Re: Mail Server Authentication
- Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 10:03 PM Subject: Mail Server Authentication > Hi all, > > I am currently working on installing a new mail server for a small number of > users (50-100). > > I do NOT want the user account details stored in /etc/passwd, and shadow. > I want to be able to have the following mail addresses as seperate mailboxes. >[EMAIL PROTECTED] >[EMAIL PROTECTED] > > etc... > > Using a database such as postgresql or mysql seems overkill for such a small > number of users. Only three users on this box need shell accounts. > > I also need support for 'SMTP Auth' (tls) > > After some investigation, it seems that the 'best'/ easiest solution is to use > Cyrus and Postfix. > > The issue seemed to be that everyone had there own authentication method, and > Cyrus provides both IMAP and POP3 saving me the trouble of installing yet another > program. > > So therefore I tried to get it all up and running using the SASLDB. > > Unfortunately there seems to be no STABLE version of cyrus-sasl. > http://people.debian.org/~hmh/ has a complete set of cyrus and postfix packages backported from sid to woody. I use them on one of my personal boxes, and they work just fine. It's a postfix + cyrus + jawmail + mysql + spamassassin + amavis setup, also for a small amount of users. We also used it at the ISP I work for for a small mailserver for one of our customers, and it's also working ok. Hope this helps, Teun Vink Luna.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail Server Authentication
- Original Message - From: <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 10:03 PM Subject: Mail Server Authentication > Hi all, > > I am currently working on installing a new mail server for a small number of > users (50-100). > > I do NOT want the user account details stored in /etc/passwd, and shadow. > I want to be able to have the following mail addresses as seperate mailboxes. >[EMAIL PROTECTED] >[EMAIL PROTECTED] > > etc... > > Using a database such as postgresql or mysql seems overkill for such a small > number of users. Only three users on this box need shell accounts. > > I also need support for 'SMTP Auth' (tls) > > After some investigation, it seems that the 'best'/ easiest solution is to use > Cyrus and Postfix. > > The issue seemed to be that everyone had there own authentication method, and > Cyrus provides both IMAP and POP3 saving me the trouble of installing yet another > program. > > So therefore I tried to get it all up and running using the SASLDB. > > Unfortunately there seems to be no STABLE version of cyrus-sasl. > http://people.debian.org/~hmh/ has a complete set of cyrus and postfix packages backported from sid to woody. I use them on one of my personal boxes, and they work just fine. It's a postfix + cyrus + jawmail + mysql + spamassassin + amavis setup, also for a small amount of users. We also used it at the ISP I work for for a small mailserver for one of our customers, and it's also working ok. Hope this helps, Teun Vink Luna.nl
Re: force queue Postfix
On Mon, 28 May 2001, Manuel Trujillo wrote:
> Hi!
>
> I'm reading the documentation of Postfix, but, I don't know if this is
> for my impatient, I don't see the manner of make a "force queue" with
> Postfix.
>
> Can anybody help me, please??
>
> Thank's for all, and excuse me my bad english... :(
>
> Have a nice day ;-)
> TooManySecrets
>
>
Hi,
Just check the postfix manpages:
flush Force delivery: attempt to deliver every message in
the deferred mail queue. Normally, attempts to
deliver delayed mail happen at regular intervals,
the interval doubling after each failed attempt.
grtz,
Teun
--
Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAN Adapters...Wan in general
On 8 Jun 2001, Alex wrote: > A question to you all: > > Im sort of in a tight spot here. I want to connect my enterprise through > a cable line provided by a big carrier. They call it "an internet > link".well a modem can be an internet link but ive never needed a > 1,200 dls. device to route it (yeah, they want me to buy a router as > well). Now, i dont want to buy the router, i want to implement a linux > router for this kind of network. Some call it WAN link ups.some > call it Direct inet links. im just calling it WAN > > Now, as far as ive gotten by my research, one needs to buy a WAN card > that understands the HDLC protocol or the SyncPPP protocol (depending on > your provider). Ive foung at least three that run under linux. > > Now something made me nervous my provider said he can get me a V.35 > line or a g207 line (i dont know what does that mean), i cant find docs > on bridging from this kind of interface to ethernet. > > Anyway, some of this cards support this kind of interface and they range > from 500 to a 1000 dollars. I dont know what to buy, i cant find further > documentation, i dont know dick (pardon me). > > I want to make a bridge between this kind of interface (this HDLC or > SyncPPP or WAN connection) and my internal networko yeah, by the > way, I need this to give internet access to all the people here...if > your answer is "go buy the router, quit posting here" then please at > least point me to some docs on WAN's and currently available protocols > and stuff... > > Sincerely > Alex > > What kind of connection does your ISP provide? Is it a tv cable, T1/E1, T3/E3, or something else? Make sure you take a good look at at least these things: * protocols (hdlc, syncPPP, etc) * in case of T1/T3/E1/E3: does it support fractional T1/T3/E1/E3 * connector type (V.35, RJ48, BNC, etc) * driver support: open source drivers The company I work for uses linux routers for E1 and T3 connections to our upstream providers and customers. They work just fine... kind regards, Teun Vink -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAN Adapters...Wan in general
On Fri, 8 Jun 2001, Nicolas Bougues wrote: [snip] > > I believe you're talking about a T1/E1 link. Basically, the telco > brings you the T1/E1 trunk. Then, depending on the country/operator, > they provide you with a CSU/DSU, or not. > > It they do, the CSU/DSU will provide a sync serial port, either V35 or > X21. V35 should be avoided, connectors are ugly and expensive, X21 is > OK. Then you'll need a sync board with a matching serial interface > (see below). > > If they don't, they provide you a basic G703 T1 or E1 line. You have > either to buy a CSU/DSU, or to use a board that doesn't require > one. In this case, your board will connect directly to the 4 telco > wires, using (usually) an RJ45 plug. > > Such board (with or without CSU/DSU) exist for Linux. Try : > www.sangoma.com, www.etinc.com, etc. > > > At my work we use Cyclades PC300 boards (http://www.cyclades.com/products/svrbas/pc300.htm), available with different types of connectors. They are quite easy to configure and offer open source drivers. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAN Adapters...Wan in general
On Fri, 8 Jun 2001, Jason Lim wrote: > We also use PR3000s with various WAN cards. Cyclades have wonder products > and great support. I recommend them. www.cyclades.com > > Sincerely, > Jason > Indeed, I recommend them as well :) Although we've had some hard times getting the PR4000 RAS to work the way we wanted to (and found a couple of bugs in the firmware on the way). But they techsupport is very fast, friendly and skilled. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Image disk for debian
On Wed, 20 Jun 2001, Craig wrote: > Hi ladies and fellas > > Is there a way of selecting packages and storing them in a flat text file, > that > debian uses to reference in the installation procedure. > > Thanks > Craig > dpkg --get-selections > file dpkg --set-selections < file should do the trick if you only want to store package names... Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim and SMS gateways
On Tue, 10 Jul 2001, Marcin Sochacki wrote: > Hi all, > > I have got some problems with users on my server using email-to-SMS gateways. > They put .procmailrc like this one: > > -- > SENDMAIL=/usr/sbin/sendmail > :0c > * ^[EMAIL PROTECTED] > | $HOME/email2sms | $SENDMAIL -t > -- > > When the SMS gateway of someone's operator dies, the messages are bounced back > and processed again by procmail. The error message is sent to SMS gateway, > which bounces it again... > > So after some time I have thousands of messages in my spool. How can > I prevent this behavior with Exim configuration options? > > Marcin > > You could write a procmail rule which filters the bounces and drop them in a mailbox (or send them to /dev/null). Of course, you need to place this rule _before_ the rule which sends the SMS. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ispman
On Thu, 12 Jul 2001, Russell Coker wrote: > On Wed, 11 Jul 2001 23:48, Waldemar Brodkorb wrote: > > Hello debianfriends, > > > > have anyone of you tested ispman? > > http://www.ispman.org > > > > Anyone seen a deb-package of it? > > I checked it out as I wanted to make a deb out of it. At the time at least > it seemed rather tricky to package. It had a number of install sub-scripts > that put files in various locations and it was difficult to sort out how to > force it into the standard debian places... I eventually gave up and worked > on other things. > > If you're going to do it then I'll help you... > > I also checked it out, but wasn't that happy about it. Like Russel said, you need some tweaking to make it work on a Debian box. Also, removing it wasn't that much fun either. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SOS Bind
On Tue, 4 Sep 2001, Craig wrote: > Hi debian people > > I have a debian box running Bind, acting as a primary DNS server. I > have update the serial numbers on the zone files but nothing is > propagating out. Its been about 72 hours now and still has the old > IP of the server. Bind version 8.2.3 > > Any help would be great appreciated :) > > ..Craig > > > Did you make sure that your primary DNS server is listed as authorative name server in the whois information for the domains you are serving? Regards, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SOS Bind
On Tue, 4 Sep 2001, Jeremy C. Reed wrote: > On Tue, 4 Sep 2001, Craig wrote: > > > I have a debian box running Bind, acting as a primary DNS server. I > > have update the serial numbers on the zone files but nothing is > > propagating out. Its been about 72 hours now and still has the old > > IP of the server. Bind version 8.2.3 > > This is unclear. > > Does the primary (that you made the change on) know the new info? If not, > then reload the named or the zone itself. > And make sure you don't have any typo's in the zone configuration. Bind will not reload the zone if there are errors in it. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail
On Wed, 10 Oct 2001, Craig wrote: > Hi Guys > > Does anyone know how I can test to see if sendmail > is relaying for domains that are in the relay-domains > file ?? And not an open relay ?> > > ..Craig > > > A nice test to check if your machine isn't an open relay is opening a telnet session to mail-abuse.org from the machine you want to test. Although it doesn't seem to work now: einstein:~# telnet mail-abuse.org Trying 204.152.186.193... Connected to mail-abuse.org. Escape character is '^]'. /proj/maps/bin/in.relaytest: socket failed [Bad file descriptor] But it usually is a nice test... we use it at the ISP I work for to test every colocated machine which is placed. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: 56K dialup for CCIL
