Re: how to relocate servers transparently
I still have an uneasy feeling about dns caches out there that may keep serving the old ip addresses to their users _without_ ever consulting our dns servers. But I guess I could use a http proxy on the remaining dns box to forward http traffic for a while, which would take care of that part. The other protocols are less important (or visible), and more likely to work correctly anyway. As long as all contactable DNS servers have the new authoritive information, there should not be any issues... Brad
Re: how to relocate servers transparently
Rhesa Rozendaal wrote: > In the past I witnessed such a move, and there were a lot of problems > with the DNS. As it turned out, many DNS servers out there kept caching > the old ip addresses for over 3 days, causing a lot of connection issues This is most often due to the old authoritive servers continuing to serve the old zone details. When an A record is refreshed, the TTL for SOA/NS rr's also refreshes, therefore the NS information 'seems' to never be out of date. Some DNS caches will continue querying the old servers due to the fact that those NS records have not expired. > for many users. Beforehand we did lower the ttl on all the domains prior > to the move, but many dns servers seemed to ignore that. On top of that, > we moved both our dns servers at the same time, which was a big mistake > too. When moving a site to new IP's/DNS servers I performed the following: Create all accounts on the new box, and copy all the files over. Setup the DNS servers to issue the new zone details. At the same time, configure the OLD servers to serve the new zone data. When the old servers are queried, they will serve the new zone data, so when an A record is refreshed, the SOA/NS records will be that of the new servers. You can then change the delegation for all domains to the new DNS servers. I guess the trick is to keep both DNS servers going at the same time for a few days, but ensure that they are all serving the NEW zone details for all domains. This would be the 'correct' way to change delegation and will also avoid 'server lock' (as ISC refer to it) as mentioned above with the NS records refreshing. > So, what I'd like to hear from you is practical advice on how to avoid > connection problems after the move is complete. > Will it be enough to keep 1 dns server behind? I'm afraid it won't be, > given the dns caching problem mentioned above. Is there a way to have > that 1 dns server act as a proxy or port forwarder in some way? Can that > be done between two different class A networks? As above, as long as both new and old servers are serving the same (new) zone details, there shouldnt be a problem. Brad
Re: how to relocate servers transparently
I still have an uneasy feeling about dns caches out there that may keep serving the old ip addresses to their users _without_ ever consulting our dns servers. But I guess I could use a http proxy on the remaining dns box to forward http traffic for a while, which would take care of that part. The other protocols are less important (or visible), and more likely to work correctly anyway. As long as all contactable DNS servers have the new authoritive information, there should not be any issues... Brad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to relocate servers transparently
Rhesa Rozendaal wrote: > In the past I witnessed such a move, and there were a lot of problems > with the DNS. As it turned out, many DNS servers out there kept caching > the old ip addresses for over 3 days, causing a lot of connection issues This is most often due to the old authoritive servers continuing to serve the old zone details. When an A record is refreshed, the TTL for SOA/NS rr's also refreshes, therefore the NS information 'seems' to never be out of date. Some DNS caches will continue querying the old servers due to the fact that those NS records have not expired. > for many users. Beforehand we did lower the ttl on all the domains prior > to the move, but many dns servers seemed to ignore that. On top of that, > we moved both our dns servers at the same time, which was a big mistake > too. When moving a site to new IP's/DNS servers I performed the following: Create all accounts on the new box, and copy all the files over. Setup the DNS servers to issue the new zone details. At the same time, configure the OLD servers to serve the new zone data. When the old servers are queried, they will serve the new zone data, so when an A record is refreshed, the SOA/NS records will be that of the new servers. You can then change the delegation for all domains to the new DNS servers. I guess the trick is to keep both DNS servers going at the same time for a few days, but ensure that they are all serving the NEW zone details for all domains. This would be the 'correct' way to change delegation and will also avoid 'server lock' (as ISC refer to it) as mentioned above with the NS records refreshing. > So, what I'd like to hear from you is practical advice on how to avoid > connection problems after the move is complete. > Will it be enough to keep 1 dns server behind? I'm afraid it won't be, > given the dns caching problem mentioned above. Is there a way to have > that 1 dns server act as a proxy or port forwarder in some way? Can that > be done between two different class A networks? As above, as long as both new and old servers are serving the same (new) zone details, there shouldnt be a problem. Brad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Postfix+mysql delivery problem.
I've come to my end, after a few days of bashing around with postfix, I come to the conclusion that what I want to do can't really be done. Heres the senario. I have a database, which stores only 'username' in mysql, which I would like postfix to query for, if it exists then deliver to /home/$user/Maildir. Now this is fine if theres a system user as well (delivery method local:). As soon as I change it to virtual:, it requires the full email address in mysql, and I can't change it. The domain part is irrelivent, as [EMAIL PROTECTED] and [EMAIL PROTECTED] are the same anyway, I basically just want postfix to store the 'system' users in mysql. The relivant parts of my config are as follows; [-snip-] setgid_group = postdrop require_home_directory = no myhostname = dreams.isx.com.au mydestination = $myhostname, localhost.isx.com.au, isx.com.au home_mailbox = Maildir/ alias_maps = mysql:/etc/postfix/mysql-aliases.cf transport_maps = mysql:/etc/postfix/transport.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:1000 virtual_gid_maps = static:1000 virtual_mailbox_base = /home virtual_mailbox_limit = 33554432 local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases virtual_maps = hash:/etc/postfix/virtual mynetworks = 127.0.0.1/8, hash:/var/lib/pop-before-smtp/hosts content_filter = smtp-amavis:[127.0.0.1]:10024 smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient, check_sender_access hash:/etc/postfix/access, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain [-/snip-] and from mysql, mysql> select * from transport; +---+---+ | domain| transport | +---+---+ | dreams.isx.com.au | virtual: | <-- changing to local works 99% how I'd like it, but still requires a /etc/passwd user And this is my user line, (when set to local:), which works great. 5558 Query select "Maildir/" from user_info where username = 'brad' Does anybody have any ideas on what I could have done wrong? I really can't modify the database at all to change to a [EMAIL PROTECTED] format, and theres more than 1 domain that users have access to, so this really doesn't suit anyway. Any help would be really appreciated. Regards, Brad Lay ([EMAIL PROTECTED]) System Administrator P) +61 7 3855 2233 H) http://www.isx.com.au -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sane trouble-ticket systems
On Sun, 27 Jul 2003, Ralph J.Mayer wrote: > Hi, > > take a look at http://otrs.org/ > > > rm otrs looked nice, but I'll be buggered if I can get it working using postfix. Are there any trouble-ticketing systems, which use php/mysql/postfix out there? (php/cgi-bin whatever. im not that fussy). That'll work in woody. So far I've played with request-tracker1 (which works fine, 'cept it needs some work to do what I want it to do properly, can't seem to figure out how.) Anybody know of a backport of request-tracker2 from testing/unstable? even rt3 would do, so long as it'll work in Woody. Kindest Regards, Brad Lay -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mysqld listening to the network interface
On Tue, 8 Jul 2003, David Wilk wrote: > I have another mysql question for ya. I remember setting up mysqld in > slink and it was a breeze to get it listening on the network. > > I figured the mysqld in woody would be just as easy. Unfortunately, a > netstat -a shows no sign of mysqld (even tho I verified it's running) > and I can't for the life of me figure out where the config is to enable > this. All the docs indicate how to *disable* the network daemon, not > enable. > > Is the woody default to *not* listen on the network? Is there a way to > change this (has to be...) > > thanks for any ideas you may have. look in your /etc/mysql/my.cnf file for the line 'skip-networking', and comment it. restart mysql and you should be cooking. Regards, Brad Lay ( brad /at/ coombabah.net ) P) (07) 55 311177 W) http://coombabah.net/ "I used to be indecisive, now I'm not so sure."
