Re: OT: good open source (or other) MUAs that work under Windoze
AB == Alex Borges Alex writes: [...] AB Mozilla rulez for me. You can also get it to preload so it AB aint so damned slow (or so i think). Hmm, you can also get Emacs/Xemacs under Windows and run Gnus or VM as your MUA. BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: good open source (or other) MUAs that work under Windoze
AB == Alex Borges Alex writes: [...] AB Mozilla rulez for me. You can also get it to preload so it AB aint so damned slow (or so i think). Hmm, you can also get Emacs/Xemacs under Windows and run Gnus or VM as your MUA. BM
postfix oddities.... 220 *******
RA == Roger Abrahamsson [EMAIL PROTECTED] writes: [...] RA Escape character is '^]'. 220 [...] Cisco PIX firewall with the SMTP option does this. Is there a PIX in the path? If so, it'll be trouble. It used to be broken in several ways. PIX admins who go for this option tend to be uncooperative to the point of coming across as ignorant and dense. All in my humble experience, YMMV. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SCSI or IDE
TH == Thomas Kirk [EMAIL PROTECTED] writes: [...] TH /dev/sdb5: Timing buffer-cache reads: 128 MB in 0.95 seconds TH =134.74 MB/sec TH /dev/sdb5: Timing buffered disk reads: 64 MB in 3.42 seconds = TH 18.71 MB/sec TH When it comes to real world test my scsibased system is almost TH twice as fast as the idebased one :) [...] Hmm, the IDE drive in my notebook beats that! defter:~# hdparm -tT /dev/hda /dev/hda: Timing buffer-cache reads: 128 MB in 0.55 seconds =232.73 MB/sec Timing buffered disk reads: 64 MB in 3.29 seconds = 19.45 MB/sec This is an IBM a30p, with a 5200? RPM 2.5 48 GIG drive. So what are we concluding from this? I choose to conclude nothing of major significance. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
ANR == Adriano Nagelschmidt Rodrigues [EMAIL PROTECTED] writes: [...] ANR Why? Can you list the reasons? For example, do you really ANR need an external cache and a server running on the same ANR machine, which can only have one public IP address? [...] Here's one: consider the domain bogus.internal served by the proxy/gateway box that also doubles as a caching DNS server for resolvers inside a firewall. This is not unusual. DJB probably covers this case in some FAQ at his site, I am just saying this is not an altogether nutty thing to want as you seem to imply. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
ANP == Adriano Nagelschmidt Rodrigues [EMAIL PROTECTED] writes: BM Here's one: consider the domain bogus.internal served by the BM proxy/gateway box that also doubles as a caching DNS server for BM resolvers inside a firewall. This is not unusual. ANP Just run the server on the public IP address and the cache on ANP the internal (private) IP address. [...] Hmm, the 127.0.0.1 way outlined by another lister is much better, no need for listening on the public IP. ANP By only have one public IP address I meant only have _one_ ANP IP address, sorry. I also assume that there is no shortage ANP for private IPs (you can always add one more to a host). Oh sure, I was just responding to the who'd need such a thing question, not to the how would one do this if one cannot run both kinds of servers on one interface one. It turns out you weren't asking the question I thought you were! cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DNS servers
[...] TM ... When I turned TM from BIND to djbdns, I discovered that I had several errors in TM my name server setup, despite the fact that I thought I had TM double-checked each time I messed with the server. [...] Just out of curiosity, what kind of errors were these? [...] TM Just the matter of handling the various dots right, and not TM forgetting the serial number, makes for a lot of chances to TM mess things up, especially if you're tired. Of course, but don't be root when you are that tired. Don't even sudo. Surely djbdns can't help there to the extent you imply. [...] TM Like checking all the reverse-mapping hassle that's going on TM on the Internet. Most people don't do it right, no? Doing it TM right with BIND is work. [...] Doing it right usually entails reading RFC-2317 these days. You will find that many admins are illiterate when it comes to this, so they screw it up. This is not a config file format issue, IMHO. TM Doing it right with djbdns comes for TM free if someone likes to delegate the reverse mapping to you, TM and/or accepts to pull it from you. [...] Ok, I admit I don't see how. I'll go read the site when I get a chance. I'd love to see the problem I allude to above solved for free. Or maybe you mean generating PTR records automatically when A records are defined, in which case I kinda regret wasting time on this. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Newbie: Is there a basic Debian-for-ISP HOWTO?