On Thu, 6 Dec 2001, Russell Coker wrote: > On Thu, 6 Dec 2001 06:06, Chuck Peters wrote: > > One of our Network Admins Eric likes the USR Total Control and says we can > > pick up a used one for a good price. Does anyone have experience with > > them or comments on the performance and reliablity? > > A google search on "USR Total Control" turns up two security issues in the > first page of results... > > > We also offer text/shell dialup access because a few people still use slow > > old machines and a number of seniors just use PINE for email. We can keep > > a few of the old analog lines going for them, but it would be prefable to > > offer both ppp and shell on the same dialup pool like we are now. > > I suggest getting a Cyclades card and running Portslave the machine that has > it. It allows PPP, SLIP, telnet, rsh, and ssh connections from the terminal > server to a specified machine (controlled by RADIUS). > > > We will be using OpenLDAP for authenication. It is a must that we be able > > to control users online time and vary it for a few, volunteers and other > > specified people get extra time while most of the users get a couple of > > hours per day and we limit it during heavy usage. Does anyone have > > comments on that issue? > > There are a number of RADIUS servers that talk LDAP. FreeRADIUS seems pretty > good, I expect it can do what you want. Portslave supports limiting connect > time based on the RADIUS data. > > > CCIL is expecting to spend 5-7K on this so that kind of limits our > > equipment options. Maybe something besides the USR Total Control would be > > a better choice. Any recommendations? > > Cyclades products cost considerably less. See http://www.cyclades.com/ . > > At the ISP I work at, we used to work with a Total Control for our dial up customers, and we bought a couple of Cyclades PR4000's to replace the Total Control. Frankly, I'm not too happy about both. The TC still has some unexplained problems, which couldn't be solved by their tech support. The only way we could keep the machine running, was by shutting it down of 30 minutes every night. Of course, I don't know if this is a general TC problem, or if our TC is just buggy. Now, we also have some difficulties with some of the more advanced features of the PR4000. Cyclades Tech Support is quite helpful, but hasn't been able to solve these problems yet, after 4 months of debugging, trying new firmware releases, etc. Maybe this info helps, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: 56K dialup for CCIL
On Thu, 6 Dec 2001, Russell Coker wrote: > On Thu, 6 Dec 2001 14:06, Teun Vink wrote: > > [...] > > Frankly, I'm not too happy about both. The TC still has some unexplained > > problems, which couldn't be solved by their tech support. The only way we > > could keep the machine running, was by shutting it down of 30 minutes > > every night. Of course, I don't know if this is a general TC problem, or > > if our TC is just buggy. > > Sounds like a cooling problem (or maybe a low quality component that can't > deal with heat properly). That could very well be the problem. But it doesn't matter anymore, since we replaced it now. > > > Now, we also have some difficulties with some of the more advanced > > features of the PR4000. Cyclades Tech Support is quite helpful, but hasn't > > been able to solve these problems yet, after 4 months of debugging, trying > > new firmware releases, etc. > > What advanced features are you having problems with? Is it with the RAS2000 > (the Cyclades version of Portslave)? > > We have several problems, all of which have been reported to Cyclades Tech Support. They include: random reboots and dangling MLPPP and MCPPP sessions, and some minor issues, e.g. a part of the SNMP tree is missing. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mailinglist software recommendations?
On Fri, 7 Dec 2001, Marcel Hicking wrote: > Hi folks > > could anyone recommend a mailinglist software for > several small to medium sized mailinglists (say, > from very few to maybe a thousand or so subscribers)? > > I would need > a) The mailingslist software (obviously) > b) Some admin web interface for the guys going > to use and feed the lists. Need to be able to add lists, > see and modify subscribers. And, if possible, write and > post mails to the list via the web itnerface, too. > c) A web interface to (un)subscribe to lists (which I > could probably do myself ;-) > > Subscribers should not be able to post to the list in > general, but having this optional for each list would > be nice to have. > > Is there anythinglike this packaged for Debian? > Try Mailman, it can do all the things you asked. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
webbased postfix configuration tool
Hi, I'm looking for a webbased configuration tool for postfix, somewhat like the inter7 tools do for qmail. Does anyone have any pointers? Thanx, Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: blocking trough MAC Address
On Fri, 2002-10-25 at 15:31, Maarten Vink wrote: > As far as I know, there's an iptables module that allows you to match on > MAC addresses. I've seen it several times when compiling a new kernel... > Haven't used it yet though. > Yeah there is: CONFIG_IP_NF_MATCH_MAC Then you can do things like: iptables -A in-eth0 -m mac --mac-source 00:11:22:33:44:55 -j refuse Regards, Teun Vink -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
apache broke
Hi,
Since I upgrade my SID box yesterday, I've been having major problems with
my Apache. The problems started when cron.d ran this morning. The config
has been like this for over a month, so I doubt it that that is the
problem. When I do a 'strace -f apachectl start', the last lines are:
old_mmap(0x40383000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
9, 0xae000) = 0x40383000
close(9)= 0
munmap(0x4024e000, 15836) = 0
stat64("/etc/cram-md5.pwd", 0xbfff7260) = -1 ENOENT (No such file or
directory)
stat64("/dev/urandom", {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9),
...}) = 0
--- SIGSEGV (Segmentation fault) ---
Switching the Apache LogLevel to 'debug' doesn't help at all. My error
logs only show which config files are processed, no more.
Can anyone give me a hint (or solution ;-) for this problem? If you need
any additional info, please do not hesitate to contact me.
TIA,
Teun
--
"If an infinite number of monkeys sit at an infinite number of typewriters
and randomly press keys, they will eventually produce the source code of
MS-Windows."
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: > On Tue, Oct 29, 2002 at 10:45:44AM +0100, > Teun Vink <[EMAIL PROTECTED]> wrote > a message of 39 lines which said: > > > Since I upgrade my SID box yesterday, I've been having major > > First, sid is named unstable (sid == System In Development) and for a > reason. > I know that that's why it's called unstable. But that doesn't mean that we shouldn't mention that and just wait until the package maintainer fixes it. > > my Apache. > > Probably the Glibc problem mentioned in the last issue of Debian > Weekly News. > Thanks, I'll look into that. Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On Tue, 29 Oct 2002, Mark Lijftogt wrote: > > > On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: > > > > > On Tue, Oct 29, 2002 at 10:45:44AM +0100, > > > Teun Vink <[EMAIL PROTECTED]> wrote > > > a message of 39 lines which said: > > > > > > > Since I upgrade my SID box yesterday, I've been having major > > > > > > First, sid is named unstable (sid == System In Development) and for a > > > reason. > > > > > > > I know that that's why it's called unstable. But that doesn't mean that we > > shouldn't mention that and just wait until the package maintainer fixes > > it. > > Both one point :-) Although I understand Stephane, I always thought this was > the way of improving, building etc.etc.etc. Dev-work. And because it's sid > in this case, maybe your better of in the debian's dev. department. I > personaly wouldn't be at ease running a sid production box. > > :-) > :) This isn't a real production box. On some of those we're still planning the migration from potato to woody. This is my personal box on which I host sites and mail for some friends... I'll check debian-devel mailinglists and IRC if i can find the time :) Thanx Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Using testing (sarge) in production.
On Tue, 29 Oct 2002, Fred Clausen wrote: > Hi all, > > I read Teun Vink's posting about his Apache problems with unstable. I am > currently using a mixture of stable and testing in production systems, > depending on which versions of the applications I require. What are your > experiences with testing in production environments? I have not had any > problems but I would like to know others' experience. Most of our > production systems are web/database systems. > Hi, We try to minimize the use of testing, but in some cases we had no real other option, since we really needed woody stuff when potato was still stable, and backporting would imply backporting way too many packages to keep the systems stable. Up 'till now, we haven't had many problems with running testing in production, although I must say that we started using testing (before woody was released), when it was pretty mature. For now, all we're still planning to migrate some of our more complicated machines to woody. We're not running testing on production machines yet, and I don't see many reasons for now to do so, but all will depend on how fast Debian will release their next release... Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On 29 Oct 2002, Michael Knorra wrote: > > any additional info, please do not hesitate to contact me. > > Yes, I hope so. It is the imap.so. > You can comment out the entry "extension=imap.so" in the php.ini file > and start the apache. Ah ok thankx, I'll check that. Too bad the main site which I host on that machine is a webmail application using php+imap :( For now, I've downgraded libc6, which was a lot of fun ;-) Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On 30 Oct 2002, Michael Knorra wrote: > Teun Vink <[EMAIL PROTECTED]> writes: > > > Ah ok thankx, I'll check that. Too bad the main site which I host on that > > machine is a webmail application using php+imap :( > > Bjoern.Falkenhagen said, that he has got a fixed imap.so module at > ftp://ftp.falkenhagen.net. Didn't check it.. perhaps you can try this. > Thanks, I will look into that. > > For now, I've downgraded libc6, which was a lot of fun ;-) > > That was the first thing I have done, but the emacs didn't work > anymore with that :-( > Hehe I saw postfix, ssh, proftpd and imap die after downgrading libc6 and some other packages. Luckily, restarting those services did the trick. Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Weakest point of a server?
