Surplus Inventory and Equipment Asset Recovery
Hello, Do you have any surplus products or inventory that your company may have for sale? Salvex is always on the lookout for goods at competitive prices to meet the demands of our growing customer base. If your company has any surplus items, overstock, or discontinued products that you are looking to liquidate, please provide details regarding the type of products, quantities, pricing, and any other relevant information. Best regards, Zubair Khan Salvex 440 Louisiana St. Suite 550 Houston, TX 77002 +1 713-229-9000 - Salvex +1 8325 643702 - Direct
Welcome refer to your reservation receipt for more information.- OC-48263
Hi Thank you for your recent order by Id 9YH8ICCH2BVT Your Order Code: OCRCUMDSOJTRLM Transaction ID: 15698-K9R-591 Date : 2024-Jan-11 *Total Amount*: Thank You! Best Regards Val Dykes Central St, El Cajon, Oklahoma 46680 <>
good DoS / DDoS detection tool
Good Day! Can anyone recommend a good DoS / DDoS tool. preferably something packaged in Debian stable/frozen already - with maybe capability to refuse traffic from suspected attackers. TIA, Chad
Re: Re: Thanks!
no For a wide range of mobile phones,free upgrades,accessories and tariffs plus special deals when you buy online,visit www.o2.co.uk/shop http://www.o2.co.uk/shop
Re: good DoS / DDoS detection tool
Try mod_dosevasive on a google search if you're looking for something to protect apache - Original Message - From: Chad Adlawan [EMAIL PROTECTED] To: debian-isp@lists.debian.org Sent: Thursday, 20 January, 2005 11:45 PM Subject: good DoS / DDoS detection tool Good Day! Can anyone recommend a good DoS / DDoS tool. preferably something packaged in Debian stable/frozen already - with maybe capability to refuse traffic from suspected attackers. TIA, Chad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: CISCO netflow graphs on Linux
Try CESNET Netflow monitor and/or ntop. I have used both on Fedora without issues. I believe both support debian. Ismail.
Re: Web-page based proxy service
On Mon, Jan 17, 2005 at 08:49:24PM +0300, Peter Clark wrote: On Monday 17 January 2005 12:08, Wouter Verhelst wrote: Are the things you want to send through the proxy delimited by the network they appear on? e.g., you want traffic for the 'Net to go through the proxy, but want to keep traffic for your local LAN as direct traffic? If so, then transparent proxying should work perfectly for you. No, actually what I want to do is provide a bit of security in a hostile network environment. Oh. Let's say we have a user who wants to check his web-based email (Yahoo, Hotmail, etc.) that doesn't offer SSL, and there's a high possibility that the network is being monitored by Unfriendlies. What network? The one at the user's end, or one somewhere in between? If an attacker can't read the traffic between the user and your SSL proxy, surely he can read the traffic between your SSL proxy and the remote system? This has the potential of lulling the user in a false sense of security, which is worse than the original (because users who think their traffic is secure will be less careful than users who know it isn't the case) The second problem is that said user could potential desire to visit any website where he would be handing over passwords, credit card numbers, etc., so building a whitelist of servers, as some have suggested. That could be a good idea, actually. My attempt at a solution is to provide a secure https server that acts as a proxy; all traffic from, say, Hotmail, would be encrypted by the server before being passed on to the user, but at the user's discretion, rather than my direct intervention. However, since my bandwidth is not unlimited, and since there's no point in encrypting _everything_, I don't want everything to go through the server. Several people have mentioned CGIProxy, which almost fits the bill, except that sites that require JavaScript can be problematic. If you're going to try to apply semi-AI to web pages to determine whether something needs to come from the proxy or from the original server, you're /always/ going to have problems. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune
Re: Web-page based proxy service
Op zo, 16-01-2005 te 06:21 +0300, schreef Peter Clark: On Saturday 15 January 2005 16:39, Fraser Campbell wrote: If you put squid as people's default gateway then you can transparently redirect all web requests through squid, if they hadn't authenticated then you could have an authentication box pop up or redirect them to an authentication webpage if you prefer. But this would require changing the user's browser settings, right? No. Transparent proxying works 'transparent' to the user; he doesn't know that there is a proxy. The thing is, I don't want _everything_ to go through the proxy, Are the things you want to send through the proxy delimited by the network they appear on? e.g., you want traffic for the 'Net to go through the proxy, but want to keep traffic for your local LAN as direct traffic? If so, then transparent proxying should work perfectly for you. which is what would usually happen if it was set via the browser. Unless I misunderstood and am mistaken about Squid's capabilities... You did (but note that you'll need to do some iptables magic to make this possible) -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune
Re: suexec permissions
On Mon, 2005-01-10 at 10:48 +0100, nodata wrote: Good morning, I'm having a some permissions trouble with suexec running on Sarge. I have a virtualhost for a user called Bob which specifies User Bob and Group Bob in the /etc/apache/conf.d/bob.conf file. The permissions on /var/www/bob are: drwx-- 2 bob bob 4096 Jan 10 10:30 cgi-bin drwx-- 26 bob bob 4096 Jan 10 10:30 htdocs and the permissions on /var/www/bob/htdocs/index.html are: drwx-- 1 bob bob 4096 Jan 10 10:30 index.html When I restart Apache, I get the following message in the Apache error log: [Mon Jan 10 10:35:00 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache/suexec) But when I try to access index.html, bob's error log shows: [Mon Jan 10 10:36:00 2005] [error] [client 10.1.1.1] (13)Permission denied: access to /index.html failed because search permissions are missing on a component of the path Ofcourse you get this. Apache is run under www-data user and with this permissions www-data user cant stat any CGI in Bob's directory. You must put execute/access permission on directory and that is access bit (x) for directories. `chmod 701 /var/www/bob` and same for any directory where apache (www-data) must enter to get files/scripts. With this setup other users can enter his directory but can't read anything. If they try to something like `ls -l` they'll get ls: .: Permission denied -- v, v v Zeljko Brajdic - Zorz
Re: Web-page based proxy service
On Monday 17 January 2005 12:08, Wouter Verhelst wrote: Are the things you want to send through the proxy delimited by the network they appear on? e.g., you want traffic for the 'Net to go through the proxy, but want to keep traffic for your local LAN as direct traffic? If so, then transparent proxying should work perfectly for you. No, actually what I want to do is provide a bit of security in a hostile network environment. Let's say we have a user who wants to check his web-based email (Yahoo, Hotmail, etc.) that doesn't offer SSL, and there's a high possibility that the network is being monitored by Unfriendlies. The second problem is that said user could potential desire to visit any website where he would be handing over passwords, credit card numbers, etc., so building a whitelist of servers, as some have suggested. My attempt at a solution is to provide a secure https server that acts as a proxy; all traffic from, say, Hotmail, would be encrypted by the server before being passed on to the user, but at the user's discretion, rather than my direct intervention. However, since my bandwidth is not unlimited, and since there's no point in encrypting _everything_, I don't want everything to go through the server. Several people have mentioned CGIProxy, which almost fits the bill, except that sites that require JavaScript can be problematic. Plus, it's horribly slow. However, in the absence of any other alternative, it's all that I've got. :Peter
Re: Web-page based proxy service
Hello Peter, Sunday, January 16, 2005, 4:21:10, you wrote: PC But this would require changing the user's browser settings, right? The PC thing is, I don't want _everything_ to go through the proxy, which is what PC would usually happen if it was set via the browser. Do I understand right that you want only some pages to go through proxy? Then use proxy autoconfiguration file in browser's settings. It's some javascript which decides for every URL what proxy server (if any) to use... The file is downloaded from server I guess everytime browser is launched. Google should know a lot about it. -- bYE, Marki
[Auto-Reply] { VIRUS ? } Hello
grazie per aver contattato i8QHE ex i7QHE franco i8QHE roseto (cosenza) AUGURA BUONE FESTE 2004 BUON 2005 E VI CONSIGLIA DI VISITARE www.i8tus.it I NEGOZI ON LINE http://www.radiosystem.it iscriviti Mediterraneo Dx Club www.mdxc.org Visita www.grandiavventure.supereva.it NUOVA SEZIONE CISAR TARANTO www.cisartaranto.com www.i8tus.it C.I.S.A.R...per essere sempre sulla cresta dell\'Onda!!!
Dear , please check this out immediately
Dear, please check this out immediately. I just aligned myself with the Global Power Team. They have developed a way to build a reliable income of over $9,000 per month in as little time as possible through a very unique and simple 3-step system that is unlike anything I have ever seen - and through a product that people already spend BILLIONS of dollars per year on. And get this... It's been designed so you will start F.R.E.E and be well on your way to this income goal before you ever spend a penny. This system rewards spillover like crazy to the people who are working the hardest - it's really the first forced matrix I have ever seen. And since it's F.R.E.E to start, it's spreading across the globe VERY fast. Someone else will have joined us by the time you finish reading this email. Timing is critical! I won't go into a lot of detail in this email, but you need to go look at this today. Right now! It will only take a few minutes to get positioned and activate your f.r.e.e trial so you can begin earning commissions immediately. The short audio clip on my web site will explain everything: http://www.5000-dollar.ws I strongly encourage you to go signup as soon as possible. It's f.r.e.e, so you're risking nothing except the few minutes it will take you to check this out, and you'll also get a web site and a domain name to use for whatever you want as an added bonus. Email me back and let me know when you're ready to get started so I can help you progress though the 3 steps as quickly as I am. I REALLY don't want you to miss this. I wish you and all your family and friends a happy and successful new year Best regards from Germany Olga Global Power Team Olga Reimer [EMAIL PROTECTED] http://www.5000-dollar.ws * You get this email, because you (or somebody using your email address) ordered Information about home-based-business or sign in our newsletter. If you don't do, please delete this mail. You'll get it only one time.
