Re: traffic reporter
On Mon, 9 Sep 2002, José Alberto Guzmán Ramírez wrote: What traffic sniffers/reporters have you played with or can recomend or comment on? This is from unstable: , | Package: iftop | Maintainer: christophe barbe [EMAIL PROTECTED] | Version: 0.5-1 | Depends: libc6 (= 2.2.5-13), libncurses5 (= 5.2.20020112a-1), libpcap0.7 | Description: Display bandwidth usage on an interface | iftop does for network usage what top(1) does for CPU usage. It | listens to network traffic on a named interface and displays a table | of current bandwidth usage by pairs of hosts. Handy for answering the | question why is our ADSL link so slow?. ` Build for woody: # fakeroot apt-get --build source iftop Cheers, Cristian
Re: virtual domains and mailman with Postfix
Russell Coker wrote: help message). But if I send mail from outside the network I get the following: [EMAIL PROTECTED]: mail for server.example.com loops back to myself Now lists.example.com is a CNAME pointing to server.example.com. So why is mail sent from the local machine with mailx working, while a message sent on port 25 with the same content is rejected? External MTA are rewriting (canonifying) [EMAIL PROTECTED] to [EMAIL PROTECTED] because of the CNAME pointing to it. So your postfix will never see any [EMAIL PROTECTED] addresses. RFC 2181 10.3. MX and NS records The domain name used as [...] part of the value of a MX resource record must not be an alias. So it's best to change the DNS records: server.example.com IN A w.x.y.z. lists.example.com IN MX server.example.com. Henrik
Re: [woody] sendmail bug?. Yes, it is
I have installed Debian GNU/Linux 3.0r0 (woody). I have updated it from security and ftp.debian.org using apt-get. I have found troubles installing sendmail 8.12.3-4 /usr/sbin/sendmailconfig: /usr/sbin/update-conf: No such file or directory Correct /etc/mail/sendmail.conf before continuing. # ls -l /etc/mail/ Does not show any sendmail.conf file!. this bug has been around for a while, luckily its easily worked around: run locate update-conf and link to it from /usr/sbin i think it's in /usr/share/sendmail/bin or something I have applied this work around: ln -s /usr/share/sendmail/update_conf /usr/sbin/update_conf, but the sendmail daemon does not run. * If I execute /etc/init.d/sendmail start the system shows: Starting Mail Transport Agent: Sendmailsendmail has not been configured, not started. To configure sendmail, type sendmailconfig * So, I execute sendmailconfig again: Configure sendmail with the existing /etc/mail/sendmail.conf? [Y] Reading configuration from /etc/mail/sendmail.conf. Validating configuration. Writing configuration to /etc/mail/sendmail.conf. Writing /etc/cron.d/sendmail. Configure sendmail with the existing /etc/mail/sendmail.mc? [Y] Reload the running sendmail now with the new configuration? [Y] Reloading sendmail ... * I execute ps -el | grep sendmail and it does not show anything! Reading http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=pkgdata=sendmailarchive =no I have thought to install the package from testing or unstable. http://packages.debian.org/stable/mail/sendmail.html Package: sendmail 8.12.3-4 http://packages.debian.org/testing/mail/sendmail.html Package: sendmail 8.12.5-1 http://packages.debian.org/unstable/mail/sendmail.html Package: sendmail 8.12.6-4 Installing the sendmail package from testing or from unstable solves the problem, that is to say, it gets the sendmail process running, but it shows the below message. Is that message important?. Starting Mail Transport Agent: sendmailWarning: Cannot use HostStatusDirectory = /var/lib/sendmail/host_status: No such file or directory . Regards, Davi Leal
Postfix, cyrus, mysql and web-cyradm
Hi folks I'm trying to get web-cyradm running with postfix, cyrus and mysql. Luc de Louw' pretty detailed Postfix-Cyrus-Web-cyradm-HOWTO on http://www.delouw.ch/linux/postfix.phtml is unfortunaetlly very redhat centered. Since there's also the PAM and sasl stuff involved, debugging is somewhat difficult Has anyone managed to get this combo running under Debian and could shed some light on it? TIA, Marcel
Traffic Monitoring
Hallo liebe Liste ;) Ich habe ein problem und zwar möchte ich 3(!) Computer aus verschiedenen Netzen überwachen. Das heißt, ich möchte das total verursachte Datenübertragungsvolumen (den Traffic) von den Computern messen. Am Montsende sollte Ausdruck des Programmes so aussehen: PC01 machte 60GB Traffic PC02 machte 34,3245GB Traffic Etc... Versteht ihr was ich meine ;) Ich brauche eben ein Programm dafür... am besten für Linux, aber für Windows würde auch gehen. Any Ideas? Mit freundlichen Grüßen Andreas Kauffmann
Re: Traffic Monitoring
Please take note that this list is in english, not german Hallo liebe Liste ;) Ich habe ein problem und zwar möchte ich 3(!) Computer aus verschiedenen Netzen überwachen. Das heißt, ich möchte das total verursachte Datenübertragungsvolumen (den Traffic) von den Computern messen. Am Montsende sollte Ausdruck des Programmes so aussehen: PC01 machte 60GB Traffic PC02 machte 34,3245GB Traffic Etc... Versteht ihr was ich meine ;) Ich brauche eben ein Programm dafür... am besten für Linux, aber für Windows würde auch gehen. Any Ideas? Mit freundlichen Grüßen Andreas Kauffmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] With kind regards, Wim Fournier
