Re: NIS woes.. Ubuntu nis client doesn't ping Debian nis Server
On Tue, 18 Aug 2009, Jesús M. Navarro wrote: PS: You know that NIS is an unsecure protocol only to be used if you are absolutly convinced you are tightly controlling all the clients that can attach to the network, do you? There are still good reasons to run NIS, and it can be done securely (even without NIS+). My setup has no passwords in the NIS maps - authentication is handled via KRB, LDAP, or AFS (depending upon the OS and level). A user can't get any more information from ypcat/ypmatch than they could from getent. I actually populate NIS from LDAP. The roughly equivalent to an AD-based Windows network, security and functionality-wise, would be LDAP+Kerberos+NFSv4 (plus a whole lot of other minor services like DNS, DHCP, automounters, cups, puppet, a local CA, etc.). Indeed, that is the basis of my work home network - and I'll be sticking with that instead of moving towards Samba 4. -- Rick Nelson Moonchild without an opinion? Satan is skating to work tomorrow! -- Brett Manz
Re: Sendmail to send mail only, using MX records
On Sun, 21 Jun 2009, Kelly Jones wrote: I have sendmail installed on etch, but not running as a daemon Why on earth would you do that ... sendmail, like any other MTA these days binds only to 127.0.0.1 by default. When I do: # echo Test | /usr/lib/sendmail f...@bar.com the logs show this: Jun 21 11:13:51 debian sendmail[3924]: n5LFDpSS003924: to=...@bar.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Right... Install sendmail-doc and read /usr/share/doc/sendmail/sendmail/SECURITY.gz For improved security, sendmail has been split into two pieces - the Mail Submission Agent/Program and the Mail Transport Agent. How can I tell /usr/lib/sendmail to do an MX lookup on bar.com and connect to that server, instead of connecting to localhost? You have two basic choices: 1) Allow sendmail daemon to start, things will just work ! 2) setup submit.mc in a null-client type setup using a smart host. I realize my command above has other errors, but if I can solve the MX-lookup issue, I'm sure I can get everything else working. There is no MX lookup issue, the issue is not understanding how sendmail works. I also realize I'll have to run sendmail -q -v regularly (via cron?) to flush any stuck messages. Doable, or you can let the default setup just work. -- Rick Nelson Knghtbrd Overfiend - BTW, after we've discovered X takes all of 1.4 GIGS to build, are you willing admit that X is bloatware? = Overfiend KB: there is a 16 1/2 minute gap in my answer acf knghtbrd: evidence exists that X is only the *2nd* worst windowing system ;) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Purge sendmail queue
On Thu, 18 Jun 2009, T o n g wrote: Is there any way to purge sendmail queue? 1) The Get a bigger hammer approach: /etc/init.d/sendmail stop rm -f /var/spool/mqueue /etc/init.d/sendmail start 2) The Not every problem is nail approach: man qtool This way, you can delete only messages for certain recipients, over a certain age, etc... -- Rick Nelson Knghtbrd Internet censorship. Because your children need to be protected from naked women, medical procedures, diverse cultures, and violent video games. knghtbrd (but information on building bombs, stealing cable, and manufacturing drugs is okay...) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Sendmail question
On Tue, 16 Jun 2009, kj wrote: I should know this but I'm drawing a blank, and google is only finding the things I'm not looking for. Man, I know the feeling How do I get sendmail to forget the MX lookups it's done for mail that are already in the queue, and check them again? I have a client who screwed up with their DNS, so there's a host of mail in the queue destined to a non-existent MX. 1) /etc/init.d/sendmail purgestat now -- purge sendmail host status 2) restart your caching DNS server (and every smtp server should have one) to make sure nothing is cached 3) nscd -i hosts -- though actually, you should disable host caching in nscd (or better, just purge the whole package) with all that out of the way, sendmail will lookup the current MX for each queue run. -- Rick Nelson lilo it's weird, when you go on a safari to Africa to catch a lion, you find it alive and it charges, and then you kill it lilo when you go on a safari to South Bay to find a Palm Vx, you find it dead and take it home and it charges after it arrives :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: ssh connection takes long time
On Fri, 13 Mar 2009, randall wrote: IMO the solution is not to tweak those subsystems and applications, but to get a valid rDNS record added to the DNS. Indeed, always best to have fully functional DNS, and no - for Linux at least, /etc/hosts is not functional DNS. agreed in principle, but since ssh is the only one (in my experience) that i ever encountered this inconvenience with, i wonder if the correct thing to do holds up in everyday usage. From `man sshd_config`: UseDNS Specifies whether sshd(8) should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is “yes”. And there are indeed other servers that are unhappy with poor DNS -- Rick Nelson dhd is there a special christmas pack for quake dhd where you get to be like the santa robot on futurama? dunham dhd: that would be a rather unbalanced game... Knghtbrd dunham: that's the idea. ;
Re: ssh connection takes long time
On Fri, 13 Mar 2009, randall wrote: And there are indeed other servers that are unhappy with poor DNS ftp comes to mind, its always the first thing i turn off when i install it for anything other then personal usage. :) I don't have that luxury (at work, but do use ftpd-ssl) The only use to correct reverse DNS i can see is in case of a mail server, if you want to filter dynamic and static IP's (but even this is theoretical since it is hardly used in practice) other then that i regard it as a feature that brings more problems then it solves. smtp, kerberos, tcpwrappers ... off the top of my head, surely thar be more dragons. -- Rick Nelson * aj thinks Kb^Zzz ought to pick different things to dream about than general resolutions and policy changes. Kb^Zzz aj - tell me about it, this is a Bad Sign -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Sendmail wants to auth local mails
On Sun, 1 Feb 2009, Andics László wrote: DAEMON_OPTIONS(`Name=MSA,Port=submission,Modifiers=aE') Check submit.mc for the msp feature line - you'll want to make sure the port is 25 instead of 587 ... something like: FEATURE(`msp', `[127.0.0.1]', `25')dnl -- Rick Nelson Ever heard of .cshrc? That's a city in Bosnia. Right? (Discussion in comp.os.linux.misc on the intuitiveness of commands.)
