howtos included in woody's samba/samba-doc packages > > - That squid autentifique and that the pairs > usuario/password are sincronizen or are the same ones > of the system, since normally a user with a mail > account also has access to the Internet at the moment > use authentication NCSA No problem.squid authentificates against practically everything known to man specially, if youve syncronized to samba, you can use the smb_auth auth module which ive used extensively. Also, you can centralize most of what you say to a mysql backend by pam and have everything auth therenot to mention (because i dont know squat about them) the ldap posibilitiesyou chose three (smb,passwd and squid) very well supported thingies if you need flexibility in password storage/auth. > > > Some idea? > > Thanks in advance. > > = > Erick Ivaan Lopez Carreon > CuahutliMexica > Ing. en Electronica > Soñador aficionado. > www.fsl.org.mx > > __ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RCS control for config files
Heyas debian zealots, Ive finnaly come to a point where i think im needing revision control for my configuration files on some servers So i thought id come in and ask you guys if there is some vertical stuff explicitly for this purpose or if you yourselves simply cvs ci your /etc directory et all.. Or any tips would be appreciated (like "i use emacs and rcs...works for me") Alex Borges Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RCS control for config files
Wow.tx a lot guys, thats a lot of very rich options i shouldve posted it to slashdot too...:) Alex El lun, 01-07-2002 a las 16:41, Alex Borges escribió: > Heyas debian zealots, > > Ive finnaly come to a point where i think im needing revision control > for my configuration files on some servers > > So i thought id come in and ask you guys if there is some vertical stuff > explicitly for this purpose or if you yourselves simply cvs ci your /etc > directory et all.. > > Or any tips would be appreciated (like "i use emacs and rcs...works for > me") > > > > Alex Borges > > Step One Group > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Admin for E-MAIL users only
Wide questionthis is refering to If all can be done through webmin, then through webmin it is El jue, 04-07-2002 a las 11:55, rj escribió: > What is the best way to delegate some root privileges for a user > which could only create e-mail accounts and make newaliases? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IPSEC and PPTP
El vie, 19-07-2002 a las 09:17, Grischa Schuering escribió: > Hello folks, > > I am sure there is somebody who can help me on this matter. It is very > important to me and I will be very grateful if somebody tells me how to > solve it: > > I am using debian woody. > What is the best and easiest way to get a IPSEC tunnel (encrypted e.g. > 3DES) running between two seperate networks ?? > I was reading something about freeswan? Also a couple months ago, I saw > a package "PIPSECD" which no longer exists? Ive succeded in building a pptp tunnel but watch it cause its slow and sucky. Ive also setup ipsec but was not trivial...i did it through the fresswan tarball, not debian. Ive seen ppl do it throough vtun or ssh+ppp (which is probably best documented although not very flexible). > > So what is the easiest an best way to get it running ? > > The other thing is. I would also like to connect to my linux gateway via > a Micorsoft XP PPTP Connexion. This can be done with the pptp daemon on your linux side...no prob, just install it and set it up. Its your choice to use pptp, or rather a choice made for u by microsoft...it SUCKS. > What packages do I have to installed. I think there used to be a MPPE > patch. Wellexplain yourself...do u want a pptp connection to your gateway or do u want to firewall pptp connections in and out your network? >But I don't see it anymore for the actual woody release... > > > Greetings, > > grischa > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Maildirs in Debian [OFFTOPIC-JOKE]
>Mark Crispin > hates Maildir. Mark's feelings may not have a bearing on the final > decisions, I just include that as a datapoint. LOL . I hate round robin and divide and conquer strategies, i loathe chalenge-response authentication, the very thought of heap-sort techniques make me shiver Dear me, we need to get a life geeks NOTE: And, when i woke up, the algorithm was still there. Alex P.S. I just woke up this way, i realize how offtopic this is
Re: my firewall
> > sorry for my english, never study Not bad at all U have a typo on the log_martians part
Re: VPN Tools!
El sáb, 03-08-2002 a las 12:26, axacheng escribió: > Hello List : > > Does anyone knows What is best package on VPN solution > > That package have perfect security , compatibility and friendly config file > for administrator! > Wahahahaha. NO!. 1.- FreeSWAN ---> IPSEC perfectly compatible with...um...'true' IPSEC, that is compliant routers and vpn boxes > pptpd is better than freeswan or have other good package?? @_@ > 2.- PPTPD compatible with windows clientsSUCKS... slow, bitch ass security > BTW, where i could find good document or howto to implement a VPN > environment ??? Many STFW google.com VPN Howto .. also apt-cache search vpn, apt-cache search ipsec 3.- Depending on your needs, consider ssh ppp tunnels, VTUN, stunnel as those are generaly easyer to implement than most other stuff Alex > > Thanks Very Much. ;-) > > -- > Trust & Unique ... > Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: Setting up an SSL Server
Follow Teun's instruction Also, to practice, go set up an unsigned certificate box right now (YES NOW) and look in google for the ssl certificate management HOW-TO as that is the stressfull (diferent) part aboout a ssl http server It helped me a lot and gawd knows im a newbiealso irc.debian.org #apache will get u in touch with some grumpy but very knowledgeable apache warlocks. Alex
Courier imap packages acting up
Mhm weve been using imap forever, generaly we use the tarbalsive been braging about how using the debian packages or maybe even just the system (like, just apt-get source) could save us so much time... In evaluating this, i found out that debian stock courier is buuilt --without-authvchkpw ...okay, no problem, i can just apt-get source, change that without to with in debian/rules file and off we gowe would have debian wooody debs with vchkpw built in therewell no... This is the output from the attampted dpkg-buildpackage : dpkg-source: building courier using existing courier_0.37.3.orig.tar.gz dpkg-source: building courier in courier_0.37.3-2.1.diff.gz dpkg-source: cannot represent change to conftest: binary file contents changed dpkg-source: building courier in courier_0.37.3-2.1.dsc dpkg-source: unrepresentable changes to source Now that sucksanyone knows what is this??? Alex
Re: Courier imap packages acting up [DISREGARD PREVIOUS]
Mhm It works if U edit debian/rules and remove the vchkpw line :) A master is one that teaches himself and shows off to others...sorry for the noise Alex
Re: failure notice (about relays.osirusoft.com)
> > if you really cared about the issue, you'd be a lot more productive if > you spent your energies explaining to chinese-speaking sysadmins what > the spam problem is, why they've been black-listed and what they can do > to get off the list. that would be far more effective than whining on > english-speaking mailing lists and newsgroups. Now. this answer is not acceptable i think. Although, well, everyone is free to speak their mind. IF This guy is indeed internally blocking, for personal reasons, a list that is community supported (in the sense that the community trusts it), then Lim's accusation is valid and serius i think. I mean, there should be no "hidden" records of a list like this one, they should all be open. Otherwise its like a trojan horse to put ppl out of business. Now, i dont know whos spamming who, i hate spam as well. I know most of spam abusers and spam itself comes from Asia, speciffically tw and hk. But even in the shady LUG of my Mexican home town, actually last saturday (anyone else thinks there is a Jungian effect in debian-isp?), we were discussing ways to stop spammers at the mailing lists, or what policies should the group enforce to reduce spamming. Someone actually suggested blocking all of Asia to which every single member objected. Cant do that, ONE lost mail directed to us by a lost mexican newbie living in Hong Kong is reason enough to not block this way. So actually, being told that an important, widely accepted tool as osiru is being secretly controled and changed by one guy is not a hapy thought. I will object to its use if the guys at the LUG propose it as an option to our spam problem. Alex > > given the SPEWS listing, though, it looks like you're possibly a spammer > or spamhaus rather than just an end-user suffering collateral damage. i > hope that's not the case. > > > BTW, I'd be very happy if iAdvantage was owned by me... it being a > > multimillion dollar, publically listed corporation and all. I'm > > actually kind of flattered that SPEWS thinks I'm running the show > > there. > > > > We're one of their customers using their bandwidth... they are one of > > the highest performance bandwidth facilities in HK which is why we use > > them for our bandwidth. > > whether you like it or not, anyone can block email on their own servers > using whatever criteria they choose. you do NOT have a right to have > your mail accepted. nobody does. that choice rests with the recipient > server. > > you have two choices: > > 1. explain to your ISP why they shouldn't be supporting spammers and get > them to enforce an anti-spam policy. > > 2. move to an ISP which doesn't support spammers. if enough people did > this and told them why, your current ISP might finally acquire a clue > and change their ways. > > i recommend trying option 1 first and then, if that fails, option 2. > > > > iAdvantage provides bandwidth to many hundreds of large corporations > > in HK... overall i'd say many thousands of websites are hosted there > > (mostly Chinese probably). So with one fell swoop all these sites can > > no longer send email properly. Can we say collateral damage to the > > max? > > so what? telstra and ozemail (the latter is owned by uunet) here in > australia host thousands of legitimate businesses, and actually show > some signs of pursuing an anti-spam policy. they still get black-listed > (and rightly so) when they're caught running open relays or refuse to > terminate a spammer's account. the truth is that it is ONLY the fact > that various RBLs will list them that has forced them to have an > anti-spam policy and actually enforce it. > > unless it affects their bottom-line (i.e. when the costs of supporting > spam are greater than the profits from supporting spam), they don't care > and they're not going to do anything about it. > > craig > > -- > craig sanders <[EMAIL PROTECTED]> > > Fabricati Diem, PVNC. > -- motto of the Ankh-Morpork City Watch > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: Migrating to a Compaq Proliant DL360G3
You should know that HP is debian friendly (they still wont offer support though), but they do work with debian internally and informally test. I use DELL big baddass servers and smaller (hwIDE-RAID Barracuda arrays) in HP and ive never had a problem at all... Ask the ones who want you to install redhat if they are also fine with paying the redhat service and support fees (you wont get far without it) and with major upgrades every year. Also suggest them to administer the servers themselves if they wish to have a take on the decition. All in all, be certain of what you are doing. If you know redhat better then its probably a better choice, if you know debian better (or the same as redhat) and you know why it would save time/money, then by all means use debian. El mar, 27 de 05 de 2003 a las 07:10, Tomàs Núñez Lirola escribió: > Hi > I must migrate my servers to Compaq Proliant DL360G3 machines. We're looking > several IDCs, and all of them say "Only support for RedHat, SuSE and > Caldera". I want to use Debian (I don't like very much SuSE, I've not used > neither Red Hat nor Caldera, and it's hard to change distro when you're happy > with the one you have), but when I comment this point to the salesman, he > says a lot of "It's difficult" "It's not supported" and things like that. > Even I've found on a budget "We don't take any responsibility on the > installation, functionality or support in case you decide to install Debian". > > In this situation, my boss is evaluating the convenience of installing Debian > on the servers, and he says he likes Red Hat. > > I've looked at Compaq website and I have not found any reference to Debian. > As there are RAID controllers and specific server hardware that I don't know > so far (I've never used hardware RAID at home ;P), I'm afraid of the > difficulty I can find installing Debian in spite of everybody telling me to > install Red Hat. > > Anyway... Does anybody have any experience with this machine (or similar) and > Debian? Is there any website where I can take a look on the compatibility of > this machine (or similar) and Debian? > > Do you recommend me to be stubborn and install Debian anyway? > > Thanks all > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Server hacked - next...?
