Re: Postfix/Procmail losing mail

[Germán Gutierrez]

 Gene Grimm escribio:
 Some of our clients are reporting that they are getting virtually no
 mail. Even when specific people tell them they have sent mail, these
 clients receive nothing through the POP3 server (so it's apparently not
 getting to their inbox).

 Postfix is configured to use procmail as the delivery agent. According
 to the log files, postfix is sending all of it to procmail, but it
 doesn't appear to be reaching the mailbox. There is no $HOME/.procmailrc
 or /etc/procmailrc file on this server. Thus far I cannot find anything
 that tells me procmail is dropping messages. Can anyone point me to
 where I can find debug info on procmail?



IMHO if you don't use procmail, remove it from the postfix configuration.
If you want to test it, you can use the .forward file to see what is
going on.

A quick search on google gave me this:
http://www.itworld.com/nl/unix_sys_adm/03132002/

-- 
Regards,
  Germán

Re: /root/ drwxr-xr-x?

[Pedro Larroy]

On Wed, Jul 31, 2002 at 11:39:02PM +0200, Peter Palfrader wrote:
 On Wed, 31 Jul 2002, Thomas -Balu- Walter wrote:
 
  # ls -lad /root/
  drwxr-xr-x9 root root 4096 Jul 31 18:25 /root/
  
  I wonder if /root/ shouldn't be accessible by root only per default? But
  in which package can I find this one? Should I make a bug-report or do
  you think this is normal? (It might be some kind of SuSE-remembrance
  from earlier days ;)
 
 This is not the first time this comes up.
 
 short version: /root 755 is no security risk and it wont get changed
either. If you want, set it to 0700 on your box.
 long version: search the list archives (both -user and -devel will have
   some hits I guess).
   
 HTH
   yours,
   peter
 
 -- 
  PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
 messages preferred.| : :' :  The  universal
| `. `'  Operating System
  http://www.palfrader.org/ |   `-http://www.debian.org/


IMHO at least it should be noticed somewhere in the instalation or
something. Specially when it used to be 750 and there may be sensible
data there.

Regards.



-- 
 ... ___ ...
|   /| |\   | 
|  /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr  |-\  |
| /--|No MS-Office attachments please. |--\ |
o-|--|  e-mail: [EMAIL PROTECTED]|--|-o 
|  \-|finger [EMAIL PROTECTED] for public key and info   |-/  | 
|...\|_|/...| 

Boarding SuSE with Debian

[Florian Bantner]

Ahoy friendly Debian fellows,

my mission is following: Have rented a cheap server from
an cheap hoster for a customer of ours. Only drawback: It
is running suse linux. Since the provider is so cheap, he
tells us: Do with the server what you want. And so I want
Debian to take over. The problem:

1. No access to neither floppy nor cd-rom
2. Only service I get is pressing the reset button
3. The other service is to reinstall base suse-
   installation if the server fails to come up. 
   This will cost me 70 EUR/USD

What is the best way to get Debian on this box? And how
can I avoid the reboot-fail-reinstall-pay-tray again
trap?

with kind regards

Florian

-- 
--
Florian Bantner  AXON-E interaktive medien
Tel. +49-941-599 854 4  Fax. +49-941-599 854 1
Mail [EMAIL PROTECTED]
Key  http://www.axon-e.de/gpg/f.bantner.key
1191 0C87 D9DB 3217 ABBA  5223 6D74 AB19 5C9D FC49
--

Re: Boarding SuSE with Debian

[Marcin Sochacki]

On Wed, Aug 07, 2002 at 07:55:26PM +0200, Florian Bantner wrote:
 my mission is following: Have rented a cheap server from
 an cheap hoster for a customer of ours. Only drawback: It
 is running suse linux. Since the provider is so cheap, he
 tells us: Do with the server what you want. And so I want
 Debian to take over. The problem:
 
   1. No access to neither floppy nor cd-rom
   2. Only service I get is pressing the reset button
   3. The other service is to reinstall base suse-
  installation if the server fails to come up. 
  This will cost me 70 EUR/USD
 
 What is the best way to get Debian on this box? And how
 can I avoid the reboot-fail-reinstall-pay-tray again
 trap?

If the machine has a secondary HDD or unused partition, or at least
two partitions, you can install Debian parallel to the existing SuSE.