Re: Sendmail wants to auth local mails
On Fri, 30 Jan 2009, Andics László wrote: The original message was received at Fri, 30 Jan 2009 06:25:17 +0100 from r...@localhost Is localhost in /etc/mail/local-host-names ? and sendmail.mc has FEATURE(`use_cw_file')dnl # local-host-names - The following addresses had permanent fatal errors - root (reason: 530 5.7.0 Authentication required) (expanded from: root) - Transcript of session follows - ... while talking to [127.0.0.1]: MAIL From:r...@gophernet.hu SIZE=665 auth=r...@gophernet.hu gophernet.hu should also be in /etc/mail/local-host-names 530 5.7.0 Authentication required 554 5.0.0 Service unavailable My domain names is set fine, the sendmail config is the same that we used over 3 years with no problem, so I have no idea, what is wrong. Even the Google don't help, I just find an user with the same error. Please help me to solve this, if your have any idea. Do you use /etc/mail/access ? does it have any Connect: lines ? -- Rick Nelson Ooh, mommy, mommy, what I have now doesn't work in this extremely unlikely circumstance, so I'll just throw it away and write something completely new. -- Linus Torvalds
Re: Sendmail wants to auth local mails
On Sat, 31 Jan 2009, Andics László wrote: I have these two Connect lines: Connect:localhostRELAY Connect:gophernet.huRELAY looks ok I have really no idea what is wrong with this. Anyway, thanks for the answer. Any Srv_Features lines ? -- Rick Nelson Where in the US is Linus? He was in the Promise Land. -- David S. Miller da...@caip.rutgers.edu
Re: Sendmail wants to auth local mails
On Sat, 31 Jan 2009, Andics László wrote: Any Srv_Features lines ? No, my access file is have only those two Connect lines. Ok, what does your DAEMON_OPTOINS line look like, M=a will cause this -- Rick Nelson The purpose of having mailing lists rather than having newsgroups is to place a barrier to entry which protects the lists and their users from invasion by the general uneducated hordes. -- Ian Jackson
Re: FQDN vs. domain in /etc/hosts
On Sun, 4 Jan 2009, Stefan Schmidt wrote: Hello, Howdy in my understanding the /etc/hosts file should contain an entry with the FQDN of the host. 123.123.123.123 hostname.domain.tld hostname Yes, that is the proper format and order I would for simplicity prefer to use a domain name instead of a FQDN. 123.123.123.123 domain.tld hostname Don't do that, it'll bite you - eventually In my DNS-configuration I can define an IP- address for both the domain name and the subdomain. domain.tld - 123.123.123.123 subdomain.domain.tld - 123.123.123.123 Yes you can, and this may, or may not come back to bite you So both addresses are unambiguous. For what reason now would I need a FQDN? Why wouldn't a domain name suffice? What happens when you want/need to add another machine ? Many network daemons/tools will query the available interfaces and collect ip addrs/names... Allowing a hostname to also be the domain name can cause problems. -- Rick Nelson * Knghtbrd assigns 3 to Chris * variable wonders who else is named chris besides me Knghtbrd variable - you. = * Knghtbrd waits for variable to dramatically say I feel SO used! variable Knghtbrd: :) * variable ++ variable :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Very slow bind 9
On Thu, 6 Nov 2008, Julian De Marchi wrote:
It uses them to determine the NS for the domain name you want. to run
bind at its quickest, using your own root zone can help.
That makes sense. By default . is type hint.
I aggregate a root zone to run on my name servers. You may grab the
zone if you would like to give it a try. slave '. zone from 58.6.115.46.