On Thu, 2003-02-06 at 14:13, Jason Lim wrote: > Hi all, > > I was wondering what kind of failures you experience with long-running > hardware. > > Most of us run servers with very long uptimes (we've got a server here > with uptime approaching 3 years, which is not long compared to some, but > we think it is pretty good!). [...] This is only from my own experiences at the ISP I work for. Old machines (~5 year) which we used for testing purposes usually had problems with the harddisk and/or the fans. Motherboards, NIC's and CPU's usually worked fine in test setups... Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Radius Question
On Fri, 2003-02-28 at 01:02, Kevin Lynch wrote: > I'm switching from Radius on a NT Server and I have the program > install but, I'm not sure where the config files are supposed to go in > Debian? > > I also can't seem to find useful help files. > > > Suggestions? > > It would help if you told us which radius server you're using... For radiusd-cistron (which we use at the ISP I work for), the configuration files are in /etc/raddb, documentation can be found in /usr/share/doc/radiusd-cistron. Teun Vink Luna.nl System & Network Engineer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Routing with Linux
On Thu, 2003-03-06 at 13:16, Randy Kramer wrote: > On Wednesday 05 March 2003 02:41 pm, Burner wrote: > > load average is about 5Mbyte/s spikes at 10MByte/s, all traffic is > > webcontent. > > That seems to be large volume -- three to seven T1s unless my math is > off (my coffee hasn't kicked in yet). > > I'd almost expect a firewall per T1, or what kind of performance can you > get out of a Linux box serving as a router?? (Well, it is just within > the capability of a single 100 mbps Ethernet card, but it's a lot of > traffic.) To give some indication: we run a complete ISP backbone based on Debian boxes running Zebra for routing. This is all done on fairly standard hardware (usually Pentium III, 256Mb RAM), which can easily handle the load. Actually, the greater part of the load is caused by SNMP calls and user interaction. You can see some public statistics of our network on http://noc.luna.nl. We also have a router connecting 5 T1 lines. It has been up for over 600 days now, with a load average of about 0.05, also on very standard hardware. So I'd say a fairly recent box should be able to handle this amount of traffic without any problems... Regards, Teun Vink Luna.nl NOC -- -- Luna.nl B.V. -- Puntegaalstraat 109Postbus 63000 Tel : (010) 750 2000 3024 EB ROTTERDAM 3002 JA ROTTERDAMFax : (010) 750 2002 www.luna.nl[EMAIL PROTECTED] Helpdesk: (010) 750 2020 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: load balancing
On Mon, 2003-03-10 at 22:41, danilo lujambio wrote: > Hi: > > what is the package or tool that you can recommended to make a load > balancing between two internet outputs. I read docs about high > availability servers, LVS and so on , but I am confused. Can someone > orient to me ? Depends on what you want to balance, just TCP/IP traffic, or a specific service (mail/web/etc). For TCP/IP traffic, we use VRRP (Virtual Redundant Router Protocol), which works fine. Regards, Teun Vink Luna.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: load balancing
On Tue, 2003-03-11 at 09:11, Markus Welsch wrote: > > Depends on what you want to balance, just TCP/IP traffic, or a specific > > service (mail/web/etc). For TCP/IP traffic, we use VRRP (Virtual > > Redundant Router Protocol), which works fine. > > What would you recommend if you want to realize load balancing between mail and > webservers ? (Mail server should also include POP3/IMAP-Server). > I haven't got much experience in load balancing POP or IMAP. The only thing we do here is that we have multiple POP- and IMAP-proxies which talk to one server hosting the mailboxes. You could try letting building multiple mailbox servers, and let the proxies figure out which mailbox server they need to talk to... I don't know if there are tools available for this, you might need some custom made stuff... Regards, Teun Vink Luna.nl NOC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BGP memory/cpu req
On Tue, 2003-03-11 at 11:28, Valkai Elod wrote: > Anyone running BGP with a global routing table on zebra/debian/gnu/linux? > > How much memory would it require? Does the CPU matter or is it mostly a > RAM issue? > > thx, Check out the Zebra mailinglist, it has been discussed there over and over. Basically, a full routing table would require 512Mb at least. CPU isn't that much of an issue, any 'normal' CPU (P3) would do... Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Courier MTA
On Sun, 2003-03-23 at 22:50, Andrew Miehs wrote: > On Sun, Mar 23, 2003 at 10:13:24PM +0100, martin f krafft wrote: > > also sprach Andrew Miehs <[EMAIL PROTECTED]> [2003.03.23.2147 +0100]: > > > Can I use it as a replacement for postfix, or am I better off sticking > > > to postfix? > > > > why would you want to replace postfix? it's an excellent MTA, and it > > interacts with the other courier servers without any problems. > > Sorry... should have been a bit clearer... > > Am wanting to use the 'userdb' feature of courier, and thought that > the courier-mta may support this > > Otherwise, I am looking at > > * Postfix uses virtual_mailbox_map for usernames (and uid) delivery > * Postfix uses sasl(1) and sasldb for SMTP AUTH > * Courier uses 'userdb' for password, and UID > > -> And a shell script to keep them all in sync. > > Mysql and ldap are a bit overkill, and I don't like /etc/passwd as > I don't want users which shell accounts 'accidently continously' talking > to a pop3/ imap server. > > Unfortunately cyrus in woody is a very old version, and doesnt support > sasl! :-( so This effectively leaves me with the postfix courier solution. There is a cyrus (and postfix) backport from sid to woody: deb http://people.debian.org/~hmh/woody/ hmh/cyrus/ deb http://people.debian.org/~hmh/woody/ hmh/postfix/ deb http://people.debian.org/~hmh/woody/ hmh/misc/ (mailman, squirrelmail and amavis-new are also available there) You might want to take a loot at that... I've been using them for some time now, without any problems. Regards, Teun Vink Luna.nl NOC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Performance monitor
On Thu, 3 May 2001, Jason Lim wrote: > Strange... > > dselect tells me: > > atsar - system activity reporter > > monitor system resources such as cpu & disk, record data for later > analysis > > does it also monitor network activity (eg. 100mb link 23% utilization)? > > Sincerely, > Jason Lim > Here's some of the output of atsar, maybe this will tell you what you want to know: stardust:~> atsar --help atsar: invalid option -- - usage: atsar [-flags] t [n] or atsar [-flags] [-s hh:mm] [-e hh:mm] [-i sec] [-n day# | -f file] flags: -A all flags -u cpu (default flag) -d disk -D disk-partition -r memory & swap -p paging & swapping -I interrupts -v kernel-resources -l net-interf (general) -L net-interf (errors) -w ip (general) -W ip (errors) -t tcp(general) -T tcp(errors) -U udp -m icmp (general) -M icmp (per type) -N nfs(general) -E nfs(errors) -R nfs-rpc(%calls) stardust:~> atsar -wt Linux stardust 2.2.18 #1 Mon Feb 5 14:22:51 CET 2001 i586 05/03/2001 10:00:02 inrecv/s outreq/s indeliver/s forward/s reasmok/s fragcreat/s _ip_ 10:10:02 1.1 0.9 0.3 0.0 0.0 0.0 10:20:01 1.3 0.9 0.4 0.0 0.0 0.0 10:30:01 1.1 0.8 0.4 0.0 0.0 0.0 10:40:01 1.2 0.9 0.5 0.0 0.0 0.0 10:50:02 1.2 1.1 0.3 0.0 0.0 0.0 11:00:01 0.6 0.5 0.2 0.0 0.0 0.0 11:10:01 1.1 0.8 0.4 0.0 0.0 0.0 11:20:01 1.1 0.8 0.3 0.0 0.0 0.0 11:30:02 0.9 0.7 0.2 0.0 0.0 0.0 11:40:01 1.5 1.4 0.4 0.0 0.0 0.0 11:50:01 1.1 0.7 0.4 0.0 0.0 0.0 12:00:01 1.9 1.7 0.3 0.0 0.0 0.0 10:00:02 insegs/s otsegs/s actopen/s pasopen/s nowopen socknow sockmax _tcp_ 10:10:02 0.6 0.6 0.0 0.03 23 158 10:20:01 0.7 0.6 0.0 0.03 23 158 10:30:01 0.5 0.5 0.0 0.03 23 158 10:40:01 0.5 0.5 0.0 0.03 23 158 10:50:02 0.7 0.8 0.0 0.04 24 158 11:00:01 0.2 0.3 0.0 0.04 24 158 11:10:01 0.5 0.5 0.0 0.04 24 158 11:20:01 0.6 0.6 0.0 0.04 24 158 11:30:02 0.5 0.6 0.0 0.03 23 158 11:40:01 0.9 1.1 0.0 0.03 23 158 11:50:01 0.5 0.4 0.0 0.03 23 158 12:00:01 1.4 1.4 0.0 0.04 24 158 Regards, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
setting up my own apt source
Hi all, I need to set up an apt source for my work, where we can store our custom made packages and kernels. I know that this can be done using dpkg-scanpackages, but I can't find any help on that besides the manpages. Does anybody know of a FAQ or HOWTO? thanks, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: force queue Postfix
On Mon, 28 May 2001, Manuel Trujillo wrote:
> Hi!