EvB == Emile van Bergen [EMAIL PROTECTED] writes: [...] me Sendmail is _very_ flexible but it is probably not good for the me inexperienced admin. If you are willing to read documentation me and M4 doesn't scare you, it is a fairly safe bet. EvB Which bet being safe? That it can eventually do what you EvB want, given enough time and attention? Probably. [...] Hmm, it takes the insertion of a couple of lines and the creation of the map file (which you would have to anyway) to get virtual mail forwarding in sendmail. Covered in detail in the FAQ. It really isn't that hard. You don't even invoke M4 manually -- just run make or sendmailconfig under Debian to update everything. me In my most humble opinion one ought not be running an ISP of me any viable size if one has trouble getting sendmail to do me what's needed. EvB Ah, the old initiation-by-sendmail.cf idea. Well. I'd say EvB that an administrator who has been through it probably has EvB some stamina, and is able to grasp a certain level of EvB complexity, but other than that, I wouldn't consider willing EvB and able to set up sendmail a good criterium for knowing how EvB to run an ISP. Oh that is not what I said. All I said was if unable to get sendmail to do what's needed then probably unfit for the job NOT fit for the job if willing and able to deal with sendmail I _agree_ with that last part of your paragraph, but it is not what I said! EvB Grasping BGP, *SMTP*, DNS, HTTP, Unix and EvB having some rudimentary knowledge about programming computers EvB in general seem so much more important. [...] Yup, for the original question (virtual web + mail), I'd start by DNS, then http, SMTP in that order. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Newbie: Is there a basic Debian-for-ISP HOWTO?
ASF == Angus Scott-Fleming [EMAIL PROTECTED] writes: [...] ASF What are your problems with qmail? I know it works reasonably well but I have not used it personally myself for any amount of time and certainly not professionally. I did end up troubleshooting it at one point because it was bouncing mail in a rather unusual circumstance and was causing me embarrassment (I had recommended the guys running qmail). I tried reporting it as a bug, and asking their qmail consultant -- the answers were the same qmail kicks ass. Since I am negatively biased about it, and I have limited experience I will refrain from giving advice. (I may have a bug report somewhere, google if you wish). ASF What do you like about ASF the Postfix comm. that QMail lacks? Qmail by default wants to operate by DJB's rules and it tries to DJB-ize the remainder of your system. This much I know and dislike. I am not alone on this, a bit of googling should reveal lots of links. If I were to switch from sendmail it would be if I ran into a problem with performance -- I have not. In that case postfix looks good based on word of mouth from people I consider credible. At one point qmail's author had a rather disingenuous security nitpick about postfix, other than that it does not have a track record of glaring problems. [...] I recommend anyone contemplating about sendmail for serious use to hang out in comp.mail.sendmail for a while to see if they fit into the profile that group is supportive of. ASF Sounds like you also have issues with the sendmail community? ASF Or is it just that sendmail still has holes? Oh _I_ have no problem with the group. I occasionally contribute even. I do know that that group regularly gets complaints from people who don't feel they are helped on reasonable questions (more so than other groups I read), so I _suspect_ support through that community is problemmatic for some people. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: avoid user direct accec *.html
PH == Patrick Hsieh [EMAIL PROTECTED] writes: [...] PH In PHP, I can check the HTTP_REFERER to make sure connections PH originates from the same website. If the HTTP_REFERER is empty PH or not belongs to the same website, I can redirect the client PH to another webpage. [...] Please do NOT do this. It will seem to work most of the time, but it will most certainly fail for perfectly valid requests. Both HTTP 1.0 and 1.1 leave it as optional. If you must control access in this manner I'd say use some session mechanism or come up with a method that doesn't break under perfectly valid client behaviour. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: System Time Problems.
JCR == Jeremy C Reed [EMAIL PROTECTED] writes: [...] JCR Use something like: hwclock --systohc --utc Yes this would set the hw clock to UTC. I think the OP was asking for how to notify the system that that is not the case. The place to do that is in /etc/default/rcS I believe. But anyway, why not have the battery backed clock set to UTC? cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: System Time Problems.