Re: exim4 for virtual domains
On Sunday 16 January 2005 02:51, Stephen Gran wrote: This one time, at band camp, David Schmitt said: I also have my virtual_domain list in a file: [EMAIL PROTECTED]:~$ grep virtual_domains /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs domainlist virtual_domains = lsearch*;/etc/mail/virtual-domains Why an lsearch* for virtual_domains? Aah, I see, so that you can make [EMAIL PROTECTED], [EMAIL PROTECTED] all work with a *.domain.com? I never thought of having that work like that - I like it. Am I correct in this? Yes, though you have to implement a fallback strategy: if /etc/mail/aliases/bar.example.com doesn't exist, /.../example.com should be used. Regards, David
Re: Web-page based proxy service
On Friday 14 January 2005 03:56, Peter Clark wrote: I would like to provide a proxy service that can be used only by accessing a web page. In other words, I don't want users to enter proxy details in their browser settings, but rather, if they want to go through a proxy, they can visit a webpage, enter a URL in a form, and the page (and all subsequent pages) will be funneled through the proxy to the user. I believe that anonymizer.com does something similar. But hopefully you get the idea. What about using a transparent squid proxy? Squid supports a tonne of authentication methods. If you put squid as people's default gateway then you can transparently redirect all web requests through squid, if they hadn't authenticated then you could have an authentication box pop up or redirect them to an authentication webpage if you prefer. Not sure of your topology so this may not be a suitable solution (I know it's not quite what you asked for). -- Fraser Campbell [EMAIL PROTECTED] http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: exim4 for virtual domains
I am also interested in this thread, but I find some parts obscure. Would you please be more explicit in the following * put this into /etc/exim4/conf.d/router/160_local_virtual_users * add a domainlist virtual_domains = ... to conf.d/main/ that is, what is the syntax for '...' ? would that be 'domainlist virtual_domains = site1.net:site2.com' ? /etc/mail/aliases/$domain contains local_part - local_part and local_part - [EMAIL PROTECTED] mappings. and /etc/mail/aliases/$domain would be a directory with multiple files, symlinks, one file in tabular form?
Re: exim4 for virtual domains
On Saturday 15 January 2005 16:16, Antonio Rodriguez wrote: I am also interested in this thread, but I find some parts obscure. Would you please be more explicit in the following * put this into /etc/exim4/conf.d/router/160_local_virtual_users * add a domainlist virtual_domains = ... to conf.d/main/ that is, what is the syntax for '...' ? would that be 'domainlist virtual_domains = site1.net:site2.com' ? Yes. This list holds all domains for which you want to do these aliases. /etc/mail/aliases/$domain contains local_part - local_part and local_part - [EMAIL PROTECTED] mappings. and /etc/mail/aliases/$domain would be a directory with multiple files, symlinks, one file in tabular form? for each domain in virtual_domains you need one aliases-style file to map localparts (string in front of the @) from this domain to real email adresses. for example, on my mail server: [EMAIL PROTECTED]:~$ cat /etc/mail/aliases/black.co.at postmaster: david abuse: david david: [EMAIL PROTECTED] [EMAIL PROTECTED]:~$ I also have my virtual_domain list in a file: [EMAIL PROTECTED]:~$ grep virtual_domains /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs domainlist virtual_domains = lsearch*;/etc/mail/virtual-domains You also want to go through the acl/ section and add the virtual_host list to all domain= tests which test for local_domains. Regards, David
Re: exim4 for virtual domains
This one time, at band camp, TR RCPG said:
Would someone kindly post the relevant parts of an
exim4 configuration for a machine that works as isp
with virtual domains, and different users (with
possible not empty intersection set of users for
different domains)? Some directions about combined
remote mail retrieval + web access will be
appreciated.
thankyouall in advance
I tend to use arrangements like the following:
First, the filesystem:
/etc/exim4/virt_domains/domainA:
john: [EMAIL PROTECTED]
joe: [EMAIL PROTECTED]
abuse: [EMAIL PROTECTED]
*: [EMAIL PROTECTED]
domainB:
fred: [EMAIL PROTECTED]
abuse: joe
So, one alias file for each domain, stored somewhere. In the example
above, all addresses in domainA get forwarded to someone at aol.com, but
[EMAIL PROTECTED] gets delivered to the local user joe, while [EMAIL PROTECTED]
ultimately gets forwarded to [EMAIL PROTECTED]
Then, my domainlist is just:
domainlist virt_domains = dsearch;/etc/exim4/virt_domains
Router:
virtual_aliases:
debug_print = R: virtual_aliases for [EMAIL PROTECTED]
driver = redirect
domains = +virtual_domains
allow_fail
allow_defer
require_files = /etc/exim4/virt_domains/$domain
data = ${lookup{$local_part}lsearch*{/etc/lfrr/exim4/virt_domains/$domain}}
file_transport = address_file
no_more
This works best on systems where virtual domains are mostly forwarded,
rather than delivered locally, though. You can do the same tricks with
SQL, if you prefer faster access once things get too big for file
lookups.
If you want users delivered locally, Wouter's advice is probably very
good. But, this is the fun and difficult part about exim - the
configuration file is not just about setting config variables that have
a predefined meaning - you get to write your own logic for an
arrangement that works for you. It can make it more difficult (except
that there are usually snippets floating around for all the common uses),
but it is also way more flexible.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
-
pgp3sOyDOcvEr.pgp
Description: PGP signature
Re: exim4 for virtual domains
This one time, at band camp, David Schmitt said: I also have my virtual_domain list in a file: [EMAIL PROTECTED]:~$ grep virtual_domains /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs domainlist virtual_domains = lsearch*;/etc/mail/virtual-domains Why an lsearch* for virtual_domains? Aah, I see, so that you can make [EMAIL PROTECTED], [EMAIL PROTECTED] all work with a *.domain.com? I never thought of having that work like that - I like it. Am I correct in this? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgps2urXbg2ZB.pgp Description: PGP signature
Re: Web-page based proxy service
On Saturday 15 January 2005 16:39, Fraser Campbell wrote: If you put squid as people's default gateway then you can transparently redirect all web requests through squid, if they hadn't authenticated then you could have an authentication box pop up or redirect them to an authentication webpage if you prefer. But this would require changing the user's browser settings, right? The thing is, I don't want _everything_ to go through the proxy, which is what would usually happen if it was set via the browser. Unless I misunderstood and am mistaken about Squid's capabilities... :Peter
Re: Web-page based proxy service [signed]
Peter Clark wrote: On Friday 14 January 2005 19:59, MB [c] wrote: You should be able to do this with a JSP. You should also be able to get SSL pages as well. I don't have an example handy, but this is not a trivial task. If there has not been answer from someone else, I'll try to get you an example soon. Do you have the ability to run JSP's? I have the capability, but would prefer to use something less complex and heavyweight. No one else has mentioned an alternate solution, however. I was investigating Apache's mod_proxy, but there doesn't seem to be anything that does what I'm thinking. :Peter Well, let me knwo if you come up with something else. I would be interetsed in this solution as well. I know that there are services that do this for people in, say China, so it is definately do-able. however, I did find this: http://www.jmarshall.com/tools/cgiproxy/ -M -- -[ Ciphire Signature ]-- From: [EMAIL PROTECTED] signed email body (742 characters) Date: on 16 January 2005 at 04:49:27 GMT To: debian-isp@lists.debian.org : Ciphire has secured this email against identity theft. : Free download at www.ciphire.com. The garbled lines : below are the sender's verifiable digital signature. 00fAEAAABX8ulB5gIAANgDAAIAAgACACBsINy7Olj+bcYGxMCGl7XDas3zqV eEJMhFXrTaT/SmPgEAXAh4M4ibDEN1DXxpEPylL1yzRiltlYsm6D5k/BoAPhKOr3 kjFItgGGwDZ1vfrv28u+SJX7oXQTyuuNYMXrD4ig== --[ End Ciphire Signed Message ]
Re: exim4 for virtual domains
Am Thursday den 13. January 2005 schrieb TR RCPG: Would someone kindly post the relevant parts of an exim4 configuration for a machine that works as isp with virtual domains, and different users (with possible not empty intersection set of users for different domains)? Some directions about combined remote mail retrieval + web access will be appreciated. thankyouall in advance Hello, have a look at vexim [1]. this configuration allows you to mamange multiple domains on one machine using a sql server to configure. you probably only want to use some parts of the configuration files... [1] http://silverwraith.com/vexim/ - Moritz -- Erst wenn der letzte Programmierer eingesperrt und die letzte Idee patentiert ist, werder ihr merken, dass Anwaelte nicht porgrammieren koennen. -- that, in einen Forum auf heise.de signature.asc Description: Digital signature
Web-page based proxy service
I would like to provide a proxy service that can be used only by accessing a web page. In other words, I don't want users to enter proxy details in their browser settings, but rather, if they want to go through a proxy, they can visit a webpage, enter a URL in a form, and the page (and all subsequent pages) will be funneled through the proxy to the user. I believe that anonymizer.com does something similar. But hopefully you get the idea. :Peter
Re: exim4 for virtual domains
On Thu, Jan 13, 2005 at 06:14:05PM -0800, TR RCPG wrote: --- Wouter Verhelst [EMAIL PROTECTED] wrote: [...] Hi Walter, It's Wouter :-) thank you for answering. Would you recommend following some other route, may be postfix or some different combination? That's up to you. I prefer exim, and it certainly is up for the task; but if you feel more comfortable with a different MTA, why not use that one? I need something simple and yet with enough power. Well, then exim will certainly do. One of its original design decisions was let's not make things needlessly complicated, but it is extremely powerful. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune
Re: exim4 for virtual domains
--- Wouter Verhelst [EMAIL PROTECTED] wrote:
On Thu, Jan 13, 2005 at 06:14:05PM -0800, TR RCPG
wrote:
--- Wouter Verhelst [EMAIL PROTECTED] wrote:
[...]
Hi Walter,
It's Wouter :-)
I'm sorry. My eyes are getting old. {*_|*}
thank you for answering. Would you recommend
following some other
route, may be postfix or some different
combination?
That's up to you. I prefer exim, and it certainly is
up for the task;
but if you feel more comfortable with a different
MTA, why not use that
one?
I need something simple and yet with enough power.
Well, then exim will certainly do. One of its
original design decisions
was let's not make things needlessly complicated,
but it is extremely
powerful.
I agree, but the manual is so BIG! Thats the greatest
problem: reading it all and remembering details. Any
shorter doc that you know about it? Browsing I found
the following:
http://www.marlow.dk/site.php/tech/ispworks
Has anybody used this, how does it rate? It somewhat
seems to fit.
__
Do you Yahoo!?
