Adding new network service - how?
Greetings, All: Please forgive me if this is documented somewhere -- a pointer to the documentation would be greatly appreciated! I've got a custom (just wrote it) standalone TCP/IP server daemon that listens on a high port and works fine servicing connections from localhost. However, when I try to connect (via telnet) from any other machine on the network, I get "connection refused". I tried editing /etc/hosts.allow so it contains the single line ALL:ALL and then /etc/init.d/netbase restart, to no avail. (Reverted back to what it used to be right after -- it's an internet-connected machine.) I know it has to be an easy, probably obvious, operation to get this port opened up, I just cannot find it. Any help anyone can provide would be appreciated. -- Art Sackett
Re: Adding new network service - how?
On Tue, Jun 27, 2000 at 06:26:27PM +0800, Sanjeev Gupta wrote: > Art, > > How does the server get fired off? inetd? Stand alone? hosts.allow is > used by tcpd, only if use tcpd explicitly to start the server. It's a standalone. It would be started by a script in /etc/init.d/something if I could get past this little challenge. > Can you connect via telnet locally? Yep. I can telnet from localhost and it works just fine. Trying from another host on the network, the server doesn't even see the connection. It's now 4:30AM here in Colorado, and this thing is keeping me awake... I know it's asking for trouble to keep pounding on it, but staring at the ceiling wasn't doing me any good, anyway. Need more coffee... 8^| -- Art Sackett
Re: Adding new network service - how?
On Tue, Jun 27, 2000 at 10:51:58AM -0400, Chester Hosey wrote: > Are you binding to a specific IP address (eg, 127.0.0.1), or just 0.0.0.0? > If you bind to a specific IP, only packets coming in on that interface > will actually appear. I've tried binding to the machine's internet IP address and to 0.0.0.0, with the same results. The server is just not ever seeing the connection unless it comes from 127.0.0.1 -- the machine's own internet IP address won't even connect. I've confirmed that it's not my server's allow/deny rules at fault, by printing to STDERR on every connection before anything else happens. When it doesn't work, it's not making any noise at all, and all I see is iplogger making notes in /etc/syslog. Back to hair-tearing and swearing... -- Art Sackett
Re: Adding new network service - how?
Greetings, All: I don't know what I did, thanks no doubt to a low caffeine level, but my problem's changed enough to get me some clues. Now, when I bind to the internet IP address, I can get connections from the world but not from 127.0.0.1. Ugh. It's enough for now... Thanks to all who took the time to try to pull my head out! -- ---- Art Sackett
Re: pop3 server,
On Mon, Jun 26, 2000 at 10:03:05PM +0200, Dariush Pietrzak wrote: > Hello, > which packaged with debian pop3d would you people recommend? > which one do you use? qmail with pop3d and friends seems to be pretty solid in my short experience with them. I've not got hundreds of users, but it's said to be up to the task of 200,000 messages per day or so. It configures pretty easily once you get your head out of sendmail mode ;-) One thing to watch out for is that one of the .debs is flaky, doesn't set the execute bits on some things, so compilation bails with a fatal. I don't recall which it is, now, but the fix is easy: chmod u+x /tmp/ I'm running it with ucspi-tcp and rblsmtpd, and it hasn't given me any problems. There are patches and whatnot floating around to set it up for relay-after-POP-authentication, but I haven't tried those since we're a small shop and all outbound mail comes from the local net. -- Art Sackett
Re: Harddrive Errors
On Wed, Jul 12, 2000 at 12:52:19AM -0400, Chris Wagner wrote: > WD is bad, they're a bad bad company. Anyone who has a WD drive in their > server should take it out and THROW IT AWAY. I don't trust wdc as far as I > can decompile it. On any file system. How does one decompile a hard drive? With a hammer? I've got a few here that are over three years old, a couple over four, and they're still ticking along without any problems. In fact, they're my preferred vendor for EIDE drives. And I've built hundreds of machines in my lifetime. Doesn't make me right, just serves to illustrate why I feel my opinion might be worth considering. I could be wrong, but I highly recommend Western Digital EIDE drives. -- Art Sackett
Re: only POP3
