Re: [CentOS] Postfix dropping settings CentOS4.5

[Feizhou]

Johnny Massengill wrote:

My company is using Trend Micro InterScan Messaging Security Suite 7.0
for linux. This setup uses Postfix as a mail gateway for MS Exchange.
The problem I'm having is ever so often Postfix 2.2.11 will lose the
Transport mapping lookup tables setting. When this happens, mail into
our domain will stop being relayed to our Exchange server.



What mapping tables are those? mysql? ldap? ???

This has never happened with me whether cdb, berkely db or mysql for 
thousands of domains in a previous job at an ISP (older version) and nor 
do I have any such problem with postfix 2.2.11 which I currently run in 
my current place of work.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to export X displays

[Feizhou]

umair shakil wrote:

Salam,

Well, i have only used RDP as windows to linux (desktop), there should 
be no issue...


I really want to say LIAR!

for linux to linux, well x11 forwrding through ssh seems to be issue 
with that not used

if i try i will let u know


No thanks, many of us here have no issues at all doing X forwarding 
through ssh except for the latest reports of strange things with Centos 5.




There is also another way if u can try

www.nomachine.com  and go to download section.

U can find all details here, how to install, it also has client for 
ubunto. what u will
do is to install the server, install the client on ur ubunto, and then 
use it... it really very amazing i have used this


Many here have also used nx.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to export X displays

[Feizhou]

John R Pierce wrote:

umair shakil wrote:
Why dont u enable RDP on centOS (running GUI), and then using ubunto 
with this path




RDP is a Microsoft Windows Remote Desktop Protocol. what good would 
that be for linux to linux ??!?




Well if Linux did have a RDP server then it might be good...RDP is fast 
(well, I could play Pinball 3D with it :-P)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to export X displays

[Feizhou]

One other question. If a program is already running on the remote machine and you want to move the display to the local machine, can that be done? 


No.



i.e. I have Thunderbird already running on the remote machine, and would like to move it to the local machine. 


Would that work? Or would it be necessary to kill the remote process and 
re-start it with the tunneled X session?


You can just start a new one BUT not with a tunneled X session. You have 
to first make sure the local X server is running and you point it to the 
local X server through the DISPLAY variable

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ssh X11 forwarding not working

[Feizhou]

James A. Peltier wrote:

I'm having problems with ssh.com and X11 forwarding

ssh: SSH Secure Shell 3.2.0 (non-commercial version) on i686-pc-linux-gnu

I am in the process of testing some of my machines with CentOS 5 
x86/x86_64 and have run into a bit of a snag.  X11 Forwarding is not 
working.


Any hints?  I've checked the ssh config files and they seem to be 
identical to the config files on our existing SuSE 10.0 machines which 
are working.  This is troubling indeed.





ssh -v and see what the ssh client complains about.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to export X displays

[Feizhou]

Any suggestions?


Run 'echo $DISPLAY' on your laptop.

Are you using ssh or telnet? If you are using ssh, it can handle that 
for you automatically.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DNAT rule for vsftp --(PASSIVE FTP)

[Feizhou]

Indunil Jayasooriya wrote:


Hi all,

I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as 
passive ftp.




Do you have ip_nat_ftp loaded too?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

What's the best multi-threaded / multi-process io-benchmark utility that
works with filesystems instead of raw devices? and can read/write multiple
files at once..



http://untroubled.org/benchmarking/2004-04/

No raw numbers but...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Simon Banton wrote:

At 07:46 +0800 24/9/07, Feizhou wrote:
... plus an Out of Memory kill of sshd. Second time around (logged in 
on the console rather than over ssh), it's just the same except it's 
hald that happens to get clobbered instead.


Are you saying that running in RAID0 mode with this card and 
motherboard combination, you get a memory leak? Who is the culprit?


I don't know if it's caused by a memory leak or something else, I'm just 
describing what happens. I would be tempted to suspect the RAM itself if 
another identical machine didn't have exactly the same issue.


This is worth checking and reporting to 3ware.




what's left to try?


Bug report...


I've reported the issue to 3ware but they've not responded. I replicated 
the problem with RHEL AS 4 update 5 and contacted RedHat but they told 
me evaluation subscriptions aren't supported.


If you have something that is reproducible like the above, they will 
definitely be interested. Nothing like causing instability to get them 
on the case.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Central file server advice please

[Feizhou]

William Warren wrote:

actually it'll perform WORSE in many cases than Linux software raid.


Used to (bar buggy firmware, incompatibilities). Most hardware raid 
cards nowadays not only have sufficient processing power, they also come 
with decent sizes of RAM cache which helps swing things a lot in their 
favour.


If the load goes beyond what the card can handle, then yes, Linux 
software raid is the way to go.




Scott Silva wrote:

[EMAIL PROTECTED] spake the following on 9/21/2007 2:43 AM:
Exactly how much throughput are you realistically anticipating?  What 
connection are you going to use?  802.11 or 10/100 or gige?  And yes, 
the chips will pretty much always give you better performance with raid.


Hardware raid gives better performance. Both of those are 
"fakeraid".It won't perform any better than software raid.











___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk De-Fraging in Linux

[Feizhou]

Mark Weaver wrote:

umair shakil wrote:

Dear Salam,

Well i have used the command on shell "updatedb" it will allow you to 
make fast

searching.

Regards,

Umair Shakil
ETD



um... what?



Peace, peace. He appears to have read between the lines and come to 
conclusion the OP was trying to improve searching performance.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Simon Banton wrote:

At 17:34 +0800 14/9/07, Feizhou wrote:

.ohdo you have a BBU for your write cache on your 3ware board?


Not installed, but the machine's on a UPS.


Ugh. The 3ware code will not give OK then until the stuff has hit disk.


Having now installed BBUs, it's made no difference to the underlying 
responsiveness problem I'm afraid.


So a 3ware card will give OK once the stuff is in the cache and you have 
selected write-cache enable even if there is no BBU? My apologies. My 
previous experience has been with the 75xx and 85xx series which do not 
have ram caches.




With ports 2 and 3 now configured as RAID 0, with ext3 filesystem and 
mounted on /mnt/raidtest, running this bonnie++ command:


bonnie++ -m RA-256_NR-8192 -n 0 -u 0 -r 4096 -s 20480 -f -b -d 
/mnt/raidtest


(RA- and NR- relate to kernel params for readahead and nr_requests 
respectively - the values above are Centos post-installation defaults)


...causes load to climb:

16:36:12 up 13 min,  2 users,  load average: 8.77, 4.78, 1.98

... and uninterruptible processes:

 ps ax | grep D
  PID TTY  STAT   TIME COMMAND
   59 ?D  0:03 [kswapd0]
 2159 ?D  0:01 [kjournald]
 2923 ?Ds 0:00 syslogd -m 0
 4155 ?D  0:00 [pdflush]
 4175 ?D  0:00 [pdflush]
 4192 ?D  0:00 [pdflush]
 4193 ?D  0:00 [pdflush]
 4197 ?D  0:00 [pdflush]
 4199 ?D  0:00 [pdflush]
 4201 pts/1R+ 0:00 grep D

... plus an Out of Memory kill of sshd. Second time around (logged in on 
the console rather than over ssh), it's just the same except it's hald 
that happens to get clobbered instead.


Are you saying that running in RAID0 mode with this card and motherboard 
combination, you get a memory leak? Who is the culprit?




Now that the presence or otherwise of a BBU has been ruled out along 
with OS, 3ware recommended kernel param tweaks, RAID level, LVM, slot 
speed, different but identical-spec hardware (both machine and card), 
what's left to try?


Bug report...



I see there's a new firmware version out today (3ware codeset 9.4.1.3 - 
driver's still at 2.26.05.007 but the fw's updated to from 3.08.02.005 
to 3.08.02.007), so I guess I'll update it and push the whole thing back 
up the hill for another go.




I hope that fixes things for you.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk De-Fraging in Linux

[Feizhou]

umair shakil wrote:

Dear Salam,

Well i have used the command on shell "updatedb" it will allow you to 
make fast

searching.


and slow down the whole box during updatedb :-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk De-Fraging in Linux

[Feizhou]

Al Sparks wrote:

Al Sparks wrote:

A couple of questions.  Are there any linux tools that can de-frag an
ext2/3 partition?


ext2, yes. ext3, no. And it is called a filesystem. A partition is a 
completely different thing. none for ext3 because it was not really 
necessary for ext2 and so the tool never got updated.




Are there any advantages to doing so if you're running hardware RAID5?

Are there advantages / disadvantages if you're running LVM?
   === Al

you're in luck cause you don't defrag an ext2/3 partition at all. defrag
is for windows file systems. Ext file systems are a different animal
all-together.


Why?  What's different between NTFS and ext2/3 that defragging is
needed in one but not the other?


Implementation and design?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix Questions

[Feizhou]

John Hinton wrote:

I've been running sendmail since the beginning of my online time.

1. Did I see that postfix can run sendmail milters?


Yes but different version with varying levels of milter support.

2. If so, did I read that postfix can run these separately for inbound 
vs. outbound?


Yes you can apply separate rules for incoming and outgoing emails if 
they come from separate ips or ports.



3. Can it run like a rbl blacklist on inbound and not outbound?


Yes.

4. If the above is true, does this require separate configurations of 
postfix or is it already set to allow this out of the box?


You will need to configure postfix appropriately.



My reasoning... I've added a few milters which has drastically cut spam 
due to the extra time spent at the smtp level. For instance, running 
spamassassin takes a couple or few seconds. This bit of delay does in 
fact seem to stop many of the slamming spambots sort of like the design 
of milter-greylist. Except, I don't have to send a temp fail. So, this 
is a good thing. The negative is it also takes longer for my users to 
send mail as it is processed the same way during outgoing.


I do not know what level of milter support is required by your milters 
so you may want to check them out. The latest versions of postfix will 
have more complete support.




Also, we run the SpamHaus blacklist. This works pretty good for inbound, 
but from time to time one of our hosting clients winds up on the 
blocklist because they are on a dynamic IP and someone else has recently 
used it for spamming. One could argue that my client should then go 
remove their IP from the blacklist to better insure their email actually 
makes it through any other level of spam filtering on other ISPs. But, 
that's a rosey concept! So, I would prefer to do it at the smtp level 
inbound so I can actually reject that mail while not having the 
embarrassing blocking going on with our users. Yes, this might sound 
like a double standard, but we do not provide connection service so only 
very rarely (never so far) does any virus actually send spam through our 
systems from client applications and I do actually monitor email all the 
time and stop any spamming immediately.