El dom, 29 de 06 de 2003 a las 02:15, Jason Lim escribió: > Okay... so supposing the whole system needs to be installed, we can make a > backup of the home directory now... but after we restore everything, what > is to stop the hacker immediately re-gaining access again? > > The server is a fully updated "stable" debian system. In fact, it was > updated just yesterday. > > I'm thinking that even if we do all the trouble of a complete > re-installation of the entire system, it won't fix this as it will get > re-hacked again, especailly since we can't see what is going on anymore. > > What do you think? :-( You have to realize this is a normal step in the life of any sysadmin. So stop being worried and learn from it. 1.- Save all thats possible to save (homedirs, emails, homepages) 2.- Yeah, hard to believe an updated, all standard packages woody could be cracked. Its no normal, highschool script kiddie if he pulled that off (probably a college script kiddie though...;)...). Your box as is provides very good information, but you have to realize that, if you didnt take a couple of steps to forsee this, such as having a network flight recorder somewhere to do forensics on your dead box, its going to be hard to determine where and how did he got in. 2-1/2.- Do a list of ANY installed stuff that is not strict debian woody. I mean, web database administrators, counters, extra perl modules got from cpan (as oposed from apt-get isntall libperl...etc.). Its more probable that the first level vulnerability got in there (nevertheless, if you got hacked by a perl script, then the perl package, apache package or similar is borked). 3.- So, mirror your killed hard drive so that you can disect it later, set up the box again with certain limited things, say forbid cgi's and move to mod-perl and php, forbid ppl from having bash cgi's (since there is a good chance this is where they got in). What am i doing? I dunno, there is no checklist that will cover any site, this is what i would do and im not very experienced. But whatever you end up with, you should implement postmortem analysis capabilities to your site (couple of snort/tcpdump boxes and an actual formalization of your security policies will do). So policy is the thing here anyhow, work on that. Think of syslog-ng server, your tcpdump network capture server, snort ID analysys server, log analyzer for the syslog server. Once cracked all one can do is think better for the next time. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Webmail configuration for schools
El mar, 01 de 07 de 2003 a las 07:35, Ross, Chris escribió: > I need to provide email access for 13,000 to 14,000 K12 > students. Last school year we used Microsoft > Exchange BY GOD, did he really say that? > >with extremely > 1. Postfix with either mysql or LDAP for virtual user delivery. > 2. Courier-imap with a web interface (squirrelmail, sqwebmnail etc.) > (Courier-imap authentication is the tricky bit.) Sounds great! > Since we have been using a SQL database to track user account > information, I thought that mysql would be the best means of dealing > with Postfix. It would be trivial to load mysql with the information > that Postfix needs. My experience with active directory LDAP is not > great. When using active directory as an LDAP server, it seams like > there is always more fiddling than there should be. Would mysql hold up > well in this sort of environment? (load, speed etc.) Hell, postfix/courier wont even need the database to scale to that (but you will for peace of mind and easy of reporting), it aint that big. Properly tunned mysql would work very well, postgress would also do the job very well. Hell, ive a 10K accounts system, it runs all of it on a single host with webmail (yeah, i know i push it too hard), and it doesnt even use the database and its nowhere near saturation. Course, its a qmail based system, not postfix, but there shouldnt be much of a difference. > Courier-imap authentication is the big question in my mind. It > would be great if we could use active directory to do authentication > here. LDAP authentication probably won't work correctly. There is no > compatible password available and LDAP bind authentication is > problematic. Microsoft lets you do an LDAP bind even if your account is > locked, your password has expired etc. Would Kerberos be a reasonable > solution? I have no direct experience with Kerberos. Im not shure ms kerberos plays nice with other's kerberos. > Would it be possible to authenticate the user by having the courier authentication > daemon request a Kerberos ticket? It is my understanding that the imap > server would not be granted a ticket if the client credentials were not > authentic. It would also be possible to set up RADIUS authentication. > Would RADIUS be a better solution? USE THE PAM. I mean it, use pam, youll be able to even do NT domain based autentication (albeit with some tweaking and lots and lots of stress testing). Id go with SQL authentication+pam, or even courier mysql standard authentication, then dump from the activedir from time to time. You can also use pam and kerberos i think, so you dont need courier to do kerberos itself. > The only remaining issue is a policy related one. Students and > or parents have to sign an Internet acceptable use policy for a student > to get access to the Internet. (The person that has to sign depends on > the age/grade level of the student.) If they have a signed form, we > enter this in the SQL database along with their other account info. > Currently, we provide email accounts to all students. If they don't > have a singed form, they can only send email internally. Can postfix be > configured to allow virtual users access to specific domains based on > the user? Um... not shure cool idea though. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Process -:0
apt-get install chkrootkit chkrootkit It looks awfully like a punk emoticon to me. El jue, 14-08-2003 a las 11:52, [EMAIL PROTECTED] escribió: > Hi, > > I was just doing some debugging on another problem and did a ps -eaf and > saw the following line that looks very suspicious to me: > > UIDPID PPID C STIME TTY TIME CMD > root 319 315 0 09:55 ? 00:00:00 -:0 > > It came up when I rebooted the system. I've googled for it and > can't see any traces of it in syslog. Anyone have any idea what this > process -:0 is and how to get rid of it if it is evil? > > thanks, > Adam > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Process -:0 (OT)
> Are you perhaps running X? I believe this process is an xdm child, which > manages the primary display (:0). Now thats friendly! that one looks like babe, the brave pigglet. > > HTH, > > - Keegan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Symantec antivirus gateway
Has anyone tried it on woody? Claims to work on redhat Out of the box. I really dont want to mix that in so.any experiences? Lex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Software for WLAN Hotspot
The new buzzword for solutions to the wifi solution provider is VBN or visitor based networking. Dumb boxes that force each user to authenticate, then take appropriate steps in the firewall/proxy...etc. There was a thread about that a couple of months before. Please dont go and buy a cisco box. I think we need a FLOSS VBN box in debian. Im interested in doin it too. El vie, 15-08-2003 a las 10:35, Kay-Michael Voit escribió: > Hi, > I'm considering to build up a public wlan hotspot. I need time-limited > authentification, mainly for identity logging purposes, not for billing. > I thougt about buying tickets (perhaps around 1 EUR/h) with time-limited > username and password on it. > > Where should I put in the authentification? At the proxy? Which software > should I use? afaik I have to open the wlan, do I? How do commercial > solutions work? > > I need only very basic answer, only something to search for. I don't > really know what to begin with > > Thanks in advance, > Kay > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Software for WLAN Hotspot
yes, the solution is plausible this way, but i do think the nocatauth ppl have some road ahead for this problem (perl based wifi authentication gateway). I mean, there are som many ways to do this. For example, the way they are doing it at airports. You go and buy a little card, fire up the wifi card, try and browse to debian.org. They have a redirect to a site in the gateway that asks for your little key. You give the key, then they let you out. Obviously, if the machine hit you, you have its key and ip address which you can autmatically make permanent in the dhcp server. So, for the time of the sesssion you have a positive key-ip pair that identifies a session. Im shure anyone here can think of a 100 ways to do this in a 1000 languages times 4 different webserving/proxy/firewall solutions. No cat auth sort of works this way, except it requieres the users to keep a web window open to not keep the time of the session. I think its a poor approach but its obvious that it wouldnt need to much klinking arround to approach this with crons and a a database. So, my recomendation is, before rolling your own, evaluate nocat. It looks easyer to start there and modify than starting all over again with a less numerous community. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache + PHP4
El vie, 15-08-2003 a las 07:51, [EMAIL PROTECTED] escribió: > Dear, > > I have a problem. > I have instaled apache and php4 with apt-get, but when i don't comment the line: > LoadModule php4_module /usr/lib/apache/1.3/mod_php4.so > apache don't start. > Help-me Help me help you. Whats the error log say when you start it up? /var/log/apache/error.log > > Rafael Domingues Pires > Ourinhos - Brasil > > > > --- > webmail.farolbr.com > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
It all depends qmail has a very non standard way of being managed. Its almost meta-unix. That said, its VERY flexible, extremely powerfull, once you get a hang of it INCREDEBLY EASY to manage. And it has no paralell in security (AGES and AGES better than sendmail) Sadly, its non free. You cannot distribute binaries of it, you can not distribute it modified (have to distribute the patches separately). Even if debian has very good packages for it, the license defeats the good system in debian so you still have to go through some extra work to get it to work. Anything you want to do to it in terms of features is patch and recompile. Anyhow, qmail is what i use for the big things, postfix for the small things, sendmail is an urban legend. I HATE it. El jue, 04-09-2003 a las 00:43, Rudi Starcevic escribió: > Hi, > > Sorry to bother you all with this repeat question. > I've have searched around and seen plenty of opinions but I'd like to > ask again and get the latest from this list. > > Sendmail or Qmail ? That is my question. > > Currently we use Sendmail. It's worked fine, well actually problem free > so better than fine - I've got the Sendmail book and all. > However we will be setting up some new email servers soon and I'm > considering Qmail. > > As I hold this list in high regard I'll base my final decision on the > feedback I get from this list. > > At this stage I'm leaning towards sticking with Sendmail but something > inside wants to know more about Qmail. > > If you *had* to pick one of these two which would it be ? > > Many thanks > Best regards > Rudi. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
El jue, 04-09-2003 a las 01:47, Jamie Baddeley escribió: > so how does exim compare in all of this? > It doesnt at all Not to ellaborate, but the subject says it all...even then. I hate exim too. > jamie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
El jue, 04-09-2003 a las 07:58, Eric Sproul escribió: > We chose OpenLDAP. At the time (1999), Qmail > did not have LDAP support (correct me if I'm wrong). Sendmail did. > Even if Qmail did have LDAP support then, Sendmail's source was *much* > easier to dig through for the performance tuning we did. It does support LDAP now, and yes. You are right about the disk-io tradeoff. But, where reliability and lossless environments are needed, the way qmail does things ensure you NEVER loose mail, even if its all over a SAN or NFS setup. This is because it will return OK delivered or OK queued until it confirms it has been written. Its like postgresql. You can have it allways fsync (all writes, deletes inserts trigger a commit before they return OK), and it will slow down, need big iron. Or you can turn fsync off and live with the posibility of you loosing some data in a power outage. Mail is almost never a MUST HAVE thing though, i think for most its valid to just live with the posibility of loosing an email in the queue, or to have it half written to it. Not for me though, i like the secure,reliable thing and i did get some good big iron (two dell 2650 in a drbd cluster+heartbeat, 2 gigs ram). Also, i like the way qmail is done to be managable. Even then, i am trying to move to postfix as fast as i can. Not because of religion (i am religious too though, just really a sinner), but because it has a healthy community, its very very well supported in debian, it has very little of sendmail nonsense (i was reading the 7th edition unix redbook...damn, even back then, people already hated it), and its GPL (-a nice cherry on top that is, master yoda said.). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Help] Find server hardware stress/benchmark tools on linux box
Im shure russel coker is arround He made the coolest stress benchamrks arround. All Free baby! Try: Bonnie++For testing your disks/storage (you can BM a samba share if you want for example) slapper For testing your ldap postal To kill your smtp There are more. Intel has also an io/something stuff that is supposed to work. If you ask me its pretty sucky, id go with bonnie++ every time. Now, benchmark is more in the technique and the statistic accuracy than in the software itself. Make shure you use a good test farm, for example grab a couple/three of old boxes that SHOULD have the combined power to stress your servers. This is important, the bigger your test farm, the better the stress. Also, sincronize it all by ntp so that you get accurate logs everywhere and can cross search and analyze all the data. If at first your servers just humm nicely, your test farm is not big enough. Get enough to make those servers cry. El mar, 16-09-2003 a las 12:03, axacheng escribió: > Hello List : > > We're 2 intel base testing servers need to stress/benchmark for hardware stability > and reliability > > those are testing servers runing Debian woody... > > Anyone has any good advice? > > > > > -- > Trust & Unique ... > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Hosting
If your clients get domains, buy service by domain, dont care about it at all, go for it. You can chroot ftp/dav..etc, then they wont even know it. El mar, 16-09-2003 a las 13:34, Rod Rodolico escribió: > Long time ago, I ran a dozen domains or so off one IP. Then, did a colo with a lot > of IP's and > have each domain running on its own. > > Now I have a chance to decrease my colo costs significantly, but only 8 IP's come > with the > service (I can get more, but it gets more expensive). > > I can not think of any drawbacks to doing it. I only offer web, ftp and mail service > (apache, > proftp and exim). The only thing I can think of is that reverse dns will not work > correctly, > but I see no reason that should impact these services. > > Any thoughts? > > Rod > > -- > BRITANNUS(shocked): Caesar, this is not proper. > THEODOTUS(outraged): How? > CAESAR (recovering his self-possession): Pardon him, Theodotus: he is a barbarian, > and thinks > that the customs of his tribe and island are the laws of nature. > Caesar and Cleopatra, Act II > --George Bernard Shaw > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Of SANS and IOS
Anyone knows What The FARKS is that IOs unit the HP SAN folk keep talking about? Like in, yeah, this thing can take 2000 IOS per second. How many bytes is an IOs supposed to be? An IO==Device blocksize or WTF? It seems like most that have bought a SAN knows how many IOs it is worth, but noone knows what an IOs is (yeah, Input Output Operation) I know how many Gbps i need, not how many IOs, how do i go from one to the other? My guess is that its the blocksize of the fs that i plan to use. If so, ican divide my X Gbps between 8 to get GBps, then between 4000 to get the blocks per seconds i needwould that map into IOS? Treacherous salesmen everywhere! Lex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Of SANS and IOS
Answer to self, now anyone that reads the list will know! According to this excelent (introductory) site: http://www.imperialtech.com/technology_whitepapers_Good_Performance.htm IOPs is a messure of the IO requests per second a device will give you. In the FC-SAN context, this IOps are actually blocks read/writen (makes sense, thats what i thought) to the device. Another interesting part in the site, mentions how overall performance is seldom a function only of the storage device, but clearly depends on the application. This means, for example, that if you make an Email delivery farm, the IOPS youll need will depend on the performance capabilility of your farm (the application being in this case an SMTP server cluster), which has obvious limitations (such as possible incomming bandwidth on the said cluster, the blocksize and innards of your filesystem) among certain statistically aquired or estimated variables (average email size comes to mind). So, basically, estimate the blocks per second your applications will require, and that will be your IOPS requirement. For example, one can take the Email farm as an example, you will need an imap server as well, thats a whole lot of read operations. Take you email size estimate, your number of received mails, estimate your number of peak concurrent users and add that to the IOPS you got for the SMTP. Thats your IOPS requirement combined. Makes senseanyone sees an inconsitency here? please correct me! here is another page: http://www.netapp.com/tech_library/3239.html This one is like a sales bid, but it has interesting points... like, dont trust vendors that dont publish the blocksize that they used to messure IOPS performance same goes for the throughput value I hope more ppl contribute to this email, its a subdocumented topic in the OSS world (you wont find it -YET- in the LDP) El vie, 19-09-2003 a las 17:08, Alex Borges escribió: > Anyone knows What The FARKS is that IOs unit the HP SAN folk keep > talking about? Like in, yeah, this thing can take 2000 IOS per second. > How many bytes is an IOs supposed to be? An IO==Device blocksize or WTF? > > > It seems like most that have bought a SAN knows how many IOs it is > worth, but noone knows what an IOs is (yeah, Input Output Operation) > > I know how many Gbps i need, not how many IOs, how do i go from one to > the other? > > My guess is that its the blocksize of the fs that i plan to use. If so, > ican divide my X Gbps between 8 to get GBps, then between 4000 to get > the blocks per seconds i needwould that map into IOS? > > Treacherous salesmen everywhere! > > > Lex > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFC2228-only FTP ?
> But most of these people have commercial Windoze FTP clients > that support some flavor of RFC2228 FTP security extensions. > Of course, they are "not technical" and do not know which > extensions they can use. All they know is someone sold them > a "secure FTP program" and they can't understand why I want them > to dump it and use the known-to-be-broken WinSCP instead. Whats broken in winscp? Its working fine for about 400 clients here -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sugesstions building a rather big mail system.