1. Install a minimal Debian system on some local box. Remember to set
   everything (kernel modules, IP address, etc.) just as you would do
   on the server.
2. tar.gz the whole installation into one big archive (ommiting /proc).
3. Copy the archive to the server.
4. Create a new filesystem on spare partition/disk (or if SuSE already
   occupies several partitions move the data, so that one of the
   partitions is free).
5. Untar the archive to the fresh filesystem.
6. Correct the entries in Debian's /etc/fstab to match those on remote
   server.
7. In SuSE's lilo.conf add a section with Debian's boot and set it
   as default (but still leave SuSE section).
8. Make sure you have prompt and timeout options in lilo.conf.
9. Run lilo.
10. Examine the Debian setup carefully, again.
11. Reboot the machine.
12. Pray/drink a coffee while pinging the machine.
13. If it comes up -- you have a Debian system and gradually you can
remove SuSE.
14. If it doesn't come up -- ask the ISP to go to the console, reset
the machine and choose SuSE at lilo prompt. I hope they can
do it for free.

Some caveats: /proc filesystem, swap partition, lilo, fstab, sshd/telnetd.

Good luck!
Marcin

Re: Boarding SuSE with Debian

[Joey Hess]

Florian Bantner wrote:
 Ahoy friendly Debian fellows,
 
 my mission is following: Have rented a cheap server from
 an cheap hoster for a customer of ours. Only drawback: It
 is running suse linux. Since the provider is so cheap, he
 tells us: Do with the server what you want. And so I want
 Debian to take over. The problem:
 
   1. No access to neither floppy nor cd-rom
   2. Only service I get is pressing the reset button
   3. The other service is to reinstall base suse-
  installation if the server fails to come up. 
  This will cost me 70 EUR/USD
 
 What is the best way to get Debian on this box? And how
 can I avoid the reboot-fail-reinstall-pay-tray again
 trap?

Install debian in a chroot with debootstrap. If you have a spare
partition to use as the chroot you can eventually make it the bootalbe
partition.

-- 
see shy jo

Re: Boarding SuSE with Debian

[Emilio Brambilla]

hello,
On Wed, 7 Aug 2002, Marcin Sochacki wrote:

[...]
 7. In SuSE's lilo.conf add a section with Debian's boot and set it
as default (but still leave SuSE section).
 8. Make sure you have prompt and timeout options in lilo.conf.
 9. Run lilo.
using lilo -R may help you at point 14

 14. If it doesn't come up -- ask the ISP to go to the console, reset
 the machine and choose SuSE at lilo prompt. I hope they can
 do it for free.
you will ask him only to reboot the server, and it will boot suse
automagically (as it will be the second boot)

-- 
bye,
emilio

pdnsd/diald problem

[if . frijns]

Hi all,

Following your advices for setting up a mailserver one of the
replies was to set up a dns-server first, pdnsd to be more specific.

Trying so it won't dial in correctly.

I run pppd on the dial-up server for the connection to my ISP. Works fine.
I run daild on this server because I want to bring down my connection after
10 mins. idle. (I'm served a dynamic IP-address). When my LAN has an internet-
question it has to be brought back-up again. This works OK too.

However: pdnsd gives me some trouble:

Configuration pdnsd:
resolv.conf:
127.0.0.1

pdnsd.conf:

global {
...
server_ip=127.0.0.1
}
server {
ip=xxx.xx.xx.xx; #first ISP DNS-server
timeout=30;
interval=onquery;
uptest=diald;
device=ttyS0;
interface=ppp0;
purge_cache=off;
lean_query=on;
proxy_only=on;
}
__

diald -f /var/cache/options.provider servers internet-requests.

The problem is that, when I put forward a internet-request from one
of the other servers on the LAN, the dial-up server makes the connection,
but the other server won't see it.
if you drop the request and ask it again (while the connection is still there)
the request is resolved.
But why it doen't work the first time.

should I use uptest=if instead. (makes no difference!)

Anybody an idea?

Thanx in advance,
Frank.

Re: Boarding SuSE with Debian

[Marcin Sochacki]

On Wed, Aug 07, 2002 at 08:46:41PM +0200, Emilio Brambilla wrote:
 using lilo -R may help you at point 14

That's a brilliant suggestion. Thanks!

Marcin

Re: /root/ drwxr-xr-x?

[Jason Lim]

 On Wed, Jul 31, 2002 at 11:39:02PM +0200, Peter Palfrader wrote:
  On Wed, 31 Jul 2002, Thomas -Balu- Walter wrote:
 
   # ls -lad /root/
   drwxr-xr-x9 root root 4096 Jul 31 18:25 /root/
  
   I wonder if /root/ shouldn't be accessible by root only per default?
But
   in which package can I find this one? Should I make a bug-report or
do
   you think this is normal? (It might be some kind of SuSE-remembrance
   from earlier days ;)
 
  This is not the first time this comes up.
 
  short version: /root 755 is no security risk and it wont get changed
 either. If you want, set it to 0700 on your box.
  long version: search the list archives (both -user and -devel will
have
some hits I guess).
 


 IMHO at least it should be noticed somewhere in the instalation or
 something. Specially when it used to be 750 and there may be sensible
 data there.

 Regards.