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250
Re: exim4 for virtual domains
Hello, TR RCPG wrote: I agree, but the manual is so BIG! Thats the greatest problem: reading it all and remembering details. Any shorter doc that you know about it? Browsing I found the following: http://www.marlow.dk/site.php/tech/ispworks Has anybody used this, how does it rate? It somewhat seems to fit. If my memory is good it uses postfix+mysql and courier. I didn't like it too much, personally. I've looked at what it does with the mysql bases and I found it to be a little of a mess. If you need something very simple, i'm sorry if i introduce yet another solution :) but there's qmail + vmailmgr. It uses no mysql base, which can be good if you've got a ton of accounts (think of the load on the mysql base if that's the case) and uses databases written on the disk (cdb format). There's a web interface for that, oMail, which is quite simple and is very convenient to use, well, personnally i prefer it to ispworks'. Try http://www.faqs.org/docs/Linux-HOWTO/Qmail-VMailMgr-Courier-imap-HOWTO.html It explains how to get a working qmail (the smtp program) + vmailmgr (to have virtual domains) and courier-imap (an imap delivery system, but you can have pop3 as well of course) It will have a link to oMail. it might sound a little complicated to install, but then the omail system is easy to use, if that's what you want. It supports email quotas too. I let people who're not techies at all manage their own domain, so it tells you how easy it is to use it :) -- Jean-Christophe Montigny Responsable serveurs assoces.com Etudiant à Grenoble Ecole de Management begin:vcard fn:Jean-Christophe Montigny n:Montigny;Jean-Christophe org;quoted-printable:Association [EMAIL PROTECTED] adr;quoted-printable:;;12, rue Pierre S=C3=A9mard;Grenoble;FR;38000;France email;internet:[EMAIL PROTECTED] title:Responsable Com Web x-mozilla-html:FALSE url:http://planetes.assoces.com/ version:2.1 end:vcard
Re: exim4 for virtual domains
Op vr, 14-01-2005 te 01:47 -0800, schreef TR RCPG: I need something simple and yet with enough power. Well, then exim will certainly do. One of its original design decisions was let's not make things needlessly complicated, but it is extremely powerful. I agree, but the manual is so BIG! :-) Thats the greatest problem: reading it all and remembering details. I never read the entire manual; doing that makes no sense at all. What you really want to do is to get yourself acquainted with the most important concepts, and search the manual (hit '/' in info) when you need to know a specific detail; and if you can't find the detail, ask here or over on [EMAIL PROTECTED] In my view, those 'most important concepts' are routers, transports, ACLs, and (especially) string expansion. If you read the manual's introduction on those topics and make sure you understand the example configuration file (/usr/share/doc/exim4/examples/example.conf.gz), you'll know where to go from there. Any shorter doc that you know about it? I only ever used the manual and the example config file :-) -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune
Re: Web-page based proxy service [signed]
Peter Clark wrote: I would like to provide a proxy service that can be used only by accessing a web page. In other words, I don't want users to enter proxy details in their browser settings, but rather, if they want to go through a proxy, they can visit a webpage, enter a URL in a form, and the page (and all subsequent pages) will be funneled through the proxy to the user. I believe that anonymizer.com does something similar. But hopefully you get the idea. :Peter You should be able to do this with a JSP. You should also be able to get SSL pages as well. I don't have an example handy, but this is not a trivial task. If there has not been answer from someone else, I'll try to get you an example soon. Do you have the ability to run JSP's? -Mark -- -[ Ciphire Signature ]-- From: [EMAIL PROTECTED] signed email body (617 characters) Date: on 14 January 2005 at 17:00:10 GMT To: debian-isp@lists.debian.org : Ciphire has secured this email against identity theft. : Free download at www.ciphire.com. The garbled lines : below are the sender's verifiable digital signature. 00fAEAAACa+udBaQIAAKQDAAIAAgACACBsINy7Olj+bcYGxMCGl7XDas3zqV eEJMhFXrTaT/SmPgEAXAh4M4ibDEN1DXxpEPylL1yzRiltlYsm6D5k/BoAPhIoE6 XYQx7zQ4nogoM7qKzSzo4EdYkuMrybx0qHCccOmQ== --[ End Ciphire Signed Message ]
Re: exim4 for virtual domains
TR RCPG wrote: Would someone kindly post the relevant parts of an exim4 configuration for a machine that works as isp with virtual domains, and different users (with possible not empty intersection set of users for different domains)? Some directions about combined remote mail retrieval + web access will be appreciated. # This router handles aliasing using the per-domain alias files from # /etc/mail/aliases/ # # Piping to programs is disabled per default. # If that is a problem for you, see # /usr/share/doc/exim4-config/README.system_aliases # for explanation and some workarounds. virtual_users: debug_print = R: virtual_users for [EMAIL PROTECTED] driver = redirect domains = +virtual_domains allow_fail allow_defer data = [EMAIL PROTECTED]/etc/mail/aliases/$domain}} qualify_preserve_domain no_more * put this into /etc/exim4/conf.d/router/160_local_virtual_users * add a domainlist virtual_domains = ... to conf.d/main/ /etc/mail/aliases/$domain contains local_part - local_part and local_part - [EMAIL PROTECTED] mappings. Regards, David
Re: Web-page based proxy service [signed]
On Friday 14 January 2005 19:59, MB [c] wrote: You should be able to do this with a JSP. You should also be able to get SSL pages as well. I don't have an example handy, but this is not a trivial task. If there has not been answer from someone else, I'll try to get you an example soon. Do you have the ability to run JSP's? I have the capability, but would prefer to use something less complex and heavyweight. No one else has mentioned an alternate solution, however. I was investigating Apache's mod_proxy, but there doesn't seem to be anything that does what I'm thinking. :Peter
Re: Web-page based proxy service
Peter Clark wrote: I would like to provide a proxy service that can be used only by accessing a web page. In other words, I don't want users to enter proxy details in their browser settings, but rather, if they want to go through a proxy, they can visit a webpage, enter a URL in a form, and the page (and all subsequent pages) will be funneled through the proxy to the user. I believe that anonymizer.com does something similar. But hopefully you get the idea. :Peter I played around with CGIProxy for a while, although I don't really use it anymore. Might suit your needs. http://www.jmarshall.com/tools/cgiproxy/ I found it didn't work very well for JavaScript heavy stuff like Hotmail (which is to be expected) but for most sites it worked adequately. I had to apt-get install libnet-perl libnet-ssleay-perl and make a minor change to the script at line 3935: # $how_much -= Net::SSLeay::blength($got); $how_much -= length($got); Coz Net::SSLeay::blength wasn't working for me. Cheers, Blair. signature.asc Description: OpenPGP digital signature
munin und png probleme
Hallo Liste, seit dem dist-upgrade vom 12.1. habe ich probleme mit munin. Bei erstellen der Graphen bricht das cron skript ab. Ich konnte das Problem bis zu dieser Zeile zurückverfolgen: (wegen Paranoia ein bisschen anonymisiert :) (Borg ist ein Rechner um dessen Statistik es geht.) # su -s /bin/sh munin -c /usr/share/munin/munin-graph --debug --list-images DEBUG: Drawing fields used,max,. DEBUG: Drawing fields used,max,. DEBUG: Drawing fields used,max,. DEBUG: - used... DEBUG5: Doing path... DEBUG: - max... DEBUG5: Doing path... rrdtool graph /var/www/munin/domain.tld/borg.domain.tld-open_inodes-month.png --title Inode table usage - by month --start -33d --base 1000 -l 0 --vertical-label number of open inodes --height 175 --imgformat PNG --lazy DEF:gused=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-used- g.rrd:42:AVERAGE DEF:iused=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-used- g.rrd:42:MIN DEF:aused=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-used- g.rrd:42:MAX CDEF:cused=gused LINE2:gused#22ff22:open inodes COMMENT: Cur: GPRINT:cused:LAST:%6.2lf%s COMMENT: Min: GPRINT:iused:MIN:%6.2lf%s COMMENT: Avg: GPRINT:gused:AVERAGE:%6.2lf%s COMMENT: Max: GPRINT:aused:MAX:%6.2lf%s\j DEF:gmax=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-max- g.rrd:42:AVERAGE DEF:imax=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-max- g.rrd:42:MIN DEF:amax=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-max- g.rrd:42:MAX CDEF:cmax=gmax LINE2:gmax#0022ff:peak open inodes COMMENT: Cur: GPRINT:cmax:LAST:%6.2lf%s COMMENT: Min: GPRINT:imax:MIN:%6.2lf%s COMMENT: Avg: GPRINT:gmax:AVERAGE:%6.2lf%s COMMENT: Max: GPRINT:amax:MAX:%6.2lf%s\j COMMENT:Last update: Thu Jan 13 10:55:05 2005\r --end 1105603200 /var/www/munin/domain.tld/borg.domain.tld-open_inodes-month.png DEBUG: Drawing fields rcvd,trans,. DEBUG: Drawing fields rcvd,trans,. DEBUG: Drawing fields rcvd,trans,. DEBUG: - rcvd... DEBUG5: Doing path... DEBUG: - trans... DEBUG5: Doing path... rrdtool graph /var/www/munin/domain.tld/borg.domain.tld-open_inodes-month.png --title Inode table usage - by month --start -33d --base 1000 -l 0 --vertical-label number of open inodes --height 175 --imgformat PNG DEF:gused=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-used- g.rrd:42:AVERAGE DEF:iused=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-used- g.rrd:42:MIN DEF:aused=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-used- g.rrd:42:MAX CDEF:cused=gused LINE2:gused#22ff22:open inodes COMMENT: Cur: GPRINT:cused:LAST:%6.2lf%s COMMENT: Min: GPRINT:iused:MIN:%6.2lf%s COMMENT: Avg: GPRINT:gused:AVERAGE:%6.2lf%s COMMENT: Max: GPRINT:aused:MAX:%6.2lf%s\j DEF:gmax=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-max- g.rrd:42:AVERAGE DEF:imax=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-max- g.rrd:42:MIN DEF:amax=/var/lib/munin/domain.tld/borg.domain.tld-open_inodes-max- g.rrd:42:MAX CDEF:cmax=gmax LINE2:gmax#0022ff:peak open inodes COMMENT: Cur: GPRINT:cmax:LAST:%6.2lf%s COMMENT: Min: GPRINT:imax:MIN:%6.2lf%s COMMENT: Avg: GPRINT:gmax:AVERAGE:%6.2lf%s COMMENT: Max: GPRINT:amax:MAX:%6.2lf%s\j COMMENT:Last update: Thu Jan 13 11:00:06 2005\r --end 1105610400 libpng error: Write Error Das Bild ist tatsächlich kaputt aber andere Bilder werden korrekt erstellt. Kann die rdd DB kaputt sein? Aber das wöchentliche Bild wird vorher erfolgreich erstellt... Ist der rrd-graph aufruf kaputt? Schönen Dank schon mal im voraus, Andreas
Re: Re: Re: Internet per Satelit in Syria, Iraq, Iran and Afghanistan
Ok.. Best of things to you. Best regards,Cristian Mezei http://www.xperts.ro
Re: Legal English online seminar
Title: Re: Legal English online seminar I have some more questions regarding a.m. offering: What ist the average time input into this seminar on the participant's side? When are other seminars scheduled for 2005? Do you have more information on the set up of the seminar? Thanks, Monika _ Monika Berghs Siemens AG Intellectual Property Paul-Gossen-Str. 100 D-91052 Erlangen Email [EMAIL PROTECTED] Tel. +49 9131 7 32182 Fax +49 9131 7 32226 _ This message and any attachments are solely for the use of intended recipients. They may contain privileged and/or confidential information, attorney work product or other information protected from disclosure. If you are not an intended recipient, you are hereby notified that you received this email in error, and that any review, dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you have received this email in error, please contact the sender and delete the message and any attachment from your system. Thank you for your cooperation.