JCR == Jeremy C Reed [EMAIL PROTECTED] writes: [...] JCR Use something like: hwclock --systohc --utc Yes this would set the hw clock to UTC. I think the OP was asking for how to notify the system that that is not the case. The place to do that is in /etc/default/rcS I believe. But anyway, why not have the battery backed clock set to UTC? cheers, BM
RE: nameservers open to world - with test output
James Well, if your company runs the DNS for your website on
James those servers and you block outside IPs from querying from,
James no one on the internet will be able to go to your website.
James :) [...]
I think the right way to do this in bind 8.?? is:
In named.conf
options {
// bla bla
allow-query { 127/8; your-network/bits; };
};
and for domain names you are authoritative for
zone your-domain-name.com in {
type master;
allow-query { any; } ;
file /etc/bind/your-domain-name.com;
};
This will accomplish what you want.
cheers,
BM
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: nameservers open to world - with test output
James Well, if your company runs the DNS for your website on
James those servers and you block outside IPs from querying from,
James no one on the internet will be able to go to your website.
James :) [...]
I think the right way to do this in bind 8.?? is:
In named.conf
options {
// bla bla
allow-query { 127/8; your-network/bits; };
};
and for domain names you are authoritative for
zone your-domain-name.com in {
type master;
allow-query { any; } ;
file /etc/bind/your-domain-name.com;
};
This will accomplish what you want.
cheers,
BM
Sendmail or DNS Problem?
CM [...] Aug 27 08:27:44 ns sendmail[658]: NAA27537: CM to=[EMAIL PROTECTED], [EMAIL PROTECTED] CM (1000/1000), delay=2+19:16:17, xdelay=00:00:00, mailer=relay, CM relay=n, stat=Deferred: Name server: n: host name lookup CM failure [...] What is 'n' ? Sendmail is looking for the host 'n' to send the mail through. Show us your sendmail.mc, and we'll take it from there. BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
RC == Russell Coker [EMAIL PROTECTED] writes: [...] RC The only systematic benchmark results that have been published RC are of comparing Maildir to mbox. Have a URL handy? RC Some of the hardware guys at VA were talking about working on RC such things with me at one time, but I think that deal's RC cancelled now... If it's not proprietary, I'd like to take a peek at what you were considering (notes etc.). Ideally I'd like to be able to parse the MTA and popper logs, generate a model for users/traffic and then test systems with the typical load * some multiple. Seems tricky because one might also need to simulate slow dial-up connections and such. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
Another lister replied as I was writing this and I agree with what he said also. RC ... I spent a few days trying to RC track down what was going on (and hack in extra environment RC variables to the scripts etc). I encountered a number of RC problems including inexplicable failures if I used native RC threads through Java (Green threads worked). It took me about 4 hours to install the full product on woody back in March. It wasn't an easy 4 hours and could have been more like 4 days had I made unlucky choices instead of the lucky ones. The main problem is that AFAIR, Oracle expected glibc 2.1 but would not check for it. Instead the installer would crash/hang. I also seem to remember that they use their own JVM that would loop eating CPU when it didn't like the libc. I dug up detailed instructions from some half-broken on-line Oracle user web board thing (written by a user), grabbed RedHat's compat package, did some magic I don't remember with debian's rpm, copied the necessary files into Oracle's own lib/ and a sccript and things started working. I don't recommend doing this for something critical because the process is mostly opaque and though to document and make repeatable with a reasonable amount of time/effort. [...] RC The Oracle installation software is written by some really RC stupid people. It has plenty of moving X widgets etc to show RC that the installation is in progress, but in terms of real RC features it is seriously lacking. Absence of consistency checks, detecting what it needs, detecting partial installs, checking