PB> Hello all, Can anyone tell me if there is a good reason to
PB> allow connections to a local DNS port(53) from remote
PB> privledges ports(< 1024)?
Yes. Windows and possibly some other systems (little internet
devices maybe) do not have this "privileged port" notion.
Why do y
> "PB" == Peter Billson <[EMAIL PROTECTED]> writes:
[...]
PB> Paranoia. Generally accepted practice when setting up a
PB> firewall is to be as restrictive as possible without breaking
PB> things, that includes restricting the originating ports.
I don't see what you can gain by t
> "RC" == Russell Coker <[EMAIL PROTECTED]> writes:
RC> On Saturday 30 June 2001 04:43, Eirik Dentz wrote:
>> My question is this: The DNS is under the jurisdiction of the
>> IS department and the MX record @mydomain.org is set up to
>> point at their email server. Does it make
Another lister replied as I was writing this and I agree with what he
said also.
RC> ... I spent a few days trying to
RC> track down what was going on (and hack in extra environment
RC> variables to the scripts etc). I encountered a number of
RC> problems including inexplicable
[...]
>> it may not actually BE a kickback, but it looks like one and
>> smells like one and the end-result is basically the same.
RC> Only the most stupid consultants would go for that (like a
RC> consulting company I used to work for). You can make much
RC> more money insta
> "CS" == Craig Sanders <[EMAIL PROTECTED]> writes:
(quoting Russel Coker, all snipped sorry if snipped too much)
RC> I haven't bothered investigating this in depth. If one of my
RC> servers crashes the possibility that one message may be lost is
RC> really the least of my concern
> "RC" == Russell Coker <[EMAIL PROTECTED]> writes:
[...]
RC> The only systematic benchmark results that have been published
RC> are of comparing Maildir to mbox.
Have a URL handy?
RC> Some of the hardware guys at VA were talking about working on
RC> such things with me at on
CM> [...] Aug 27 08:27:44 ns sendmail[658]: NAA27537:
CM> to=<[EMAIL PROTECTED]>, [EMAIL PROTECTED]
CM> (1000/1000), delay=2+19:16:17, xdelay=00:00:00, mailer=relay,
CM> relay=n, stat=Deferred: Name server: n: host name lookup
CM> failure [...]
What is 'n' ? Sendmail is look
CM> define(`SMART_HOST',`N')dnl
This is where N is coming from! Delete this line, and run
sendmailconfig, say yes to rebuilding .cf from the .mc and you should
be OK (at least that particular problem will be gone).
You probably tried to say no to something, and that's how it got
there!
c
James> Well, if your company runs the DNS for your website on
James> those servers and you block outside IPs from querying from,
James> no one on the internet will be able to go to your website.
James> :) [...]
I think the right way to do this in bind 8.?? is:
In named.conf
op
> "JCR" == Jeremy C Reed <[EMAIL PROTECTED]> writes:
[...]
JCR> Use something like: hwclock --systohc --utc
Yes this would set the hw clock to UTC. I think the OP was asking for
how to notify the system that that is not the case. The place to do
that is in /etc/default/rcS I believe.
SB> If I send a mail to [EMAIL PROTECTED] when the main domain is
SB> dot.bar and I have in the virtusertable:
SB> [EMAIL PROTECTED] bortzmeyer
SB> the mail is received with a header:
SB> To: [EMAIL PROTECTED]
SB> which is not what the customer wants.
What else do you hav
> "PH" == Patrick Hsieh <[EMAIL PROTECTED]> writes:
[...]
PH> In PHP, I can check the HTTP_REFERER to make sure connections
PH> originates from the same website. If the HTTP_REFERER is empty
PH> or not belongs to the same website, I can redirect the client
PH> to another webpag
[...]
TM> ... When I turned
TM> from BIND to djbdns, I discovered that I had several errors in
TM> my name server setup, despite the fact that I thought I had
TM> double-checked each time I messed with the server. [...]
Just out of curiosity, what kind of errors were these?
[
> "ANR" == Adriano Nagelschmidt Rodrigues <[EMAIL PROTECTED]> writes:
[...]
ANR> Why? Can you list the reasons? For example, do you really
ANR> need an external cache and a server running on the same
ANR> machine, which can only have one public IP address? [...]
Here's one: consid
> "ANP" == Adriano Nagelschmidt Rodrigues <[EMAIL PROTECTED]> writes:
BM> Here's one: consider the domain bogus.internal served by the
BM> proxy/gateway box that also doubles as a caching DNS server for
BM> resolvers inside a firewall. This is not unusual.
