Re: postfix logs
On Tue, 04 Jan 2005 at 15:37:46 -0600, Rodney Richison wrote: > Am building a new server to replace one. (Trading Redhat for Debian) > > On the new machine, which is only recieving for one domain while in > testing, Logcheck is reporting that postfix has a problem looking up rbl's. > I am not running in a jail. (I still copied resolv.conf to postfix for > giggles. You copied it to /var/spool/postfix (or anything configured as queue_directory), right? > I changed my resolve to have simply this. > nameserver 127.0.0.1 > Any thoughts would be appreciated > dig @cbl.abuseat.org localhost returns results just fine. > > Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: > 187.170.46.206.cbl.abuseat.org: RBL lookup error: Host or domain name > not found. Name service error for name=187.170.46.206.cbl.abuseat.org > type=A: Host not found, try again > Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: > 187.170.46.206.dul.dnsbl.sorbs.net: RBL lookup error: Host or domain > name not found. Name service error for > name=187.170.46.206.dul.dnsbl.sorbs.net type=A: Host not found, try again > -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mailscanner vs. amavis vs. other
On Fri, 05 Dec 2003 at 11:08:35 -0500, Fraser Campbell wrote: > > We've had some experience with amavis over the last few years and while it > generally works it has an a tendency to lose the occassional message or just > continually requeue messages until their queue time expires and the message > bounces. We're using amavisd-postfix. > > I know there are also other variants of amavis such as amavis-ng that we > could > try. Has anyone compared amavis to mailscanner and come to a definite > conclusion as to one being better. I know better is very subjective but I'd > still like to hear opinions. > > I'd like to eventually hook spam trapping into the filter (I think amavis-ng > does that) as well. I have never used Mailscanner so I can't compare them. I use Postfix with Amavisd-new (note "d-new") and I'm very glad. As a plus, it cooperates with antivirus scanners and with Spamassassin. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
Re: Mailscanner vs. amavis vs. other
On Fri, 05 Dec 2003 at 11:08:35 -0500, Fraser Campbell wrote: > > We've had some experience with amavis over the last few years and while it > generally works it has an a tendency to lose the occassional message or just > continually requeue messages until their queue time expires and the message > bounces. We're using amavisd-postfix. > > I know there are also other variants of amavis such as amavis-ng that we could > try. Has anyone compared amavis to mailscanner and come to a definite > conclusion as to one being better. I know better is very subjective but I'd > still like to hear opinions. > > I'd like to eventually hook spam trapping into the filter (I think amavis-ng > does that) as well. I have never used Mailscanner so I can't compare them. I use Postfix with Amavisd-new (note "d-new") and I'm very glad. As a plus, it cooperates with antivirus scanners and with Spamassassin. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail Queue timeouts
On Thu, 23 Oct 2003 at 15:12:55 +1100, Lauchlin Wilkinson wrote: > Hi, > > what are peoples thoughts on the length of time mail should sit in the > mail queue? Due to the rise in the amount of spam and viruses that > seems to be going around lately I throttled back the delivery warning > back to 30 minutes and the delivery failure back to 12 hours. My logic > is that most people these days expect e-mail to be pretty instant so to > have mail sitting in a queue for 7 days and not getting a warning for > several hours seems a bit old fashioned. So far 12 hours and 30 > minutes seems to be working well. What are other people doing? > Just a note: I have noticed that sending warnings about messages waiting in the queue causes problems with e.g. mailing lists - users get removed from mailing lists by list manager programs which treat warnings as errors. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Mail Queue timeouts
On Thu, 23 Oct 2003 at 15:12:55 +1100, Lauchlin Wilkinson wrote: > Hi, > > what are peoples thoughts on the length of time mail should sit in the > mail queue? Due to the rise in the amount of spam and viruses that > seems to be going around lately I throttled back the delivery warning > back to 30 minutes and the delivery failure back to 12 hours. My logic > is that most people these days expect e-mail to be pretty instant so to > have mail sitting in a queue for 7 days and not getting a warning for > several hours seems a bit old fashioned. So far 12 hours and 30 > minutes seems to be working well. What are other people doing? > Just a note: I have noticed that sending warnings about messages waiting in the queue causes problems with e.g. mailing lists - users get removed from mailing lists by list manager programs which treat warnings as errors. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AntiVirus + MAIL
On Wed, 08 Oct 2003 at 10:47:42 -0500, Rich Puhek wrote: > [EMAIL PROTECTED] wrote: > > >What is the best FREE antivirus solution for Linux and SMTP Scanning ? > > > > amavis + clamav > > Both are packaged nicely with Debian. About the only complaint I have > with Amavis is that there are about 300 bastard children (amavis, > amavisd, amavisd-new, amavis-ng, amavis-new, amavis-perl, probably > amavisd-ng-bob for all I know) so it can get confusing to figure out > what program you're dealing with. Indeed. So I followed the advice from the amavisd-new package description: "When in doubt about which amavis-* package to use, try this one" and I'm happy with it :-) . > The really nice thing is that Amavis is very flexible... [...] True. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AntiVirus + MAIL
On Wed, 08 Oct 2003 at 12:03:35 -0300, [EMAIL PROTECTED] wrote: > Hi everybody, > > What is the best FREE antivirus solution for Linux and SMTP Scanning ? > > Greats, > Jozeph ClamAV + amavisd-new + Postfix :-) . Packages of clamav and amavisd-new backported to "stable" are available at http://people.debian.org/~aurel32/BACKPORTS/ The line for /etc/apt/sources.list is: deb http://people.debian.org/~aurel32/BACKPORTS woody main -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Telnet 25 port problem