exim4 for virtual domains
Would someone kindly post the relevant parts of an exim4 configuration for a machine that works as isp with virtual domains, and different users (with possible not empty intersection set of users for different domains)? Some directions about combined remote mail retrieval + web access will be appreciated. thankyouall in advance __ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com
Re: exim4 for virtual domains
Op do, 13-01-2005 te 11:38 -0800, schreef TR RCPG:
Would someone kindly post the relevant parts of an
exim4 configuration for a machine that works as isp
with virtual domains, and different users (with
possible not empty intersection set of users for
different domains)? Some directions about combined
remote mail retrieval + web access will be
appreciated.
Exim4 is way too flexible to provide a generic answer to this question.
What you should have is a router that looks up whether the local address
exists in some file or database, and a transport that writes out the
file to an mbox or maildir, possibly in a directory based on the domain.
Something like:
virthost_transport:
driver = appendfile
file = /mail/$domain/$local_part
will create an mbox '/mail/grep.be/wouter' for mail sent to
'[EMAIL PROTECTED]'.
Next up is the router. I'll give an example using an lsearch lookup,
because that is by far the easiest way to do this, but if you're
expecting more than a few tens of users and performance is an issue,
you'll want to replace that by another type of lookup (a cdb or ldbm
file, or perhaps something more sophisticated such as an SQL or LDAP
server). Run 'info exim4' and head for 'File and database lookups' for
more info on those.
virthost_router:
transport = virthost_transport
condition = ${if match\
{${lookup{$domain}lsearch{/etc/mail/users}}}\
{$local_part} \
{yes}{no}}
whereby /etc/mail/users is a file containing lines like:
grep.be: wouter roel leen
lists.debian.org: debian-user debian-isp
and so on.
--
EARTH
smog | bricks
AIR -- mud -- FIRE
soda water | tequila
WATER
-- with thanks to fortune
Re: exim4 for virtual domains
--- Wouter Verhelst [EMAIL PROTECTED] wrote:
Op do, 13-01-2005 te 11:38 -0800, schreef TR RCPG:
Would someone kindly post the relevant parts of an
exim4 configuration for a machine that works as
isp
with virtual domains, and different users (with
possible not empty intersection set of users for
different domains)? Some directions about combined
remote mail retrieval + web access will be
appreciated.
Exim4 is way too flexible to provide a generic
answer to this question.
What you should have is a router that looks up
whether the local address
exists in some file or database, and a transport
that writes out the
file to an mbox or maildir, possibly in a directory
based on the domain.
Something like:
virthost_transport:
driver = appendfile
file = /mail/$domain/$local_part
will create an mbox '/mail/grep.be/wouter' for mail
sent to
'[EMAIL PROTECTED]'.
Next up is the router. I'll give an example using an
lsearch lookup,
because that is by far the easiest way to do this,
but if you're
expecting more than a few tens of users and
performance is an issue,
you'll want to replace that by another type of
lookup (a cdb or ldbm
file, or perhaps something more sophisticated such
as an SQL or LDAP
server). Run 'info exim4' and head for 'File and
database lookups' for
more info on those.
virthost_router:
transport = virthost_transport
condition = ${if match \
{${lookup{$domain}lsearch{/etc/mail/users}}}\
{$local_part} \
{yes}{no}}
whereby /etc/mail/users is a file containing lines
like:
grep.be: wouter roel leen
lists.debian.org: debian-user debian-isp
and so on.
Hi Walter, thank you for answering. Would you
recommend following some other route, may be postfix
or some different combination? I need something simple
and yet with enough power. I will definitely check on
your info. Thank you
__
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
Re: phpBB vulnerability exploited
Fraser Campbell wrote: On Sunday 12 December 2004 17:46, Marek Podmaka wrote: I don't want to give hints on how to exploit this, but the attacker did wget the .tgz file, unpacked it in /tmp and run the program. So update all your phpBB installations ASAP (and of course all installations of your customers). On a somewhat related note ... I have the habit of mount /tmp with noexec,nosuid,nodev. I also mount /usr and /boot ro. These minor changes can prevent common automated attacks (probably the one you encountered) and don't cause any problems. It can cause probleme with the default invocation of logrotate (Starting with version ... huu ... 7.something.somethingelse, the postrotate script is dumped in a file and executed (before, it was in a system()). But you can quickfix this problem with an export of TMPDIR in the crontab script (of logrotate). Wacquiez Sébastien
UNSUBSCRIBE
IMAP Servers
I'm currently using Courier-IMAP as my IMAP mail server, but the way it handles folders is a bit annoying (.FolderName/cur/ .FolderName/new/). Is this standard IMAP protocol, or do different servers handle this differently? Which other servers should I check out?
Re: IMAP Servers
W. Andrew Loe III [EMAIL PROTECTED] wrote: I'm currently using Courier-IMAP as my IMAP mail server, but the way it handles folders is a bit annoying (.FolderName/cur/ .FolderName/new/). Is this standard IMAP protocol, or do different servers handle this differently? Which other servers should I check out? The format you're describing is maildir which Courier happens to implement. Other apps use maildir too. If you're looking for something that does IMAP, you may want to check out Cyrus. I've used it successfully but it has its own mailstore. It's similar to maildir in that each message is stored in its own file, but it doesn't have the 'new' and 'cur' subdirectories, etc. thanks, mikeS -- Michael Sprague | [EMAIL PROTECTED] Partner | System and Network Engineering (SaNE), LLC use STD::disclaimer;
Re: IMAP Servers
Am 2005-01-12 16:27:05, schrieb W. Andrew Loe III: I'm currently using Courier-IMAP as my IMAP mail server, but the way it handles folders is a bit annoying (.FolderName/cur/ .FolderName/new/). Is this standard IMAP protocol, or do different servers handle this differently? Which other servers should I check out? This is the NON-BLOCKING Maildir Format. With Maildir you can have realy high load on the Server without any Locking of files, which mean, you can have incoming Messages at the same time, a client is connected and download files. Never I will change back to mailbox ! Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: IMAP Servers
Michael F. Sprague wrote: W. Andrew Loe III [EMAIL PROTECTED] wrote: I'm currently using Courier-IMAP as my IMAP mail server, but the way it handles folders is a bit annoying (.FolderName/cur/ .FolderName/new/). Is this standard IMAP protocol, or do different servers handle this differently? Which other servers should I check out? The format you're describing is maildir which Courier happens to implement. Other apps use maildir too. If you're looking for something that does IMAP, you may want to check out Cyrus. I've used it successfully but it has its own mailstore. It's similar to maildir in that each message is stored in its own file, but it doesn't have the 'new' and 'cur' subdirectories, etc. thanks, mikeS I'm sorry, I meant to refer to its implementation of Maildir. Is this the standard format? I had a lot of trouble getting this format to work well with Apple Mail. I'm pretty sure its Mail's issue as thunderbird works perfectly.