On Tue, Jul 18, 2000 at 12:52:01PM +0200, Aubert Gabor wrote: > Hi there! > > I have a short question: > What's the way, if I would like to provide only e-mail service to the > users? No telnet, ftp account, only POP3. You might look into qmail, and on the site at: http://www.tibus.net/pgregg/projects/qmail/single-uid-howto.html for instructions on how to support many POP3 users under one system UID. It's one possible solution -- there may be others. Because of the licensing of qmail, there's no binary .deb of it -- the packages you get include the sources, and the package includes scripts to handle the building of them. If you go for a reasonably complete qmail installation, with ucspi-tcp and rblsmtpd, one of the packages is messed up just a bit and will leave you with compiler warnings. I don't recall which it is, but it's an easy fix. Find the subdirectory named for the package in /tmp/ and change into it, then chmod u+x * the thing. The compiler warnings will go away, and the result will be a nicely installable .deb of the binary. I just started using qmail this year, and like it just fine. It's a lot easier to administer than sendmail or smail, and it's allegedly a lot more secure, too. -- Art Sackett
Re: fiber
On Tue, Jul 25, 2000 at 05:43:00PM -0300, Gerard MacNeil wrote: > > I have read that you must ensure that the wires in the cat5 must be > twisted all the way to the termination points to ensure reliabilty. Except in unusually electromagnetically noisy environments, I've not found any real support for this claim, although I've read it in more than one place. It's been my experience that a few inches of parallel conductors in a run of more than a few feet will cause no problems, except in very noisy environments. I'm more concerned about observing the pairings so that the right signal lines are paired, and have seen more noise-related problems as a result of illogical pairings than short runs of parallel conductors. -- Art Sackett
Re: fiber
On Wed, Jul 26, 2000 at 12:03:01PM +0800, Sanjeev Gupta wrote: > > I have seen patchcords with a 3inch length stripped near the jack, and > working on 10MBps. 10Base-T will run across almost anything in a quiet enviroment. A few inches won't make much difference even at fast ethernet speeds in a suitably quiet environment. > I have seen a patch panel, with the ENTIRE panel > patched with 2' lengths of wire, nicely bundled and routed, though of > course they had no twists with respect to each other any longer. > I have rarely, and I do not use this word lightly, seen wire 3 & 6 twisted > together. Practically all the cabling vendors I have seen patch a 1-2, > 3-4, 5-6, 7-8 style. The network works, so they have been doing this for > years, and they see no reason to change. The biggest problem with bad habits is that you get away with them for so long, you no longer suspect them when things go wrong. Personally, I would rather take the time to do the job correctly, than risk that I will later have to make excuses for why I didn't. I've seen bad habits and sloppy math built into far too many products sold by respected names in the business to believe that just because they're selling it, it's right. -- Art Sackett
Re: AMD Duron CPU & Debian
On Tue, Aug 22, 2000 at 08:03:47AM +1000, ridgey wrote: > Has anyone had any problems using the new AMD Duron CPU and running Debian? Haven't tried the Duron, but the Athlons seem to work fine. > I have been running Debian on the K6 chips without tomany dramas. Also I > spose I should ask if anyone has had any problems running on Socket A > M/Board's. No problems with the ASUS K7M that I've seen. I've got a few around here running the K7M with Athlons, and the previously problematic Adaptec AHA2940-U2W SCSI host adapters, along with the 3Com 3C905C NICs that some folks have had problems with (owing to failing to compile the -C driver, I think). So far, not a hiccup out of any of them, in slink (Debian 2.1). Speaking of which, has anyone got the released potato working with the AHA2940 host adapter? I had some problems with it throwing I/O timeout errors on disk read/write, right around the time potato first went into frozen. I haven't tried it since, and don't really want to take any machines down for an extended (costly) bugfinding mission. It looks like there's a boot floppy image designed just for these kinds of things (the 'idepci' image) but I'm kinda nervous now... -- Art Sackett
Re: AMD Duron CPU & Debian