from the JVM version instead of infinite looping, etc. all got choice words from me when I tried it. The killer is that they do not have a (documented) command line version so you have to have X to monkey with it if you need to. I didn't figure out whether the need for the GUI disappears after the initial install, but I would be very unhappy if it turned out I needed to have X+bandwidth available to apply vendor patches and such to a co-lo'ed production server. All that hassle so you use a mouse to select from menus and watch bitmapped progress bars. Pretty stupid. I dunno if the people who wrote it are stupid, but if the target clientele are scared of non-GUI installs they probably are living in a different world than I am (euphemism for the s word when I cannot make a bullet proof case). RC The installation and maintenance of Oracle is a tricky thing. RC Oracle consultants are also very expensive (and generally not RC excessively skillful in my experience). For these reasons I'd RC recommend Postgres over Oracle for serious applications. I don't agree with this. If you have a need and the budget for Oracle, you most certainly will also be motivated to run it on a supported platform. I'd have put is differently: make sure Postgres cannot do what you want before using Oracle for serious apps. BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTA - MLM - DNS configuration question
RC == Russell Coker [EMAIL PROTECTED] writes: RC On Saturday 30 June 2001 04:43, Eirik Dentz wrote: My question is this: The DNS is under the jurisdiction of the IS department and the MX record @mydomain.org is set up to point at their email server. Does it make sense and is it possible to set up another MX record: @lists.mydomain.org which will point at the web server? RC It is definately possible. It makes sense to me, this is what RC MX records were designed for! I agree but, this is also what name server delegation is designed for! RC Of course you'll have to convince the IS department to change RC their DNS server... True for my suggestion also though their overhead would be less if they just delegated to you (so you don't bug them as you bring servers on-line). cheers, BM
Re: firewall question...
PB == Peter Billson [EMAIL PROTECTED] writes: [...] PB Paranoia. Generally accepted practice when setting up a PB firewall is to be as restrictive as possible without breaking PB things, that includes restricting the originating ports. I don't see what you can gain by this though. PB For PB example I want to give people access to port 80 but if someone PB is trying to connect to port 80 from port 25 their system is PB either broken or they are attempting to do something that you PB probably don't want them to do. How is this any different than people connecting from any port that has an IANA registered purpose for a server? I think I understand what you are saying, but I don't see the fundamental difference between port 25 and, say, 6001. These only have meanings when something is listening on them, not as source ports. PB There is no good reason to PB allow that connection. Thanks for the Windows info but I PB don't understand how can they not have the notion of PB privledged ports? Hmm. Well they don't. In the 95/98/etc range there's no 'root' to have the privilege. I am unsure if NT variants require some admin privileges to use these ports. All AFAIK, but I've seen 95 use 1024 ports for TCP. PB Aren't privledged ports just generally PB accepted port assignments? And I'm not sure that Windows is a PB *good* reason! :-) You probably cannot avoid talking to windows, and in this case they are not breaking any protols. The logical conclusion of what you are suggesting would be to only accept connections coming from IANA's epehemeral port range (49XXX onwards) in which case you cannot talk to most Unices and Linux either. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
firewall question...
PB Hello all, Can anyone tell me if there is a good reason to PB allow connections to a local DNS port(53) from remote PB privledges ports( 1024)? Yes. Windows and possibly some other systems (little internet devices maybe) do not have this privileged port notion. Why do you care what port people send _from_? cheers, BM
firewall question...