Can you share the aggregation script ?
I haven't looked at opennic since my last cross-country move -
maybe 'tis time to re-investigate
zone . IN{
[snip]
};
Once this done, you will have no need to forward to your ISP.
Hope that helps!
But he is exposed if your master ever moves, or you quit allowing
remote access (even axfr) traffic to the zone ;)
This seems like a very useful idea, and would benefit even ISP traffic
if they provide a similar service.
--
Rick Nelson
slackware users don't matter. in my experience, slackware users are
either clueless newbies who will have trouble even with tar, or they are
rabid do-it-yourselfers who wouldn't install someone else's pre-compiled
binary even if they were paid to do it.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How To Hash passwords with SHA-1 in pam?
On Sat, 25 Oct 2008, Chris Hiestand wrote:
Is there an out of the box solution to authenticate SHA-1 passwords via pam?
And yes, I know SHA-1 is pretty much cryptographically broken, but I would
still like to find support for it.
Move the user data to LDAP:
Operations (RFC 3062). The hash must be one of {SSHA}, {SHA},
{SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. The default is {SSHA}.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the
latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter
with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be added to
userPassword as clear text.
--
Rick Nelson
C'mon! political protest! sheesh. Where's that anarchist spirit? ;-)
-- Decklin Foster
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mails stay in /var/spool/mail, without being forwarded
On Sat, 18 Oct 2008, T o n g wrote: Most Linux systems are set up to use procmail as the local delivery agent by default, so you should not have to set up a .forward. Or there is something else? procmail is optional, and so can not be the default MDA In Debian, sensible-mda(8) is the default MDA, and it, in turn will use one of procmail(1), maildrop(1), deliver(8), or mail.local(8) Ah, thanks for the explain. I hope that such default MDA configuration can be stored in debconf DB so that I can pre-seed it before (debootstrap) installation. dpkg-reconfigure -p low sensible-mda produces nothing configurable. You missed the whole point of sensible-mda(8) - it uses whatever common MDA it can find... If you want to force a MDA, edit sendmail.mc ! Which ever you choose, make sure there is a a link for it in /etc/mail/smrsh (you update them with /usr/share/sendmail/update_smrsh) YES, running /usr/share/sendmail/update_smrsh without any parameters solved my problem. Just that, Previously there is only one link there. lrwxrwxrwx 1 root smmsp 26 10-10 15:41 mail.local - /usr/lib/sm.bin/ mail.local* Having run /usr/share/sendmail/update_smrsh, there are 2 links there. lrwxrwxrwx 1 root smmsp 17 10-17 22:14 procmail - /usr/bin/procmail* is added. Is it normal? Should /etc/mail/smrsh contains only one link? The directory is rebuilt whenever sendmail is upgraded, or you run the command by hand Until Debian has a way for packages to register hooks and see install/remove activity, this can't be automated further Further, where can I get help on /usr/share/sendmail/update_smrsh? $ file /usr/share/sendmail/update_smrsh /usr/share/sendmail/update_smrsh: POSIX shell script text executable $ wc -l /usr/share/sendmail/update_smrsh 94 /usr/share/sendmail/update_smrsh $ vi /usr/share/sendmail/update_smrsh /usr/share/sendmail/update_smrsh -h is no use. $ man update_smrsh No manual entry for update_smrsh I gladly take patches ;^) -- Rick Nelson Less is more or less more -- Y_Plentyn on #LinuxGER -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mails stay in /var/spool/mail, without being forwarded
On Fri, 17 Oct 2008, T o n g wrote: I use sendmail as the default MTA, and have ~/.procmailrc for filtering my mails. However, in my newly installed system (Lenny), my mails stay in /var/ spool/mail without being forwarded. Most Linux systems are set up to use procmail as the local delivery agent by default, so you should not have to set up a .forward. Or there is something else? procmail is optional, and so can not be the default MDA In Debian, sensible-mda(8) is the default MDA, and it, in turn will use one of procmail(1), maildrop(1), deliver(8), or mail.local(8) Which ever you choose, make sure there is a a link for it in /etc/mail/smrsh (you update them with /usr/share/sendmail/update_smrsh) If all that is kosher, I'll need to some logfile snippets to determine why the .procmailrc file isn't being used -- Rick Nelson Flood netgod: I also have a Evil Inside T-shirt (w/ Intel logo).. on the back it states: When the rapture comes, will you have root? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian packages for loop-aes maintained by ???