On Mon, Aug 21, 2000 at 05:15:36PM -0600, John Gonzalez/netMDC admin wrote: > > What kind of problems have you run into with the Adaptec card? I'm using > that card and software RAID, and i've run into hard lock problems. I > attributed it to the RAID code, but it could be the card. In slink, the installation would hang up after failing to properly puzzle out which driver to load into the kernel. The workaround was to grab the boot floppy image that was tailored to it. In the first frozen potato I was seeing scads of I/O timeouts on disk access. Again, though, I haven't tried it since the first frozen version. It may be okay now, or okay using the 'idepci' images. > As for the NIC's that you talk about, we run 3c905's but i'm not sure if > they are the C version or not, we havent had any problems with them, but > we havent been pushing much traffic at all. More info on that as well > would be appreciated. The latest 3C905's (3C905C-TXM) don't run under the old common Linux driver -- but 3Com links to some suitable source code from their site. I've had no trouble out of them. I've heard from quite a few folks that the 3C905C is unsupported, but in each case have found that they were trying to use the common Linux driver, not the one provided by 3Com. Whether or not potato's '905 driver is the old one or something newer I don't know. -- Art Sackett Art Sackett Professional Web Design 1067 Cleveland Street Meeker, CO 81641-3217 USA +1.970.878.5014 http://www.artsackett.com
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on > writing a shell script. Just a thought, might not even work: howzabout defining the user's shell (in /etc/passwd) to be a symlink, say, /bin/timelock, then just wiggling the symlink twice per day via cron to target either /bin/false or /bin/bash, as appropriate? -- ---- Art Sackett
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 09:54:21AM +0200, Andrea Glorioso wrote: > > It would be a nightmare of races. Why not just use an already proven > - albeit not security perfect and sometimes a bit elaborate, but hey, > that's software :) - solution like PAM? That was my first inclination, but (perhaps incorrectly) assumed that there was some reason that the OA didn't want to go that route. Every now and then, I get the overwhelming compulsion to put one or both feet into my mouth... -- Art Sackett
Re: AMD Duron CPU & Debian
On Thu, Aug 24, 2000 at 10:05:46PM +0100, Jonathan McDowell wrote:
>
> I had a machine with a 2940 lock up after a fair few SCSI bus resets. I
> compiled up the latest 2.2.17 pre release which has the latest driver in
> it and turned off tagged command queuing and haven't seen a problem
> since.
I finally bit the bullet a few days ago and installed potato on one of
the machines I was concerned about. Using the 'compact' images and a
network install, it worked well. It turns out that the 3C905C driver is
in the package and works well, and the AHA-2940-U2W just came right up
and ran without a problem. ('compact' is sporting a 2.2.14pre-something
kernel -- could be 2.2.16 would have barfed, I don't know.)
One thing it wouldn't do was reach out to the internet for the HTTP
installation, but it could have been something I did wrong, while in
a hurry. It would get to things on my local subnet, though, so I setup
a ProxyPass directive on Apache in another machine and sneak around
the problem. Once the installation was fully in, the new install had
no trouble reaching the internet. I don't know what I did wrong, aside
from being constantly interrupted and more-or-less autopiloting my way
through the procedure, trusting it to be a lot like it has been in the
past... it worked, I'm happy, can't ask for much more than that.
--
Art Sackett
Re: AMD Duron CPU & Debian
On Tue, Aug 29, 2000 at 10:08:53PM -0600, Art Sackett wrote:
> ('compact' is sporting a 2.2.14pre-something
Dump typo from a poorly-skilled keyboard operator. 2.2.17pre-something.
--
Art Sackett
Re: MySQL vs. Postgres
On Wed, Aug 30, 2000 at 06:34:54PM +0200, Arno Vije wrote: > where setting up some servers for a small ISP, > they want to have a SQL database, but i`m in > doubt. Which one would you recommend, mysql or postgres? > The SQL database will be used in combination with PHP3 (or 4) > to generate dynamic websites. If you don't need record-level locking, rollbacks, etc. then I would recommend MySQL, simply because it's very fast. -- Art Sackett
Re: Little script help please
On Fri, Sep 08, 2000 at 09:36:51AM +1000, ridgey wrote: > Below is a script I am writing, what it does it take in values from webpage > and basically just write them to a file. First thing to do is to stop writing perl like it's sh. Second thing would be to ditch cgi-lib.pl in favor of CGI.pm. I don't wish to offend, but don't really know what else to say. I don't even see why the thing you wrote does anything at all... seems like it should bark and die straight away. It surely would if you had warnings enabled. Back to the ole drawing board, I think. Have a good one! -- Art Sackett
Re: Qmail and Debian