ANP> Just run the s
> "TH" == Thomas Kirk <[EMAIL PROTECTED]> writes:
[...]
TH> /dev/sdb5: Timing buffer-cache reads: 128 MB in 0.95 seconds
TH> =134.74 MB/sec
TH> /dev/sdb5: Timing buffered disk reads: 64 MB in 3.42 seconds =
TH> 18.71 MB/sec
TH> When it comes to real world test my scsibased
> "RA" == Roger Abrahamsson <[EMAIL PROTECTED]> writes:
[...]
RA> Escape character is '^]'. 220
[...]
Cisco PIX firewall with the SMTP option does this. Is there a PIX in
the path? If so, it'll be trouble. It used to be broken in several
ways. PIX admins w
I don't understand why you need this to happen every 5 minutes.
If it is delegations are from the root servers, they are only updated
twice daily. Sure you can update the zone files right after the
registration, but nobody except people who use your name servers for
recursive lookups will get tha
[...]
KMH> The best way to do that that I've found so far is to set up
KMH> a box with two removable hard drive racks, install and
KMH> _configure_ everything on one drive, then use `cfdisk',
KMH> `mkswap', and `mke2fs' to partition and format the second
KMH> drive.
[...]
I
If you cannot get it to repeat, it is likely a hardware problem.
Possibly memory. If you do have bad hardware you will eventually
corrupt your file system, so the problem should not be ignored.
See:
http://www.bitwizard.nl/sig11/
I use and like
http://reality.sgi.com/cbrady_denver/memtest86/
[...]
GG> Summary: domain.com A --> mail server IP
GG> domain.com NS --> dns1.primedomain.com
GG> domain.com SOA --> dns1.primedomain.com,admin.primedomain.com
GG> www A --> NT server IP
This is what I would do with reasons:
domain.com A --> web server IP
because people will ty
GG> [...] DNS was misconfigured from the start,
GG> causing dial-up clients to use a SMTP/POP3 hostname of
GG> "domain.com" instead of "mail.domain.com". We need
GG> "domain.com" to resolve to the NT web server for
GG> "http://domain.com"; requests and to the Linux mail server
AA> anyone who can recommend a good motherboard for small to
AA> medium sized web server would be greatly appreciated. I'd
AA> like to get boards that have onboard integraed LAN and video.
For a small web server, I like refurb/old stock Compaq SFF
worksations. They can be had cheapl
Your biggest potential hog is squid. It maintains data structures in
memory and their size grows with your cache size. If anything causes
trashing that'll be it. The squid FAQ's give some back-of-envelope
calculations for this AFAIK.
cheers,
BM
[...]
RC> The idea is that the database vendor knows their data storage
RC> better than the OS can guess it, and that knowledge allows
RC> them to implement better caching algorithms than the OS can
RC> use. The fact that benchmark results show that raw partition
RC> access is
You are setting 255.255.255.0 netmasks so the machines are expecting
to find .1 .2 .3 machines on the local ethernet interfaces. I don't
know why you are doing it like that, but what would fix your problem
is getting the Linux router machine to do a proxy-arp. You can turn this
on by echo'ing t
cog> Ok so I changed it and put the client and eth1 of the linux
cog> bridge/router on a different subnet than the rest. Same
cog> results.
You are omitting something (obviously), maybe you should sniff the
wire and tell us what you see?
cheers,
BM
I'd like to thank Russel Coker for taking the time to spell his
thinking out in detail. I now know more than I did five minutes
ago!
cheers,
BM
ST> ... I realize that we will have to encode the
ST> files before we can attach them, two questions, first how do I
ST> get sendmail to actually 'attach' the encoded file to the
ST> message,
You don't. In general sendmail does not care about what you feed it.
You deal with the
[...]
JLG> I'm open to any suggestions anyone may have. I've thought
JLG> about using virtusertable on the gateway box to rewrite the
JLG> addresses so as to be delivered to the internal mail server,
JLG> but I'm not sure about this.
Use a mailertable that sends everything for you
[...]
GS> I undestand, that I loose all apt functionality, when starting
GS> to compile my own source. What way is the best to deal with a
GS> situation like this ???
"Best" depends on your circumstances. If you are willing to invest
the time, the best way is making your own .deb, bu
[...]
>> # "Smart" relay host (may be null) DS
RAN> indeed, but can only have 1 value iirc...
No, you can do
define(`SMART_HOST',`ssmart1.isp.net:smart2.isp.net')
from your .mc and thinsg will work just fine.
cheers,
BM
> "ELBnet" == Tech Support <[EMAIL PROTECTED]> writes:
ELBnet> Try using: headers_check_syntax = true headers_checks_fail
ELBnet> = true
ELBnet> which checks to be sure the From To BCC etc. are correctly
ELBnet> formatted and rejects them if not.
Which would do you no good for
> "PB" == Peter Billson <[EMAIL PROTECTED]> writes:
[...]
PB> Paranoia. Generally accepted practice when setting up a
PB> firewall is to be as restrictive as possible without breaking
PB> things, that includes restricting the originating ports.
I don't see what you can gain by th
PB> Hello all, Can anyone tell me if there is a good reason to
PB> allow connections to a local DNS port(53) from remote
PB> privledges ports(< 1024)?
Yes. Windows and possibly some other systems (little internet
devices maybe) do not have this "privileged port" notion.
Why do yo
> "RC" == Russell Coker <[EMAIL PROTECTED]> writes:
RC> On Saturday 30 June 2001 04:43, Eirik Dentz wrote:
>> My question is this: The DNS is under the jurisdiction of the
>> IS department and the MX record @mydomain.org is set up to
>> point at their email server. Does it make
James> Well, if your company runs the DNS for your website on
James> those servers and you block outside IPs from querying from,
James> no one on the internet will be able to go to your website.
James> :) [...]
I think the right way to do this in bind 8.?? is:
In named.conf
opt
> "JCR" == Jeremy C Reed <[EMAIL PROTECTED]> writes:
[...]
JCR> Use something like: hwclock --systohc --utc
Yes this would set the hw clock to UTC. I think the OP was asking for
how to notify the system that that is not the case. The place to do
that is in /etc/default/rcS I believe.
[This is exactly the kind of exchange I was trying to avoid, oh well]
> "EvB" == Emile van Bergen <[EMAIL PROTECTED]> writes:
[...]
EvB> In short, you can only compare qmail and sendmail. Not only
EvB> does the latter have a bad reputation for complexity, but for
EvB> its amount o
> "ASF" == Angus Scott-Fleming <[EMAIL PROTECTED]> writes:
[...]
ASF> What are your problems with qmail?
I know it works reasonably well but I have not used it personally
myself for any amount of time and certainly not professionally. I did
end up troubleshooting it at one point because
> "EvB" == Emile van Bergen <[EMAIL PROTECTED]> writes:
[...]
me> Sendmail is _very_ flexible but it is probably not good for the
me> inexperienced admin. If you are willing to read documentation
me> and M4 doesn't scare you, it is a fairly safe bet.
EvB> Which bet being safe?
> "AB" == Alex Borges writes:
[...]
AB> Mozilla rulez for me. You can also get it to preload so it
AB> aint so damned slow (or so i think).
Hmm, you can also get Emacs/Xemacs under Windows and run Gnus or VM as
your MUA.
BM
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subj
> "AB" == Alex Borges writes:
[...]
AB> Mozilla rulez for me. You can also get it to preload so it
AB> aint so damned slow (or so i think).
Hmm, you can also get Emacs/Xemacs under Windows and run Gnus or VM as
your MUA.
BM
If you cannot get it to repeat, it is likely a hardware problem.
Possibly memory. If you do have bad hardware you will eventually
corrupt your file system, so the problem should not be ignored.
See:
http://www.bitwizard.nl/sig11/
I use and like
http://reality.sgi.com/cbrady_denver/memtest86/
[...]
GG> Summary: domain.com A --> mail server IP
GG> domain.com NS --> dns1.primedomain.com
GG> domain.com SOA --> dns1.primedomain.com,admin.primedomain.com
GG> www A --> NT server IP
This is what I would do with reasons:
domain.com A --> web server IP
because people will t
GG> [...] DNS was misconfigured from the start,
GG> causing dial-up clients to use a SMTP/POP3 hostname of
GG> "domain.com" instead of "mail.domain.com". We need
GG> "domain.com" to resolve to the NT web server for
GG> "http://domain.com" requests and to the Linux mail server
AA> anyone who can recommend a good motherboard for small to
AA> medium sized web server would be greatly appreciated. I'd
AA> like to get boards that have onboard integraed LAN and video.
For a small web server, I like refurb/old stock Compaq SFF
worksations. They can be had cheap
Your biggest potential hog is squid. It maintains data structures in
memory and their size grows with your cache size. If anything causes
trashing that'll be it. The squid FAQ's give some back-of-envelope
calculations for this AFAIK.
cheers,
BM
--
To UNSUBSCRIBE, email to [EMAIL PROT
[...]
RC> The idea is that the database vendor knows their data storage
RC> better than the OS can guess it, and that knowledge allows
RC> them to implement better caching algorithms than the OS can
RC> use. The fact that benchmark results show that raw partition
RC> access is
You are setting 255.255.255.0 netmasks so the machines are expecting
to find .1 .2 .3 machines on the local ethernet interfaces. I don't
know why you are doing it like that, but what would fix your problem
is getting the Linux router machine to do a proxy-arp. You can turn this
on by echo'ing
cog> Ok so I changed it and put the client and eth1 of the linux
cog> bridge/router on a different subnet than the rest. Same
cog> results.
You are omitting something (obviously), maybe you should sniff the
wire and tell us what you see?
cheers,
BM
--
To UNSUBSCRIBE, email to
I'd like to thank Russel Coker for taking the time to spell his
thinking out in detail. I now know more than I did five minutes
ago!
cheers,
BM
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ST> ... I realize that we will have to encode the
ST> files before we can attach them, two questions, first how do I
ST> get sendmail to actually 'attach' the encoded file to the
ST> message,
You don't. In general sendmail does not care about what you feed it.
You deal with th
RG> ... without setting up a full shell account? I
RG> just want to setup a few 'forward' email accounts, so that
RG> when that account receives mail it's just forwarded to another
RG> offsite account.
You don't need shell for this at all, either use aliases (if there is
no cla
RB> ...Is there a way, when I talk
RB> to the outside world across my WAN card, to make it use the ip
RB> address of my ethernet card.
[I am assuming that your ethernet card is also connected to the
Internet]
This will work OK if the upstream from your wan card will route
packets
tps> ... As part of
tps> the traffic going through the box, some streams have 1000k
tps> window size for a certain reason. ...
This is the TCP window? Are you sure both sides can use the window
scale option?
[...]
tps> PS: This is really something to do with the window size an
Is there a good company you folks are using for back-up DNS service?
Ordinarily I'd just ask an acquaintance, but all the admins I
personally know who'd go for this have screwed up their name servers
at one point or another and didn't know it!
Maybe the question to ask is should a bunch of us
Kevin> http://granitecanyon.com http://centralinfo.net
Kevin> Both free, both very dependable.
Hmm, this from http://granitecanyon.com/status.shtml
--- Included text
6 January 2001
We have been experiencing router problems for the past two days as our 4-port 10/100
ethernet card f
Check out the following link. The price is right and I did get it to
work reliably for a client of mine once under Debian. I don't
remember all the details, but I do remember getting quick
acknowledgement for a script bug I pointed out.
http://www.ydi.com/Products/Wireless_LAN_Products/WL2400_
> "BrM" == brian moore <[EMAIL PROTECTED]> writes:
On Tue, Jan 23, 2001 at 06:42:20PM -0500, Debian Ghost wrote:
>> ... My manager has asked me to write a proposal on installing
>> Debian or FreeBSD on a few servers here that will be used
>> (internally to the company- i.e- non pro
[...]
JLG> I'm open to any suggestions anyone may have. I've thought
JLG> about using virtusertable on the gateway box to rewrite the
JLG> addresses so as to be delivered to the internal mail server,
JLG> but I'm not sure about this.
Use a mailertable that sends everything for yo
[...]
GS> I undestand, that I loose all apt functionality, when starting
GS> to compile my own source. What way is the best to deal with a
GS> situation like this ???
"Best" depends on your circumstances. If you are willing to invest
the time, the best way is making your own .deb, b
[...]
>> # "Smart" relay host (may be null) DS
RAN> indeed, but can only have 1 value iirc...
No, you can do
define(`SMART_HOST',`ssmart1.isp.net:smart2.isp.net')
from your .mc and thinsg will work just fine.
cheers,
BM
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subjec
> "ELBnet" == Tech Support <[EMAIL PROTECTED]> writes:
ELBnet> Try using: headers_check_syntax = true headers_checks_fail
ELBnet> = true
ELBnet> which checks to be sure the From To BCC etc. are correctly
ELBnet> formatted and rejects them if not.
Which would do you no good fo
65 matches
Mail list logo