On Wed, 15 Oct 2008, markus reichelt wrote: http://hinterhof.net/debian/ doesn't list loop-aes packages (among other stuff) anymore, for quite some time now. Is there a new maintainer? Where are the packages? Is this what you want: apt-cache show loop-aes-source -- Rick Nelson Phase no... I musn't have any more coffee !!! ;) Simunye sure yu do Phase :) Phase you really want me bouncing off the ceiling? Simunye yesh :) kira_ bouncing off the ceiling is gewd Phase ok, that was a silly question kira_ it's splatting on the floor that's the problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kerberos with LDAP backend / Replace active directory
On Tue, 14 Oct 2008, Clifford W. Hansen wrote: I take it I will need to get a Krb5 schema file for ldap? Yes, and iirc, one comes with Heimdal package (likely in /usr/share/doc) if you can't find one, let me know Yea I'm not actually sure why we need kerberos, but my boss seems to think we do... It is a prety nice environment, Single Sign On, dual-trust, etc... It, unfortunately, failed to learn from AFS in that you can only be in one Kerberos realm at a time (I routinely am in at least three AFS realms) Actually I had previously looked at these doc, (and forgot about them) *thanx* Now the only problem is that I don't get a kerberos ticket when logging in to the samba domain from windows... No you wont... Samba 4 is a NT4 PDC/BDC - no Kerberos :( Note that even current stock Samba does support Kerberos auth from Linux! You'll either need Samba 4 (in experimental, iirc), or (shudder) delegate authentication to a real Windows PDC -- Rick Nelson toor netgod: what do you have in your kernel??? The compiled source for driving a space shuttle??? Spoo time to make a zip drive your floppy drive then. if the kernel doesn fit on that, the kernel is an AI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kerberos with LDAP backend / Replace active directory
On Fri, 10 Oct 2008, Clifford W. Hansen wrote: Has anybody set this up before and have documentation on how to replicate it. I had an existing LDAP setup for Linux/AIX/Samba - and it was trivial to get Heimdal-kdc up and running using the existing LDAP database, just had to add the requisite Krb5Principal entries to LDAP Basically what I am doing is trying to replace our Active Directory, with a samba domain. I didn't need anything beyond a NT4 domain - so the combination worked fine for me... If you rely on anything beyond NT4 domain, you'll need samba4 (in experimental) -- Rick Nelson Now I know someone out there is going to claim, Well then, UNIX is intuitive, because you only need to learn 5000 commands, and then everything else follows from that! Har har har! (Andy Bates in comp.os.linux.misc, on intuitive interfaces, slightly defending Macs.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Heimdal Kerberos XDM and Login
On Sat, 4 Oct 2008, Kelly Clowers wrote: On Sat, Oct 4, 2008 at 9:31 PM, Jason C. Wells [EMAIL PROTECTED] wrote: Does anyone know of a package for kerberized login and XDM, preferably heimdal? I wasn't able to scare one up. Login and xdm should use PAM, so as long as you have libpam-heimdal and have setup PAM correctly, everything should work. And indeed they do work just fine, thank you ... I'm using Heimdal at work home with Kerberos pwd for most all authentication. -- Rick Nelson RFC 882 put the dot in .com, not Sun Microsystems -- Seen on Slashdot -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: General Protection Fault in openafs, 2.6.25 and 2.6.26 kernels
On Mon, 29 Sep 2008, Andrew Perrin wrote: Using debian testing (lenny) and self-compiled 2.6.25 or 2.6.26 kernels, I get the following GPF: Sep 29 16:08:47 che kernel: general protection fault: [#1] SMP ... Sep 29 16:08:47 che kernel: Call Trace: Sep 29 16:08:47 che kernel: [f94ce7c5] afs_osi_TraverseProcTable+0x12/0x5e [openafs] Sep 29 16:08:47 che kernel: [f94d4deb] afs_GCPAGs+0x9e/0x164 [openafs] Sep 29 16:08:47 che kernel: [f94c3745] afs_Daemon+0x4ce/0x512 [openafs] Sep 29 16:08:47 che kernel: [f95130ee] afsd_thread+0x484/0x656 [openafs] Sep 29 16:08:47 che kernel: [f9512c6a] afsd_thread+0x0/0x656 [openafs] Sep 29 16:08:47 che kernel: [c01039e3] kernel_thread_helper+0x7/0x14 Sep 29 16:08:47 che kernel: === ... This does *not* happen using 2.6.24 compiled with essentially the same .config file. Using the latest openafs-modules-source: 1.4.7.dfsg1-5. Odd... I'm on Sid, openafs 1.4.7-dfsg1-5 and 2.6.26.5 without issues The failing function seems like maybe you didn't enable some legacy proc stuff that OpenAFS may be depending upon -- Rick Nelson #if _FP_W_TYPE_SIZE 32 #error Here's a nickel kid. Go buy yourself a real computer. #endif -- linux/arch/sparc64/double.h -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: request for troubleshooting assistance - ldap authentication