Re: mysqld listening to the network interface
On Tue, 8 Jul 2003, David Wilk wrote: > I have another mysql question for ya. I remember setting up mysqld in > slink and it was a breeze to get it listening on the network. > > I figured the mysqld in woody would be just as easy. Unfortunately, a > netstat -a shows no sign of mysqld (even tho I verified it's running) > and I can't for the life of me figure out where the config is to enable > this. All the docs indicate how to *disable* the network daemon, not > enable. > > Is the woody default to *not* listen on the network? Is there a way to > change this (has to be...) > > thanks for any ideas you may have. look in your /etc/mysql/my.cnf file for the line 'skip-networking', and comment it. restart mysql and you should be cooking. Regards, Brad Lay ( brad /at/ coombabah.net ) P) (07) 55 311177 W) http://coombabah.net/ "I used to be indecisive, now I'm not so sure." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Large Hard Disks and Debian
On Tue, 24 Jun 2003, Andrew Miehs wrote: > Hi all, > > does anyone have any experience with large IDE disks on Debian? > > I was interested in buy a couple of Western Digital 250GB Disks for > backup purposes... > > And secondly, does Serial ATA work properly in Woody? or do I need a > new Kernel? > > Thanks > > Andrew As far as I know theres no problem with large disk support in 2.4, as for Serial ATA, make sure that you get a decent card thats supported by the vender. Serial ATA itself is transparent to the OS, you just need to be careful with onboard stuff. My mistake was buying an onboard sata raid promise controller and got stuck with a piece of crap binary that taints my kernel when I load it (unless you run a certain release of redhat/slackware/). It works, but only just. I'd stay well clear of promise if you want it to work under Debian. Regards, Brad Lay ( brad /at/ coombabah.net ) P) (07) 55 311177 W) http://coombabah.net/ "I used to be indecisive, now I'm not so sure."
Re: Large Hard Disks and Debian
On Tue, 24 Jun 2003, Andrew Miehs wrote: > Hi all, > > does anyone have any experience with large IDE disks on Debian? > > I was interested in buy a couple of Western Digital 250GB Disks for > backup purposes... > > And secondly, does Serial ATA work properly in Woody? or do I need a > new Kernel? > > Thanks > > Andrew As far as I know theres no problem with large disk support in 2.4, as for Serial ATA, make sure that you get a decent card thats supported by the vender. Serial ATA itself is transparent to the OS, you just need to be careful with onboard stuff. My mistake was buying an onboard sata raid promise controller and got stuck with a piece of crap binary that taints my kernel when I load it (unless you run a certain release of redhat/slackware/). It works, but only just. I'd stay well clear of promise if you want it to work under Debian. Regards, Brad Lay ( brad /at/ coombabah.net ) P) (07) 55 311177 W) http://coombabah.net/ "I used to be indecisive, now I'm not so sure." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sin of sins Compile errors on red hat ..
On Fri, 13 Jun 2003 [EMAIL PROTECTED] wrote: > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] Last I looked, I was sure this was a debian-isp list, not redhat-support list :-) Regards, Brad Lay ( brad /at/ coombabah.net ) P) (07) 55 311177 W) http://coombabah.net/
Re: Sin of sins Compile errors on red hat ..
On Fri, 13 Jun 2003 [EMAIL PROTECTED] wrote: > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] Last I looked, I was sure this was a debian-isp list, not redhat-support list :-) Regards, Brad Lay ( brad /at/ coombabah.net ) P) (07) 55 311177 W) http://coombabah.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: {G} Exiscan ??
On Thu, 12 Jun 2003, Gregory Machin wrote: > > I have exiscan up and running on problem. it sends the sender of the > viruse infected email an error message saying the email ,is infected and > wont be tarnsmitted. > > How to i configure exiscan to tell the recipient that thay were protected > from a virus , customer like to see this stuff ... > > Many Thanks > Gregory Machin It's on by default. in /etc/exiscan/exiscan.conf look for $rcpt_notification = 1; and also, to edit the message displayed, see $rcpt_notification_text This will only notify them _IF_ the mail had a virus, not every message even if its not [which would be rude, leave it up to AVG and the like to do that.] Regards, Brad Lay ([EMAIL PROTECTED]) P) (07) 55 311177 W) http://coombabah.net/
Re: {G} Exiscan ??
