security warnings (on unstable)
Hello What's the best way to let machines (running unstable) to warn me about pending upgrades marked as security relevant (or just relevance high)? (It's enough just to send me remember mails, that's better than to let it do the upgrade itself.) I remember someone once set up a server offering the changelogs, so you don't have to download all packages. And then I'd like not to have to write my own changelog parser. Thanks Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: realtime email backup across computer centers
At 14:40 Uhr +0200 13.05.2003, Markus Oswald wrote: > I think all mail must be forwarded from server A to B (and must be acknowledged from B) before server A acknowleges incomming mail. You could use DRBD to have your spool-directory mirrored.(...) The only real problem I see (...) split-brain situation. I'm thinking about mail mirroring as well. I'd prefer a solution on the single email level (like Maildir files), so even in case of a split brain situation it's not tragical, in the sense that one could still merge Maildir files from servers a and b after they are reconnected to each other. One way to mirror "files" (individual mails) would be to store each as a row in a mysql db and set up db replication. I think it would be really easy to make qmail deliver to such a mirrored store, it should be enoug to write a qmail-local replacement or even just use a '| my_deliver_to_mirrored_maildirs' delivery command. But I don't know if there are any IMAP (and POP3) servers offering a similar level of openness. Hints? - One could write a virtual filesystem using AVFS, but that would involve a bit of work and might involve more layers than one would wish. There are db mail solutions, but I didn't like (or trust) what I've seen so far; but maybe that would still make more sense. Christian.
Re: Problem in Unix
At 14:47 Uhr -0400 11.04.2003, Alex Pearsall wrote: > I have lost my crontab by crontab - r That seriously sucks. I've built a check into my crontab wrapper: http://pflanze.mine.nu/~chris/scripts/utilities/my.crontab Christian.
Re: customizing qmail failure delivery
At 21:25 Uhr -0800 16.02.2003, Ted Deppner wrote: On Sun, Feb 16, 2003 at 08:02:45PM +0100, Christian Jaeger wrote: - By default, qmail tries for a week to deliver a message before it gives up. No warning whatsoever is sent to the sender before. Is there no way to make it send a delay warning after 4 hours? man qmailsend, look for "queuelifetime". That's not really what I'm asking for, I think it's ok to let qmail try for a week, but I want to get informed about the delay soon. > - The failure notices include the original mail as unformatted plaintext. Not true, see http://cr.yp.to/proto/qsbmf.txt Thanks for the link. Well, why "not true", qsbmf is plaintext, and the original mail is appended unformatted :) - and from the view of my mailer the whole qsbmf is unformatted as well. > Why doesn't it include it as a MIME entity (or as multiple entities) so that the user receiving the notice can easily reuse the contents to send the message again? (i.e. in qmails default way, attachments are only seen as base64 encoded text, non-ascii chars are mangled) Because that would be a translation expense on the receiving server, an easy DoS. It should not take significantly more cpu to use mime boundaries instead of the "--- Below this line is a copy of the message." boundary. (Differences: 2 additional lines for "Content-Type: multipart/report..\n boundary=...", mime boundary line instead of "below this line", 1 additional line "Content-Type: message/rfc822" and 1 additional boundary line at the end.) As far I can see, D.J.Bernstein states in qsbmf.txt that he does not want to follow the rfc's because of the complication in correctly *parsing* mime messages (as opposed to building them). But is it any better to have to write code for the qsbmf format, now that many mime parsing libraries exist (i.e. D.J.B's own fast C library)? I have now stumbled about this: http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html which (paragraph 3.3) says exactly what I think. > - I want to set up a custom failure. For example, "Sorry, there are several users with this first name on this domain, please use one of > the following full addresses instead: .". This should really be a delivery failure message, not an autoreply, and it can be achieved by putting a program into the dot.qmail file that exits with error 100: #!/usr/bin/perl exit 100; This is a DoS in the making. Perl is really way too expensive for something so trivial. Maybe sh could echo your text and exit 100? Why should perl be slower than sh (at least when using bash for sh)? In fact, with sh you'll probably pipe the message through sed or something to get the \r\n line endings, and I'm pretty sure that would be slower. (..yep it is: time for ((i=0; i<100; i++)) do ./refuse.pl > /dev/null; done real 0m0.483s user 0m0.320s sys 0m0.160s time for ((i=0; i<100; i++)) do ./refuse_lf.sh > /dev/null; done real 0m0.538s user 0m0.300s sys 0m0.240s time for ((i=0; i<100; i++)) do ./refuse_using_sed.sh > /dev/null; done real 0m0.850s user 0m0.440s sys 0m0.410s ) > *BUT* this still gives this ugly, non structured failure notice as > described above, in particular, if I print german umlauts from the > script, they are not sent correctly. (There is a program "bouncesaying" which has exactly the same drawbacks) It's not all that, see http://cr.yp.to/proto/qsbmf.txt again. (What do you mean with it's not all that?) > Is there any addon/patch for customizing qmail's automatic messages? Dunno. A few minutes of me Googling answered the rest of these questions, why not give it a try yourself? I've been googling and reading on qmail.org several hours yesterday. Helpful Hint: Try searching for "control qmail bounce message patch". The top 6 are all what you're seeking but didn't really bother looking for. The reason I'm asking here is that I'm wondering to how you solve the problem. I don't like playing test bunny for patches that you haven't tried :). And are they really what I'm looking for?: http://www.qmail.org/qmail-bouncecontrol-1.03.patch As far I can see does not solve the problem with umlauts (it does not add a content-type header with charset). It simply replaces the first paragraph (and the subject). The result will not only not be RFC compliant, but not even comply to QSBMF. http://www.jedi.claranet.fr/qmail-bounce.patch just limits the size of bounces http://patch.be/qmail/badrcptto.patch is something different http://www.fefe.de/qmail/ different stuff. (And the following about ten hits are nothing for my problem either. And looking around another hour didn't reveal something else either.) So I still have no solution. Cheers Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
customizing qmail failure delivery
Hello I have a few questions regarding delivery failure messages: - By default, qmail tries for a week to deliver a message before it gives up. No warning whatsoever is sent to the sender before. Is there no way to make it send a delay warning after 4 hours? - The failure notices include the original mail as unformatted plaintext. Why doesn't it include it as a MIME entity (or as multiple entities) so that the user receiving the notice can easily reuse the contents to send the message again? (i.e. in qmails default way, attachments are only seen as base64 encoded text, non-ascii chars are mangled) - I want to set up a custom failure. For example, "Sorry, there are several users with this first name on this domain, please use one of the following full addresses instead: .". This should really be a delivery failure message, not an autoreply, and it can be achieved by putting a program into the dot.qmail file that exits with error 100: #!/usr/bin/perl my $txt=<<'END'; Sorry, there are several users with this first name on this domain, please use one of the following full addresses instead: . END $txt=~ tr/\n/\r\n/sg; print $txt; exit 100; *BUT* this still gives this ugly, non structured failure notice as described above, in particular, if I print german umlauts from the script, they are not sent correctly. (There is a program "bouncesaying" which has exactly the same drawbacks) Is there any addon/patch for customizing qmail's automatic messages? Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
phpgroupware problems
Hi I've attempted to use different phpgroupware* packages several times in the past few months, each time (afaik) there was another file missing. chris@pflanze SRCREBUILD > dpkgli "*phpgrou*" ii phpgroupware0.9.14-0.RC3.2 Web based GroupWare system written in PHP ii phpgroupware-admin 0.9.14-0.RC3.2 The phpGroupWare administration module ii phpgroupware-api0.9.14-0.RC3.2 The phpGroupWare API ii phpgroupware-calend 0.9.14-0.RC3.2 The phpGroupWare calendar management module ii phpgroupware-core 0.9.14-0.RC3.2 The phpGroupWare core module ii phpgroupware-email 0.9.14-0.RC3.2 The phpGroupWare E-Mail client module ii phpgroupware-prefer 0.9.14-0.RC3.2 The phpGroupWare preferences management module ii phpgroupware-setup 0.9.14-0.RC3.2 The phpGroupWare setup III module chris@pflanze SRCREBUILD > dpkgli "*phpgrou*" ii phpgroupware0.9.14-0.RC3.3.cj Web based GroupWare system written in PHP ii phpgroupware-admin 0.9.14-0.RC3.3.cj The phpGroupWare administration module ii phpgroupware-api0.9.14-0.RC3.3.cj The phpGroupWare API ii phpgroupware-calend 0.9.14-0.RC3.3.cj The phpGroupWare calendar management module ii phpgroupware-core 0.9.14-0.RC3.3.cj The phpGroupWare core module ii phpgroupware-email 0.9.14-0.RC3.3.cj The phpGroupWare E-Mail client module ii phpgroupware-prefer 0.9.14-0.RC3.3.cj The phpGroupWare preferences management module ii phpgroupware-setup 0.9.14-0.RC3.3.cj The phpGroupWare setup III module chris@pflanze SRCREBUILD > http://my.server/groupw/login.php Warning: Failed opening '/usr/share/phpgroupware//phpgwapi/inc/class.auth_pam.inc.php' for inclusion (include_path='.:/etc/phpgroupware') in /usr/share/phpgroupware/phpgwapi/inc/class.auth.inc.php on line 6 Fatal error: Cannot instantiate non-existent class: auth in /usr/share/phpgroupware/phpgwapi/inc/functions.inc.php(278) : eval()'d code on line 1 Any idea where that file has gone? Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: lsof +L1 - mysql.err.1 unlinked ...
Sorry, I've restarted mysql again and am seeing that it normally does not only write "mysql ended" but a whole bunch of other lines to the logs. So yes it is a problem. Christian. At 15:11 Uhr +0300 07.01.2003, Do-Risika RAFIEFERANTSIARONJY wrote: Hi everybody, I have always these mysql.err.1 files not unlinked in all my mysqlservers, and only a mysqld restart resolve these (nor reload neither mysqladmin refresh doesn't unlink them). Does anybody in the list encounter this problem ? I'm seeing the same with lsof (I'm on Debian, too). But when I stop mysql, it writes the "mysqld ended" message to mysql.err, not mysql.err.1. If I'm correctly assuming that this message is written by the mysqld process, then it looks like it does reopen the file as soon as it has something to write to it (instead of immediately after getting the flush-logs command). Am I obliged to add a mysql restart in my logrotate config (the debian default contain only flush-logs which doesn't unlink the mysql.err.1 log) ? or is there another wa Looks like it's no problem at all. Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: lsof +L1 - mysql.err.1 unlinked ...
At 15:11 Uhr +0300 07.01.2003, Do-Risika RAFIEFERANTSIARONJY wrote: Hi everybody, I have always these mysql.err.1 files not unlinked in all my mysqlservers, and only a mysqld restart resolve these (nor reload neither mysqladmin refresh doesn't unlink them). Does anybody in the list encounter this problem ? I'm seeing the same with lsof (I'm on Debian, too). But when I stop mysql, it writes the "mysqld ended" message to mysql.err, not mysql.err.1. If I'm correctly assuming that this message is written by the mysqld process, then it looks like it does reopen the file as soon as it has something to write to it (instead of immediately after getting the flush-logs command). Am I obliged to add a mysql restart in my logrotate config (the debian default contain only flush-logs which doesn't unlink the mysql.err.1 log) ? or is there another wa Looks like it's no problem at all. Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
At 8:39 Uhr -0500 01.01.2002, Keith Elder wrote: This brings up a question. How do you rsync something but keep the ownership and permissions the same. I am pulling data off site nightly and that works, but the permissions are all screwed up. I'm using rsync -aHx --numeric-ids and then protect the root folder on the target machine so nobody can enter it and make use of the wrong ownerships. When playing the thing back it will be correct again. (No problem when copying to another local disk.) chj.
Re: Best way to duplicate HDs
At 8:39 Uhr -0500 01.01.2002, Keith Elder wrote: >This brings up a question. How do you rsync something but keep the >ownership and permissions the same. I am pulling data off site nightly >and that works, but the permissions are all screwed up. I'm using rsync -aHx --numeric-ids and then protect the root folder on the target machine so nobody can enter it and make use of the wrong ownerships. When playing the thing back it will be correct again. (No problem when copying to another local disk.) chj. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
Use cpbk or even better rsync (cpbk is problematic with large filesystems because it takes much memory to hold the tree info - rsync does the same with less memory needs). They (allow to) only copy the changed parts of the fs and keep old versions of altered files. chj.
Re: Best way to duplicate HDs
Use cpbk or even better rsync (cpbk is problematic with large filesystems because it takes much memory to hold the tree info - rsync does the same with less memory needs). They (allow to) only copy the changed parts of the fs and keep old versions of altered files. chj. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone running netatalk-1.5preX on potato?
FYI: I've +- managed to build the thing, building and installing libdb3 was needed (strange it didn't require that) but this overrides db2 files that are part of glibc from potato. The resulting binary starts, but doesn't accept connections from macs. So I'm playing with 1.4asun again :-/ . chj -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Anyone running netatalk-1.5preX on potato?
Hello Because I've had rather bad experiences with netatalk1.4*asun (under linuxppc) I'm currently trying to build the netatalk source package from unstable (the binary relies on the newer glibc from woody so I don't want to use that). There seem to be some issue with the txn_begin function (apparently from which seems to be from berkeleydb 2 in my case). Has anyone built this thing? Any good/bad experiences in practical use? Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