Check the URI/host spec in /etc/libnss-ldap.conf to make sure it is valid... there was a revision or few that mucked up in converting from host to uri. the syntax should be: uri ldapi:///(if you enabled that) uri ldap:/// or ldap://fqdn/ uri ldaps://localhost:636/ The next problem comes in if ssl is in use, there are issues with the code in determining to use ldaps:/// vs ldap:/// :( So if you need ssl, either use TLS, or force the port to :636 a few checks: getent passwd uid ldapsearch -Hldap:/// uid=uid -- Rick Nelson I'd crawl over an acre of 'Visual This++' and 'Integrated Development That' to get to gcc, Emacs, and gdb. Thank you. -- Vance Petree, Virginia Power -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unable to remove trousers
On Tue, 8 Jul 2008, jpk wrote: Date: Tue, 8 Jul 2008 20:50:28 +0200 From: jpk [EMAIL PROTECTED] To: debian-user@lists.debian.org Subject: Unable to remove trousers Resent-Date: Tue, 8 Jul 2008 18:51:05 + (UTC) Resent-From: debian-user@lists.debian.org Hi, today I tried to remove trouers, using aptitude and dpkg, everytime I give it a try, I receive following message: Stopping Trusted Computing daemon: invoke-rc.d: initscript trousers, action stop failed. dpkg: error processing trousers (--remove): subprocess pre-removal script returned error exit status 1 Starting Trusted Computing daemon: tcsd. Errors were encountered while processing: trousers I tried, I really tried but goatpr0n and inability to remove trousers was just... too much... /me thinks that the Trusted Computing daemon has noticed something amiss and is reluctant to release control over this machine :) -- Rick Nelson I develop for Linux for a living, I used to develop for DOS. Going from DOS to Linux is like trading a glider for an F117. (By [EMAIL PROTECTED], Lawrence Foard) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ??: Stunned by aptitude.
On Mon, 7 Jul 2008, Barclay, Daniel wrote: Screw you and the stupid Microsoft shit that FGM uses. I've been trying to gather evidence to show that our mail server (or its configuration) is corrupting messages (turning plain-text messages into HTML messages) and causing problems (e.g., this tangent of the Stunned by aptitude thread). So same first two words to you. You could've done all this yourself - by sending a mail from work to a non-work account (like gmail/etc) and inspecting the headers... Not only is it using Microsoft software, but it is poorly configured (the RDNS failure in the header). -- Rick Nelson Knghtbrd Trust us, we know what we're doing... We may have no idea HOW we're doing it, but we know WHAT we're doing. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail and HostStatus handling
On Wed, 14 May 2008, NFN Smith wrote: If I set DAEMON_HOSTSTATS=No; in sendmail.conf, then sendmailconfig deletes /var/lib/sendmail/host_status, as described in relevant documentation. However, somewhere along, sendmail is still trying to write to that directory on the regular runs of the sendmail queues (in my case, every 20 minutes), and I get an error Warning: Cannot use HostStatusDirectory = /var/lib/sendmail/host_status: No such file or directory This was tweaked somewhere after your version to also update sendmail.mc - I can't recall when... I've had more than a few drinks since then... -- dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE dnl undefine(`confHOST_STATUS_DIRECTORY')dnl#DAEMON_HOSTSTATS dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE -- when DAEMON_HOSTSTATS=No, this undefine is uncommented - and that is what you need to prevent those error messages. I don't think there's any compelling reason to enable HostStatus, and I don't think there's any significant performance difference by having it enabled. I use it more for diagnostic purposes - so I know what relay hosts are giving me fits... but you are correct, sendmail caches hoststatus information in-memory, and does its aging there. I have disk-based status information that I manually clear out roughly quarterly. -- Rick Nelson netgod heh thats a lost cause, like the correct pronounciation of jewelry netgod give it up :-) sage and the correct spelling of colour :) BenC heh sage and aluminium BenC or nuclear weapons sage are you threating me yankee ? sage just cause we don't have the bomb... BenC back off ya yellow belly -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ASMTP with PAM: Easiest route?