Sure, just make sure they use port 587 and are only allowed to have 
their email relayed after authentication and disable filtering rules for 
port 587.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Is there any way to tell the card to forget about not having a BBU 
and behave as if it did?

Short of modifying the code...I do not know of any.
Well, I've now got BBUs on order for the three identical machines to 
see if that does anything to improve matters - I'll report back when 
I've fitted them. A glance through the 2.26.05.007 driver code shows 
no references to the BBU, so the different code paths (with BBU and 
without) must be in the firmware itself.


If your card is on a PCI riser try running it plugged directly in the
slot (if you can) and see if that helps.



He said his card is directly plugged in.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Software Raid 6

[Feizhou]

Feizhou wrote:

Juan C. Valido wrote:

How slow and how reliable is software raid 6 on CentOS 5. The system I'm
going to use is A socket 939 dual core Athlon, 4 gigs of ram and a 3ware
7506-8 controller. Its mostly going to be used for storage (Movies, MP3s
etc.). Thanks.



Argh...just read the SOFTWARE RAID 6. Man, does the 3ware turn me into 
hardware mode...


I do not know...I personally have stayed away from linux software raid 
for raid5/6. You might actually find raid10 hardware mode to be faster 
than software raid 5/6 but at the cost of less storage and but better 
reliability in power loss cases.




The 7506 does not have any cache. Its ASIC chips have very limited 
storage. You are far better off running in raid10 with the 75xx and 85xx 
 series. Those cards are especially slow when you get a degraded array 
in raid5 or raid6 (not sure if the 75xx or the 85xx support raid6) mode 
due to the lack of cache.


So you get the benefit of multiple spindles but I personally will not 
use anything but raid1 or raid10 with a 75xx or 85xx series 3ware board.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Software Raid 6

[Feizhou]

Juan C. Valido wrote:

How slow and how reliable is software raid 6 on CentOS 5. The system I'm
going to use is A socket 939 dual core Athlon, 4 gigs of ram and a 3ware
7506-8 controller. Its mostly going to be used for storage (Movies, MP3s
etc.). Thanks.



The 7506 does not have any cache. Its ASIC chips have very limited 
storage. You are far better off running in raid10 with the 75xx and 85xx 
 series. Those cards are especially slow when you get a degraded array 
in raid5 or raid6 (not sure if the 75xx or the 85xx support raid6) mode 
due to the lack of cache.


So you get the benefit of multiple spindles but I personally will not 
use anything but raid1 or raid10 with a 75xx or 85xx series 3ware board.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mailq.postfix manpage

[Feizhou]

Stefano Biagiotti wrote:

Feizhou <[EMAIL PROTECTED]> wrote:

After I also removed the sendmail package.

man mailq

--partial content--

SENDMAIL(1) 


   SENDMAIL(1)

NAME
  sendmail - Postfix to Sendmail compatibility interface


What do "ls -al /usr/share/man/man1/sendmail.1.gz" and
"rpm -qf /usr/share/man/man1/sendmail.1.gz" show?


Ah, I see mine is due to my custom install of postfix over the existing 
postfix package.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Simon Banton wrote:

At 11:16 -0400 14/9/07, Ross S. W. Walker wrote:
Yes, a write-back cache with a BBU will definitely help, also your 
config,


The write-cache is enabled, but what I've not known up to now is that 
the absence of a BBU will impact IO performance in this way - which 
seems to be what you and Feizhou are saying. Is there any way to tell 
the card to forget about not having a BBU and behave as if it did?


Short of modifying the code...I do not know of any.



The main problem here is the latency when under IO load not the 
throughput (or lack of). I don't care if it can't achieve 300MB/s 
sustained write speeds, only that it shouldn't bring the machine to its 
knees in the process of getting 35MB/s.


SATA 7200RPM disks are not exactly fantastic at random i/o. The cache 
only boosts writes in a significant way and less so for reads. Maybe you 
could consider RAID10.


That way, them 7200RPM disks are a match if not better than hardware 
raid with BBU cache for a mirror of scsi drives.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Simon Banton wrote:

At 17:34 +0800 14/9/07, Feizhou wrote:

.ohdo you have a BBU for your write cache on your 3ware board?


Not installed, but the machine's on a UPS.


Ugh. The 3ware code will not give OK then until the stuff has hit disk.



I see where you're going with larger journal idea and I'll give that a go.


Well, I do not think it will help much with a larger journal...you want 
RAM speed, not single 250GB SATA disk speed.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Very strange problem i have faced in my 2 years carrier

[Feizhou]

Bill Campbell wrote:

On Thu, Sep 13, 2007, Karanbir Singh wrote:

Bill Campbell wrote:

Unfortunately that isn't much use if you're running the default
system with prelink as it changes large numbers of executables
rendering the RPM verify close to useless.

unless you are using a very old version of rpm, prelink is not a problem


There are still a metric tonne of S.5... lines when doing ``rpm -V''


Yeah, a good number of my configuration files suffer from that. I wonder 
why.




I just ran a script now that checks all packages on a fresh
install of Centos 5, x86_64 with all updates applied.  This
should be pretty clean on a new install, but ``wc'' on the output
returns ``45031  100197 2608718''.  Over 45,000 lines of output
is a bit much on a new system.


I do not know about Centos 5, my system is Centos 4.



Running ``fgrep S.5 filename | grep '/usr/bin/' | wc'' returns
446 files that fail verification in just the /usr/bin directory.


'rpm -Va > verifycheck3'
Then:
fgrep S.5 verifycheck3 | grep '/usr/bin/'
S.5T/usr/bin/dltest
S.5T/usr/bin/isql
S.5T/usr/bin/iusql
S.5T/usr/bin/odbc_config
S.5T/usr/bin/odbcinst

That 446 would not happen to be last number from wc output would it? The 
above yields 144 characters, 10 words and 5 lines if piped into wc.




This is on a system without prelink, and hasn't been up long
enough for cron to have run it in any case.  My guess is that it
has something to do with the way CentOS handles 64 bit packaging.
It appears that it's installing i386 and x86_64 versions of
packages.  ``rpm -qa | sort | uniq -c'' shows 337 packages with
the duplicate names.


The above was on a 64-bit system.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Simon Banton wrote:
Hmm, how are you creating your ext3 filesystem(s) that you test on? 
Try creating it with a large journal (maybe 256MB) and run it in full 
journal mode.


The filesystem was created during the initial CentOS installation, and 
I've tried it with ext2 which made no difference.




The journal size was probably 32MB then. A 128MB or larger journal in 
full journal mode on a 3ware card with a BBU write cache should make a 
big difference because fsync calls will now return OK as soon as it hits 
the write cacheohdo you have a BBU for your write cache on your 
3ware board?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mailq.postfix manpage

[Feizhou]

Stefano Biagiotti wrote:

Feizhou <[EMAIL PROTECTED]> wrote:

Stefano Biagiotti wrote:

On CentOS 4 I can't view the mailq man page. I installed postfix and
removed sendmail.

# LANG=en_US man mailq
fopen: No such file or directory
Cannot open man page /usr/share/man/man1/sendmail.1.gz
No manual entry for mailq

# zcat /usr/share/man/man1/mailq.postfix.1.gz
.so man1/sendmail.1

Solved replacing with ".so man1/sendmail.postfix.1".

Has this little typo to be reported in the CentOS Bug Tracker?

In /etc/alternatives...where does the symlink point to?
Mine:
mta-mailqman -> /usr/share/man/man1/mailq.postfix.1.gz


 # ls -al /usr/share/man/man1/mailq.1.gz
 lrwxrwxrwx 1 root root 30 31 lug 16:30 /usr/share/man/man1/mailq.1.gz -> 
/etc/alternatives/mta-mailqman
 # ls -al /etc/alternatives/mta-mailqman
 lrwxrwxrwx 1 root root 38 31 lug 16:49 /etc/alternatives/mta-mailqman -> 
/usr/share/man/man1/mailq.postfix.1.gz

What does "zcat /usr/share/man/man1/mailq.postfix.1.gz" show?
If ".so man1/sendmail.1", this file doesn't exist.


The same.



You probably forgot to run system-switch-mail after you installed 
postfix and then removed sendmail.

I ran system-switch-mail after I installed postfix and before I
removed sendmail.


After I also removed the sendmail package.

man mailq

--partial content--

SENDMAIL(1) 


SENDMAIL(1)

NAME
   sendmail - Postfix to Sendmail compatibility interface

SYNOPSIS
   sendmail [option ...] [recipient ...]

   mailq
   sendmail -bp

   newaliases
   sendmail -I

DESCRIPTION
   The  Postfix  sendmail(1)  command  implements the Postfix to 
Sendmail compatibility interface.  For the sake of compatibility with 
existing applications, some

   Sendmail command-line options are recognized but silently ignored.

   By default, Postfix sendmail(1) reads a message from standard 
input until EOF or until it reads a line with only a .  character,  and 
 arranges  for  delivery.
   Postfix sendmail(1) relies on the postdrop(1) command to create 
a queue file in the maildrop directory.


   Specific command aliases are provided for other common modes of 
operation:


   mailq  List  the  mail  queue.  Each entry shows the queue file 
ID, message size, arrival time, sender, and the recipients that still 
need to be delivered.  If
  mail could not be delivered upon the last attempt, the 
reason for failure is shown. This mode of operation is implemented by 
executing the  postqueue(1)

  command.

   newaliases
  Initialize  the  alias  database.   If no input file is 
specified (with the -oA option, see below), the program processes the 
file(s) specified with the
  alias_database configuration parameter.  If no alias 
database type is specified, the program uses the type specified with the 
default_database_type con-
  figuration parameter.  This mode of operation is 
implemented by running the postalias(1) command.


  Note: it may take a minute or so before an alias database 
update becomes visible. Use the "postfix reload" command to eliminate 
this delay.


   These  and  other features can be selected by specifying the 
appropriate combination of command-line options. Some features are 
controlled by parameters in the

   main.cf configuration file.

   The following options are recognized:

   -Am (ignored)

   -Ac (ignored)
  Postfix sendmail uses the same configuration file 
regardless of whether or not a message is an initial submission.


   -B body_type
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Simon Banton wrote:

At 20:52 +0800 13/9/07, Feizhou wrote:
Well, the first thing I noted was that the H8DA8 was not on the list 
of compatible motherboards on the 3ware website.