Re: Traffic Monitoring
Here is an english translation of your post from babel.altavista.com. Its not good, but we might be able to help if we can understand what you're asking. On Tuesday, September 10, 2002, at 09:12 PM, Kauffmann, Andreas wrote: Hello dear list;) I have a problem would like I 3(!) Computers from different nets supervise. That is, I would like to measure the totally caused data communication volume (the Traffic) of the computers. At the Montsende expression of the program should look in such a way: PC01 made 60GB Traffic PC02 made 34,3245GB Traffic Etc Understands its which I mean;) I need evenly a program for it... best for Linux, but would also go for Windows. Any Ideas? Yours sincerely Andreas Kauffman Most people do this by grabbing the SNMP traffic statistics from the switch or router that the machines are plugged into, and graphing the numbers, with a product like mrtg. homepage: http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ also might work (and save a lot of your time): apt-get install mrtg MRTG works well for small numbers of hosts, however you might want to look at NRG (http://nrg.hep.wisc.edu/) or Cricket (http://cricket.sourceforge.net/) which both use the RRDTool back-end database and graph generation tools. This is because MRTG generates the graphs every 5 minutes, and RRDTool only generates the graphs the first time they are viewed. Cricket seems to be available via apt-get/dselect. If you need empirical numbers that you can then use to bill against, you might want to try writing something simple in perl with the Net::SNMP module to just poll the network devices for their total bytes in and out, and then to store the number in a flat file to produce a report daily or weekly or whatever. If you do not have SNMP access to the routers the machines are plugged into, then you could write a script that uses the numbers from ifconfig. For example: kirin:~# ifconfig eth0 | grep bytes RX bytes:659408711 (628.8 MiB) TX bytes:3695073697 (3.4 GiB) (hmm, maybe I need to get rid of the porn site) Write a perl (or python, or bash, or whatever your poison is) program to do something intelligent with the numbers, being aware that they get reset to 0 if the machine reboots, etc. You might find they roll over at some particular number, so you might want to find out what that number is. (Probably a 32bit unsigned int). Maybe someone else knows of a package which would be good to bill customers off (as this seems to be the purpose of your question). I hope this gives you some ideas. Nathan. -- Nathan Ollerenshaw - Systems Engineer - Shared Hosting ValueCommerce Japan - http://www.valuecommerce.ne.jp You have just destroyed one model XQJ-37 nuclear powered pansexual roto-plookerand you're gonna have to pay for it. - Frank Zappa
Re: Traffic Monitoring
I think this guy asks for the following: He has a machine which has 3 different clients from different networks. he is looking for a program to print statistics on network traffic per month per client. Hallo liebe Liste ;) Ich habe ein problem und zwar möchte ich 3(!) Computer aus verschiedenen Netzen überwachen. Das heißt, ich möchte das total verursachte Datenübertragungsvolumen (den Traffic) von den Computern messen. Am Montsende sollte Ausdruck des Programmes so aussehen: PC01 machte 60GB Traffic PC02 machte 34,3245GB Traffic Etc... Versteht ihr was ich meine ;) Ich brauche eben ein Programm dafür... am besten für Linux, aber für Windows würde auch gehen. Any Ideas? Mit freundlichen Grüßen Andreas Kauffmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] With kind regards, Wim Fournier
Re: Traffic Monitoring
I think this guy asks for the following: He has a machine which has 3 different clients from different networks. he is looking for a program to print statistics on network traffic per month per client. Hallo liebe Liste ;) Ich habe ein problem und zwar möchte ich 3(!) Computer aus verschiedenen Netzen überwachen. Das heißt, ich möchte das total verursachte Datenübertragungsvolumen (den Traffic) von den Computern messen. Am Montsende sollte Ausdruck des Programmes so aussehen: PC01 machte 60GB Traffic PC02 machte 34,3245GB Traffic Etc... Versteht ihr was ich meine ;) Ich brauche eben ein Programm dafür... am besten für Linux, aber für Windows würde auch gehen. Any Ideas? Mit freundlichen Grüßen Andreas Kauffmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] With kind regards, Wim Fournier
Re: Traffic Monitoring
On Tue, Sep 10, 2002 at 10:42:06PM +0900, Nathan wrote: Write a perl (or python, or bash, or whatever your poison is) program to do something intelligent with the numbers, being aware that they get reset to 0 if the machine reboots, etc. You might find they roll over at some particular number, so you might want to find out what that number is. (Probably a 32bit unsigned int). I think the only reliable solution is to have a counter that is reset when you query it. Can SNMP support that? Iptables could be one way of doing it. If you ivoke the iptabeles command with -v then you get verbrose output, which includes byte counters then -x to sure the exact value of numbers instead of say 100K and -Z will reset the counter. I'm not sure what exists in the way of an iptables perl module. -- Jeremy Lunn Melbourne, Australia http://psi.sf.net/ - Jabber client for Linux/win32/MacOS.