On Wed, 14 May 2008, Paul Johnson wrote: Going from a completely fresh prospective, what MTA makes it easiest to set up ASMTP, checking against PAM for passwords? You should probably use SMTP AUTH, it took me a minute to decode ASMTP, and was only able to do so by context. But that said, pick whatever you are most comfortable with, you don't necessarily need SMTP support here - you can do it all with SASL/PAM, and it scales pretty well. If your users are in LDAP, as mine are, switching from libnss-ldap to libnss-ldapd can be pretty big win resource-wise. -- Rick Nelson finlandia:~ apropos win win: nothing appropriate. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail configuration
On Wednesday 19 March 2008 03:21:17 am Andrius wrote: how to configure Sendmail to send a messages through ISP SMTP server? Install sendmail-doc and check /usr/share/doc/sendmail/cf.README.gz for SMART_HOST ( define(`SMART_HOST', `your.isp.smtp.server')dnl ) On Wed, 19 Mar 2008, Paul Johnson wrote: It's probably best to avoid sendmail if you're new to setting up email and go with the debian default of exim instead. I'll assume you were trying to be helpful (and simply failed), and not trying to start another MTA pissing contest. -- Rick Nelson * Knghtbrd crosses his toes Knghtbrd (if I crossed my fingers it would be hard to type) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bash crashes on tab completion of usernames (with nss-ldap)
On Wed, 20 Feb 2008, Alex Samad wrote: Ah, that is what I missed before... tab completion of user names not directory entries yeah only on username expansion Please also check for group entries malloc: unknown:0: assertion botched free: start and end chunk sizes differ last command: ls -l Does the libnss_ldap version swap that caused this also correspond to when libnss_ldap also switched to the newer libldap libraries ? Please also show the output of id -a root id -a some user in ldap There is another report showing errors here, and I wonder if they may be related: # id -a root uid=0(root) gid=0(root)id: failed to get groups for user `root': No such file or directory -- Rick Nelson lp1 on fire -- One of the more obfuscated kernel messages -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bash crashes on tab completion of usernames (with nss-ldap)
On Wed, 20 Feb 2008, Alex Samad wrote: When i try this ls ~altab Ah, that is what I missed before... tab completion of user names not directory entries malloc: unknown:0: assertion botched free: start and end chunk sizes differ last command: ls -l so readers, how can I debug this further and has any one else seen this problem on their machines ? are you running nscd ? does `getent passwd` show you all the users ? I have had a look at the libnss-ldap code and the change set is rather minor (although I have only looked at the diff not the resulting code). I can't see why one shell would work and the others fail, unless they do their own expansion instead of usernames instead of using whatever the nss services provide (if anything). I must confess to never really looking at the nss functionality in detail, for me it was enough that, unlike AIX, it just pretty much works (with some nasty caveats if you're using nscd and have multiple sources for data). -- Rick Nelson A feature is nothing more than a bug with seniority. -- Unknown source -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: X ignores keyboard and mouse input, but shows cursor movement (etch)
On Fri, 14 Sep 2007, Ralph Katz wrote: Problem: X ignores keyboard and mouse input, but shows cursor movement and running apps update normally on-screen in visible windows (gkrellm, gaim, etc). I regularly see a similar problem on several boxen - and have for quite some time. * Mouse cursor moves, and can select windows (maximize/minimize) * Can not select items in a window (firefox/etc) with mouse * No keyboard response in any window All boxes are Sid - kept current daily. I first thought it might be hibernate/resume related - but when it started happening on my desktop I discounted that :) It may, however, be power related - I don't recall seeing the issue before I enabled conservative(amd_64 desktop) or on-demand(intel_64) power management. On the laptop, things are often fine until after a resume, I run ntpdate to correct the clock. CTRL-ALT-BACKSPACE (killing the WindowMaker session) always gets me out of the problem, but it isn't fun. -- Rick Nelson miguel `You have been unsubscribed from the high energy personal protection devices mailing list' miguel I dont remember getting into the mailing list -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Howto set headers from sendmail.mc
On Fri, 17 Aug 2007, Sergio Belkin wrote:
I add a header setting in sendmail.cf (I added something as
H?X?X-Authorization-Id: how=${auth_type} who=${auth_authen}
, but everytime that I rebuild it via m4 (I use mainly sendmail.mc),
header settings are lost.
You can add that same line to sendmail.mc:
...
LOCAL_CONFIG
H?X?X-Authorization-Id: how=${auth_type} who=${auth_authen}
...
Now you no longer have to worry about loosing the update
--
Rick Nelson
Knghtbrd I really don't want much at all... Just a kind word, an
attractive woman, and UNLIMITED BANDWIDTH!!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: No auth and nonauth sendmail in same config.