Root files, IMHO, should never be publically listed. Since anything root
does should be viewed as important and a security risk (making people very
careful in what they do), it makes sense that the files root has, in
general, will also be of high priority, important, and a security risk.

In addition, I see absolutely no advantage in letting the public see the
contents of root's account. I am sure nearly every high usage or
publically accessable server has already got /root set to 700 or something
similar for the above reasons.

It follows through that in most cases there is absolutely no reason to let
the public see the contents of /root/ (as mentioned above). Since I
believe in security, and since making /root 700 or similar does not take
away any functionality, I see no reason why it cannot be changed to the
default setting. Does it not make sense to ship Debian with as much safety
and security as possible, especially when it does not reduce or limit
functionality?

Sincerely,
Jason
http://www.zentek-international.com/

Re: Boarding SuSE with Debian

[Florian Bantner]

On Mit, 07 Aug 2002, Marcin Sochacki wrote:

 On Wed, Aug 07, 2002 at 07:55:26PM +0200, Florian Bantner wrote:
  my mission is following: Have rented a cheap server from
  an cheap hoster for a customer of ours. Only drawback: It
  is running suse linux. Since the provider is so cheap, he
  tells us: Do with the server what you want. And so I want
  Debian to take over. The problem:
  
  1. No access to neither floppy nor cd-rom
  2. Only service I get is pressing the reset button
  3. The other service is to reinstall base suse-
 installation if the server fails to come up. 
 This will cost me 70 EUR/USD
  
  What is the best way to get Debian on this box? And how
  can I avoid the reboot-fail-reinstall-pay-tray again
  trap?
 
 If the machine has a secondary HDD or unused partition, or at least
 two partitions, you can install Debian parallel to the existing SuSE.
 
 1. Install a minimal Debian system on some local box. Remember to set
everything (kernel modules, IP address, etc.) just as you would do
on the server.
 2. tar.gz the whole installation into one big archive (ommiting /proc).
 3. Copy the archive to the server.
 4. Create a new filesystem on spare partition/disk (or if SuSE already
occupies several partitions move the data, so that one of the
partitions is free).
 5. Untar the archive to the fresh filesystem.
 6. Correct the entries in Debian's /etc/fstab to match those on remote
server.
 7. In SuSE's lilo.conf add a section with Debian's boot and set it
as default (but still leave SuSE section).
 8. Make sure you have prompt and timeout options in lilo.conf.
 9. Run lilo.
 10. Examine the Debian setup carefully, again.
 11. Reboot the machine.
 12. Pray/drink a coffee while pinging the machine.
 13. If it comes up -- you have a Debian system and gradually you can
 remove SuSE.
 14. If it doesn't come up -- ask the ISP to go to the console, reset
 the machine and choose SuSE at lilo prompt. I hope they can
 do it for free.
 
 Some caveats: /proc filesystem, swap partition, lilo, fstab, sshd/telnetd.
 
 Good luck!
 Marcin
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 

Thanks for the answer (to the other, too), but still there are two
points:
1. Only one big partition (30GB) mountet as /
2. Noone will go to the terminal for me, which means
   either it comes up or -- hello again plain SuSE, goodbye 70.-

Best regards

Florian

-- 
--
Florian Bantner  AXON-E interaktive medien
Tel. +49-941-599 854 4  Fax. +49-941-599 854 1
Mail [EMAIL PROTECTED]
Key  http://www.axon-e.de/gpg/f.bantner.key
1191 0C87 D9DB 3217 ABBA  5223 6D74 AB19 5C9D FC49
--

Re: Boarding SuSE with Debian

[Nate Campi]

On Thu, Aug 08, 2002 at 12:00:25AM +0200, Marcin Sochacki wrote:
 On Wed, Aug 07, 2002 at 09:21:45PM +0200, Florian Bantner wrote:
  Thanks for the answer (to the other, too), but still there are two
  points:
  1. Only one big partition (30GB) mountet as /
  2. Noone will go to the terminal for me, which means
 either it comes up or -- hello again plain SuSE, goodbye 70.-
 
 But wait, maybe there is a separate swap partition configured?
 You could switch off the swap and use that partition for Debian.
 I guess 64 MB could be enough. In case you have very little RAM available,
 you could use a regular swap file.

Just two days ago I converted a host in a datacenter to debian from
redhat, from the comfort of my home. I'd recommend using the swap
partition as suggested above, and using the original kernel from suse.
You know it boots the box, so use it again. Use lilo's chroot (-r)
option to install lilo from within the new debian filesystem after you
copy over a good install from another woody box. Use the -v and -t
options to see what it will do before running lilo for real on the new
install.

I cloned a woody box like this:

# rsync -avz -e ssh --exclude 'proc' / susebox:/swapmount

Don't copy /proc - weird things happen, make sure /proc exists on the
new filesystem though (mkdir /proc after the rsync).