On Tue, 07 Oct 2003 at 13:32:59 -0300, Agustín Ciciliani wrote: > Hi Everybody, > > I'm having an issue with qmail and my server to send mails to some domains. > Here is the error. This have been happening for three weeks. > > qmail says: > Sorry, I wasn't able to establish an SMTP connection. (#4.4.1) > I'm not going to try again; this message has been in the queue too long. > > If I send the e-mail with any other server (even Windows or Linux) it goes > through normally. > > I've perform all these tests, and they're all right: > > - Resolve MX of the domains. > - Traceroutes to the servers > - Pings to the servers > - Nmap found all the ports that must be open, particularly the 25. > - I've talked to the network administrators of the domains that I can't > reach and they've told me that there is no block for my IP address > (firewalls, blacklists, etc.) > > The only BIG PROBLEM is that I cannot make "telnet (mailserver) 25". It ends > in a time out after a minute. I've also talked with my ISP, and It's not a > routing problem. If it was a routing problem, I couldn't reach the domains > with any other servers of my subnet... (that already happened to me). > > These are some of the mail servers that I can't reach with my Debian: > mail.matrocolayasoc.com.ar, mail.skytel.com.ar, mail.ecogas.com.ar, and > others... > > I'm running a Linux version 2.4.20-pre8 (gcc version 2.95.4 20011002 (Debian > prerelease)) > > I appreciate any comment. > > Yours Sincerely, > > Agustín I checked them from various machines and I can see that some firewall on the route to these servers is broken. It behaves according to RFC793, not RFC2481 (I'm not sure about these numbers at the moment). I mean that it doesn't let through TCP packets with ECN bit set (Explicit Congestion Notification), and most probably your machine sends such packets. If 'cat /proc/sys/net/ipv4/tcp_ecn' returns "1", then the machine sends such packets. You can overcome this problem by means of disabling ECN with 'echo "0" > /proc/sys/net/ipv4/tcp_ecn' if you want, but it's the remote networks' fault, not your. So your decision depends on how much you want to communicate with them :-) as not only you have this problem with them (or rather _they_ have the problem in fact!). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where to get 'DCC' and 'pyzor' packages from?
On Wed, 24 Sep 2003 at 19:05:33 +0200, Dominik Schulz wrote: > Dear List, > since Spam is becoming more and more unpleasant I'm currently looking > deeper into configuring SpamAssassin better. > When running spamd in Debug mode I realized that dcc (distributed > checksum clearinghouse) und pyzor were not installed. So I've started ^ Should be razor. There is a Debian package. I don't know anything about dcc as I don't use any of them. > looking for Debian packages ... and now I'm still looking. > > Anyone knows of deb packages of one (or both) of these two programs? > Shall I install them from source? > Or shouldn't I use them at all? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix delivery prob
On Tue, 15 Jul 2003 at 11:19:11 +0100, Shri Shrikumar wrote: > > I seem to have a problem with postfix not delivering email from machines > that it cannot reverse and identify. Basically, I get log messages to > the effect of > > postfix/smtpd[10023]: warning: xxx.xxx.xxx.xxx: hostname hostname.com > verification failed: Host not found > > I think that a few messages might have been lost because of this - any > ideas on how to get postfix to deliver the messages even if it cant > identify the host or am I barking up the wrong tree and is the log > message with regards to something different ? > I'm quite sure that your postfix in fact _delivers_ such messages. As you can see, these entries are only _warnings_. I've got many similar ones and mail _is_ delivered. Unless you give us real proofs (from your log) that some messages are lost (not even lost, but bounced in the worst case) due to these, I dare to say that you're wrong :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Qmail + Amavis + Spamassassin
On Tue, 15 Jul 2003 at 13:18:21 +0200, M.S. Lucas wrote: > > I want to use Qmail with Amavis and Spamassassin on a Debian Woody server. > Qmail and Spamassassin are both available on Woody but Amavis isn't. > > What source do you use for the (backported) amavis packages > > I used > deb http://people.debian.org/~nobse/debian/woody/backported ./ > > on a test server but thay don't serve Amavis packages anymore. > > What is a good and stable source for amavis deb files. > > Maurice Lucas Instead of amavis, you can consider using amavisd-new. -- Package: amavisd-new Maintainer: Brian May <[EMAIL PROTECTED]> Version: 20030616p3-1 Replaces: amavis Provides: amavis Depends: file, libmime-perl (>= 5.313), libconvert-tnef-perl (>= 0.06), libconvert-uulib-perl, libcompress-zlib-perl (>= 1.14), libarchive-tar-perl, libarchive-zip-perl, libmailtools-perl, libunix-syslog-perl, libnet-perl (>= 1:1.12), libnet-server-perl, libtime-hires-perl, adduser (>= 3.34), libdigest-md5-perl, libmime-base64-perl, perl Suggests: spamassassin, clamav, clamav-daemon, lha, arj, unrar, zoo, nomarch, cpio, lzop Conflicts: amavis Description: Interface between MTA and virus scanner/content filters AMaViSd-new is a script that interfaces a mail transport agent (MTA) with zero or more virus scanners, and spamassassin (optional). . AMaViSd-new supports all MTAs through its generic SMTP filter mode (ideal for postfix and exim). It is faster and safer to use the SMTP filter mode than using the AMaViS pipe client. . When in doubt about which amavis-* package to use, try this one - Packages backported for Woody are at http://people.debian.org/~aurel32/BACKPORTS/pool/main/a/amavisd-new/ So the entry in the sources.list is: deb http://people.debian.org/~aurel32/BACKPORTS woody main HIH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: closing exims open relay - something to do with the percent hack
On Tue, 01 Jul 2003 at 16:09:38 +0100, Shri Shrikumar wrote: > Hi, > > I just did an open relay test on one of my servers and to my surprise > found that it in an open relay. In particular, it accepts emails to the > form of > > [EMAIL PROTECTED] > > where here.com is a local domain within exim. > > I have tried setting > > percent_hack_domains="" > > but that has not helped. I have also tried adding the line > Won't commenting it entirely out (adding # in front of this) help? > no_relay_match_host_or_sender > > as recommended in the docs but I dont actually know what it doesn. Little using exim, neither do I. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: closing exims open relay - something to do with the percent hack
On Tue, 01 Jul 2003 at 16:09:38 +0100, Shri Shrikumar wrote: > Hi, > > I just did an open relay test on one of my servers and to my surprise > found that it in an open relay. In particular, it accepts emails to the > form of > > [EMAIL PROTECTED] > > where here.com is a local domain within exim. > > I have tried setting > > percent_hack_domains="" > > but that has not helped. I have also tried adding the line > Won't commenting it entirely out (adding # in front of this) help? > no_relay_match_host_or_sender > > as recommended in the docs but I dont actually know what it doesn. Little using exim, neither do I. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Migrating to a Compaq Proliant DL360G3
On Tue, 27 May 2003 at 14:10:22 +0200, Tom?s Nú?ez Lirola wrote: > Hi > I must migrate my servers to Compaq Proliant DL360G3 machines. We're looking > several IDCs, and all of them say "Only support for RedHat, SuSE and Quite a frequent disclaimer... > Caldera". I want to use Debian (I don't like very much SuSE, I've not used > neither Red Hat nor Caldera, and it's hard to change distro when you're happy > with the one you have), but when I comment this point to the salesman, he > says a lot of "It's difficult" "It's not supported" and things like that. > Even I've found on a budget "We don't take any responsibility on the > installation, functionality or support in case you decide to install Debian". Sure, they must say such things because officially they don't support Debian. > In this situation, my boss is evaluating the convenience of installing Debian > on the servers, and he says he likes Red Hat. > > I've looked at Compaq website and I have not found any reference to Debian. > As there are RAID controllers and specific server hardware that I don't know > so far (I've never used hardware RAID at home ;P), I'm afraid of the > difficulty I can find installing Debian in spite of everybody telling me to > install Red Hat. Don't listen to them :-) . > Anyway... Does anybody have any experience with this machine (or similar) and > Debian? Is there any website where I can take a look on the compatibility of > this machine (or similar) and Debian? > > Do you recommend me to be stubborn and install Debian anyway? Yes! :-) . First of all, request the detailed list of hardware from salesman (especially the type of RAID array controller). Then you will be able to look in the Net whether it's possible to install Debian on it. The most probable answer is "yes". Even some time ago I managed to install Debian on a server which wasn't officially supporting Debian (a different Proliant: ML570). Indeed, the main problem was a RAID array controller. But in newer kernels it's easier, as far as I know. I don't know what RAID controller DL360G3 has got so you must get this information from the salesman. On other hardware: that's possible that some additional features will not be usable with Debian (some remote management cards etc., which require additional software in Redhat's RPMs). I don't know if DL360G3 has got something like that. But that's a minor inconvenience in my opinion. So, now when the decision for buying these Proliants DL360G3 has been made, you've got nothing to lose anyway. In the worst case you can always revert to Redhat, so why not try Debian?... :-) . And I think that installing Debian on them is possible. First get the details about RAID controller, as I've just written. Good luck! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: virtual ftp folders
On Wed, 05 Feb 2003 at 9:07:15 -0600, Bernie Berg wrote: > Howdy, > I'm running woody with with the woody packages. I would like to > make it so when a user logs in via ftp they only see the folder a specify, Folder? You mean directory, don't you? This is not Windose :-) . > not the entire file structure. What would be the best ftp server to use > for the task, and how would I configure it? I currently use proftp. OK. Proftpd supports it. Use DefaultRoot command in proftpd.conf. E.g.: DefaultRoot ~ lusers will cause that users from Unix group "lusers" will enter directly to their own home directories after login and they will not be able to go "higher". -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix : Rejecting message with more than X number of recipients
On Wed, 29 Jan 2003 at 9:04:31 -0200, Andre Luis Lopes wrote: > > I would like to know if someone managed to get Postfix reject messages > which contains more than X number of recipients (X being any previously > specified number using some parameter in Postfix's main.cf file). > > I was reading about the topic and already experimented with > default_destination_recipient_limit and smtp_destination_recipient_limit > parameters but it seems these ones aren't what I really need. > > default_destination_recipient_limit actually will broke the recipient > list into smaller lists and send multiple copies of the message, but not > reject it. > > The documentation for smtp_destination_recipient_limit doesn't help too > much. Anyway, I tried it and it didn't do what I need. > > Does someone knows if it's possible to do this using Postfix or should I > use a separated script/software/package/whatever ? > smtpd_recipient_limit -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Compaq Proliant DL320 installation.
On Mon, 20 Jan 2003 at 10:28:03 +0100, [EMAIL PROTECTED] wrote: > Hi all, > I am just installing Woody on a Compaq Proliant DL320 server (PIII > 1.13GHz), and the various Compaq Agents drivers are avaiable for > different releases of RedHat, SuSE and some other distros except Debian. > I wonder if I'd just `apt-get install rpm` and try to install one of the > rpm'ed packages avaiable on the official site or there is a better > solution (e.g. alien or whatever). If someone have experienced with > Debian on those server, some help is appreciated :) > Not on such server but on another: Proliant ML570. I haven't tried any Compaq "agents" on it though. I have tried lm-sensors but I haven't succeeded, even with some help from lm-sensors people. Maybe Compaq has modified the hardware in some not typical way... Good luck -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache / PHP4 config problem (newbee on PHP)
On Wed, 15 Jan 2003 at 17:32:45 +0100, Gregoire Hostettler wrote: > Thank you for your response. > > I moved the script to its original location (/var/www) but I get a strange > behavior: > > - Using IE6, the browser asks me if I want to download the test.php script > (???) > - If I rename the .php script to .html, it displays just the header, nothing > else, which is correct imho Yes. > - If I try to access test.php via lynx, it just displays the html text. > There is a tmp html file created, althought > > It seems to me that the php4 engine never starts to generate pages... Or Apache doesn't recognise .php files as files for PHP4. > Any other idea ? I seem to remember that I had to add these lines into srm.conf to have PHP4 working: AddType application/x-httpd-php .php3 AddType application/x-httpd-php .php (.php3 in case there are files ending with .php3). Note: this is x-httpd-php _not_ x-httpd-php4 which you have got in your srm.conf. PS. Please, switch OFF unconditionally composing HTML-ised messages in your mail program (your original question contained HTML-ised version)! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: best NIC Speed
On Fri, 10 Jan 2003 at 10:02:09 +0100, Sebastian wrote: > Am Don, 2003-01-09 um 19.21 schrieb Marco Kammerer: > > > Sebastian wrote 2003-01-09 18.06 > > > Am Don, 2003-01-09 um 18.06 schrieb Marco Kammerer: > > > > realtek (cheap) > > > > > > > > but normally cheap doenst mean to be slow. > > > > > > http://www.fefe.de/linuxeth/realtek.txt > > > > > > should answer your question. > > > > > ok :-) > > > > so what should i use? > > Go up one directory: > > http://www.fefe.de/linuxeth > Seems that this server (www.fefe.de) doesn't translate requests like "name" to "name/" when needed. So the above URL gives "Alert!: HTTP/1.0 404 Not Found. No such file or directory." One must type exactly http://www.fefe.de/linuxeth/ (note ending /). > There is a nice list of features of different NICs. One update: Intel > has just recently released docs for the eepro100. That's the NIC I > personally use. > > Sebastian -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
On Tue, 26 Nov 2002 at 15:27:40 -0200, Adriano Nagelschmidt Rodrigues wrote:
> Tomasz Papszun writes:
> > If I understand djbdns' documentation correctly, it is _impossible_ to
> > run both DNS functions: authoritative-only NS ('tinydns') and
> > recursive/caching server ('dnscache') on the same IP address, right?
>
> Right. Two different programs can't bind to port 53 on the same IP address.
Yes, I know that. I hoped (with quite small hope), that there could be
some way doing it by means of this "svs-something" or so...
> > I know that it's better when these functions are separated and run on
> > different IP addresses.
>
> Yes.
>
> > But using different addresses for them is _not_ an option for me, due
> > to various reasons.
>
> Why? Can you list the reasons? For example, do you really need an external
Reasons are mainly historical. It would be very difficult to suddenly
change all delegations, settings of many customers' computers and so on.
Generally speaking, things which are dependent on many other persons.
Personally, I could get used to new format of files, hard-coded magic
filenames, absolute lack of manual pages, let this ugly and ridiculous
/service in the "/" directory and so on, but due to things which would
involve other peoples, it's definitely not an option, at least
currently. So djbdns is out of discussion. I must say it with sadness
because I really would like to use DJB software because of it's
security.
> cache and a server running on the same machine, which can only have one public
> IP address?
Yes. I mean, I can assign more addresses but queries must come to the
same address (and answers must go back from the same address).
> There are many configurations you could try, depending on your network
> topology.
>
> Regards,
>
> --
> Adriano
Thank you for the answer, anyway :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
On Tue, 26 Nov 2002 at 1:01:02 -0600, [EMAIL PROTECTED] wrote:
> El mar, 19-11-2002 a las 17:07, jernej horvat escribió:
> ...
> > I have a question about djbdns - can i have one control file for all
> > IP's/interfaces that i have on one system ?
> ...
>
> You can configure env/IP to 0.0.0.0 so it will listen on _all_
> interfaces.
I've got related (but contrary) requirement.
If I understand djbdns' documentation correctly, it is _impossible_ to
run both DNS functions: authoritative-only NS ('tinydns') and
recursive/caching server ('dnscache') on the same IP address, right?
I know that it's better when these functions are separated and run on
different IP addresses.
But using different addresses for them is _not_ an option for me, due
to various reasons.
So, is there any way to run them on one address?
As I wrote above, as far as I know, not. But I'd like to be sure. I
really wanted to give djbdns a try, but this limitation eliminates
djbdns for me :-( .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: about Woody ?
On Mon, 23 Sep 2002 at 17:25:10 +, Julián Mu?oz wrote: > On Mon, 23 Sep 2002, Tomasz Papszun wrote: > > > Woody is stable for 2 months now! :-) . > > Yes, I know. Sorry for my bad english ;-) (By the way, do you think it's > enough 2 months ?) Yes, I think so. On the other hand, I hate some of new features(?) (bugs?) in woody. For instance, unification of authorization in phpmyadmin and apache - I no longer can have checking by means of .htaccess separated from checking by means of mysql database. We searched the Net for a solution. Other people are angry with it as well but seems that noone knows how to get to the previous way of operation. There are some other applications that changed their operation in such way that some vital subsystem (modified by me) of a server stopped working :-(( . The problem with potato is that in some near future, security fixes won't be released anymore. So it's better to upgrade when it's convenient, not when you will _have_ to do it quickly. > Well, I would like to evaluate the cost of transition. And also, I'd like > to be sure when to change. > > Potato is feature frozen, and I liked this really, because I need > stability, and only fixes for the important bugs. > What about Woody ? > > > See http://www.debian.org/releases/stable/ > > Of course we use it. > > Sorry, it is not so obvious to me ! ( Ignorant I am :-) Hope it helps -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: about Woody ?
On Mon, 23 Sep 2002 at 17:09:32 +, Julián Mu?oz wrote: > > Hello, > > What do you think about woody becoming "stable" ? > Are you using it ? > > Is it feature frozen ?? Woody is stable for 2 months now! :-) . See http://www.debian.org/releases/stable/ Of course we use it. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: about Woody ?
On Mon, 23 Sep 2002 at 17:25:10 +, Julián Mu?oz wrote: > On Mon, 23 Sep 2002, Tomasz Papszun wrote: > > > Woody is stable for 2 months now! :-) . > > Yes, I know. Sorry for my bad english ;-) (By the way, do you think it's > enough 2 months ?) Yes, I think so. On the other hand, I hate some of new features(?) (bugs?) in woody. For instance, unification of authorization in phpmyadmin and apache - I no longer can have checking by means of .htaccess separated from checking by means of mysql database. We searched the Net for a solution. Other people are angry with it as well but seems that noone knows how to get to the previous way of operation. There are some other applications that changed their operation in such way that some vital subsystem (modified by me) of a server stopped working :-(( . The problem with potato is that in some near future, security fixes won't be released anymore. So it's better to upgrade when it's convenient, not when you will _have_ to do it quickly. > Well, I would like to evaluate the cost of transition. And also, I'd like > to be sure when to change. > > Potato is feature frozen, and I liked this really, because I need > stability, and only fixes for the important bugs. > What about Woody ? > > > See http://www.debian.org/releases/stable/ > > Of course we use it. > > Sorry, it is not so obvious to me ! ( Ignorant I am :-) Hope it helps -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: about Woody ?
On Mon, 23 Sep 2002 at 17:09:32 +, Julián Mu?oz wrote: > > Hello, > > What do you think about woody becoming "stable" ? > Are you using it ? > > Is it feature frozen ?? Woody is stable for 2 months now! :-) . See http://www.debian.org/releases/stable/ Of course we use it. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache logs
On Wed, 18 Sep 2002 at 11:08:55 +0200, Edward Tjin Liep Shie wrote: > > I was wondering if i can use Apache rotatelogs to rotate logfile from /usr/local/apache/logs/error_log to /log > > In the man pages i can't find anny thing how to rotat to an other dir. > Is there anny one who is using apache rotatelogs and is moving them ? Probably you can use logrotate instead of rotatelogs. From the man: olddir directory Logs are moved into directory for rotation. The directory must be on the same physical device as the log file being rotated. When this option is used all old versions of the log end up in direcÄ tory. This option may be overridden by the nooldÄ dir option. But, to be exact, you not always can move logs to another dir. It depends on whether your /log is on the same physical device as /usr/local/apache/logs (usually not). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Apache logs
On Wed, 18 Sep 2002 at 11:08:55 +0200, Edward Tjin Liep Shie wrote: > > I was wondering if i can use Apache rotatelogs to rotate logfile from /usr/local/apache/logs/error_log to /log > > In the man pages i can't find anny thing how to rotat to an other dir. > Is there anny one who is using apache rotatelogs and is moving them ? Probably you can use logrotate instead of rotatelogs. From the man: olddir directory Logs are moved into directory for rotation. The directory must be on the same physical device as the log file being rotated. When this option is used all old versions of the log end up in direcĄ tory. This option may be overridden by the nooldĄ dir option. But, to be exact, you not always can move logs to another dir. It depends on whether your /log is on the same physical device as /usr/local/apache/logs (usually not). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Logrotate weekly prerotate everyday?
On Sat, 03 Aug 2002 at 9:13:50 -0700, Ward Willats wrote:
> Hello Folks:
>
> I call a local script from...
>
> /etc/logrotate.d/apache
>
> ...in Debian 3.0 to run Analog reports. It is supposed to run once a
> week, but it runs every day:
>
>/var/log/apache/*.log {
>weekly
>missingok
>rotate 52
>compress
>delaycompress
>notifempty
>create 640 root adm
>sharedscripts
>postrotate
>/etc/init.d/apache reload > /dev/null
>endscript
># -- added by ward 28Jul02
>prerotate
>/etc/run_weekly_analog_reports.sh
>endscript
># -- end ward
>}
>
> My tiny mind thinks a "prerotate" block should only be executed
> "weekly" once it has been decided to perform a rotation. Not every
> time cron/logrotate peeks into this "apache" file. What as I missing?
>
> (I have fixed the problem by checking the day of the week in my local
> reporting script, but I'd still like to understand my disconnect with
> Perfect Understanding of the One True Way(tm).)
>
I'm going to write not a solution of your particular problem with
logrotate but a tip for "bypassing" it.
I don't know why your "prerotate" section is executed daily instead of
weekly; I don't use any "prerotate" blocks but a few "postrotate" ones
work OK for me, i.e. "weekly" are executed weekly, not daily.
Anyway, if logrotate doesn't work properly for you, you can use ordinary
crontab entry, scheduled some time (e.g. 10 or 15 minutes to be sure)
_after_ the time your weekly rotation goes on. This way you have to process
already rotated logs (probably with suffix .1).
End even better: create separate, unprivileged user just for Analog
processing (you will have to arrange permissions so that this user has got
read access to logs and write access to resulting Analog files).
The less programs running as root, the better.
And just purity remark (as you care for "True Way", which is a good thing
:-) ):
don't put your home-brewed programs or scripts in /etc/. This is not a
place for them. They should be in /usr/local/bin (or sbin).
Hope this helps
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: General Apache-Question
On Fri, 02 Aug 2002 at 19:59:48 +0200, Michelle Konzack wrote: > Am 14:46 01/08/02 +0200 hat Jones Down geschrieben: [...] > >In other words, it´s redundant to have installed packages "apache" AND > >"apache-ssl"? > > NO, you can have only apache OR apache-SSL Do you mean that you can NOT have _both_ apache _and_ apache-ssl?? Of course you can. Package: apache Status: install ok installed Package: apache-ssl Status: install ok installed Tomek -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Proftpd+SSL/TLS!!!
On Fri, 02 Aug 2002 at 17:43:43 +1200, Dave Watkins wrote: > > Sorry if this has been said. I haven't been following the thread, but why > not setup stunnel and run proftpd through that? I've done it here for mail > and it works great (even with qmail and daemontools), so I see no reason > why you couldn't do the same for FTP Unfortunately, FTP can't cooperate with stunnel. As FAQ says ( http://www.stunnel.org/faq/troubleshooting.html#ToC14 ): FTP over Stunnel won't work I just can't get ftp to work over Stunnel no matter how hard I try. Answer: Stunnel cannot be used for the FTP daemon because of the nature of the FTP protocol which utilizes multiple ports for data transfers. There are SSL aware FTP servers available. Alternitively you could use a different protocol. All versions of SSH include a program called scp which works like rcp. Recent versions of OpenSSH include a program called sftp which has an ftp-like feel. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Updated Apache packages for Woody (testing).
On Fri, 21 Jun 2002 at 14:23:44 +0100, Fred Clausen wrote: > Hi all, > > There was recently an Apache vulnerability and I notice there is an update on > debian.org with packages for stable. A search also reveals Apache 1.3.26 for > unstable. However I was unable to find any for testing. > > Are there any packages for Woody or should I make my own? Yes, there are. At least some of the mirrors. Search in directory like debian/pool/main/a/apache/ (various mirrors can have various paths from the root of the directories tree). E.g. ftp://sunsite.icm.edu.pl/pub/Linux/debian/pool/main/a/apache/ , http://ftp.se.debian.org/debian/pool/main/a/apache/ -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Updated Apache packages for Woody (testing).
On Fri, 21 Jun 2002 at 14:23:44 +0100, Fred Clausen wrote: > Hi all, > > There was recently an Apache vulnerability and I notice there is an update on > debian.org with packages for stable. A search also reveals Apache 1.3.26 for > unstable. However I was unable to find any for testing. > > Are there any packages for Woody or should I make my own? Yes, there are. At least some of the mirrors. Search in directory like debian/pool/main/a/apache/ (various mirrors can have various paths from the root of the directories tree). E.g. ftp://sunsite.icm.edu.pl/pub/Linux/debian/pool/main/a/apache/ , http://ftp.se.debian.org/debian/pool/main/a/apache/ -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: installing adaptec 2400a RAID card
On Sun, 28 Apr 2002 at 13:03:10 -0400, Andrew Kaplan wrote: > How do I install debain ( 2.2.r_6)with an Adaptec 2400a RAID card. On the CD > I only see RedHat and Suse. > > Thanks, > > Andrew P. Kaplan > Network Administrator > CyberShore, Inc. > http://www.cshore.com I have installed Debian potato on a machine with Adaptec 2100S RAID controller. I don't know whether 2400a uses the same driver. It would be rather time-consuming for me to describe exactly the way I've done it (English isn't my native language). Shortly: on another machine I have had to compile the kernel with the dpt_i2o driver included (_not_ as a module). Having this new kernel, I have replaced a kernel on a installation floppy with the new kernel. During the installation I have had to do some "manual" changes. If above description isn't sufficient, write and I'll try to find the details. Hope that helps -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Good POP3 server
On Thu, 11 Apr 2002 at 14:50:30 +0200, Craig wrote: > Hi Fellows > > Has anyone got suggestions on a good pop3 server > to use on my mail server. Something that can take > a hammering and not ipopd, been having some > problems with it and qpopper I think has security > issues. I'm quite satisfied with solid-pop3d ( http://solidpop3d.pld.org.pl/ ). It handles both Mailbox and Maildir formats, bulletins (like qpopper), expiration of messages, logs qpopper-like statistics. It uses far less resources than qpopper (I have replaced qpopper with solidpop3d on a system which "crawled" most of the time as users kept big mailboxes and after that, system load dropped significantly). The package is in Debian "testing" (woody) but it's easy to build it oneself. Hope it helps -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: htaccess being ignored in DirectoryMatch and Directory ~
On Wed, 20 Feb 2002 at 14:13:27 +0100, Jakub Ambrożewicz wrote: > Hello > > I have a problem with apache from potato (i dont know if > newer version also). When i try do set AllowOverride > for directories using regexp's or > they are just beeing ignored. > So, the question is how to enable htaccess files for > users? I found that Sheldon Hearn had similiar problem: > it was reported as a bug. Suggested solution was to use > but it didn't worked for > me, and as Sheldon didn't responded to bugteam's response > :-) problem was considered done. > And I still have a problem... so any suggestions are > welcome > I've also found some unexpected behaviour using but haven't got enough time to narrow the problem. But I think that such expression works: (note .* instead of *) or just: -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: htaccess being ignored in DirectoryMatch and Directory ~
On Wed, 20 Feb 2002 at 14:13:27 +0100, Jakub Ambrożewicz wrote: > Hello > > I have a problem with apache from potato (i dont know if > newer version also). When i try do set AllowOverride > for directories using regexp's or > they are just beeing ignored. > So, the question is how to enable htaccess files for > users? I found that Sheldon Hearn had similiar problem: > it was reported as a bug. Suggested solution was to use > but it didn't worked for > me, and as Sheldon didn't responded to bugteam's response > :-) problem was considered done. > And I still have a problem... so any suggestions are > welcome > I've also found some unexpected behaviour using but haven't got enough time to narrow the problem. But I think that such expression works: (note .* instead of *) or just: -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: concurrent POP3 and IMAP servers?
On Mon, 11 Feb 2002 at 10:37:29 +0100, [EMAIL PROTECTED] wrote: > Hi, > > Is itpossible to have concurrent POP3 and IMAP servers running on my potato? Yes, it is. They use different TCP ports. > I don't want to annoy my current customers to switch their POP outlook > configuration, and just use IMAP for my new webmail service. > > Thank's Josep -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: concurrent POP3 and IMAP servers?
On Mon, 11 Feb 2002 at 10:37:29 +0100, [EMAIL PROTECTED] wrote: > Hi, > > Is itpossible to have concurrent POP3 and IMAP servers running on my potato? Yes, it is. They use different TCP ports. > I don't want to annoy my current customers to switch their POP outlook > configuration, and just use IMAP for my new webmail service. > > Thank's Josep -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Qmail relay control
On Fri, 13 Jul 2001 at 16:51:01 +1000, andy wrote: > > /etc/qmail/rcpthosts No. > man qmail-smtpd Yes :-) . rcpthosts Allowed RCPT domains. If rcpthosts is supplied, qmail-smtpd will reject any envelope recipient address with a domain not listed in rcpthosts. And Alex is looking for a file containing hostnames _from_ which qmail is to relay, not _to_ which. To control it, one must set environment variable RELAYCLIENT. It can be done for instance with tcp-env or tcpserver. See FAQ point 5.4 (or whatever it is numbered nowadays). > On Thu, 12 Jul 2001, Alex Borges wrote: > > > Mhm cant seem to find a file for allowed relay-from hosts on qmail such > > as the one in sendmail i need (as everybody) to deny relaying from > > everywhere but a well defined set of > > ip's. > > > > Please, pretttyplease, prettypleasewithacherryontop help me! > > > > Alex -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Qmail - huge performance increase
On Thu, 21 Jun 2001 at 13:25:17 +1000, Craig Sanders wrote: > On Thu, Jun 21, 2001 at 01:45:23AM +0800, Jason Lim wrote: > > SO... by increasing conf-split to 97 (from the default of 20 > > something afaik), each directory ends up only having a hundred or so > > files. Doing "ls" now is far speedier. > > [...] > > this is actually a well-known limitation of ext2fs and similar > file-systems - as soon as you get more than a thousand or so files in a > directory, performance takes a nosedive. > BTW, a tip: if you've got "ls" aliased (for instance as 'ls --color=auto -F') then you can shorten this long execution of "ls". Just issue "/bin/ls" instead of "ls". The difference is very big. It can be as 1:200 (yeah!). I've just done a comparison in a directory with > 33000 files. "/bin/ls | wc" has taken 1 (one) second. "ls | wc" lasted 3 minutes and 26 seconds. Yes, near 3 and a half minutes! This is because "ls" with additional information (e.g. file type, which is needed to colour a listing) needs more time to gather this information. I don't know what difference would be for reiserfs or xfs filesystems. Hope it helps a little :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Qmail - huge performance increase
On Thu, 21 Jun 2001 at 13:25:17 +1000, Craig Sanders wrote: > On Thu, Jun 21, 2001 at 01:45:23AM +0800, Jason Lim wrote: > > SO... by increasing conf-split to 97 (from the default of 20 > > something afaik), each directory ends up only having a hundred or so > > files. Doing "ls" now is far speedier. > > [...] > > this is actually a well-known limitation of ext2fs and similar > file-systems - as soon as you get more than a thousand or so files in a > directory, performance takes a nosedive. > BTW, a tip: if you've got "ls" aliased (for instance as 'ls --color=auto -F') then you can shorten this long execution of "ls". Just issue "/bin/ls" instead of "ls". The difference is very big. It can be as 1:200 (yeah!). I've just done a comparison in a directory with > 33000 files. "/bin/ls | wc" has taken 1 (one) second. "ls | wc" lasted 3 minutes and 26 seconds. Yes, near 3 and a half minutes! This is because "ls" with additional information (e.g. file type, which is needed to colour a listing) needs more time to gather this information. I don't know what difference would be for reiserfs or xfs filesystems. Hope it helps a little :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Finding the Bottleneck
On Thu, 07 Jun 2001 at 22:47:09 -0500, Rich Puhek wrote: [...] > Also, there are probably some optimizations you can do for queue sort > order. I'm most familiar with Sendmail, not qmail, so I don't know the > exact settings, but try to process the queue according to recipient > domain. That way, you gain some advantages with holding SMTP connections > open to a server, rather than closing and reopening a session, etc. > > --Rich If my memory serves me well, qmail opens a new session for each message, even if this message is to be delivered to the same server. I may be wrong though. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Finding the Bottleneck
On Thu, 07 Jun 2001 at 22:47:09 -0500, Rich Puhek wrote: [...] > Also, there are probably some optimizations you can do for queue sort > order. I'm most familiar with Sendmail, not qmail, so I don't know the > exact settings, but try to process the queue according to recipient > domain. That way, you gain some advantages with holding SMTP connections > open to a server, rather than closing and reopening a session, etc. > > --Rich If my memory serves me well, qmail opens a new session for each message, even if this message is to be delivered to the same server. I may be wrong though. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim as a gateway
On Mon, 22 Jan 2001 at 21:58:13 -0500, [EMAIL PROTECTED] wrote: > OK, here's the picture. I have a Debian box as the SMTP gateway for > about 4000 active nodes on a class B network. Many of these machines > run sendmail, misconfigured, of course. I have MX records for the inside > machines in the DNS all pointing to the gateway, which is configured to > deny 3rd party relay. But, since it just forwards to the real machine, > the relays still happen. Is there any way to stop this at the gateway > machine? > You can block at the border router all outgoing connections to SMTP port (25) _besides_ these ones which originate from your "legal" SMTP gateway. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ping
On Thu, 21 Sep 2000 at 21:46:01 -0500, [EMAIL PROTECTED] wrote: > Hello All, > Is there a way to log incoming ICMP requests? What would have to be > wrapped in order to basically log all requests of the machine (pings in > particular) > > Thanks, > > D. Ghost > Package: ippl IP protocols logger ippl is a configurable IP protocols logger. It currently logs incoming ICMP messages, TCP connections and UDP datagrams. It is configured with Apache-like rules and has a built-in DNS cache. http://www.debian.org/Packages/stable/net/ippl.html Hope it helps. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: ping
On Thu, 21 Sep 2000 at 21:46:01 -0500, [EMAIL PROTECTED] wrote: > Hello All, > Is there a way to log incoming ICMP requests? What would have to be > wrapped in order to basically log all requests of the machine (pings in > particular) > > Thanks, > > D. Ghost > Package: ippl IP protocols logger ippl is a configurable IP protocols logger. It currently logs incoming ICMP messages, TCP connections and UDP datagrams. It is configured with Apache-like rules and has a built-in DNS cache. http://www.debian.org/Packages/stable/net/ippl.html Hope it helps. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