On Thu, 16 Aug 2007, Sergio Belkin wrote: Hi community ehlo I have an authenticated sendmail. I want to modifiy it in order to: *All mail sent to mydomain.com is not authenticated *All mail sent to any domain different as mydomain.com be authenticated (TLS included). Is that what you really need, or is this a way to accomplish some other goal? SMTP AUTH/TLS is to the server, and the server cares not if it is the destination, or simply a hop along the way. For testing and boredom relief, I setup * My laptop uses TLS/AUTH betwixt the MSP and MTA on localhost which then uses TLS/AUTH to connect my home server and TLS to talk to other MTAs * My home server accepts, but does not require TLS/AUTH for local lan connections, but requires TLS/AUTH for port 587 and uses TLS/AUTH to talk to my ISP, but only TLS when talking to other MTAs. Add dk/dkim to the mix, and it easy to have most of your mails wind up with more headers than body :) How can I do that? (I don't refer to complete procedure, but how can I do to separate mail by destination) I was looking at access and mailtertable but it seems that those don't help me. You can control what the MTA requires and/or allows for each connection it answers, or it originates (based on DNS fqdn, IP, CN, etc.) You can do all of this with the access and/or authinfo databases just make sure you have FEATURE(`authinfo')dnl in sendmail.mc install, if you've not already, sendmail-doc and peruse /usr/share/doc/sendmail/cf.README.gz, especially the section 'SMTP AUTHENTICATION' http://www.sendmail.org/~ca/email/auth.html has a decent walk-through on setting this up and debugging it. Thanks in advance! Good luck, and fee free to ping me if you need more help -- Rick Nelson lilo it's weird, when you go on a safari to Africa to catch a lion, you find it alive and it charges, and then you kill it lilo when you go on a safari to South Bay to find a Palm Vx, you find it dead and take it home and it charges after it arrives :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail +SASL +openldap
On Mon, 13 Aug 2007, Sergio Belkin wrote: Hi community Hello I have to authenticate Sendmail using openldap (I can't choose another SMTP is for my job, also I've already got cyrus-imap using sasl and openldap). I use sendmail/openldap/dovecot Should I SASL in order to integrate both sendmail and openldap. Or does another way exist of performing this task? To have sendmail recognize a user in ldap as local, the getpw* functions will need to work. This means you should make sure libnss-ldap is installed and working (and `getent passwd user` works) You will still likely want SASL setup (libsasl2, libsasl2-modules, sasl2-bin) so you eventually setup SMTP AUTH with other than PLAIN/LOGIN. -- Rick Nelson [In 'Doctor' mode], I spent a good ten minutes telling Emacs what I thought of it. (The response was, 'Perhaps you could try to be less abusive.') (By Matt Welsh) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: can't receive mail
On Tue, 14 Aug 2007, Steve Kleene wrote: I am trying to replace my old Red Hat 6 mail server with an Etch machine. Welcome At the moment, the Etch machine can send mail but not receive it. In all cases I am using sendmail. The default installation of sendmail only listens on localhost. Check /etc/mail/sendmail.mc for DAEMON_OPTIONS(.. lines, it likely contains ', Addr=127.0.0.1' if it does, remove that string - leaving the rest of the line intact. then, `make -C /etc/mail` to rebuild sendmail.cf lastly, /etc/init.d/sendmail restart 3. If I switch the Ethernet connection back to Old Syrano, the message is delivered there with some delay. It appears to have been waiting at a mail relay within the university system. Exactly, email is a store-and-forward system, your new box was not accepting mail from the world - and thus got suck on an earlier hop. -- Rick Nelson Connection reset by some moron with a backhoe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problem with sendmail, error code 67.
On Tue, 3 Jul 2007, Shams Fantar wrote: If there is truly nothing in /var/log/mail.log, it implies that sendmail saw the mail recipient as being local, and as such, refused to accept the mail for a non-existant local user. Yes, you are right. As if that was ever in question :) But, what is the solution ? I have no idea... Logs of errors : http://jumble.snurf.info/pb_sendmail Your basic problem is the common case 'Broken DNS' * Domain of sender address [EMAIL PROTECTED] does not exist Is sethurf part of the linux62.org domain ? If so, you are likely missing 'always add domain' and likely masquerade settings for sendmail, and also missing a DNS entry for sethurf. * l63FQslM017895: [EMAIL PROTECTED], ... DSN: User unknown This implies that the current host thinks it is linux62.org, but does not have a user by the name of sfantar. However, I don't buy this message because it appears to be fallout from a mis-parse of the original rejection based on thesurf not being resolvable (they both use the same dsn code: dsn=5.1.8) You appear to be new MTA setup/mgmt issues, and may best be served by visiting the IRC channel #sendmail on freenode... There are many knowledgable people there, and I am usually there as one (or more of) cowboy/outlaw/renegade - depending upon my location/mood. -- Rick Nelson Myxie I know. Unless htere is a cookie monster somewhere between us tat muches the amil. Myxie amil/mail Myxie muches/munches tat/that htere/there HippieGuy heheh HippieGuy problems? :) * Myxie needs an ircii addon that pipes teh command line through ispell :) -- Seen on #Debian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problem with sendmail, error code 67.