Re: IMAP Servers
On 13 Jan 2005, at 00:07, W. Andrew Loe III wrote: I'm sorry, I meant to refer to its implementation of Maildir. Is this the standard format? I had a lot of trouble getting this format to work well with Apple Mail. I'm pretty sure its Mail's issue as thunderbird works perfectly. Eh... I don't think that this is an issue related to Mail.app. It depends on how it is served by the IMAP daemon. But I never experienced any problems when using together Courier-IMAPd, Maildir as the storage backend and Mail.app as the frontend. Regards, Philipp Kern
Re: IMAP Servers
On Jan 12, 2005, at 3:15 PM, Philipp Kern wrote: On 13 Jan 2005, at 00:07, W. Andrew Loe III wrote: I'm sorry, I meant to refer to its implementation of Maildir. Is this the standard format? I had a lot of trouble getting this format to work well with Apple Mail. I'm pretty sure its Mail's issue as thunderbird works perfectly. Eh... I don't think that this is an issue related to Mail.app. It depends on how it is served by the IMAP daemon. But I never experienced any problems when using together Courier-IMAPd, Maildir as the storage backend and Mail.app as the frontend. We've experienced some issues with courier-imapd and Mail.app, specifically where certain IMAP sub-Maildir mailboxes wouldn't display within Mail.app. The mailboxes work great within Thunderbird. It's been infrequent enough where we haven't really done a thorough investigation. If anybody else has had similar issues, and knows of a fix, please share! Thanks- Eric
Re: IMAP Servers
On Wednesday 12 January 2005 18:34, Eric Jennings wrote: We've experienced some issues with courier-imapd and Mail.app, specifically where certain IMAP sub-Maildir mailboxes wouldn't display within Mail.app. The mailboxes work great within Thunderbird. It's been infrequent enough where we haven't really done a thorough investigation. If anybody else has had similar issues, and knows of a fix, please share! If you don't have fam setup to automatically notify clients of new mail, Mail.app will poll to look for new messages. It makes a separate IMAP connection for each folder [1]. So check your IMAPDAEMONS setting in /etc/courier/imapd (100 was recommended for 25 clients). Another factor is the max # of authdaemons. I'm pretty sure each IMAP connection generates an authentication request. If the clients obsessively check for new mail, you may need to increase the number of authdaemons you allow courier to startup. Regards, Mark [1] http://staff.washington.edu/oren/weblog/archives/70.html
Re: IMAP Servers
I do recall at one stage you had to create a symlink back to the base of the Maildir called INBOX for Mail.app to work: ln -s Maildir/ Maildir/.INBOX Hope that helps Ned We've experienced some issues with courier-imapd and Mail.app, specifically where certain IMAP sub-Maildir mailboxes wouldn't display within Mail.app. The mailboxes work great within Thunderbird. It's been infrequent enough where we haven't really done a thorough investigation. If anybody else has had similar issues, and knows of a fix, please share! Thanks- Eric
Re: [OT] Backup on DLT (recommandation)
Adrian von Bidder wrote: If you believe their advertisement, Exabytes VXA tapes are a cost-effective solution, compared to other tape solutions. I have no experience with them, I just thought I'd point you in that direction if you haven't investigated them yet. I used some of these a few years ago. Their technology always seemed very good. The drives were fast(er) than other stuff we had at the time, and they seemed to just work. (The hassle factor was low.) I don't know if I'd use them today or AIT. Nate
Re: phpBB vulnerability exploited
Francesco P. Lovergine said: I run apache using dchroot to avoid the most common problems. Breaking a chroot is possible, but not so easy and it's more difficult within dchroot which _should_ drops privileges properly AFAIK
Re: [OT] Backup on DLT (recommandation)
On Saturday 08 January 2005 17.46, Michelle Konzack wrote: [Tapes] My only problem is that my purse is very limited to =700 Euro. If you believe their advertisement, Exabytes VXA tapes are a cost-effective solution, compared to other tape solutions. I have no experience with them, I just thought I'd point you in that direction if you haven't investigated them yet. -- vbi -- Today is Setting Orange, the 10th day of Chaos in the YOLD 3171
suexec permissions
Good morning, I'm having a some permissions trouble with suexec running on Sarge. I have a virtualhost for a user called Bob which specifies User Bob and Group Bob in the /etc/apache/conf.d/bob.conf file. The permissions on /var/www/bob are: drwx-- 2 bob bob 4096 Jan 10 10:30 cgi-bin drwx-- 26 bob bob 4096 Jan 10 10:30 htdocs and the permissions on /var/www/bob/htdocs/index.html are: drwx-- 1 bob bob 4096 Jan 10 10:30 index.html When I restart Apache, I get the following message in the Apache error log: [Mon Jan 10 10:35:00 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache/suexec) But when I try to access index.html, bob's error log shows: [Mon Jan 10 10:36:00 2005] [error] [client 10.1.1.1] (13)Permission denied: access to /index.html failed because search permissions are missing on a component of the path If I switch user to bob, and run ls -la on /, /var, /var/www, /var/www/bob I can see all of the files, so why is apache running as this user not able to?
Re: suexec permissions
nodata wrote: Good morning, I'm having a some permissions trouble with suexec running on Sarge. I have a virtualhost for a user called Bob which specifies User Bob and Group Bob in the /etc/apache/conf.d/bob.conf file. snip If I switch user to bob, and run ls -la on /, /var, /var/www, /var/www/bob I can see all of the files, so why is apache running as this user not able to? Hiya, You'll probably find that all your Apache processes are running as www-data based on the User directive in your main httpd.conf -- and they can't read bob's files. Only CGI scripts will be affected by the User directive in a VirtualHost. From: http://httpd.apache.org/docs/mod/core.html#user Special note: Use of this directive in VirtualHost requires a properly configured suEXEC wrapper. When used inside a VirtualHost in this manner, only the user that CGIs are run as is affected. Non-CGI requests are still processed with the user specified in the main User directive. Regards, Blair. signature.asc Description: OpenPGP digital signature
Re: suexec permissions
Blair Strang wrote: nodata wrote: Good morning, I'm having a some permissions trouble with suexec running on Sarge. I have a virtualhost for a user called Bob which specifies User Bob and Group Bob in the /etc/apache/conf.d/bob.conf file. snip If I switch user to bob, and run ls -la on /, /var, /var/www, /var/www/bob I can see all of the files, so why is apache running as this user not able to? Hiya, You'll probably find that all your Apache processes are running as www-data based on the User directive in your main httpd.conf -- and they can't read bob's files. Only CGI scripts will be affected by the User directive in a VirtualHost. From: http://httpd.apache.org/docs/mod/core.html#user Special note: Use of this directive in VirtualHost requires a properly configured suEXEC wrapper. When used inside a VirtualHost in this manner, only the user that CGIs are run as is affected. Non-CGI requests are still processed with the user specified in the main User directive. Therefore, if you have a user called bob, and a group called bob, make the files group readable, and make the user www-data a member of that group. That should do it. Forget suexec, it is far more complicated than what it sounds like you need. Regards, Upayavira
Re: suexec permissions
discussion of User directive in VirtualHost elided nodata wrote: Ah this would explain things more - but then shouldn't running http://website/cgi-bin/test.pl work? I get the same search permissions error.. Er, yep, as far as I can see, it should. suEXEC can be a little... finicky :) What does /var/log/apache/suexec.log say? Ta, Blair. signature.asc Description: OpenPGP digital signature
Re: suexec permissions
discussion of User directive in VirtualHost elided nodata wrote: Ah this would explain things more - but then shouldn't running http://website/cgi-bin/test.pl work? I get the same search permissions error.. Er, yep, as far as I can see, it should. suEXEC can be a little... finicky :) What does /var/log/apache/suexec.log say? Nothing :/ But the error log for this host has the failed because search permissions are missing on a component of the path error. Ta, Blair. ps. I'm also using binfmt with php4-cgi to serve php pages, this might be relevant later.
Re: suexec permissions
On Monday 10 January 2005 11:34, nodata wrote: nodata wrote: From: http://httpd.apache.org/docs/mod/core.html#user Special note: Use of this directive in VirtualHost requires a properly configured suEXEC wrapper. When used inside a VirtualHost in this manner, only the user that CGIs are run as is affected. Non-CGI requests are still processed with the user specified in the main User directive. Ah this would explain things more - but then shouldn't running http://website/cgi-bin/test.pl work? I get the same search permissions error.. Why of course. The server doesn't 'know' anything about that file (or that it even exists) until it can 'stat' it. And now it _cannot_ stat it ;-) It sound like a chicken and egg problem to me. Maarten
Re: suexec permissions
On Monday 10 January 2005 11:34, nodata wrote: nodata wrote: From: http://httpd.apache.org/docs/mod/core.html#user Special note: Use of this directive in VirtualHost requires a properly configured suEXEC wrapper. When used inside a VirtualHost in this manner, only the user that CGIs are run as is affected. Non-CGI requests are still processed with the user specified in the main User directive. Ah this would explain things more - but then shouldn't running http://website/cgi-bin/test.pl work? I get the same search permissions error.. Why of course. The server doesn't 'know' anything about that file (or that it even exists) until it can 'stat' it. And now it _cannot_ stat it ;-) It sound like a chicken and egg problem to me. Maarten Ah. So what do other people do? I could chgrp www-data, but then suexec complains. I could give o+rx access, but then I'm left with anyone on the machine being able to read everything. Is there a simple solution?
linux virtual server and coda
I'm evalutating a HA architecure based on LVS. Coda fs is a possible choice for distributed files among the real servers. It would be used for generic files, not for the DBMS, of course. Is it an affordable solution? Does anyone have first hand experiences with it? -- Francesco P. Lovergine
Re: suexec permissions
nodata wrote: discussion of User directive in VirtualHost elided nodata wrote: Ah this would explain things more - but then shouldn't running http://website/cgi-bin/test.pl work? I get the same search permissions error.. Er, yep, as far as I can see, it should. suEXEC can be a little... finicky :) What does /var/log/apache/suexec.log say? Nothing :/ But the error log for this host has the failed because search permissions are missing on a component of the path error. A couple of things. The suEXEC wrapper itself does setuid() before most of the path/file checks, so that's probably not the problem. The absence of anything in the log file also indicates that Apache itself is having trouble reading things, not the suEXEC wrapper. You might want to try loosening the read permissions on the CGI + path to the CGI, and verify (by perhaps touching a file in /tmp) that it is running as the user you intended it to. Then try tightening the read permissions on the CGI itself, and then along the path to it. The other thing to check is that your scripts are physically located under suEXEC's DOC_ROOT (/var/www on Sarge, I think). Regards, Blair. signature.asc Description: OpenPGP digital signature
Re: suexec permissions
On Monday 10 January 2005 12:05, nodata wrote: On Monday 10 January 2005 11:34, nodata wrote: nodata wrote: Ah this would explain things more - but then shouldn't running http://website/cgi-bin/test.pl work? I get the same search permissions error.. Why of course. The server doesn't 'know' anything about that file (or that it even exists) until it can 'stat' it. And now it _cannot_ stat it ;-) It sound like a chicken and egg problem to me. Maarten Ah. So what do other people do? Dunno, I'm not really into apache in a deep way. I could chgrp www-data, but then suexec complains. I could give o+rx access, but then I'm left with anyone on the machine being able to read everything. Experiment. Maybe setting 711 on the directories leading up to that file changes things enough ? Or maybe leaving all dirs 755 (but not the files itself) fixes it and leaves enough security for your setup ? Try it. Maarten --
Re: suexec permissions
nodata wrote: discussion of User directive in VirtualHost elided nodata wrote: Ah this would explain things more - but then shouldn't running http://website/cgi-bin/test.pl work? I get the same search permissions error.. Er, yep, as far as I can see, it should. suEXEC can be a little... finicky :) What does /var/log/apache/suexec.log say? Nothing :/ But the error log for this host has the failed because search permissions are missing on a component of the path error. A couple of things. The suEXEC wrapper itself does setuid() before most of the path/file checks, so that's probably not the problem. The absence of anything in the log file also indicates that Apache itself is having trouble reading things, not the suEXEC wrapper. You might want to try loosening the read permissions on the CGI + path to the CGI, and verify (by perhaps touching a file in /tmp) that it is running as the user you intended it to. Then try tightening the read permissions on the CGI itself, and then along the path to it. Done. chmod o+rx on: /var/www/bob /var/www/bob/htdocs /var/www/bob/cgi-bin then running a system(touch /tmp/blairtest) from cgi-bin/test.pl creates a file with bob:bob permissions. The other thing to check is that your scripts are physically located under suEXEC's DOC_ROOT (/var/www on Sarge, I think). They are. Regards, Blair. The problem with this setup is that I have to have o+rx permission on directories and non-executables, which is a little messy (and I'm not sure whether vsftpd can handle this). Plus everyone on the machine can now read the files. Ack.