I challenged the vendor about that quite early on and was told that 
they've used this combo before with no trouble, though I've yet to press 
them on this point - but yes, that's a possibility I've not ruled out.


The card's running the latest firmware that I know about, certainly the 
fw in codeset 9.4.1.2 is the version intended to go with the driver 
supplied in CentOS 4.5.


It's definitely in the right slot, not using a riser and it's running at 
the right speed:


//serv1> /c0 show all
[snip]
/c0 Controller Bus Type = PCIX
/c0 Controller Bus Width = 64 bits
/c0 Controller Bus Speed = 133 Mhz



Hmm, how are you creating your ext3 filesystem(s) that you test on? Try 
creating it with a large journal (maybe 256MB) and run it in full 
journal mode.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mailq.postfix manpage

[Feizhou]

Stefano Biagiotti wrote:

On CentOS 4 I can't view the mailq man page. I installed postfix and
removed sendmail.

 # LANG=en_US man mailq
 fopen: No such file or directory
 Cannot open man page /usr/share/man/man1/sendmail.1.gz
 No manual entry for mailq

 # zcat /usr/share/man/man1/mailq.postfix.1.gz
 .so man1/sendmail.1

Solved replacing with ".so man1/sendmail.postfix.1".

Has this little typo to be reported in the CentOS Bug Tracker?


In /etc/alternatives...where does the symlink point to?
Mine:
 mta-mailqman -> /usr/share/man/man1/mailq.postfix.1.gz

You probably forgot to run system-switch-mail after you installed 
postfix and then removed sendmail.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3Ware 9550SX and latency/system responsiveness

[Feizhou]

Simon Banton wrote:

Dear list,

I thought I'd just share my experiences with this 3Ware card, and see if 
anyone might have any suggestions.


System: Supermicro H8DA8 with 2 x Opteron 250 2.4GHz and 4GB RAM 
installed. 9550SX-8LP hosting 4x Seagate ST3250820SV 250GB in a RAID 1 
plus 2 hot spare config. The array is properly initialized, write cache 
is on, as is queueing (and supported by the drives). StoreSave set to 
Protection.


Well, the first thing I noted was that the H8DA8 was not on the list of 
compatible motherboards on the 3ware website.




My only real question is "where do I go from here?" I don't have enough 
specific tuning knowledge to know what else to look at.




Perhaps update to the latest firmware for both motherboard and 3ware 
board. Also check that you actually plugged the thing into a PCI-X 
64-bit 100/133 Mhz slot and that it is running at those speeds. Next 
question would be whether you are using a riser board?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ASTERISK BOX behind a filewall

[Feizhou]

[EMAIL PROTECTED] wrote:

So I can enjoy dropped calls as I transfer from one open WAP to the next while 
driving?  Or no service when I'm out in the boonies?  Yeah...  Maybe the day I 
move to nyc and never leave nyc I'll go for a wifi phone, but until then I'll 
stick with my trusty GSM based blackberry that I can take anywhere and still 
use.



Take it easy. It was a joke. :-p


Ah! I failed to notice this line. How about getting a WIFI PDA device
with sip and email? <:^)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ASTERISK BOX behind a filewall

[Feizhou]

I know of an H.323 filter, but haven't explored SIP as we aren't
running any SIP application here yet.

Another possibility would be a SIP proxy installed on the
firewall, but it is not as secure as a filter.

asterisk IS a sip proxy.

Yes, well what I was hinting at was a dumbed-down install of
asterisk installed ON the firewall that would be responsible
for handing off calls coming in to and out of the network
from/to another larger asterisk system.
You still have to setup the sip configuration to handle that. 
Not much 
dumb downing on that aspect.


Well yes it's going to need some config, it won't need to know the
full config because it is just going to do a full hand-off to the
internal asterisk server for DID (does sip use DIDs?) routing.



It still needs a full SIP config. Just not the other stuff like voice 
menus, voicemail or what not.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ASTERISK BOX behind a filewall

[Feizhou]

[EMAIL PROTECTED] wrote:

I'm only using the wonderful *bleh* email client that rim put on this 
blackberry.  If anyone knows of a better email client for a blackberry please 
show me the way.

Geoff

Sent from my BlackBerry wireless handheld.


Ah! I failed to notice this line. How about getting a WIFI PDA device 
with sip and email? <:^)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ASTERISK BOX behind a filewall

[Feizhou]

Ross S. W. Walker wrote:

Feizhou wrote:

asterisk <-> nat <-> nat <-> sip client = big pain in the neck.

I have never managed to get this to work. Getting the below 
was trouble 
enough. Forget about trying to get an asterisk box behind a 
nat to work 
with clients outside.


asterisk <-> nat <-> sip client.

Yes, you will need a specific SIP iptables filter for this to
work from behind a firewall.
Getting it to work with a firewall is not a problem...it is 
getting the 
thing to work with a natting firewall that is the problem. If 
one end is 
natted, you can still do some tricks to get it to work but if 
both ends 
are natted, forget it.


Well that was the idea behind the ipfilter stuff. It will change
the IPs in the protocol stream to compensate for the NAT.


It looks like there is a netfilter sip conntrack module.



I face the same problem trying to do H.323 behind a NAT'd firewall.


Man, I stopped playing with netmeeting and gnomemeeting quite some time 
ago while waiting for ekiga to be available to support my video...only 
that you cannot compile the thing on Centos 4 without some major surgery.





I know of an H.323 filter, but haven't explored SIP as we aren't
running any SIP application here yet.

Another possibility would be a SIP proxy installed on the
firewall, but it is not as secure as a filter.

asterisk IS a sip proxy.


Yes, well what I was hinting at was a dumbed-down install of
asterisk installed ON the firewall that would be responsible
for handing off calls coming in to and out of the network
from/to another larger asterisk system.


You still have to setup the sip configuration to handle that. Not much 
dumb downing on that aspect.




That is the setup I had to do with GNU gatekeeper and H.323 since
at the time I wasn't able to get the ipfilter h.323 filter to
work properly with my Polycom system.



Ugh. Is that good luck with the sip conntrack module then?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ASTERISK BOX behind a filewall

[Feizhou]

[EMAIL PROTECTED] wrote:

I'm just spit balling (since it has been a good number of years since I've used 
asterix), but why not have two asterix boxes (one your side, one client side) 
connected via aix (you'll have to setup the fw rules to make the aix go to the 
asterix box (on both sides) and just route your call through your nearest box?  
Afaik this capability has been around for a long time, but I've never used aix 
with nat.

Geoff



Cor, you need line wrapping! thunderbird does it for me but on hitting 
reply...


You are assuming that he has access and control to the client site or 
that the client side is an office. I think he has remote roaming clients 
in mind.


The main thing is to eliminate natting so adding a vpn client should fix 
that. That is what I did for my asterisk <-> nat <-> nat <-> sip-client. 
asterisk <-> vpn <-> sip-client is far less troublesome.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Very strange problem i have faced in my 2 years carrier

[Feizhou]

Bill Campbell wrote:

On Thu, Sep 13, 2007, Feizhou wrote:

I have seen vi do this action when it didn't understand a keycode on teh
terminal you are using properly... change the case of a few letters next
to the cursor.  But IIRC that was busybox vi.

Is it crazy to propose someone opened /etc/passwd in vi, and saved it
out without noticing this had happened?

If you suspect your box has been rooted, then perhaps it is time to do 
some checking.


rpm -Va


Unfortunately that isn't much use if you're running the default
system with prelink as it changes large numbers of executables
rendering the RPM verify close to useless.



Eh? I thought it can figure out prelink's activity too? Has something 
changed?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Very strange problem i have faced in my 2 years carrier

[Feizhou]

I have seen vi do this action when it didn't understand a keycode on teh
terminal you are using properly... change the case of a few letters next
to the cursor.  But IIRC that was busybox vi.

Is it crazy to propose someone opened /etc/passwd in vi, and saved it
out without noticing this had happened?



If you suspect your box has been rooted, then perhaps it is time to do 
some checking.


rpm -Va

Also, have you ever updated the box?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ASTERISK BOX behind a filewall

[Feizhou]

asterisk <-> nat <-> nat <-> sip client = big pain in the neck.

I have never managed to get this to work. Getting the below 
was trouble 
enough. Forget about trying to get an asterisk box behind a 
nat to work 
with clients outside.


asterisk <-> nat <-> sip client.


Yes, you will need a specific SIP iptables filter for this to
work from behind a firewall.


Getting it to work with a firewall is not a problem...it is getting the 
thing to work with a natting firewall that is the problem. If one end is 
natted, you can still do some tricks to get it to work but if both ends 
are natted, forget it.




I know of an H.323 filter, but haven't explored SIP as we aren't
running any SIP application here yet.

Another possibility would be a SIP proxy installed on the
firewall, but it is not as secure as a filter.


asterisk IS a sip proxy.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ASTERISK BOX behind a filewall

[Feizhou]

Indunil Jayasooriya wrote:

Hi All,

I want to put a ASTERISK BOX bend a Firewall. So I have given below rules.



Sure. So long as it is NOT a natting firewall.



iptables -A FORWARD -p udp -d 192.168.101.30  -m 
multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.101.30  
--dport 1:2 -m state --state NEW -j ACCEPT


iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4  
-m multiport --dports 3478,4569,5060 -j DNAT --to-destination

192.168.101.30 
iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4  
--dport 1:2 -j DNAT --to-destination 192.168.101.30 



pls assume 1.2.3.4  is the ip that connects to the 
internet.


Forget it. This will never work.




I use Xlite sotphone to talk. I can register. it says user ready. I can 
dial extentions as well. But , WHEN I talk , Both parties can not hear 
anyrhing.


in rtp.conf file,  PORT 1 to 2 are also available.


asterisk <-> nat <-> nat <-> sip client = big pain in the neck.

I have never managed to get this to work. Getting the below was trouble 
enough. Forget about trying to get an asterisk box behind a nat to work 
with clients outside.


asterisk <-> nat <-> sip client.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos Router

[Feizhou]

Graham Johnston wrote:
With the current discuss of "Performance of CentOS as a NAT gateway", I 
am curious how many people out there are using CentOS as a 
Router/Firewall in an enterprise or service provider environment.  For 
myself I am not really concerned about NAT just a stateful firewall.


For stateful firewalls, one should use OpenBSD and pf if .

netfilter has caught up on the stateful side with tcp window tracking 
but I do not think that support is in Centos 4 and below. Centos 5 
should have it.