I'm leaving out some details, but I think they were all covered in
previous messages in this thread.
-- 
Guide to understanding a net.addict's day: Slow day: didn't have much
to do, so spent three hours on usenet. Busy day: managed to work in
three hours of usenet. Bad day: barely squeezed in three hours of
usenet. - Unknown



pgpCFSmVUFLlP.pgp
Description: PGP signature

Re: Boarding SuSE with Debian

[Nate Campi]

On Wed, Aug 07, 2002 at 03:17:45PM -0700, Nate Campi wrote:
 
 I'd recommend using the swap
 partition as suggested above, and using the original kernel from suse.
 You know it boots the box, so use it again.

Er, I meant the _currently_ running kernel. Using a known good kernel
cuts down the number of things that can go wrong - the guiding principle
for sysadmins ;)
-- 
Man is still the most extraordinary computer of all. - JOHN F.
KENNEDY, speech (1963)



pgpiQU5iOV8NJ.pgp
Description: PGP signature

Re: Boarding SuSE with Debian

[Donovan Baarda]

On Wed, Aug 07, 2002 at 03:24:59PM -0700, Nate Campi wrote:
 On Wed, Aug 07, 2002 at 03:17:45PM -0700, Nate Campi wrote:
  
  I'd recommend using the swap
  partition as suggested above, and using the original kernel from suse.
  You know it boots the box, so use it again.
 
 Er, I meant the _currently_ running kernel. Using a known good kernel
 cuts down the number of things that can go wrong - the guiding principle
 for sysadmins ;)

Yes, but be _very_ careful... you will need more than just the kernel, you
will also need any initrd images, and you will need to make sure that the
kernel+initrd will work for the new configuration... ie don't change fs type
or anything.

In some ways trying to use the same kernel introduces as much risk as it
avoids... I'd probably be inclined to risk a new kernel rather than risk
stuffing up running the old kernel under a new distro...

-- 
--
ABO: finger [EMAIL PROTECTED] for more info, including pgp key
--

Re: pdnsd/diald problem

[Donovan Baarda]

On Wed, Aug 07, 2002 at 09:00:37PM +0200, [EMAIL PROTECTED] wrote:
 Hi all,
 
 Following your advices for setting up a mailserver one of the
 replies was to set up a dns-server first, pdnsd to be more specific.
 
 Trying so it won't dial in correctly.
 
 I run pppd on the dial-up server for the connection to my ISP. Works fine.
 I run daild on this server because I want to bring down my connection after
 10 mins. idle. (I'm served a dynamic IP-address). When my LAN has an internet-
 question it has to be brought back-up again. This works OK too.
 
 However: pdnsd gives me some trouble:
 
 Configuration pdnsd:
 resolv.conf:
 127.0.0.1
 
 pdnsd.conf:
 
 global {
 ...
 server_ip=127.0.0.1

I dont think this is a good idea... is this machine a gateway for other
downstream clients? If so, the downstream clients will want to use it.

 }
 server {
 ip=xxx.xx.xx.xx; #first ISP DNS-server
 timeout=30;
 interval=onquery;
 uptest=diald;
 device=ttyS0;
 interface=ppp0;
 purge_cache=off;
 lean_query=on;
 proxy_only=on;
 }
 __
 
 diald -f /var/cache/options.provider servers internet-requests.
 
 The problem is that, when I put forward a internet-request from one
 of the other servers on the LAN, the dial-up server makes the connection,
 but the other server won't see it.
 if you drop the request and ask it again (while the connection is still there)
 the request is resolved.
 But why it doen't work the first time.

I'm pretty sure you currently have your downstream servers using upstream
nameservers. I think the reason the first request brings up the link but
never results in a resolved name is DNS uses UDP. diald probably drops the
first packet used to bring the link up, and relies on the the protocol error
handling to re-transmitt it. I think the UDP DNS query is not recovering
well. Either that or the request is re-using some bogus arp or whatever info
that diald reports before bringing up the link. Any sort of dial-on-demand
setup with dynamic ips has the problem of not knowing what IP to send to
before bringing up the link. I believe ipppd uses some kernel hack to get
around this.

However, all this is not important. all you need to do is make your
downstream servers use the machine running pdnsd as their nameserver.

Because you have configured pdnsd to only bind to 127.0.0.1, none of the
downstream clients can use it as their nameserver. What you want to do is
remove the specific binding to 127.0.0.1, and make the downstream servers
use the machine running pdnsd as their nameserver. The bonus of this is if
pdnsd already has the answer in its cache, then diald won't even need to
make a connection. If you are also running a squid proxy for example, you
might find that whole browsing sessions for relatively static sites (The LDP
comes to mind) can be performed without bringing up the link at all.

-- 
--
ABO: finger [EMAIL PROTECTED] for more info, including pgp key
--