Im building one for about 120,000 little university brats and their teachers Ive already designed it and decided exactly that way... postfix, ldap, courier, san, apache, squirrelmail. BUT, we decided to split by "breed". For example, we will use two Dual-P4Xeon 2Gb for the IMAP/POP, same for the SMTP (same kind of server, but another two servers). Then, the apache (which i am most afraid about) are the ones that spell trouble BIGTIME. This is because php/sm will prove to be the most resource intensive application in the farm (SMTP is simple, IMAP is simple). So we give it three of the same boxen and its own dual pair of LVS. THen, the backend, this will be two failover enabled boxes with postgres and openldap. They will be quad xeon 6GB ram. All of that, goes to the SAN. The local storage in each server should respond mostly to services cache necesities (a php cache for the apaches perhaps). Let me know what you guys think this whole farm is about twelve servers, 4 LVS (a pair for IMAP and SMTP and its own pair for apache), 2 IMAP/POP, 2 SMTP, 3 APACHE, 2 (bigger) Backend -> SQL/LDAP and the SAN. El lun, 06-10-2003 a las 09:51, Theodore Knab escribió: > How many servers do you have running this ? > > >I have been approached about building a rather big mail system handling > >500. existing accounts (running today on a windows based product (ick)) > >with a growth about 50.000 new accounts per year. > >The services needed is: smtp, pop3, imap4. > > >I have used LVS for about 3y with good results for 30.000 accounts. > >But this is certainly a bigger project. Should I go for alteon or any other > >closed product or stick with LVS? > > >Is there anyone on the list running such a system or have some comments about > >building such a system? (I do prefer to use OS/FS Software) > > Sounds like you have a fun project. > > I re-did a campus mail-system a few years ago here, and I > still manage it. It is much smaller [and under powered] with only > 3000+ users, but I have learned a lot running an Open Source mail system > based on: > Postfix [with LDAP] MTA > Courier [with LDAP] IMAP > OpenLDAP [ mail routing and accounts] > Squirrel Mail [ Web-mail] > > In running my own open source mail system for a 1.5+ years, > I would probably do a few things differently if > I had the opportunity to setup one again. More specifically, I would > probably use the SUN one product rather than Open Source. Although I do > not know anything about SUN one [or IPlanet], it appears from this side > of the fence to have simpler administrative tools and it has training. > With open source you [alone] are the subject matter expert unless you > find someone that is interested in learning and someone that you can > trust. > > Since you are familiar with LVS, you should have no problem setting 2 > [redundant] LVS systems up. You could balance the load between 10-20 > IMAP servers. > > You might also be able to use the same 2 LVS systems to balance your > load between the Web-mail servers. > > > >[Firewall] >| >| >| > [LVS1][LVS2] > | | > [Fiber Only Switch] > | > Estimated Minimums needed for 500,000+ Email Users > -- > 10 IMAP servers [Courier IMAP 1 [Dual Xeon 1GHz] server /200 active users] > w/ XFS filesystem and Debian Stable > > 20 Webmail Servers [Squirrel-mail 1 [Dual Xeon 1Ghz] server /100 active users] > w/ XFS filesystem and Debian Stable > > 2 Databases Servers for authentication either [Mysql or OpenLDAP] > w/ XFS filesystem and Debian Stable > > 2-4 MX Gateways running either Exim or Postfix MTA and SPAMD with > w/ XFS filesystem and Debian Stable > Amivisd > 2 [Fiber Channel] SAN Volumes for [MAIL storage] redundancy. > > > -- > -- > Ted Knab > Chester, MD 21619 > > -- > 940216d6021602a41607166696c656c202778696368602d65616e637 > 02940226c696e646c69702c6f667560256675627478696e67602a416 > 0716e6563756e2a0 > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: turn a firewall into a wireless access point?
Well yeah, u just plug in your wi card, make shure its linux compatible and there are packages (apt-cache search them) that will help u in configuring the card to behave as an access point. vie, 07-11-2003 a las 07:16, Dale E Martin escribió: > I was curious if there was software to turn my firewall into a wireless > access point? I've got a shorewall setup that has "net", "loc", and "dmz" > zones. My plan was to make a "dmzw" zone for the wireless. I've got an > Orinoco card + an ISA/PCMCIA adapter that I plan on using for the wireless > connectivity. > > I'm looking for ways to assign the "ESID", manage ACLs, WEP, etc, like you > would on a standalone access point. I realize even with these protections > that the wireless setup will be easy to compromise - that's why I'm > planning on making it part of a dmz. > > Anyways, thanks for any pointers. > > Take care, > Dale > -- > Dale E. Martin, Clifton Labs, Inc. > Senior Computer Engineer > [EMAIL PROTECTED] > http://www.cliftonlabs.com > pgp key available > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
An insight of email traffic in universities
Okay, here is a cool question about neat things like ye olde email farm in your uni. If u guys work at a university, it would be fun to know how many email boxes you have and how much email traffic do you get. This variables would be helpfull: a) Number of email I/O (bulk total, how many in, how many out) b) How many users u have Its a neat thing to know when youre starting to set one up yourself. For example, Uwash does 120k users 800k emails a day. I want to make a spreadsheet model to calculate the ammount of bandwidth and IOPS demanded by a maildir smtp farm depending on how many users there are, how many emails do they receive in a particular ammount of time, assuming that they are click crazy and check their email exactly at the time it arrives...etc. It will take into account that you have an IMAP farm for checking the emails and will also attempt to calculate the bw generated by click crazy monkeys. Ive just started making it but im worried that i will assume stupid things, so i wanna gather some more real data to see if its all fitting in. For example, i assume that all users have a workstation and are checking their email at the very same period where most of the email is arriving (thats what i call a worst case scenario). I know this will not make for a trustable model because of the complexity of usage prediction (can one really predict the next outlook worm?mhm... yes, come to think of it, it has a probability that approaches 1 as time passes...:-) that kind of thing. But i think it can provide some with insight modeling this kind of things. The fun part will be when i build a test farm just to see how crazy am i (or not?). So if anyone can/will spare some time to share this data and/or is interested in this kind of modeling (or know of a way that is -The Right Way- (TM)) take pity and post it to the list! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: An insight of email traffic in universities
Sorry michael, i also sent this to you. It was a mistake, do not hit me. I am smaller and wear glasses El mié, 12-11-2003 a las 19:03, Michael Loftis escribió: > well i can share summarized stats if you want, we're a small/midsize ISP > though so we have heavier mail usage than a uni...I can say that for about > 6k mailboxes we deliver about half a million to a million messages/day. > Wow, thats a whole lot. I get, from another ISP, about 40k messages for the same 6k users. Lets have a look at the messages per user per day, u just divide 750,000/6000 thats um... kill the zeroes ... 116.6 messages per user per day. Damn. A lot. I get about that too, but im in like 3 high traffic mailing lists+all the spam known to man. Well, uwash claims to IO smtp at about 7 messages per user per day... and i have a consistent ratio in two other deployments one corporate, one ISP. This is after shaving spam hits i guess Anyone else knows what their messages per user per day is on a monthly average? Now, before and after shaving some spam? > --On Wednesday, November 12, 2003 16:51 -0600 Alex Borges <[EMAIL PROTECTED]> > wrote: > > > Okay, here is a cool question about neat things like ye olde email farm > > in your uni. > > > > If u guys work at a university, it would be fun to know how many email > > boxes you have and how much email traffic do you get. This variables > > would be helpfull: > > > > a) Number of email I/O (bulk total, how many in, how many out) > > b) How many users u have > > > > Its a neat thing to know when youre starting to set one up yourself. For > > example, Uwash does 120k users 800k emails a day. > > > > I want to make a spreadsheet model to calculate the ammount of bandwidth > > and IOPS demanded by a maildir smtp farm depending on how many users > > there are, how many emails do they receive in a particular ammount of > > time, assuming that they are click crazy and check their email exactly > > at the time it arrives...etc. It will take into account that you have an > > IMAP farm for checking the emails and will also attempt to calculate the > > bw generated by click crazy monkeys. > > > > Ive just started making it but im worried that i will assume stupid > > things, so i wanna gather some more real data to see if its all fitting > > in. For example, i assume that all users have a workstation and are > > checking their email at the very same period where most of the email is > > arriving (thats what i call a worst case scenario). > > > > I know this will not make for a trustable model because of the > > complexity of usage prediction (can one really predict the next outlook > > worm?mhm... yes, come to think of it, it has a probability that > > approaches 1 as time passes...:-) that kind of thing. But i think it > > can provide some with insight modeling this kind of things. The fun part > > will be when i build a test farm just to see how crazy am i (or not?). > > > > So if anyone can/will spare some time to share this data and/or is > > interested in this kind of modeling (or know of a way that is -The Right > > Way- (TM)) take pity and post it to the list! > > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > > -- > Michael Loftis > Modwest Sr. Systems Administrator > Powerful, Affordable Web Hosting > GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: CPU Utiliaztion on a ethernet bridge
Any firewall rules or logging mechanism? El mar, 18-11-2003 a las 15:12, Simon Allard escribió: > I have setup a linux box with a 2.4.19 kernel. I am bridging 2 ethernet > devices together using 3Com PCI 3c982 Dual Port cards. (3c59x). > > What I am seeing is that the module itself uses 30% of CPU to handle just > 10mbit both ways (20mbit total). ~6000ps total. From what I have read on > the bridge homepages I should be able to run this on a 486 as CPU has > nothing to do with it. What am I doing wrong? > > > bridge:~# brctl show > bridge name bridge id STP enabled interfaces > br0 8000.000475c9a6f9 yes eth1 > eth2 > > > bridge:~# lsmod > Module Size Used byNot tainted > limiter13064 0 (unused) > bridge 16748 1 > 3c59x 25512 2 > sis900 12388 1 > > > > bridge:~# cat /etc/modules > # /etc/modules: kernel modules to load at boot time. > # > # This file should contain the names of kernel modules that are > # to be loaded at boot time, one per line. Comments begin with > # a #, and everything on the line after them are ignored. > sis900 > 3c59x options=4,4,4,4 full_duplex=1,1,1,1 max_interrupt_work=1 > bridge > limiter > > > in /etc/network/interfaces > auto eth1 > iface eth1 inet loopback > > auto eth2 > iface eth2 inet loopback > > # Bridge Interface for eth1 + eth2 > auto br0 > iface br0 inet loopback > pre-up brctl addbr br0 > up brctl addif br0 eth1 > up brctl addif br0 eth2 > up brctl stp br0 on > down brctl delif br0 eth1 > down brctl delif br0 eth2 > post-down brctl delbr br0 > > > > > > Does anyone have any ideas off the top of your head what could be > causing this or be able to point me in the right direction for some > documentation relating to this problem. > > > > > > Simon Allard (Senior Tool Monkey) > IHUG > Ph (09) 358-5067 Email: [EMAIL PROTECTED] > > I'm out of my mind right now, but feel free to leave a message. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get bcm5700-module-2.4.18
On Thu, 2003-11-20 at 08:38, Dan MacNeil wrote: > Two questions: > > 1) Has anyone done a: > > apt-get install bcm5700-module-2.4.18 > Well, its a source module, so you will have to compile it for your running kernel. Other than that, ive a year and a half worth of uptime out of it on a woody install (gigabit and all) and it works well. This module is part of the standard woody release, no funny sources required as far as i know. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get bcm5700-module-2.4.18
> Allthough its things like this that break ones automatically > kernelbuildingsystem for +25 debianservers :( I use to have script > that did build an *.deb package based on config in .config but now i > need to come up with something clever that compile the source against > the running kernel... and im not really a kernel guy other that i know > howto configure and compile and install a kernel? > Well. It being a debian module, if all kernels are homogeneous, you just need to build one deb among with your kernel and out it goes with it. Like make-kpkg modules_image will make your deb for the same revission of the kernel you are executing the command from. If youre in /usr/src/kernel-source-2.4.18 it will build for that, be elsewere and it will be for that other kernel. I think kernel-package can solve most problems of that kind of environment. Remember you can make it stamp revisions and all, and the built modules will be stamped as well. THink about ti. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Tue, 2003-12-02 at 09:46, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. Please explore the list for a three month very fun discussion about it (i still remember it). > > thanks > David > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Software for a NIC (Network Information Center)
> > I think, the full Hardware/Software can not exceed 150k US$, > > better less. (the cost does not inlude the Online-UPS) > I think the largest cost wont be in actual software infrastructure but in value added infrastructure. Do you want people to buy the domains online, that will cost. Do you want them to be able to receive e-invoices according to some standards or do you want it to integrate to an invoicing system that works for your country, that will cost. The bandwith, that will cost. Offsite Backups, backup system, redundant storage...that may cost...if you really really need it. But not more than an extra 50k for a small redundant NAS. Do you want to run a toplevel domain? Hey, that goes for well less than 20k dollars easy with a couple of redundant servers. It will do for hundreds of thousends (probably millions) of domains. With redundant power supplies and a redundant active/passive pair setup (two servers for the primary, two for the secondary). > Since it is a Debian list, I will mention only free software, of > course. > Naturally! I say, pocket the rest of the 150k and send some this way! LEX Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
El mar, 16-12-2003 a las 12:39, Jason Lim escribió: > Just noticed one more thing... it appears to be Apache causing the super > high load (among other programs running) when SMP is compiled into the > kernel, and with a bunch of errors in syslog: > > [Wed Dec 17 02:27:37 2003] [notice] child pid xx exit signal > Segmentation fault (11) > > (and a whole bunch of these errors, like 50 lines) > > I did a search and someone said it has to do with Apache requesting memory > that it doesn't own or something: > http://lists.debian.org/debian-apache/2002/debian-apache-200207/msg5.html > Mhm... i dont want to be hasty, but it seems im looking at exactly this problem for a very memory hungry php application > but that doesn't really help in this case, unless you guys can think of a > different angle on this? > > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, December 16, 2003 11:23 PM > Subject: Intel Hyperthreading problem on server? > > > > Hi All... > > > > Do you guys know anything about a problem with Intel Hyperthreading (eg. > > on the Intel 2.4Ghz HT-enabled processor) that would cause the load > > average to jump to over 200? > > > > Here is the log line: > > > > Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the > > given threshold 200 150 100! > > > > (then it reboots) > > > > This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 > > kernel, and it has the same problem. > > > > When the kernel is compiled WITHOUT SMP support, the kernel works fine, > > and it can have uptimes of months without any problem. But when SMP is > > compiled in, and the HT processor is correctly identified (and top can > see > > CPU0 and CPU1), then it only takes about an hour or two of operation > > before the load average jumps like that. Note that this is with Debian > > woody/stable, and with a clean kernel.org kernel. > > > > Do you guys know anything about this, or have any ideas where I should > > look? Is there something in Woody that isn't friendly with SMP or > perhaps > > HyperThreading processors? > > > > Thanks in advance. > > > > Sincerely, > > Jas > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