The other half of my questions is about performance.  I have read many 
articles and posts on the net about performance tuning but they all seem 
to be about tuning a single host, not a router.  Does any have any tips 
in this area?  Is tuning even required.


If it is a natting firewall, forget about performance. There is a 
maximum to natting support beyond configuring the maximum number of 
connections being tracked.


Bridging stateful firewalls will find OpenBSD both more stable and 
better performing. Non-natting stateful firewalls no comment sorry.




For the sake of the conversation lets assume I am referring to CentOS 5.


For full stateful support, we would have to. All previous Centos only 
offer connection tracking.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Pinging Les Mikesell Re: [CentOS] Mail Restrictions with sendmail and mimedefang

[Feizhou]

Indunil Jayasooriya wrote:

On 9/3/07, Feizhou <[EMAIL PROTECTED]> wrote:

Now, I can find some files @ /etc/mail

below are files.

mimedefang-filter
sa-mimedefang.cf <http://sa-mimedefang.cf>
sa-mimedefang.cf.example

I first want to block Bcc and limit Cc to about 5 users. I googled a
lot. But, I am still not be able to achieve this task.

will I have to edit /etc/mail/mimedefang-filter to block Bcc and to
limit Cc .

Have you done it?


Sorry, i run postfix + clamav-milter + spamass-milter.

Please ask Les, the sendmail and mimedefang guru. All I can say is that
from what I understand of Les' comments, you can modify the perl code of
mimedefang to do what you want.



Hi feizhou,

Thanx for your quick response. I think Les , the sendmail and
mimedefang guru, should join this. I just send this to the list. Do
you know his email address? pls give it to me. Then , We can DISCUSS
this on the list. THIS would be benifitial to other users too.


Just draw his attention.



Hope hear from you.



Sure. :-D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail Restrictions with sendmail

[Feizhou]

Now, I can find some files @ /etc/mail

below are files.

mimedefang-filter
sa-mimedefang.cf 
sa-mimedefang.cf.example

I first want to block Bcc and limit Cc to about 5 users. I googled a 
lot. But, I am still not be able to achieve this task.


will I have to edit /etc/mail/mimedefang-filter to block Bcc and to 
limit Cc .


Have you done it?



Sorry, i run postfix + clamav-milter + spamass-milter.

Please ask Les, the sendmail and mimedefang guru. All I can say is that 
from what I understand of Les' comments, you can modify the perl code of 
mimedefang to do what you want.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Suggestions for RAID HW for 2SATA drivesin DellPowerEdge SC

[Feizhou]

For 2 SATA hard disks used for the OS I think HW RAID is overkill.
Depends. HW RAID + BBU CACHE vs SW RAID vs SW RAID + 
NVRAM...You cannot 
say overkill in certain cases.


I only say that because if one is really looking for high performance
then more spindles then 2 will be the first thing to do and getting
that data off the OS drives that may do swap under load is key too.


Yes, however, sometimes you get the choice of BBU cache with hardware 
RAID but not more spindles you see and if the i/o is bursty then it is 
likely that adding extra spindles will not match RAM speeds. As for 
swap, I then to tune things such that swap is never in use (at least not 
constantly)





Besides I do not believe the PERC 5IR has BBU cache, that
controller is really only meant as a simple RAID1 controller for
the OS.
Dell certainly has a BBU cache option, not sure if OP's Poweredge box 
has that option.


Oh yes, the PERC 5e is very good, I have a couple here and they really
do pull in impressive numbers even with only 256MB write-back, I of
course use these with the MD1000 enclosures though.


:-)

I must admit that my viewpoint is a bit eskewed by mostly having to 
manage mail servers with two disk cases only.





If you use HW RAID you will need to install the manufacturer's
software for monitoring it for a hard disk failure.

Yes, likely a negative but with Dell supporting Linux maybe not so.


Ah, well a lot of these are Java apps for cross-platform compatibility
and some times the JavaVMs leak memory... so definitely YMMV.


Ick! Have not had to touch one of these yet. But then the Compaq DL380 
did not have Linux 2.6 compatible monitoring software so I did without...





If you wanted to add additional storage, say a SAS/SATA enclosure
of 15 disks, then I would definitely invest in a HW RAID card for
that!


Depends :-D. How many hardware RAID cards offer 1GB of cache?


Not many I can tell you that, but then again a well implemented
write-back cache doesn't need a huge amount of memory to be effective.


I don't know...if the amount of i/o is enough to swamp the write-back 
cache, then software raid is probably going to be a better choice.


This is the only reason why 3ware 750x and 3ware 850x boards sucked for 
RAID5 performance. They were powerful enough processor wise for normal 
conditions but they had no write-back cache and so software raid would 
make them lick the dust. Come degraded mode and those boards will cry 
and you will too. I don't know about the 955x series in degraded mode 
though but a 10 disk RAID5 array in normal mode with write-back cache of 
128MB was pretty decent as a mail queue.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Suggestions for RAID HW for 2 SATA drivesin DellPowerEdge SC

[Feizhou]

Another route you can go is getting a PCI/PCIe/PCI-X BBU 
RAM/NVRAM card 
to put an external journal on to speed up fsync performance for 
filesystems like ext3 over software raid since these cards 
can go beyond 
1GB of memory unlike hardware raid cards that usually max out 
at 256MB.


What are some of these BBU NVRAM cards that I keep hearing people
talk about? I would love to check them out.


http://www.umem.com/Umem_NVRAM_Cards.html
http://www.gigabyte.com.tw/Products/Storage/Products_Overview.aspx?ProductID=2180

Weird...I thought the umem cards were more than just BBU SDRAM but...hmm...



Software RAID is also good if you need to be able to transfer 
the disks 
to another box that does not have a hardware raid controller 
or the same 
controller.


Weigh these in your decision. :-)


For 2 SATA hard disks used for the OS I think HW RAID is overkill.


Depends. HW RAID + BBU CACHE vs SW RAID vs SW RAID + NVRAM...You cannot 
say overkill in certain cases.




Besides I do not believe the PERC 5IR has BBU cache, that
controller is really only meant as a simple RAID1 controller for
the OS.


Dell certainly has a BBU cache option, not sure if OP's Poweredge box 
has that option.




If you use HW RAID you will need to install the manufacturer's
software for monitoring it for a hard disk failure.


Yes, likely a negative but with Dell supporting Linux maybe not so.



If you wanted to add additional storage, say a SAS/SATA enclosure
of 15 disks, then I would definitely invest in a HW RAID card for
that!



Depends :-D. How many hardware RAID cards offer 1GB of cache?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Suggestions for RAID HW for 2 SATA drives in DellPowerEdge SC

[Feizhou]

About 10 seconds after I started this thread, I remembered a long discussion 
about
RAID, SATA, etc., 2 or 3 months ago. I think that Feizhou (?) strongly 
recommended
going with Software RAID in CentOS. I will search for that and do a lot of
reading. RAID 1 for mirroring is what I want. Lanny


Whoa there!

Hardware raid + battery backed up memory cache in raid 1,10 mode is hard 
to beat with software raid and hardware raid offers data integrity 
guarantee beyond software raid.


If you were planning a huge array especially a raid5 array, then 
software raid may be better. Hardware RAID cards all come with memory 
caches now so their throughput is no longer limited.


Another route you can go is getting a PCI/PCIe/PCI-X BBU RAM/NVRAM card 
to put an external journal on to speed up fsync performance for 
filesystems like ext3 over software raid since these cards can go beyond 
1GB of memory unlike hardware raid cards that usually max out at 256MB.


Software RAID is also good if you need to be able to transfer the disks 
to another box that does not have a hardware raid controller or the same 
controller.


Weigh these in your decision. :-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] grep

[Feizhou]

Old geek statement: If you think perl is the answer to a simple filter
question then think twice.  You might be right, but it's likely smaller
faster tools already exist.  And I say this as someone who has written
1000 line shell scripts and even bigger perl scripts; perl is good for
complicated tasks, but rarely required for simple stuff.  Don't wield
your hammer because that's all you know.

In this case, everyone who responded with a perl solution needs their
hammer taken away.



Heh. The service provider where I worked was a perl shop. I hated perl 
but that was because I was not familiar with perl and it had way too 
many modules and what not.


What happens sometimes is that the perl chums will hammer out a solution 
in perl and use it. Later their perl solution gets converted to awk, 
bash or C by themselves or by me due to perl being way too expensive.


I say let them keep their hammer and then make them use a more efficient 
one when they prove their hammer does work.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Blackberry Bounces [was Fwd: Delivery Status Notification(Failure)]

[Feizhou]

Ruslan Sivak wrote:

Sorry everyone.  That was me.  The bounces should stop now.



Thank you.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Blackberry Bounces [was Fwd: Delivery Status Notification(Failure)]

[Feizhou]

Good point.  If it is the address they subscribed with, there is no
evidence of posts.  Could be hard to track if it is relayed to that
address.  Did you get bounce message[s] from your recent post[s]?  I've
had 4 so far today - only in response to my own posts.

Maybe the culprit will own-up and/or fix the problem.



He has and I guess has remedied the problem. I wish the guy on the other 
list would do the same.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Blackberry Bounces [was Fwd: Delivery Status Notification(Failure)]

[Feizhou]

Phil Schaffner wrote:

Is everyone else posting to this list getting one of these after
each-and-every post?  If so, someone please un-subscribe this person:

[EMAIL PROTECTED]



The whole blackberry.net should be blacklisted. X(

I have same problem with another user on another list. The problem 
is...is that the address they subscribed with?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] external sata cages that use port multipliers

[Feizhou]

Hello,

Has anyone got such a setup working with Centos?

thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone out there know the THEOS OS

[Feizhou]

Nigel Kendrick wrote:

Hi Guys,

I am polling my 'guru' resources to find out if I can get in touch with
anyone (UK based, ideally) with support experience of the THEOS operating
system.

We have one group of sites running a legacy system based on THEOS - an OS
that seems to have 'borrowed' the best parts of DOS, VMS, *NIX and Netware.
We are migrating some remote sites from Wyse Terminals, serial port muxes
and Kilostream (which is costing us an arm and a leg) to PC clients over
broadband. We have put the clients in place (desktop PCs with a client app -
easy) but need to understand how complex it is to setup the remote printing
- the support company involved reckons it's *so* complex they need to send
an engineer to each site (3 sites, 2 printers on each) and it will take 2
days + travel + accommodation just to make the printers work! We have remote
access to all the client PCs + routers etc. so I want to get some insight
into what exactly is involved.