On Thu, 12 Jun 2003, Gregory Machin wrote: > > I have exiscan up and running on problem. it sends the sender of the > viruse infected email an error message saying the email ,is infected and > wont be tarnsmitted. > > How to i configure exiscan to tell the recipient that thay were protected > from a virus , customer like to see this stuff ... > > Many Thanks > Gregory Machin It's on by default. in /etc/exiscan/exiscan.conf look for $rcpt_notification = 1; and also, to edit the message displayed, see $rcpt_notification_text This will only notify them _IF_ the mail had a virus, not every message even if its not [which would be rude, leave it up to AVG and the like to do that.] Regards, Brad Lay ([EMAIL PROTECTED]) P) (07) 55 311177 W) http://coombabah.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus license
On Tue, 10 Jun 2003, [iso-8859-1] Tomàs Núñez Lirola wrote: > Hi > I want to put an antivirus on the mail server (BugBear helped me to convince > my boss). Now is time for wondering about licenses. > > Kaspersky and F-Prot (two examples) have a product for a mail server. If I use > their product for a personal use (wich license price is a 5% of the mail > server license) with amavis, am I doing something illegal? Does the license > permit its use with amavis? > I need to know it for sure... so can anyone help me? > > However, the open alternatives (clamav, openantivirus, etc) are stable enough? > They get updated fast enough? Openantivirus is outdated by clamav, and clamav is very stable on all 3 of my servers, bugbear was picked up by quickly enough for me. Definetly worth using IMHO. works with amavis (all MTA's), exiscan (exim3), and MIMEDEfang (sendmail milter), in my setups. I'm very pleased. Regards, Brad Lay ([EMAIL PROTECTED]) W) http://coombabah.net/
Re: Antivirus license
On Tue, 10 Jun 2003, [iso-8859-1] Tomàs Núñez Lirola wrote: > Hi > I want to put an antivirus on the mail server (BugBear helped me to convince > my boss). Now is time for wondering about licenses. > > Kaspersky and F-Prot (two examples) have a product for a mail server. If I use > their product for a personal use (wich license price is a 5% of the mail > server license) with amavis, am I doing something illegal? Does the license > permit its use with amavis? > I need to know it for sure... so can anyone help me? > > However, the open alternatives (clamav, openantivirus, etc) are stable enough? > They get updated fast enough? Openantivirus is outdated by clamav, and clamav is very stable on all 3 of my servers, bugbear was picked up by quickly enough for me. Definetly worth using IMHO. works with amavis (all MTA's), exiscan (exim3), and MIMEDEfang (sendmail milter), in my setups. I'm very pleased. Regards, Brad Lay ([EMAIL PROTECTED]) W) http://coombabah.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
dist-upgrade apache
I just dist-upgraded my debian machine to find that apache now continually loads processess till it reaches its limit. I looked on the bugs.debian.org site for apache bugs, but nothing in the last month shows anything that it could be. I'm thinking of the libs is broken, but I can't find which one. Does anybody have any ideas. ii libstdc++2.10- 2.95.4-17 The GNU stdc++ library (development files) ii libstdc++2.10- 2.95.4-17 The GNU stdc++ library ii libstdc++3 3.0.4-16 The GNU stdc++ library version 3 ii libstdc++5 3.2.3-0pre7The GNU Standard C++ Library v3 ii libstdc++5-3.3 3.3-2 The GNU Standard C++ Library v3 (development ii libstdc++5-dev 3.2.3-2The GNU Standard C++ Library v3 (development ii apache 1.3.27.0-1 Versatile, high-performance HTTP server ii apache-common 1.3.27.0-1 Support files for all Apache webservers ii libc6 2.3.1-17 GNU C Library: Shared libraries and Timezone ii libc6-dev 2.3.1-17 GNU C Library: Development Libraries and Hea Quite the pain :( Regards, Brad Lay ([EMAIL PROTECTED]) P) (07) 55 311177 W) http://coombabah.net/
Re: What is a best choice for a mail program?
On Tue, 22 Apr 2003, Andrey wrote: > My question is what software can solve following requrements: > > 1. Pull mail from a list of POP3 servers. http://www.mythic-beasts.com/~mark/software/#just-hand-over-the-mail > 2. Given a many-to-many rules table route it to local mailboxes. This > rule table should be just a list of a valid e-mail addresses for every > mailbox. It should be easily maintainable (i.e. it is bad if list of a > valid domains will be in one file but list of valid e-mail addresses > in another, for example). I don't think its needed? Perhaps use procmail with the above software. > 3. Expose these mailboxes via POP3 interface. This is a preference thing. POP3 is implemented many many different ways, I personally use 3 different pop3ds. Qpopper, teapop and tpop3d. Theres plenty more. > 4. Have simple smtp server that ralays all mail to a predefined relay > (ESMTP required) except for a mail that is addressed to any of adress > associated with local mailboxes. Sendmail, Exim or Postfix. > 5. I do not need to receive any mail through SMTP, just pull it from > external POP3 servers. So make it only listen on the Internet LAN ip port 25. > I believe most e-mail servers can solve (3) & (4). I have no idea what to > use for (1) and what software is a best choice for (2) and for this > situation in general. I don't need many of powerful features just > mailbox management and this list-based routing. Again, I'm asking only for > pointers to software, maybe someone had similar problem. Thank you. This should give you a kickstart on your way anyhow. Let us know how you go in the end. Regards, Brad Lay ([EMAIL PROTECTED])
Re: How to handle mail for multiple (10-15) domains w/o localpart conflicts?
On Sun, 6 Apr 2003, Ralf G. R. Bergs wrote:
> On Sun, 06 Apr 2003 20:34:30 +0200, Marcin Sochacki wrote:
>
> [...]
> >http://www.ex-parrot.com/~chris/vmail-sql/
>
> Upon first look this looks nice -- but there's no Debian package available
> (AFAIC gather), and it needs tpop3d which also isn't Debianized yet. :-(
>
I've just setup this exact same thing on my mail server. You don't need
any debian packages for everything. Heres my configs.
I have exim+vmail-sql+spamd+exiscan with tpop3 as pop server and UebiMiau
as a webmail (Which has an attachment bug! :-(). A few things you need to
do.
apt-get install clamav exiscan spamassassin exim[1]
If you read the instructions on how to get vmail-sql setup from chris's
url, that'll get that side of things working. SpamAssassin's mysql stuff
is easily integrated into the php version that controls vmail-sql.
# Spam Assassin TRANSPORTS lines (search google for the rest)
spamcheck:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
transport_filter = /usr/bin/spamc -u "${lookup mysql{select unix_user from
domain left join domain_alias on domain_alias.domain_name = domain.domain_name
where domain.domain_name = '${quote_mysql:$domain}' or domain_alias.alias =
'${quote_mysql:$domain}'}{$value}fail}"
[..]
spamcheck_director:
# do not use this director when verifying a local-part at SMTP-time
no_verify
# When to scan a message :
# - it isn't already flagged as spam
# - it isn't already scanned
# - it didn't originate locally (as long as I don't harbor spammers :-))
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
driver = smartuser
transport = spamcheck
And SMTP Auth from mysql [needed so people can relay mail through your
mail server].