Well, its not that the kernel does not detect the ht, it does and quite fine (shows lots of processors in the box and all). The problem is that apache is crashing under high load with a segfault. Now, as i understand it, this can be a faulty hardware problem (bad memory=segfault) or an actual software problem. Im not shure, but im having this problem as well with an HT server and have not been able to rule out the possibility of a faulty hardware thing. Nonetheless, this can also be, for example, an ugly module in woodies php4 which are particluarly edgy (xslt for example) under high load due to them being in beta stage by the time woody froze. El mar, 16-12-2003 a las 20:07, Theodore Knab escribió: > I am using the 2.4.20 kernel with SMP support on a Hyper-threading > Intel. I remember having problems getting it work with SMP support > initially. > > I think the kernel has to be perfect. ;-) > > Do you have high memory support compiled in ? > High memory support above 4GB might cause problems. > > If you do not have more than 2GB of RAM you should make sure that High > memory support is not enabled. > > Also did you enable hyper-threading in BIOS ? > Auto-detect modes might cause problems. > http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0175.html?Open > > My system: > > Linux tedsdesk 2.4.20 #22 SMP Mon Jul 21 14:53:07 EDT 2003 i686 > GNU/Linux > > [EMAIL PROTECTED]:cat /proc/cpuinfo > processor : 0 > vendor_id : GenuineIntel > cpu family : 15 > model : 1 > model name : Intel(R) Pentium(R) 4 CPU 1.50GHz > stepping: 2 > cpu MHz : 1495.172 > cache size : 256 KB > fdiv_bug: no > hlt_bug : no > f00f_bug: no > coma_bug: no > fpu : yes > fpu_exception : yes > cpuid level : 2 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm > bogomips: 2981.88 > > The ht in the flags section tells me hyper threading is being recognized. > > On 16/12/03 23:23 +0800, Jason Lim wrote: > > Hi All... > > > > Do you guys know anything about a problem with Intel Hyper-threading (eg. > > on the Intel 2.4Ghz HT-enabled processor) that would cause the load > > average to jump to over 200? > > > > Here is the log line: > > > > Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the > > given threshold 200 150 100! > > > > (then it reboots) > > > > This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 > > kernel, and it has the same problem. > > > > When the kernel is compiled WITHOUT SMP support, the kernel works fine, > > and it can have uptimes of months without any problem. But when SMP is > > compiled in, and the HT processor is correctly identified (and top can see > > CPU0 and CPU1), then it only takes about an hour or two of operation > > before the load average jumps like that. Note that this is with Debian > > woody/stable, and with a clean kernel.org kernel. > > > > Do you guys know anything about this, or have any ideas where I should > > look? Is there something in Woody that isn't friendly with SMP or perhaps > > Hyper-Threading processors? > > > > Thanks in advance. > > > > Sincerely, > > Jas > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- > -- > Ted Knab > Chester, MD 21619 > -- > 35570707f6274702478656021626f6c6964796f6e602f66602478656 > 02e6164796f6e60237471647560216e6460276c6f62616c60257e696 > 4797e2a0 > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
> Except in my case, this error ONLY appears if SMP support is compiled into > the kernel, otherwise, it runs smooth with very high load. Apache doesn't > immediately have the problem with SMP compiled in tho... it takes maybe an > hour or two before the problem appears. > That is consistent with what im seeing. Same debian woody apache+php version on a single procesor box, no problem. Take that to HT dual pIV, and apache crashes from segv -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
> I do not appear to be having the same problem you guys are. The machine > does not have a high load, but has not exhibited any problems > whatsoever. Running vanilla source 2.4.23 from kernel.org. > > Are you using Debian kernel packages or vanilla source? Any other magic > going on? Possibly a bug in some other DSO you're using? Yeah, this may make sense. i do use some pretty heavy php modules (xslt and dom), but the reference deployment in non-smp does the exact same thing and does not crash. Do you use high memory support? It may be all mixed up to that. > Sorry if I missed some relevant part of the thread. :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Considering Debian (currently using Red Hat)
Boy, are u gonna get answers El mié, 14-01-2004 a las 08:56, Fred Whipple escribió: > Hi Everyone, > > I'd like to get some of your thoughts on a few things relating to the > possibility of our company switching distributions from Red Hat to > Debian. As most folks already know, Red Hat has drastically changed > their strategy, and we ultimately must make *some* relatively drastic > changes no matter what. And, we intend not to switch to RHEL (though > not for financial reasons). This gives us the opportunity, welcome or > not, to consider other distributions. And even other OS's -- we're > frankly not closed to the idea of ultimately switching platforms > entirely to BSD or Solaris. So with this in mind, > > 1.) One of the biggest reasons we went with Red Hat many years ago was > RPM. Of course I know that Debian has a package system, and there're > constant arguments about which is better, if either. What I wonder, > though, is how they compare for the purposes of security checking. On a > Red Hat system, practically any file or directory outside of /home can > be found within the RPM database. We can check each and every file, its > MD5 hash, etc. It's like having a built-in Tripwire installation so > long as you trust the RPM database. We've modified the RPM installation > such that we can trust it more than we trust Tripwire. Do Debian > packages have similar security built-in? Yes although it wouldnt be safe to say ALL files in every package as some of the files (as config files) are generated from pre or postinstall proceses and thus are likely to say. Anyhow. Debian comes with a debsums command that takes the deb database and does an md5 comparission of everything. Its quite effective. Ive used aide, tiger and integrit as local IDS systems and they do their job quite well. Ive never fiddled with tripwire though. Those will do the debsums check for you plus, depending on package, will conduct other similar testing procedures to detect filesystem changes. > 2.) A related reason we used Red Hat was that practically anything you > could want to use was pre-packaged in a simple to install RPM. And they > were typically pretty high quality RPM's, and very often well > maintained. Do admins typically find that they're able to find Debian > packages for most software they're typically interested in using? I > realise this varries greatly between markets, but I guess what I'm > asking is do you usually find 70% of the packages you're interested in > in Debian package format, and well maintained? 80%? Just a general idea. > Well. Its a tradeoff there. Third party (non distro) software is almost allways distributed in rpm's. This makes it much easyer for admins to integrate that packages into your stuff. Debian is another taco there, we have an authoritative source of packages (the debian project) and most packages youll ever need are there. Third party debian packaged software is generally complex to safely integrate into debian because non-stable debian moves a lot (thus many prefer the testing and unstable distribution, depending on usage) so most projects find it a PITA to manage debs as third party. On the other hand, debian makes it very easy for you to take a tarball and turn it into a safely installable (for whatever debian version you use) packacge through the dpkg-buildpackage command. If the third party package is GNU-style compatible (has a configure, make, make install style of distribution), dpkg-buildpackage will build you your deb and you can then install it with the equivalent of the redhat rpm command for debian, called dpkg. Finally, debian supports you tracking packages from different versions of it. Say, you want a stable (read OLD) setup for all email related services, but you need a younger version of apache. You can quite troublessly install the apache for debian/testing (which is younger) into your debian/stable setup, and it will only install whatever testing versions of the apache dependencies you need, thus leaving your email services safely in their old versions (unless they depend on the same libraries as the younger apache). > 3.) I read quite a bit of the Web site, and see that in general, > releases seem to be very far and few between. This is advantageous to > ISP's, of course, because we want things to just "work". Is my > perception correct in that releases are far apart? When is the next > release expected? How significant is the difference from, say, 3.0 and Yes. Very very far appart. Between stable releases what differs is just package versions, installation software upgrades and a whole lot of new packages. Naturally, they also change in administration software (see all the debian update-* commands, which make it easy to manage a lot of things) > 3.1. Can you just install a bunch of packages and call it an upgrade, > or do you have to go through a whole ordeal as you do between Red Hat .X > versions
Re: Services in a ISP
jabber.org Has clients in EVERYTHING and an opensource server. Its very well tested. El jue, 08-01-2004 a las 06:37, Ghe Rivero escribió: > Hi people! > I need to provided some basic services for an ISP. I have almost > everything resolved except a chat services. The server is running but i > cann find any software to access it via web. Anybody knows something? > Thx in advanced > > Ghe Rivero > > PD.- Apart of this, do you know any software for a search engine (for > the web) and to create the web map? Thx again -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
There is a very young thread about this in the list archives...look in there, then come with more speciffic doubts...:) El lun, 19-01-2004 a las 13:58, Vahric MUHTARYAN escribió: > Hi Everybody , > > > I will be new user of Debian. For quick tour I want to learn and I > want to get your advise about Comparing other OS with Debian . > > Do you have any link about some test with Debian and athor OS, > Please share you exprience with me .. > > > Thanks > Vahric MUHTARYAN > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: FreeBSD/ Redhat / Debian
Browse through the bug pages, bugs.debian.org and related pages linked to from the debian.org site The debian quality control process is thoroughly documented, absolutly open and streneusly enforced. You will find why this is the best of breed platform for standards compliant, secure internet services deployment. El lun, 19-01-2004 a las 17:50, Vahric MUHTARYAN escribió: > Thanks, Where can I find last bugfixes or history of bugfix of Debian . > Maybe you know FreeBSD is more clearly history then other OSs. > > I consider some things too, Does Debian end can be like Redhat and Suse , > because after redhat , debian is really most used OS ?! > > > Vahric > > -Original Message- > From: George Georgalis [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 20, 2004 1:32 AM > To: [EMAIL PROTECTED] > Subject: Re: FreeBSD/ Redhat / Debian > > On Mon, Jan 19, 2004 at 06:00:55PM -0500, George Georgalis wrote: > >On Mon, Jan 19, 2004 at 09:58:48PM +0200, Vahric MUHTARYAN wrote: > >>Hi Everybody , > >> > >> > >>I will be new user of Debian. For quick tour I want to learn and I > >>want to get your advise about Comparing other OS with Debian . > >> > >>Do you have any link about some test with Debian and athor OS, > >>Please share you exprience with me .. > > > > > >I've not had time to look closely at this, but I've heard it's a > >fair linux/bsd comparison > > > >http://www.over-yonder.net/~fullermd/rants/bsd4linux/ > > > >let me know if anyone sees an inaccuracy! > > okay just took a closer look, it's bsd biased. but > if you want to know why BSD lovers love BSD you have > some good arguments, just remember, there is more > to Linux than in this article. Every OS/distro has > idiosyncrasies, weigh the benefits and choose the > idiosyncrasies you want to deal with. The author > obviously hasn't chosen Linux idiosyncrasies. > > BTW - re RedHat vs Debian. RH is slanted more toward > GUI administration/philosophy while Debian allows you > a finer control but more controls are pushed to the > command line. Debian is easier/better for me but RH is > more popular in some industries, for example. > > > // George > > -- > George Georgalis, Admin/Architect cell: 646-331-2027< > Linux Infrastructure, Security mailto:[EMAIL PROTECTED] > Services, Multimedia and Metrics. http://www.galis.org/george > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
OT - [Fwd: Lineox Enterprise Linux Support Partner Program]
Okay, im sorry to post this here. I dont know why a linux distro is sending me spam. I wonder if any of you guys also got this. I dont think its acceptable for a linux distro to fall down to this level and so, i am posting this here in order for them to find out what the linux community thinks of spammers, spammer buyers and spammer supporters (and just exactly what we think is spam). The reason im saying this is spam is that the return address is invalid. Im guessing anyone in the Linux Consultant HowTo got this but maybe it was also harvested from this list. Sorry again, dont hesitate to tell me im an idiot if this is far-fetched and of no interest to this list. --- Begin Message --- Lineox Enterprise Linux Support Partner Program === Lineox Enterprise Linux is sold without bundled support. This creates a business opportunity for companies and consultants who can offer support for Lineox Enterprise Linux. Lineox believes that free market will provide the best support network for our products. There already exists a kind of market place for Linux support, but Lineox wishes to improve it. Linux Consultants Guide already provides a directory of Linux consultants, so there is no need for Lineox to duplicate that effort. Lineox can however provide information on how active a particular consultant is by following Lineox products sales figures. Lineox can also create a list of consultants who support Lineox products and what kind of support they provide. How to join the Lineox Enterprise Linux Support Partner Program === First you should add your information to the Linux Consultants Guide if you haven't done that already and then send us email. You should mention if you would like to become a Lineox reseller, what kind of support you can offer to our products, and how we could develop our Support Partner Program. We will then provide on our web site a link to your Linux Consultants Guide entry and work out a structure how to best categorize and present support providers. We will develop our Support Partner Program based on response we receive, so it is important that you provide input. We believe that at this stage we should not bind our Support Partner Program to any strict format, but build it to satisfy the needs of our partners. Why become Lineox reseller = Selling products might not be your main business, but if you need Lineox Enterprise Linux 3.0 disks, you can buy them at cheaper dealer prices, if you order at least 5 disks at a time. Our reseller program is open to all, but EU based companies must provide intra-EU VAT code, minimum order is 5 disks, and we accept only PayPal payments. Lineox Enterprise Linux 3.0 === Lineox Enterprise Linux 3.0 contains all freely distributable packages from Red Hat Enterprise Linux 3.0 Advanced Server ($1499), Red Hat Cluster Suite ($499), and Red Hat Developer Suite (free as an introductory offer for RHEL subscribers). Lineox Enterprise Linux 3.0 does not contain any support. Lineox is however offering program package updates for free for a limited time and later as a paid subscription. Lineox Enterprise Linux 3.0 is available immediately directly from www.lineox.com and soon also from resellers. The suggested retail price is 17.90 Euro for DVD-ROM and approximately 20 USD/Euro for separately sold printed Lineox Enterprise Linux 3.0 Installation Guide. Further information: www.lineox.com, [EMAIL PROTECTED] Support Partner Program: http://www.lineox.com/SupportPartners.php Reseller page: http://www.lineox.com/4reseller.php --- End Message ---
Re: Debian and SAN support
Im not shure i follow. If youve already got the SAN, why the need of a DFS? I thought it would just export you its volumes and youd see it as scsi devices? El lun, 09-02-2004 a las 14:44, J.J. van Gorkum escribió: > Hi, > > Can sombody point me in the right direction for cluster Filesystem > support (that will work on Debian) to be used in combination with a SAN? > (Compaq MSA1000) > > I have found: > > - luster (clusterFS) the say they have support for Linux 2.4.x but the > systenms segfault on vanilla 2.4.20 kernels... > - gpfs (suspended by IBM due to the (soon) arrival of Storage Tank) > - openGFS (but the project seems dead -- and segv on the DLM module) > > Keep in mind that running a Redhat kernel is NOT an option. > > -- > JJ van Gorkum Knowledge Zone > If UNIX isn't the solution, you've got the wrong problem. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian and SAN support
El lun, 09-02-2004 a las 19:23, Michael Loftis escribió: > Yes but if you have need of sharing a single filesystem, on a single > volume, you need a FS capable of such. Ah yes...well doh... i didnt think of that...thx Ok... You can tell i dont know much about this matters. I just want to learn about it. Would anyone be so kind as to point me to a link where this need may be described? Because... through my limited knowledge, id nfs or samba the damned share out of a server and off we go...:)... I have the feeling that would put a fast end in my career, so any help in my apprenticeship would be appreciated (I am currently STFW for cluster fs and suchmore would be better thanks). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP-TLS
Sorry i cant be of more help. But this is what we do. We have an all windows (all flavors) environment and an all linux data center (print,file,web,collaboration,email,a-spam,a-virii,backups,sql...etc. we like pain...its good for us). After checking out how do we want to share the server with the clients, we settled for ssh (w00t!?) Yeah, winscp is just as annoying as cuteftp, it looks the same, it can do edit-on-server (a fad, of course) and, it doesnt have the funny stuff ftp has. Contra: Its a bitch to chroot a ssh server and keep your admin setup, but its doable. So there i recomend you dump ftp. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How do you deploy a new system ?