Re: suexec permissions
nodata wrote: Done. chmod o+rx on: /var/www/bob /var/www/bob/htdocs /var/www/bob/cgi-bin then running a system(touch /tmp/blairtest) from cgi-bin/test.pl creates a file with bob:bob permissions. The other thing to check is that your scripts are physically located under suEXEC's DOC_ROOT (/var/www on Sarge, I think). They are. Regards, Blair. The problem with this setup is that I have to have o+rx permission on directories and non-executables, which is a little messy (and I'm not sure whether vsftpd can handle this). Plus everyone on the machine can now read the files. Ack. Well, to get /proper/ isolation you have to run separate Apache instances... :) You could try a compromise along the lines of that suggested by Upayavira, except you hit NGROUPS_MAX as you noted. Wild Ass Suggestion: If you made each user VirtualHost directory uid user gid www-data, and mode 2750 (note the setgid bit there), and have only Apache in group www-data, might that not work? [Am I missing something obvious?] The biggest problem then is that users can piggyback off Apache's group www-data access by running scripts. Perhaps this could be surmounted with suexec, by forcing scripts to run as the User/Group you specify. Users might have to manually chgrp their scripts to their User Private Group in this scenario though, which is a disadvantage. But I should shut up now... I have to defer at this point to someone with more experience at running large Apache installations. 8-P Regards, Blair. signature.asc Description: OpenPGP digital signature
Re: suexec permissions
The problem with this setup is that I have to have o+rx permission on directories and non-executables, which is a little messy (and I'm not sure whether vsftpd can handle this). Plus everyone on the machine can now read the files. Ack. Well, to get /proper/ isolation you have to run separate Apache instances... :) You could try a compromise along the lines of that suggested by Upayavira, except you hit NGROUPS_MAX as you noted. Wild Ass Suggestion: If you made each user VirtualHost directory uid user gid www-data, and mode 2750 (note the setgid bit there), and have only Apache in group www-data, might that not work? [Am I missing something obvious?] I think I'd get an error from suexec complaining about a User/Group mismatch. The biggest problem then is that users can piggyback off Apache's group www-data access by running scripts. Perhaps this could be surmounted with suexec, by forcing scripts to run as the User/Group you specify. Users might have to manually chgrp their scripts to their User Private Group in this scenario though, which is a disadvantage. But I should shut up now... I have to defer at this point to someone with more experience at running large Apache installations. 8-P Regards, Blair. Anyone? :)
CONFIRM s011001413516053
It has been requested that the following address: archive@mail-archive.com should be added to the debian-isp mailing list. The address has NOT yet been subscribed to the mailing list. To subscribe you need to confirm the subscription request by sending an email to the address: [EMAIL PROTECTED] with the Subject string: CONFIRM s011001413516053 With a reasonable good email program a reply to this message should be sufficient Do NOT remove or edit the CONFIRM ... text within the Subject header. If it is removed or changed, the confirmation will fail! The address listed above will be (un)subscribed as soon as your confirmation message is received. If the above address is incorrect, please don't send in the confirm message listed above. Instead, send a new (un)subscribe request with the Subject: subscribe [EMAIL PROTECTED] or unsubscribe [EMAIL PROTECTED] and wait for a new confirmation message. If you are unable to subscribe to our lists through this mechanism, please contact us at [EMAIL PROTECTED] For more information about Debian mailing lists, please see http://www.debian.org/MailingLists/ In the event that you did not send a request to (un)subscribe, a copy of the (un)subscription request that follows below may help you discover who sent the request. -- From archive@mail-archive.com Mon Jan 10 01:41:35 2005 Return-Path: archive@mail-archive.com X-Original-To: [EMAIL PROTECTED] Received: from gen6 (unknown [216.218.158.115]) by murphy.debian.org (Postfix) with ESMTP id 959182DFCA for [EMAIL PROTECTED]; Mon, 10 Jan 2005 01:41:35 -0600 (CST) Received: from archive by gen6 with local (Exim 4.34) id 1CnuBB-0001ru-Iu for [EMAIL PROTECTED]; Sun, 09 Jan 2005 23:41:33 -0800 To: [EMAIL PROTECTED] Subject: subscribe Message-Id: [EMAIL PROTECTED] From: Mail-Archive archive@mail-archive.com Date: Sun, 09 Jan 2005 23:41:33 -0800 X-Rc-Virus: 2004-10-30_01
Re: [OT] Backup on DLT (recommandation)
On Sat, 2005-01-08 at 17:46 +0100, Michelle Konzack wrote: Because my old DAT is not more enough, I consider to buy a DLT with 80-160 GByte. Because I have no experience with it, I like to here some suggestions. My only problem is that my purse is very limited to =700 Euro. DLT is a quite expensive way to backup, especially considering the price of the tapes (50-100 euros). Depending on how many backups and how much data you want to keep around it might be interesting to look at other solutions (External harddrives, dvd, maybe blue-ray next year). Since harddrives run at about 100 euro's for 200 GB it's quite hard to beat those prices. Are the DLT only SCSI or do they exist in PATA and SATA too ? So far I've only seen SCSI versions, I'd think SATA is still quite far off for DLT (as there aren't even many cd/dvd drives on sata yet) -- Mark Janssen -- maniac(at)maniac.nl Unix / Linux, Open-Source and Internet Consultant PGP: 0x357D2178 Skype: markmjanssen ICQ: 129696007 signature.asc Description: This is a digitally signed message part
Re: [OT] Backup on DLT (recommandation)
Hello Michelle On 2005-01-08 Michelle Konzack wrote: Because my old DAT is not more enough, I consider to buy a DLT with 80-160 GByte. Because I have no experience with it, I like to here some suggestions. My only problem is that my purse is very limited to =700 Euro. Why not take a couple of 180,- EUR external USB 2.0 harddisks with about 200GB each? Fast, also in restore, cheap and easy to manage. At least compared to DDS3 tapes the ones from Maxtor do not have a significant higher failure percentage (maybe combine exclusures and harddisc yourself to choose the harddisk brand, you trust the most). Michelle bye, -christian- -- Of all the things I've lost, I miss my mind the most -nesmad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Backup on DLT (recommandation)
Am 2005-01-08 18:11:34, schrieb Mark Janssen: DLT is a quite expensive way to backup, especially considering the price of the tapes (50-100 euros). Depending on how many backups and how much data you want to keep around it might be interesting to look at other solutions (External harddrives, dvd, maybe blue-ray next year). Since harddrives run at about 100 euro's for 200 GB it's quite hard to beat those prices. Curently I have a backup server with a 3Ware SATA Raid-5 and 4 Hitachi 400 GByte HDDs plus my HP-DDS3. It is connected to a second (backup) network. The 1,2 TByte diskspace are enough to make 4 weeks backup. Each week one FULL and six INCREMENTAL backup. The problem is, that I am already using 400 GByte HDDs in External cases but the 5 1/4 enclosure are to big for the Bank-Tresor (only 4) and I was looking for smaller Media. DVD9 is not an option, because the poor quality and the number of DVDs. Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: [OT] Backup on DLT (recommandation)
Because my old DAT is not more enough, I consider to buy a DLT with 80-160 GByte. Because I have no experience with it, I like to here some suggestions. My only problem is that my purse is very limited to =700 Euro. Are the DLT only SCSI or do they exist in PATA and SATA too ? I just looked into this a little myself and ended up going with an AIT tape drive. My understanding is that because they have helical scan heads, the drives are smaller and use less power. (The tape speed doesn't have to be as fast so you don't need as big of motors - or something like that.) I just ordered this drive: http://coastalmicrosupply.com/store/product_info.php?products_id=446 (Not as big as what you're talking about though!) Tapes are very expensive new. I've already bought some (used) from ebay. They look to be in very good shape and ran about $5 apiece. Obviously I'll run a verify them when I get the drive in. (If you buy tapes from ebay make sure you understand what you're getting - I've seen some 2G AIT tapes for sale - I had no idea tapes that small even existed!) FWIW, I run a variety of backup strategies. For really big data, I just go with the multiple hard drive approach. (Where n == 2.) For full backups of my server, I like tape as I can drop a tape in my safety deposit box from time to time. Then it's a matter of organizing things to make sure the appropriate backup happens automatically. Take care, Dale -- Dale E. Martin - [EMAIL PROTECTED] http://the-martins.org/~dmartin signature.asc Description: Digital signature
Re: Re: Internet per Satelit in Syria, Iraq, Iran and Afghanistan
Hi. Why don't you try www.lamit.ro . They have two way mobile systems too, as wellas fixed solutions. For more info, contact me at http://forum.xperts.ro . I'll read it for sure. Hope i helped and best of things to you. BEGIN:VCARD VERSION:2.1 N:Mezei;Cristian;Mihai;Dl. FN:Cristian Mihai Mezei ORG:Lamit Co;IT TITLE:Manager TEL;WORK;VOICE:0040213357110 TEL;HOME;VOICE:N/A TEL;CELL;VOICE:0040724213368 TEL;PAGER;VOICE:N/A TEL;WORK;FAX:0040213350874 TEL;HOME;FAX:N/A ADR;WORK:;0040213352206;Bd-ul Natiunile Unite, nr 4;Bucharest;N/A;7000;Romania LABEL;WORK;ENCODING=QUOTED-PRINTABLE:0040213352206=0D=0ABd-ul Natiunile Unite, nr 4=0D=0ABucharest, N/A 7000=0D= =0ARomania ADR;HOME:;;N/A;Bucharest;N/A;7000;Romania LABEL;HOME;ENCODING=QUOTED-PRINTABLE:N/A=0D=0ABucharest, N/A 7000=0D=0ARomania X-WAB-GENDER:2 URL;HOME:http://www.xperts.ro URL;WORK:http://www.lamit.ro EMAIL;PREF;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] REV:20050107T132937Z END:VCARD
Re: Re: Internet per Satelit in Syria, Iraq, Iran and Afghanistan
Long time ago... :-) Hello Cristian, Am 2005-01-07 15:29:37, schrieb Cristian Mezei: Hi. Why don't you try www.lamit.ro . They have two way mobile systems too, as well as fixed solutions. I will check it out. For more info, contact me at http://forum.xperts.ro . I'll read it for sure. OK, If I have my X back, I will look at it. Hope i helped and best of things to you. Thanks for your fast answer :-) Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Re: Details
Questa è una risposta automatica. Ti ringraziamo di averci scritto, ma purtroppo l'indirizzo [EMAIL PROTECTED] non è più utilizzato, quindi il messaggio che ci hai inviato non è stato ricevuto. Ti preghiamo di contattarci attraverso il form sul sito http://cinema.supereva.it -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keep auto-periodic fsck's enabled on ext3 partitions?