PB Hello all, Can anyone tell me if there is a good reason to PB allow connections to a local DNS port(53) from remote PB privledges ports( 1024)? Yes. Windows and possibly some other systems (little internet devices maybe) do not have this privileged port notion. Why do you care what port people send _from_? cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: fckng null sender with Exim
ELBnet == Tech Support [EMAIL PROTECTED] writes: ELBnet Try using: headers_check_syntax = true headers_checks_fail ELBnet = true ELBnet which checks to be sure the From To BCC etc. are correctly ELBnet formatted and rejects them if not. Which would do you no good for two reasons: 1- The original poster wants to block the null sender in the envelope from. 2- The null sender is a legitimate envelope from. Based on my e-mail interaction with the original poster (sender ?) I think what is being missed here is RFC 1123 which says 5.2.9 Command Syntax: RFC-821 Section 4.1.2 The syntax shown in RFC-821 for the MAIL FROM: command omits the case of an empty path: MAIL FROM: (see RFC-821 Page 15). An empty reverse path MUST be supported. and again in summary table 5.4, it says RECEIVER-SMTP _MUST_ send error notification messages using the null return path. If you block the null sender some nasty things happen. For example your customer sends off an important price quote to an important customer using the wrong e-mail address, the mail gets queued in some relay and eventually gets bounced (with null envelope sender), but since you refuse such messages your customer never finds out. I occasionally go through host requirements RFC's because admins elsewhere break things. This particular bit of chapter and verse from 1123 comes to you courtesy of an interland client... cheers, BM
Re: sendmailsmart host
[...] # Smart relay host (may be null) DS RAN indeed, but can only have 1 value iirc... No, you can do define(`SMART_HOST',`ssmart1.isp.net:smart2.isp.net') from your .mc and thinsg will work just fine. cheers, BM
compile vs. apt-get (dpkg)
[...] GS I undestand, that I loose all apt functionality, when starting GS to compile my own source. What way is the best to deal with a GS situation like this ??? "Best" depends on your circumstances. If you are willing to invest the time, the best way is making your own .deb, bumping the version by an NN: prefix (or by some other method that I don't know) and using that. The advantages are numerous: you can install it on other boxes, you can remove it painlessly, .deb's that need http servers will still install (since your apache package is providing it) without override switches. If you change the version number properly, apt-get will leave your package when the apache in the real distribution is updated. I have had to do this once for squid a while ago. The documentation (check the doc portion of the web site) was not great, but starting with an already packaged program makes things easy. Things may have improved since then. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
compile vs. apt-get (dpkg)
[...] GS I undestand, that I loose all apt functionality, when starting GS to compile my own source. What way is the best to deal with a GS situation like this ??? Best depends on your circumstances. If you are willing to invest the time, the best way is making your own .deb, bumping the version by an NN: prefix (or by some other method that I don't know) and using that. The advantages are numerous: you can install it on other boxes, you can remove it painlessly, .deb's that need http servers will still install (since your apache package is providing it) without override switches. If you change the version number properly, apt-get will leave your package when the apache in the real distribution is updated. I have had to do this once for squid a while ago. The documentation (check the doc portion of the web site) was not great, but starting with an already packaged program makes things easy. Things may have improved since then. cheers, BM
forwarding mail to internal mail server
[...] JLG I'm open to any suggestions anyone may have. I've thought JLG about using virtusertable on the gateway box to rewrite the JLG addresses so as to be delivered to the internal mail server, JLG but I'm not sure about this. Use a mailertable that sends everything for your domain[s] to the internal server. The bat book covers this, but so should the sendmail docs. I'll point out one usual pitfall though: if you use a mailetable to route the inbound mail from a gateway host you should not have the routed domain[s] in the gateway sendmail's class w. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
forwarding mail to internal mail server
[...] JLG I'm open to any suggestions anyone may have. I've thought JLG about using virtusertable on the gateway box to rewrite the JLG addresses so as to be delivered to the internal mail server, JLG but I'm not sure about this. Use a mailertable that sends everything for your domain[s] to the internal server. The bat book covers this, but so should the sendmail docs. I'll point out one usual pitfall though: if you use a mailetable to route the inbound mail from a gateway host you should not have the routed domain[s] in the gateway sendmail's class w. cheers, BM
wireless lan support
Check out the following link. The price is right and I did get it to work reliably for a client of mine once under Debian. I don't remember all the details, but I do remember getting quick acknowledgement for a script bug I pointed out. http://www.ydi.com/Products/Wireless_LAN_Products/WL2400_LAN_CARDS/wl2400_lan_cards.html cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Back-up DNS?