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if eq{${md5:$3}}{${substr_5:${lookup mysql{select
password_hash from popbox where local_part='${local_part:$2}' and
domain_name='${domain:$2}'}{$value{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if eq{${md5:$2}}{${substr_5:${lookup mysql{select
password_hash from popbox where local_part='${local_part:$1}' and
domain_name='${domain:$1}'}{$value{1}{0}}"
server_set_id = $1
This should get you started on the way, all up this complete setup from
start to finish took me about a day, and the only drawback I have found so
far is that delivery of mail takes around 8-10 seconds. If anybody knows
why I'd really like to know! Otherwise the entire system rocks. Now all I
need a nice php/mysql web hosting company billing system I can integrate
into this setup and finish the project!
One last thing, I've also hacked in quota support on the MTA side, but its
slightly flawed. IE: If user1's quota is 1MB, but somebody sends an email
thats 2MB the mail gets frozen. The mail trys to delivery until the
timeout is reached. How would I go about making it bounce permanently if
the email is larger than the users quota!
Hope this helped. If you need more help shoot me an email offlist.
[1] Debian's exim needs to be recompiled to use mysql (I can give you a
url to the one I created).
Re: apt-get dist-upgrade problem
First thing I would be doing is apt-get install chkrootkit - I had a machine do this exact same problem. I found it had been rootkitted. YMMV. It could be something else but I'd check anyway. Regards, Brad Lay ([EMAIL PROTECTED]) On Wed, 2 Apr 2003, Roger Ward wrote: > I have a wierd error from when I tried to upgrade a system from stable/woody > (a > few sarge packages like snort) to SID. > > I understand SID is a bit unstable (thus Still in Development)... > Any ideas what could be causing /usr/bin/du to be undeletable? I can't write > a C > program to delete it, I can't delete it by hand, etc.. I can't even move it > to a > different file (which i normally can do if a process has a lock on a file > handle). > > Any suggestions appriciated. PLEASE CC: me on all replies! > > Thanks, > Roger > > -- > > # apt-get dist-upgrade > Reading Package Lists... Done > Building Dependency Tree... Done > Calculating Upgrade... Done > The following NEW packages will be installed: > cpp-3.2 dictionaries-common g++-3.2 gcc-3.2 gcc-3.2-base gettext > libasn1-6-heimdal libcomerr1-kerberos4kth libdb4.1 libdns8 libgd2-noxpm > libgd2-noxpm-dev libglib2.0-0 libidn9 libkrb-1-kerberos4kth > libkrb5-17-heimdal > libpaper-utils libpaper1 libpcap0.7 libperl5.8 libpng12-0 > libpng3 libpq3 libroken16-kerberos4kth libsnmp5 libssl0.9.7 libstdc++5 > libstdc++5-dev po-debconf python2.2 python2.2-optik > The following packages have been kept back > w3m > 165 packages upgraded, 31 newly installed, 0 to remove and 1 not upgraded. > 7 packages not fully installed or removed. > Need to get 0B/97.3MB of archives. After unpacking 76.5MB will be used. > Do you want to continue? [Y/n] > Preconfiguring packages ... > (Reading database ... 27942 files and directories currently installed.) > Preparing to replace coreutils 4.5.2-1 (using > .../coreutils_4.5.10-1_i386.deb) ... > Unpacking replacement coreutils ... > Replacing files in old package debianutils ... > dpkg: error processing /var/cache/apt/archives/coreutils_4.5.10-1_i386.deb > (--unpack): > unable to make backup link of `./usr/bin/du' before installing new version: > Operation not permitted > dpkg-deb: subprocess paste killed by signal (Broken pipe) > Errors were encountered while processing: > /var/cache/apt/archives/coreutils_4.5.10-1_i386.deb > E: Sub-process /usr/bin/dpkg returned an error code (1) > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: apt-get dist-upgrade problem
First thing I would be doing is apt-get install chkrootkit - I had a machine do this exact same problem. I found it had been rootkitted. YMMV. It could be something else but I'd check anyway. Regards, Brad Lay ([EMAIL PROTECTED]) On Wed, 2 Apr 2003, Roger Ward wrote: > I have a wierd error from when I tried to upgrade a system from stable/woody (a > few sarge packages like snort) to SID. > > I understand SID is a bit unstable (thus Still in Development)... > Any ideas what could be causing /usr/bin/du to be undeletable? I can't write a C > program to delete it, I can't delete it by hand, etc.. I can't even move it to a > different file (which i normally can do if a process has a lock on a file handle). > > Any suggestions appriciated. PLEASE CC: me on all replies! > > Thanks, > Roger > > -- > > # apt-get dist-upgrade > Reading Package Lists... Done > Building Dependency Tree... Done > Calculating Upgrade... Done > The following NEW packages will be installed: > cpp-3.2 dictionaries-common g++-3.2 gcc-3.2 gcc-3.2-base gettext > libasn1-6-heimdal libcomerr1-kerberos4kth libdb4.1 libdns8 libgd2-noxpm > libgd2-noxpm-dev libglib2.0-0 libidn9 libkrb-1-kerberos4kth libkrb5-17-heimdal > libpaper-utils libpaper1 libpcap0.7 libperl5.8 libpng12-0 > libpng3 libpq3 libroken16-kerberos4kth libsnmp5 libssl0.9.7 libstdc++5 > libstdc++5-dev po-debconf python2.2 python2.2-optik > The following packages have been kept back > w3m > 165 packages upgraded, 31 newly installed, 0 to remove and 1 not upgraded. > 7 packages not fully installed or removed. > Need to get 0B/97.3MB of archives. After unpacking 76.5MB will be used. > Do you want to continue? [Y/n] > Preconfiguring packages ... > (Reading database ... 27942 files and directories currently installed.) > Preparing to replace coreutils 4.5.2-1 (using .../coreutils_4.5.10-1_i386.deb) ... > Unpacking replacement coreutils ... > Replacing files in old package debianutils ... > dpkg: error processing /var/cache/apt/archives/coreutils_4.5.10-1_i386.deb > (--unpack): > unable to make backup link of `./usr/bin/du' before installing new version: > Operation not permitted > dpkg-deb: subprocess paste killed by signal (Broken pipe) > Errors were encountered while processing: > /var/cache/apt/archives/coreutils_4.5.10-1_i386.deb > E: Sub-process /usr/bin/dpkg returned an error code (1) > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mysql backended mailing list software
Pretty much as the subject says, anybody know of any software that stores its stuff in mysql, with a (prefereably php) frontend. and if possible works best work exim :-) Thanks in advance. Regards, Brad Lay ([EMAIL PROTECTED])
Mysql backended mailing list software
Pretty much as the subject says, anybody know of any software that stores its stuff in mysql, with a (prefereably php) frontend. and if possible works best work exim :-) Thanks in advance. Regards, Brad Lay ([EMAIL PROTECTED]) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: calculation of mail traffic