This is what i regard as the EASY way: Divide target boxes into hardware 'races' (all exactly-the-same hardware into one race). Install one debian per race. Partimage each race. Sync all boxes of each race with a partimage bootdisk, look into the dhcp logs to see the ip of each box. Script or do one by one, change all hostnames (at this point they are all the same). This is a 20 line script at most if ssh is properly installed in all boxes (just put it with your pubkey in the imaged boxes). El dom, 22-02-2004 a las 19:55, [EMAIL PROTECTED] escribió: > Hi, > > What are you guys using to deploy new systems. In our env we are bringing up one > system every other week. So far, we've been using Red Hat and Kickstart. We simply > save the config on a floppy then boot from the CD and a few minutes later the system > is ready without the endless Yes/No questions. > > BTW, I tried Mondo on the latest stable Woody-3.2 and it didn't seem to work i.e. I > issued the command: > > $ mondoarchive -Oi -d /mnt/NFS/Images -E /mnt > > and it started doing something but then it never returned back (left it running for > 4 hrs) to the prompt and there was no disk activity after the first 10 mins. I > Ctrl-C'd it and never looked into it. > > FAI etc sound too complicated to setup. > > Anaconda port doesn't sound that great since you have to use a special kernel to > make it work...from what I've heard ? > > We are just curious about the setups of other big ISP/University type environments > since we're thinking of doing a swtich from RH to Debian. > > Thank You. > > __ > Introducing the New Netscape Internet Service. > Only $9.95 a month -- Sign up today at http://isp.netscape.com/register > > Netscape. Just the Net You Need. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IMAP automagic replication?
El sáb, 28-02-2004 a las 18:51, Adam ENDRODI escribió: > On Sun, Feb 29, 2004 at 01:00:09AM +0100, Kilian Krause wrote: > > > > I came accross the idea of using CODA for replication of the filesys > > even though the slow network connection, but somewhat i doubt it'll be > > performant over internet. Especially more performant than plain IMAP > > replication. Anybody having numbers on these ones? > > I guess you don't want to sync at the file system level. Coda > won't be an easy battle and is generally agreed not to be > suitable for real-time applications (read: bloody slow). > Moreover, apart from the rumours, wou'd definitely need > to complicate the architect with another layer--some kind > of encrypting tunnel. DRBD ... this is what i use, and it works fine. It is very bandwith sensitive though. > > just my gut feelings, > adam > > -- > Am I a cleric? | 1024D/37B8D989 > Or maybe a sinner? | 954B 998A E5F5 BA2A 3622 > Unbeliever?| 82DD 54C2 843D 37B8 D989 > Renegade? | http://sks.dnsalias.net > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: Sendmail or Qmail ? ..
El vie, 05-03-2004 a las 12:56, Lucius Junevicus escribió: > I saw your post on setting up qmail over drbd. I would love to see > how you did it. > I'd like to create a how-to on setting up a hybrid cluster (open-mosix > and drbd) for qmail. Open Mosix? Isnt that like, autobalanced cluster? Interesting, how does it help a smtp farm as opposed to simple load balancing? > > I'd love to know how you setup your cluster. > > What do your drbd.conf, ha.cf, haresources files look like? > > Which services do you have heartbeat control? (qmail, spamassassin, ?) > > I know your probably very busy, but any help would be greatly > appreciated. This is pretty straighforward. A most mta's Qmail has configurable queue directories and can deliver to maildirs anywhare as well (i use vpopmail as delivery). All you need is to set up your drbd partition as announced in drbd's documentation (engeneer your disks, etc.). Our nodes look like this: Primary DELL 6250 PIV XEON 2.4gh DUal Processor 1GB ram 210GB RAID V SCSI storage Secondary DELL 6250 PIV XEON2.4gh Single processor 1GB ram 210GB RAID V SCSI storage Make a big partition, set up some symlinks to make important directories reside in this partition (i named it data and its mounted on /data): /var/qmail -> /data/var/qmail /home/vpopmail -> /data/home/vpopmail /webhostingpeople -> /data/webhostingpeople /var/lib/mysql -> /data/var/lib/mysql /etc/passwd -> /data/etc/passwd /etc/group -> /data/etc/group etc. HEre is the trick: In the primary server: Install (or mod) everything so that important services boot up without a problem from files in this partition (already using the symlinks and all). Make SHURE you profile every possible path of use that may be related to file access creation, directory creation...etc. In the secondary server: Make a data partition Make shure that data partition is absolutely exactly the same size of the primary. In the primary: In init=1 (make shure all services are OFF) do: tar cf --exclude-from exludedfiles / | ssh -lroot secondary "tar xf /" In the file excludedfiles you should put /dev/ /var/log /var ...etc...anything that doesnt make sense putting in the failback node (/proc, /sys). This will snapshot the primary onto the secondary. Reboot the secondary, all services should be on and working just as in the primary. If that is the case, youre ready to roll. Make the drbd magic you have to on the /data partition and youre home free. > > Lucius -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ...please
What really bakes my cookie here is why do spammers dont get the clue that debian-isp's never ever buy anything from a spammer...or do they? Maybe its all Your Fault! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
I used to have a problem on my server, i passed myself to sarge 1.3.29 with libapache-modssl and never saw the problem again. On Tue, 2004-06-15 at 20:18, Jason Lim wrote: > Dear Gilles , > > I'll try as well... hope we can find a solution. > > I have a few Redhat Linux 9 servers with Hyperthreading CPUs, and no > problem whatsoever. I think they run Apache 2, so maybe that is the > solution... but surely there must be people running Apache 1.x without any > problem and hyperthreading?! > > Jas > > - Original Message - > From: "gilles.hanotel" <[EMAIL PROTECTED]> > To: "Jason Lim" <[EMAIL PROTECTED]> > Sent: Wednesday, 16 June, 2004 6:49 AM > Subject: Re: Intel Hyperthreading problem on server? > > > > Hi Jason, > > > > > Unfortunately, I never did. The solution was to disable Hyperthreading > > > altogether unfortunately. > > > > > > Perhaps others have had more luck? > > > > Google don't think so :( > > > > I have two servers with the same hardware. One with hyperthreading > enable > > and one without. As soon as there is a little load the one with > > hyperthreading shows a lot of blocked process.. > > > > Perhaps there is an smp race condition with apache. > > > > I have a notebook with hyperthreading and i use it as a workstation > whithout > > any problem for months now... > > > > Still searching, if i find something I'll tell you ;-) > > > > Thanks > > > > -- > > Gilles HANOTEL > > > > > signature.asc Description: This is a digitally signed message part
Re: WINNING NOTIFICATION
Whats realy baking my noodle is, how the hell did this email got to us. I mean. If she/he has a friend at debian-isp then they shouldve known better. I just cant think of a chain of events... or maybe this is the infamous "grandma" of a BOFH and suffered this unfortunate fraud because she didnt consult with the geekiest of her children. On Sat, 2004-06-19 at 01:52, Russell Coker wrote: > On Sat, 19 Jun 2004 02:30, [EMAIL PROTECTED] wrote: > > You have lied as far as my winnings I have given what I was supposed to and > > that information is crucial to my identity..I was sent an email that I won > > at my other email address that NOONE knew..I didnt believe it was a hoax.. > > I believed it so much that I have given my bank account my ,drivers > > licence, and other crucial information.I even called the NL to speak with > > It was all a hoax, any money you have spent has been lost and will never be > recovered. > > Any information that you gave (such as bank account numbers) should be > changed. You mention that they called you, it would probably be best if you > change your phone number so that they can't call you again. > > You appear to be in the US, so contacting the FBI is the best thing for you to > do. But as more than a million other USians have been fooled in the same way > as you it's unlikely that the FBI will be able to spend much time on your > case. > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page > signature.asc Description: This is a digitally signed message part
Re: Advice for an IP accounting program
martin f krafft wrote: also sprach Francesco P. Lovergine <[EMAIL PROTECTED]> [2004.10.15.1702 +0200]: The main purpose is identify periodically boxes on an internal private network which cause very high traffic, due to worms, virus and so. A per-IP simple report a la mrtg could be nice. apt-cache search ip accounting The best ive seen was not in debian when i chacked. Its an ipacc but patched to lazyly report to a mysql database. This way the measurement doesnt take a lot of resources in a really demanding environment (after truly 10MBit mixed bandwidth, the measurment problem becomes really complex) search for ipaccounting mysql in google. begin:vcard fn:Alejandro Borges n:Borges;Alejandro email;internet:[EMAIL PROTECTED] url:http://www.stepone.com.mx version:2.1 end:vcard
Re: Advice for an IP accounting program
martin f krafft wrote: also sprach Alex Borges <[EMAIL PROTECTED]> [2004.10.15.1742 +0200]: The best ive seen was not in debian when i chacked. Its an ipacc but patched to lazyly report to a mysql database. This way the measurement doesnt take a lot of resources in a really demanding environment Yeah, except for the resources eaten by MySQL, which has no place in a "really demanding environment", IMHO. Not wanting to start a religious war... it is my opinion when I suggest to use a proper database server instead. Agreed. In my medium sized environment this scaled well, but if we are talking really post 10mbit very mixed traffic and complex stats, mysql aint gonna cut it. Still, if youre in charge of such a thing, it should be no problem for you to hack ipac-ng to work with postgres, or use iptables log+syslog-ng to relay to a log server and analyze it there (although im not shure this would be an ideal solution... id go for the lazy db). begin:vcard fn:Alejandro Borges n:Borges;Alejandro email;internet:[EMAIL PROTECTED] url:http://www.stepone.com.mx version:2.1 end:vcard
Re: LDAP Expert's help please
1) Relax. Youre in the right place. 2) Worry. You need to learn ldap fast 3) Use GQ (ldap browser) to get an idea of whats in there 4) Get a safari account and get yourself a couple of good ldap books. 5) Read the most relevant chapters for an intro to htf (how the fuck) does this ldap stuff works 5.bis) Many of the apps that are being ldap authentified may support ldap directly (can be a lame setup unless you know what youre doing), or really everyone is authenting against PAM, and then thats against LDAP (better setup in many medium to small cases) which is plain POSIX over ldap which point 5 will clear up best. I do hope youre in this later scenario. 6) Be shure to have medical inssurance. Throwing you to the lions like this can cause permanent health damage due to stress. :) If everything fails. Send an RFP here. Many will gleefully charge some money and fix your stuff straight up. On Tue, 2004-11-23 at 10:49 -0700, Omar wrote: > Hi all, > I need help with LDAP. I just got two servers that use LDAP authentication > for > FTP, E-mail and other login's, problem is I only got the root user name and > password. I have no idea how to reverse engineer the login's and schema info > and > so on.. Any and all help is appreciated :) Thanks in Advance, Omar > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LDAP Expert's help please
1.- Be shure what service is what. I mean, if youre running imap, we are talking about 10 different possible imap servers that are provided in debian. So, make shure you know which of them are you running. Same goes for smtp, ftp...etc. 2.- Each of those you can research separately to see where are their auth settings taken care of. If you can assert that no funnny ldap/ldap auth stuff is happening in each config file, you can start looking at PAM to see if everything is being authed there (a shure hit is that there is a config file for each service in the pam.d config directory, and the services are directed to auth against PAM -most, but not necesarily all, are by default- ). 3.- LDAP is an easy thing. It aint much really, just data ordered to some schema. So, the sysadm is right if he says with the root password you can check everything out. 4.- You can possibly get whats the diff between what ldap.conf is by default, and what does it look like now. A big part of this thing is what schema files are included in this file. That will tell you at least what schemas your ldap server supports appart from the default. For example, if you are using qmail as the smtp, there will probably be a file with the speciffic qmail-ldap schema (carefull about assumptions, thats not true the other way arround, nor is it analogous in every other mta). On Tue, 2004-11-23 at 12:13 -0700, Omar wrote: > Hi Alex, > The problem is that reading the documentation assumes that you are starting > from Scratch, and installing everything. Which in turn means that you have > the > passwords and all the settings, but I am starting it backwards, everything is > there, and I need to dig it up. The previous admin said that with root > password > everything can be figured out. Partially true, but it is time consuming. > How can I find out if the system is using PAM against LDAP, in the > documentation it says using LDAP authentication nothing else. > As for the insurance I am up for the challenge, but it'a ironic as I work > for > an ISP and I don't have the net at home, which would greatly help me :( > I have downloaded an LDAP browser, but had no luck connecting to the > server. I > used slapcat to get user info, but it doesn't mean much to me, since I can't > figure out how to create a new user, using which schema and so on. Life goes > on > :) Thanks for teh suggestion I am looking at the Safari bookself right now :) > Omar > > On Tue Nov 23 11:30 , Alex Borges <[EMAIL PROTECTED]> sent: > > >1) Relax. Youre in the right place. > >2) Worry. You need to learn ldap fast > >3) Use GQ (ldap browser) to get an idea of whats in there > >4) Get a safari account and get yourself a couple of good ldap books. > >5) Read the most relevant chapters for an intro to htf (how the fuck) > >does this ldap stuff works > >5.bis) Many of the apps that are being ldap authentified may support > >ldap directly (can be a lame setup unless you know what youre doing), or > >really everyone is authenting against PAM, and then thats against LDAP > >(better setup in many medium to small cases) which is plain POSIX over > >ldap which point 5 will clear up best. I do hope youre in this later > >scenario. > >6) Be shure to have medical inssurance. Throwing you to the lions like > >this can cause permanent health damage due to stress. > > > > > >:) > > > >If everything fails. Send an RFP here. Many will gleefully charge some > >money and fix your stuff straight up. > > > > > > > >On Tue, 2004-11-23 at 10:49 -0700, Omar wrote: > >> Hi all, > >> I need help with LDAP. I just got two servers that use LDAP > >> authentication for > >> FTP, E-mail and other login's, problem is I only got the root user name and > >> password. I have no idea how to reverse engineer the login's and schema > >> info and > >> so on.. Any and all help is appreciated :) Thanks in Advance, Omar > >> > >> > > > > > >-- > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache: one or more instances