On Tue, Sep 12, 2000 at 03:08:43PM -0700, Eric Jennings wrote: > As for qmail, I attempted an install of qmail from dselect, and I had > nothing but problems. After several days of pulling my hair out, I > opted to download the qmail source from qmail.org and install from > scratch. The current .deb (for potato) works well -- apparently somebody fixed the problem (not setting the execute bits on the files in /tmp/qmail/ needed for proper compilation). > Sure enough, it works flawlessly. Since then we've > installed ezmlm, and a slew of web-based admin tools for each. I haven't tried any of the web-based stuff, but have found that the .debs of ucspi-tcp, ezmlm, rmlsmtpd, fastforward, and vchkpw have all gone in flawlessly. Well, almost -- there's still a niggling little problem where any other existing mail-transport-agent being on the system will cause dpkg to bail out thinking qmail causes a conflict. So after yanking out the default exim, you have to go back and reinstall any you need of at, mailx, logrotate, and mail readers. There may be others, which will be installation dependent. It might also be handy if the rblsmtpd installer modified /etc/init.d/qmail to put the thing to work, which now requires going in and manually editing. It's easy if you know to do it, but it would be easier if the installer asked which services you wanted to enable. Art Sackett
Re: Qmail and Debian
On Wed, Sep 13, 2000 at 10:19:48AM -0500, Nathan E Norman wrote: > > Huh? Why would you need to deinstall at, mailx, logrotate and mail > readers in the first place? Well, you wouldn't *need* to, strictly speaking, but if you remove exim, those things that depend upon mail-transport-agent will want to go with it unless you work around it somehow. I'm one who'd just as soon never use dpkg --force, and can't see installing the equivs package when I'm only going to need it for about a minute. Art Sackett
Re: ping of death attacks
On Thu, Sep 14, 2000 at 08:39:41PM +0200, Sven Burgener wrote: > On Wed, Sep 13, 2000 at 07:13:07PM -0400, Chris Wagner wrote: > > Maybe he means ping floods? Pings of death usually will crash a > > box after a few packets hit it. As you said Debian is good about > > those kinds of things. > > Are these things just malformed packets / frames sent to some machine > or what? > I think versions of WinDos are vulnerable. http://www.insecure.org/sploits/ping-o-death.html -- Art Sackett
Re: logcheck
On Tue, Sep 19, 2000 at 06:03:48PM -0500, [EMAIL PROTECTED] wrote: > Hey Guys, > Do any of you know what may have caused this message in my syslogs? > > Unusual System Events > =-=-=-=-=-=-=-=-=-=-= > Sep 19 06:25:02 ghost su[322]: + ??? root-nobody > Sep 19 06:25:02 ghost PAM_unix[322]: (su) session opened for user nobody > by (uid=0) Likely, it's logrotate or somebody else who starts as nobody but has to get root to move things around. At least, that's the normal, non-threatening thing that probably happens every morning at about the same time, I'd guess. -- Art Sackett
Re: which dns server to use ?
On Tue, Apr 08, 2003 at 07:36:33PM +0200, Markus Welsch wrote: > Well BIND is more like the standard DNS server. djbdns looks nice but > I'm wondering about it's compability with BIND servers since the author > is pretty much hostile to any other DNS servers. I've been using djbdns for a few years now, and I'm not aware of any interoperability/compatibility problems between it and BIND. I've been perfectly happy with djbdns. -- Art Sackett http://www.artsackett.com/ PGP/GPG Public Key: [EMAIL PROTECTED] (autoresponder) There are no winners in life, only survivors.
Re: daily apache-ssl reload is causing probs
On Wed, Apr 16, 2003 at 11:56:45AM -0600, David Wilk wrote:
> However, I've
> had apache-ssl die two days in a row, and the culprit appears to be some
> process that is sending apache-ssl a SIGUSR1 (what apache-ssl reload or
> httpsdctl graceful issues).
H... I'm looking at a potato machine now, in
/etc/cron.daily/apache-ssl I find:
# Send a reload signal to the apache server.
if [ -x /usr/bin/killall ]
then
/usr/bin/killall -HUP apache-ssl
else
/etc/init.d/apache-ssl reload > /dev/null
fi
So, if your machine doesn't have an executable killall, you're going to
use /etc/init.d/apache-ssl's reload, which:
reload)
echo -ne "Reloading $NAME configuration.\n"
$APACHECTL graceful
;;
and $APACHECTL being /usr/sbin/apache-sslctl, the appropriate lines
from graceful) are:
if $HTTPD -t >/dev/null 2>&1; then
if kill -USR1 $PID ; then
echo "$0 $ARG: httpd gracefully restarted"
else
echo "$0 $ARG: httpd could not be restarted"
ERROR=7
fi
So, there's at least one way to get a USR1 sent to apache-ssl.
--
Art Sackett
http://www.artsackett.com/
PGP/GPG Public Key: [EMAIL PROTECTED] (autoresponder)
In spite of everything, I still believe that people are good at heart.