>
> I'm reading the documentation of Postfix, but, I don't know if this is
> for my impatient, I don't see the manner of make a "force queue" with
> Postfix.
>
> Can anybody help me, please??
>
> Thank's for all, and excuse me my bad english... :(
>
> Have a nice day ;-)
> TooManySecrets
>
>
Hi,
Just check the postfix manpages:
flush Force delivery: attempt to deliver every message in
the deferred mail queue. Normally, attempts to
deliver delayed mail happen at regular intervals,
the interval doubling after each failed attempt.
grtz,
Teun
--
Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: WAN Adapters...Wan in general
On 8 Jun 2001, Alex wrote: > A question to you all: > > Im sort of in a tight spot here. I want to connect my enterprise through > a cable line provided by a big carrier. They call it "an internet > link".well a modem can be an internet link but ive never needed a > 1,200 dls. device to route it (yeah, they want me to buy a router as > well). Now, i dont want to buy the router, i want to implement a linux > router for this kind of network. Some call it WAN link ups.some > call it Direct inet links. im just calling it WAN > > Now, as far as ive gotten by my research, one needs to buy a WAN card > that understands the HDLC protocol or the SyncPPP protocol (depending on > your provider). Ive foung at least three that run under linux. > > Now something made me nervous my provider said he can get me a V.35 > line or a g207 line (i dont know what does that mean), i cant find docs > on bridging from this kind of interface to ethernet. > > Anyway, some of this cards support this kind of interface and they range > from 500 to a 1000 dollars. I dont know what to buy, i cant find further > documentation, i dont know dick (pardon me). > > I want to make a bridge between this kind of interface (this HDLC or > SyncPPP or WAN connection) and my internal networko yeah, by the > way, I need this to give internet access to all the people here...if > your answer is "go buy the router, quit posting here" then please at > least point me to some docs on WAN's and currently available protocols > and stuff... > > Sincerely > Alex > > What kind of connection does your ISP provide? Is it a tv cable, T1/E1, T3/E3, or something else? Make sure you take a good look at at least these things: * protocols (hdlc, syncPPP, etc) * in case of T1/T3/E1/E3: does it support fractional T1/T3/E1/E3 * connector type (V.35, RJ48, BNC, etc) * driver support: open source drivers The company I work for uses linux routers for E1 and T3 connections to our upstream providers and customers. They work just fine... kind regards, Teun Vink -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: WAN Adapters...Wan in general
On Fri, 8 Jun 2001, Nicolas Bougues wrote: [snip] > > I believe you're talking about a T1/E1 link. Basically, the telco > brings you the T1/E1 trunk. Then, depending on the country/operator, > they provide you with a CSU/DSU, or not. > > It they do, the CSU/DSU will provide a sync serial port, either V35 or > X21. V35 should be avoided, connectors are ugly and expensive, X21 is > OK. Then you'll need a sync board with a matching serial interface > (see below). > > If they don't, they provide you a basic G703 T1 or E1 line. You have > either to buy a CSU/DSU, or to use a board that doesn't require > one. In this case, your board will connect directly to the 4 telco > wires, using (usually) an RJ45 plug. > > Such board (with or without CSU/DSU) exist for Linux. Try : > www.sangoma.com, www.etinc.com, etc. > > > At my work we use Cyclades PC300 boards (http://www.cyclades.com/products/svrbas/pc300.htm), available with different types of connectors. They are quite easy to configure and offer open source drivers. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: WAN Adapters...Wan in general
On Fri, 8 Jun 2001, Jason Lim wrote: > We also use PR3000s with various WAN cards. Cyclades have wonder products > and great support. I recommend them. www.cyclades.com > > Sincerely, > Jason > Indeed, I recommend them as well :) Although we've had some hard times getting the PR4000 RAS to work the way we wanted to (and found a couple of bugs in the firmware on the way). But they techsupport is very fast, friendly and skilled. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: Image disk for debian
On Wed, 20 Jun 2001, Craig wrote: > Hi ladies and fellas > > Is there a way of selecting packages and storing them in a flat text file, > that > debian uses to reference in the installation procedure. > > Thanks > Craig > dpkg --get-selections > file dpkg --set-selections < file should do the trick if you only want to store package names... Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: Exim and SMS gateways
On Tue, 10 Jul 2001, Marcin Sochacki wrote: > Hi all, > > I have got some problems with users on my server using email-to-SMS gateways. > They put .procmailrc like this one: > > -- > SENDMAIL=/usr/sbin/sendmail > :0c > * [EMAIL PROTECTED] > | $HOME/email2sms | $SENDMAIL -t > -- > > When the SMS gateway of someone's operator dies, the messages are bounced back > and processed again by procmail. The error message is sent to SMS gateway, > which bounces it again... > > So after some time I have thousands of messages in my spool. How can > I prevent this behavior with Exim configuration options? > > Marcin > > You could write a procmail rule which filters the bounces and drop them in a mailbox (or send them to /dev/null). Of course, you need to place this rule _before_ the rule which sends the SMS. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: Sendmail
On Wed, 10 Oct 2001, Craig wrote: > Hi Guys > > Does anyone know how I can test to see if sendmail > is relaying for domains that are in the relay-domains > file ?? And not an open relay ?> > > ..Craig > > > A nice test to check if your machine isn't an open relay is opening a telnet session to mail-abuse.org from the machine you want to test. Although it doesn't seem to work now: einstein:~# telnet mail-abuse.org Trying 204.152.186.193... Connected to mail-abuse.org. Escape character is '^]'. /proj/maps/bin/in.relaytest: socket failed [Bad file descriptor] But it usually is a nice test... we use it at the ISP I work for to test every colocated machine which is placed. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: Mailing Lists
On Thu, 8 Nov 2001, Martin WHEELER wrote: > On Thu, 8 Nov 2001, Andre Luis Lopes wrote: > > > Em Qui 08 Nov 2001 10:19, Craigsc escreveu: > > > > We are wanting to set-up a mailing list for our clients > > > and were wondering which program(s) we should use. At > > > present our mail is handled by exim. > > > >I did it sometime ago and I've used mailman which is quite easy to use > > and > > powerfull, but I'm not an ISP so people in the list would help you best. > > I *am* an ISP, and after messing around with quite a few list managers > eventually settled on mailman as being the best solution for my > situation. (Lazy admin with lots of lists :) > > It's worth it for the web-based administration and archiving alone. > > msw > I totally agree. At the ISP I work for we switched from majordomo to mailman some time ago, and it works perfectly. The web-based admin is great, both for us as admins and for our customers. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: 56K dialup for CCIL
On Thu, 6 Dec 2001, Russell Coker wrote: > On Thu, 6 Dec 2001 06:06, Chuck Peters wrote: > > One of our Network Admins Eric likes the USR Total Control and says we can > > pick up a used one for a good price. Does anyone have experience with > > them or comments on the performance and reliablity? > > A google search on "USR Total Control" turns up two security issues in the > first page of results... > > > We also offer text/shell dialup access because a few people still use slow > > old machines and a number of seniors just use PINE for email. We can keep > > a few of the old analog lines going for them, but it would be prefable to > > offer both ppp and shell on the same dialup pool like we are now. > > I suggest getting a Cyclades card and running Portslave the machine that has > it. It allows PPP, SLIP, telnet, rsh, and ssh connections from the terminal > server to a specified machine (controlled by RADIUS). > > > We will be using OpenLDAP for authenication. It is a must that we be able > > to control users online time and vary it for a few, volunteers and other > > specified people get extra time while most of the users get a couple of > > hours per day and we limit it during heavy usage. Does anyone have > > comments on that issue? > > There are a number of RADIUS servers that talk LDAP. FreeRADIUS seems pretty > good, I expect it can do what you want. Portslave supports limiting connect > time based on the RADIUS data. > > > CCIL is expecting to spend 5-7K on this so that kind of limits our > > equipment options. Maybe something besides the USR Total Control would be > > a better choice. Any recommendations? > > Cyclades products cost considerably less. See http://www.cyclades.com/ . > > At the ISP I work at, we used to work with a Total Control for our dial up customers, and we bought a couple of Cyclades PR4000's to replace the Total Control. Frankly, I'm not too happy about both. The TC still has some unexplained problems, which couldn't be solved by their tech support. The only way we could keep the machine running, was by shutting it down of 30 minutes every night. Of course, I don't know if this is a general TC problem, or if our TC is just buggy. Now, we also have some difficulties with some of the more advanced features of the PR4000. Cyclades Tech Support is quite helpful, but hasn't been able to solve these problems yet, after 4 months of debugging, trying new firmware releases, etc. Maybe this info helps, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: 56K dialup for CCIL
On Thu, 6 Dec 2001, Russell Coker wrote: > On Thu, 6 Dec 2001 14:06, Teun Vink wrote: > > [...] > > Frankly, I'm not too happy about both. The TC still has some unexplained > > problems, which couldn't be solved by their tech support. The only way we > > could keep the machine running, was by shutting it down of 30 minutes > > every night. Of course, I don't know if this is a general TC problem, or > > if our TC is just buggy. > > Sounds like a cooling problem (or maybe a low quality component that can't > deal with heat properly). That could very well be the problem. But it doesn't matter anymore, since we replaced it now. > > > Now, we also have some difficulties with some of the more advanced > > features of the PR4000. Cyclades Tech Support is quite helpful, but hasn't > > been able to solve these problems yet, after 4 months of debugging, trying > > new firmware releases, etc. > > What advanced features are you having problems with? Is it with the RAS2000 > (the Cyclades version of Portslave)? > > We have several problems, all of which have been reported to Cyclades Tech Support. They include: random reboots and dangling MLPPP and MCPPP sessions, and some minor issues, e.g. a part of the SNMP tree is missing. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: Mailinglist software recommendations?