El lun, 05 de 05 de 2003 a las 18:00, Eduard Ballester escribió: > hi > I have an Apache with several VirtualHost and now I have a doubt. > Apache is ready to scale in a multiple virtual host environments without problems. Of course, if you can separate too apache's based on function (ssl vs non-ssl), as the article pointed by Jeremy's post suggests, its better to have two or more instances (or one for each porttake a java application server in port 8081, an ssl server in 443, a soap server in 8082, a normal https server in port 80)... its a more scalable setup all of the apache's would have the same number of virtualhosts (should all the vhosts need all the functionality). Ive seen apache's with 500, normal, mysql enabled, dynamic sites virtual hosts no-problem.no hay problema ke ...:=) Course, this all depends on how well do you know apache and its scalability model to make it scale. Meaning, it depends in how well can you tune apache and how many vhosts we are talking about, what will they run...etc. > I don't know if is better run all vh in a single instance or use two or > more Apaches in different path. I use IP-based and Port-based vhost NO > Name-based (of course). > Where I can find information or server benchmark for measuring the > performance of Apache (mutli-vhost) > > Thanks >
somehow OT - Configuring different bridged networks through dhcp
Hey ive inherited a strange networklooks like this: NET1 - > Bridge | NET2 Othernets<-->DATACENTER Routers | | NET3 |-> Bridge NET4 Okay ive been asked to provide DHCP centralized assignation to all hosts all over all the networks Its all okay until you hit the bridges. What happens is that the bridges are ethernet bridges (oxymoron?, i dont think so), this means they will come and ask for their dhcp packages looking exactly like an intranet host (to the dhcp server). This is a Bad Thing (TM) because those networks are not supposed to see each other. They are manually configured right now to achieve that same effect (why the hell did they bridge them then?, beats me, ive no use for the bridges). The dhcp clients are all win95/me/98/xp/2k mix, most shurely with 2003 coming too. What im wondering is id there is anything like the ClassIdentifier dhcp option for windows CLIENTS (i know ISC dhcp3 will work like bliss and assign different network configuration if the request carries its ClassIdi can make a dhcp.conf block based on that). Ive done it when the client is a radius server and it works, now, maybe there are other data that clients carry than can help me achieve the same effect? So, aint this a cool one? Any ideas? Lex Step One Group
Re: Migrating to a Compaq Proliant DL360G3
You should know that HP is debian friendly (they still wont offer support though), but they do work with debian internally and informally test. I use DELL big baddass servers and smaller (hwIDE-RAID Barracuda arrays) in HP and ive never had a problem at all... Ask the ones who want you to install redhat if they are also fine with paying the redhat service and support fees (you wont get far without it) and with major upgrades every year. Also suggest them to administer the servers themselves if they wish to have a take on the decition. All in all, be certain of what you are doing. If you know redhat better then its probably a better choice, if you know debian better (or the same as redhat) and you know why it would save time/money, then by all means use debian. El mar, 27 de 05 de 2003 a las 07:10, Tomàs Núñez Lirola escribió: > Hi > I must migrate my servers to Compaq Proliant DL360G3 machines. We're looking > several IDCs, and all of them say "Only support for RedHat, SuSE and > Caldera". I want to use Debian (I don't like very much SuSE, I've not used > neither Red Hat nor Caldera, and it's hard to change distro when you're happy > with the one you have), but when I comment this point to the salesman, he > says a lot of "It's difficult" "It's not supported" and things like that. > Even I've found on a budget "We don't take any responsibility on the > installation, functionality or support in case you decide to install Debian". > > In this situation, my boss is evaluating the convenience of installing Debian > on the servers, and he says he likes Red Hat. > > I've looked at Compaq website and I have not found any reference to Debian. > As there are RAID controllers and specific server hardware that I don't know > so far (I've never used hardware RAID at home ;P), I'm afraid of the > difficulty I can find installing Debian in spite of everybody telling me to > install Red Hat. > > Anyway... Does anybody have any experience with this machine (or similar) and > Debian? Is there any website where I can take a look on the compatibility of > this machine (or similar) and Debian? > > Do you recommend me to be stubborn and install Debian anyway? > > Thanks all >
Re: Server hacked - next...?
El dom, 29 de 06 de 2003 a las 02:15, Jason Lim escribió: > Okay... so supposing the whole system needs to be installed, we can make a > backup of the home directory now... but after we restore everything, what > is to stop the hacker immediately re-gaining access again? > > The server is a fully updated "stable" debian system. In fact, it was > updated just yesterday. > > I'm thinking that even if we do all the trouble of a complete > re-installation of the entire system, it won't fix this as it will get > re-hacked again, especailly since we can't see what is going on anymore. > > What do you think? :-( You have to realize this is a normal step in the life of any sysadmin. So stop being worried and learn from it. 1.- Save all thats possible to save (homedirs, emails, homepages) 2.- Yeah, hard to believe an updated, all standard packages woody could be cracked. Its no normal, highschool script kiddie if he pulled that off (probably a college script kiddie though...;)...). Your box as is provides very good information, but you have to realize that, if you didnt take a couple of steps to forsee this, such as having a network flight recorder somewhere to do forensics on your dead box, its going to be hard to determine where and how did he got in. 2-1/2.- Do a list of ANY installed stuff that is not strict debian woody. I mean, web database administrators, counters, extra perl modules got from cpan (as oposed from apt-get isntall libperl...etc.). Its more probable that the first level vulnerability got in there (nevertheless, if you got hacked by a perl script, then the perl package, apache package or similar is borked). 3.- So, mirror your killed hard drive so that you can disect it later, set up the box again with certain limited things, say forbid cgi's and move to mod-perl and php, forbid ppl from having bash cgi's (since there is a good chance this is where they got in). What am i doing? I dunno, there is no checklist that will cover any site, this is what i would do and im not very experienced. But whatever you end up with, you should implement postmortem analysis capabilities to your site (couple of snort/tcpdump boxes and an actual formalization of your security policies will do). So policy is the thing here anyhow, work on that. Think of syslog-ng server, your tcpdump network capture server, snort ID analysys server, log analyzer for the syslog server. Once cracked all one can do is think better for the next time.
Re: Webmail configuration for schools
El mar, 01 de 07 de 2003 a las 07:35, Ross, Chris escribió: > I need to provide email access for 13,000 to 14,000 K12 > students. Last school year we used Microsoft > Exchange BY GOD, did he really say that? > >with extremely > 1. Postfix with either mysql or LDAP for virtual user delivery. > 2. Courier-imap with a web interface (squirrelmail, sqwebmnail etc.) > (Courier-imap authentication is the tricky bit.) Sounds great! > Since we have been using a SQL database to track user account > information, I thought that mysql would be the best means of dealing > with Postfix. It would be trivial to load mysql with the information > that Postfix needs. My experience with active directory LDAP is not > great. When using active directory as an LDAP server, it seams like > there is always more fiddling than there should be. Would mysql hold up > well in this sort of environment? (load, speed etc.) Hell, postfix/courier wont even need the database to scale to that (but you will for peace of mind and easy of reporting), it aint that big. Properly tunned mysql would work very well, postgress would also do the job very well. Hell, ive a 10K accounts system, it runs all of it on a single host with webmail (yeah, i know i push it too hard), and it doesnt even use the database and its nowhere near saturation. Course, its a qmail based system, not postfix, but there shouldnt be much of a difference. > Courier-imap authentication is the big question in my mind. It > would be great if we could use active directory to do authentication > here. LDAP authentication probably won't work correctly. There is no > compatible password available and LDAP bind authentication is > problematic. Microsoft lets you do an LDAP bind even if your account is > locked, your password has expired etc. Would Kerberos be a reasonable > solution? I have no direct experience with Kerberos. Im not shure ms kerberos plays nice with other's kerberos. > Would it be possible to authenticate the user by having the courier > authentication > daemon request a Kerberos ticket? It is my understanding that the imap > server would not be granted a ticket if the client credentials were not > authentic. It would also be possible to set up RADIUS authentication. > Would RADIUS be a better solution? USE THE PAM. I mean it, use pam, youll be able to even do NT domain based autentication (albeit with some tweaking and lots and lots of stress testing). Id go with SQL authentication+pam, or even courier mysql standard authentication, then dump from the activedir from time to time. You can also use pam and kerberos i think, so you dont need courier to do kerberos itself. > The only remaining issue is a policy related one. Students and > or parents have to sign an Internet acceptable use policy for a student > to get access to the Internet. (The person that has to sign depends on > the age/grade level of the student.) If they have a signed form, we > enter this in the SQL database along with their other account info. > Currently, we provide email accounts to all students. If they don't > have a singed form, they can only send email internally. Can postfix be > configured to allow virtual users access to specific domains based on > the user? Um... not shure cool idea though.
Re: turn a firewall into a wireless access point?
Well yeah, u just plug in your wi card, make shure its linux compatible and there are packages (apt-cache search them) that will help u in configuring the card to behave as an access point. vie, 07-11-2003 a las 07:16, Dale E Martin escribió: > I was curious if there was software to turn my firewall into a wireless > access point? I've got a shorewall setup that has "net", "loc", and "dmz" > zones. My plan was to make a "dmzw" zone for the wireless. I've got an > Orinoco card + an ISA/PCMCIA adapter that I plan on using for the wireless > connectivity. > > I'm looking for ways to assign the "ESID", manage ACLs, WEP, etc, like you > would on a standalone access point. I realize even with these protections > that the wireless setup will be easy to compromise - that's why I'm > planning on making it part of a dmz. > > Anyways, thanks for any pointers. > > Take care, > Dale > -- > Dale E. Martin, Clifton Labs, Inc. > Senior Computer Engineer > [EMAIL PROTECTED] > http://www.cliftonlabs.com > pgp key available >
An insight of email traffic in universities
Okay, here is a cool question about neat things like ye olde email farm in your uni. If u guys work at a university, it would be fun to know how many email boxes you have and how much email traffic do you get. This variables would be helpfull: a) Number of email I/O (bulk total, how many in, how many out) b) How many users u have Its a neat thing to know when youre starting to set one up yourself. For example, Uwash does 120k users 800k emails a day. I want to make a spreadsheet model to calculate the ammount of bandwidth and IOPS demanded by a maildir smtp farm depending on how many users there are, how many emails do they receive in a particular ammount of time, assuming that they are click crazy and check their email exactly at the time it arrives...etc. It will take into account that you have an IMAP farm for checking the emails and will also attempt to calculate the bw generated by click crazy monkeys. Ive just started making it but im worried that i will assume stupid things, so i wanna gather some more real data to see if its all fitting in. For example, i assume that all users have a workstation and are checking their email at the very same period where most of the email is arriving (thats what i call a worst case scenario). I know this will not make for a trustable model because of the complexity of usage prediction (can one really predict the next outlook worm?mhm... yes, come to think of it, it has a probability that approaches 1 as time passes...:-) that kind of thing. But i think it can provide some with insight modeling this kind of things. The fun part will be when i build a test farm just to see how crazy am i (or not?). So if anyone can/will spare some time to share this data and/or is interested in this kind of modeling (or know of a way that is -The Right Way- (TM)) take pity and post it to the list!