Any takers?


This remote printing...is just desktop picking one of the two local 
printers right?


What OS do these PCs run?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to size an email server to handle 5 million emailsperday

[Feizhou]

Right, actually the box will run an AV engine with antispam then
delivered to a ms exchange 2003 server (local lan), so no local
mailbox is being used.


oh okay. Do you plan to build the system? (the software involved)

You needs will vary on how emails are dwelt with at the smtp level. How 
did you come by the 5 million figure? If you are really going to scan 
that many, you will need lots of cpu power besides really good disk i/o 
if you plan to use a single box to handle everything.




The barracuda spam firewall 400 appliance handles my specs but i
cannot get info on what hardware they run, it's a 1u raid1, linux
hardened presentation but no idea of the cpu or ram.


They most probably make heavy use of NVRAM or whatever they use for the 
memory cache of the RAID system. The service provider was once providing 
with two boxes from F5 for testing and its i/o was fantastic and they 
somehow used the RAID cache to do their guarantee of not losing any 
email under any circumstances.




And no, it won't be used for marketing, it's inbound only.


If you do get a barracuda, please be sure to bin crap that you do not 
reject at the smtp level. Otherwise, you will be marked as an outscatter 
'spammer'.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to size an email server to handle 5 million emails perday

[Feizhou]

are you trying to say spam bot? ;-)



where? WHERE? and where is my flame thrower?

Boy, am I glad that I do not fight spammers anymore...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to size an email server to handle 5 million emailsperday

[Feizhou]

Mike Kercher wrote:

Well, of the 5M, how many would be real emails?  I handle over 1M on a
quad xeon, but only a fraction of those are good. 


Heh. Yeah, I count emails as stuff that will be delivered, stuff that 
will hit the queue. I guess my definitions have got in the way of this one.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to size an email server to handle 5 million emails perday

[Feizhou]

Mike Kercher wrote:

On second thought, are mails being delivered locally or are you relaying
to Exchange (or similar)?



It cannot possibly be used for local delivery. Do you have any idea what 
it takes to handle 5 million local deliveries daily?


I spent over three years managing a system that delivers more than 2 
million emails and handles on average 200 million smtp transactions on a 
daily basis and you do not use a single box for this sort of thing.


Delivering 5 million emails daily with a single box has got to be an 
outgoing box.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Site down for maintenance" - How is this accomplished?

[Feizhou]

Matt Arnilo S. Baluyos (Mailing Lists) wrote:

Hello everyone,

Although we use CentOS primarily on our servers, this query is
actually more of a general networking question than something specific
to CentOS.

In the next week or so, we shall be migrating our in-house servers to
a data center. While we're doing that, we'd like to show a "Site down
for maintenance" message while the servers that hosts our websites (we
have around 15 sites hosted btw), are down.

So, how is this accomplished? While I can probably hack something on
our name servers, I'm sure there are people on this list that have
been doing this and could give some recommendations as to the best
practices for this type of task.


Keep or setup a box inhouse to show the message, when the servers are 
online in the data center, switch ips for the names over and then change 
 the setup on the box to either redirect or proxy the requests to the 
real servers to handle incoming http requests due to cached dns entries.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to size an email server to handle 5 million emails per day

[Feizhou]

Erick Perez wrote:

I have no idea as to how to size an email server. I was approached by
a customer that wanted a single server with RAID 1 disks to handle
about 5 million emails a day.
In general terms, what parameters should I take into account to size
the hardware specs when the average email is about 10kb, the smalles
email is 2kb and the largest email is about 5meg (with attachment)



5 million emails a day? Would your customer be involved in marketing? I 
am not sure I want to give advice that will be used to aid a spammer.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND issues, server not responding

[Feizhou]

Paul Heinlein wrote:

On Thu, 23 Aug 2007, Feizhou wrote:




 You only need the tcp rule if you plan on serving up zone
 transfers, not if plan on only requesting them.



Well, very rare but answers that are over 512 bytes will have to be 
sent over tcp since the rfc 1035 mandates maximum 512 bytes for the 
udp payload. So tcp is not just for zone transfers only.


Note that by default Win 2003 uses a packet size of 1280 per Paul 
Vixie's suggestion in RFC 2671 section 4.5.1. I don't know if any other 
OS implementations do the same.


In any event, I've found it helpful to allow up to 1280 bytes of DNS UDP 
traffic. Setting the limit at 512 triggers a noticable number of 
retries, at least in our environment.




Sigh. I can see some caching servers with big scissors to apply to udp 
packets...if they at all issue queries that get such large replies...

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND issues, server not responding

[Feizhou]

You only need the tcp rule if you plan on serving up zone transfers,
not if plan on only requesting them.

Well, very rare but answers that are over 512 bytes will have 
to be sent 
over tcp since the rfc 1035 mandates maximum 512 bytes for the udp 
payload. So tcp is not just for zone transfers only.


True, but the client will then be responsible for opening up the tcp
session and since it will be EST, there is no need to define incoming
SYN packets no?



Hmm...no idea if a stateful udp role involves tcp at all...this requires 
a netfilter dude to answer :-D

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND issues, server not responding

[Feizhou]

Chain RH-Firewall-1-INPUT (2 references)


ugh. I absolutely detest the tool behind this.

This is what I do.

Trusted interfaces like lo and networks go first and then packets 
belonging to established connections are shorted which leaves connection 
requests to be branched out into tcp, udp and icmp chains. Further 
branching can then be done as desired. Eg: If you firewall a lot of spam 
sources, you could test for smtp packets going to port 25 and branch 
those out to another chain that deals solely with the spam sources and 
spare other connection requests having to go through rules that they are 
definitely not going to match.


iptables -L -n
Chain INPUT (policy DROP)
target prot opt source   destination
ACCEPT all  --  0.0.0.0/00.0.0.0/0
ACCEPT all  --  0.0.0.0/00.0.0.0/0
ACCEPT all  --  10.9.0.0/17  0.0.0.0/0
ACCEPT all  --  0.0.0.0/00.0.0.0/0   state 
RELATED,ESTABLISHED

tcp_packets  tcp  --  0.0.0.0/00.0.0.0/0
udp_packets  udp  --  0.0.0.0/00.0.0.0/0
icmp_packets  icmp --  0.0.0.0/00.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain icmp_packets (1 references)
target prot opt source   destination
ACCEPT icmp --  0.0.0.0/00.0.0.0/0   icmp type 3
ACCEPT icmp --  0.0.0.0/00.0.0.0/0   icmp type 11
ACCEPT icmp --  0.0.0.0/00.0.0.0/0   icmp type 8

Chain tcp_packets (1 references)
target prot opt source   destination
REJECT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:113 
reject-with tcp-reset
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW 
tcp dpt:443
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW 
tcp dpt:53
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW 
tcp dpt:22
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:80 
state NEW
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW 
tcp dpt:25
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:993 
state NEW
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:143 
state NEW
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:587 
state NEW
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:465 
state NEW
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW 
tcp dpt:1194
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:21 
state NEW
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW 
tcp dpt:110


Chain udp_packets (1 references)
target prot opt source   destination
ACCEPT udp  --  0.0.0.0/00.0.0.0/0   state NEW 
udp dpt:53

ACCEPT udp  --  0.0.0.0/00.0.0.0/0   udp spt:123
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND issues, server not responding

[Feizhou]

You only need the tcp rule if you plan on serving up zone transfers,
not if plan on only requesting them.



Well, very rare but answers that are over 512 bytes will have to be sent 
over tcp since the rfc 1035 mandates maximum 512 bytes for the udp 
payload. So tcp is not just for zone transfers only.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND issues, server not responding

[Feizhou]

Hello Ray,


Appears to be listening how I expected it to be, unless I'm not reading
this right.


Running 'dig www.swhi.net @64.135.16.15'

; <<>> DiG 9.2.4 <<>> www.swhi.net @64.135.16.15
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

Robert suggested looking at your firewall. What rules do you have 
related to port 53 udp?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 8 port serial card

[Feizhou]

Thanks Matt!


And there are specs at http://www.lavalink.com/index.php?id=707






How did it cost you/your company?



We're education, but at the time (last April) I paid < $90 US for it. Looks
like it normally goes for about $120. 


Nice. Too bad I cannot get it in Hong Kong...



Matt

P.S. Go get more caffeine ;-)



Okay, time to make a habit of tea drinking...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SATA vs. SAS

[Feizhou]

Binary drivers from Dell?


The HBA that connects to the MD3000 is just an mptsas driver which
is part of the stock kernel, but you can download the latest
version from Dell's website as a dkms source package.


Thank you Ross for the information.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 8 port serial card

[Feizhou]

How did it cost you/your company?


How much, how much...sigh, fingers don't listen to brain properly anymore...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 8 port serial card

[Feizhou]

Matt Hyclak wrote:

On Wed, Aug 22, 2007 at 09:51:21PM +0800, Feizhou enlightened us:
Has anybody got Centos to work with multi-port serial cards? Or does 
anybody have multi-port serial or fax cards to recommend?




I've got a 4 port card that works nicely. It's a Lava Quattro PCI/LP (I
needed a low profile card for a 2U server). I'm currently using 2 of the 4
ports and it works just fine. It shows up as ttyS4-S7 with no additional
configuration needed on CentOS 4.


Is that a moscom based card?

How did it cost you/your company?

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SATA vs. SAS

[Feizhou]

Option 1) 2 servers each having 2.0TB raid disk with SAS 
drives, 2GB ram and standard other features. 

If going down this road, why not look into getting one of
those fancy new storage enclosures where the RAID is built
into the enclosure and can allow 2 servers to simultaneously
access the arrays with full battery backed write-back cache?


What is available for Linux in this department?


I'm testing out an MD3000 from Dell. It can allow 4 hosts with
single 4x serial paths, or 2 hosts with redundant 4x serial
and can chain up to 2 MD1000s off it for up to 45 spindles.

It was 2 RAID controllers in 2 EMMs with 512MB BBU write-back
that is synchronized between them which act as redundant RAID
controllers. Ships with 4 plain-jane 2 path SAS controllers
for host systems.

Downside, right now, it currently only supports SAS drives,
they hope to have a SAS/SATA firmware update maybe by year-end.