On Fri, 7 Dec 2001, Marcel Hicking wrote: > Hi folks > > could anyone recommend a mailinglist software for > several small to medium sized mailinglists (say, > from very few to maybe a thousand or so subscribers)? > > I would need > a) The mailingslist software (obviously) > b) Some admin web interface for the guys going > to use and feed the lists. Need to be able to add lists, > see and modify subscribers. And, if possible, write and > post mails to the list via the web itnerface, too. > c) A web interface to (un)subscribe to lists (which I > could probably do myself ;-) > > Subscribers should not be able to post to the list in > general, but having this optional for each list would > be nice to have. > > Is there anythinglike this packaged for Debian? > Try Mailman, it can do all the things you asked. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net
Re: Setting up an SSL Server
On 3 Aug 2002, Shri Shrikumar wrote: > Hi, > > How would one go about setting up an ssl server. Do I need to purchase a > certificate for Verisign or anything ? What are the costs involved ? > > I've found OpenSSL - Is that adequate for an online shop ? Also, how > difficult is it to set up SSL / Apache SSL. > Hi, You can do 2 things: buy a certificate from a trusted party (e.g. Thawte or OpenSRS), or use an unsigned certificate. You can create an unsigned certificate yourself, but visitors of the https-site will be notified that the cert is unsigned. A certificate should cost you somewhere between $100 and $200 a year... OpenSSL is very well capable of hosting a SSL site. Apache-ssl and Apache with mod-ssl are other possibilities. Installing isn't that hard. Just run "apt-get apache-ssl", and check http://www.apache-ssl.org for information on configuring SSL if you want to use apache-ssl. Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows."
Re: Setting up an SSL Server
On Sat, 3 Aug 2002, Marcin Sochacki wrote: > On Sat, Aug 03, 2002 at 05:26:54PM +0200, Teun Vink wrote: > > You can do 2 things: buy a certificate from a trusted party (e.g. Thawte > > or OpenSRS), or use an unsigned certificate. You can create an unsigned > > certificate yourself, but visitors of the https-site will be notified that > > the cert is unsigned. A certificate should cost you somewhere between $100 > > and $200 a year... > > To be exact, the certificate is signed in both cases, the difference is > in the signing authority. Thawte, Verisign are trusted (in theory), > your own CA (Certificate Authority) if not trusted, and that's why > most browsers complain when entering such a website. > [...] You're right. But the result for the person visiting the website is that a self signed certificate is usually marked by their browser as "untrusted", resulting in a warning, while a certificate signed by a trusted party is not. Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows."
Re: SpamAssassin PHP-MySQL User Interface Problems
On Wed, 2002-08-28 at 16:51, Gene Grimm wrote: > I recently installed the SpamAssassin php-sa-mysql module to allow clients > access to their userprefs options. It authenticates against shadow passwords > using "validate" from libapache-mod-auth-shadow. The login script validates > the username and password then redirects the browser to the phpsa.php page. > I added the user name "spamby" to MySQL via webmin and set this in > config.inc.php as per the readme file. I confirmed the configured host, user > and password by inserting an echo statement in the phpsa file. The problem > is that I get the below error messages and can't figure out why it is trying > to connect as root. > > Warning: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) in > /var/www/phpsa/phpsa.php on line 16 > > Warning: MySQL Connection Failed: Access denied for user: '[EMAIL PROTECTED]' > (Using password: NO) in /var/www/phpsa/phpsa.php on line 16 > Could not connect > It looks like the root account does not have permission to access the database in mysql, so I'd suggest you verify that. More info on that can be found here: http://www.mysql.com/doc/en/Adding_users.html. Teun
Re: blocking trough MAC Address
On Fri, 2002-10-25 at 15:31, Maarten Vink wrote: > As far as I know, there's an iptables module that allows you to match on > MAC addresses. I've seen it several times when compiling a new kernel... > Haven't used it yet though. > Yeah there is: CONFIG_IP_NF_MATCH_MAC Then you can do things like: iptables -A in-eth0 -m mac --mac-source 00:11:22:33:44:55 -j refuse Regards, Teun Vink
apache broke
Hi,
Since I upgrade my SID box yesterday, I've been having major problems with
my Apache. The problems started when cron.d ran this morning. The config
has been like this for over a month, so I doubt it that that is the
problem. When I do a 'strace -f apachectl start', the last lines are:
old_mmap(0x40383000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
9, 0xae000) = 0x40383000
close(9)= 0
munmap(0x4024e000, 15836) = 0
stat64("/etc/cram-md5.pwd", 0xbfff7260) = -1 ENOENT (No such file or
directory)
stat64("/dev/urandom", {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9),
...}) = 0
--- SIGSEGV (Segmentation fault) ---
Switching the Apache LogLevel to 'debug' doesn't help at all. My error
logs only show which config files are processed, no more.
Can anyone give me a hint (or solution ;-) for this problem? If you need
any additional info, please do not hesitate to contact me.
TIA,
Teun
--
"If an infinite number of monkeys sit at an infinite number of typewriters
and randomly press keys, they will eventually produce the source code of
MS-Windows."
Re: apache broke
On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: > On Tue, Oct 29, 2002 at 10:45:44AM +0100, > Teun Vink <[EMAIL PROTECTED]> wrote > a message of 39 lines which said: > > > Since I upgrade my SID box yesterday, I've been having major > > First, sid is named unstable (sid == System In Development) and for a > reason. > I know that that's why it's called unstable. But that doesn't mean that we shouldn't mention that and just wait until the package maintainer fixes it. > > my Apache. > > Probably the Glibc problem mentioned in the last issue of Debian > Weekly News. > Thanks, I'll look into that. Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows."
Re: apache broke
On Tue, 29 Oct 2002, Mark Lijftogt wrote: > > > On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: > > > > > On Tue, Oct 29, 2002 at 10:45:44AM +0100, > > > Teun Vink <[EMAIL PROTECTED]> wrote > > > a message of 39 lines which said: > > > > > > > Since I upgrade my SID box yesterday, I've been having major > > > > > > First, sid is named unstable (sid == System In Development) and for a > > > reason. > > > > > > > I know that that's why it's called unstable. But that doesn't mean that we > > shouldn't mention that and just wait until the package maintainer fixes > > it. > > Both one point :-) Although I understand Stephane, I always thought this was > the way of improving, building etc.etc.etc. Dev-work. And because it's sid > in this case, maybe your better of in the debian's dev. department. I > personaly wouldn't be at ease running a sid production box. > > :-) > :) This isn't a real production box. On some of those we're still planning the migration from potato to woody. This is my personal box on which I host sites and mail for some friends... I'll check debian-devel mailinglists and IRC if i can find the time :) Thanx Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows."
Re: Using testing (sarge) in production.
On Tue, 29 Oct 2002, Fred Clausen wrote: > Hi all, > > I read Teun Vink's posting about his Apache problems with unstable. I am > currently using a mixture of stable and testing in production systems, > depending on which versions of the applications I require. What are your > experiences with testing in production environments? I have not had any > problems but I would like to know others' experience. Most of our > production systems are web/database systems. > Hi, We try to minimize the use of testing, but in some cases we had no real other option, since we really needed woody stuff when potato was still stable, and backporting would imply backporting way too many packages to keep the systems stable. Up 'till now, we haven't had many problems with running testing in production, although I must say that we started using testing (before woody was released), when it was pretty mature. For now, all we're still planning to migrate some of our more complicated machines to woody. We're not running testing on production machines yet, and I don't see many reasons for now to do so, but all will depend on how fast Debian will release their next release... Teun
Re: apache broke
On 29 Oct 2002, Michael Knorra wrote: > > any additional info, please do not hesitate to contact me. > > Yes, I hope so. It is the imap.so. > You can comment out the entry "extension=imap.so" in the php.ini file > and start the apache. Ah ok thankx, I'll check that. Too bad the main site which I host on that machine is a webmail application using php+imap :( For now, I've downgraded libc6, which was a lot of fun ;-) Teun
Re: apache broke
On 30 Oct 2002, Michael Knorra wrote: > Teun Vink <[EMAIL PROTECTED]> writes: > > > Ah ok thankx, I'll check that. Too bad the main site which I host on that > > machine is a webmail application using php+imap :( > > Bjoern.Falkenhagen said, that he has got a fixed imap.so module at > ftp://ftp.falkenhagen.net. Didn't check it.. perhaps you can try this. > Thanks, I will look into that. > > For now, I've downgraded libc6, which was a lot of fun ;-) > > That was the first thing I have done, but the emacs didn't work > anymore with that :-( > Hehe I saw postfix, ssh, proftpd and imap die after downgrading libc6 and some other packages. Luckily, restarting those services did the trick. Teun -- "If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows."