Re: An insight of email traffic in universities
Sorry michael, i also sent this to you. It was a mistake, do not hit me. I am smaller and wear glasses El mié, 12-11-2003 a las 19:03, Michael Loftis escribió: > well i can share summarized stats if you want, we're a small/midsize ISP > though so we have heavier mail usage than a uni...I can say that for about > 6k mailboxes we deliver about half a million to a million messages/day. > Wow, thats a whole lot. I get, from another ISP, about 40k messages for the same 6k users. Lets have a look at the messages per user per day, u just divide 750,000/6000 thats um... kill the zeroes ... 116.6 messages per user per day. Damn. A lot. I get about that too, but im in like 3 high traffic mailing lists+all the spam known to man. Well, uwash claims to IO smtp at about 7 messages per user per day... and i have a consistent ratio in two other deployments one corporate, one ISP. This is after shaving spam hits i guess Anyone else knows what their messages per user per day is on a monthly average? Now, before and after shaving some spam? > --On Wednesday, November 12, 2003 16:51 -0600 Alex Borges <[EMAIL PROTECTED]> > wrote: > > > Okay, here is a cool question about neat things like ye olde email farm > > in your uni. > > > > If u guys work at a university, it would be fun to know how many email > > boxes you have and how much email traffic do you get. This variables > > would be helpfull: > > > > a) Number of email I/O (bulk total, how many in, how many out) > > b) How many users u have > > > > Its a neat thing to know when youre starting to set one up yourself. For > > example, Uwash does 120k users 800k emails a day. > > > > I want to make a spreadsheet model to calculate the ammount of bandwidth > > and IOPS demanded by a maildir smtp farm depending on how many users > > there are, how many emails do they receive in a particular ammount of > > time, assuming that they are click crazy and check their email exactly > > at the time it arrives...etc. It will take into account that you have an > > IMAP farm for checking the emails and will also attempt to calculate the > > bw generated by click crazy monkeys. > > > > Ive just started making it but im worried that i will assume stupid > > things, so i wanna gather some more real data to see if its all fitting > > in. For example, i assume that all users have a workstation and are > > checking their email at the very same period where most of the email is > > arriving (thats what i call a worst case scenario). > > > > I know this will not make for a trustable model because of the > > complexity of usage prediction (can one really predict the next outlook > > worm?mhm... yes, come to think of it, it has a probability that > > approaches 1 as time passes...:-) that kind of thing. But i think it > > can provide some with insight modeling this kind of things. The fun part > > will be when i build a test farm just to see how crazy am i (or not?). > > > > So if anyone can/will spare some time to share this data and/or is > > interested in this kind of modeling (or know of a way that is -The Right > > Way- (TM)) take pity and post it to the list! > > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > > -- > Michael Loftis > Modwest Sr. Systems Administrator > Powerful, Affordable Web Hosting > GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
Re: CPU Utiliaztion on a ethernet bridge
Any firewall rules or logging mechanism? El mar, 18-11-2003 a las 15:12, Simon Allard escribió: > I have setup a linux box with a 2.4.19 kernel. I am bridging 2 ethernet > devices together using 3Com PCI 3c982 Dual Port cards. (3c59x). > > What I am seeing is that the module itself uses 30% of CPU to handle just > 10mbit both ways (20mbit total). ~6000ps total. From what I have read on > the bridge homepages I should be able to run this on a 486 as CPU has > nothing to do with it. What am I doing wrong? > > > bridge:~# brctl show > bridge name bridge id STP enabled interfaces > br0 8000.000475c9a6f9 yes eth1 > eth2 > > > bridge:~# lsmod > Module Size Used byNot tainted > limiter13064 0 (unused) > bridge 16748 1 > 3c59x 25512 2 > sis900 12388 1 > > > > bridge:~# cat /etc/modules > # /etc/modules: kernel modules to load at boot time. > # > # This file should contain the names of kernel modules that are > # to be loaded at boot time, one per line. Comments begin with > # a #, and everything on the line after them are ignored. > sis900 > 3c59x options=4,4,4,4 full_duplex=1,1,1,1 max_interrupt_work=1 > bridge > limiter > > > in /etc/network/interfaces > auto eth1 > iface eth1 inet loopback > > auto eth2 > iface eth2 inet loopback > > # Bridge Interface for eth1 + eth2 > auto br0 > iface br0 inet loopback > pre-up brctl addbr br0 > up brctl addif br0 eth1 > up brctl addif br0 eth2 > up brctl stp br0 on > down brctl delif br0 eth1 > down brctl delif br0 eth2 > post-down brctl delbr br0 > > > > > > Does anyone have any ideas off the top of your head what could be > causing this or be able to point me in the right direction for some > documentation relating to this problem. > > > > > > Simon Allard (Senior Tool Monkey) > IHUG > Ph (09) 358-5067 Email: [EMAIL PROTECTED] > > I'm out of my mind right now, but feel free to leave a message. >
Re: apt-get bcm5700-module-2.4.18
On Thu, 2003-11-20 at 08:38, Dan MacNeil wrote: > Two questions: > > 1) Has anyone done a: > > apt-get install bcm5700-module-2.4.18 > Well, its a source module, so you will have to compile it for your running kernel. Other than that, ive a year and a half worth of uptime out of it on a woody install (gigabit and all) and it works well. This module is part of the standard woody release, no funny sources required as far as i know.
Re: apt-get bcm5700-module-2.4.18
> Allthough its things like this that break ones automatically > kernelbuildingsystem for +25 debianservers :( I use to have script > that did build an *.deb package based on config in .config but now i > need to come up with something clever that compile the source against > the running kernel... and im not really a kernel guy other that i know > howto configure and compile and install a kernel? > Well. It being a debian module, if all kernels are homogeneous, you just need to build one deb among with your kernel and out it goes with it. Like make-kpkg modules_image will make your deb for the same revission of the kernel you are executing the command from. If youre in /usr/src/kernel-source-2.4.18 it will build for that, be elsewere and it will be for that other kernel. I think kernel-package can solve most problems of that kind of environment. Remember you can make it stamp revisions and all, and the built modules will be stamped as well. THink about ti.
Re: bind9 vs tinydns vs others
On Tue, 2003-12-02 at 09:46, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. Please explore the list for a three month very fun discussion about it (i still remember it). > > thanks > David >
Re: Software for a NIC (Network Information Center)
> > I think, the full Hardware/Software can not exceed 150k US$, > > better less. (the cost does not inlude the Online-UPS) > I think the largest cost wont be in actual software infrastructure but in value added infrastructure. Do you want people to buy the domains online, that will cost. Do you want them to be able to receive e-invoices according to some standards or do you want it to integrate to an invoicing system that works for your country, that will cost. The bandwith, that will cost. Offsite Backups, backup system, redundant storage...that may cost...if you really really need it. But not more than an extra 50k for a small redundant NAS. Do you want to run a toplevel domain? Hey, that goes for well less than 20k dollars easy with a couple of redundant servers. It will do for hundreds of thousends (probably millions) of domains. With redundant power supplies and a redundant active/passive pair setup (two servers for the primary, two for the secondary). > Since it is a Debian list, I will mention only free software, of > course. > Naturally! I say, pocket the rest of the 150k and send some this way! LEX Step One Group www.sogrp.com
Re: Intel Hyperthreading problem on server?
El mar, 16-12-2003 a las 12:39, Jason Lim escribió: > Just noticed one more thing... it appears to be Apache causing the super > high load (among other programs running) when SMP is compiled into the > kernel, and with a bunch of errors in syslog: > > [Wed Dec 17 02:27:37 2003] [notice] child pid xx exit signal > Segmentation fault (11) > > (and a whole bunch of these errors, like 50 lines) > > I did a search and someone said it has to do with Apache requesting memory > that it doesn't own or something: > http://lists.debian.org/debian-apache/2002/debian-apache-200207/msg5.html > Mhm... i dont want to be hasty, but it seems im looking at exactly this problem for a very memory hungry php application > but that doesn't really help in this case, unless you guys can think of a > different angle on this? > > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, December 16, 2003 11:23 PM > Subject: Intel Hyperthreading problem on server? > > > > Hi All... > > > > Do you guys know anything about a problem with Intel Hyperthreading (eg. > > on the Intel 2.4Ghz HT-enabled processor) that would cause the load > > average to jump to over 200? > > > > Here is the log line: > > > > Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the > > given threshold 200 150 100! > > > > (then it reboots) > > > > This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 > > kernel, and it has the same problem. > > > > When the kernel is compiled WITHOUT SMP support, the kernel works fine, > > and it can have uptimes of months without any problem. But when SMP is > > compiled in, and the HT processor is correctly identified (and top can > see > > CPU0 and CPU1), then it only takes about an hour or two of operation > > before the load average jumps like that. Note that this is with Debian > > woody/stable, and with a clean kernel.org kernel. > > > > Do you guys know anything about this, or have any ideas where I should > > look? Is there something in Woody that isn't friendly with SMP or > perhaps > > HyperThreading processors? > > > > Thanks in advance. > > > > Sincerely, > > Jas > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > >
Re: Intel Hyperthreading problem on server?
Well, its not that the kernel does not detect the ht, it does and quite fine (shows lots of processors in the box and all). The problem is that apache is crashing under high load with a segfault. Now, as i understand it, this can be a faulty hardware problem (bad memory=segfault) or an actual software problem. Im not shure, but im having this problem as well with an HT server and have not been able to rule out the possibility of a faulty hardware thing. Nonetheless, this can also be, for example, an ugly module in woodies php4 which are particluarly edgy (xslt for example) under high load due to them being in beta stage by the time woody froze. El mar, 16-12-2003 a las 20:07, Theodore Knab escribió: > I am using the 2.4.20 kernel with SMP support on a Hyper-threading > Intel. I remember having problems getting it work with SMP support > initially. > > I think the kernel has to be perfect. ;-) > > Do you have high memory support compiled in ? > High memory support above 4GB might cause problems. > > If you do not have more than 2GB of RAM you should make sure that High > memory support is not enabled. > > Also did you enable hyper-threading in BIOS ? > Auto-detect modes might cause problems. > http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0175.html?Open > > My system: > > Linux tedsdesk 2.4.20 #22 SMP Mon Jul 21 14:53:07 EDT 2003 i686 > GNU/Linux > > [EMAIL PROTECTED]:cat /proc/cpuinfo > processor : 0 > vendor_id : GenuineIntel > cpu family : 15 > model : 1 > model name : Intel(R) Pentium(R) 4 CPU 1.50GHz > stepping: 2 > cpu MHz : 1495.172 > cache size : 256 KB > fdiv_bug: no > hlt_bug : no > f00f_bug: no > coma_bug: no > fpu : yes > fpu_exception : yes > cpuid level : 2 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm > bogomips: 2981.88 > > The ht in the flags section tells me hyper threading is being recognized. > > On 16/12/03 23:23 +0800, Jason Lim wrote: > > Hi All... > > > > Do you guys know anything about a problem with Intel Hyper-threading (eg. > > on the Intel 2.4Ghz HT-enabled processor) that would cause the load > > average to jump to over 200? > > > > Here is the log line: > > > > Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the > > given threshold 200 150 100! > > > > (then it reboots) > > > > This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 > > kernel, and it has the same problem. > > > > When the kernel is compiled WITHOUT SMP support, the kernel works fine, > > and it can have uptimes of months without any problem. But when SMP is > > compiled in, and the HT processor is correctly identified (and top can see > > CPU0 and CPU1), then it only takes about an hour or two of operation > > before the load average jumps like that. Note that this is with Debian > > woody/stable, and with a clean kernel.org kernel. > > > > Do you guys know anything about this, or have any ideas where I should > > look? Is there something in Woody that isn't friendly with SMP or perhaps > > Hyper-Threading processors? > > > > Thanks in advance. > > > > Sincerely, > > Jas > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- > -- > Ted Knab > Chester, MD 21619 > -- > 35570707f6274702478656021626f6c6964796f6e602f66602478656 > 02e6164796f6e60237471647560216e6460276c6f62616c60257e696 > 4797e2a0 >
Re: Intel Hyperthreading problem on server?
> Except in my case, this error ONLY appears if SMP support is compiled into > the kernel, otherwise, it runs smooth with very high load. Apache doesn't > immediately have the problem with SMP compiled in tho... it takes maybe an > hour or two before the problem appears. > That is consistent with what im seeing. Same debian woody apache+php version on a single procesor box, no problem. Take that to HT dual pIV, and apache crashes from segv
Re: Intel Hyperthreading problem on server?