Is there a good company you folks are using for back-up DNS service? Ordinarily I'd just ask an acquaintance, but all the admins I personally know who'd go for this have screwed up their name servers at one point or another and didn't know it! Maybe the question to ask is should a bunch of us start such a service cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[sailer@bnl.gov: Network Throughput]
tps ... As part of tps the traffic going through the box, some streams have 1000k tps window size for a certain reason. ... This is the TCP window? Are you sure both sides can use the window scale option? [...] tps PS: This is really something to do with the window size and tps WAN latency. If everything is set up right TCP _should_ adapt and crank up the bandwidth utilization as the transfer progresses. Latency alone should not hurt you much for long transfers, lossage+high latency might. (all of the top of my head, grans of salt recommended). tps The box does well when traffic goes in one NIC tps and out the other, as long as the end point is local When it tps hits the WAN, it all dies. [...] Maybe some router/firewall admin along the way is broken? Try either sniffing the wire or turning off path mtu discovery outright. If something on the path is dropping packets with the DF bit set and the resulting ICMP message is not finding its way back to your box you'll effectively be feeding large packets into a black hole. The proc.txt file in the Documentation directory of the kernel source should give you the info to tweak your kernel's behaviour by poking stuff into the files in /proc. Pls. let us know what you end up finding. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Default Interface
RB ...Is there a way, when I talk RB to the outside world across my WAN card, to make it use the ip RB address of my ethernet card. [I am assuming that your ethernet card is also connected to the Internet] This will work OK if the upstream from your wan card will route packets originating from you with a foreign address. Out of the box Cisco's will, but they can also be set up to block this. RB In other words, when I telnet, RB ssh, ftp to a box on the outside world, I want it to show up RB as a connection from mail.mynetwork.com (my ethernet address) RB and not host_on.framerelaycloud.provider.com (my wan address). For _server_ stuff I'd just set the IP address the listening sockets binds to the address you want and have the dafult route point to the next-hop from the WAN card. Your problem is not that though -- for clients you either have to force them to use the interface you want (a cursory look at the ssh man page reavealed no such option) or use "policy routing." What you want to accomplish is setting next-hops based on the destination port of the TCP segment contained in the IP packets. iproute2 should be able to do this for you but I cannot tell you how to get it to do it. I'd be interested to find out if I'm missing anything on this. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Email Attachments.
ST ... I realize that we will have to encode the ST files before we can attach them, two questions, first how do I ST get sendmail to actually 'attach' the encoded file to the ST message, You don't. In general sendmail does not care about what you feed it. You deal with the issue before you invoke sendmail. ST and secondly, one is the recommended format to encode ST the binary file in? Who's going to be receiving this mail and what mail reader will they be using? For e-mail I receive, I prefer bzip2 + uuencode piped into sendmail. In the general case you probably should use mime. I used metasend etc. to check this out at some point but I'll defer to more experienced listers on this. You might consider, though, just sending people a URL and have them download the binary through http. If you are doing volume, you're better off avoiding virus checker/MS exchange/mail quota etc. issues on the receiving side. cheers, BM
Re: reiserfs databases.
I'd like to thank Russel Coker for taking the time to spell his thinking out in detail. I now know more than I did five minutes ago! cheers, BM
Re[2]: routing
cog Ok so I changed it and put the client and eth1 of the linux cog bridge/router on a different subnet than the rest. Same cog results. You are omitting something (obviously), maybe you should sniff the wire and tell us what you see? cheers, BM
Re: reiserfs databases.
[...] RC The idea is that the database vendor knows their data storage RC better than the OS can guess it, and that knowledge allows RC them to implement better caching algorithms than the OS can RC use. The fact that benchmark results show that raw partition RC access is slower indicates that the databases aren't written RC as well as they are supposed to be. I am not convinced that this conclusion is warranted, though I admit I have not seen those benchmarks. The DB vendor's raw disk driver might be doing things like synchronous writes for maintaining its own invariants, while a [non-journalling] file system will care about fs meta-data consistency at best. While it is possible that the general purpose file system with more man-hours behind it is better written, the benchmarks might be omitting crucial criteria like crash protection and such. Do you guys have references to benchmarking data? RC ... One of RC which was someone who did tests with IBM's HPFS386 file system RC for server versions of OS/2. He tried using 2M of cache with RC HPFS386 and 16M of physical cache in a caching hard drive RC controller and using 18M of HPFS386 cache with no cache on the RC controller. The results were surprisingly close on real-world RC tests such as compiling large projects. It seemed that 2M of RC cache was enough to cache directory entries and other RC file-system meta-data and cache apart from that worked on a RC LRU basis anyway. This I would buy, as you point out the controller and the FS code are doing the same thing (if they are giving the same write guarantees). BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: reiserfs databases.