Re: Radius Question
On Fri, 2003-02-28 at 01:02, Kevin Lynch wrote: > I'm switching from Radius on a NT Server and I have the program > install but, I'm not sure where the config files are supposed to go in > Debian? > > I also can't seem to find useful help files. > > > Suggestions? > > It would help if you told us which radius server you're using... For radiusd-cistron (which we use at the ISP I work for), the configuration files are in /etc/raddb, documentation can be found in /usr/share/doc/radiusd-cistron. Teun Vink Luna.nl System & Network Engineer
Re: Routing with Linux
On Thu, 2003-03-06 at 13:16, Randy Kramer wrote: > On Wednesday 05 March 2003 02:41 pm, Burner wrote: > > load average is about 5Mbyte/s spikes at 10MByte/s, all traffic is > > webcontent. > > That seems to be large volume -- three to seven T1s unless my math is > off (my coffee hasn't kicked in yet). > > I'd almost expect a firewall per T1, or what kind of performance can you > get out of a Linux box serving as a router?? (Well, it is just within > the capability of a single 100 mbps Ethernet card, but it's a lot of > traffic.) To give some indication: we run a complete ISP backbone based on Debian boxes running Zebra for routing. This is all done on fairly standard hardware (usually Pentium III, 256Mb RAM), which can easily handle the load. Actually, the greater part of the load is caused by SNMP calls and user interaction. You can see some public statistics of our network on http://noc.luna.nl. We also have a router connecting 5 T1 lines. It has been up for over 600 days now, with a load average of about 0.05, also on very standard hardware. So I'd say a fairly recent box should be able to handle this amount of traffic without any problems... Regards, Teun Vink Luna.nl NOC -- -- Luna.nl B.V. -- Puntegaalstraat 109Postbus 63000 Tel : (010) 750 2000 3024 EB ROTTERDAM 3002 JA ROTTERDAMFax : (010) 750 2002 www.luna.nl[EMAIL PROTECTED] Helpdesk: (010) 750 2020
Re: load balancing
On Mon, 2003-03-10 at 22:41, danilo lujambio wrote: > Hi: > > what is the package or tool that you can recommended to make a load > balancing between two internet outputs. I read docs about high > availability servers, LVS and so on , but I am confused. Can someone > orient to me ? Depends on what you want to balance, just TCP/IP traffic, or a specific service (mail/web/etc). For TCP/IP traffic, we use VRRP (Virtual Redundant Router Protocol), which works fine. Regards, Teun Vink Luna.nl
Re: load balancing
On Tue, 2003-03-11 at 09:11, Markus Welsch wrote: > > Depends on what you want to balance, just TCP/IP traffic, or a specific > > service (mail/web/etc). For TCP/IP traffic, we use VRRP (Virtual > > Redundant Router Protocol), which works fine. > > What would you recommend if you want to realize load balancing between mail > and > webservers ? (Mail server should also include POP3/IMAP-Server). > I haven't got much experience in load balancing POP or IMAP. The only thing we do here is that we have multiple POP- and IMAP-proxies which talk to one server hosting the mailboxes. You could try letting building multiple mailbox servers, and let the proxies figure out which mailbox server they need to talk to... I don't know if there are tools available for this, you might need some custom made stuff... Regards, Teun Vink Luna.nl NOC
Re: BGP memory/cpu req
On Tue, 2003-03-11 at 11:28, Valkai Elod wrote: > Anyone running BGP with a global routing table on zebra/debian/gnu/linux? > > How much memory would it require? Does the CPU matter or is it mostly a > RAM issue? > > thx, Check out the Zebra mailinglist, it has been discussed there over and over. Basically, a full routing table would require 512Mb at least. CPU isn't that much of an issue, any 'normal' CPU (P3) would do... Teun
Re: Courier MTA
On Sun, 2003-03-23 at 22:50, Andrew Miehs wrote: > On Sun, Mar 23, 2003 at 10:13:24PM +0100, martin f krafft wrote: > > also sprach Andrew Miehs <[EMAIL PROTECTED]> [2003.03.23.2147 +0100]: > > > Can I use it as a replacement for postfix, or am I better off sticking > > > to postfix? > > > > why would you want to replace postfix? it's an excellent MTA, and it > > interacts with the other courier servers without any problems. > > Sorry... should have been a bit clearer... > > Am wanting to use the 'userdb' feature of courier, and thought that > the courier-mta may support this > > Otherwise, I am looking at > > * Postfix uses virtual_mailbox_map for usernames (and uid) delivery > * Postfix uses sasl(1) and sasldb for SMTP AUTH > * Courier uses 'userdb' for password, and UID > > -> And a shell script to keep them all in sync. > > Mysql and ldap are a bit overkill, and I don't like /etc/passwd as > I don't want users which shell accounts 'accidently continously' talking > to a pop3/ imap server. > > Unfortunately cyrus in woody is a very old version, and doesnt support > sasl! :-( so This effectively leaves me with the postfix courier solution. There is a cyrus (and postfix) backport from sid to woody: deb http://people.debian.org/~hmh/woody/ hmh/cyrus/ deb http://people.debian.org/~hmh/woody/ hmh/postfix/ deb http://people.debian.org/~hmh/woody/ hmh/misc/ (mailman, squirrelmail and amavis-new are also available there) You might want to take a loot at that... I've been using them for some time now, without any problems. Regards, Teun Vink Luna.nl NOC
Re: Advice on remote kernel changes?
On Thu, 2003-03-27 at 14:34, Peter Holm wrote: > Hi, > > are there any tutorials / packages out there that address the > situation of patching / upgrading / changing the installed kernel > remotely? > > three main problems come to my mind that could bring a fatal situation > of not being able to access the machine after a reboot: > > A kernel does not work with hardware for any reason and machine hangs > B kernel / modules do not work with network device for any reason. > C kernel does not start sshd for any reason > > How would one prevent this? [...] The best solution here is using serial consoles. This will enable you to remotely access the bios and lilo boot menu, so you can reboot with an older kernel when anything goes wrong with your new kernel. Regards, Teun Vink Luna.nl NOC -- BOFH excuse #196: Me no internet, only janitor, me just wax floors.
Re: Advice on remote kernel changes?
On Thu, 2003-03-27 at 14:34, Peter Holm wrote: > Hi, > > are there any tutorials / packages out there that address the > situation of patching / upgrading / changing the installed kernel > remotely? > > three main problems come to my mind that could bring a fatal situation > of not being able to access the machine after a reboot: > > A kernel does not work with hardware for any reason and machine hangs > B kernel / modules do not work with network device for any reason. > C kernel does not start sshd for any reason > > How would one prevent this? [...] The best solution here is using serial consoles. This will enable you to remotely access the bios and lilo boot menu, so you can reboot with an older kernel when anything goes wrong with your new kernel. Regards, Teun Vink Luna.nl NOC -- BOFH excuse #196: Me no internet, only janitor, me just wax floors. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix log analizer
On Wed, 2003-04-02 at 14:53, Andre Luis Lopes wrote: [..] >Actually, I'm already using pflogsum but it doesn't seems to support > generating the kind of report I'm looking for. It's good enough for > generating statistics about a lot of useful data, but what I would like > to see in a report is something like : > > Message IDSender Recipient Size > X [EMAIL PROTECTED][EMAIL PROTECTED] XXX > This shouldn't be too hard to do with some grepping/regexp'ing on mailserver logs, now should it? >The size is not that important. > Who made you believe that? ;-) Teun -- BOFH excuse #103: operators on strike due to broken coffee machine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Remove Large File
On Mon, 2003-06-02 at 02:42, Rudi Starcevic wrote:
> Hi,
>
> I have a file I've created which appears to be too large for my ext2
> filesystem.
>
> The file I created is a large text file which is a Postgresql database
> backup.
>
> I now know when dumping large databases to pipe the dump command to
> something like 'split' so that the resulting output file
> is split into smaller chunks.
>
> However before I was aware of this I created a file which is too large
> to handle.
>
> I want to remove this file but am getting this error message:
>
> rm: cannot remove `camper.dump20020116': Value too large for defined
> data type
>
> So I'm kinda stuck. I can't access the file whatsoever. Even the file
> size doesn't appear for me.
>
> Any idea's on how I can delete this file ?
Here's a little trick:
Start python and do:
import os
os.unlink('filename')
This will remove the file (worked for me on a 15G logfile).
Regards,
Teun Vink
Luna.nl System & Network Engineer
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HELP .. need to upgrade libc6 to a higher version ????
- Original Message - From: "Gregory Machin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 07, 2003 5:25 PM Subject: HELP .. need to upgrade libc6 to a higher version > 1 ) I need to upgrade libc6 to a test version so i can install clamav , > but it has a lot of dependanies .. how do i install the new version ? > 2 ) Is there an easy way to install test/unstable packges and have the > dependancies automaticly installed (all the files i've used are on the > debian ftp) at the moment i install the packages manually along with the > dependancies.. > > Here's an apt source which has clam for woody (can also be found op www.apt-get.org), works like a charm for me: deb http://people.debian.org/~aurel32/BACKPORTS woody main Regards, Teun Vink Luna.nl System & Network Engineer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Open Relay Testing
- Original Message - From: "Gene Grimm" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 3:12 PM Subject: Open Relay Testing > What is the best method of testing mail servers to determine if they are > susceptible to being exploited as an open relay? We have several mail > servers that I want to verify are "secured". Also, I have been having > problems with sending mail, specifically to AOL users, through my Zoom > Internet account at home. I'm not entirely sure I believe Zoom when they say > that their systems are not open relays. Plus I am considering configuring a > "relay MTA" on my home Debian box to route all of my outgoing mail through > our own office mail servers. Are there any HOWTO's describing ways of > creating a secure relay channel between remote MTA's? > http://www.abuse.net/relay.html Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Problem with squirrelmail
On Sun, 2003-07-27 at 21:11, kgb wrote: > Hello evrybody, > > I have some problems with squirrelmail running on Debian 3.0 woody and > php 4.2.3 the problem is when i try to change themes or language from > display preferenses they don't change no errors nothing everything seems > to be ok i try it on other distros and everything was fine is this bug > in this versian of php or squirrelmail ? i don't know what happen > anymore but this is sucks really any ideas? > Thanks in advanced I've seen similar things. For the themes: there's a wrong path in the config file for the themes, so new themes can't be loaded. Don't know if a bug has been filed against it (and I'm too lazy to check right now), but modifying /etc/squirrelmail/config.php fixes it. Theme paths should have a location like SM_PATH . 'themes/theme.php' If I recall correctly, the default debian config has 'config' instead of 'themes' in all of them. For the language problems: make sure your browser has the same language selected as preferred language as you select in SquirrelMail, this fixes it for me. Regards, Teun Vink -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Problem with squirrelmail
On Tue, 2003-07-29 at 00:41, kgb wrote: > Hey thanks, now themes work great but language don't want and this for > browser language is strange whatever i put for language from display > settings in squirrelmail the language everytime is english but on redhat > or slackware, fbsd work fine any ideas ? Yup: make sure you've got the right locales generated on your machine. Hope this helps, Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cyrus "Could not shut down filedescriptor..."