> I do not appear to be having the same problem you guys are. The machine > does not have a high load, but has not exhibited any problems > whatsoever. Running vanilla source 2.4.23 from kernel.org. > > Are you using Debian kernel packages or vanilla source? Any other magic > going on? Possibly a bug in some other DSO you're using? Yeah, this may make sense. i do use some pretty heavy php modules (xslt and dom), but the reference deployment in non-smp does the exact same thing and does not crash. Do you use high memory support? It may be all mixed up to that. > Sorry if I missed some relevant part of the thread. :-)
Re: Considering Debian (currently using Red Hat)
Boy, are u gonna get answers El mié, 14-01-2004 a las 08:56, Fred Whipple escribió: > Hi Everyone, > > I'd like to get some of your thoughts on a few things relating to the > possibility of our company switching distributions from Red Hat to > Debian. As most folks already know, Red Hat has drastically changed > their strategy, and we ultimately must make *some* relatively drastic > changes no matter what. And, we intend not to switch to RHEL (though > not for financial reasons). This gives us the opportunity, welcome or > not, to consider other distributions. And even other OS's -- we're > frankly not closed to the idea of ultimately switching platforms > entirely to BSD or Solaris. So with this in mind, > > 1.) One of the biggest reasons we went with Red Hat many years ago was > RPM. Of course I know that Debian has a package system, and there're > constant arguments about which is better, if either. What I wonder, > though, is how they compare for the purposes of security checking. On a > Red Hat system, practically any file or directory outside of /home can > be found within the RPM database. We can check each and every file, its > MD5 hash, etc. It's like having a built-in Tripwire installation so > long as you trust the RPM database. We've modified the RPM installation > such that we can trust it more than we trust Tripwire. Do Debian > packages have similar security built-in? Yes although it wouldnt be safe to say ALL files in every package as some of the files (as config files) are generated from pre or postinstall proceses and thus are likely to say. Anyhow. Debian comes with a debsums command that takes the deb database and does an md5 comparission of everything. Its quite effective. Ive used aide, tiger and integrit as local IDS systems and they do their job quite well. Ive never fiddled with tripwire though. Those will do the debsums check for you plus, depending on package, will conduct other similar testing procedures to detect filesystem changes. > 2.) A related reason we used Red Hat was that practically anything you > could want to use was pre-packaged in a simple to install RPM. And they > were typically pretty high quality RPM's, and very often well > maintained. Do admins typically find that they're able to find Debian > packages for most software they're typically interested in using? I > realise this varries greatly between markets, but I guess what I'm > asking is do you usually find 70% of the packages you're interested in > in Debian package format, and well maintained? 80%? Just a general idea. > Well. Its a tradeoff there. Third party (non distro) software is almost allways distributed in rpm's. This makes it much easyer for admins to integrate that packages into your stuff. Debian is another taco there, we have an authoritative source of packages (the debian project) and most packages youll ever need are there. Third party debian packaged software is generally complex to safely integrate into debian because non-stable debian moves a lot (thus many prefer the testing and unstable distribution, depending on usage) so most projects find it a PITA to manage debs as third party. On the other hand, debian makes it very easy for you to take a tarball and turn it into a safely installable (for whatever debian version you use) packacge through the dpkg-buildpackage command. If the third party package is GNU-style compatible (has a configure, make, make install style of distribution), dpkg-buildpackage will build you your deb and you can then install it with the equivalent of the redhat rpm command for debian, called dpkg. Finally, debian supports you tracking packages from different versions of it. Say, you want a stable (read OLD) setup for all email related services, but you need a younger version of apache. You can quite troublessly install the apache for debian/testing (which is younger) into your debian/stable setup, and it will only install whatever testing versions of the apache dependencies you need, thus leaving your email services safely in their old versions (unless they depend on the same libraries as the younger apache). > 3.) I read quite a bit of the Web site, and see that in general, > releases seem to be very far and few between. This is advantageous to > ISP's, of course, because we want things to just "work". Is my > perception correct in that releases are far apart? When is the next > release expected? How significant is the difference from, say, 3.0 and Yes. Very very far appart. Between stable releases what differs is just package versions, installation software upgrades and a whole lot of new packages. Naturally, they also change in administration software (see all the debian update-* commands, which make it easy to manage a lot of things) > 3.1. Can you just install a bunch of packages and call it an upgrade, > or do you have to go through a whole ordeal as you do between Red Hat .X > versions
Re: Services in a ISP
jabber.org Has clients in EVERYTHING and an opensource server. Its very well tested. El jue, 08-01-2004 a las 06:37, Ghe Rivero escribió: > Hi people! > I need to provided some basic services for an ISP. I have almost > everything resolved except a chat services. The server is running but i > cann find any software to access it via web. Anybody knows something? > Thx in advanced > > Ghe Rivero > > PD.- Apart of this, do you know any software for a search engine (for > the web) and to create the web map? Thx again
Re: FreeBSD/ Redhat / Debian
There is a very young thread about this in the list archives...look in there, then come with more speciffic doubts...:) El lun, 19-01-2004 a las 13:58, Vahric MUHTARYAN escribió: > Hi Everybody , > > > I will be new user of Debian. For quick tour I want to learn and I > want to get your advise about Comparing other OS with Debian . > > Do you have any link about some test with Debian and athor OS, > Please share you exprience with me .. > > > Thanks > Vahric MUHTARYAN >
RE: FreeBSD/ Redhat / Debian
Browse through the bug pages, bugs.debian.org and related pages linked to from the debian.org site The debian quality control process is thoroughly documented, absolutly open and streneusly enforced. You will find why this is the best of breed platform for standards compliant, secure internet services deployment. El lun, 19-01-2004 a las 17:50, Vahric MUHTARYAN escribió: > Thanks, Where can I find last bugfixes or history of bugfix of Debian . > Maybe you know FreeBSD is more clearly history then other OSs. > > I consider some things too, Does Debian end can be like Redhat and Suse , > because after redhat , debian is really most used OS ?! > > > Vahric > > -Original Message- > From: George Georgalis [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 20, 2004 1:32 AM > To: debian-isp@lists.debian.org > Subject: Re: FreeBSD/ Redhat / Debian > > On Mon, Jan 19, 2004 at 06:00:55PM -0500, George Georgalis wrote: > >On Mon, Jan 19, 2004 at 09:58:48PM +0200, Vahric MUHTARYAN wrote: > >>Hi Everybody , > >> > >> > >>I will be new user of Debian. For quick tour I want to learn and I > >>want to get your advise about Comparing other OS with Debian . > >> > >>Do you have any link about some test with Debian and athor OS, > >>Please share you exprience with me .. > > > > > >I've not had time to look closely at this, but I've heard it's a > >fair linux/bsd comparison > > > >http://www.over-yonder.net/~fullermd/rants/bsd4linux/ > > > >let me know if anyone sees an inaccuracy! > > okay just took a closer look, it's bsd biased. but > if you want to know why BSD lovers love BSD you have > some good arguments, just remember, there is more > to Linux than in this article. Every OS/distro has > idiosyncrasies, weigh the benefits and choose the > idiosyncrasies you want to deal with. The author > obviously hasn't chosen Linux idiosyncrasies. > > BTW - re RedHat vs Debian. RH is slanted more toward > GUI administration/philosophy while Debian allows you > a finer control but more controls are pushed to the > command line. Debian is easier/better for me but RH is > more popular in some industries, for example. > > > // George > > -- > George Georgalis, Admin/Architect cell: 646-331-2027< > Linux Infrastructure, Security mailto:[EMAIL PROTECTED] > Services, Multimedia and Metrics. http://www.galis.org/george > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > >
OT - [Fwd: Lineox Enterprise Linux Support Partner Program]
Okay, im sorry to post this here. I dont know why a linux distro is sending me spam. I wonder if any of you guys also got this. I dont think its acceptable for a linux distro to fall down to this level and so, i am posting this here in order for them to find out what the linux community thinks of spammers, spammer buyers and spammer supporters (and just exactly what we think is spam). The reason im saying this is spam is that the return address is invalid. Im guessing anyone in the Linux Consultant HowTo got this but maybe it was also harvested from this list. Sorry again, dont hesitate to tell me im an idiot if this is far-fetched and of no interest to this list. --- Begin Message --- Lineox Enterprise Linux Support Partner Program === Lineox Enterprise Linux is sold without bundled support. This creates a business opportunity for companies and consultants who can offer support for Lineox Enterprise Linux. Lineox believes that free market will provide the best support network for our products. There already exists a kind of market place for Linux support, but Lineox wishes to improve it. Linux Consultants Guide already provides a directory of Linux consultants, so there is no need for Lineox to duplicate that effort. Lineox can however provide information on how active a particular consultant is by following Lineox products sales figures. Lineox can also create a list of consultants who support Lineox products and what kind of support they provide. How to join the Lineox Enterprise Linux Support Partner Program === First you should add your information to the Linux Consultants Guide if you haven't done that already and then send us email. You should mention if you would like to become a Lineox reseller, what kind of support you can offer to our products, and how we could develop our Support Partner Program. We will then provide on our web site a link to your Linux Consultants Guide entry and work out a structure how to best categorize and present support providers. We will develop our Support Partner Program based on response we receive, so it is important that you provide input. We believe that at this stage we should not bind our Support Partner Program to any strict format, but build it to satisfy the needs of our partners. Why become Lineox reseller = Selling products might not be your main business, but if you need Lineox Enterprise Linux 3.0 disks, you can buy them at cheaper dealer prices, if you order at least 5 disks at a time. Our reseller program is open to all, but EU based companies must provide intra-EU VAT code, minimum order is 5 disks, and we accept only PayPal payments. Lineox Enterprise Linux 3.0 === Lineox Enterprise Linux 3.0 contains all freely distributable packages from Red Hat Enterprise Linux 3.0 Advanced Server ($1499), Red Hat Cluster Suite ($499), and Red Hat Developer Suite (free as an introductory offer for RHEL subscribers). Lineox Enterprise Linux 3.0 does not contain any support. Lineox is however offering program package updates for free for a limited time and later as a paid subscription. Lineox Enterprise Linux 3.0 is available immediately directly from www.lineox.com and soon also from resellers. The suggested retail price is 17.90 Euro for DVD-ROM and approximately 20 USD/Euro for separately sold printed Lineox Enterprise Linux 3.0 Installation Guide. Further information: www.lineox.com, [EMAIL PROTECTED] Support Partner Program: http://www.lineox.com/SupportPartners.php Reseller page: http://www.lineox.com/4reseller.php --- End Message ---
Re: Debian and SAN support
Im not shure i follow. If youve already got the SAN, why the need of a DFS? I thought it would just export you its volumes and youd see it as scsi devices? El lun, 09-02-2004 a las 14:44, J.J. van Gorkum escribió: > Hi, > > Can sombody point me in the right direction for cluster Filesystem > support (that will work on Debian) to be used in combination with a SAN? > (Compaq MSA1000) > > I have found: > > - luster (clusterFS) the say they have support for Linux 2.4.x but the > systenms segfault on vanilla 2.4.20 kernels... > - gpfs (suspended by IBM due to the (soon) arrival of Storage Tank) > - openGFS (but the project seems dead -- and segv on the DLM module) > > Keep in mind that running a Redhat kernel is NOT an option. > > -- > JJ van Gorkum Knowledge Zone > If UNIX isn't the solution, you've got the wrong problem. >
Re: Debian and SAN support
El lun, 09-02-2004 a las 19:23, Michael Loftis escribió: > Yes but if you have need of sharing a single filesystem, on a single > volume, you need a FS capable of such. Ah yes...well doh... i didnt think of that...thx Ok... You can tell i dont know much about this matters. I just want to learn about it. Would anyone be so kind as to point me to a link where this need may be described? Because... through my limited knowledge, id nfs or samba the damned share out of a server and off we go...:)... I have the feeling that would put a fast end in my career, so any help in my apprenticeship would be appreciated (I am currently STFW for cluster fs and suchmore would be better thanks).
Re: FTP-TLS
Sorry i cant be of more help. But this is what we do. We have an all windows (all flavors) environment and an all linux data center (print,file,web,collaboration,email,a-spam,a-virii,backups,sql...etc. we like pain...its good for us). After checking out how do we want to share the server with the clients, we settled for ssh (w00t!?) Yeah, winscp is just as annoying as cuteftp, it looks the same, it can do edit-on-server (a fad, of course) and, it doesnt have the funny stuff ftp has. Contra: Its a bitch to chroot a ssh server and keep your admin setup, but its doable. So there i recomend you dump ftp.
Re: IMAP automagic replication?
El sáb, 28-02-2004 a las 18:51, Adam ENDRODI escribió: > On Sun, Feb 29, 2004 at 01:00:09AM +0100, Kilian Krause wrote: > > > > I came accross the idea of using CODA for replication of the filesys > > even though the slow network connection, but somewhat i doubt it'll be > > performant over internet. Especially more performant than plain IMAP > > replication. Anybody having numbers on these ones? > > I guess you don't want to sync at the file system level. Coda > won't be an easy battle and is generally agreed not to be > suitable for real-time applications (read: bloody slow). > Moreover, apart from the rumours, wou'd definitely need > to complicate the architect with another layer--some kind > of encrypting tunnel. DRBD ... this is what i use, and it works fine. It is very bandwith sensitive though. > > just my gut feelings, > adam > > -- > Am I a cleric? | 1024D/37B8D989 > Or maybe a sinner? | 954B 998A E5F5 BA2A 3622 > Unbeliever?| 82DD 54C2 843D 37B8 D989 > Renegade? | http://sks.dnsalias.net >
Re: Re: Sendmail or Qmail ? ..
El vie, 05-03-2004 a las 12:56, Lucius Junevicus escribió: > I saw your post on setting up qmail over drbd. I would love to see > how you did it. > I'd like to create a how-to on setting up a hybrid cluster (open-mosix > and drbd) for qmail. Open Mosix? Isnt that like, autobalanced cluster? Interesting, how does it help a smtp farm as opposed to simple load balancing? > > I'd love to know how you setup your cluster. > > What do your drbd.conf, ha.cf, haresources files look like? > > Which services do you have heartbeat control? (qmail, spamassassin, ?) > > I know your probably very busy, but any help would be greatly > appreciated. This is pretty straighforward. A most mta's Qmail has configurable queue directories and can deliver to maildirs anywhare as well (i use vpopmail as delivery). All you need is to set up your drbd partition as announced in drbd's documentation (engeneer your disks, etc.). Our nodes look like this: Primary DELL 6250 PIV XEON 2.4gh DUal Processor 1GB ram 210GB RAID V SCSI storage Secondary DELL 6250 PIV XEON2.4gh Single processor 1GB ram 210GB RAID V SCSI storage Make a big partition, set up some symlinks to make important directories reside in this partition (i named it data and its mounted on /data): /var/qmail -> /data/var/qmail /home/vpopmail -> /data/home/vpopmail /webhostingpeople -> /data/webhostingpeople /var/lib/mysql -> /data/var/lib/mysql /etc/passwd -> /data/etc/passwd /etc/group -> /data/etc/group etc. HEre is the trick: In the primary server: Install (or mod) everything so that important services boot up without a problem from files in this partition (already using the symlinks and all). Make SHURE you profile every possible path of use that may be related to file access creation, directory creation...etc. In the secondary server: Make a data partition Make shure that data partition is absolutely exactly the same size of the primary. In the primary: In init=1 (make shure all services are OFF) do: tar cf --exclude-from exludedfiles / | ssh -lroot secondary "tar xf /" In the file excludedfiles you should put /dev/ /var/log /var ...etc...anything that doesnt make sense putting in the failback node (/proc, /sys). This will snapshot the primary onto the secondary. Reboot the secondary, all services should be on and working just as in the primary. If that is the case, youre ready to roll. Make the drbd magic you have to on the /data partition and youre home free. > > Lucius
