RE: Debian for ISP
> -Original Message- > From: Jacob S [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 16, 2004 11:40 AM > To: [EMAIL PROTECTED] > Subject: Re: Debian for ISP > > On Tue, 16 Nov 2004 09:15:24 -0700 > Omar <[EMAIL PROTECTED]> wrote: > > > Hello all, > > I have just took over a network for an ISP that is running Debian, I > > am used to > > using Cpanel/Whm and now I have to use the CLI. > > > > The ISP also provides Hosting services and it uses dbdns 1.03, > > tinydns, xfrdns, I am having problems with tinydns, as I use the > > add-ns and it worked for 4 domians, and then I can't add anymore? Is > > there another way around it? > > > Try editing /service/tinydns/root/data with a text editor. It's not that > hard to figure out: > Lines starting with + is the equivalent of Bind's CNAME > Lines starting with = are host declarations > @ lines are for MXs > ' for txt records > . and & for dns records > (More info available at http://cr.yp.to/djbdns.html) > > After you're done editing the file, run 'make' from inside the > /service/tinydns/root/ directory. > > > Also I am thinking of installing webmin, so I can configure everything > > over the web, if I do install it, will it recognize the current > > system, and the current settings or will I have to take things in > > manually. > > I believe there's a webmin module for djbdns somewhere. A google search > should be able to find it. > > HTH, > Jacob check out http://www.vegadns.org/ for dns management with djbdns... Its does the job pretty well. .darrel. -- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.269 / Virus Database: 265.3.1 - Release Date: 11/15/2004 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Value of backup MX
Quoting Steve Drees <[EMAIL PROTECTED]>: > John Goerzen <> wrote: > > I'm looking at redoing my mail setup due primarily to spam filtering. > > Over at http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/multimx.html, > > they are suggesting not to use redundant mail servers unless needed > > for load balancing. > > This is poor advice. > > > > It seems to make a lot of sense to me, but it seems too that I must be > > missing something. > > I'd suggest having a backup MX but make sure you have all the filtering at > your backup that you have at your primary. > Definately agree... My MX's do all of my mail scanning. They are several ways to keep them in sync. I keep all my configs in a mysql database on my mailstore that is replicated to my MX's, I'm sure everyone has their preferred method of doing this. I chose my setup, because I do lots of mysql development. Someone mentioned the backup MX being out of sync... They don't have to be in perfect sync, a backup MX could have a bayes databases a day or two behind, or not be accepting mail for a few new customer and it would not bother me a bit, but a backup MX handling bounces or queing up tens of thousands of emails to hammer my mailstores(or in your case primaryMX) when they come back online, and using my resources to assist a spammer or DOS an innocent bystander is unacceptable. -- Darrel O'Pry Systems Administrator Thing.net Communications, LLC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: nscd: Was Re: long delays with LDAP nss/pam
I've will agree with this whole heartedly. I've moved to using local dnscaches on most my smtp servers, and webservers that do DNSLookups with my network network dnscache acting as a root server for them. DNS traffic to and from my network has significantly dropped, along with request to my network caches. Just have to flush them every once in a while when I'm working on DNS. Admittedly it took a little while for me to get used to djbdns, but with djbdns + VegaDNS(http://www.vegadns.org/) by Bill Shupp I spend very little time on DNS related requests/problems. The changeover from bind only took me 3 days, and everything has been up and running without trouble since. I've even been able to offload dns management for my colo clients through VegaDNS. .darrel. > -Original Message- > From: martin f krafft [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 28, 2004 12:11 PM > To: [EMAIL PROTECTED] > Subject: Re: nscd: Was Re: long delays with LDAP nss/pam > > also sprach Russell Coker <[EMAIL PROTECTED]> [2004.10.28.1520 +0200]: > > Run named on localhost. > > What an extraordinarily bad advice, IMHO. BIND is too much a piece > of crap. > > I really suggest djbdns. I know, it's nonfree. But it's damn good. > > -- > Please do not send copies of list mail to me; I read the list! > > .''`. martin f. krafft <[EMAIL PROTECTED]> > : :' :proud Debian developer, admin, user, and author > `. `'` > `- Debian - when you have better things to do than fixing a system > > Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! > > -- > Incoming mail is certified Virus Free. > Checked by AVG Anti-Virus (http://www.grisoft.com). > Version: 7.0.269 / Virus Database: 264.12.4 - Release Date: 10/27/2004 > > -- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.269 / Virus Database: 264.12.4 - Release Date: 10/27/2004
RE: Defining ISP?
Well I guess I'll try to start a discussion about what would be needed for an ISP distribution, and present a basic primer to how I run my systems as an example of needs or things to keep in mind developing an ISP distribution that can meet a wide variety of needs. I think it might be easier to develop and maintain ISP specific meta-packages, as Ben Lisle suggested? Would he be willing to put his existing meta-packages on the open market for community review and maintenance? Meta-Packages that reflect my deployments would include: Qmail-MX-scanner (options for NFS, local, and qmtp delivery) (vpopmail, djbdns, qmail-scr, qmail-scanner, spamassassin, ClamAV) Qmail-mailstore-admin (vpopmail, mysql, qmail-src, apache-ssl, vqadmin, qmailAdmin, qmailMrtg) Qmail-POP/Imap(options for delivery from localhost or nfs) (vpopmail, qmail-src, courier imap, imp/horde) listserv-exim ( exim4, mailman, majordomo, majorcool, mhonarc) listserv-qmail( qmail, mailman, ezmlm, majordomo, majorcool, mhonarc) Webserver(apache, suPHP, fastcgi, mod_perl, mod_ssl, zope/plone, awstats, ) MediaServer(icecast2, Darwin, Helix) DNS-primary (djbdns, VegaDNS, mysql) DNS-secondary (djbdns) Radius-primary (freeRadius, DialupAdmin, mysql) Radius-Secondary (freeRadius, mysql) Admin-backup (mysql, rsnapshot, phpMyadmin, snort, mrtg, spong ) One advantage of an ISP specific branch of Debian may be a quicker release cycle since, hopefully, it will depend on fewer packages, and the bug squashing will be easier. The slow release cycle has been the biggest problem for me as a systems administrator. It is difficult to keep your product line up to date and services up to date, when you are working with outdated packages. I finally gained enough trust in testing and moved over most of my production servers which has alleviated this problem, but I expect I will have it again in a year or two. Other expectations I would have of an ISP friendly distribution of debian would be a cluster friendly file system layout, and a set of shell scripts for managing users, ftp, and web accounts. Currently I use a layout along the lines of /var/www/domains/a/adomain.com/, /var/www/usersite/u/username/, /var/media/qt/a/auser, /var/media/real/a/user With symlinks from the users home directory ~/domains/adomain.com -> domains owned by user, ~/public_html->usersite, ~/media/real/ -> real server content dirs, ~media/Darwin/ -> Darwin content dirs I only have to provide shell access on particular servers and users can manage data for all of their services via nfs or your shared file system of choice. I do not have a central authentication architecture in place, currently, just keep uids/permissions etc in line across servers via shell scripts && ssh). I haven't clustered anything besides my mail services yet(still trying to figure out how to best implement everything), but I am currently looking into LVS, and looking for a good low-budget filer/nfs setup to start-with. I think it is something to keep in mind for allowing ISPs to have an easy expansion path to meet growth. I'm sure there are people out there with better method of implementing this, or maybe better ideas about going about this kind of work, but this seems to work pretty well for my small ISP, but I'm relatively in experienced at this job and kind of hack it together as I go to in attempts to keep legacy customers happy, provide the widest possible base of services and options, keep up with current applications, and make an attempt at maintaining the security of my network. Any feedback, ideas, or suggestions are greatly appreciated. .darrel. > -Original Message- > From: Jonathan G [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 16, 2004 6:12 AM > To: [EMAIL PROTECTED] > Subject: Re: Defining ISP? > > Well, we can start reading the following documents about how to create a > CDD (Custom Debian Distribution): > > - http://wiki.debian.net/index.cgi?CustomDebian > - http://alioth.debian.org/projects/cdd/ > - > http://people.debian.org/~tille/debian-med/talks/paper-cdd/debian- > cdd.html/ > - http://people.debian.org/~kalfa/cdd/debian-devel > > > BR, > > jonathan > > > > shift wrote: > > hej J. > > > > Me I'd like to be in it. > > > > shift > > > > > > - Original Message - > > From: "Jonathan G" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, September 15, 2004 12:42 PM > > Subject: Re: Defining ISP? > > > > > > > >>I would be so please with the help of the phorun to propose open a new > >>branch into the Debian community dedicated to ISP. > >> > >>Whom of you're interested?? > >> > >>BR, > >> > >>jonathan > >> > >> > >> > >> > >>shift wrote: > >> > >> > >>> The idea seems still interesting to me 2 days after the week-end! > ( Did > >>>some definitive dammage happen? :) > >>>I imagine an install, giving possibilities of Raid, backup, replication, > >>>netwo
