RE: Forced DHCP setup
Hello! El mié, 30-10-2002 a las 15:59, C. R. Oldham escribió: ... > It is possible, in hotels that have broadband in rooms, and on some > university campuses I've been too they have a DHCP server setup to serve > addresses from a private block. On that network there is a webserver ... > > Sorry, I don't know of any opensource packages to do this, but it > shouldn't be too hard. Last week I sneeked through and anouncment of an OpenSource "authentication server", which seems to do just this. However, I'm not very helpful, because I cannot remember exactly what was it's name ... coming back to the original question: > Of course, unless you setup your routers to block packets based on MAC > address this won't prevent someone from "guessing" a valid IP and > setting it up static. ... At UNI we will be using IRM to register MAC/IP/hostnames and use a script (I think it is some lines of perl) to create the dhcpd.conf and tinydns-data files for DHCP and DNS. Of course, iptables rules should be easy to create (as well as bind zone-files) too. This way, we just register a new computers MAC, it's user and hostname an asign it an IP number. Rest will be pushed into the systems configuration. However this does not tie a user to his/her computer... Best Regards, Jorge-León P.S.: If you ask for the scripts, you'll have to contribute! They are just not there by now... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Qmail/Postfix/Sendmail for fastest outgoing mail
Hello! I remember, that sendmail, exim, and others have queuing strategies, that try to minimize the number of remote conections. El lun, 25-11-2002 a las 07:00, Craig Sanders escribió: > On Mon, Nov 25, 2002 at 11:37:58PM +1100, Jason Lim wrote: > > > nope, because postfix has no way of knowing that they were > > > originally the same email(*). postfix has been handed 10 individual > > > emails by qmail, so it will deliver 10 individual emails. > > > > Mmm... but, for example, if it scanned it's queue every 30 seconds, > > for example, it could then combine them together? > > nope. For example at www.exim.org you find the following paragraphs: SMTP batching When an SMTP delivery attempt fails, causing the message to be deferred till later, Exim updates a DBM database that contains records keyed by host name plus IP address. Each record holds a list of messages that are waiting for that host and address. When an SMTP delivery succeeds, Exim consults the database to see if there are any other messages waiting for the same host and address. If it finds any, it creates a new Exim process and passes it the open SMTP channel and a message identification. The new process then delivers the waiting message down the existing channel and may in turn cause the creation of yet another process. Any other waiting addresses in the message are skipped. The maximum number of messages sent down one connection is configurable. This scheme achieves some SMTP efficiency when a number of messages have been queued up for a given host, without the overhead of a heavyweight queueing apparatus. --- > > Nope... not running ezmlm at all, just a lot of CGIs (through > > web/Apache) sending emails. Actually... I wonder... is there any > > drop-in replacement for /usr/sbin/sendmail that would just dump the > > emails to another server for actual sending? This should not affect > > receiving email in the least (hence minimize disruption) but would > > need to be able to dump the emails at a high rate. I'm not sure if > > there is such a thing though. In your scenario you could forward the messages to the mail-sending box via the QMTP protocol provided by Qmail. On the Mail sending box you just receive via QMTP and hand it over to Postfix or whatever you decide to use for outgoing mail. QMTP is loots faster then SMTP. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
Hello! El mar, 19-11-2002 a las 17:07, jernej horvat escribió: ... > I have a question about djbdns - can i have one control file for all > IP's/interfaces that i have on one system ? ... You can configure env/IP to 0.0.0.0 so it will listen on _all_ interfaces. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS servers
Hello! Wow, man! this thread is already quite worn out. I love to read Craig Sanders for some three mails about some topic, but then it get's boring, Is there a tarpitting filter for Evolution somewhere? El mar, 19-11-2002 a las 16:17, jernej horvat escribió: ... > > If only djb's sw would be free so ppl could just download a binary package > for their OS. (i would love to type 'apt-get install djbdns' one day) You found already Gerrit Papes place, it is a standard in my sources.list, no! as it is freely distributable we have a mirror at debian.uni.edu.ni. People _can_ just download binary packages, although I only know about i386 and some of them for hppa and alpha architectures. You cannot redistribute modified source, but you can distribute standard source, patches and a script to weld them together in place. This is, how the "official" qmail-installer and djbdns-installer packages in debian are create. That is, as far as I can tell, all about the difference between Free Software and DJB-Software. DJBDNS is very fast and easy to install: I needed a dnscache this week for a cs-class lab and did it from the sources downloaded from the original place with compiling, installing and configuring in about 15 minutes (have practice though). Also, I got used to the /service/ and /package directories of DJB's Software, and they live peacefully together with /etc/rc*.d on each of my servers and workstations. It is handy to have either and the other option, for whatever tasks you have to acomplish, and todays Harddisks ( >300MByte ;-) allow you to have both types of Software running. Hope that makes sense for and encourages courious people to look at it. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: traffic shapper.deb
Hello! El lun, 16-09-2002 a las 13:58, Thedore Knab escribió: > I was wondering if anyone is using shaper.deb to manage bandwidth. I am using it on the National University of Engineering at the Border Firewall. The kernel used is 2.4.7 or 2.4.18 as far as I remember (from 100km distance). Until now I had no known problems with it ;-) Best Regards, Jorge-León
Re: traffic shapper.deb
Hello! El lun, 16-09-2002 a las 13:58, Thedore Knab escribió: > I was wondering if anyone is using shaper.deb to manage bandwidth. I am using it on the National University of Engineering at the Border Firewall. The kernel used is 2.4.7 or 2.4.18 as far as I remember (from 100km distance). Until now I had no known problems with it ;-) Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Procmail losing messages
Hello! On Tue, Aug 20, 2002 at 01:05:03PM -0400, Gene Grimm wrote: > For some reason, procmail seems to be sporadically losing messages into thin > air. Only a few messages are being lost, but they are important messages (as ... Not that this has necessarily to do with it, but safecat's author claims, that procmail's (relatively recent) Maildir delivery feature is not really save. Be sure that mailbox locking does not fail also. Best Regards, Jorge-León
So ... Re: Maildirs in Debian
Hello! It was a very interesting discussion about Mail Storage efficiency and finally made me look into ext3 and reiser - very cool. On Mon, Aug 05, 2002 at 05:15:55PM -0400, Loren Jordan wrote: ... > problems. This pine package also supports maildirs. The stock build of > Pine does NOT, last time I built it from scratch. > http://www.braincells.com/debian/sid/pine/ ... So I would like to come back to the primary issue: I would like to get a couple of people from here supporting a Debian Policy Proposal, where a standard way of expressing the installers preference about mbox or Maildir inbox delivery (system mailbox) gets drafted. If there is no better proposal it could be simply a file: /etc/default/maildelivery which could just contain one of the verbs: Maildir mbox MH Any packages treating with system mailbox handling, should use the first word in the first line of this file, to determine how to configure themselves. Now: I suppose the proposal should be acompanied by a transition guide, where all configuration issues with the most standard/frequent packages are treated. If anybody is willing to help get this going, please mail me off-list. Thanks in Advance, Jorge-León mailto:[EMAIL PROTECTED]
Re: Maildirs in Debian
Hello! On Fri, Aug 02, 2002 at 09:06:07AM +1000, Jeff Waugh wrote: ... > There are plenty of reasons to not use Maildir, too. ... On Fri, Aug 02, 2002 at 09:26:29AM +1000, Jeff Waugh wrote: ... > No. I use maildirs on my IMAP server and mboxes on my desktop because they > are appropriate to each. They operate very differently, and have pros/cons > for different uses. ... Please elaborate on the disadvanteges of having Maildir as system mailbox. Regards, Jorge-León
Re: Proftpd+SSL/TLS!!!