Binary drivers from Dell?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SATA vs. SAS

[Feizhou]

Bowie Bailey wrote:

Feizhou wrote:

Option 1) 2 servers each having 2.0TB raid disk with SAS
drives, 2GB ram and standard other features.

If going down this road, why not look into getting one of
those fancy new storage enclosures where the RAID is built
into the enclosure and can allow 2 servers to simultaneously
access the arrays with full battery backed write-back cache?


What is available for Linux in this department?


http://www.coraid.com/

These are relatively inexpensive network storage boxes using SATA drives
and AoE (ATA over Ethernet) connection to the server.  Drivers build
easily on CentOS.


Very interesting.



Just make sure you get drives that are on their compatible list.  This
may not be as much of an issue now, but I had some problems with drives
being marked bad and dropped out of the array when I first set up mine a
couple of years ago.  This was caused by firmware incompatibilities and
fixed by upgrading the drive firmware.  Once this was fixed, everything
has worked flawlessly since.



Thank you for the link and the heads up!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SATA vs. SAS

[Feizhou]

Option 1) 2 servers each having 2.0TB raid disk with SAS 
drives, 2GB ram and standard other features. 


If going down this road, why not look into getting one of
those fancy new storage enclosures where the RAID is built
into the enclosure and can allow 2 servers to simultaneously
access the arrays with full battery backed write-back cache?



What is available for Linux in this department?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] 8 port serial card

[Feizhou]

Hello,

Has anybody got Centos to work with multi-port serial cards? Or does 
anybody have multi-port serial or fax cards to recommend?


Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot swap SATA?

[Feizhou]

Would it have to smarts to live partition type FD alone?



s/live/leave/

note to self: Don't go to bed at 2AM, get up at 7AM and post on mailing 
lists later.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot swap SATA?

[Feizhou]

Lamar Owen wrote:

On Tuesday 21 August 2007, Feizhou wrote:

Les Mikesell wrote:

Jim Perrin wrote:
Should it be possible to hot-swap SATA drives with Centos5? 



Depends on the SATA controller, but yes. If the controller allows, you
can hotswap sata drives.



How are the names supposed to work when one may be missing at bootup and
added later?



I thought the system would just assign the next available /dev/sdx?



Then there was the post about wanting to be able to pull a SATA/eSATA
disk in and have the system automatically mount whatever filesystem is
on the disk...


That was mine.  Still working on it.


Would it have to smarts to live partition type FD alone?



As to the hardware support, the definitive answer is found at 
www.linux-ata.org  

As to device naming, use LABEL= to fix that.  SCSI device naming on Linux 
stinks.  


Oh yeah!



I'm dinking around with a Ubuntu install right now that is giving me fits 
because of linux PCI/SCSI weirdness.  The boot drive (as set in the BIOS) is 
probed by the kernel as /dev/sdc.  Fun.  The setup has two 80GB drives in MD 
RAID1 (200MB /boot on /dev/md0, and 77GB / on /dev/md1, both on the same 
drives) and four 250GB drives in 3-disk RAID5 with a hotspare.  The drives 
are spread on three two port controllers (no, I don't have a four or six port 
controller handy, not an option in this case).  Still working grub to get the 
thing to boot 


Ugh...



LABEL= does actually have its uses; I migrated a filesystem on a CentOS 4 VM 
running on one of our two VMware ESX beasts (2x Dell 6950, 4x dual core 
Opterons, 32GB RAM each, dual 4Gb/s fibre-channel to 2x EMC CLARiiON 
CX3-10c's with 20TB each) from the internal 3x300GB RAID to a 1.95TB LUN on 
the CX3.  By using LABEL=, I was able to blow the drive away in VI Client on 
the VM, and boot right up without device ordering problems.


:-)



But I have also been bitten by the 'LABELs are the same on cloned disks' fun 
and games


What I'm currently doing with the eSATA deal is having an entry in fstab, set 
to noauto, and using LABEL=, and an icon in KDE to mount it on the desktop.  
it is not seamless; unmounting is much more of a chore, as KDE has fun with 
the icon, doesn't enable the context menu 'safely remove' (aka, unmount) 
option, etc.  But it's better than nothing.  Just haven't had time to see how 
to enable SCSI removable support (dig through the udev and hotplug stuff 
sometime and you'll see what I mean) in libata as yet.  With SCSI removable 
support (which usbstorage implements, which is why it works) the system Just 
Works properly.


Maybe when I get a box to play withthe OpenSolaris box is already in 
production so I cannot experiment there.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot swap SATA?

[Feizhou]

Les Mikesell wrote:

Jim Perrin wrote:


Should it be possible to hot-swap SATA drives with Centos5?  It doesn't
seem to work on my system.  Removing an unmounted drive locked the
system up, and leaving one out at bootup makes the devices change names
and keeps grub from finding /boot on a scsi drive that is shifted up.


Depends on the SATA controller, but yes. If the controller allows, you
can hotswap sata drives.


How are the names supposed to work when one may be missing at bootup and 
added later?




I thought the system would just assign the next available /dev/sdx?

Then there was the post about wanting to be able to pull a SATA/eSATA 
disk in and have the system automatically mount whatever filesystem is 
on the disk...


On OpenSolaris, SATA hotswapping and device naming is a complete non-issue.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix - killed by signal 11 - debug help

[Feizhou]

John Thomas wrote:

Feizhou said the following on 08/19/2007 07:22 PM:

Debug with gdb. Enable in main.cf



This sounds interesting.  The "crash" happens very rarely, once every 
day or two, and I have not seen a pattern with domain, etc.  Will your 
suggestion help given this randomness (i.e. I cannot seem to make it 
crash)?




Hmmjust had a good look at the dates in the log...it could be just 
RAM issues as suggested. You could try this the script here too: 
http://people.redhat.com/dledford/memtest.html

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix - killed by signal 11 - debug help

[Feizhou]

John Thomas wrote:
Any suggestions to help me troubleshoot a "killed by signal 11" problem 
with Postfix?  I've Googled and fiddled, but cannot figure it out.  I 
have no idea where to look/start.




Debug with gdb. Enable in main.cf

debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 gdb $daemon_directory/$process_name $process_id 2>&1 > 
$config_directory/$process_name.$process_id.log & sleep 5


debug_peer_level = 2

#debug_peer_list = some.domain

Set some.domain to an ip address of a host where you can run telnet to 
connect to port 25 of the postfix server.


This will create a file(s) in /etc/postfix
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Correlate i/o with a process

[Feizhou]

Mag Gam wrote:

Hello:

I have a server with 2 HBAs, and the users keeps complaining about
performance problems. My question is, how can I relate the process with high
I/O wait? Also, is it possible to see how much data is being pushed thru by
my 2 HBAs?



atop

http://oldwww.atconsultancy.nl/atop/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail Restrictions with sendmail

[Feizhou]

Indunil Jayasooriya wrote:

Hi,

Thanks once again,

ONE MORE THING IS NEEDED.

I want to limit mail sizes for both incoming and outgoing mails.

Let's say

[EMAIL PROTECTED]  can send mails up to 5MB, 
but can receive up to 2MB


[EMAIL PROTECTED]  can send and receive mails 
up to 5MB.


Is this 2/5MB after encoding or before encoding of attachments? Encoding 
will increase data size about 25%.




All the other users can send mails as usual (i.e - without restrictions)


Can procmail do it? (i-e- /etc/procmailrc  - system wide configuration)


procmail is a local delivery agent and so no, it cannot do it.



pls let me know?


mimedefang? You have per user settings and so setting a system wide 
setting in sendmail configuration will not help and sendmail does not 
differentiate between outgoing and incoming limits so you are left with 
a milter solution and so maybe mimedefang is your best bet.


I know another centos list subscriber, Les, will swear by mimedefang.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail Restrictions with sendmail

[Feizhou]

I will have to edit /etc/fstab . I will have to add usrquota,grpquota



Good research.




Now, my question is to which partition should I have to add 
usrquota,grpquota.



Is it to /var partion should I have to add quota as All incoming mail 
will be stored as  /var/spool/mail/username


According to your list of filesystems below, yes, /var definitely needs 
quota turned on.




or

Is it to /home partion should I have to add quota as All users are 
system users ( i.e- /etc/passwd, /etc/shadow and /etc/group


Only if you intend to lump both mailbox quota and home directory quota 
together. If you need to enable separate quotas for these...you need 
another solution. If you do not need quotas for anything but mail, just 
turn on quotas for /var.




to create account I use traditional useradd command as follows.
useradd username

my partion table of the hard disk is as follows. /var and /home partion 
are marked in BOLD letters.

pls see below

[EMAIL PROTECTED] ~]# df -h
FilesystemSize  Used Avail Use% Mounted on
/dev/sda2  39G  1.6G   35G   5% /
/dev/sda1 2.9G   53M  2.7G   2% /boot
none  251M 0  251M   0% /dev/shm
/dev/sda5  39G  201M   37G   1% /home
/dev/sda7 6.8G  2.4G  4.1G  38% /opt
/dev/sda6 6.8G   48M  6.4G   1% /tmp
/dev/sda8  52G  1.4G   48G   3% /var

YOUR comments are welcome .

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail Restrictions with sendmail

[Feizhou]

 >
 > And also enabling quota.
 >
 > What is the best way to add quota?
 >

Filesystem quotas?


quotas to limit the mailbox size

e.g
/var/spool/mail/username
*
*



I thought you might be using mbox...so...will filesystem quotas do it 
for you then? If it will, just enable filesystem quotas and the system 
will start limiting how large the mbox files can get. man edquota, 
quota, ...

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail Restrictions with sendmail

[Feizhou]

Indunil Jayasooriya wrote:

Hi all,

I am running sendmail with MailScanner on CentOS. I want to enable some 
restrictions.


Restrictions are given below.

All clients Currently can send Bcc from their workstations as usual. I 
want to disable (block Bcc) that feature. Can I do it from the Sendmail 
Server ?


No...or it will take some serious ruleset creation. Better install 
libmilter (sendmail-devel package) and use mimedefang.




All clients currently can send Cc form their workstations as usual. I 
want to limit it. Let's say about 5 Cc s .


Same as above if not more difficult to achieve with sendmail rulesets.



All incoming mails are forwarded to another email address by using an 
alias .


pls see below for ,

/etc/aliases

john: john, [EMAIL PROTECTED] 
userx:   userx,[EMAIL PROTECTED] 

The above for incoming mail.


Better use .forward rules.