On Wed, 2003-08-06 at 15:03, Jean-Marc V. Liotier wrote: > I am getting trios of messages from Cyrus at random intervals apparently > not linked to any other even, a few dozen times a day : > > Aug 4 10:43:25 localhost cyrus/imapd[10867]: Could not shut down filedescriptor 0: > Bad file descriptor > Aug 4 10:43:25 localhost cyrus/imapd[10867]: Could not shut down filedescriptor 1: > Bad file descriptor > Aug 4 10:43:25 localhost cyrus/imapd[10867]: Could not shut down filedescriptor 2: > Bad file descriptor > > I found nothing with Google. Does anyone know what this is about ? Nope, but I've got lot's of them in my logs as well. Couldn't figure out what it was either. Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Count traffic
On Wed, 2003-08-13 at 10:56, Guillaume Plessis wrote: > Le Wed, Aug 13, 2003 at 10:22:51 +0200, Daniel Kradolfer - smile solutions gmbh a > écrit: > > Hi, > > > > I'm searching a solution to count in- and outgoing traffic for each > > virtual user (domain). Our boxes are running Apache, Proftpd and qmail. > > Does anybody know some good working GPLed software/tool to do one of > > these tasks. > > Hi! > > Take a look at the ipac-ng package. It works with iptables and works > fine, even with an important traffic. > > It's easy to configure and to integrate with your existant firewalling > rules. > > Best regads And how would that work with _virtual_ servers? Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: amavisd-new and clamav for woody???
> - Original Message - > From: "Peter Holm" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 02, 2003 2:14 AM > Subject: amavisd-new and clamav for woody??? > > Hi, > > where can I get recent versions of amavisd-new and clamav for woody? > > Ot would be very helpful, if there where some packages for woody out> > there, because I do not want to change my sources.list... Hi Peter, I'm using these apt-sources on my production filterboxes: deb http://people.debian.org/~aurel32/BACKPORTS woody main deb http://people.debian.org/~hmh/woody/ hmh/amavisd-new/ Both have amavisd-new, the first one also has clamAV and spamassassin. They work great, new updates are released shortly after they become available in sid. Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
- Original Message - From: "Jody Grafals" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 10, 2003 8:52 PM Subject: Spoon feeding Exchange with Sendmail > Spoon feeding Exchange with Sendmail > > Is it possible to somehow use my Debian Linux server as a tool to > download pop mail from a remote server then forward it to my local mail > server (Exchange), I was thinking Sendmail might be able to do something > like this but I could not find any documentation. > Never used it, but fetchmail should be able to do this, I think. Regards, Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apply this pack
>- Original Message - > From: "Ben Blier" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 04, 2003 10:13 PM > Subject: Re: Apply this pack > > Just making sure noone is dumb enough to download this file. It is > virus infected. No, it's not. It's a mail sent from an infected computer, but with a broken virus. The attachment is 0 bytes, you can open the email without any problems. Teun PS: would it matter, a W32 virus on a list for debian? ;) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Woody packages for nagios?
On Mon, 2004-01-12 at 16:18, Peter wrote: > Hi, > > are there any woody packages for nagios? > > Thanks! > > http://www.apt-get.org/search.php?query=nagios&submit=&arch%5B%5D=i386&arch%5B%5D=all Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix log analizer
On Wed, 2003-04-02 at 14:53, Andre Luis Lopes wrote: [..] >Actually, I'm already using pflogsum but it doesn't seems to support > generating the kind of report I'm looking for. It's good enough for > generating statistics about a lot of useful data, but what I would like > to see in a report is something like : > > Message IDSender Recipient Size > X [EMAIL PROTECTED][EMAIL PROTECTED] XXX > This shouldn't be too hard to do with some grepping/regexp'ing on mailserver logs, now should it? >The size is not that important. > Who made you believe that? ;-) Teun -- BOFH excuse #103: operators on strike due to broken coffee machine
Re: gre tunnel MTU adjustment
On Thu, 2003-05-15 at 09:40, Jeff S Wheeler wrote: > Dear List, > > I have a GRE tunnel setup between a debian linux/zebra router at my > co-lo and my home office. This allows me to have a /27 without coughing > up $7/IP to the local cable monopoly. There are no other broadband IP > options available. > > My problem is I can't raise the MTU on the intermediate links over which > the tunneled packets must travel, thus the MTU of my GRE tunnel is less > than 1500. Many popular Internet sites, including paypal, hotmail, > portions of Yahoo, and my beloved friendster, have utterly broken Path > MTU Detection. The problem is wide-spread, and I don't think these > sites are going to correct their problem or disable PMTUd on their > servers, load balancers, and whatnot. > > Cisco routers have the ability to fragment and reassemble IP packets > traversing GRE tunnels in order to effectively increase the tunnel MTU. > The command syntax is e.g. `ip mtu 1500` in interface configuration. > > Is similar functionality available on linux? If not, can someone with > iptables clue give me an example of how to disable the IP Don't-Fragment > bit on ip packets that are being routed to my tunnel, allowing them to > be fragmented even though the transmitting TCP stack has set DF? > > Kind thanks, Hi, I use a GRE tunnel between my DSL connection at home and the network of the ISP I work for. I use this iptables line in my setup, which fixes the MTU for all outgoing packets: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp Works just fine... grtz, Teun Vink -- BOFH excuse #382: Someone was smoking in the computer room and set off the halon systems.
RE: gre tunnel MTU adjustment
On Thu, 2003-05-15 at 11:51, Christian Storch wrote: > Perhaps you want to say: > > iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j > TCPMSS --clamp-mss-to-pmtu > You're right, that's the correct argument (--clamp-mss-to-pmtu) Incidently, --clamp works as well, iptables obviously does some sort of "argument completion". Teun
Re: Which SSL Company? (Slightly OT)
- Original Message - From: "Dustin Douglas" <[EMAIL PROTECTED]> To: Sent: Wednesday, May 21, 2003 10:23 PM Subject: Which SSL Company? (Slightly OT) > While this isn't exactly Debian related, it _is_ ISP related. > > We'll shortly be purchasing an SSL Cert for one of our clients who is > going to be launching an e-commerce site, but I'm at a loss as to > which company to buy the Cert from. I'd prefer to avoid Verisign out > of general principal, not to mention the fact that their prices are > pretty steep. Thawte is a consideration with MUCH cheaper prices, but > again Verisign is in the picture. Anyone have any other > suggestions? I have considered signing my own certs, but > don't think the client would appreciate the barrage of dialogs popped > forth from IE. > Hi, We used to buy them from Thawte, but switched to Tucows/OpenSRS. My experience is that Thawte works ok, but is slower in signing and renewing certificates than Tucows. Both parties are accepted as a valid CA by most browsers, so I doubt people would experience issues with them. Regards, Teun Vink
Re: Remove Large File
On Mon, 2003-06-02 at 02:42, Rudi Starcevic wrote:
> Hi,
>
> I have a file I've created which appears to be too large for my ext2
> filesystem.
>
> The file I created is a large text file which is a Postgresql database
> backup.
>
> I now know when dumping large databases to pipe the dump command to
> something like 'split' so that the resulting output file
> is split into smaller chunks.
>
> However before I was aware of this I created a file which is too large
> to handle.
>
> I want to remove this file but am getting this error message:
>
> rm: cannot remove `camper.dump20020116': Value too large for defined
> data type
>
> So I'm kinda stuck. I can't access the file whatsoever. Even the file
> size doesn't appear for me.
>
> Any idea's on how I can delete this file ?
Here's a little trick:
Start python and do:
import os
os.unlink('filename')
This will remove the file (worked for me on a 15G logfile).
Regards,
Teun Vink
Luna.nl System & Network Engineer
Re: HELP .. need to upgrade libc6 to a higher version ????