-- Ann Frank
Re: daily apache-ssl reload is causing probs
On Wed, Apr 16, 2003 at 05:17:21PM -0600, David Wilk wrote: > I like your detective work, and I agree with your conclusion, however > (unfortunately) there is no apache-ssl script in /etc/cron.daily! damn, > I was hoping you were on to something. Hmmm... grep -i apache /var/spool/cron/crontabs/* perhaps? The files in that directory are the per-user crontabs, BTW. -- ---- Art Sackett http://www.artsackett.com/ PGP/GPG Public Key: [EMAIL PROTECTED] (autoresponder) Many people are desperately looking for some wise advice which will recommend that they do what they want to do.
Re: Help een dwerg
On Fri, May 02, 2003 at 09:00:18AM +1000, Tarragon Allen wrote: 8< snip >8 > 2) could the goddamn reply address be set to go back to the LIST rather than > to the original sender? I don't know how many times I've clicked Reply, typed > out a message, and only realised at the last second that it's going to go > direct to the original sender rather than the list (requiring a quick jump > back to the original message, click on Reply All, cut and paste the list > address .. ). It's annoying to have to remember to do this every time. It's an interesting bit of logic, blaming the list server software for not working around the limitations of your mail reader. I dunno... -- Art Sackett http://www.artsackett.com/ PGP/GPG Public Key: [EMAIL PROTECTED] (autoresponder) A company is known by the men it keeps.
Re: Help een dwerg
On Fri, May 02, 2003 at 02:49:44PM +1000, Tarragon Allen wrote: > On Fri, 2 May 2003 02:20 pm, Art Sackett wrote: > > On Fri, May 02, 2003 at 09:00:18AM +1000, Tarragon Allen wrote: > > > > 8< snip >8 8< snip >8 > > It's an interesting bit of logic, blaming the list server software for not > > working around the limitations of your mail reader. I dunno... > > Pardon? How do you figure that? Using mutt, I poke the L (shifted L) to reply to the list. I suppose that r (unshifted r) would work, but I haven't tried it, because to reply to a list the appropriate command is the L. My mail reader works just fine, yours doesn't. Is it the list server, or the mail reader, at fault? My vote's on the mail reader. -- Art Sackett http://www.artsackett.com/ PGP/GPG Public Key: [EMAIL PROTECTED] (autoresponder) "When people are least sure, they are often most dogmatic." -- John Kenneth Galbraith
Adding new network service - how?
Greetings, All: Please forgive me if this is documented somewhere -- a pointer to the documentation would be greatly appreciated! I've got a custom (just wrote it) standalone TCP/IP server daemon that listens on a high port and works fine servicing connections from localhost. However, when I try to connect (via telnet) from any other machine on the network, I get "connection refused". I tried editing /etc/hosts.allow so it contains the single line ALL:ALL and then /etc/init.d/netbase restart, to no avail. (Reverted back to what it used to be right after -- it's an internet-connected machine.) I know it has to be an easy, probably obvious, operation to get this port opened up, I just cannot find it. Any help anyone can provide would be appreciated. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Adding new network service - how?
On Tue, Jun 27, 2000 at 06:26:27PM +0800, Sanjeev Gupta wrote: > Art, > > How does the server get fired off? inetd? Stand alone? hosts.allow is > used by tcpd, only if use tcpd explicitly to start the server. It's a standalone. It would be started by a script in /etc/init.d/something if I could get past this little challenge. > Can you connect via telnet locally? Yep. I can telnet from localhost and it works just fine. Trying from another host on the network, the server doesn't even see the connection. It's now 4:30AM here in Colorado, and this thing is keeping me awake... I know it's asking for trouble to keep pounding on it, but staring at the ceiling wasn't doing me any good, anyway. Need more coffee... 8^| -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Adding new network service - how?
On Tue, Jun 27, 2000 at 10:51:58AM -0400, Chester Hosey wrote: > Are you binding to a specific IP address (eg, 127.0.0.1), or just 0.0.0.0? > If you bind to a specific IP, only packets coming in on that interface > will actually appear. I've tried binding to the machine's internet IP address and to 0.0.0.0, with the same results. The server is just not ever seeing the connection unless it comes from 127.0.0.1 -- the machine's own internet IP address won't even connect. I've confirmed that it's not my server's allow/deny rules at fault, by printing to STDERR on every connection before anything else happens. When it doesn't work, it's not making any noise at all, and all I see is iplogger making notes in /etc/syslog. Back to hair-tearing and swearing... -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Adding new network service - how?