Can I make a copy of ALL OUTGOING mail to one email address? let's say 
[EMAIL PROTECTED] 


mimedefang.



And also enabling quota.

What is the best way to add quota?



Filesystem quotas?



last feature is adding a Global Address  Book. Let me explain about it. 
Let's say In MS exchange server, Whenever users are added, Those names 
will be available In a Global Address book. Then, No need to add email 
addresses to client's email programmes such as outlook express or MS 
outlook. 


Can I enable such a feature ?


The MS GAB is basically a LDAP directory just as Active Directory is 
really LDAP + Kerberos + DNS + M$ extort^H^H^Hensions

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hw raid 10 with 4 disc, recomended partitiontable

[Feizhou]

kai wrote:
I am familiar with centos and this forum, and have some rhel / centos 
questions. Therefore I'm asking the question here


I am about to install rhel4.5 on a hp dl380 with 4 disc's. The standard 
rhel installation installers all in one partition?

Will there be any advantage of splitting the file system up?
What would be a good recommended partition table for a server running 
scripts handling big amount of transactions?


Normally i would do something like this, but i need to ask the question 
since I haven't installed on a production machine before

/boot
/opt
/usr
/var
/tmp
/home




I assume this would be something like /boot on its own partition and 
everything else on one partition and stuffed into a LVM?


I put swap and all filesystems on a LVM except for /boot.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix smtp freezing

[Feizhou]

Jason Ross wrote:

Hey all,

For the last 8 months I have been running a postfix / mail scanner setup 
based on Johnny Hughes' excellent tutorial.
For the firs 7 months I have had no issues. This past month I have been 
having instances where the user gets an smtp error while trying to send 
email.
Restarting the postfix service is all it takes to resolve this issue. 
The problem is that it has begun to occur more and more often. It is now 
up to once every day.
I have found nothing unusual in the mail or messages logs. As I am an 
ultra newbie I am unsure of the next step to take to resolve this.
I have search through the past messages on this list and can find 
nothing. Anyone have any ideas?


The following details would be nice:

Number of smtpd daemons configured (if you have not changed then it is 
100), number of smtpds, cleanups and trivial-rewrites running when you 
encounter the problem, cpu utilization statistics.


I am not familiar with how mail-scanner is run. I assume it has a fixed 
number of processes. Are all mail-scanner processes in action during the 
smtp timeout and taking the majority of cpu resources?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Will this work? centOS5 server+100users?

[Feizhou]

I need to also mention that this server will be the only server in this domain, 
so there will NOT be any Microsoft servers here.



Then go for NT Domains in Samba PDC mode.




The Microsoft solution for the this function is too expensive, so we
want to install centOS5 and configure the centOS5 server as the primary
file and print server.



Yeah, you just saved 100 client licenses.




The user PCs are Microsoft windows.(w2K & WXP).



Okay.




Are there some comprehensive "how too's" on how the setup the domain,
etc. and what needs to be done with a network of windows clients and
linux server?



samba.org has excellent howtos/books/documentation which will apply to 
Centos5.





Any help would be appreciated.


ACLs plus Samba in NT domain mode. W2K and WXP support NT domains 
perfectly. For a hundred users, you can opt to use /etc/passwd.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re:

[Feizhou]

 wrote:


Since neither anaconda nor system-config-kickstart can give a list of 
all packages that

has been installed, waht is the recommended way to replicate one system for
another new installation (without using hd cloning) ?

Is it possible to simply do 'rpm -qa >> my-ks.cfg' ?

When running anaconda installer, it gives system selection as well as 
package

grouping (desktop vs server -> gnome vs kde -> gnome-pilot etc), which file
provides these info?


You can use kickstart to control what packages are installed.

/root/install.log has the details of what packages are installed by 
anaconda.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] problems with sendmail

[Feizhou]

Relaying denied. Proper authentication required.

Any idea of the error?


Logs are very bad. They are always telling and everybody hates tellers.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HotPlug, eSATA, and /media

[Feizhou]

Lamar Owen wrote:

Ok, got a quickie.

I have an eSATA drive, a 750GB Seagate in an eSATA external enclosure, and a 
Silicon Image sil3132 ExpressCard controller for my laptop.  The disk and 
controller work great in CentOS 5 (or F7, for that matter), if I specifically 
mount it.


This is not how I want to have to use this drive, however.  I want to hotplug 
it; that is, plug the controller into the laptop, and then plug the drive 
into the controller, and have it come up just like a USB drive would.  It 
does not currently do that.  Anyone here know how to make an eSATA (or a 
hotplug SATA mobile slide, for that matter) show up in /media, and have all 
the nice hotplug capabilities USB drives have?  That is, KDE brings up the 
dialog asking what to do with the drive, it can be automounted, etc.  Then 
when going to hot-unplug, I'd use the 'safely remove' context menu entry 
(just like a USB drive) and it would unmount the drive and unload anything it 
might need to unload.


Er...it is not treated like USB disks or CDs or DVDs but as a regular 
hard disk.




Anybody have this working?  If not, i'm going to figure it out, but didn't 
want to reinvent the wheel.


I guess you will need some scripting...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] new CentOS 5 as DNS server

[Feizhou]

Ken Price wrote:


I'm coming in late to this thread.  We too are a hosting provider  
(small time), hosting approximately 1600 live domains.


Not to say tinydns is a bad alternative, as it has it's strengths,  
but we moved away from [outgrew] it 2 years ago.


I used to work for a messaging service provider and they had two
systems. The first system was the service provider offering its
messaging platform for its own domains and a hundred or so domains for
quite a lot of clients and these were managed with BIND by hand.


eek.  i can imagine that was a pain.


In the beginning it sure was.

Good thing BIND has this $INCLUDE thing. That reduced the amount of work 
after I cleaned up the mess from the previous configuration maintainer.






So I do not know how you 'outgrew' tinydns. After all the only part
that involves tinydns is 'generate the cdb file from a database for
tinydns to chew' or in other words, generating the cdb file for tinydns
is the least of your problems to tackle.


Look, in no way was i bashing TinyDNS or starting a flamewar.  This is 
why i prefaced my comment with "Not to say tinydns is a bad alternative, 
as it has it's strengths".  By "outgrew" i mean we required more of our 
DNS server.  We weren't a top level domain provider.  Our clients 
required authoritative and sometimes secondary service.  As a result, we 
required better RFC compliance and a broader range of features then 
TinyDNS provided.  That's all.  Our business simply required greater 
flexibility.


You should have come out with this in the first place. Stating 1600 
domains as a hosting provider and then not clearly stating the technical 
reasons on why you had to switch away from tinydns looks like a veiled 
snipe at djbdns.


If anybody dares insinuate ease of use, performance or security reasons 
for not using djbdns, I am going to grill them because 'I' have tried to 
find something to replace dnscache, which has this knack of not caching 
CNAME records and hammering the authoritative servers of a zone when it 
receives multiple new requests for records in that zone before it gets 
an answer, and I have yet to find anything that is as scalable as 
dnscache despite its annoying shortcomings.




Generally, your business needs should determine the solution.  Not the 
other way around.


Agreed.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] new CentOS 5 as DNS server

[Feizhou]

I'm coming in late to this thread.  We too are a hosting provider (small 
time), hosting approximately 1600 live domains.


Not to say tinydns is a bad alternative, as it has it's strengths, but 
we moved away from [outgrew] it 2 years ago.


I used to work for a messaging service provider and they had two 
systems. The first system was the service provider offering its 
messaging platform for its own domains and a hundred or so domains for 
quite a lot of clients and these were managed with BIND by hand.


The other system was used for solely one client and that client is a 
rather big Registrar, whom I shall not name, with thousands of domains 
of which a good portion (over 50k) were hosted by this messaging service 
provider since the registrar did not have its own messaging platform. 
All these domains were automatically managed with tinydns.


So I do not know how you 'outgrew' tinydns. After all the only part that 
involves tinydns is 'generate the cdb file from a database for tinydns 
to chew' or in other words, generating the cdb file for tinydns is the 
least of your problems to tackle.


The secondaries are handled just the same (actually, you do not need 
'secondaries' anymore...if IIRC, you just have to rsync the cdb file 
over so there is no real master/slave thing here)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] new CentOS 5 as DNS server

[Feizhou]

Ray Leventhal wrote:

Tomasz Napierała wrote:

Apart from installation, I would suggest using PowerDNS as a secondary DNS. 
It's not only robust, fast and secure, but also has very interesting 
capability of automated zones depolying (espacially usefull for secondary 
NS). I'm using it on all my secondary nameservers, and that's saving me lot 
of time.


Regards,
  

Thank you Tomasz,  I'll have a look at PowerDNS.  Much appreciated.



Well, if you are willing to look into BIND alternatives, please take a 
look also at tinydns which is part of the djbdns package.


Dead simple format for dns configuration and on-the-fly zone updating 
are some of its features.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] new CentOS 5 as DNS server

[Feizhou]

Ray Leventhal wrote:

Feizhou wrote:

As it will be a production server and this is my first foray into
CentOS/SELinux in a production environment I was hoping to get a
recommended list of what to include and, more specifically, what *not*
to include from the distro CDs

I will be doing a text based install, hoping to avoid the installation
of X.  Other than BIND and vsftpd, I don't think I need much.  This
machine will be pulling zone files from my primary web server and
storing some archive files and backups for me.


Custom install and remove every package that you can except for bind,
openssh-server, vsftpd and whatever you use for archiving and backups
should do the trick.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Thank you Feizhou.  I'm hoping it's exactly that easy.


The installer will not let you remove packages that are in the 'Base' 
group. If you remove any package that bind, vsftpd or openssh-server 
needs, it will tell you later and ask you whether you want to ignore or 
install all dependencies and so you should safely get a working system.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] new CentOS 5 as DNS server

[Feizhou]

As it will be a production server and this is my first foray into
CentOS/SELinux in a production environment I was hoping to get a
recommended list of what to include and, more specifically, what *not*
to include from the distro CDs

I will be doing a text based install, hoping to avoid the installation
of X.  Other than BIND and vsftpd, I don't think I need much.  This
machine will be pulling zone files from my primary web server and
storing some archive files and backups for me.



Custom install and remove every package that you can except for bind, 
openssh-server, vsftpd and whatever you use for archiving and backups 
should do the trick.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)

[Feizhou]

 If we can't even get all the
repostories to use a simple repotag, we'd never get them to compile with
non-standard paths!