[...] RC The idea is that the database vendor knows their data storage RC better than the OS can guess it, and that knowledge allows RC them to implement better caching algorithms than the OS can RC use. The fact that benchmark results show that raw partition RC access is slower indicates that the databases aren't written RC as well as they are supposed to be. I am not convinced that this conclusion is warranted, though I admit I have not seen those benchmarks. The DB vendor's raw disk driver might be doing things like synchronous writes for maintaining its own invariants, while a [non-journalling] file system will care about fs meta-data consistency at best. While it is possible that the general purpose file system with more man-hours behind it is better written, the benchmarks might be omitting crucial criteria like crash protection and such. Do you guys have references to benchmarking data? RC ... One of RC which was someone who did tests with IBM's HPFS386 file system RC for server versions of OS/2. He tried using 2M of cache with RC HPFS386 and 16M of physical cache in a caching hard drive RC controller and using 18M of HPFS386 cache with no cache on the RC controller. The results were surprisingly close on real-world RC tests such as compiling large projects. It seemed that 2M of RC cache was enough to cache directory entries and other RC file-system meta-data and cache apart from that worked on a RC LRU basis anyway. This I would buy, as you point out the controller and the FS code are doing the same thing (if they are giving the same write guarantees). BM
RE: routing
You are setting 255.255.255.0 netmasks so the machines are expecting to find .1 .2 .3 machines on the local ethernet interfaces. I don't know why you are doing it like that, but what would fix your problem is getting the Linux router machine to do a proxy-arp. You can turn this on by echo'ing the apporiate incantation to proc. Documentation/proc.txt in your linux source directory should give you the details. cheers, BM
what is sufficient free memory?
Your biggest potential hog is squid. It maintains data structures in memory and their size grows with your cache size. If anything causes trashing that'll be it. The squid FAQ's give some back-of-envelope calculations for this AFAIK. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
what is sufficient free memory?
Your biggest potential hog is squid. It maintains data structures in memory and their size grows with your cache size. If anything causes trashing that'll be it. The squid FAQ's give some back-of-envelope calculations for this AFAIK. cheers, BM
Inherited ISP host configuration nightmare
GG [...] DNS was misconfigured from the start, GG causing dial-up clients to use a SMTP/POP3 hostname of GG "domain.com" instead of "mail.domain.com". We need GG "domain.com" to resolve to the NT web server for GG "http://domain.com" requests and to the Linux mail server for GG mail client software. [...] No problem, (I alluded to this yesterday). Just run a web server on the linux machine and have it issue HTTP redirects from domain.com to www.domain.com. You could also port-forward, but I think the redirect is easier to get right (and less disruptive as you are getting it right). Apache would do just fine. The bigger picture: Maybe you want to bring in an experienced firefighter for while, learn from him and then take over? Good bosses usually like 'this is new, I'll need to learn' almost as much as they like 'sure, I can do it.' Yours in particular should by now. BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Redirection of HTTP request
[...] GG Summary: domain.com A -- mail server IP GG domain.com NS -- dns1.primedomain.com GG domain.com SOA -- dns1.primedomain.com,admin.primedomain.com GG www A -- NT server IP This is what I would do with reasons: domain.com A -- web server IP because people will type domain.com. Netscape will try www.domain.com if nothing is listening at www.domain.com, IE won't AFAIK. What seems more elegant, domain.com CNAME -- name of the virtual hosting server, will not work because you cannot CNAME domain.com if you define other RRs under domain.com. www.domain.com CNAME -- domain.com so www works! domain.com SOA -- dns1.primedomain.com,admin.primedomain.com domain.com NS -- dns1.primedomain.com OK. You need another NS preferably on a different T. This is not some paperwork requirement, you want the domain name to resolve even if there is an outage. domain.com 10 MX -- mail server name domain.com 20 MX -- back-up mail server name Always try to accept mail even if the main server goes down (you don't know when the other daemons in the net will bounce queued mail, but you can adjust this on your back-up if there's an outage). On terminology: 'redirection' is not a good term to use in this case. In the context of http, it has a different meaning that does not concern DNS. EG: An http redirect tells a browser that hit www.domain1.com to go to www.domain2.com _at the HTTP level_. This is useful because it enables you to redirect, say, http://company.net/ to http://www.company.com/ and cause the location shown in the browser and remembered in bookmarks to change to http://www.company.com/. hope this helps, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Redirection of HTTP request
[...] GG Summary: domain.com A -- mail server IP GG domain.com NS -- dns1.primedomain.com GG domain.com SOA -- dns1.primedomain.com,admin.primedomain.com GG www A -- NT server IP This is what I would do with reasons: domain.com A -- web server IP because people will type domain.com. Netscape will try www.domain.com if nothing is listening at www.domain.com, IE won't AFAIK. What seems more elegant, domain.com CNAME -- name of the virtual hosting server, will not work because you cannot CNAME domain.com if you define other RRs under domain.com. www.domain.com CNAME -- domain.com so www works! domain.com SOA -- dns1.primedomain.com,admin.primedomain.com domain.com NS -- dns1.primedomain.com OK. You need another NS preferably on a different T. This is not some paperwork requirement, you want the domain name to resolve even if there is an outage. domain.com 10 MX -- mail server name domain.com 20 MX -- back-up mail server name Always try to accept mail even if the main server goes down (you don't know when the other daemons in the net will bounce queued mail, but you can adjust this on your back-up if there's an outage). On terminology: 'redirection' is not a good term to use in this case. In the context of http, it has a different meaning that does not concern DNS. EG: An http redirect tells a browser that hit www.domain1.com to go to www.domain2.com _at the HTTP level_. This is useful because it enables you to redirect, say, http://company.net/ to http://www.company.com/ and cause the location shown in the browser and remembered in bookmarks to change to http://www.company.com/. hope this helps, BM
strange compiling
If you cannot get it to repeat, it is likely a hardware problem. Possibly memory. If you do have bad hardware you will eventually corrupt your file system, so the problem should not be ignored. See: http://www.bitwizard.nl/sig11/ I use and like http://reality.sgi.com/cbrady_denver/memtest86/ as a memory tester. VA also has a burn-in system you might dig up and try. good luck, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
strange compiling
If you cannot get it to repeat, it is likely a hardware problem. Possibly memory. If you do have bad hardware you will eventually corrupt your file system, so the problem should not be ignored. See: http://www.bitwizard.nl/sig11/ I use and like http://reality.sgi.com/cbrady_denver/memtest86/ as a memory tester. VA also has a burn-in system you might dig up and try. good luck, BM
Mass install / Autoinstall (Was: Re: Debian vs Red Hat??? I need info.)
[...] KMH The best way to do that that I've found so far is to set up KMH a box with two removable hard drive racks, install and KMH _configure_ everything on one drive, then use `cfdisk', KMH `mkswap', and `mke2fs' to partition and format the second KMH drive. [...] I do a possibly non-kosher thing similar to the above. I tar everything up once it is set up and stick the tar file[s] into a SCSI drive. I have a box that boots from this SCSI drive and has IDE drawers and a kernel with IDE support built as modules. I then hot-swap IDE drives, sfdisk, mke2fs, mount and un-tar without bringing down the machine. Insmoding the ide modules after switching the drives on and rmmoding before removing them seems to work fine. Never lost a drive yet, but the largest drives I worked with under this scheme were 4.3G. With the newer/larger drives, you'd probably need to make sure LILO and the BIOS agree on a geometry for the drive to be actually bootable (dunno the incantation for that yet!). cheers, BM
Re: using nsupdate to add a new zone?
I don't understand why you need this to happen every 5 minutes. If it is delegations are from the root servers, they are only updated twice daily. Sure you can update the zone files right after the registration, but nobody except people who use your name servers for recursive lookups will get that info. If the problem is more one of pleasing the customer than doing the technically sufficient thing, I suggest the following: Separate the authoritative servers (A) from the ones the customers use for recursive lookups (R). Add the _new registrations_ to the R servers and update R's every five minutes. The customers who use the R servers will get the 'right' answers and be happy. Twice a day, yank that day's batch of new zones from the R servers and move them to A servers. This way R servers get updated often but with 100-500 zone files, the A servers get updated just in time. If the customers grab the DNS IP's via PPP, you can change the numbers very easily. Would this work, or am I misunderstaning the problem? cheers, BM