Greetings, All: I don't know what I did, thanks no doubt to a low caffeine level, but my problem's changed enough to get me some clues. Now, when I bind to the internet IP address, I can get connections from the world but not from 127.0.0.1. Ugh. It's enough for now... Thanks to all who took the time to try to pull my head out! -- ---- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop3 server,
On Mon, Jun 26, 2000 at 10:03:05PM +0200, Dariush Pietrzak wrote: > Hello, > which packaged with debian pop3d would you people recommend? > which one do you use? qmail with pop3d and friends seems to be pretty solid in my short experience with them. I've not got hundreds of users, but it's said to be up to the task of 200,000 messages per day or so. It configures pretty easily once you get your head out of sendmail mode ;-) One thing to watch out for is that one of the .debs is flaky, doesn't set the execute bits on some things, so compilation bails with a fatal. I don't recall which it is, now, but the fix is easy: chmod u+x /tmp/ I'm running it with ucspi-tcp and rblsmtpd, and it hasn't given me any problems. There are patches and whatnot floating around to set it up for relay-after-POP-authentication, but I haven't tried those since we're a small shop and all outbound mail comes from the local net. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Harddrive Errors
On Wed, Jul 12, 2000 at 12:52:19AM -0400, Chris Wagner wrote: > WD is bad, they're a bad bad company. Anyone who has a WD drive in their > server should take it out and THROW IT AWAY. I don't trust wdc as far as I > can decompile it. On any file system. How does one decompile a hard drive? With a hammer? I've got a few here that are over three years old, a couple over four, and they're still ticking along without any problems. In fact, they're my preferred vendor for EIDE drives. And I've built hundreds of machines in my lifetime. Doesn't make me right, just serves to illustrate why I feel my opinion might be worth considering. I could be wrong, but I highly recommend Western Digital EIDE drives. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: only POP3
On Tue, Jul 18, 2000 at 12:52:01PM +0200, Aubert Gabor wrote: > Hi there! > > I have a short question: > What's the way, if I would like to provide only e-mail service to the > users? No telnet, ftp account, only POP3. You might look into qmail, and on the site at: http://www.tibus.net/pgregg/projects/qmail/single-uid-howto.html for instructions on how to support many POP3 users under one system UID. It's one possible solution -- there may be others. Because of the licensing of qmail, there's no binary .deb of it -- the packages you get include the sources, and the package includes scripts to handle the building of them. If you go for a reasonably complete qmail installation, with ucspi-tcp and rblsmtpd, one of the packages is messed up just a bit and will leave you with compiler warnings. I don't recall which it is, but it's an easy fix. Find the subdirectory named for the package in /tmp/ and change into it, then chmod u+x * the thing. The compiler warnings will go away, and the result will be a nicely installable .deb of the binary. I just started using qmail this year, and like it just fine. It's a lot easier to administer than sendmail or smail, and it's allegedly a lot more secure, too. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: fiber
On Tue, Jul 25, 2000 at 05:43:00PM -0300, Gerard MacNeil wrote: > > I have read that you must ensure that the wires in the cat5 must be > twisted all the way to the termination points to ensure reliabilty. Except in unusually electromagnetically noisy environments, I've not found any real support for this claim, although I've read it in more than one place. It's been my experience that a few inches of parallel conductors in a run of more than a few feet will cause no problems, except in very noisy environments. I'm more concerned about observing the pairings so that the right signal lines are paired, and have seen more noise-related problems as a result of illogical pairings than short runs of parallel conductors. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: fiber
On Wed, Jul 26, 2000 at 12:03:01PM +0800, Sanjeev Gupta wrote: > > I have seen patchcords with a 3inch length stripped near the jack, and > working on 10MBps. 10Base-T will run across almost anything in a quiet enviroment. A few inches won't make much difference even at fast ethernet speeds in a suitably quiet environment. > I have seen a patch panel, with the ENTIRE panel > patched with 2' lengths of wire, nicely bundled and routed, though of > course they had no twists with respect to each other any longer. > I have rarely, and I do not use this word lightly, seen wire 3 & 6 twisted > together. Practically all the cabling vendors I have seen patch a 1-2, > 3-4, 5-6, 7-8 style. The network works, so they have been doing this for > years, and they see no reason to change. The biggest problem with bad habits is that you get away with them for so long, you no longer suspect them when things go wrong. Personally, I would rather take the time to do the job correctly, than risk that I will later have to make excuses for why I didn't. I've seen bad habits and sloppy math built into far too many products sold by respected names in the business to believe that just because they're selling it, it's right. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AMD Duron CPU & Debian