isoqlog Description: Mail Transport Agent log analysis program. Isoqlog is an MTA log analysis program written in C. It designed to scan qmail, postfix, sendmail logfile and produce usage statistics in HTML format for viewing through a browser. It produces Top domains output according to Sender, Receiver, Total mails and bytes; it keeps your main domain mail statistics with regard to Days Top Domain, Top Users values for per day, per month and years. Very pretty. :) Regards, Brad Lay ([EMAIL PROTECTED]) On Mon, 17 Mar 2003, Markus Welsch wrote: > Hi all, > > I'd like to calculate mail traffic on a per domain base. Calculation should > include mail sent and mail received. I've been thinking of using the message > id > as some sort of "key" for everything since it's supposed to be unique, right ? > > I've been searching for a ready made solution and haven't come accross > something, so I started working on a solution. > > > My current ideas: > - calculate traffic for each day (via cronjob) with traffic in/out per domain > - domains which this calculation should be done for are listed in > accounting_domains > > I've built a small example program (attached as example.pl) an example log > file > is also attached. > > > My knowledge of Perl is not quite well so I'm looking for help to archive the > goal of doing this calculation. Anybody out there for help ? :-) > > > > Kind Regards, > > Markus Welsch >
Re: calculation of mail traffic
isoqlog Description: Mail Transport Agent log analysis program. Isoqlog is an MTA log analysis program written in C. It designed to scan qmail, postfix, sendmail logfile and produce usage statistics in HTML format for viewing through a browser. It produces Top domains output according to Sender, Receiver, Total mails and bytes; it keeps your main domain mail statistics with regard to Days Top Domain, Top Users values for per day, per month and years. Very pretty. :) Regards, Brad Lay ([EMAIL PROTECTED]) On Mon, 17 Mar 2003, Markus Welsch wrote: > Hi all, > > I'd like to calculate mail traffic on a per domain base. Calculation should > include mail sent and mail received. I've been thinking of using the message id > as some sort of "key" for everything since it's supposed to be unique, right ? > > I've been searching for a ready made solution and haven't come accross > something, so I started working on a solution. > > > My current ideas: > - calculate traffic for each day (via cronjob) with traffic in/out per domain > - domains which this calculation should be done for are listed in accounting_domains > > I've built a small example program (attached as example.pl) an example log file > is also attached. > > > My knowledge of Perl is not quite well so I'm looking for help to archive the > goal of doing this calculation. Anybody out there for help ? :-) > > > > Kind Regards, > > Markus Welsch > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BIND9 transferring zones
recursion no; -> /etc/bind/named.conf.options Regards, Brad Lay ([EMAIL PROTECTED]) On Thu, 13 Mar 2003, [iso-8859-1] Tomàs Núñez Lirola wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi > I've heard about disable zone transferring in BIND. I thought it is a good > idea, in order to hide a little more your net (obviously you can query my DNS > for all possible names and get the same information), but also I thought that > if BIND transfer zones by default, it has some reason. > > So can anyone comment inconvenients/advantages of disabling transfer DNS > zones? > > BTW: How can I disable zone transferring? > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+cEbrGOU6HQZ81TcRAgfbAJ9g5nOKxrQeLu+gZzu9VdaRIIXSLwCfbJmv > 3xRFz01A2iB0AbwIN/l6Wt0= > =QeqQ > -END PGP SIGNATURE- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: BIND9 transferring zones
recursion no; -> /etc/bind/named.conf.options Regards, Brad Lay ([EMAIL PROTECTED]) On Thu, 13 Mar 2003, [iso-8859-1] Tomàs Núñez Lirola wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi > I've heard about disable zone transferring in BIND. I thought it is a good > idea, in order to hide a little more your net (obviously you can query my DNS > for all possible names and get the same information), but also I thought that > if BIND transfer zones by default, it has some reason. > > So can anyone comment inconvenients/advantages of disabling transfer DNS > zones? > > BTW: How can I disable zone transferring? > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+cEbrGOU6HQZ81TcRAgfbAJ9g5nOKxrQeLu+gZzu9VdaRIIXSLwCfbJmv > 3xRFz01A2iB0AbwIN/l6Wt0= > =QeqQ > -END PGP SIGNATURE- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Multi-Link Machine
I have a linux machine with 2.4.19 on it, and 2 Internet links. eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I want to route certain ips ranges over this link. 144.135.23.0/24 for eg. eth1 is the internal interface on 192.168.0.0/24 eth2 is an adsl connection with a static ip which I want to be the default route for any traffic left over. I can get this to sort of work, but traceroute'ing to anything I set static routes [1] with, doesn't work because I assume that it trys to come back via the default route. Is that right? Also I need to break the adsl connection into 2 parts, its a 512kbit link, so I would like to take 384kbit and 128kbit of the link, and assign 128kbit to 192.168.0.192/27 which would be done on eth1, but I don't want to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste to shape it down to 128kbit now isnt it :) Is any of this possible or am I just dreaming? [1] route add -net ip.add.re.ss netmask 255.255.255.255 gw Thanks in advance. [NOTE: I've been to lartc.org and emailed them also, hoping to find some help, so no point telling me about them again, as I already have been and read the howto :-)] Regards, Brad Lay ([EMAIL PROTECTED])
Multi-Link Machine
I have a linux machine with 2.4.19 on it, and 2 Internet links. eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I want to route certain ips ranges over this link. 144.135.23.0/24 for eg. eth1 is the internal interface on 192.168.0.0/24 eth2 is an adsl connection with a static ip which I want to be the default route for any traffic left over. I can get this to sort of work, but traceroute'ing to anything I set static routes [1] with, doesn't work because I assume that it trys to come back via the default route. Is that right? Also I need to break the adsl connection into 2 parts, its a 512kbit link, so I would like to take 384kbit and 128kbit of the link, and assign 128kbit to 192.168.0.192/27 which would be done on eth1, but I don't want to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste to shape it down to 128kbit now isnt it :) Is any of this possible or am I just dreaming? [1] route add -net ip.add.re.ss netmask 255.255.255.255 gw Thanks in advance. [NOTE: I've been to lartc.org and emailed them also, hoping to find some help, so no point telling me about them again, as I already have been and read the howto :-)] Regards, Brad Lay ([EMAIL PROTECTED]) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: anti virus software for mail server
I know that you have said you were using postfix, but I'd like to point
out MIMEDefang (sendmail milter). Very good software for mangling mail,
virus scanning, spam tagging, anything you can code really.