Hello! On Thu, Aug 01, 2002 at 02:32:01PM +0200, Jones Down wrote: ... > My alternative is to use ssh, there is a really beatiful win-prog to > use scp, looks like mc, can be found here: > > http://winscp.vse.cz/eng/ > > but then again you should setup a chroot environment, because it´s > still not possible to restrict access to a directory with ssh as > tight as with some ftp-servers, because ssh needs some libraries and > stuff, so there will be always more then just one upload-dir to see > for the users. Also don´t forget, that with ssh you users have a full > shell account, so building that jail should be done with real care. In > most cases it´s more than you want to give them - what again makes me > cry about missing ssl in proftpd :( ... Ssh version 2 allows you to restrict access to an account, to only use on specific command, via the private/public key. There is on example I know of: "anonymous access to CVS via ssh", which could be used as a reference, search for it at the CVS sites. This enforces you to use public/private keys, which is good practice anyway. You can issue/setup personal keys for individual users, and you can generate a key for "anonymous" access, which is a small file (the key) which you put publicly on a web page and anyone who wants to access your repository downloads the file and tells it's secure-shell client to use it as ID when to connect to the server. I have read once, that the ftp-subsystem of SSH (sftp) opens security wholes, but do not know why, I leave it disabled in my setups. On the other hand, there is stunnel, which allows you to create an ssl tunnel for any server/client pair. If this is not possible for proftpd for any tecnical reason don't tell me, I don't install ftp servers. Best Regards, Jorge-León
Re: Linux box
Hello! On Wed, Jul 31, 2002 at 09:15:53PM +0200, Riccardo Losselli wrote: ... > I know it will never be like bgp, but it still better than nothing at > all, or not? I don't know bgp at all, but I cannot believe it's easier than the following: One Linux Router, three network cards: 1- nothing stops you, if you have two or more IP-segments on the same physical network. - connect net1 and net2 either directly or via a switch, or whatever. 2- Use some old unuseful box and plug three NIC into it: eth0 to the joint networks 1 & 2 eth1 to link 1 eth2 to link 2 3- give eth0 two IP numbers, one as gateway in net1 and one as gateway in net 2 4- route net2 to ipalias1 and net1 to ipalias2 on the linux box. 5- use other recomendations (policy and metrics) to route default packets to eth1 and eth2 respectively. 6- Internet Mail has it's own "failover" mecanism. Put a "proxy"-mailserver on net1 and the "real" mailserver on net2, declare mx1 with priority 20 and mx2 with priority 10 for net2 in the DNS - Or vice versa. Do the same (or vice versa) for net1. 7- DNS has it's own "failover" mecanism. Talk to your DNS-superior and tell him/her that dns1 (from net1) and dns2 are nameservers for net1 and also for net2. If any of the two links fail, the server in the other "net" takes over the task. External clients will occasionally fail, because they try the higher priority MX first, the lower only when the first is not reachable. DNS-servers for a domain are handed out "arbitrarily" anyway, if one is not reachable, there is a 50:50 chance a client has to try two times to get an answer. Use one server with IP alias for net1 and net2 if you are keen or lazy. Client computers with sensible OS's can route more then one network to the same NIC, take advantage of this. Best Regards, Jorge-León
Re: Maildirs in Debian
Hello! On Wed, Jul 31, 2002 at 12:08:14PM +1000, Donovan Baarda wrote: ... > > My understanding was that the Maildir patches for the c-client libraries > > (affecting the UW imapd and Pine) were not very stable. Furthermore, as People using non-Maildir functional Software wouldn't need to migrate if they didn't want to. It seems to me, that almost anybody running imap uses Courier, which only happens to work on Maildirs. ... > I think that having a debconf option to pick which you want would be great. > Failing that, a migration to pure maildir would probably be good, provided > the migration could be handled transperantly. ... Some steps I remember: - Change /etc/login.defs to use: QMAIL_DIR Maildir/ #MAIL_DIR/var/spool/mail MAIL_FILE Maildir/ This only works for shadow-suite logins, MAIL_FILE is for MH, but aparently login does not work correctly and so it is needed as a workaround. These set the MAIL environment variable, which is used by console based clients (mutt), most grafical clientes ignore them :-[ - Change the default delivery method of the MDA. procmail (standard?) can deliver to Maildir, but I don't know how. The author of "safecat" states, that it does not do it correctly in the sense of failure safe file creation, so safecat is an alternative. The binary Qmail packages need to comply with the "standard delivery method" of the target system by License, so they deliver to /var/spool. It has to be re-configured to the original Maildir delivery method, which are two steps: 1- make it use a "defaultdelivery" configuration file, 2- change the "standard" defaultdelivery to use Maildir instead of procmail. Can't tell about other MTA's. For those still here with me, I write this stuff also to show, that it is quite a hassle to get a Maildir compliant system working with Debian, and it need not be so. Best Regards, Jorge-León
Maildirs in Debian
Hello! I just want to sense the environment about a to be proposed Debian policy change with respect to mail handling. Maildir delivery has lots of advantages over mbox spools, but the latter is the only standard. Almost all M*A's support both standards. It would be a big relieve, if one could chose either of them at some moment, and this choice would be recorded, let's say in /etc/default/maildelivery The M*A packages could sense this file and configure them accordingly, or refuse to install if they cannot work under the required delivery scheme. Best Regards, Jorge-León
Re: Newbie: Is there a basic Debian-for-ISP HOWTO?
Hello! On Mon, Jul 29, 2002 at 01:48:57PM -0700, Angus Scott-Fleming wrote: ... > What are your problems with qmail? What do you like about the > Postfix comm. that QMail lacks? Not trolling for flamewars ... My personal experiences: Sendmail - cryptic macro language Exim - delightfull relieve from it Qmail - I learned finally what Email is, because I did not have to focus on implementation quirks and complexity. Qmail is lightweight and secure and until now has scaled to *any* machine I installed it. From 486 "home"-computers with dialup links to big mailservers. I use it now on all machines I manage, to simplify the configuration tasks. My recomendation, Gerrit Pape's unofficial binary packages: www.smarden.org/pape You can also download unix-ised versions of the documentation in .deb form there. > XX> A recurring comment in the mailing list moderators mailing > > list is that djb ignores a number of standards. Which > > aren't specified. > > Anyone here have any insight into what djb's failure-to-hew- > to-standards might be? Same thing as with Qmail. Learned it in one day (had never managed a DNS before), installed it and since then it works. My neighbourhood DNS's, (subdomains, secondaries) use Bind and it's pure trouble to maintain. There is a lot of information about djb supposedly to be non compliant, and what's the answers. Look at "www.djbdns.org" first, and then look at the "faqts" and Jonathan de Boyne Pollard's Frequently Given Answers. About License: Both programs are free to download and use. The redistribution in binary form is limited. In case of Qmail restricted to obey certain installation criteria. You can however do anything on your network with the software what you want. The programms are very small and compile in just no time. I spend less time in patching and recompiling Qmail then in installing other debian packages, and it can be done almost completly without shutting down the services. About having to DJB-anize the computer: DJB's programs have their own infrustructure, which is very clean and logical. It does not waste lot's of space and costs you only thre new top-level subdirectories: "service", "command" and "package", with which, by the way you have almost nothing to do anyway. I doubt that somebody can't bare with this today. --- Now about the initial question: Qmail supports virtual hosting natively. Qmail supports Maildir delivery natively. User managment goes via /etc/passwd or via .cdb databases LDAP user databases is a patch which can be found via www.qmail.org POP3 servers for Maildir databases are standard, as are IMAP (Courier). I have used both of them without problems. For mailing lists I use Mailman, although I do not have lots of users or traffic. Best Regards, Jorge-León
Re: ispman: pam/ldap+flat files
Hello! On Wed, Jul 17, 2002 at 09:40:23PM -0400, Chris Zubrzycki wrote: ... > I am brand new to openldap though. I set up ispman, and can use it to > add domains and such, but I am not sure how to add ldap to the pam > files so that it checks for local accounts, and if none, it then checks > ldap. I saw some sample conf files on the net, but they did not come > with any documentation. Initial PAM efforts had good documentation, afterwards it seems that people had just been hacking up additional modules for it. I will include my /etc/pam.d/login file here: - # Authentication: try unix first, then LDAP if that fails # Deny globally (maybe) authrequisite pam_securetty.so authrequisite pam_nologin.so # Make it look pretty authrequiredpam_issue.so authrequiredpam_env.so # Autenticate authsufficient pam_unix_auth.so authsufficient pam_smb_auth.so use_first_pass authsufficient pam_ldap.so use_first_pass ignore_unknown_user authrequiredpam_deny.so # Note: ldap says it does not know unknown users, this reveals that # fact to the person logging in. So we let them fall through and # fail. This way we also myeld a homogeneos look to the user. # Account: try unix first, then LDAP if that fails account requisite pam_access.so account sufficient pam_unix_acct.so account requiredpam_ldap.so # Session: issue message of the day, show the users mail # doubt that this works with Maildir # Only for Home-Servers sessionrequired pam_mkhomedir.so # More messages to the user sessionoptional pam_motd.so sessionoptional pam_lastlog.so sessionoptional pam_mail.so dir=~/Maildir/ empty # Notify the sysadmin about the session - syslog sessionrequired pam_unix_session.so -- Note the difference between the authentication and the "account" step. The first establishes, if a) any user is allowed (at this time, from that host, etc.) b) if the user does prove to be him/her to his/her account (authentication) The second step checks, if the user (now authenticated) is allowed to access his/her account (at this time, until payment ...) The "session" (setup) step, does not involve ldap and is not supported either, although principially it could be nice too. However note, that there exist other approach to Autentication databases to, nsswitch! With the following setup: -- # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: files services: files ethers: files rpc:files netgroup: nis --- you make some programms check first the /etc/passwd file to see if it finds the user, and then the ldap database. This is very nice, because you can autenticate root, and some "local" users, even if the ldap server does not work, or the network connection gets lost. I have both aproaches on my home-network, and the sad thing about it is, that actually Debian is not consistent about either, so things do not always work out well (to save the honor of Debian: at my knowledge there is no system which works consistently). > > Could anyone point me to some good resources to get me going? I prefer > online for the moment, I am planning on getting a book or two later. ??? Hope this Megamail helped something out. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RBL - Back to basics
Hello! On Sun, May 05, 2002 at 08:33:37AM -0400, Gene Grimm wrote: [...] > Alot of people will resist this if it means replacing every mail server > on the Internet, or even just the mail software on every Internet mail > server. This has to be a revision compatible with the existing SMTP > protocol or trying to implement this will cause catastrophic damage to > the Internet mail infrastructure far worse than SPAM. If you want an efficient and flexible Email system without Spam you won't be using old protocols. Every day new networked aplications are developed and people rush on them if they are good: If it's easier, more secure, faster and costs less you will opt to use it. Look at gopher, ftp and telnet: My clients all have clients to use ftp and telnet servers, but my servers do neither have ftp nor telnet servers installed, we use better ssh, rsync, scp and http for the corresponding tasks. No need to replace SMTP service, it will just fade out, and every sysadmin will be happy about it. [...] > > - Transmission of the message contents has to be initiated by the > > receiver, not by the sender, to allow beforehand trust/cost > > negotiation between the two parties: actual Email always puts the > > cost on the (helpless) receiver. > > How can this be possible when the recipient can't possibly know when > someone wants to send him something? Even if the protocol were to allow [...cut out interesting discussion...] My intention is not to start a discussion about an alternate Internet Mail on the debian-isp list, so I won't answer the questions on the list (I'll do personally though), but I encourage anybody who is interested to sneak into the corresponding discussions - im2000 mailing list is available, and just to give it a skim look at Clemens Fischer's Wiki http://wiki.haribeau.de/cgi-bin/wiki.pl?ProjectIM2000/ And on my homepage http://www.magma.com.ni/~jorge/ Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RBL - Back to basics
Hello! On Fri, May 03, 2002 at 10:34:09AM +1000, Glenn Hocking wrote: > Hi again > > Really the comparison between rbl lists is academic. It is good that > there are many different and evolving systems to block spam accordingly > with different success rates. > > However from a 'email service provider' point of view (as per my > original email) I do not wish to block ANY legitimate email. The more > spam that is bounced the better BUT my requirement is purely 'If it > blocks legitimate email, the rbl is useless'. > ... Let me resume, what means do we have, to fight spam: First: some users kind of want Spam, they don't want that any kind mail directed to them be restricted, even unsolicited comercial Email, but we (the sysadmins) don't want this to be Email-avalanches like dictionary attacks. We can check at least, if the user-account mail sent to exist, at an early stage before we accept the Email, so bounces do not occur on our server (never have seen this - anybody has this implemented in Qmail? :-) Second: we can do contents (and credibility) analisys, a la spam-assasin, and this way decrease our users incomfortability with manual mail sorting, because we have marked the majority of Spam-mail for them. The charge is on us. Third: Fight spam propagation. On the supposition, that Spam-mail never comes alone we encourage our user to report a Spam-message to a database, where a checksum is drawn and published. We further do not accept messages with a checksum found in the database: Vipul's Razor. This includes yet loosing messages. Fourth: Some forms of spam take advantage of flaws in the SMTP protocol, open relays, forged sender addresses, etc. We can decide to negate Email globally from servers who allow abuse of the flaws - RBL. The ones I heard from are: - remote host is known to allow spammers to use it (most RBL's) - remote host is an open relay (ordb.org) - remote host has no account or address where to complain about spam or other problems (www.rfc-ignorante.com). The RBL-method tries to educate the remote sysadmin to watch it's setup and control it's users. Fifth: We can decide to negate email from invalid senders. (Don't know if "global" sender validation exists inlined into the mailserver). However there are e.g. Mailing lists, where you have to reply to a subscription notification to activate your subscription - the purpose is, that the receiver checks if Email to your supposed (return) address really get's through to the person who send the initial request. TMDA - Tagged Message Delivery Agent is a method which brings this feature to anybodies Mailbox. The user can have a Blacklist of unwanted sender adresses, a Whitelist of sender addresses which just should pass through, and everyone else is requested to confirm manually any Email sent supposedly upon her/his name. While I think, that the last one is the smartest way of doing things for the end user, as spam with forged reply addresses will end up in the trashbox, without ever touching the users or sysadmins mind, it also burdens the system, and the whole Internet Mail infrastructure. The RBL-method is surely the one, which raises the most discussions on a social level, because it includes pointing at somebody with the finger "you are bad", and we all know that the most dificult and ambiguos is to divide good from evil. Vipul's Razor could suffer the same destiny, as it grows, because it involves public exposition of personal judgement, although it is somewhat more dificult to abuse then RBL. Anyway, I do not see a lot of gain from discussing improvements to the RBL-method and the like, as they are "social-patches" to a design flaw of message delivery. Better cure the problem, not the symptoms. There are several projects which discuss a substitution of traditional Email with a more modern infrastructure, and I think it is time to spent effort on pushing this forward and stop loosing time with preventing what's inevitable - abuse of SMTP. Personally I just enlisted in one of these projects - im2000 - http://cr.yp.to/im2000.html, which aparently has been kind of sleepy during two years, but actually is kind of awakening. To prevent Spam (really), an Email system has some criteria to fullfill, I will point out some of them here: - Sender and Receiver Identity have to be verifyable by the underlying protocol. - Transmission of the message contents has to be initiated by the receiver, not by the sender, to allow beforehand trust/cost negotiation between the two parties: actual Email always puts the cost on the (helpless) receiver. - User configurable comercial advertisment: An Email user shall be able to allow advertisers to send o
Spamassasin over RBL, was Re: rblsmtpd -t?
Hello! while not having much experience on this I'd like to comment. On Wed, May 01, 2002 at 11:39:55PM -0400, [EMAIL PROTECTED] wrote: ... > > Is the load from all those rblsmtpd process bigger than accepting the > email | procmail | spamassassin? I've no idea how many times > the typical spam tries to get through before it dies. > ... A receiving SMTP server has a number of maximum allowed SMTP sessions. RBL-lookup can delay each out of these conections, which slows down total processing time of an Email (if accepted), but as it is in-line with the incoming mail-flow has a limited resource consumption on your machine. procmail/spamassasin process mails yes "inside" the server, I just give you a made up example: 60 Mails incoming per Minute, 5 seconds average Spamassasin procesing time per Mail => 60-12 = 48 Mails per Minute piling up on your incoming mail queue = 48 new Spamassasin processes per Minute consuming your resources. While RBL throttles Mail Flow (and spares Disk space) thus protecting you in advance, Spamassasin puts the load on your side. The rblsmtp binary in my ucspi-tcp_0.88-3_i386.deb package has 24284 Bytes, procmail 65500 (and one more library then rblsmtp libm). Spamassasin needs perl - although spamd/spamc only needs it once. Seems one has to weigh cost/benefit. Of course, one could set up two servers - one which only manages the incoming mail flow and queues it, and a spamfilter server behind, which filters and does the final delivery. The first could be low-profile, the second would be HIGH profile :-) Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BIND9 MySQL SDB
Hello! I know that this does not directly answer your BIND9 Question! On Mon, Apr 22, 2002 at 11:27:24AM -0300, Auro Florentino wrote: ... > My priority is to cut off the shell access to non-administrators (like support >people) to modify or delete zone or records on BIND9, and to integrate our platform >on DataBase Schemas (like mantains all our information on a storage database). > > Any ideas? ... Around djbdns http://cr.yp.to/djbdns.html, there are some very creative solutions to DNS and Database Backends http://www.djbdns.org/. An advantage of djbdns over BIND is, that you do not have to restart, or reload zones when you change them. It is also simple to automatize tasks, like actualize DNS zone data, with simple shell scripts which can be run sudo'ed for security. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: network cabling management
Hello! On Wed, Apr 17, 2002 at 04:42:19PM +0200, Tommy van Leeuwen wrote: > Hi, > > What kind of tools are you using for network cabling and patches > management? We've tried txtfiles, acessdatabases and such but we're IRM is quite of alpha, but it should be simple to expand it. It uses a mysql database (or postgresql), and you enter a inventary of Computer and Network (hubs, routers) equipment via a php driven webpage. You register each "port" of each equpment. It is easy to enter the number of ports of a hub and to labelk the ports. Then you inter-"connect" the "ports" to another equipment of your choice. It also has a kind of help-desk/work-order managment. It's easy to install, test and ;-> de-install Best Regards Jorge-León P.D: cite ... More information can be found at the IRM Website: www.redshift.com/~yramin/atp/irm or at the mirror site: irm.schoenefeld.org. ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Email header parser?
Hello! On Sat, Apr 13, 2002 at 10:09:20AM +0300, Jarno Elonen wrote: > Hi, > > I'm building a set of scripts to archive email messages in a custom way. > > Do you know of any better shell tools for extracting from, cc, subject etc. > >from the headers than procmail/formail? look at http://cr.yp.to/mess822.html ... > formail but would generate a shell script snippet that, when evaluated, sets > environment variables like $FROMNAME, $FROMADDRESS, $SUBJECT, $REPLYTO etc. I think you'll have to script around to get it suppose the messages is in "mess": FROMNAME ? FROMADDRESS=$(822field from < mess) SUBJECT=$(822field < mess) REPLYTO=$(822field reply-to < mess) etc. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: export account profile from file to ldap
Hello! On Thu, Mar 28, 2002 at 12:51:30PM -0600, José A. Guzmán wrote: > On Mon, Mar 25, 2002 at 09:46:49AM -0600, Georg Lehner wrote: > > > as I found they harmed > > use of ldap in nsswitch and samba-ldap autentication (but I may be > > wrong). > > How come? > > I've used them to migrate passwd/shadow into LDAP with no problems > at all. > To be more specific and exact, the problems encountered have nothing to do with libpam-smb or libpam-ldap. I use samba recompiled from the Debian-Source Package (about two months ago), Version 2.2.2debian-2 but with the LDAP-support compile switches on. To create a user account I do the following: 1) Create a unix account "x" on a main server 2) port it to LDAP 3) do smbpasswd "x" smbpasswd (this is the LDAP-modified version), fails, when it encounters for example an "objectClass=mailRecipient" attribute in the recently created LDAP entry. It simply does not find the user in the LDAP database. the migration tools are very generous on creating aditional attributes like kerberos name, mailname, Internet org person and the like. I suppose that if my slapd - server does not include the corresponding Schemes, there can be trouble in retreiving the information correctly, but never digged really into the problem. In my modified migration script I cut out what seemed "disturbing" the process, although today in the morning I stumbled again over the "mailRecipient" with a new account. Samba and LDAP allows me to overlap Windows NT Domain accounts with Unix accounts (shared by autofs) on the whole network. Only problem remaining is password migration between the different aproaches, which I had intented to solve by using the NT (samba) password for unix-autentication via libpam-smb. BUT I do not like it really, shadow seems more secure to me. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
How fast can Linux-Firewalls be?
Hello! I know that there has been some discussion on the list about this, but I could not find it: What minimum characteristics would a Linux IP Masquerading Firewall Box need, to run a 100 Mbps link without slowing down traffic. What is the maximum bandwidth you can get with a Linux based Gateway/Firewall/Router? What if I use two (three...) outgoing 100Mbps lines? BTW: The Nacional Tecnical University hired me to recently to help propose future ICT Development. With two old Pentium boxes and Debian, I could set up a Firewall and a network traffic watcher within a few hours, thus relieving some tecnical flaws of the University Network. Debian is great! Practically any message on this list has been helping, informative and inspirating. Thanks to you. Best Regards Jorge-León
How fast can Linux-Firewalls be?
Hello! I know that there has been some discussion on the list about this, but I could not find it: What minimum characteristics would a Linux IP Masquerading Firewall Box need, to run a 100 Mbps link without slowing down traffic. What is the maximum bandwidth you can get with a Linux based Gateway/Firewall/Router? What if I use two (three...) outgoing 100Mbps lines? BTW: The Nacional Tecnical University hired me to recently to help propose future ICT Development. With two old Pentium boxes and Debian, I could set up a Firewall and a network traffic watcher within a few hours, thus relieving some tecnical flaws of the University Network. Debian is great! Practically any message on this list has been helping, informative and inspirating. Thanks to you. Best Regards Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Custom boot cd, was Re: Mass installation procedure for Debian?
Hello! On Tue, Feb 05, 2002 at 11:24:27PM -0500, Chris Zubrzycki wrote: ... > very good idea, but I was wonering if anyone one the list has every made > a custom boot cd, with specific packages and a custom kernel > image/modules (xfs support, etc.) ... I have seen various on the debian-cd lists, including a very atractive ready to go solution (a german project), which you can surely find by searching the last four weeks of the archive of the debian-cd list. Two weeks ago I made a working boot-cd myself with the "bootcd" package. First it did not work because the original script asumed a ram-disk to be available before it was mounted. When I started to make a more featured version I ran out of time, but I will continue with it. Mail me privatly if you want the patched bootcd script. Best Regards, Jorge-León
Re: Mass installation procedure for Debian?
Hello! On Wed, Feb 06, 2002 at 08:31:24PM +, [EMAIL PROTECTED] wrote: ... > and run a script to > copy hda to hdc > lilo hdc so that it will boot as hda Can you tell us the lilo parameters/configuration. Did this once in a hurry, but when I swapped hdc to hda it did not work - Lilo got stuck at boottime. ... Best regards Jorge-León
Re: Mass installation procedure for Debian?
Hello! On Wed, Feb 06, 2002 at 08:31:24PM +, [EMAIL PROTECTED] wrote: ... > and run a script to > copy hda to hdc > lilo hdc so that it will boot as hda Can you tell us the lilo parameters/configuration. Did this once in a hurry, but when I swapped hdc to hda it did not work - Lilo got stuck at boottime. ... Best regards Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Custom boot cd, was Re: Mass installation procedure for Debian?
Hello! On Tue, Feb 05, 2002 at 11:24:27PM -0500, Chris Zubrzycki wrote: ... > very good idea, but I was wonering if anyone one the list has every made > a custom boot cd, with specific packages and a custom kernel > image/modules (xfs support, etc.) ... I have seen various on the debian-cd lists, including a very atractive ready to go solution (a german project), which you can surely find by searching the last four weeks of the archive of the debian-cd list. Two weeks ago I made a working boot-cd myself with the "bootcd" package. First it did not work because the original script asumed a ram-disk to be available before it was mounted. When I started to make a more featured version I ran out of time, but I will continue with it. Mail me privatly if you want the patched bootcd script. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix with LDAP smtp authentication
Hello! On Sun, Feb 03, 2002 at 01:53:15AM +0100, Paul Fleischer wrote: ... > I have searched around, but could not find anything related with direct > LDAP authentication, only SASL which too me looks like introducing an > unnecesarry component. Sasl is yet needed for Mutt. You do *not* use Mutt??? > Is there any way to do direct LDAP smtp authentication? Or do I have to > write such a patch myself?? Did you check Pam/Pam-ldap? If your MTA autenticates against Pam you can "just" plug in libpam_ldap. (Did not do it yet!) Best Regards, Jorge-León
Re: unstable is "unstable"; stable is "outdated"
Hello! On Sat, Feb 02, 2002 at 04:55:44AM +0800, Jason Lim wrote: ... > I know that as a company, we could donate a bit of money (with the economy > as it is, not much though), but from what I can see, money isn't really > where the problem lies... it is somewhere else. ... Last Debian Weekly News says that a Maintainer dropped 18 packages out of frustration with the slow pace of Debian 3.0. It also says that this slow pace is because Bugs are simply not fixed. I'd love to become a Debian Maintainer or Bug-Squasher, if I could make a living out of it, whole or parttime. Your company could send me an offer. This is meant serious, although not intended to be an abuse of the list. If companies would a) adopt Debian packages (by inhouse programmers), and/or b) sponsor packages Maintainers, there would be some economic thrive behind the Debian Releases, and it would just be fair, because Debian is thriving a lot of companies, isn't it? Best Regards, Jorge-León
Re: unstable is "unstable"; stable is "outdated"
Hello! On Sat, Feb 02, 2002 at 06:39:46AM +0800, Jason Lim wrote: ... > aspect of their distro pretty good. They are business people over there, > and they know how frequent business users like to have updates, and when ... People here around *only* know RedHat, and it's *the best*, because each half year you can buy a new Version. So I can tell by what I see at others (i.e. not from personal experience) that RedHat a) changes essential issues every time it makes a new version, so on has to learn again, b) uses also some outdated software. I suppose the latter is, to not provoque the dependency avalanche. > critical updates should be released. Your Point, Best Regards, Jorge León
Re: postfix with LDAP smtp authentication
Hello! On Sun, Feb 03, 2002 at 01:53:15AM +0100, Paul Fleischer wrote: ... > I have searched around, but could not find anything related with direct > LDAP authentication, only SASL which too me looks like introducing an > unnecesarry component. Sasl is yet needed for Mutt. You do *not* use Mutt??? > Is there any way to do direct LDAP smtp authentication? Or do I have to > write such a patch myself?? Did you check Pam/Pam-ldap? If your MTA autenticates against Pam you can "just" plug in libpam_ldap. (Did not do it yet!) Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: unstable is "unstable"; stable is "outdated"
Hello! On Sat, Feb 02, 2002 at 04:55:44AM +0800, Jason Lim wrote: ... > I know that as a company, we could donate a bit of money (with the economy > as it is, not much though), but from what I can see, money isn't really > where the problem lies... it is somewhere else. ... Last Debian Weekly News says that a Maintainer dropped 18 packages out of frustration with the slow pace of Debian 3.0. It also says that this slow pace is because Bugs are simply not fixed. I'd love to become a Debian Maintainer or Bug-Squasher, if I could make a living out of it, whole or parttime. Your company could send me an offer. This is meant serious, although not intended to be an abuse of the list. If companies would a) adopt Debian packages (by inhouse programmers), and/or b) sponsor packages Maintainers, there would be some economic thrive behind the Debian Releases, and it would just be fair, because Debian is thriving a lot of companies, isn't it? Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: unstable is "unstable"; stable is "outdated"
Hello! On Sat, Feb 02, 2002 at 06:39:46AM +0800, Jason Lim wrote: ... > aspect of their distro pretty good. They are business people over there, > and they know how frequent business users like to have updates, and when ... People here around *only* know RedHat, and it's *the best*, because each half year you can buy a new Version. So I can tell by what I see at others (i.e. not from personal experience) that RedHat a) changes essential issues every time it makes a new version, so on has to learn again, b) uses also some outdated software. I suppose the latter is, to not provoque the dependency avalanche. > critical updates should be released. Your Point, Best Regards, Jorge León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mass installation procedure for Debian?
Hello! We install/reconfigure re-install almost on a daily basis via a local network, which is far the fastest way, better than any CD. On Mon, Feb 04, 2002 at 06:09:54PM +0200, I. Forbes wrote: > Hello Oliver > ... > We use this installation procedure. It is not really "mass" but can > generate a debian stable machine tailored for our customer's [...] We use a similar aproach and I can recommend it. I have played Fai once and actually I'm fiddling with bootcd. With Fai I came in closer contact with Cfengine and I started to like it that much, that I started to experiment with a generalized Cfengine setup, that will be casted into debian packages. These define setup-strategies with cfengine, mail-server, web-server, print-server, print-client, etc, etc, then I *only*: 1) install a minimal/moderate standar Debian System with a unique private IP number or with an IP number which is a "handle" for a predefined installation. 2) define the special caracteristics of the new computer by adding it to the corresponding cfengine classes on the "Cfengine Master"/Debian Mirror 3) Let Cfengine do the rest by running it from the newly installed computer. Note that this is (almost) a vapourware description, while it is true that I handle a home/Internet-Café/development network of about eight randomly assembled Debian boxes, it's not brewn out. A note about the mirror: There is one machine with a webserver and a 33.6 :-) Modem line to the Internet, where I upate my packages frequently. After each download/install/update I run "apt-move update" to get new packages into a www-mirror on the local harddisk. Each other computer only uses this local mirror. Big advantage: instead of browsing 9000 packages y only manage about 1000 most needed on the local computers, which are browsed manually rather quickly. Tip: don't make this computer a production server (as I do) since the update regularly breaks the machine. If you use an individual "update server" you can play around with software and then decide if you want to install or upgrade on the local network. Also jablicator has not been mentioned in this thread. It creates an empty Debian Packages which depends on all packages that are installed on your computer. So if you create various jablications for different computer setups and put them on a local debian-mirror you just install on a new computer the jablicated packages according to the needs of this machine. Best Regards, Jorge-León
Re: Mass installation procedure for Debian?
Hello! We install/reconfigure re-install almost on a daily basis via a local network, which is far the fastest way, better than any CD. On Mon, Feb 04, 2002 at 06:09:54PM +0200, I. Forbes wrote: > Hello Oliver > ... > We use this installation procedure. It is not really "mass" but can > generate a debian stable machine tailored for our customer's [...] We use a similar aproach and I can recommend it. I have played Fai once and actually I'm fiddling with bootcd. With Fai I came in closer contact with Cfengine and I started to like it that much, that I started to experiment with a generalized Cfengine setup, that will be casted into debian packages. These define setup-strategies with cfengine, mail-server, web-server, print-server, print-client, etc, etc, then I *only*: 1) install a minimal/moderate standar Debian System with a unique private IP number or with an IP number which is a "handle" for a predefined installation. 2) define the special caracteristics of the new computer by adding it to the corresponding cfengine classes on the "Cfengine Master"/Debian Mirror 3) Let Cfengine do the rest by running it from the newly installed computer. Note that this is (almost) a vapourware description, while it is true that I handle a home/Internet-Café/development network of about eight randomly assembled Debian boxes, it's not brewn out. A note about the mirror: There is one machine with a webserver and a 33.6 :-) Modem line to the Internet, where I upate my packages frequently. After each download/install/update I run "apt-move update" to get new packages into a www-mirror on the local harddisk. Each other computer only uses this local mirror. Big advantage: instead of browsing 9000 packages y only manage about 1000 most needed on the local computers, which are browsed manually rather quickly. Tip: don't make this computer a production server (as I do) since the update regularly breaks the machine. If you use an individual "update server" you can play around with software and then decide if you want to install or upgrade on the local network. Also jablicator has not been mentioned in this thread. It creates an empty Debian Packages which depends on all packages that are installed on your computer. So if you create various jablications for different computer setups and put them on a local debian-mirror you just install on a new computer the jablicated packages according to the needs of this machine. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: central authentication with LDAP
Hello! On Mon, Jan 28, 2002 at 03:55:08PM +0800, Patrick Hsieh wrote: ... > Now I'd like to make my Debian GNU/Linux login and authenticate from the > LDAP server, where should I begin? ... Sorry, I forgot another issue with libpam-ldap: There is an anonymous user, and if you do not authenticate libpam let's you in as that one, without asking for a password. So I put libpam-ldap at the bottom of the pam-auth-stack, with the following options: ... authsufficient pam_ldap.so use_first_pass ignore_unknown_user authrequiredpam_deny.so So unauthenticated login will be denied. However the authentication message is not at my taste then... Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: central authentication with LDAP
Hello! On Mon, Jan 28, 2002 at 03:55:08PM +0800, Patrick Hsieh wrote: ... > Now I'd like to make my Debian GNU/Linux login and authenticate from the > LDAP server, where should I begin? ... I have played around with ldap and pam since mid of December, and found that there are some issues with debians packages. The original pam modules are well documented, the "newer" ones are not. I had to go back to the sources. openldap installer (potato unstable/testing) for libnss-ldap, libpam-ldap configures /etc/ldap/ldap.conf, but the openldap utilities look in /etc/openldap/ldap.conf (just make a symlink). slapd configuration shows you how to secure your database, but in principle does not do it. There are a lot of schemas delivered, so you should not need to make them yourselves, look at /etc/ldap/schema/*, and just include the ones you need in /etc/ldap/slapd.conf On padl's site I downloaded the "Migration tools", then crouched one or two of them and now I am able to say on my central autentication host: adduser<- and configure the unix-user user2ldap Which imports the user entry en /etc/passwd, /etc/shadow into the slapd database, including very nice features like setting surname, GivenName, Telefone numbers, RoomNumber,... It's not baken out, but I would be very glad to share and discuss with other people interested in the same thing. In fact I mailed a collect-mail to some of the maintainers because I think that pam/ldap/nss actuall are dangerous for the non-guru installer, but I only got response from one. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
Hello! It was already sort of pointed out by other people, that your situation can probably handlead easier by dividing it in to tasks: - fast recovery from data damage - prevention of changes made by hackers/virus each of which can be better handled by individual aproaches. While the former has been addressed (three HD's in Software Raid-1 configuration), the second also has some rather easy to setup solutions. You can for example setup Cfengine on your network, and monitor/fix critical files from a CD. This is similar to tripwire, but "better" (as of the authors of Cfengine): You make a copy of your sane binaries and configuration files and burn it to a CD (or a HD on a [well protected] backup server!! :). You setup cfengine so it will check each hour or so the integrity of the files on your production server with respect to the backup, and overwrites any encountered modified file - this part is almost trivial: name the file/directory and cfengine will do the job for you. When your system crashes you recover from the spare Raid HD. Cfengine will automatically put everything straight if it would not comply with the backup server. Best Regards, Jorge-León On Wed, Jan 02, 2002 at 06:40:39AM +0800, Jason Lim wrote: ... > Except that I've pointed out already that we're specifically NOT looking > at a live RAID solution. This is a backup drive that is suppose to be > synced every 12 hours or 24 hours. > > The idea being that if there is a virus, a cracker, or hardware > malfunction, then the backup drives can be immediately pulled out and > inserted into a backup computer, and switch on to provide immediate > restoration of services (with data up to 12 hours old, but better than > having up-to-date information that may be corrupted or "cracked" versions > of programs). ... P.D.: I like cfengine a lot, however, I have never (had the chance to) try this aproach out. I can only dream of 60G HD's :)
Re: Best way to duplicate HDs
Hello! It was already sort of pointed out by other people, that your situation can probably handlead easier by dividing it in to tasks: - fast recovery from data damage - prevention of changes made by hackers/virus each of which can be better handled by individual aproaches. While the former has been addressed (three HD's in Software Raid-1 configuration), the second also has some rather easy to setup solutions. You can for example setup Cfengine on your network, and monitor/fix critical files from a CD. This is similar to tripwire, but "better" (as of the authors of Cfengine): You make a copy of your sane binaries and configuration files and burn it to a CD (or a HD on a [well protected] backup server!! :). You setup cfengine so it will check each hour or so the integrity of the files on your production server with respect to the backup, and overwrites any encountered modified file - this part is almost trivial: name the file/directory and cfengine will do the job for you. When your system crashes you recover from the spare Raid HD. Cfengine will automatically put everything straight if it would not comply with the backup server. Best Regards, Jorge-León On Wed, Jan 02, 2002 at 06:40:39AM +0800, Jason Lim wrote: ... > Except that I've pointed out already that we're specifically NOT looking > at a live RAID solution. This is a backup drive that is suppose to be > synced every 12 hours or 24 hours. > > The idea being that if there is a virus, a cracker, or hardware > malfunction, then the backup drives can be immediately pulled out and > inserted into a backup computer, and switch on to provide immediate > restoration of services (with data up to 12 hours old, but better than > having up-to-date information that may be corrupted or "cracked" versions > of programs). ... P.D.: I like cfengine a lot, however, I have never (had the chance to) try this aproach out. I can only dream of 60G HD's :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Problems with Duron Procesor
Hello! We bought a Clone with a 950k, AMD-Duron Processor, Motherboard by Biostar to build an Intranet Server out of it. When installing a new Kernel (2.4.7), compiled for this processortype the machine stopped to work, because of severe Memory fault problems, reducing the access "speed" from 133 Mhz to 100 Mhz reduces the problem significatively Using a plain Pentium kernel we got no memory faults anymore. Is this a Motherboard/Memory problem, or is there any known problem with the AMD-Duron optimization? gcc-version: 2.95.4 20010902 (Debian prerelease) Thanks, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Problems with Duron Procesor
Hello! We bought a Clone with a 950k, AMD-Duron Processor, Motherboard by Biostar to build an Intranet Server out of it. When installing a new Kernel (2.4.7), compiled for this processortype the machine stopped to work, because of severe Memory fault problems, reducing the access "speed" from 133 Mhz to 100 Mhz reduces the problem significatively Using a plain Pentium kernel we got no memory faults anymore. Is this a Motherboard/Memory problem, or is there any known problem with the AMD-Duron optimization? gcc-version: 2.95.4 20010902 (Debian prerelease) Thanks, Jorge-León
Re: SSL and Mailman?, was Re: Mailing Lists
Hello! On Sun, Nov 11, 2001 at 10:02:10AM +1100, Craig Sanders wrote: ... > you should be able to do that in your apache configuration - either deny > access to unencrypted connections or send a redirect to the encrypted > URL. ... Eric Jennings yet sent kindly the recipe :) And I rushed to implement it, when I realized that for survival reasons I am using the boa web server. > it's not really mailman's job to do that. ... You are surely right, but, is there another boa-like small&|fast web server which supports ssl? Is there some ssl-cgi-sandwich which allows to use ssl on servers that do not have built in support? Not really problems I have to live with right now, but I wonder,... Best Regards, Jorge-León
Re: SSL and Mailman?, was Re: Mailing Lists
Hello! On Sun, Nov 11, 2001 at 10:02:10AM +1100, Craig Sanders wrote: ... > you should be able to do that in your apache configuration - either deny > access to unencrypted connections or send a redirect to the encrypted > URL. ... Eric Jennings yet sent kindly the recipe :) And I rushed to implement it, when I realized that for survival reasons I am using the boa web server. > it's not really mailman's job to do that. ... You are surely right, but, is there another boa-like small&|fast web server which supports ssl? Is there some ssl-cgi-sandwich which allows to use ssl on servers that do not have built in support? Not really problems I have to live with right now, but I wonder,... Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SSL and Mailman?, was Re: Mailing Lists
Hello! I'm using mailman, but only at a *very* small scale. While beeing satisfied about the ease of configuration and managment of the lists, I am worried about the fact, that the list administrator is sending the list password in cleartext over the net when logging in. Of course I give the admins the advice to use https:// instead of http:// when logging in, but mailman does not enforce it. I think of diving into the code some day to see into it, but maybe I'm too paranoid or you have yet a solution to this... Any thoughts? Jorge-León On Thu, Nov 08, 2001 at 01:59:51PM +, Martin WHEELER wrote: > On Thu, 8 Nov 2001, Andre Luis Lopes wrote: > > > Em Qui 08 Nov 2001 10:19, Craigsc escreveu: ... > It's worth it for the web-based administration and archiving alone. ...
SSL and Mailman?, was Re: Mailing Lists
Hello! I'm using mailman, but only at a *very* small scale. While beeing satisfied about the ease of configuration and managment of the lists, I am worried about the fact, that the list administrator is sending the list password in cleartext over the net when logging in. Of course I give the admins the advice to use https:// instead of http:// when logging in, but mailman does not enforce it. I think of diving into the code some day to see into it, but maybe I'm too paranoid or you have yet a solution to this... Any thoughts? Jorge-León On Thu, Nov 08, 2001 at 01:59:51PM +, Martin WHEELER wrote: > On Thu, 8 Nov 2001, Andre Luis Lopes wrote: > > > Em Qui 08 Nov 2001 10:19, Craigsc escreveu: ... > It's worth it for the web-based administration and archiving alone. ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]