On Tue, Aug 22, 2000 at 08:03:47AM +1000, ridgey wrote: > Has anyone had any problems using the new AMD Duron CPU and running Debian? Haven't tried the Duron, but the Athlons seem to work fine. > I have been running Debian on the K6 chips without tomany dramas. Also I > spose I should ask if anyone has had any problems running on Socket A > M/Board's. No problems with the ASUS K7M that I've seen. I've got a few around here running the K7M with Athlons, and the previously problematic Adaptec AHA2940-U2W SCSI host adapters, along with the 3Com 3C905C NICs that some folks have had problems with (owing to failing to compile the -C driver, I think). So far, not a hiccup out of any of them, in slink (Debian 2.1). Speaking of which, has anyone got the released potato working with the AHA2940 host adapter? I had some problems with it throwing I/O timeout errors on disk read/write, right around the time potato first went into frozen. I haven't tried it since, and don't really want to take any machines down for an extended (costly) bugfinding mission. It looks like there's a boot floppy image designed just for these kinds of things (the 'idepci' image) but I'm kinda nervous now... -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AMD Duron CPU & Debian
On Mon, Aug 21, 2000 at 05:15:36PM -0600, John Gonzalez/netMDC admin wrote: > > What kind of problems have you run into with the Adaptec card? I'm using > that card and software RAID, and i've run into hard lock problems. I > attributed it to the RAID code, but it could be the card. In slink, the installation would hang up after failing to properly puzzle out which driver to load into the kernel. The workaround was to grab the boot floppy image that was tailored to it. In the first frozen potato I was seeing scads of I/O timeouts on disk access. Again, though, I haven't tried it since the first frozen version. It may be okay now, or okay using the 'idepci' images. > As for the NIC's that you talk about, we run 3c905's but i'm not sure if > they are the C version or not, we havent had any problems with them, but > we havent been pushing much traffic at all. More info on that as well > would be appreciated. The latest 3C905's (3C905C-TXM) don't run under the old common Linux driver -- but 3Com links to some suitable source code from their site. I've had no trouble out of them. I've heard from quite a few folks that the 3C905C is unsupported, but in each case have found that they were trying to use the common Linux driver, not the one provided by 3Com. Whether or not potato's '905 driver is the old one or something newer I don't know. -- Art Sackett Art Sackett Professional Web Design 1067 Cleveland Street Meeker, CO 81641-3217 USA +1.970.878.5014 http://www.artsackett.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on > writing a shell script. Just a thought, might not even work: howzabout defining the user's shell (in /etc/passwd) to be a symlink, say, /bin/timelock, then just wiggling the symlink twice per day via cron to target either /bin/false or /bin/bash, as appropriate? -- ---- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 09:54:21AM +0200, Andrea Glorioso wrote: > > It would be a nightmare of races. Why not just use an already proven > - albeit not security perfect and sometimes a bit elaborate, but hey, > that's software :) - solution like PAM? That was my first inclination, but (perhaps incorrectly) assumed that there was some reason that the OA didn't want to go that route. Every now and then, I get the overwhelming compulsion to put one or both feet into my mouth... -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AMD Duron CPU & Debian
On Thu, Aug 24, 2000 at 10:05:46PM +0100, Jonathan McDowell wrote:
>
> I had a machine with a 2940 lock up after a fair few SCSI bus resets. I
> compiled up the latest 2.2.17 pre release which has the latest driver in
> it and turned off tagged command queuing and haven't seen a problem
> since.
I finally bit the bullet a few days ago and installed potato on one of
the machines I was concerned about. Using the 'compact' images and a
network install, it worked well. It turns out that the 3C905C driver is
in the package and works well, and the AHA-2940-U2W just came right up
and ran without a problem. ('compact' is sporting a 2.2.14pre-something
kernel -- could be 2.2.16 would have barfed, I don't know.)
One thing it wouldn't do was reach out to the internet for the HTTP
installation, but it could have been something I did wrong, while in
a hurry. It would get to things on my local subnet, though, so I setup
a ProxyPass directive on Apache in another machine and sneak around
the problem. Once the installation was fully in, the new install had
no trouble reaching the internet. I don't know what I did wrong, aside
from being constantly interrupted and more-or-less autopiloting my way
through the procedure, trusting it to be a lot like it has been in the
past... it worked, I'm happy, can't ask for much more than that.
--
Art Sackett
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AMD Duron CPU & Debian
On Tue, Aug 29, 2000 at 10:08:53PM -0600, Art Sackett wrote:
> ('compact' is sporting a 2.2.14pre-something
Dump typo from a poorly-skilled keyboard operator. 2.2.17pre-something.
--
Art Sackett
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MySQL vs. Postgres
On Wed, Aug 30, 2000 at 06:34:54PM +0200, Arno Vije wrote: > where setting up some servers for a small ISP, > they want to have a SQL database, but i`m in > doubt. Which one would you recommend, mysql or postgres? > The SQL database will be used in combination with PHP3 (or 4) > to generate dynamic websites. If you don't need record-level locking, rollbacks, etc. then I would recommend MySQL, simply because it's very fast. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Little script help please
On Fri, Sep 08, 2000 at 09:36:51AM +1000, ridgey wrote: > Below is a script I am writing, what it does it take in values from webpage > and basically just write them to a file. First thing to do is to stop writing perl like it's sh. Second thing would be to ditch cgi-lib.pl in favor of CGI.pm. I don't wish to offend, but don't really know what else to say. I don't even see why the thing you wrote does anything at all... seems like it should bark and die straight away. It surely would if you had warnings enabled. Back to the ole drawing board, I think. Have a good one! -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Qmail and Debian
On Tue, Sep 12, 2000 at 03:08:43PM -0700, Eric Jennings wrote: > As for qmail, I attempted an install of qmail from dselect, and I had > nothing but problems. After several days of pulling my hair out, I > opted to download the qmail source from qmail.org and install from > scratch. The current .deb (for potato) works well -- apparently somebody fixed the problem (not setting the execute bits on the files in /tmp/qmail/ needed for proper compilation). > Sure enough, it works flawlessly. Since then we've > installed ezmlm, and a slew of web-based admin tools for each. I haven't tried any of the web-based stuff, but have found that the .debs of ucspi-tcp, ezmlm, rmlsmtpd, fastforward, and vchkpw have all gone in flawlessly. Well, almost -- there's still a niggling little problem where any other existing mail-transport-agent being on the system will cause dpkg to bail out thinking qmail causes a conflict. So after yanking out the default exim, you have to go back and reinstall any you need of at, mailx, logrotate, and mail readers. There may be others, which will be installation dependent. It might also be handy if the rblsmtpd installer modified /etc/init.d/qmail to put the thing to work, which now requires going in and manually editing. It's easy if you know to do it, but it would be easier if the installer asked which services you wanted to enable. Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Qmail and Debian
On Wed, Sep 13, 2000 at 10:19:48AM -0500, Nathan E Norman wrote: > > Huh? Why would you need to deinstall at, mailx, logrotate and mail > readers in the first place? Well, you wouldn't *need* to, strictly speaking, but if you remove exim, those things that depend upon mail-transport-agent will want to go with it unless you work around it somehow. I'm one who'd just as soon never use dpkg --force, and can't see installing the equivs package when I'm only going to need it for about a minute. Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ping of death attacks
On Thu, Sep 14, 2000 at 08:39:41PM +0200, Sven Burgener wrote: > On Wed, Sep 13, 2000 at 07:13:07PM -0400, Chris Wagner wrote: > > Maybe he means ping floods? Pings of death usually will crash a > > box after a few packets hit it. As you said Debian is good about > > those kinds of things. > > Are these things just malformed packets / frames sent to some machine > or what? > I think versions of WinDos are vulnerable. http://www.insecure.org/sploits/ping-o-death.html -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logcheck
On Tue, Sep 19, 2000 at 06:03:48PM -0500, [EMAIL PROTECTED] wrote: > Hey Guys, > Do any of you know what may have caused this message in my syslogs? > > Unusual System Events > =-=-=-=-=-=-=-=-=-=-= > Sep 19 06:25:02 ghost su[322]: + ??? root-nobody > Sep 19 06:25:02 ghost PAM_unix[322]: (su) session opened for user nobody > by (uid=0) Likely, it's logrotate or somebody else who starts as nobody but has to get root to move things around. At least, that's the normal, non-threatening thing that probably happens every morning at about the same time, I'd guess. -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