ii mimedefang 2.30-1 Electronic mail filter program
ii clamav 0.54-2 Powerful antivirus scanner for Unix
And to enable mail scaning you put into /etc/mail/mimedefang.pl.conf the
line,
$Features{'Virus:CLAMAV'} = '/usr/bin/clamscan';
And away she goes ;-)
Regards,
Brad Lay
([EMAIL PROTECTED])
On Fri, 7 Mar 2003, Markus Welsch wrote:
> Hi,
>
> I've found
>
> RAV Antivirus
> (http://www.ravantivirus.com/pages/showproduct.php?p=21)
>
>
> but I never heard of that one before! From the first view it looks amazing -
> so
> if somebody has experience with that one post please! Of course also post your
> personal recommendations.
>
> As MTA I'm using Postfix 2.0 by the way !
>
>
>
> Kind Regards,
>
> Markus Welsch
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
Re: anti virus software for mail server
I know that you have said you were using postfix, but I'd like to point
out MIMEDefang (sendmail milter). Very good software for mangling mail,
virus scanning, spam tagging, anything you can code really.
ii mimedefang 2.30-1 Electronic mail filter program
ii clamav 0.54-2 Powerful antivirus scanner for Unix
And to enable mail scaning you put into /etc/mail/mimedefang.pl.conf the
line,
$Features{'Virus:CLAMAV'} = '/usr/bin/clamscan';
And away she goes ;-)
Regards,
Brad Lay
([EMAIL PROTECTED])
On Fri, 7 Mar 2003, Markus Welsch wrote:
> Hi,
>
> I've found
>
> RAV Antivirus
> (http://www.ravantivirus.com/pages/showproduct.php?p=21)
>
>
> but I never heard of that one before! From the first view it looks amazing - so
> if somebody has experience with that one post please! Of course also post your
> personal recommendations.
>
> As MTA I'm using Postfix 2.0 by the way !
>
>
>
> Kind Regards,
>
> Markus Welsch
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Squid + Data accounting
This is what I do, but I don't use squid to do the accounting, I do it on a per-IP basis, that way I get a more accurate account of the usage (ftp? kazaa?). I use netacct-mysql <http://netacct-mysql.sourceforge.net/> Check it out, pretty dahm sweet. If you're still bent on doing it on a squid level tho, I'd suggest these few squid log analyizing programs. calamaris - Log analyzer for Squid or Oops proxy log files sarg - Squid Analysis Report Generator Regards, Brad Lay ([EMAIL PROTECTED]) On Sun, 19 Jan 2003, Simon Bland wrote: > I'm sure this issue has been aired before, but I'm having trouble > tracking anything down.. > > I want to track data usage on a per machine basis for a NAT'ed network > going out over an ADSL connection. I'd like to put in a squid for > obvious reasons, but I can't find how to maintain a per machine quota > for the data pulled by the squid on behalf of each machine. > > If anyone can point out to me what I'm missing, or give a good idea on > where to look I'd be very grateful. > > Thanks. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail & Virtual user table.
As far as I know, theres no way around this. By the way sendmail (and any other MTA as well), anything that is listed in 'local-host-names' is treated as a domain that will be accepted for any valid user. The only way I can think of is mapping every user email to each user, not with a catchall. They are evil. :) -- Brad Lay ([EMAIL PROTECTED]) /EARTH is 98% full. Please delete anybody you can! On Mon, 13 Jan 2003, Dustin Douglas wrote: > Hey guys, got a connundrum and would like some pointers about it. > > Fairly basic Sendmail setup hosting email for about 30 domains. Email > addresses mapped to local users via virtusertable. > > Say we've got the following domains hosted on this mail server. > thisdomain.com > thatdomain.net > theotherdomain.org > > Let's also say we've got a local user named joe, who's entry in the > virtuser table looks like this. > > [EMAIL PROTECTED]joe > > Now, the problem arises if someone sends an email to > [EMAIL PROTECTED] or [EMAIL PROTECTED] Since those domains > don't have a joe address in the virtuser table, delivery falls back to > the local joe. So in effect, joe is getting mail in his inbox > addressed to [EMAIL PROTECTED] and [EMAIL PROTECTED] I don't > want this. > > I realize I can set up a catch all for each of the domains, but I'm > looking for something a little more elegant. > > Any pointers? > And "Switch to Postfix/Qmail/Ect." doesn't count as a pointer :-b > > Thanks. > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Consolidating user databases
I would say what you need is an ldap directory. The only thing I'm not sure on is if ldap and exchange work together (I'm sure they would). It definetly works with Samba and samba can do the domain login stuff as a side product. Debian package: slapd - OpenLDAP server (slapd). http://www.openldap.org/ Hope this helps.. -- Brad Lay ([EMAIL PROTECTED]) /EARTH is 98% full. Please delete anybody you can! On Sun, 12 Jan 2003, Simon Bland wrote: > I've just changed companies that I work for, and the new place is a real > mess.. One of the first things I want to do is to tie together all the > user stuff that's floating around. > > ATM the systems are very roughly tied together with systems to create > users at places trigger by usage of others, I'd like to have one user > record per user. The main systems running are: > > Exchange 5.5 > Samba > NT Workstations > > They've got a couple of Linux boxes, but most of the staff don't > have/need access to them. I'm slowly starting to transfer each of their > systems over to Debian (from a mix of Unixware, BSD, RedHat, Mandrake > and 1 Debian that was there to start with). > > So what I'm looking for is something that works with Exchange 5.5, > Linux, Samba and for the NT user profiles to bring it down to 1 user > database. > > Any suggestions, or directions to look into for this? > > Thanks. > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Large proxy-fw ipac-ng setup for ethernet clients
Take a look at NetAcct-mysql <http://netacct-mysql.sourceforge.net/> That'll make it easy to work out whos chewing your bw ;) and all the data can be used anyway you wish by writing your own querys against mysql. Hope this helps. -- Brad Lay ([EMAIL PROTECTED]) /EARTH is 98% full. Please delete anybody you can! On Thu, 8 Jan 2003, Alex Borges (lex) wrote: > Hi I have a large network (to my standard...thats 500+ machines) > proxied by an iptables+squid woody box. I have quite a few bw hogs but > we dont want to just close the hog ports or use squidguard. we want > to just detect the abusers and reduce them to squirming piles of green > goo > > Im wondering if any of you have tested ipac-ng for this kind of > thing. my rules would have to be many (like 500 logging rules, one > for each client ip)... > > This tool is sorta made for slip access, thats why i ask... > > The box is ridiculously big, so procesing power is not my concern > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Moving old inbox to new address
formail -f -s sendmail user@address < user-mailbox -- Brad Lay ([EMAIL PROTECTED]) /EARTH is 98% full. Please delete anybody you can! On Fri, 27 Dec 2002, Dustin Douglas wrote: > I've got a user who has an inbox on a server that I run > (qpopper/sendmail/mbox if that makes a diff) They've not > been actively checking their email and now want the address that I > control to be forwarded to a different email server that I don't run, > and they want all their email waiting in their inbox on my server to be > sent to their new address on someone else's server. > > An obvious solution would be to just make them pop their mail from > my server once and be done with it. However, I'd prefer doing > everything myself on the server side. They would no doubt call me > several times in the course of getting their client set up to pop their > old messages, and I'd prefer to just cut around that whole mess. > > An ideal solution would be a script I could run against their existing > inbox on my server that would send each of their waiting messages to > their new address. > > Anyone have any pointers? Any tips that work (procmail recipe, netcat > script, ect.) would be most welcome. > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: not work,
telnet localhost 80 GET /file HTTP/1.0 (Thats ENTER, ENTER.) What happens then? Look in the access.log and error.log as well. You might want to tag a | less on the end of the telnet line, if you need to scroll. Try that and see what happens. -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." On Mon, 23 Dec 2002, eric lin wrote: > > > Thomas Braun wrote: > > eric lin wrote: > > > >> www:/home/fsshl# iptables -L -nv > >> Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > >> pkts bytes target prot opt in out source destination > >> > >> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > >> pkts bytes target prot opt in out source destination > >> > >> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > >> pkts bytes target prot opt in out source destination > >> > >> --- > >> my iptables is just install from apt-get install (unstable) > >> > >> www:/home/fsshl# ipchains -L -nv > >> ipchains: Incompatible with this kernel > >> my ipchains is 1.3.10, kernel is 2.4.20 > >> > >> Plese help why my iptables show nothing? > > > > > > I think this is not a Firewall problem,there are no Firewall rules, what > > tells you your access.log or error.log? > > my access log have 304 and 404 error > when It try to access that http://ipath/file'> > > > www:/var/log/apache# iptables -t nat -Lnv > iptables: Table does not exist (do you need to insmod?) > www:/var/log/apache# insmod iptables > insmod: iptables: no module by that name found > www:/var/log/apache# > > > > > what tells you iptables -t nat -Lnv > > > > it indeed is difficult for me to realize what is that mean > highly apprecaite your reply, and hope to see more > > > > > cu thomas > > > > > > > >> > >> highly apprecaite , Eric > >> > >> > > > > > > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OT - Debian mirror from CDs ...
You're on the right track, dpkg-scanpackages isnt what you want to do. Theres a tool that comes with apt-proxy which is apt-proxy-import. Copy all your .deb's into your respository and run apt-proxy-import. man apt-proxy-import NAME apt-proxy-import - A script for importing packages into the apt-proxy cache. -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." On Sun, 15 Dec 2002, CaRLoS mOGUeL wrote: > Slightly off topic ... > > blessings all. > > how can i build a local debian mirror from my (woody) > cds sets ? , I'm trying to have mi own mirror for > multiple debian server instalations, I know about > apt-proxy but all the documents explain the use using > a ftp/http mirror as a reference instead of a cd set. > > I'm thinking to copy all the debs into a location and > use dpkg-scanpackages to create the Packages file ... > is this the best way ? ... any suggestion ? ... flames > ? . > > Thanks in advance. > > Carlos. > > __ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bandwidth configuration
Package: shaper Priority: extra Section: net Installed-Size: 212 Maintainer: David B Harris <[EMAIL PROTECTED]> Architecture: all Version: 2.2.12-0.7-2 Depends: debconf (>= 0.5), iproute Filename: pool/main/s/shaper/shaper_2.2.12-0.7-2_all.deb Size: 99666 MD5sum: 4c9ecab3a0eae72923c309a448f1105b Description: Traffic Shaper init script for Linux This init script sets up traffic shaping using Linux's class-based queueing. This can be used to build smart bandwidth shapers which understand TCP/IP. See /usr/share/doc/shaper/README.shaper.gz for more details. . The kernel support needed to use either of these facilities is described in README.Debian. Unless its been updated in the last few weeks, you need to download the latest CBQ.init and put that in /etc/init.d/shaper then put your shaping rules in /etc/shaper/ eg: [10:39 AM][root@genuis][/etc/shaper]$ ls cbq-80.Shape_port_80 [10:39 AM][root@genuis][/etc/shaper]$ cat cbq-80.Shape_port_80 DEVICE=eth0,10Mbit,1Mbit RATE=50Kbit WEIGHT=5Kbit PRIO=5 RULE=0.0.0.0/0:80, It'll all make sense to you when you read the shaper readme. Very versatile and pretty easy to use. YMMV. -- Brad Lay ([EMAIL PROTECTED]) /EARTH is 98% full. Please delete anybody you can! On Wed, 11 Dec 2002, [windows-1250] Szőts Róbert wrote: > Hi there! > > My problem is the following: > > I have a dsl connection to the Internet, but it is assimmetric. I am connecting >through a woody box. Therefore If someone sends a big mail to someone, the outging > packets are make the line busy. > When this occours, there will not be enough bandwidth for ACK-s. > How can I tell to the linux box that the outgoing small packets have priority >against the large smtp packets? > (Nowadays I plan to change to kernel 2.4...) > > I have heard from someone using iproute, or QoS, but I have not found any examples. > > > Can anyone help me, please? > > R > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re Lilo
If I ever wanted to make a boot floppy i've always just done this. cd /usr/src/linux make bzdisk I'm sure theres a debian-specific way, but this way works ;) -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." On Wed, 27 Nov 2002, Samantha Scafe wrote: > How does one make a boot floppy with Lilo on it > > > Samantha Scafe > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS servers
I just wanna add my 2c's here. > We're discussing the example > >cd /service/tinydns/root >./add-host lion.x.mil 1.2.3.4 >make 1) Why do you need to use /service? 2) Whats wrong with inetd ? 3) What prevents debian from packaging djbdns in your licence? I'm reluctant to use djbdns because of this thread and the fact that none of your software is packaged for Debian. Wouldn't it make sense to change the way your licence is worded? [DISCLAIMER: I use bind8, im happy with bind8 and only host ~100 domains, I'm nobody special.] -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ClamScan: Can't initialize virus database
I had the same problem before version clamav (0.51-1) was released. One would likely assume that you are using clamav < 0.24-3 with the openantivirus list. clamav (0.51-1) unstable; urgency=low * removed oav-support since upstream doesn't support it anymore In version 0.51, they changed the way they got the virus signatures database, so I would suggest to you, to upgrade to 0.51-2 and you'll find clamscan will work exceptionally well. Regards, -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." On Thu, 14 Nov 2002, Gene Grimm wrote: > I recently installed the clamav, spamassassin, amavis-postfix, and > oav-update packages on our mail server. Unfortunately, I keep getting a > message that the virus scanner does not function. Everything else is running > well, but when I try to run clamscan manually, it reports the following: > > ERROR: hex2int() translation problem (69) > ERROR: Can't initialize virus database. > > running "oav-update -f" reports: > > oav-update: clamscan with update does not work - autopsy > /var/lib/oav-update/20021014164528 > > I have an identically configured system that has no problems. Anyone have > any ideas why this system does not work? > > >
Re: ClamScan: Can't initialize virus database
I had the same problem before version clamav (0.51-1) was released. One would likely assume that you are using clamav < 0.24-3 with the openantivirus list. clamav (0.51-1) unstable; urgency=low * removed oav-support since upstream doesn't support it anymore In version 0.51, they changed the way they got the virus signatures database, so I would suggest to you, to upgrade to 0.51-2 and you'll find clamscan will work exceptionally well. Regards, -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." On Thu, 14 Nov 2002, Gene Grimm wrote: > I recently installed the clamav, spamassassin, amavis-postfix, and > oav-update packages on our mail server. Unfortunately, I keep getting a > message that the virus scanner does not function. Everything else is running > well, but when I try to run clamscan manually, it reports the following: > > ERROR: hex2int() translation problem (69) > ERROR: Can't initialize virus database. > > running "oav-update -f" reports: > > oav-update: clamscan with update does not work - autopsy > /var/lib/oav-update/20021014164528 > > I have an identically configured system that has no problems. Anyone have > any ideas why this system does not work? > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: umount Dead NFS Directory
Try doing fuser -m /var/www and findint the PID thats using /var/www and killing it, then do a umount. -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." On Wed, 6 Nov 2002, axacheng wrote: > Hello there, > > I got a problem while trying to umount NFS. I have two web servers, > one exports its /var/www for NFS share and the other mounts it as its own > DocumentRoot too, thus I got two web servers with exactly the same > contents. If the one as NFS server malfunctions, the other NFS > client should umount its /var/www and link it to the other place. > > Well, how can I umount the NFS client's /var/www while the NFS > services is not available? I use "-o bg,soft,intr,retry=5,timeo=2" > as mount arguments and "-f" as umount option. I found that if the > NFS client's active interface, eth0 here, is down, I can umount > /var/www after a short time due to NFS error. Otherwise, the console > is full of messages like "NFS not responding, time out", and it always > says "/var/www: Device busy" While I try to umount it. > > I wonder what makes this happen, and I think that controlling the > interface directly to meet my need is a bad idea. Any comment or > advice is appreciated. > > Thanks, > Chih-An >
Re: umount Dead NFS Directory
Try doing fuser -m /var/www and findint the PID thats using /var/www and killing it, then do a umount. -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net "You will contract a disease for which the cure is so expensive that you will die of poverty." On Wed, 6 Nov 2002, axacheng wrote: > Hello there, > > I got a problem while trying to umount NFS. I have two web servers, > one exports its /var/www for NFS share and the other mounts it as its own > DocumentRoot too, thus I got two web servers with exactly the same > contents. If the one as NFS server malfunctions, the other NFS > client should umount its /var/www and link it to the other place. > > Well, how can I umount the NFS client's /var/www while the NFS > services is not available? I use "-o bg,soft,intr,retry=5,timeo=2" > as mount arguments and "-f" as umount option. I found that if the > NFS client's active interface, eth0 here, is down, I can umount > /var/www after a short time due to NFS error. Otherwise, the console > is full of messages like "NFS not responding, time out", and it always > says "/var/www: Device busy" While I try to umount it. > > I wonder what makes this happen, and I think that controlling the > interface directly to meet my need is a bad idea. Any comment or > advice is appreciated. > > Thanks, > Chih-An > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim question
Can anyone tell me how you'd do same in postfix? b. On Thu, 2002-02-21 at 11:31, Peter Billson wrote: > In your alias file, as your last rule, put > > *: username > > where username is the account the mail should goto. Username can also be > a remote address i.e. [EMAIL PROTECTED] > > Pete > -- > http://www.elbnet.com > ELB Internet Services, Inc. > Web Design, Computer Consulting, Internet Hosting > > > Bernie Berg wrote: > > > > im running potato with the unstable packages. How do I get exim to spit > > all mail that there isn't a user defined for to a certain mail box? so > > "[EMAIL PROTECTED]" goes to "[EMAIL PROTECTED]" > > > > thanks! > > bernie > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- cheers, Brad Thomson [EMAIL PROTECTED] phone: 0421 920 497 signature.asc Description: This is a digitally signed message part
Re: exim question
Can anyone tell me how you'd do same in postfix? b. On Thu, 2002-02-21 at 11:31, Peter Billson wrote: > In your alias file, as your last rule, put > > *: username > > where username is the account the mail should goto. Username can also be > a remote address i.e. [EMAIL PROTECTED] > > Pete > -- > http://www.elbnet.com > ELB Internet Services, Inc. > Web Design, Computer Consulting, Internet Hosting > > > Bernie Berg wrote: > > > > im running potato with the unstable packages. How do I get exim to spit all mail >that there isn't a user defined for to a certain mail box? so >"[EMAIL PROTECTED]" goes to "[EMAIL PROTECTED]" > > > > thanks! > > bernie > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- cheers, Brad Thomson [EMAIL PROTECTED] phone: 0421 920 497 signature.asc Description: This is a digitally signed message part