- Original Message - From: "Gregory Machin" <[EMAIL PROTECTED]> To: Sent: Saturday, June 07, 2003 5:25 PM Subject: HELP .. need to upgrade libc6 to a higher version > 1 ) I need to upgrade libc6 to a test version so i can install clamav , > but it has a lot of dependanies .. how do i install the new version ? > 2 ) Is there an easy way to install test/unstable packges and have the > dependancies automaticly installed (all the files i've used are on the > debian ftp) at the moment i install the packages manually along with the > dependancies.. > > Here's an apt source which has clam for woody (can also be found op www.apt-get.org), works like a charm for me: deb http://people.debian.org/~aurel32/BACKPORTS woody main Regards, Teun Vink Luna.nl System & Network Engineer
Re: Open Relay Testing
- Original Message - From: "Gene Grimm" <[EMAIL PROTECTED]> To: Sent: Wednesday, July 02, 2003 3:12 PM Subject: Open Relay Testing > What is the best method of testing mail servers to determine if they are > susceptible to being exploited as an open relay? We have several mail > servers that I want to verify are "secured". Also, I have been having > problems with sending mail, specifically to AOL users, through my Zoom > Internet account at home. I'm not entirely sure I believe Zoom when they say > that their systems are not open relays. Plus I am considering configuring a > "relay MTA" on my home Debian box to route all of my outgoing mail through > our own office mail servers. Are there any HOWTO's describing ways of > creating a secure relay channel between remote MTA's? > http://www.abuse.net/relay.html Teun
Re: Apply this pack
>- Original Message - > From: "Ben Blier" <[EMAIL PROTECTED]> > To: > Sent: Thursday, December 04, 2003 10:13 PM > Subject: Re: Apply this pack > > Just making sure noone is dumb enough to download this file. It is > virus infected. No, it's not. It's a mail sent from an infected computer, but with a broken virus. The attachment is 0 bytes, you can open the email without any problems. Teun PS: would it matter, a W32 virus on a list for debian? ;)
Re: Woody packages for nagios?
On Mon, 2004-01-12 at 16:18, Peter wrote: > Hi, > > are there any woody packages for nagios? > > Thanks! > > http://www.apt-get.org/search.php?query=nagios&submit=&arch%5B%5D=i386&arch%5B%5D=all Teun
E1/E3/T3/STM1 cards with Linux support
Hello, Does anybody have any experience with E1/E3/T3 or STM1 cards which are supported by Linux? Especially cards with a BNC, UTP/RJ345 or SC/APC connector. Kind regards, Teun Vink -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: E1/E3/T3/STM1 cards with Linux support
On Wed, 25 Oct 2000, Nicolas BOUGUES wrote: > > Does anybody have any experience with E1/E3/T3 or STM1 cards which are > > supported by Linux? Especially cards with a BNC, UTP/RJ345 or SC/APC > > connector. > > I know at least three vendors of such products : > - Sangoma (http://www.sangoma.com) > - Emerging (http://www.etinc.com) > - Lanmedia (http://www.lanmedia.com) > > Good experiences with the two firsts, no experience with the later. > Thanks.. I'll check those out. Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
traffic accounting
Hi, I would like to setup up some sort of traffic accounting in our network. I know how to do this using ipchains rules, but the problem is that our network is completely redundant, so each machine in the network has two gateways (both Debian boxes). Does anybody know of a tool which can automatically combine the accounting of multiple routers into one set of statistics? Regards, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: traffic accounting
On Thu, 18 Jan 2001, Alexander Reelsen wrote: > Hi > > On Thu, Jan 18, 2001 at 03:16:34PM +0100, Teun Vink wrote: > > I would like to setup up some sort of traffic accounting in our > > network. I know how to do this using ipchains rules, but the problem is > > that our network is completely redundant, so each machine in the network > > has two gateways (both Debian boxes). > > > Does anybody know of a tool which can automatically combine the accounting > > of multiple routers into one set of statistics? > Well, if you need graphical accounting you can try to stick with Hoth > (incidentally written by me ;)). You can stack whatever data you want on > the top of each other (the example graph on the page stacks tcp with icmp > with irc, what is completely senseless...), so you can stack the traffic > of two interfaces as well. > > It is based on RRDtool to store the data and the rest is a small perl > script. See more at: > http://joker.rhwd.de/software/hoth > > Biggest caveat: Not a seamless installation and almost no few docs. > > And if someone helps me to read the netlink sockets for accounting in > Linux 2.4 I will port it as well. I wasn't successful yet in any way, > neither in perl nor in python (help is really appreciated! :)).. > > > MfG/Regards, Alexander > > Well.. I especially need numbers, since we want to bill excessive traffic :-) But I be sure to take a look! Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: traffic accounting
On Thu, 18 Jan 2001, Alexander Reelsen wrote: > Hi > > On Thu, Jan 18, 2001 at 03:34:52PM +0100, Teun Vink wrote: > > Well.. I especially need numbers, since we want to bill excessive traffic > Shouldn't it be sufficient then do sum up the netacct data of both > interfaces? > > > MfG/Regards, Alexander > > Yeah of course... but I wanted to know if there's a tool which can do that for me, instead of writing some scripts to combine data and add it up... Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
cistron radius dies
Hi, I installed Cistron Radius on my server, and during the testing I see some strange errors in the logfiles: Mon Jan 29 06:36:26 2001: Error: Accounting: logout: entry for NAS nas1 port 1 has wrong ID and Mon Jan 29 06:38:36 2001: Error: Accounting: logout: login entry for NAS nas1 port 769 not found I see many of these errors: about 3600 in 6 hours! Also, I see that radius dies about every 10 to 30 seconds! (of which I get notifications by e-mail) This may be the result of the errors above, but I'm not sure, since the only message I get is "Radius died, restarting...". I use Cistron radius both for authentication and accounting. The NAS I use is a 3COM Total Control. Can anybody tell me anything about why these errors occur, why radius restarts so often, and how I can solve these problems? Thanks, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cistron radius dies
On Tue, 30 Jan 2001, Tommy van Leeuwen wrote: > Hi, > > The fact that radius dies and restarts itself is probably a DNS issue. You > should check your /etc/raddb/clients to see if the entries for your nas'es > matches. This should maybe also solve the 'wrong id' messages. > > Regards, > > Tommy > Hey, I figured that out yet. I had two radwatcher processes running. One of them tried start a new radiusd, which failed because it couldn't bind to the port, so it died. It still is a mystery why two radwatcher processes were running, though. Unfortunately, I still can't fix the accounting errors. Regards, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Performance monitor
On Thu, 3 May 2001, Jason Lim wrote: > Strange... > > dselect tells me: > > atsar - system activity reporter > > monitor system resources such as cpu & disk, record data for later > analysis > > does it also monitor network activity (eg. 100mb link 23% utilization)? > > Sincerely, > Jason Lim > Here's some of the output of atsar, maybe this will tell you what you want to know: stardust:~> atsar --help atsar: invalid option -- - usage: atsar [-flags] t [n] or atsar [-flags] [-s hh:mm] [-e hh:mm] [-i sec] [-n day# | -f file] flags: -A all flags -u cpu (default flag) -d disk -D disk-partition -r memory & swap -p paging & swapping -I interrupts -v kernel-resources -l net-interf (general) -L net-interf (errors) -w ip (general) -W ip (errors) -t tcp(general) -T tcp(errors) -U udp -m icmp (general) -M icmp (per type) -N nfs(general) -E nfs(errors) -R nfs-rpc(%calls) stardust:~> atsar -wt Linux stardust 2.2.18 #1 Mon Feb 5 14:22:51 CET 2001 i586 05/03/2001 10:00:02 inrecv/s outreq/s indeliver/s forward/s reasmok/s fragcreat/s _ip_ 10:10:02 1.1 0.9 0.3 0.0 0.0 0.0 10:20:01 1.3 0.9 0.4 0.0 0.0 0.0 10:30:01 1.1 0.8 0.4 0.0 0.0 0.0 10:40:01 1.2 0.9 0.5 0.0 0.0 0.0 10:50:02 1.2 1.1 0.3 0.0 0.0 0.0 11:00:01 0.6 0.5 0.2 0.0 0.0 0.0 11:10:01 1.1 0.8 0.4 0.0 0.0 0.0 11:20:01 1.1 0.8 0.3 0.0 0.0 0.0 11:30:02 0.9 0.7 0.2 0.0 0.0 0.0 11:40:01 1.5 1.4 0.4 0.0 0.0 0.0 11:50:01 1.1 0.7 0.4 0.0 0.0 0.0 12:00:01 1.9 1.7 0.3 0.0 0.0 0.0 10:00:02 insegs/s otsegs/s actopen/s pasopen/s nowopen socknow sockmax _tcp_ 10:10:02 0.6 0.6 0.0 0.03 23 158 10:20:01 0.7 0.6 0.0 0.03 23 158 10:30:01 0.5 0.5 0.0 0.03 23 158 10:40:01 0.5 0.5 0.0 0.03 23 158 10:50:02 0.7 0.8 0.0 0.04 24 158 11:00:01 0.2 0.3 0.0 0.04 24 158 11:10:01 0.5 0.5 0.0 0.04 24 158 11:20:01 0.6 0.6 0.0 0.04 24 158 11:30:02 0.5 0.6 0.0 0.03 23 158 11:40:01 0.9 1.1 0.0 0.03 23 158 11:50:01 0.5 0.4 0.0 0.03 23 158 12:00:01 1.4 1.4 0.0 0.04 24 158 Regards, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
setting up my own apt source
Hi all, I need to set up an apt source for my work, where we can store our custom made packages and kernels. I know that this can be done using dpkg-scanpackages, but I can't find any help on that besides the manpages. Does anybody know of a FAQ or HOWTO? thanks, Teun -- Teun Vink - [EMAIL PROTECTED] - icq: 15001247 - http://teun.moonblade.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