If everyone is going to fight over the same space it again becomes a 
matter of authority - or a free-for-all.




So adding a tag to indicate where the claim comes from so that the end 
user gets to decide who gets to have their claim validated is a fight 
for authority as opposed to those who flatly refuse to have to claim and 
just want the end user to use their repo only?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)

[Feizhou]

I thought once upon a time some repo had a package named xmms-mp3 which 
was different from the core version for obvious reasons.  I can't recall 
a problem and I didn't have to know which repo I had to manage to get or 
exclude it.


How are we supposed to know whether or not that is a sub-package like 
cyrus-sasl-md5 or cyrus-sasl-plain?





This kind of situation rapid develops into the stuff that very
experienced admins need to create for their specific installation.


You mean like every Mac user that installs an add-on package by clicking 
to open it's disk-image distribution and dragging it to a local location?




Hey that is unfair. That is only possible because dependencies and what 
not are already dealt with. Those packages will just work.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Allocating 64 kbits/s out of 256 kbits/s for one LAN behing firewall

[Feizhou]

Is it possible to acheive this task on firewall running iptables and 
iproute2 (CentOS 4.5) ?


If so, How can I do such thing?

If I do such thing, what will happen to the people behind LAN1 ? Will 
they get whole 256 kbits/s as before or will they get 256 kbit/s - 64  
kbit/s for their internet access?


Yes. use firewall marks and tc.

http://lartc.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)

[Feizhou]

Repo priorities and includes


But wouldn't it be easier if the packages had different names so you 
could just install the one(s) you want from the command line?




Try your own custom postfix with a different name and see what breaks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)

[Feizhou]

That's not what I meant.  Obviously we need additional packages in other 
repositories and that will be true as long as there is any policy that 
might exclude any contribution to a centrally managed repository.  The 
question is, why do we need/want different versions of the same-named 
packages, or packages that provide different versions of the same files 
that can overwrite each other based on conditions we can't control? 
There probably is a good reason to want this - I just can't think of it 
right now.




We don't. That is why we need tags since we do not track every package 
in every repo. Having tags allows pinpointing from which repo the 
'problem' package comes from and then setting appropriate yum configs...

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)

[Feizhou]

Les Mikesell wrote:

Feizhou wrote:

Les Mikesell wrote:

Dag Wieers wrote:

You may argue that that is a good thing. But Fedora is a different 
beast than RHEL. People may want stable packages, or current 
packages and a single repository (with the tools we have today) 
cannot provide this.


But people may want _both_ the stable package and the current package 
on the same machine at the same time.  Having a hint of the 
difference barely visible in the package name doesn't help a bit.


I cannot see how it is possible to install both the stable package and 
current package.


How many kernel packages do you have installed?  All it takes is to not 
write the same-named file in the same place as the other package.  In 
some cases there are practical problems where a service needs to listen 
on a default port and you can't run 2 at once, or the init script is 
expected to live in a certain place so we'd need a creative solution, 
but most files could just have their own unique path and you'd pick the 
one you want with your PATH setting - something well understood decades 
ago.


ROTFL. Have you ever noticed that the kernel packages all contain files 
that have different names from other packages?


Besides the kernel packages, none of the others do.



Besides, it punishes people who did not have an alternative back 
when Fedora Extras refused to do RHEL packages and only had RPMforge 
to fall back on.


At least that's my point of view.


I think you are making too much out of name differences for things 
that can clobber each other and not enough about ways to let the 
different things co-exist - on the same machines if you want them, or 
to let users choose which they want.  If two same-named packages can 
conflict, someone did something wrong and the issue shouldn't be 
about who did it but how to avoid it.





I disagree. If I was going to roll my own packages in my own 
repository to overrule the OS repositories, tagging my packages would 
be essential.


But the tags are in an inconvenient position to control anything.  How 
do you ensure that you'll get your copies if any other repo adds a newer 
release?  Normally you'd want updates to float to the latest.




I will very well shut out similarly named packages in other third-party 
repos in the yum configuration.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)

[Feizhou]

Les Mikesell wrote:

Dag Wieers wrote:

You may argue that that is a good thing. But Fedora is a different 
beast than RHEL. People may want stable packages, or current packages 
and a single repository (with the tools we have today) cannot provide 
this.


But people may want _both_ the stable package and the current package on 
the same machine at the same time.  Having a hint of the difference 
barely visible in the package name doesn't help a bit.


I cannot see how it is possible to install both the stable package and 
current package.




Besides, it punishes people who did not have an alternative back when 
Fedora Extras refused to do RHEL packages and only had RPMforge to 
fall back on.


At least that's my point of view.


I think you are making too much out of name differences for things that 
can clobber each other and not enough about ways to let the different 
things co-exist - on the same machines if you want them, or to let users 
choose which they want.  If two same-named packages can conflict, 
someone did something wrong and the issue shouldn't be about who did it 
but how to avoid it.





I disagree. If I was going to roll my own packages in my own repository 
to overrule the OS repositories, tagging my packages would be essential.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Best way to have Postfix 2.3 or 2.4 on Centos 4.4?

[Feizhou]

beast wrote:

On 27/07/07 09:42 +0200, M. Fioretti wrote:

Greetings,

I would like to install Postfix 2.3 or 2.4 (I need support for SASL
authentication via Dovecot) on a Centos 4.4 server.

I have already found rpm packages at
http://postfix.wl0.org/en/available-packages/ and pages about using
the centosplus repo for postfix.

Before launching rpm or yum, however, I'd like to ask the list which
way you think is the best way to do this. By "best" I mean the way
which:

* has no known issues, gotchas, extra configuration tricks...
* has as little extra dependencies as possible
* can be maintained/upgraded with yum


If this is a dedicated mailserver, i prefer installing postfix from source.



Better document the build procedure like make command arguments and what 
not then for your next server or in case the thing goes kaboom.


Packages exist for a reason. :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and DS300

[Feizhou]

mario salcedo wrote:

Hi, I have a server linux whith a system storage
DS300. The server run ok, transfer file no problem. 
My problem is than when i restart the DS300 this begin

to syncronizing again, but the data not is lost. I can
work whith the DS300 while this is syncronizing.
Is this normal?. 
Thanks




Please do NOT hijack threads. This confuses others and messes up the 
archives. Start a new thread.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Centos as a desktop, advisable?

[Feizhou]

beast wrote:

On 26/07/07 17:57 +0800, Feizhou wrote:

If I choose this path, can it be automatically done using yum with local
repository? what about existing data/settings/custom apps/etc? anyone 
has

real experiences on upgrading OS?


You really want apt and deb based distros like ubuntu if you want to 
go this route.


Are you saying that upgrading Centos is not advisable/reliable path and
Ubuntu is better in this area?

(pls, im not trying to start flame, pardon my ignorance :)


Debian and apt are very good at packaging. If you want to upgrade from 
one distribution to a later version, they have done it well before yum 
was in a position to achieve that. yum in FC5 should be able to 
dist-upgrade to FC6 and so on...but I have not actually done it.




Personally, I never upgrade the OS. I simply install the fresh one, 
but its

fine on my laptop, not for my clients.


Use images then if all your 400 workstations are identical.


Yes, previously I just clone the HD, but thats ok only for new install, not
preserving the data/user settings.


That is what partitioning or networked home directories do. Preserve 
user data and settings.




I'm willing to go to every clients at first install if needed, but not 
every year or so

for maintenance. I need setup and forget setup :-p


Well perhaps you can take a proper look at it then. I do not see why / 
and /usr concerns your users at all. Using images to get what you want 
out there in a flash is fire and forget. Of course, you need to do some 
work on your staging box but when that is complete, you just toss your 
new image to all 400 workstations and either wait for them to be 
rebooted or have them reboot right away as you may choose.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Centos as a desktop, advisable?

[Feizhou]

beast wrote:

On 26/07/07 11:21 +0700, beast wrote:

CentOS 5.0 as the base, but OpenOffice repo, Firefox repo and
possibly Gnome or KDE repo to keep primary office applications
current.


I'm confused here. Suppose in the next 3 year the latest OO version is 
3.1.1,

today OO in Centos5 is 2.0.4, will it get updated to version 3.x or still
using 2.x? 


It seems not. Updates directory in Centos 3 still contains OOv1.1.2 only.
So, what is the meaning of "supported for 5 years"? is it only for bug and
security fixes, not features or enhancements?


Sometimes you get enhancements and features.



Suppose in the next year, standard interface for harddisk is WATA 
(wireless ATA

:), will it be added in Centos5?


The RHEL4 kernel did get a libata update.



Sorry for asking such questions, i just reaaly want to know here :)


or better just upgrade to Centos7 which has OOv3.1?


If I choose this path, can it be automatically done using yum with local
repository? what about existing data/settings/custom apps/etc? anyone has
real experiences on upgrading OS?


You really want apt and deb based distros like ubuntu if you want to go 
this route.




Personally, I never upgrade the OS. I simply install the fresh one, but its
fine on my laptop, not for my clients.


Use images then if all your 400 workstations are identical.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Centos as a desktop, advisable?

[Feizhou]

beast wrote:

On 25/07/07 10:38 -0400, Ross S. W. Walker wrote:
They are kept functional and secure. I think that is enough in many 
cases.


If someone really needs a special app they can always compile it 
and/or install it in their $HOME.


Are you saying that you predict users will not need any new
compatibility or functionality in their primary desktop office suite
for the next 5 years?

I don't think so...

I think the previous poster has the ticket here.

CentOS 5.0 as the base, but OpenOffice repo, Firefox repo and
possibly Gnome or KDE repo to keep primary office applications
current.


I'm confused here. Suppose in the next 3 year the latest OO version is 
3.1.1,

today OO in Centos5 is 2.0.4, will it get updated to version 3.x or still
using 2.x? or better just upgrade to Centos7 which has OOv3.1?


Really entirely up to you.



Learning from my mistake with RH9, its very dificult to get the latest
software, even build from source since the dependencies is too much 
(gcc/lib

etc.) I have around 400 RH9 clients and its really a nightmare :(


The problem is that you cannot use third-party repos in Redhat 9 (IIRC) 
besides the problem of Redhat 9 being really old. With 
Centos/Ubuntu/Debian you get to have the base with certain packages 
overriden in your own repo which makes a bit more flexible than having 
to build and manually install tens or hundreds of your own packages. Of 
course, you might consider using images of the base OS for your 400 
workstations instead of relying on yum to manage those desktops.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos