Re: [CentOS] Nerd rage (Was: IPV4 is nearly depleted, are you ready for IPV6?)
-Original Message- Responses inline. Jerry Franz wrote: On 12/08/2010 07:03 AM, Scott Robbins wrote: Honestly, I had no one in mind. I remember in an effort to get a life outside tech, I joined a mailing list for something else. I hadn't realized how most people top post, don't trim, and still use aol. It really is worth noting that the bottom-post convention used on many technical lists *is not* how most of the planet now does email or other The damn thing is a conversation. Top posting is talking over everyone else. I had a customer blast me about inlined responses, it drove me bonkers. I was responding to 15 individual questions. I think that the missed point here is obey the rules of the list (I'm ignoring customers who find it hard to read ;-) ). If the rules state bottom posting only then that's it, no arguments. If you don't like the rules don't post/join etc. electronic communications. The rage we see here over it is really just another technical 'religious war' by people who don't tolerate change well. In reality, it doesn't matter much for most things either way and far more harm is done by the howling over it than using either convention actually causes. So, we should put up with rudeness and obnoxious behavior? I think that this http://catb.org/~esr/faqs/smart-questions.html should be read in conjunction with the list rules. This helps to explain why some questions elicit things that might be considered rude. On other lists that I subscribe to they also take a dim view of top posting - specifically for the reasons of readability, i.e. top posting makes it difficult to pick up a thread mid conversation. Anyway, that's just my two-penneth worth... Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hwclock problem
Hi, On 11/14/10 5:38 PM, Jobst Schmalenbach wrote: Ok I try that, but the thing is: * motherboards not that old * its exactly 11 hours (+/- a couple of seconds) each time sounds like a conflict between time zones.a PC hardware clock could be set to UTC or local time. I always set my PC Hardware clocks to localtime, and make sure Unix knows it. darnit, I can't remember where that setting is right now. Seems to me that the kernel is expecting the hardware clock to be at UTC. This may be a bug in hwclock or a typo in /etc/sysconfig/clock Have you tried to setting the hwclock to UTC and leaving it there? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem sending/recieving mails
Hi, I ave setup a CentOS server to act as LAN gateway and also as a transparent proxy server but all client passing through that server are enable to send or recieve mails. The mail server is host on the same LAN running mdaemon, both servers are on private IP block(192.168.0.0/24). Am using cisco router to do port forwading for mailserver(25,110,143) ports. If i eliminate CentOS box and direct traffic direct to cisco router everything works. My question is why is it when i use CentOS box as LAN gateway clients are unable to send/receive mails? I ave done nating on that box. Centos 5.5 full updated. Can you provide an ascii art picture of your network setup please with IP addresses (private ones are fine to show, you can hide the public ones :-)), and also the routing table on the Centos Box Thanks S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: looking for network performance comparison chart
Hi Rudi, Does anyone have, or know of a comparison chart of the different network adapters, i.e. 1GB / 10GB, Infiniband, etc. And if possible with a few top brand NIC's and switches listed as well. I would like to see, for example, what the max throughput is of a 1GB NIC (and this could probably differ from PCI to PCIE-x1 to PCIE-x4), and 10GBE. Different switches would probably also have different ratings, but could a layer 2 switch layer3 switch deliver the same performance for example? Basically I need to know what upload / download speeds I should be getting from the different networks, set aside other options like CPU / RAM / disc IO / etc. If you exclude the host capability to deliver data to the interface and also the ability of the host to assemble and disassemble packets, then the speeds will be dependent on the switches capability to handle the packet size and numbers of packets arriving at an interface in a specific time period. You should expect wirespeeds (minus the overhead of the Ethernet frame and the IP frame) for most switches with usual packet sizes (below 1500 bytes) i.e. the usual (if there is such a thing) packet size, provided that you're not flooding the interfaces with very small packets and your switch is set to store and forward. If your switch is able to cut and forward which is a must for jumbo frames to be handled quickly, then you can also expect close to wirespeeds for any frame size. Cut and forward switches are expensive but are a must for storage networks if you're interested in low latency switching. Layer 3 switching is basically routing done on a switch and therefore increases the latency slightly to a lot as the switch has to decode the layer 3 information and make a decision based on that as opposed to the outer layer 2 information. Due to the many factors affecting network speeds, most switch manufacturers specify the switch capability/capacity in backplane bandwidth, maximum packet numbers switched per second and memory available for store and forward. As soon as one of these limits is breached then the performance will take a hit and this hit can be a big one. I'm sorry that I can't be more helpful and provide you with what you're after, but I hope that this has answered some questions for you. Rgds Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forbidden: can't access *.html files in /var/www/html
Alexander Farber sent a missive on 2010-09-29: Nope this doesn't help. I've tried both 444 and 644 for Alex.html and vice versa: 444 and 644 for the .php and .xml files. On Wed, Sep 29, 2010 at 4:52 PM, Rob Del Vecchio rob.delvecc...@gmail.com wrote: # ls -al Alex.html index.php hello-world.php -r--r--r-- 1 root root 599 Sep 29 15:49 Alex.html -rw-r--r-- 1 afarber afarber 33 Jul 29 11:32 hello-world.php -rw-r--r-- 1 root root 5631 Jun 27 09:38 index.php Why is Alex.html only readable and the php files readable *and* writable? Did you try making the php files *only readable* and see what happens? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi. Can you show the output of ls -laZ please? This will show the selinux context information for the files - the error is usually to do with the context of the files. Rgds S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forbidden: can't access *.html files in /var/www/html
Alexander Farber sent a missive on 2010-09-29: On Wed, Sep 29, 2010 at 5:29 PM, Simon Billis si...@houxou.com wrote: Can you show the output of ls -laZ please? This will show the selinux context information for the files - the error is usually to do with the context of the files. Hello and thanks for your reply. The SELinux stuff is new for me. Yes I have moved that Alex.html from my home dir and (the 1st one fails): # ls -laZ /var/www/html/Alex.html -r--r--r-- root root system_u:object_r:user_home_t /var/www/html/Alex.html You can see here that the context is incorrect for the file to be served by apache. You can change it using: chcon user_u:object_r:httpd_sys_content_t /var/www/html/Alex.html with no quotes. This will change the file to the specific context needed. You can also use restorecon -R as others have mentioned # ls -laZ /var/www/html/test/Alex.html -r--r--r-- root root user_u:object_r:httpd_sys_content_t /var/www/html/test/Alex.html # ls -laZ /var/www/html/index.php -rw-r--r-- root root user_u:object_r:httpd_sys_content_t /var/www/html/index.php # ls -laZ /var/www/html/hello-world.php -rw-r--r-- afarber afarber user_u:object_r:httpd_sys_content_t /var/www/html/hello-world.php I'm using http, not https. And /usr/sbin/getenforce prints Enforcing. You can use setenforce 0 without the quotes to disable selinux from the command line till next reboot or until you issue setenforce 1 - this is useful for testing as is looking at /var/log/audit/audit.log and also using commands such as audit2why and audit2allow (I strongly recommend reading at least the man pages and also such websites as http://www.nsa.gov/research/selinux/docs.shtml (google selinux)) I didn't know that there were additional attributes for the files. And I don't know how to stop/start SELinux (it is not a service in /etc/init.d, right?) but I'd like to keep SELinux running, since all other programs I've listed seem to cope okay with it. I recommend that you keep selinux running and enforcing and that you spend some time learning it. It is very useful. The config files are located here: /etc/selinux and you can set selinux to be disabled or if you want permissive i.e. it will not stop you or others doing things but will report on the violations. Have fun S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Date drift and ntpd
Jason Pyeron sent a missive on 2010-08-12: We have a local time server and all of our machines are pointed at it for the time. How can the clock drift by a day and a half? [r...@devserver21 ~]# date Fri Aug 13 14:43:29 EDT 2010 [r...@devserver21 ~]# rdate -s 192.168.1.67 [r...@devserver21 ~]# date Thu Aug 12 07:02:39 EDT 2010 [r...@devserver21 ~]# cat /etc/ntp.conf | grep -v ^# | grep -v ^$ restrict default nomodify notrap noquery restrict 127.0.0.1 server 192.168.1.67 server 192.168.1.66 server 192.168.1.65 server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008 keys/etc/ntp/keys Hi, It is unlikely that the machine in question drifted forward in time if ntpd was running. Have a look at the logs /var/log/messages it should contain the ntpd log messages which will help you determine what happened to the time. Also check that ntpd is running with: service ntpd status and also chkconfig ntpd --list will show the startup position of ntpd HTH Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Date drift and ntpd
Hi, Jason Pyeron sent a missive on 2010-08-12: We have a local time server and all of our machines are pointed at it for the time. How can the clock drift by a day and a half? [r...@devserver21 ~]# date Fri Aug 13 14:43:29 EDT 2010 [r...@devserver21 ~]# rdate -s 192.168.1.67 [r...@devserver21 ~]# date Thu Aug 12 07:02:39 EDT 2010 [r...@devserver21 ~]# cat /etc/ntp.conf | grep -v ^# | grep -v ^$ restrict default nomodify notrap noquery restrict 127.0.0.1 server 192.168.1.67 server 192.168.1.66 server 192.168.1.65 server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008 keys/etc/ntp/keys Hi, It is unlikely that the machine in question drifted forward in time if ntpd was running. Have a look at the logs /var/log/messages it should contain the ntpd log messages [r...@devserver21 ~]# grep ntpd /var/log/messages /snip /SNIP Jul 29 17:47:24 devserver21 ntpd[3475]: synchronized to LOCAL(0), stratum 10 Aug 12 22:48:29 devserver21 ntpd[3475]: sendto(192.168.1.66): Operation not permitted [r...@devserver21 ~]# uptime 08:10:19 up 164 days, 9:56, 2 users, load average: 0.20, 0.54, 0.81 [r...@devserver21 ~]# What happened between July 29 and now? Is there nothing in the logs for that period? Rgds S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Date drift and ntpd
Hi, Jason Pyeron sent a missive on 2010-08-12: We have a local time server and all of our machines are pointed at it for the time. How can the clock drift by a day and a half? /SNIP It is unlikely that the machine in question drifted forward in time if ntpd was running. Have a look at the logs /var/log/messages it should contain the ntpd log messages [r...@devserver21 ~]# grep ntpd /var/log/messages /snip Jul 28 20:34:41 devserver21 ntpd[3475]: synchronized to 192.168.1.65, stratum 3 Jul 28 21:08:00 devserver21 ntpd[3475]: synchronized to LOCAL(0), stratum 10 Jul 28 21:08:00 devserver21 ntpd[3475]: frequency error -512 PPM exceeds tolerance 500 PPM This indicates the hardware clock frequency error exceeds the rate the kernel can correct. This could be a hardware or a kernel problem. /SNIP Jul 28 23:06:05 devserver21 ntpd[3475]: time reset +0.554019 s Jul 28 23:10:14 devserver21 ntpd[3475]: synchronized to LOCAL(0), stratum 10 Jul 28 23:17:36 devserver21 ntpd[3475]: synchronized to 192.168.1.67, stratum 3 Jul 28 23:20:46 devserver21 ntpd[3475]: synchronized to 192.168.1.66, stratum 3 Jul 28 23:22:52 devserver21 ntpd[3475]: synchronized to 192.168.1.65, stratum 3 Jul 28 23:33:28 devserver21 ntpd[3475]: synchronized to 192.168.1.65, stratum 3 Jul 28 23:34:37 devserver21 ntpd[3475]: time reset -0.866445 s /SNIP Jul 29 00:42:44 devserver21 ntpd[3475]: time reset -0.922073 s /SNIP Jul 29 10:50:57 devserver21 ntpd[3475]: time reset -1.638135 s /SNIP Jul 29 15:59:17 devserver21 ntpd[3475]: time reset -1.599691 s /SNIP The above lines show that the time on the server was gaining slightly - but this could be caused by the stratum 3 server losing time slightly due to loading issues perhaps or by a hardware fault locally Aug 12 22:48:29 devserver21 ntpd[3475]: sendto(192.168.1.66): Operation not permitted I suspect that you have a firewall in place that is blocking the outgoing connections from this point. Rgds S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Remote nautilus, X display forwarding problem
Hi Dotan, I need to open a Nautilus window on a headless server, but no matter what I try it complains about the display: ✈dcl:~$ xhost + localhost localhost being added to access control list ✈dcl:~$ ssh -X u...@ip.address [u...@centos-55-32-minimal ~]$ export DISPLAY=localhost:0.0 [u...@centos-55-32-minimal ~]$ nautilus --display=0:0 cannot open display: 0:0 Run 'nautilus --help' to see a full list of available command line options. [u...@centos-55-32-minimal ~]$ Googling the situation it looks like I've covered all the steps: enabling remote X, X forwarding, display export and telling Nautilus which display to use. Any other ideas? Thanks! Check that you have X11Forwarding yes in sshd.conf Rgds Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Remote nautilus, X display forwarding problem
On Fri, Aug 6, 2010 at 11:43, Simon Billis si...@houxou.com wrote: Check that you have X11Forwarding yes in sshd.conf Rgds Simon Thanks, Simon, it appears so: [r...@centos-55-32-minimal ~]# cat /etc/ssh/sshd_config | grep X11Forwarding #X11Forwarding no X11Forwarding yes The SSH server (and the machine itself) had been reset since that change has been made, of course. Having reread your OP - try running nautilus without the display setting at the end (it's superfluous considering that you have a exported the display variable) as you had a typo in the incatation or replace the : with a . HTH S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Remote nautilus, X display forwarding problem
Hi, On Fri, Aug 6, 2010 at 12:05, Simon Billis si...@houxou.com wrote: On Fri, Aug 6, 2010 at 11:43, Simon Billis si...@houxou.com wrote: CUT Still no luck: [u...@centos-55-32-minimal ~]$ nautilus cannot open display: Run 'nautilus --help' to see a full list of available command line options. [u...@centos-55-32-minimal ~]$ nautilus --display=0.0 cannot open display: 0.0 Run 'nautilus --help' to see a full list of available command line options. [u...@centos-55-32-minimal ~]$ Ah yes - Hakan Koseoglu has correctly identified the problem in his recent sorry to have wasted your time :-) S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Recommendation for a good Internationalized terminal software
Digimer sent a missive on 2010-06-22: Hi all, We've got server-based application that runs on CentOS. Until now, most of our customer's end-users have accessed the application using either PuTTY or Teraterm. I was asked yesterday to try and find internationalized add ons or alternatives for our new Asian customers (Japan, Korea and China atm). I figured if anyone would be able to recommend terminal emulation programs, it'd be you guys. So, would anyone be able to recommend any windows-based, Asian character set telnet/ssh terminal apps? Thanks! Sorry for being a bit off topic, too. :) Hi, Check out http://www.celestialsoftware.net/terminal-features/international-terminal-fe atures.html I use absolute telnet and I love it. It does everything that I need and more. I've not used the international features, but I think that it may work for you. Rgds Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clustered file system of choice
Boris Epstein sent a missive on 2010-06-16: Hi all, I am just trying to consider my options for storing a large mass of data (tens of terrabytes of files) and one idea is to build a clustered FS of some kind. Has anybody had any experience with that? Any recommendations? Thanks in advance for any and all advice. Take a look at hadoop http://hadoop.apache.org and specifically HDFS (hadoop distributed file system) http://hadoop.apache.org/hdfs/ I've used it in conjunction with nutch across 20 odd servers (circa 10TB). When I used it the down side was a single metadata node, but this may have changed by now. The data is stored redundantly across the nodes and doesn't seem to require any special hardware (I ran it on dell 1425's). HTH Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cacti/snmp question
From: Whit Blauvelt Should be useful when I extend our Nagios monitoring to include snmp data. We're using Nagios extensively, but it doesn't seem suited to the sort of load graphing we need for our CPU cores - or if it is it's a side of Nagios I'm unfamiliar with (which could be, it's nicely extensible). Take a look at ganglia - http://ganglia.sourceforge.net/ This may do what you need. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for Linux variant of chairgun
Hi, Does anyone know of a good Linux alternative to Chairgun (http://www.chairgun.com/), which is used with air riffles? I don't know of a linux alternative, but you could run this under wine I would think. Rgds Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Strange Email Problem
Susan Day sent a missive on 2010-05-21: Hi; I have an email form that worked fine until now. For some reason, if I send an email to an email address at a domain that I control, I can receive the email TTW no problem. However, if I try and push it to, for example, this gmail account, I never get it. It's not even in the spam filter. What could this be? TIA, Susan You should check the logs on the sending mail server and also do a tcpdump of the conversation between the mail server and google. You'll find out what the problem is that way. Rgds Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Strange Email Problem
Susan Day sent a missive on 2010-05-21: Here are what the logs have to say: @40004bf6cfc4383bc65c delivery 6217: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/ @40004bf6cfc4383c5eb4 status: local 0/10 remote 0/255 @40004bf6d51e34d61d8c starting delivery 6218: msg 97881531 to remote suzieprogram...@gmail.com @40004bf6d51e34d6449c status: local 0/10 remote 1/255 @40004bf6d51e37303e14 starting delivery 6219: msg 97881555 to remote suzieprogram...@gmail.com @40004bf6d51e373078ac status: local 0/10 remote 2/255 @40004bf6d51e373143cc delivery 6218: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/ @40004bf6d51e373241b4 status: local 0/10 remote 1/255 @40004bf6d51e37807d0c delivery 6219: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/ @40004bf6d51e3780bf74 status: local 0/10 remote 0/255 Extract from: http://nixforums.org/about25455-Help-Diagnosing-CNAME_lookup_failed_temporar ily.html The likely cause of this is qmail's inability to handle large DNS packets. The most-recommended solution is to install dnscache (from djbdns), which trims off some unnecessary data and usually makes these packets small enough for qmail to handle. The more correct solution is to apply the oversize DNS packets patch to qmail (see qmail.org). A hackish-but-fast solution is to choose one of Earthlink's MXs, and put it in your smtproutes file. Not good long-term, but it will get the mail out of your queue while you work on a better solution. I wouldn't put earthlinks mx in your smtproutes but you could put in you isp's if you wanted to as a quick and dirty fix. HTH Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Strange Email Problem
Simon Billis sent a missive on 2010-05-21: Just to correct something I wrote: Susan Day sent a missive on 2010-05-21: Here are what the logs have to say: @40004bf6cfc4383bc65c delivery 6217: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/ @40004bf6cfc4383c5eb4 status: local 0/10 remote 0/255 @40004bf6d51e34d61d8c starting delivery 6218: msg 97881531 to remote suzieprogram...@gmail.com @40004bf6d51e34d6449c status: local 0/10 remote 1/255 @40004bf6d51e37303e14 starting delivery 6219: msg 97881555 to remote suzieprogram...@gmail.com @40004bf6d51e373078ac status: local 0/10 remote 2/255 @40004bf6d51e373143cc delivery 6218: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/ @40004bf6d51e373241b4 status: local 0/10 remote 1/255 @40004bf6d51e37807d0c delivery 6219: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/ @40004bf6d51e3780bf74 status: local 0/10 remote 0/255 Extract from: http://nixforums.org/about25455-Help-Diagnosing- CNAME_lookup_failed_temporar ily.html The likely cause of this is qmail's inability to handle large DNS packets. The most-recommended solution is to install dnscache (from djbdns), which trims off some unnecessary data and usually makes these packets small enough for qmail to handle. The more correct solution is to apply the oversize DNS packets patch to qmail (see qmail.org). A hackish-but-fast solution is to choose one of Earthlink's MXs, and put it in your smtproutes file. Not good long-term, but it will get the mail out of your queue while you work on a better solution. I wouldn't put earthlinks mx in your smtproutes but you could put in you isp's if you wanted to as a quick and dirty fix. It's been a long day, I'd not do the smtproutes but instead patch qmail or install the djb dnscache - the issue is caused by large udp (I think) packets being returned by the dns to qmail. I think that you could also use a smart smtp host instead of sending the mail out directly (if you have access to an smtp host that is working). HTH Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not firewall, but what?
Hi, Philippe Naudin sent a missive on 2010-05-07: Le Fri, 07 May 2010 07:38:45 +0300, Jussi Hirvi a écrit : ... You could test yourself if you can see http://62.236.221.71 (the problem system) http://62.236.221.78 (another guest on the same xen host) If someone *cannot* see the 1st one, then it would be interesting to know if (s)he can see the 2nd one or not. It is the case from 147.99.7.1, and not only for port 80 : $ ping -c 10 62.236.221.71 PING 62.236.221.71 (62.236.221.71) 56(84) bytes of data. --- 62.236.221.71 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 8998ms $ ping -c 1 62.236.221.78 PING 62.236.221.78 (62.236.221.78) 56(84) bytes of data. 64 bytes from 62.236.221.78: icmp_seq=1 ttl=46 time=58.9 ms --- 62.236.221.78 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 58.975/58.975/58.975/0.000 ms Can you confirm the routing on the two boxes - is there anything different? I would also check the routing on the upstream routers - it is possible that one of your ingress/egress routers has a static entry that is causing issues. I would check all the routers that are inside the 62.236.0.0/15 subnet (BGP thinks that these addresses are part of that subnet). Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to reroute all ADSL traffic via another server on the internet?
Rudi Ahlers sent a missive on 2010-04-28: Hi all, Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access? i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup? Both servers in this case is CentOS linux, but I'm sure that won't make a big difference? In principal yes you can do this type of thing. You'll have to enable ipforwarding on the gateway machine as a minimum. Can you provide more information about your networking setup - ip addresses and subnet masks, with an ascii drawing as well would help if you think it relevant :-), then we can provide detailed answers :-) Thanks Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to reroute all ADSL traffic via another server on the internet?
Simon Billis sent a missive on 2010-04-28: Rudi Ahlers sent a missive on 2010-04-28: Hi all, Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access? i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup? Both servers in this case is CentOS linux, but I'm sure that won't make a big difference? In principal yes you can do this type of thing. You'll have to enable ipforwarding on the gateway machine as a minimum. Can you provide more information about your networking setup - ip addresses and subnet masks, with an ascii drawing as well would help if you think it relevant :-), then we can provide detailed answers :-) Thanks Simon. Sorry miss read your post - you can do what you're after, but this is a proxy in this case i.e. the remote box is acting as a proxy for your adsl connected server. If you're wanting to route all the traffic from your adsl connected box to the remote server, then I would look at using a VPN between the boxes you might be able to use squid on the remote server to be your proxy also. S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to reroute all ADSL traffic via another server on the internet?
Rudi Ahlers sent a missive on 2010-04-28: On Wed, Apr 28, 2010 at 4:31 PM, John Doe jd...@yahoo.com wrote: From: Rudi Ahlers rudiahl...@gmail.com Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access? i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup? Maybe you wann have a look at: http://lartc.org/howto/ JD Thanx JD. I can't load the site though, what is on it? Its the Linux Advanced Routing Traffic Control HOWTO ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to reroute all ADSL traffic via another server on the internet?
Rudi Ahlers sent a missive on 2010-04-28: And I haven't been able to install openvpn on the ADSL hosted server either, so I want to try a gateway type setup Having given this some thought I think that you would do better to provide proxy services on a case by case basis. Attempting to route traffic using a default gateway I don't think is going to work... the next hop is not on a local subnet so I dont think this is going to work (I might be wrong about this). You could have a vpn between the machines - the ADSL gateway machine have a VPN to the IS machine and all traffic from and to the ADSL machine/NAT network behind it is routed over the VPN. This does work and is fairly easy to set-up if you have access to the ADSL machine. If you can't set this up then I think that you should concentrate on providing proxy services for essential services i.e. http, smtp, pop3, imap, ftp (if needed). Squid will do some, you can then use a mail server of your choice to provide smtp relay services, I think that there is a pop3/imap proxy out there also (I've never used one though). For such services the adsl gateway machine can then do DNAT on the outbound packet (using iptables prerouting table) and then the proxied service will then do its thing (hopefully). By far the best solution requiring little effort is a vpn (imho). Rgds Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel Or Hardwar e
Hi, cahit Eyigünlü sent a missive on 2010-04-27: i have seen many times the given error, there was no log about error. You really need to put the error here if you want people to help you. You're not making it easy for us to assist you. Beside this my machine never uses swap i realize that when i have last 500 Mb ram it get this error and after using 5Gb of 8 Gb it decreasing like plane crash :) I've found this form and it is the same with my error : http://www.webhostingtalk.com/showthread.php?t=913156 If I was you I would follow the advice given here - first split the decompression and the tar operation. The you'll know where it is failing. I would also check the memory as this post suggested. There could be a hardware problem i am not sure , i see this error at least one time in a day. Do you have an advice ? Yes, provide more information about _your_ problem in your posts, do not send html emails, do not top post, follow the advice given in the post you referred to. unluckeyly i have found only one people who has the same error with me :) and his machine is also same with mine :D Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] FW: System Resources Graphing
Matt sent a missive on 2010-04-26: Is there a package I can get that will graph system resources such as CPU and disk I/O to an html file or something? You could use any of these hyperic, cricket depending on your needs and wants... I use/used cacti, ganglia, mrtg and hyperic... ganglia we currently use to gather performance data and replaced hyperic (better fit for us) and we also use cacti for collecting snmp data from switches and routers. I'm considering switching to cricket in place of cacti for performance reasons (only generates graphs when needed). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables
cahit Eyigünlü sent a missive on 2010-04-24: I have installed shorewall at late last night and i forget it today i've restart my server now i am not able to connect it :D is there any way to connect shorewall ? If you have locked yourself out then you'll need to have physical access to the machine and log in using the console. You may also be interested in a linux based firewall such as IPCOP. http://www.ipcop.org or http://sourceforge.net/apps/trac/ipcop/wiki, but this will turn the machine into a dedicated firewall. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hosting Reco
Hi Joseph, Joseph L. Casale sent a missive on 2010-04-11: I have two needs that require offsite hosting now, anyone know offhand of any of the unlimited storage/bandwidth vendors that exist now that allow remote scp|rsync access to the data, not just in shell scp use? I'm hunting around and its apparently hard to get a straight answer... vps or dedicated is overkill for this one need, and none of those offerings have the storage/bandwidth of the hosting only solutions. If you contact me off list I _may_ be able to help... go to www.houxou.com and contact me via the web form there and we can then discuss your exact requirements. Thanks Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slightly OT: which hardware for CentOS file server (Samba, 2 To storage, 50 users)?
John R Pierce sent a missive on 2010-04-12: Niki Kovacs wrote: Hi, The language lab from the local university has contacted me. They'd like to have a low-cost file server for storing all their language video files. They have a mix of Windows, Mac OS X and even Linux clients, roughly 50 machines. The files are quite big, and they calculated a total amount of 2 To of storage. I'd look at using 1TB drives rather than 2TB, the 2TB seem to be too bleeding edge and have been too many anecdotal reports of problems. for sure you want to use server rated SATA drives for an application like this, such as the WDC RE series, or the Seagate ES series (this has more to do with write buffering and consistent error reporting than it does to do with performance). There are some array providers that are currently using 2TB drives (rorke data for one) - but I would always suggest that you use enterprise quality disks. if this system is going to have 50 clients constantly playing videos on it, then I'd look at 450gb or 600gb SAS drives, and a lot more of them. I would look at the performance of the disk subsystem, make sure that the sustained read of the system is able to keep up with the demands of streaming video - you'll need to have 10K of 15K rpm disks for realtime video if you're streaming to a lot of users. It may be that their expectations are that the video isn't realtime and therefore you will be able to use slower disks and subsystem. If this is to be a rack mounted system in a data center, I'd probably look at a box like a HP DL370, which can hold quite a lot of drives. http://h10010.www1.hp.com/wwpc/us/en/sm/WF05a/15351-15351-3328412- 241644-241475-3890172.html Depending on the number of disks you need (the IO profile will determine the speed/size/interface) you may have to go to an external array. put the lowest end single CPU they offer in it, but get the better raid controller and a reasonable amount of memory, and redundant PSU. get 2 hot spare drives. if initial requirements are 2TB usable storage, thats 4 x 1TB raid10 plus 2 x 1TB spares. also get two small drives (like 72gb sas) for those left-side slots, mirrored for the OS and software. 6gb ram is probably fine. the base model of this system is $3300 with a 4-core 2.4ghz, 6gb ram and 4 gigE ethernet ports (you could gang these to the switch if their network infrastructure supports ether bonding aka ipmp). If it's only files that your sharing then this is fine, but if you intend to change the video quality on the fly then you may need to have something beefier... but the disk subsystem is the key to fast file/video streaming. OSX should be happy with NFS, Linux clients certainly are, and Samba can serve files for Windows clients. You may also be looking at http web services with flash encoding or quicktime - Apple used to have a free version of their quicktime video streaming platform which may work for you. Good luck with this, if it is as you suggest in your post just a file store and not a video streamer platform, then your life is simple. As soon as you enter the world of video streaming, life becomes harder and more expensive. Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Multiple FreeNX servers and SSH ports
Hi Nikki, Niki Kovacs sent a missive on 2010-03-21: Les Mikesell a écrit : You don't really need to change the ports on the hosts. Just configure the router to accept different ports on the internet side and redirect to port 22 at the different IP addresses on the inside. Then you only have to change the client settings for access from outside. I'd move both of them away from port 22 on the outside, though - you'll avoid a lot of password guessing attempts that will happen otherwise. Sorry, but I don't quite follow you. (One of these cases where I feel my IQ is just a bit insufficient :oD) How can I possibly access two distinct machines behind one single IP address when they run SSH on the same port ? You have to use a combination of NAT and PAT (NAT is Network address translation and PAT is Port address translation) on the router. Or, I'll reformulate my question more simply. I have a router with *one* public IP address (213.41.141.252). And behind that router, on the local network, I have two different machines: 192.168.1.2 and 192.168.1.3. Is there a (normal, orthodox) way to SSH into these machines directly from the outside? That is, without logging into the main box and then hopping around internally? Something where in one case, ssh 213.41.141.252 -option gets me into machine A, and then ssh 213.141.141.252 -otheroption gets me into machine B. I'm confused. Depending on your router you will be able to configure it to do what you want. On your router you should be able to do the following: Redirect connections to 213.141.141.252 port to 192.168.1.2 port 22 AND Redirect connections to 213.141.141.252 port 2223 to 192.168.1.3 port 22 You then can connect using your favourite ssh client (mine is absolute telnet :-) ) by connecting to 213.141.141.252 port you'll be connected to 192.168.1.2 via ssh. Simples! Hope this helps Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] multi-core performance
Pete Kay sent a missive on 2010-03-01: Hi, Does anyone know how to turn on TOE ( TCP offload engine ) and RSS ( Receive-Side Scaling)? Thanks, pete ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi Peter, Check out http://www.linuxfoundation.org/collaborate/workgroups/networking/toe to see why it is not supported. If you want to improve the performance of IP then this link may help http://www.psc.edu/networking/projects/tcptune/ Rgds Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Email Problem
Dear Susan, Susan Day sent a missive on 2010-02-26: Here's my question again: The following message appears to have been sent, but in fact never does reach their destination: That's not a correct statement - your email does reach google as can be seen from your qmail log [root qmail-send]# tail current @40004b87b3d3392cbddc new msg 97881462 @40004b87b3d3392cc5ac info msg 97881462: bytes 531 from suzieprogram...@gmail.com qp 23629 uid 508 @40004b87b3d33b7f700c starting delivery 4: msg 97881462 to remotesuzieprogram...@gmail.com @40004b87b3d33b7f7bc4 status: local 0/10 remote 1/255 @40004b87b3d4338aec64 delivery 4: success: 209.85.216.35_accepted_message./Remote_host_said:_250_2.0.0_OK_1267184 5 86_6si3416200pxi.53/ This ip address is google's and the remote host accepted the mail. whois 209.85.216.35 [Querying whois.arin.net] [whois.arin.net] OrgName:Google Inc. @40004b87b3d4338af434 status: local 0/10 remote 0/255 @40004b87b3d4338d4dc4 end msg 97881462 SNIP Why? That is a good question - I guess that google's email system thinks you're sending them spam. If you want your mail to be accepted you may need to have implemented SPF and domainkeys. Also I think that if you are using a script to generate the email then ensure that you are creating the required headers and that your mail conforms to the rfc. You can also try to send mail to your google address by hand i.e. telnet to google's mail platform on port 25 and mimic the smtp conversation by hand to see if you can get any further HTH Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Email Problem
Hi Sue, From: Susan Day suzieprogram...@gmail.com [root]# telnet mail.mydomain.com 25 Trying 209.216.9.56... Connected to mail.mydomain.com. Escape character is '^]'. 220 mail.mydomain.com ESMTP HELO mail.mydomain.com 250 mail.mydomain.com MAIL FROM su...@mydomain.com 250 ok RCPT TO suzieprogram...@gmail.com 250 ok DATA testing 354 go ahead . 250 ok 1267194591 qp 11432 quit 221 mail.mydomain.com Connection closed by foreign host. [root]# I didn't receive any message. Time for domainkeys? Hum... maybe Google checks if the reverse dns matches... Or maybe check http://www.openspf.org/SPF_Record_Syntax JD From earlier posts you will have seen that you need to create the headers correctly in the body part of the email (just after you entered in DATA). Also do not spoof the domain in the helo portion either your email MUST be valid in every way or it WILL be discarded by the anti-spam measures. Also if you continue to send spam to their servers you WILL become black listed and then even legitimate email will not be delivered. If you implement SPF make sure that you get it right or your mail will be blocked there are plenty of spf checkers out there. Finally, I would not send mail to service providers like hotmail or google until I had my script emailing my local domain correctly at least when you send mail to your localdomain, you're in control of the reception as well as the transmission. Good luck Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to show only quota limit to users via SSH?
Rudi Ahlers sent a missive on 2010-02-24: On Wed, Feb 24, 2010 at 1:31 PM, Kai Schaetzl mailli...@conactive.com wrote: df does not show quota. quota shows quota. And if you do not want to have the user access to a certain program you have to remove it or prohibit access otherwise (- restricted shell). Kai -- Kai, don't take this the wrong way, but I can see this is going nowhere. When Bob logs into the server, via SSH, I want him to see how much space he has left. The server uses quotas to limit the user's space, and df -h only shows the whole server's disk usage, not the users. Is it possible, with df to show the user's disk usage, or not? No it is not possible to do this with df. df is not able to show user quotas nor is it possible to limit it to display only the user space available. Perhaps if you were to create a partition specifically for the user then you could allow them to use df. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to show only quota limit to users via SSH?
Rajagopal Swaminathan sent a missive on 2010-02-24: Greetings, On Wed, Feb 24, 2010 at 5:30 PM, Simon Billis si...@houxou.com wrote: Is it possible, with df to show the user's disk usage, or not? No it is not possible to do this with df. du -sh /home/user, perhaps may help. Regards Rajagopal Good idea :-)... however, the user would still be able to run df -h unless the shell was restricted. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] change network switch need 'arp clear cache?
Hi, mcclnx mcc sent a missive on 2010-02-23: we plan to change network switch and firewall machine to new one. Network engineer told me after switch and firewall equipment change I may need run 'arp ... to clear out cache on every CENTOS servers due to switch and firewall MAC address change. we have 30 to 40 CENTOS 4.X and 5.X my affect. my question are: 1. does switch and firewall equipment change need LINUX client clear cache? No, it can be completed without a cache clear. I have completed the same sort of thing by connecting the new switch to the old one, making sure that I can see the new switch from a server and then moving each Ethernet cable across from the old switch to the new switch. When it comes to the firewall, there will be a slight delay in traffic flows which should be a couple of seconds as each server will issue an arp request as the firewall mac address will have changed and will need to be re arp'ed. Beware of Cisco kit however, as some of this kit has an arp timeout of 5 mins and therefore on the Cisco kit you will have to clear the arp cache of this kit if it is in front of or behind the firewall. 2. if needed, how to clear cache and get new info about switch and firewall? You have to delete each entry from the cache using arp -d {hostname} afaik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] processor affinity
Adam Grossman sent a missive on 2010-02-17: On Wed, 2010-02-17 at 13:26 -0500, Adam Grossman wrote: On Wed, 2010-02-17 at 18:17 +, Simon Billis wrote: Adam Grossman sent a missive on 2010-02-17: Hello, i am running CentOS 5.4. i have a requirement where i need to have 1 application have a single processor all to its self, and the rest of the system run on the other processors. taskman lets me bind the process to a processor(s), but it does not make it exclusive. Is this possible to do? i have even tried mucking around with the rc.sysinit, but to no avail. thank you very much, Have you considered running through the pids of the all tasks and then using taskset to change their affinities. You could also change all the init scripts to invoke the process using something like taskset -p [mask] [pid] and limit the mask to only the first few CPU's that you want them to have access to. that's probably a good idea. have it be the last service that runs which moves everything to the processors i want. i am going to give that an try. i was asked to do this for increased performance. but does centos have any SMP load balancing which would probably work better then manually doing load balancing? Linux does have cpu load balancing to maximise performance, but performance of an application/process relies on many things. You may have to tune the system for that particular application and also reduce the number of other processes running to maximise the performance. Application tuning may also be required for maximum performance gains. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] best practice: how to setup a central network installation server?
Hi Rudi, Rudi Ahlers sent a missive on 2010-02-18: Hi, I want to setup a central installation server, but haven't done this before, so I want to find out what would be best practices for this? The server I have already runs as a central repo, which is updated from one or our local centos mirrors, and the other CentOS servers (both i386 x64), as well as CentOS VPS's get their updates from this server. But, now I want to allow a client to perform a quick network installation, using either a netbood CD, or preferably with the server's network bootrom. I understand this can be done with bootp, or am I on the wrong track? the server is a general file server and also acts as our in-office internet gateway, and has Webmin installed for convenience sake. I don't know if this is of any use? Generally we would be (re)installing CentOS servers desktops, but I guess it could be useful for other distro's like Fedora Core / Debian / FreeBSD? / etc. What would be a good option to go for, or could someone point me to a good documentation? Doing a google search I found a lot of instructions on how to perform a network installation on the client PC's, but not how to configure the server. Maybe I used the wrong key words? I'm not suggesting that this is best practice but this works in my environment for unattended installations or reinstallations. 1) The first thing that I did to get this to work was to have a web server hold the distribution of Centos needed. This was accessible to the servers that I was building using a boot CD and specifying network install. 2) I then automated this installation using kickstart files also held on the web server. 3) I then setup a PXE boot server using tftpd and configured the server to be built to boot via PXE (using dhcp options to point to the correct pxe boot server and boot file) and then to connect to web server to built itself. 4) I also use koan on existing systems to enable me to rebuild them remotely. Using koan I am able to reboot the machine and it will then pxe boot (without the need to have bios set) and complete the installation. I hope that this points you in the right direction. Rgds Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] processor affinity
John Doe sent a missive on 2010-02-18: From: Simon Billis si...@houxou.com To: CentOS mailing list centos@centos.org Sent: Thu, February 18, 2010 11:25:41 AM Subject: Re: [CentOS] processor affinity Adam Grossman sent a missive on 2010-02-17: On Wed, 2010-02-17 at 13:26 -0500, Adam Grossman wrote: On Wed, 2010-02-17 at 18:17 +, Simon Billis wrote: Adam Grossman sent a missive on 2010-02-17: Hello, i am running CentOS 5.4. i have a requirement where i need to have 1 application have a single processor all to its self, and the rest of the system run on the other processors. taskman lets me bind the process to a processor(s), but it does not make it exclusive. Is this possible to do? i have even tried mucking around with the rc.sysinit, but to no avail. thank you very much, Have you considered running through the pids of the all tasks and then using taskset to change their affinities. You could also change all the init scripts to invoke the process using something like taskset -p [mask] [pid] and limit the mask to only the first few CPU's that you want them to have access to. that's probably a good idea. have it be the last service that runs which moves everything to the processors i want. i am going to give that an try. i was asked to do this for increased performance. but does centos have any SMP load balancing which would probably work better then manually doing load balancing? Linux does have cpu load balancing to maximise performance, but performance of an application/process relies on many things. You may have to tune the system for that particular application and also reduce the number of other processes running to maximise the performance. Application tuning may also be required for maximum performance gains. What about renicing processes...? JD I personally would only renice my processes - most system processes need to run at a higher priority than user tasks so things dont break. They also only utilise a very small proportion of the system so should be negligible in most instances. In my experience understanding what your application is doing provides the insight into tuning the system for maximum performance. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] udp stream multiply
Jure Pečar sent a missive on 2010-02-17: Hello, Not strictly a CentOS question, but I hope someone can hint me in the right direction ... I have an incoming udp data stream to public interface that I want to duplicate and multipy to three or more destinations on the internal interface. Currently I've managed to put together netcat listener with output to pipe and socat reading from that pipe to a single destination. I hoped I could have more than one socat reader from the pipe, but that does not seem to be the case. So I'm able to only redirect stream to a single destination on lan. I'd also like to avoid this mess of shell tools and pipes and am looking for a cleaner solution. Any hints? Perhaps retransmitting to a multicast address? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] processor affinity
Adam Grossman sent a missive on 2010-02-17: Hello, i am running CentOS 5.4. i have a requirement where i need to have 1 application have a single processor all to its self, and the rest of the system run on the other processors. taskman lets me bind the process to a processor(s), but it does not make it exclusive. Is this possible to do? i have even tried mucking around with the rc.sysinit, but to no avail. thank you very much, Have you considered running through the pids of the all tasks and then using taskset to change their affinities. You could also change all the init scripts to invoke the process using something like taskset -p [mask] [pid] and limit the mask to only the first few CPU's that you want them to have access to. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue. Resolved
Dear Les et al, Thanks for your assistance with this thorny issue. I have finally resolved the problem by utilising the following: 1) I have added to the access map of sendmail all the domains that accept mail for any user, u...@domain for those email accounts that exist and hosts that are internal to my network which will send mail via these boxes e.g. internalhostRELAY domain1 RELAY u...@domain2RELAY u...@domain1RELAY 2) I then appended to the end of this file reject lines to reject mail to unknown users e.g. domain2REJECT So now my access map looks like this: internalhostRELAY domain1 RELAY u...@domain2RELAY u...@sub.domain1RELAY domain2 REJECT sub.domain1 REJECT 3) I created a relay-domains file and added to that all the domains that I was going to relay for e.g. domain1 domain2 etc. 4) restarted sendmail (which rebuilt access.db and allowed sendmail to read in the relay-domains file) My mail scanners now accept mail for relay/scanning from my internal hosts to any address, from external hosts to mail accounts that exist and to any account at a domain that has a catch all account setup. All other mail is rejected with either Access denied or Mailbox for this user is disabled. All this was achieved using a shell script to find the domains from the qmail server (pop host) and parse the .qmail-* files for each domain and account and build the relevant files. As this is a live service which has the potential to change this script is run via cron on a regular basis to catch the changes. Currently on the pop host this takes about 10 mins to run as it is trawling the filesystem for changes (due to legacy accounts being manually created outside of out provisioning tools negating the opportunity to use the database that exists.) Thanks again for your help and comments, they were and continue to be very useful. Rgds Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best way to backup virtual machines from Citrix XenServer.
Pasi Kärkkäinen sent a missive on 2010-02-09: On Mon, Feb 08, 2010 at 12:07:30PM -0800, nate wrote: Simon Billis wrote: Good quality storage (which usually comes at a price) will provide the functionality that is needed to backup the VM's either as a complete VM image or files from the VM filesystem. Entry level storage from suppliers such as Equallogic/Dell comes with this functionality and it is possible to have the storage up and attached to servers within 10 mins from un-boxing it (but do allow a little longer to understand it ;-) .) Suggest reading this interesting piece 3 years of equallogic before thinking about using it's snapshot stuff - http://www.tuxyturvy.com/blog/index.php?/archives/61-Three-Years-of- Eq uallogic.html Of course not all snapshot solutions are created equal, equallogic's appears to be especially poor in this regard. I think that blog post gives too negative view of the EQL snapshots. They work very well for many use cases. Having a lot of random small writes all over the volume seems to cause a lot of wasted disk space though. I agree - I'm not suggesting that the EQL box is the best thing since sliced bread, but it does what it says on the tin. There are better/different arrays and array controllers out there (3par, BlueArc, Pillar, EMC, Hitachi etc., etc., etc.,) and depending on your needs and budget both now and in the future and it would be wise to select the one that provides the best fit for you and your business. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best way to backup virtual machines from Citrix XenServer.
Rudi Ahlers sent a missive on 2010-02-07: 2010/2/5 Simon Billis si...@houxou.com Do you have any shared storage that you're using which supports snapshots? If you do, then a combination of coalescing the running VM's to disk and taking a snap and also using traditional backup methods (application aware) to disk/tape for archival and complete failure of the storage is a reasonable thing to do. the main problem with this, is that one client on that VM (think about shared hosting accounts on the VM) wants to restore a single file, or a few files, then you're going to have to restore the whole snapshot and a lot of other files will be lost. Not necessarily, some storage will allow the mounting of a snap as readonly specifically to allow for this type of restore. The storage will also allow for the snap to be R/W or duplicated and to be allocated to another host to become a live machine. I'm experimenting with an NFS mount from our backup server. Basically, export the NFS share, and mount it inside the VM, then use your favorite backup procedure / software. For our cPanel VM's, we use cPanel's native backup function which makes use of rsync - and allows us to restore a single file if needed. For other VM's without a control panel, rsync also works well. I've had mixed results with NFS, sometimes under high loading it would fail and usually when I was in the process of backing up a few machines (four or more) at once to the NFS server. Good quality storage (which usually comes at a price) will provide the functionality that is needed to backup the VM's either as a complete VM image or files from the VM filesystem. Entry level storage from suppliers such as Equallogic/Dell comes with this functionality and it is possible to have the storage up and attached to servers within 10 mins from un-boxing it (but do allow a little longer to understand it ;-) .) I do believe that all backup strategies need to be examined frequently to ensure that they have met and are meeting your needs as the requirement often changes when new applications are rolled out or the usage of an existing application changes. S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] directory and file permission help
John Doe sent a missive on 2010-02-08: From: adrian kok adriankok2...@yahoo.com.hk I move a zip file from window to linux but all permission of folder and files are kept in 700 How can I change it one time? I don't need to change directory under directory to change as folder as 755 and files as 644 You could use find -type X (X = 'd' for directories and 'f' for files) Indeed, not forgetting that you can use -exec option with find to do the actuall change to the files/dirs I.e. for directories within the zip Bash# find ./ -type d -exec chmod 755 {} \; ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slowness in sendmail - 60 second timeout
Jerry Geis sent a missive on 2010-02-08: I am sending an email from my machine devcentos5x64. the transcript below (hangs for 60 seconds) at the line: MAIL From:r...@devcentos5x64.msgnet.com SIZE=56 auth=r...@devcentos5x64.msgnet.com The email succeeds - but I am trying to figure out the 60 second delay. Neither email server is busy. Nothing is waiting. the DNS on both machines point to the same nameserver. The DNS responds very fast when looking up server names. What else can I look for to remove the slowness or delay? jerry date | mail -v -v -v -v ge...@pagestation.com ge...@pagestation.com... Connecting to [127.0.0.1] via relay... 220 devcentos5x64.msgnet.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 8 Feb 2010 10:02:15 -0500 EHLO devcentos5x64.msgnet.com 250- devcentos5x64.msgnet.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250- DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP MAIL From:r...@devcentos5x64.msgnet.com SIZE=56 auth=r...@devcentos5x64.msgnet.com 250 2.1.0 r...@devcentos5x64.msgnet.com... Sender ok RCPT To:ge...@pagestation.com DATA 250 2.1.5 ge...@pagestation.com... Recipient ok 354 Enter mail, end with . on a line by itself . 250 2.0.0 o18F2FMV002336 Message accepted for delivery ge...@pagestation.com... Sent (o18F2FMV002336 Message accepted for delivery) Closing connection to [127.0.0.1] QUIT 221 2.0.0 devcentos5x64.msgnet.com closing connection [r...@devcentos5x64 src]# Check your DNS resolution settings - it may be dns timeout. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slowness in sendmail - 60 second timeout
Simon Billis sent a missive on 2010-02-08: Jerry Geis sent a missive on 2010-02-08: I am sending an email from my machine devcentos5x64. the transcript below (hangs for 60 seconds) at the line: MAIL From:r...@devcentos5x64.msgnet.com SIZE=56 auth=r...@devcentos5x64.msgnet.com The email succeeds - but I am trying to figure out the 60 second delay. Neither email server is busy. Nothing is waiting. the DNS on both machines point to the same nameserver. The DNS responds very fast when looking up server names. What else can I look for to remove the slowness or delay? jerry date | mail -v -v -v -v ge...@pagestation.com ge...@pagestation.com... Connecting to [127.0.0.1] via relay... 220 devcentos5x64.msgnet.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 8 Feb 2010 10:02:15 -0500 EHLO devcentos5x64.msgnet.com 250- devcentos5x64.msgnet.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250- DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP MAIL From:r...@devcentos5x64.msgnet.com SIZE=56 auth=r...@devcentos5x64.msgnet.com 250 2.1.0 r...@devcentos5x64.msgnet.com... Sender ok RCPT To:ge...@pagestation.com DATA 250 2.1.5 ge...@pagestation.com... Recipient ok 354 Enter mail, end with . on a line by itself . 250 2.0.0 o18F2FMV002336 Message accepted for delivery ge...@pagestation.com... Sent (o18F2FMV002336 Message accepted for delivery) Closing connection to [127.0.0.1] QUIT 221 2.0.0 devcentos5x64.msgnet.com closing connection [r...@devcentos5x64 src]# Check your DNS resolution settings - it may be dns timeout. Sorry to be more specific - make sure that devcentos5x64.msgnet.com is resolvable. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slowness in sendmail - 60 second timeout
Jerry Geis sent a missive on 2010-02-08: /Sorry to be more specific - make sure that devcentos5x64.msgnet.com is resolvable. from pagestation.com I can ping devcentos5x64.msgnet.com - this entry is in the /etc/hosts file on that machine. There is no official MX record for devcentos5x64.msgnet.com there is for pagestation.com. I'm not clear that there is a dns/host entry for devcentos5x64.msgnet.com on devcentos5x64.msgnet.com. I would make sure that there is an entry for this host on devcentos5x64.msgnet.com. If there is then apologies for not getting it :-). on pagestation.com I have the /etc/hosts entry and /etc/mail/access entry for devcentos5x64.msgnet.com Perhaps its an MX lookup timeout value. I am looking for a timeout setting or a way to place an entry in a config file that says I know this server or machine, trust it and dont delay. Is there such a setting? I think that sendmail is checking the MAIL command - there are no timeouts that are specific to this rule afaik and sendmail would use a timeout of 1 second (which is doubled to a max of 4 mins) if this was an issue with bogus commands or repeated commands. From your description, it feels as if there is a problem with the name resolution of devcentos5x64.msgnet.com. You may wish to enable FEATURE(delay_checks)dnl in the sendmail.mc and rebuild the sendmail.cf file and see if it helps. If this makes a difference then I would look in the MAIL command checks. Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Hi, On 2/4/2010 3:31 PM, Kai Schaetzl wrote: What do you mean? Forwarding to the virtuser expansion address should work just like any other address. It sounds like he didn't forward before, but queue and deliver (e.g. he's the only available MX and queues for a firewalled MX or uses mailertable to get the mail delivered). If he goes to virtusertable he has to fill the table with valid forwards. The point would be able to include a default reject rule for each domain, which means that you have to supply valid forwards for all addresses you don't want to reject at the relay. (You could default to forwarding, but that doesn't help with the backscatter issue). But that doesn't change the ability to queue/deliver except that the relay has to accept the domains as local to do the virtuser lookup so the new target has to have a different name for the delivery host. I'm not sure how that relates to your distinction between forwarding and queuing. Sendmail has local and remote addresses, but remote ones all go through the same steps. I am queuing and delivering using mailertable currently - hence the issue with backscatter as some of the domains do not have catch-all accounts. I am able to produce a list of valid email accounts and domains without a catch-all account so I should be able to create a virtusertable with the required entries to either accept all mail for a domain and then forward it to a specific account (the catch-all account) or to only accept mail for a specific account and then forward it to the same address (is this valid?) by again using mailertable(?). I think that using access.db and relay-domains may also work as needed. Thanks very much for your help with this and the suggestions it is much appreciated. Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Clustering
Hi, On 2/4/2010 3:17 PM, Bo Lynch wrote: Right know we have about 30 or so linux servers scattered through out or district. Was looking at ways of consolidating and some sort of redundancy would be nice. Will clustering not work with certain apps? We have a couple mysql dbases, oracle database, smb shares, nfs, email, and web servers. Each app has it's own best way to provide the redundancy and auto-failover and it's own set of tradeoffs of the added complexity vs. the possible reduced downtime if the primary fails. I'd balance the options against the low-tech method of having raid mirrors in swappable bays with a spare similar server chassis or two around plus regular backups kept at a different location. The raid lets you continue in the likely event of a disk failure so you can repair it at a convenient time. Other failures (motherboard, power supply) are less likely but can be handled by swapping the drives into an alternate chassis (and with Centos you'll need to re-assign the IP addresses that are tied to the old NIC mac addresses) with a small amount of downtime. And the backups cover things like operator or software errors (that would wipe a cluster too) or a building-level disaster that destroys the disks or the primary and spare chassis at the same time. Some apps may be worth the effort to do better. In our configurations we utilise different strategies depending on what we want to achieve as there isn't really a panacea for this... We use virtual servers, hot standby firewalls/routers, load balanced servers, warm standby servers (using such things as mysql replication, rsync and DRBD to keep the boxes in sync) and shared storage from disk arrays and servers with local disk arrays for local performance and resilience. We have also utilised hadoop (distributed filesystem) on some again to provide resilience within the limitations of hadoop. S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Les Mikesell sent a missive on 2010-02-05: Simon Billis wrote: The point would be able to include a default reject rule for each domain, which means that you have to supply valid forwards for all addresses you don't want to reject at the relay. (You could default to forwarding, but that doesn't help with the backscatter issue). But that doesn't change the ability to queue/deliver except that the relay has to accept the domains as local to do the virtuser lookup so the new target has to have a different name for the delivery host. I'm not sure how that relates to your distinction between forwarding and queuing. Sendmail has local and remote addresses, but remote ones all go through the same steps. I am queuing and delivering using mailertable currently - hence the issue with backscatter as some of the domains do not have catch-all accounts. I am able to produce a list of valid email accounts and domains without a catch-all account so I should be able to create a virtusertable with the required entries to either accept all mail for a domain and then forward it to a specific account (the catch-all account) or to only accept mail for a specific account and then forward it to the same address (is this valid?) by again using mailertable(?). I think that using access.db and relay-domains may also work as needed. Sendmail will only look in virtusertable if it considers the address local (i.e. you've added the target domain to local-host-names). That means you'll have to use some other name for the delivery target in the virtusertable expansion side to get it to forward on. Probably whatever you are using in mailertable will work. You might be able to use u...@[host.domain] notation or u...@[ip_address] there to avoid another MX lookup that would come back to the relay - I'm not sure about that. You'll probably have to do some testing with this part since it is a fairly drastic change to make the targets local - but you can do it one domain at a time. I don't think that this is going to work for me then... I'm not able to change the envelope address for the onward delivery. The final mail server will reject the mail if it is not the original email address that I'm accepting the mail for on the mail scanners. Also I understand from the documentation that mailertable is not used for class {w}, i.e. local host names so I think that I'm stuck with the following choices... 1) getting access.db and relay-domains working correctly with: (a) the _RELAY_FULL_ADDR_ feature (b) without the above feature (which works but without the ability to send mail from our networks from email addresses in the access.db map but I think that this is because I need to add specific hosts to the access map.) 2) utilising a milter. Is this a fair conclusion in your opinion? Thanks Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Clustering
Bo Lynch sent a missive on 2010-02-05: On Fri, February 5, 2010 9:02 am, Athmane Madjoudj wrote: Whats your thoughts on Vmware server over esxi? Really do not want to have to budget for Virtualization if I do not have to. Thanks for any info. Here is a comparison of VMware ESXi and Server notice that server doesn't cost money. http://www.vmware.com/products/server/faqs.html both are proprietary there are a lot of good FOSS alternatives such: KVM (require a modern hardware) Xen (need a patched kernel: available in centos repos) OpenVZ (need a patched kernel: available in openvz repos, mainly for VPS but personalty i use it) HTH -- Athmane Madjoudj Does anyone have any experience with KVM or OpenVZ? If I can stick to something that is not proprietary that would be great. I didn't realize there were so many options. Any info would be greatly appreciated. Bo OpenVZ is containerisation and not virtualisation and therefore limits the os running to a minor version of the base os. If you need to have say Centos4, Centos5, Solaris 10, Windows on the same box then this is not for you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best way to backup virtual machines from Citrix XenServer.
Rafał Radecki sent a missive on 2010-02-05: Hi All. I have installed Citrix XenServer. It's Linux-based virtualization software. Could anyone propose a good way to make backups of virtual machines (Linux/Windows) in it? With regards, R. Do you have any shared storage that you're using which supports snapshots? If you do, then a combination of coalescing the running VM's to disk and taking a snap and also using traditional backup methods (application aware) to disk/tape for archival and complete failure of the storage is a reasonable thing to do. S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Les Mikesell sent a missive on 2010-02-05: Simon Billis wrote: Les Mikesell sent a missive on 2010-02-05: Simon Billis wrote: SNIP What are you currently using in mailertable to get there? If you use [domain] and go to the A record of the same name it might be a problem - but that might work if you try it. Where I've used it, the delivery hosts had their own names that they'd accept in the envelope and the [IP.address] form would also work. Currently I have this in the mailertable: domain(1).com smtp:smtp2.differentdomain.com domain(2).com smtp:smtp2.differentdomain.com ... Domain(n).com smtp:smtp2.differentdomain.com I think that I'm going to have to test this out and see what happens. S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Les Mikesell sent a missive on 2010-02-05: On 2/5/2010 9:53 AM, Simon Billis wrote: SNIP What are you currently using in mailertable to get there? If you use [domain] and go to the A record of the same name it might be a problem - but that might work if you try it. Where I've used it, the delivery hosts had their own names that they'd accept in the envelope and the [IP.address] form would also work. Currently I have this in the mailertable: domain(1).com smtp:smtp2.differentdomain.com domain(2).com smtp:smtp2.differentdomain.com ... Domain(n).com smtp:smtp2.differentdomain.com I think that I'm going to have to test this out and see what happens. I think it should work to put the smtp2.differentdomain.com in the virtusrtable target as long as the destination accepts that as a local name - and you'd have to go out of your way to avoid it if it is the real hostname or reverse DNS name for the interface. Thanks for your help Les, I'll test it all I think and see what happens. S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sendmail mail relay backscatter issue.
Hi Folks, I have a couple of questions which I hope that you will be able to assist with, first some background. I run a few sendmail servers that run MailScanner/Spamassassin/sendmail (current versions) on Centos 5.4 and Centos 4.8 These boxes accept mail for a large number of domains (6000+) scan the mail removing spam and then forward the ham to another server for delivery. I am attempting to stop any backscatter that these servers cause by only accepting mail for specific us...@domain or for domains with a catch-all account. I currently use /etc/mail/access.db as the access map for the domains, but this allows all mail to be accepted for the domain before the attempting to send it on for final delivery which causes NDR and backscatter for those domains which do not have a catch-all account. I have looked at adding To:u...@domain RELAY to the access map and also adding define(`_RELAY_FULL_ADDR_', `1') in the sendmail.mc and running make -C /etc/mail but this has no effect on the sendmail.cf file. My understanding is that if I can get sendmail to accept this undocumented feature then all will be fine as I will be able to use the access map to allow mail to those specific users as well as entries of the type domain RELAY. My first question is: Does anyone have any ideas as to why I wouldn't be able to have this change reflected in sendmail.cf? My second question is: Does anyone have any ideas on how to utilise access map and relay-domains to achieve the same thing? Thanks for your time and assistance. Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Hi, One approach here if it is practical to collect/maintain all of the valid recipient addresses is to build a virtuser table with a default reject for each domain the relay handles plus the list of all valid addresses. This is very efficient if you can automate the table updates or the user base is stable. I have already written the code that updates the access file and the relay-domains file from the final delivery mail server so I think that to create a virtusertable should be simple enough, I'll check the documentation to see how to use the virtusertable in this manner - thanks for the pointer. Another would be to use MimeDefang as the framework instead of mailscanner. It has an option to check recipient addresses via smtp to the delivery servers before accepting. You may have to write a snippet of perl to get that right for multiple domains (that's a feature...). This is less efficient but works in real time against the addresses that will be accepted for delivery. I'm not so sure that this is an acceptable overhead - the mail scanners process 2,000,000 messages a day. Thanks S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Hi, running make -C /etc/mail but this has no effect on the sendmail.cf file. My Does it not give output? Have you tried adding -d? I get an updated sendmail.cf file but the only diff is the header telling me when it was complied. Adding -d give the following (I've removed the non relevant lines): No implicit rule found for `sendmail.mc'. Finished prerequisites of target file `sendmail.mc'. No need to remake target `sendmail.mc'. Finished prerequisites of target file `sendmail.cf'. Prerequisite `sendmail.mc' is newer than target `sendmail.cf'. Must remake target `sendmail.cf'. make: Entering directory `/etc/mail' Putting child 0x05474670 (sendmail.cf) PID 10927 on the chain. Live child 0x05474670 (sendmail.cf) PID 10927 Reaping winning child 0x05474670 PID 10927 Removing child 0x05474670 PID 10927 from chain. Successfully remade target file `sendmail.cf'. Another would be to use MimeDefang as the framework instead of mailscanner. It has an option to check recipient addresses via smtp to the delivery servers before accepting. You may have to write a snippet of perl to get that right for multiple domains (that's a feature...). This is less efficient but works in real time against the addresses that will be accepted for delivery. I would question how real time that would be for every email for 6k+ domains. If a few have a large client base, or are expecting responses from a mass emailing, it might start to take a *while*, unless you've got pretty heavy duty equipment and networking. I agree - I think that the overhead that perl would impose is too high for this application. Thanks S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Hi, I would question how real time that would be for every email for 6k+ domains. If a few have a large client base, or are expecting responses from a mass emailing, it might start to take a *while*, unless you've got pretty heavy duty equipment and networking. It's the same thing the downstream server is going to have to repeat in just a moment anyway, but this time it doesn't have to do the other steps. If you are close to capacity already it might push you over the edge - and be worth scripting a way to maintain that frontend virtuser table that makes it a near-instant hash lookup for the relay sendmail. But for the relay it will be a win either way to avoid the much heavier load of spam-scanning stuff to invalid recipients and making the downstream servers construct bounces. I hadn't looked at it like that, you may be right, the reduction in scanning may provide enough capacity to handle the additional workload from perl. I think that I would prefer to have sendmail do the rcpt to: rejection utilising a map as this I think will be the fastest method, so I'll check out the virtusertable approach. Thanks S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail mail relay backscatter issue.
Hi, Simon Billis wrote on Thu, 4 Feb 2010 13:28:04 -: I am attempting to stop any backscatter that these servers cause by only accepting mail for specific us...@domain or for domains with a catch-all account. I believe milter-ahead or smf-sav can be used for this. Kai Indeed as can Scam-backscatter, but I'm attempting to not load the backend mailserver with connections if at all possible, due to the number of emails that are received on the antispam machines... (I know that they cache the results of the lookups, but spammers like to send to dictionaries ;-) ) Thanks for the suggestion though :-) Simon. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] pointer to Searchable Archives for the list pls
Hi Folks, Can you point me in the direction of searchable archives for the list? I'm obviously missing something. I would like to be able to search the archives before asking my question. Thanks in advance Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pointer to Searchable Archives for the list pls
Hi Rudi, Google search does work on the archives as well :) Thanks - I figured I'd missed something obvious! S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos