Re: differential/incremental /var/log backups
On Thu, Jul 24, 2003 at 12:08:15PM +0200, Marcin Owsiany wrote:
> So far I can think of two solutions, but I like neither:
> - backing up WHOLE /var/log every day (level 0 each time) - this means
>larger backups
> - changing traditional rotation (file.number.gz) to something like
>file.year-month-day.gz - this means changing all rotation cronjobs
>or patching logrotate
>
> Has anyone thought of something better?
I use a non-root, chrooted syslog-ng that logs to
/var/log/syslog-ng/spool/$HOSTNAME/$/$MM/$DD/$APPLICATION
Every once in a while I bzip2 -9 all log files older than a month.
I never delete logs, atleast not automatically.
--
:(){ :|:&};:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Small Debian Installs (was Re: Routing with Linux)
On Thu, Mar 06, 2003 at 07:08:45AM -0500, Randy Kramer wrote:
> What's the smallest someone on the list has installed, and what's the
> easiest way to go about doing it?
$ df -h
FilesystemSize Used Avail Use% Mounted on
/dev/hda2 129M 111M 11M 91% /
$
That includes 2MB of logs :)
The box is a AMD 586-clone with 16MB of mem. It's a VPN
endpoint.
Here's the _full_ list of installed packages -- note it
even includes python and ntp :)
apt base-files base-passwd bash bsdutils carpaltunnel cramfsprogs cron
debconf debianutils diff dpkg e2fsprogs ed fileutils findutils grep
grub gzip hostname ifupdown initrd-tools iproute iptables isapnptools
kernel-image-2.4.18-386 klogd ldso libc6 libpam-modules libpam-runtime
libpam0g libreadline4 libssl0.9.6 libstdc++2.10-glibc2.2 login
modutils mount ncurses-base ncurses-bin net-tools netkit-ping
ntp-simple nvi openvpn passwd perl-base procps python2.2-opti sed
shellutils smail ssh sudo sysklogd sysvinit tar textutils util-linux
zlib1g
--
:(){ :|:&};:
Re: Small Debian Installs (was Re: Routing with Linux)
On Thu, Mar 06, 2003 at 07:08:45AM -0500, Randy Kramer wrote:
> What's the smallest someone on the list has installed, and what's the
> easiest way to go about doing it?
$ df -h
FilesystemSize Used Avail Use% Mounted on
/dev/hda2 129M 111M 11M 91% /
$
That includes 2MB of logs :)
The box is a AMD 586-clone with 16MB of mem. It's a VPN
endpoint.
Here's the _full_ list of installed packages -- note it
even includes python and ntp :)
apt base-files base-passwd bash bsdutils carpaltunnel cramfsprogs cron
debconf debianutils diff dpkg e2fsprogs ed fileutils findutils grep
grub gzip hostname ifupdown initrd-tools iproute iptables isapnptools
kernel-image-2.4.18-386 klogd ldso libc6 libpam-modules libpam-runtime
libpam0g libreadline4 libssl0.9.6 libstdc++2.10-glibc2.2 login
modutils mount ncurses-base ncurses-bin net-tools netkit-ping
ntp-simple nvi openvpn passwd perl-base procps python2.2-opti sed
shellutils smail ssh sudo sysklogd sysvinit tar textutils util-linux
zlib1g
--
:(){ :|:&};:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: backup
On Mon, Dec 16, 2002 at 07:29:09PM +0100, Russell Coker wrote: > Amanda sounds promising (everyone is recommending it). I've asked a colleague > who's into backups (and who has been using Legato for years) to investigate > Amanda and write a report comparing them. Amanda's #1 sin is a horrible network protocol with a totally unbelievably stupid security model. If someone were to rewrite it to work over SSH, I'd be much happier. These days, I'm using this: rsync --bwlimit=500 --exclude-from FILE --stats -a --delete \ --numeric-ids -e'ssh -c blowfish -i /PATH/ssh-key' \ / USERWITHUIDZERO@REMOTEHOST:backups/LOCALHOST -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LDAP and TLS in woody
jogi hofmueller <[EMAIL PROTECTED]> writes:
> searched all the archives without success, so i am asking here:
>
> i am starting to set up a centryl LDAP server for various authentication
> purposes. now i would of course like to have the thing using TLS ... and
> found out that slapd in woody (don't know about other versions) does not
> support TLS by default. now, what would i have to do, to get things
> going? is compiling slapd the only way?
Either wait for a version in sid that does SSL, or recompile
after changing debian/rules line --without-tls to --with-tls.
You probably want to tell the daemon to listen to both SSL and
non-SSL. In /etc/init.d/slapd, do something like
start() {
echo -n "Starting OpenLDAP: slapd"
start-stop-daemon --start --quiet --pidfile "$pf" --exec /usr/sbin/slapd \
-- -h 'ldap:/// ldaps:///'
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#115468: O: ezmanage -- Manage multiple ezmlm mailing lists
Package: wnpp
Severity: normal
I'm orphaning ezmanage, both as the upstream author and as the
Debian maintainer, as I no longer use mailing lists under
qmail. If you want to step up to the plate, please get a
Sourceforge.net account and tell me, and I'll transfer the
whole project to you.
More information about ezmanage is available at
http://ezmanage.sourceforge.net/
(Note, if you reply to this, make sure you don't send mail
to [EMAIL PROTECTED])
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
Bug#115468: O: ezmanage -- Manage multiple ezmlm mailing lists
Package: wnpp
Severity: normal
I'm orphaning ezmanage, both as the upstream author and as the
Debian maintainer, as I no longer use mailing lists under
qmail. If you want to step up to the plate, please get a
Sourceforge.net account and tell me, and I'll transfer the
whole project to you.
More information about ezmanage is available at
http://ezmanage.sourceforge.net/
(Note, if you reply to this, make sure you don't send mail
to [EMAIL PROTECTED])
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re[2]: Clustering mail servers - Cyrus or Courier ?
"Kevin J. Menard, Jr." <[EMAIL PROTECTED]> writes:
> >> However, AFAIK it can be done only with Cyrus with its IMAP Aggregator, or
> >> with qmail-ldap + Courier-IMAP...
> JW> You ought to check out Scalemail, which is being developed expressly for
> JW> this purpose. It is a combination of Courier POP/IMAP and postfix. Very
> JW> powerful combo.
> Is there any plans to offer a version with Cyrus IMAPd? There's a fair
> number of us that like this better than Courier, so I think it would be a
> nice suggestion :) Btw, anyone know if the Cyrus IMAPd maintainer plans on
> maintaining the package anymore? It is seriously out of date, and he hasn't
> responded to a bug report filed about it being such.
(BTW, Scalemail is at http://scalemail.sf.net/)
Cyrus is not likely to get supported (by me); I dislike black
box storage methods.
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Clustering mail servers - Cyrus or Courier ?
Przemyslaw Wegrzyn <[EMAIL PROTECTED]> writes:
> On Mon, 6 Aug 2001, Jeff Waugh wrote:
> > You ought to check out Scalemail, which is being developed expressly for
> > this purpose. It is a combination of Courier POP/IMAP and postfix. Very
> > powerful combo.
> Hmmm, I can see it's in early stage of developement.
The only thing really missing is the Courier-IMAP login
mechanism. And I think I got it done, just haven't had time to
plug it in and test it. After that, it's all bug fixes and
refactoring code to be prettier. The thing delivers to
maildirs already.
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cyrus or Courier?
Haim Dimermanas <[EMAIL PROTECTED]> writes:
> I am in the process of setting up an email system that will host
> thousands of domains, many aliases per domain as well as forwarding
> capabilities on a per-domain basis.
>
> As far as the MTA is concerned, my choice is postfix. After reading the
> postfix-users mailing for a week (~60 msg a day), I think I got a good
> feeling about how postfix works.
>
> I am now confronted with choosing a good Local Delivery Agent. I heard
> great things about Cyrus so I gave it a shot. After realizing that the
> HOWTO was out-of-date (damn!) and that the Cyrus documentation was
> somewhat cryptic, I am now considering Courier.
>
> What I need is something that is scalable, reliable and working with a
> database (MySQL first, maybe Oracle later on). Between Cyrus and
> Courier, which one do you recommend? Please note that I am not trying to
> start a flame war, I just need to make an important decision.
[EMAIL PROTECTED] ~]$ apt-cache show scalemail
Package: scalemail
Status: install ok installed
Priority: optional
Section: mail
Installed-Size: 176
Maintainer: Tommi Virtanen <[EMAIL PROTECTED]>
Version: 0.0.2001.05.18
Depends: postfix (>= 0.0.20010329.SNAPSHOT), maildrop, perl, ldap-utils,
debconf (>= 0.9.40)
Suggests: courier-imap-ssl | courier-ssl, slapd
Conffiles:
/etc/scalemail/logrotate-postfix.conf 4191c03373e2a5f6477e6b29c4d451a9
Description: Scalable virtual mail domain system built on Postfix and LDAP
A scalable (but not HA, atleast not yet) virtual domain system for
handling mail for many users, based on Postfix, LDAP and maildrop
(Courier-IMAP will be integrated soon).
It's nowhere near finished, but it should be a good direction to go to.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | First snow, then silence.
kernel, TCP/IP, C, perl, free software, | This thousand dollar screen dies
mail, www, sw devel, unix admin, hacks. | so beautifully.
Re: Cyrus or Courier?
Haim Dimermanas <[EMAIL PROTECTED]> writes:
> I am in the process of setting up an email system that will host
> thousands of domains, many aliases per domain as well as forwarding
> capabilities on a per-domain basis.
>
> As far as the MTA is concerned, my choice is postfix. After reading the
> postfix-users mailing for a week (~60 msg a day), I think I got a good
> feeling about how postfix works.
>
> I am now confronted with choosing a good Local Delivery Agent. I heard
> great things about Cyrus so I gave it a shot. After realizing that the
> HOWTO was out-of-date (damn!) and that the Cyrus documentation was
> somewhat cryptic, I am now considering Courier.
>
> What I need is something that is scalable, reliable and working with a
> database (MySQL first, maybe Oracle later on). Between Cyrus and
> Courier, which one do you recommend? Please note that I am not trying to
> start a flame war, I just need to make an important decision.
[tv@ki ~]$ apt-cache show scalemail
Package: scalemail
Status: install ok installed
Priority: optional
Section: mail
Installed-Size: 176
Maintainer: Tommi Virtanen <[EMAIL PROTECTED]>
Version: 0.0.2001.05.18
Depends: postfix (>= 0.0.20010329.SNAPSHOT), maildrop, perl, ldap-utils, debconf (>=
0.9.40)
Suggests: courier-imap-ssl | courier-ssl, slapd
Conffiles:
/etc/scalemail/logrotate-postfix.conf 4191c03373e2a5f6477e6b29c4d451a9
Description: Scalable virtual mail domain system built on Postfix and LDAP
A scalable (but not HA, atleast not yet) virtual domain system for
handling mail for many users, based on Postfix, LDAP and maildrop
(Courier-IMAP will be integrated soon).
It's nowhere near finished, but it should be a good direction to go to.
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | First snow, then silence.
kernel, TCP/IP, C, perl, free software, | This thousand dollar screen dies
mail, www, sw devel, unix admin, hacks. | so beautifully.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [tv-nospam-2aef2c@debian.org: Re: Postfix for many domains]
On Thu, Nov 23, 2000 at 12:37:56PM +, Russell Coker wrote:
> >mailsystem-store-mail uses env. vars USER, EXTENSION and DOMAIN to:
> >
> >1. if $DOMAIN/$USER does not exist, search ldap for maildrop=$USER@$DOMAIN
> > and create maildir or bounce as appropriate.
> >
> >2. if $EXTENSION set, ensure that subfolder exists; create with maildirmake
> > -f if necessary
> >
> >3. store mail in $DOMAIN/$USER/.$EXTENSION/ or $DOMAIN/$USER/ with
> > deliverquota (fetch quota from LDAP, cache on disk?)
> > (a bash script could use USERPAD="${USER:0:2}__";
> >"$DOMAIN/${USERPAD:0:2}/$USER/.$EXTENSION/"
> >for hashing)
> This all sounds great! Does postfix currently set all these variables?
Yes. man 8 local
> >Alternative 3: IMAP/POP frontend passes connections on
> >--
> >
> >There are frontend IMAP/POP servers that listen for connection, get username
> >and proxy the connection to the correct backend IMAP/POP server that can
> > access mail for that user.
> >
> >No need for NFS mount, atleast not for cross-mounts.
> >
> >May hinder authentication methods.
> >
> >Has overhead.
>
> A better idea IMHO. Netscape mail server has been doing this for a while and
> it works OK for Netscape.
Anyone know of an IMAP forwarder? I know there's one for POP..
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Windows NT crashed.
kernel, TCP/IP, C, perl, free software, | I am the Blue Screen of Death.
mail, www, sw devel, unix admin, hacks. | No one hears your screams.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix for many domains
On Wed, Nov 15, 2000 at 01:50:19PM +, Russell Coker wrote:
> How easy is it to setup Postfix for a large number of dynamically
> configured email domains? What I need to do is to have a mail server
> scale to 10,000 domains over the course of a year, adding 500 new
> domains in a day wouldn't be uncommon for a busy day...
>
> So I need to be able to add domains without (much) reconfiguring of
> the server. Preferrably I would like to use LDAP to specify the
> domains, do the LDAP patches for Postfix support this?
Read /usr/share/doc/postfix/LDAP_README.gz
- everything you seem to want is easily doable.
I've been designing an scalable IMAP server
infrastructure; here are my current plans. Enjoy.
Scalable Mail Servers
*
Note: not HA, just scalable.
Based on Postfix, LDAP, Courier-IMAP and maildrop.
"mailsystem" etc are just temporary placeholders for a good software name.
Mail Delivery
=
Frontend
1..n frontend boxes
Have targetdomains @example.com and @invalid as virtual domains.
virtual_maps = hash:/etc/postfix/virtual, ldap:ldapvirtual
ldapvirtual_query_filter =
(&(mail=%s)(!(|(maildrop="*|*")(maildrop="*:*")(maildrop="*/*"
ldapvirtual_result_attribute = maildrop
/etc/postfix/virtual:
example.com dummy
invalid dummy
{NOTE to Russell: you can put the those in LDAP, too. It's all in the
LDAP_README}
ldap entries like:
dn: cn=foo, dc=my, dc=com
mail: [EMAIL PROTECTED]
maildrop: [EMAIL PROTECTED]
Backend
---
1..m backend boxes, may overlap with frontend boxes. More than one
"logical backend" can reside in the same physical server; e.g. you
may split by the hard disk the mail reside in.
Backend box #42:
virtual_maps = hash:/etc/postfix/virtual-h42
/etc/postfix/virtual-h42:
h42.mail.example.comdummy
@h42.mail.example.com mailuid
h42.mail.invaliddummy
@h42.mail.invalid mailuid
~mailuid/.forward:
|mailsystem-store-mail
mailsystem-store-mail uses env. vars USER, EXTENSION and DOMAIN to:
1. if $DOMAIN/$USER does not exist, search ldap for maildrop=$USER@$DOMAIN and
create maildir or bounce as appropriate.
2. if $EXTENSION set, ensure that subfolder exists; create with maildirmake -f if
necessary
3. store mail in $DOMAIN/$USER/.$EXTENSION/ or $DOMAIN/$USER/ with deliverquota
(fetch quota from LDAP, cache on disk?)
(a bash script could use USERPAD="${USER:0:2}__";
"$DOMAIN/${USERPAD:0:2}/$USER/.$EXTENSION/"
for hashing)
Regularly run a cross-reference between LDAP and actual maildirs, remove maildirs
for which no LDAP entry is found.
Mail Sending
Canonicalization
Shell servers that use UNIX login names need to translate them to
canonical email addresses with proper domains ([EMAIL PROTECTED]
-> [EMAIL PROTECTED]).
sender_canonical_maps = hash:/etc/postfix/canonical, ldap:ldapcanonical
ldapcanonical_query_filter = (uid=%s)
ldapcanonical_result_attribute = mail
ldap entries like:
dn: uid=foo, dc=my, dc=com
uid: foo
mail: [EMAIL PROTECTED]
maildrop: [EMAIL PROTECTED]
Mail Retrieval
==
Alternative 1: NFS cross-mounts
---
/var/spool/mailsystem/hNN.mail.example.com/ etc are cross-mounted between
backend hosts.
All backend hosts serve all users with IMAP etc.
Alternative 2: NFS mounts from common source
/var/spool/mailsystem/hNN.mail.example.com/ etc are mounted from an extra box
to the backend machines, a separate IMAP/POP farm also mounts the dirs.
All mail retrieval hosts serve all users with IMAP etc.
Alternative 3: IMAP/POP frontend passes connections on
--
There are frontend IMAP/POP servers that listen for connection, get username
and proxy the connection to the correct backend IMAP/POP server that can access
mail for that user.
No need for NFS mount, atleast not for cross-mounts.
May hinder authentication methods.
Has overhead.
Mail purging
Regularly run a batch job that iterates through all users with
(!(purgemail=no)), purge all old mail from Maildir/cur that is
not marked as important ("F").
Do not purge subfolders, so everyone has a safe mail storage method,
not just the people who can modify their LDAP entry.
TODO
Reliability?
Mailbox migration? Is it needed?
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Stay the patient course
kernel, TCP/IP, C, perl, free software, | Of little worth is your ire
mail, www, sw devel, unix admin, hacks. | The network is down
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ORBS not blocking, but logged in headers
On Mon, May 15, 2000 at 11:03:19AM +, Russell Coker wrote:
> Also Qmail is lacking in functionality when compared to Postfix, Sendmail, or
> probably any other Unix mail server. Qmail is fast and reliable, it's good
> for installing for one of those clients who is expected to stuff up Postfix
> config files.
>
> For a serious server system it will rapidly become annoying for the
> administrator because it just won't do the things you want.
>
> Try spam blocking (both ORBs and header filtering) and address re-writing for
> two things that Qmail falls down on.
Actually, I'd really want to know how to configure Postfix to
add a header for each blocking service checked:
X-Maybe-Spam-RBL: [the text from the TXT record here]
X-Maybe-Spam-ORBS: [the text from the TXT record here]
X-Maybe-Spam-DUL: [the text from the TXT record here]
With qmail, which is what I have done a lot and know well,
that'd be easy due to the modular nature. With postfix,
I stare at the documentation and see nothing that fits,
and can't see the building blocks to implement that myself.
Please tell me how to do it.
> I doubt that Qmail is any more secure than Postfix. I doubt that it is any
> faster.
Well, postfix has had security bugs, qmail hasn't.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | First snow, then silence.
kernel, TCP/IP, C, perl, free software, | This thousand dollar screen dies
mail, www, sw devel, unix admin, hacks. | so beautifully.