Re: Traffic Monitoring
I use ipac-ng for iptables and a webfrontend to query it. Unfortunately i forgot the name. It's quiet easy to setup, it doesn't affect your firewall rules (e.g. shorewall) and works with 2.2 and 2.4 kernel. Thomas Quoting Jeremy Lunn [EMAIL PROTECTED]: I think the only reliable solution is to have a counter that is reset when you query it. Can SNMP support that? Iptables could be one way of doing it. If you ivoke the iptabeles command with -v then you get verbrose output, which includes byte counters then -x to sure the exact value of numbers instead of say 100K and -Z will reset the counter. I'm not sure what exists in the way of an iptables perl module. -- Jeremy Lunn Melbourne, Australia http://psi.sf.net/ - Jabber client for Linux/win32/MacOS. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - This mail sent through IMP: http://horde.org/imp/
[Fwd: VU#210321]
Below is a message some CERT folk posted to NANOG-L this morning. I personally think it's a crock of shit, and that CERT is damaging their credibility by advising based purely on rumor and speculation, however perhaps someone on this list has additional information? Facts and first-hand information only, please. -- Jeff S Wheeler [EMAIL PROTECTED] -Forwarded Message- From: CERT(R) Coordination Center [EMAIL PROTECTED] To: nanog@merit.edu Cc: CERT(R) Coordination Center [EMAIL PROTECTED] Subject: VU#210321 Date: 10 Sep 2002 10:16:14 -0400 -BEGIN PGP SIGNED MESSAGE- Hello, The CERT/CC has recently seen discussions in a public forum detailing potential vulnerabilities in several TCP/IP implementations (Linux, OpenBSD, and FreeBSD). We are particularly concerned about these types of vulnerabilities because they have the potential to be exploited even if the target machine has no open ports. The messages can be found here: http://lists.netsys.com/pipermail/full-disclosure/2002-September/001667.html http://lists.netsys.com/pipermail/full-disclosure/2002-September/001668.html http://lists.netsys.com/pipermail/full-disclosure/2002-September/001664.html http://lists.netsys.com/pipermail/full-disclosure/2002-September/001643.html Note that one individual claims two exploits exist in the underground. At this point in time, we do not have any more information, nor have we been able to confirm the existence of these vulnerabilities. We would appreciate any feedback or insight you may have. We will continue to keep an eye out for further discussions regarding this topic. FYI, Ian Ian A. Finlay CERT (R) Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA USA 15213-3890 -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBPX3/VqCVPMXQI2HJAQFEqQQAr54e9c5SGgrIfmK5+EWqSOdvySKRtjwa 6dE4Z4DcoyHS57W5BEwW2OSXSGwrBL+mzippfTEnwAVT/otLYAADsnlPSQioRYNi qHVh8yRXgh3kBgx3cMdhe3NC6zaSWffOsc/EvhkCDo2xa8FQItOqE5MjOeASjt1L st5qq4mgM+E= =kHt1 -END PGP SIGNATURE- signature.asc Description: This is a digitally signed message part
Re: Postfix, cyrus, mysql and web-cyradm
Hi! I have it running with the stable distribution. All the setup is the same as in the HOWTO. The only diference is in the authentication, you have to use pwcheck_pam instead of pwcheck_standard First do an /etc/init.d/pwcheck stop before changing to the pam version, because pwcheck will refuse to start pwcheck_pam has memory leaks and grows to insane memory size, I restart it every hour. # update-alternatives --display pwcheck pwcheck - status is manual. link currently points to /usr/sbin/pwcheck_pam /usr/sbin/pwcheck_standard - priority 30 /usr/sbin/pwcheck_pam - priority 20 Current `best' version is /usr/sbin/pwcheck_standard. # Now I'm evaluating to migrate this setup to a courier imap and the postfix's virtual transport using the JAMM http://jamm.sourceforge.net/ Regards Hi folks I'm trying to get web-cyradm running with postfix, cyrus and mysql. Luc de Louw' pretty detailed Postfix-Cyrus-Web-cyradm-HOWTO on http://www.delouw.ch/linux/postfix.phtml is unfortunaetlly very redhat centered. Since there's also the PAM and sasl stuff involved, debugging is somewhat difficult Has anyone managed to get this combo running under Debian and could shed some light on it? TIA, Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Traffic Monitoring
Kauffmann, Andreas schrieb am Dienstag, dem 10. September 2002: Hallo liebe Liste ;) Ich habe ein problem und zwar möchte ich 3(!) Computer aus verschiedenen Netzen überwachen. Das heißt, ich möchte das total verursachte Datenübertragungsvolumen (den Traffic) von den Computern messen. Am Montsende sollte Ausdruck des Programmes so aussehen: PC01 machte 60GB Traffic PC02 machte 34,3245GB Traffic Install ipaudit in combination with ipaudit-web. Google will show you the way. yours, peter [I CC you as you probably are not on this list, as you did write in German when it is obvious that this is an english language list.] -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpdQPPIiqt1S.pgp Description: PGP signature