Thanks for weighing in with your opinion, which was basically what I was planning to do anyways unless I heard otherwise. We don't run cutting-edge kernels, only upgrading for important bug or security patches. Combined with nightly backups of customer data, I think we'll be pretty safe disabling auto-fscks (knock on wood). Thanks again, Glenn Oppegard Aktiom Networks LLC http://www.aktiom.net Linux Virtual Private Servers for Professionals On Jan 6, 2005, at 4:48 AM, Wouter Verhelst wrote: On Thu, Jan 06, 2005 at 01:26:02AM -0700, Glenn Oppegard wrote: Hello, We have production machines that have ext3 partitions bigger than 100GB. On our last kernel upgrade, we were surprised to see the machines do an fsck on all partitions even though they were unmounted cleanly. Upon further investigation we found the tune2fs options that force fscks of partitions after a certain number of mounts, or after a certain period of time since the last fsck (6 months in our case). My question is, is it detrimental to disable these auto-checks and not run fsck periodically? If you always upgrade to the latest kernel when it's out, it's probably a good idea to leave it on; otherwise, and as long as you don't experience problems, I suggest to switch it off. The man page for tune2fs says it's not wise... That is mostly relevant for systems that don't take regular backups. If you do (and for the sake of your customers, I hope that is the case), the extra precaution isn't really necessary, and probably a bad idea if the cost involved (in terms of downtime) is too high. The idea of the fsck is so that you would notice if anything out of the ordinary is going on in the kernel. If you are, however, running the same kernel all the time, either nothing will happen (and the fsck's are superfluous), or your kernel is broken and you'll be fucked anyway (and the fsck's won't help you). -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Keep auto-periodic fsck's enabled on ext3 partitions?
Hello, We have production machines that have ext3 partitions bigger than 100GB. On our last kernel upgrade, we were surprised to see the machines do an fsck on all partitions even though they were unmounted cleanly. Upon further investigation we found the tune2fs options that force fscks of partitions after a certain number of mounts, or after a certain period of time since the last fsck (6 months in our case). My question is, is it detrimental to disable these auto-checks and not run fsck periodically? The man page for tune2fs says it's not wise...but fscks on 100GB partitions take a lng time, during which my customers' services are offline. I'm even more concerned for our new machines that have 200GB partitions, where an fsck will take hours to complete. Anyone have suggestions or experience with this? Thanks, Glenn Oppegard Aktiom Networks LLC http://www.aktiom.net Linux Virtual Private Servers for Professionals -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keep auto-periodic fsck's enabled on ext3 partitions?
On Thu, Jan 06, 2005 at 01:26:02AM -0700, Glenn Oppegard wrote: Hello, We have production machines that have ext3 partitions bigger than 100GB. On our last kernel upgrade, we were surprised to see the machines do an fsck on all partitions even though they were unmounted cleanly. Upon further investigation we found the tune2fs options that force fscks of partitions after a certain number of mounts, or after a certain period of time since the last fsck (6 months in our case). My question is, is it detrimental to disable these auto-checks and not run fsck periodically? If you always upgrade to the latest kernel when it's out, it's probably a good idea to leave it on; otherwise, and as long as you don't experience problems, I suggest to switch it off. The man page for tune2fs says it's not wise... That is mostly relevant for systems that don't take regular backups. If you do (and for the sake of your customers, I hope that is the case), the extra precaution isn't really necessary, and probably a bad idea if the cost involved (in terms of downtime) is too high. The idea of the fsck is so that you would notice if anything out of the ordinary is going on in the kernel. If you are, however, running the same kernel all the time, either nothing will happen (and the fsck's are superfluous), or your kernel is broken and you'll be fucked anyway (and the fsck's won't help you). -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keep auto-periodic fsck's enabled on ext3 partitions?
On Thu, 06 Jan 2005, Wouter Verhelst wrote: If you always upgrade to the latest kernel when it's out, it's probably a good idea to leave it on; otherwise, and as long as you don't experience problems, I suggest to switch it off. Also, if you do not have ECC RAM (with a chipset/arch that does ECC monitoring and auto-scrubbing, since Linux is completely retarded on that area for ia32), you should fsck periodically. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keep auto-periodic fsck's enabled on ext3 partitions?
On Thursday 06 January 2005 22:48, Wouter Verhelst [EMAIL PROTECTED] wrote: That is mostly relevant for systems that don't take regular backups. If you do (and for the sake of your customers, I hope that is the case), the extra precaution isn't really necessary, and probably a bad idea if the cost involved (in terms of downtime) is too high. One thing that has been suggested is to use LVM and fsck a snapshot. If fsck on a snapshot LV indicates that nothing other than journal replay is really needed then you can keep running. If it finds some more serious problem then you can consider other options. I don't know of anyone actually implementing this due to fsck not being painful enough. It would be interesting to read some reports of someone actually doing this in the field. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix logs
Tomasz Papszun wrote: On Tue, 04 Jan 2005 at 15:37:46 -0600, Rodney Richison wrote: Am building a new server to replace one. (Trading Redhat for Debian) On the new machine, which is only recieving for one domain while in testing, Logcheck is reporting that postfix has a problem looking up rbl's. I am not running in a jail. (I still copied resolv.conf to postfix for giggles. You copied it to /var/spool/postfix (or anything configured as queue_directory), right? Yup. Seems its a dns problem. It's weird though. On my ns1dns server, my provider is listed as the forwarder. Lookups like this work dig @localhost 199.227.37.209.dul.dnsbl.sorbs.netvi However, on the new debian box they don't work (nxdomain) However, if I change the forwarder to another isp cimtel.net ns1.mbo.net This debian box works just fine. Needless to say, I'd like my provider to be the forwarder. SoooWTF??:) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix logs
Tomasz Papszun wrote: On Tue, 04 Jan 2005 at 15:37:46 -0600, Rodney Richison wrote: Am building a new server to replace one. (Trading Redhat for Debian) On the new machine, which is only recieving for one domain while in testing, Logcheck is reporting that postfix has a problem looking up rbl's. I am not running in a jail. (I still copied resolv.conf to postfix for giggles. You copied it to /var/spool/postfix (or anything configured as queue_directory), right? Yup. Seems its a dns problem. It's weird though. On my ns1dns server, my provider is listed as the forwarder. Lookups like this work dig @localhost 199.227.37.209.dul.dnsbl.sorbs.netvi However, on the new debian box they don't work (nxdomain) However, if I change the forwarder to another isp cimtel.net ns1.mbo.net This debian box works just fine. Needless to say, I'd like my provider to be the forwarder. SoooWTF??:) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE:
, , ? , ? - ! : - , . ABGYMNIC -- , ,. ! ! .. . . ! http://DOMOVENOK.INFO/index.php?CID=7 .
Re: Suggestions for remote server monitoring
What software would people recommend for remotely monitoring a server? I'm not talking about intrustion detection and whatnot, just keeping an eye on things like CPU load, memory, bandwidth usage, etc. Bonus points if it uses something like RRD--graphs and charts are not just pretty eyecandy for me. If you want to monitor resources on a remote system, try cacti. It has great graphing capability using RRD. One of my favorite features is being able to highlight a section of your graph and have it draw a new graph to zoom in on the area of concern. -- John Barton [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix logs
On Tue, 04 Jan 2005 at 15:37:46 -0600, Rodney Richison wrote: Am building a new server to replace one. (Trading Redhat for Debian) On the new machine, which is only recieving for one domain while in testing, Logcheck is reporting that postfix has a problem looking up rbl's. I am not running in a jail. (I still copied resolv.conf to postfix for giggles. You copied it to /var/spool/postfix (or anything configured as queue_directory), right? I changed my resolve to have simply this. nameserver 127.0.0.1 Any thoughts would be appreciated dig @cbl.abuseat.org localhost returns results just fine. Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: 187.170.46.206.cbl.abuseat.org: RBL lookup error: Host or domain name not found. Name service error for name=187.170.46.206.cbl.abuseat.org type=A: Host not found, try again Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: 187.170.46.206.dul.dnsbl.sorbs.net: RBL lookup error: Host or domain name not found. Name service error for name=187.170.46.206.dul.dnsbl.sorbs.net type=A: Host not found, try again -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Suggestions for remote server monitoring
Jacob S wrote: On Wed, 5 Jan 2005 06:50:24 +0300 Peter Clark [EMAIL PROTECTED] wrote: What software would people recommend for remotely monitoring a server? I'm not talking about intrustion detection and whatnot, just keeping an eye on things like CPU load, memory, bandwidth usage, etc. Bonus points if it uses something like RRD--graphs and charts are not just pretty eyecandy for me. apt-cache show nagios Nagios will keep track of all your services - from http, to e-mail, to ftp, etc. as well as the number of running processes, disk usage, etc. It will also e-mail you when it sees a problem. It has a webpage admin interface that's pretty informative. The only thing I think it doesn't do is monitor bandwidth for you; that would require a different program. If you have access to the data, it isn't hard to extend Nagios to handle custom monitoring tasks. Just write a script that returns a status code and some text. We have been using it for several servers at work for a while with good success. Likewise. Regards, Upayavira -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] Debian package differences from upstream
[ Is debian-mentors the proper list for this type of packaging question? ] On my Woody box, courier-mta logs pop transactions with the tag courierpop3login:. The logs of other courier users (freebsd, gentoo for example) have the string pop3d: It has been suggested that this is a change the Debian packager made. How can I verify this? I've done apt-get source and poked around a bit but could not tell where the Debian patches made to upstream live. Regards, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Debian package differences from upstream
On Wed, Jan 05, 2005 at 08:40:21AM -0500, Mark Bucciarelli wrote: [ Is debian-mentors the proper list for this type of packaging question? ] debian-mentors is meant for people who want to package software, I think. It would probably be best to ask the package maintainer himself ([EMAIL PROTECTED]) On my Woody box, courier-mta logs pop transactions with the tag courierpop3login:. The logs of other courier users (freebsd, gentoo for example) have the string pop3d: As far as I remember, this string is set in the init.d script... It has been suggested that this is a change the Debian packager made. How can I verify this? You need to find out whether the init.d script was supplied or changed by the debian maintainer. I've done apt-get source and poked around a bit but could not tell where the Debian patches made to upstream live. See the diff.gz file (BTW vim does nice highligting if you have syntax on), it usually contains all the debian modifications to the upstream tarball. regards, Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Debian package differences from upstream
On Wed, Jan 05, 2005 at 08:40:21AM -0500, Mark Bucciarelli [EMAIL PROTECTED] wrote a message of 21 lines which said: I've done apt-get source and poked around a bit but could not tell where the Debian patches made to upstream live. $PACKAGE_$VERSION.diff.gz (Some big packages use a more complicated system, with a patch directory, check debian/rules in the patched tree to see what it does.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Debian package differences from upstream
On Wednesday 05 January 2005 08:58, Marcin Owsiany wrote: On Wed, Jan 05, 2005 at 08:40:21AM -0500, Mark Bucciarelli wrote: On my Woody box, courier-mta logs pop transactions with the tag courierpop3login:. The logs of other courier users (freebsd, gentoo for example) have the string pop3d: As far as I remember, this string is set in the init.d script... From the diff, I see the courier-pop init script was rewritten for Debian. The custom version script starts courierpop3login directly instead of pop3d, and syslog tags log entries accordingly. Got it, thanks! Regards, Mark
Re: Suggestions for remote server monitoring
On 5 Jan 2005, at 14:29, John Barton wrote: If you want to monitor resources on a remote system, try cacti. It has great graphing capability using RRD. One of my favorite features is being able to highlight a section of your graph and have it draw a new graph to zoom in on the area of concern. Has anyone got cacti running with Exim mailserver statistics? Regards, Philipp Kern -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Courier-IMAPs / POP3s login question
On Tuesday 04 January 2005 03:53, Jens Zahner wrote: martin f krafft wrote: Beyond the documentation and the comments in the files in /etc/courier, you mean? I couldn't find any helpfull information about ssl cert based auth neither in the files nor in the documentation and google couldn't help me too. Did you try this? # apt-get install courier-imap-ssl # man mkimapdcert # cat /etc/courier/imapd.cnf If so, try the courier-users mailing list or #courier on freenode. Regards, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Courier-IMAPs / POP3s login question
On Tue, Jan 04, 2005 at 08:48:57AM -0500, Mark Bucciarelli wrote: Did you try this? # apt-get install courier-imap-ssl # man mkimapdcert # cat /etc/courier/imapd.cnf As I understand, he want to authenticate users with ssl certs, not only to encrypt the imap transmission. I don't know if it's possible with courier-imap (I think no...), AW, the courier mailing list will be a better place to obtain such information ;) -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Autoreply
Tisztelt Érdeklõdõ! Köszöntjük a Súlykontroll Programba jelentkezõ sokszáz páciens között. Munkatársaink néhány napon belül telefonon fogják Önt megkeresni, hogy részletes felvilágosítást nyújtsanak Önnek a program mûködésérõl. A kapcsolat felvételéig szíves türelmét kérjük. Dr. Nagy Katalin Programvezetõ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: exim or postfix
Op ma, 03-01-2005 te 17:28 -0300, schreef Ing. Jorge Escudero: What POP or IMAP or Web mail Server use to exim on Debian? I'm not entirely sure I understand your question correctly. Do you mean What POP or IMAP daemon can I use with exim on Debian? or rather, Is there a Web mail client I can use with a POP or IMAP server and exim on Debian? If the first is what you're asking: Personally, I prefer IMAP; if you do as well, then have a look at dovecot or courier-imapd. I'm not too familiar with POP, so can't help you there. If the second is what you're asking, then you have quite a number of options. Most webmail thingies support IMAP and /any/ MTA, including exim; in fact, I have yet to see the first one that does not. In that area, my preference goes out to IMP, but of course you must make your own choices. Regards, -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
postfix logs
Am building a new server to replace one. (Trading Redhat for Debian) On the new machine, which is only recieving for one domain while in testing, Logcheck is reporting that postfix has a problem looking up rbl's. I am not running in a jail. (I still copied resolv.conf to postfix for giggles. I changed my resolve to have simply this. nameserver 127.0.0.1 Any thoughts would be appreciated dig @cbl.abuseat.org localhost returns results just fine. Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: 187.170.46.206.cbl.abuseat.org: RBL lookup error: Host or domain name not found. Name service error for name=187.170.46.206.cbl.abuseat.org type=A: Host not found, try again Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: 187.170.46.206.dul.dnsbl.sorbs.net: RBL lookup error: Host or domain name not found. Name service error for name=187.170.46.206.dul.dnsbl.sorbs.net type=A: Host not found, try again -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Courier-IMAPs / POP3s login question
On Tuesday 04 January 2005 08:55, Emmanuel Lacour wrote: As I understand, he want to authenticate users with ssl certs Courier can do SASL_PLAIN auth for imap and pop auth. See /etc/courier/imapd and /etc/courier/pop3d. Regards, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
postfix logs
Am building a new server to replace one. (Trading Redhat for Debian) On the new machine, which is only recieving for one domain while in testing, Logcheck is reporting that postfix has a problem looking up rbl's. I am not running in a jail. (I still copied resolv.conf to postfix for giggles. I changed my resolve to have simply this. nameserver 127.0.0.1 Any thoughts would be appreciated dig @cbl.abuseat.org localhost returns results just fine. Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: 187.170.46.206.cbl.abuseat.org: RBL lookup error: Host or domain name not found. Name service error for name=187.170.46.206.cbl.abuseat.org type=A: Host not found, try again Dec 13 17:04:36 deblists postfix/smtpd[10805]: warning: 187.170.46.206.dul.dnsbl.sorbs.net: RBL lookup error: Host or domain name not found. Name service error for name=187.170.46.206.dul.dnsbl.sorbs.net type=A: Host not found, try again -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Suggestions for remote server monitoring
On Wed, 5 Jan 2005 06:50:24 +0300 Peter Clark [EMAIL PROTECTED] wrote: What software would people recommend for remotely monitoring a server? I'm not talking about intrustion detection and whatnot, just keeping an eye on things like CPU load, memory, bandwidth usage, etc. Bonus points if it uses something like RRD--graphs and charts are not just pretty eyecandy for me. apt-cache show nagios Nagios will keep track of all your services - from http, to e-mail, to ftp, etc. as well as the number of running processes, disk usage, etc. It will also e-mail you when it sees a problem. It has a webpage admin interface that's pretty informative. The only thing I think it doesn't do is monitor bandwidth for you; that would require a different program. We have been using it for several servers at work for a while with good success. HTH, Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Suggestions for remote server monitoring
This one time, at band camp, Peter Clark said: What software would people recommend for remotely monitoring a server? I'm not talking about intrustion detection and whatnot, just keeping an eye on things like CPU load, memory, bandwidth usage, etc. Bonus points if it uses something like RRD--graphs and charts are not just pretty eyecandy for me. munin for local tests, nagios for the network ones. There is some overlap - munin can do network tests, but it seems they are best suited in those realms, at least so far. munin lacks the ability to directly alert an admin of a problem (although it can alert via nagios). nagios lacks decent graphing tools, while munin makes pretty RRD-graphs. HTH, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpr8E5UjhLLk.pgp Description: PGP signature
gpg to a pipe
Hi, I make my backups by tar and encrypt it by gpg. I do the job over pipe because I don't have too much disk space. The result is 28GB file backup.tar.gpg Then I send the file over ftp to backup server. Is it possible to send the file directly from a pipe? More precisely - gpg will write it's output to a pipe and ftp will read the data from the pipe. I tryed to do that, but I wasn't able to force gpg to write the encrypted data to a pipe. Can anybody help me? Many thaks. Regards Tony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: gpg to a pipe
Many thanks - it works. But there is another problem. I want ftp to read the file from a pipe. I get this error: local: backup.tar.gpg remote: backup.tar.gpg backup.tar.gpg: not a plain file. (backup.tar.gpg is a pipe) Is it anyhow possible to force ftp to read the file from a pipe? Many thanks [EMAIL PROTECTED]@lists.debian.org David Marceau wrote: Antonin Karasek wrote: I tryed to do that, but I wasn't able to force gpg to write the encrypted data to a pipe. gpg --armor --output=- --encrypt --recipient [EMAIL PROTECTED] backup.tar|more -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: gpg to a pipe
On Monday 03 January 2005 12:29, Antonin Karasek wrote: Many thanks - it works. But there is another problem. I want ftp to read the file from a pipe. I get this error: local: backup.tar.gpg remote: backup.tar.gpg backup.tar.gpg: not a plain file. (backup.tar.gpg is a pipe) Is it anyhow possible to force ftp to read the file from a pipe? Seems that netcat would be a better replacement for ftp for your case. It can read from pipes like so: your_command_here | nc -n 10.0.0.130 1000 (would send the output of your_command_here to host 10.0.0.130, port 1000, to a listening netcat there, which would presumably write its input to a local disk file) By the way, please don't top-post, it messes readability and loses context for the archives. -A -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: gpg to a pipe
It's a little hard-core, but I CAN pipe over ftp - I just found yout how. Fro a case, that anybody else need this, here is the script: #!/bin/bash date cd /backup mknod week.tar p mknod week.tar.gpg p tar -cpf week.tar --exclude=proc / echo password | gpg -c --passphrase-fd 0 \ --no-tty --status-fd 1 --output=- week.tar week.tar.gpg ftp -n the.server.com EOF quote USER user quote PASS password del week.tar.gpg put |cat week.tar.gpg week.tar.gpg ls bye EOF rm week.tar* date exit 0 ### end of script Many thanks for help Regards Tony Boris Pavlov wrote: you can not pipe thru ftp client. ftp is file-oriented. use ssh instead. wwell edi Antonin Karasek wrote: Many thanks - it works. But there is another problem. I want ftp to read the file from a pipe. I get this error: local: backup.tar.gpg remote: backup.tar.gpg backup.tar.gpg: not a plain file. (backup.tar.gpg is a pipe) Is it anyhow possible to force ftp to read the file from a pipe? Many thanks [EMAIL PROTECTED]@lists.debian.org David Marceau wrote: Antonin Karasek wrote: I tryed to do that, but I wasn't able to force gpg to write the encrypted data to a pipe. gpg --armor --output=- --encrypt --recipient [EMAIL PROTECTED] backup.tar|more -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