On Mon, 2 Jul 2007, Shams Fantar wrote: I have used Google to have the answers at my problem, but I did not find anything. You need more practice, the 1st page of my only search turned up this: -- Take a look at /usr/include/sysexits.h on your system. It lists all of the standard exit codes for programs. On a Linux 2.0.35 system I have: #define EX_NOUSER 67 /* addressee unknown */ And further up: * EX_NOUSER -- The user specified did not exist. This might * be used for mail addresses or remote logins. If I make 'sendmail -s testing [EMAIL PROTECTED]', the prompt doesn't come back and there is no message. But if I make 'mail -s testing [EMAIL PROTECTED]', I have an error message : Can't send mail: sendmail process failed with error code 67 sendmail and mail are different commands, with different syntax, it isn't surprising that you see different results. My php.ini for mail() : sendmail_path = /usr/sbin/sendmail -t -i Looks good If I want to use mail(), I can't ! Because you are passing bad data, have a misconfigured mta, or both. There is nothing in the logs. If there is truly nothing in /var/log/mail.log, it implies that sendmail saw the mail recipient as being local, and as such, refused to accept the mail for a non-existant local user. -- $ mail -stesting [EMAIL PROTECTED] . Cc: Null message body; hope that's ok /home/cowboy/dead.letter... Saved message in /home/cowboy/dead.letter Can't send mail: sendmail process failed with error code 67 - -- Rick Nelson hop kb: I demand integrity and honesty in those who i do business with hop i know my demands are unreasonable, but a guy can dream, can't he? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: synchronize sendemail / cyrus / ftp / ssh password
On Sat, 23 Jun 2007, Till Wimmer wrote: i'm running a server for several customers using cyrus/IMAP, sendmail, apache2 and ssh. I'm looking for a way to store all the passwords for them in _one_ database so i can manage them easily by a web interface. By artifically tying the database concept to a GUI, you may limit your choices severely. My solution was to store the passwords in a MySQL table. Now the problem is that cyrus and sendmail use sasldb for authentication, but ssh uses PAM. I use LDAP for sendmail, apache2, sasl, pam, and dovecot (instead of cyrus). All non-system users are defined in ldap, and can logon to any machine that happens to be replicating the database. This is rather unsatisfying because libpam_mysql, libsasl2_modules_sql and mod_auth_mysql (apache) all have quite different approaches / ideologies. Yes, even with LDAP there are a few things that make you go 'wtf?!?' I had to store the passwords in plaintext because of the sasl interface, but the new mod_auth_mysql will allow encrypted passwords only... that's only one of the issues. I have slapd store the passwords in crypt format - so normal shadow services continue to work as before Maybe somebody is using a similar configuration? I'm a small shop, but found it easier to help others if I ran my setup closer to theirs -- Rick Nelson That's the funniest thing I've ever heard and I will _not_ condone it. -- DyerMaker, 17 March 2000 MegaPhone radio show -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BellSouth DSL with Static IP
On Sat, 17 Mar 2007, Michael Lueck wrote: We are seeing web pages that state that BellSouth's DSL requires PPPoE installed in Linux verses being configured in the Netopia device. When I had BellSouth service, I completely ignored their instructions (and required windows only install CD) and set my netopia up for PPPoE - and it just worked. The only issue was having to call tech support and have them assign me a uid/pwd (because I couldn't use the windows cd) :( I lied and said the CD arrived broken, and I needed the service up asap. Does anyone have a clue how to configure the Debian Sarge PPPoE client to use a specific IP address? In the ppp options files, you can force a static IP, but inmnsho, you're far better off to do pppoe in the modem and let the modem serve DHCP for the lan behind it. If you do setup pppoe on a box behind the modem, you're going to limit yourself to one computer (or you'll have to make the linux box a router). BellSouth, back when I used them, did not like a network being attached - they wanted to charge per box and provide their own equipment. -- Rick Nelson (I tried to get some documentation out of Digital on this, but as far as I can tell even _they_ don't have it ;-) -- Linus Torvalds, in an article on a dnserver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BellSouth DSL with Static IP
On Sat, 17 Mar 2007, Michael Lueck wrote: We can indeed surf reverting back to the default settings. Indeed, default settings include the PPPoE end point being the Netopia. However, by default it NAT's the connection which makes the fact they include 5 static IP's basically useless. No, on my 3547, and I'll bet his system, you can use pin holes (port forwarding) and/or ipmaps (nat translation) to expose as little, or as much of the internal network as you need. My netopia takes one address (and is what the internet sees for my wifes windows box), I have a few IPs routed directly to my Linux box, and a few pinholes to reach miscellaneous things externally. Check out config-advanced, I like the flexibility of the netopia over any other stock dsl modem I've seen (unless BS crippled it - my ISP here shipped me a severly crippled westell, so I'm still using my bought netopia) -- Rick Nelson Basically, I want people to know that when they use binary-only modules, it's THEIR problem. I want people to know that in their bones, and I want it shouted out from the rooftops. I want people to wake up in a cold sweat every once in a while if they use binary-only modules. -- Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: following recent upgrade
On Tue, 5 Dec 2006, Tom Allison wrote: ntpd returns a permission denied error! All the files are ntp owned... btdt :( every time I've seen that, there have been multiple ntpd daemons running - something in the postinst doesn't properly kill the prior daemon. do `ps aux | grep ntpd` (or just killall ntpd) - make sure none are about and then start it - it should now start fine -- Rick Nelson Avoid the Gates of Hell. Use Linux -- unknown source -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SATA Drives and 2.6.x (WAS: Re: 2.6.16-2-686 not booting: Waiting for root filesystem)
On Sun, 17 Sep 2006, Marc Shapiro wrote: So, SATA drives will 'just work' with a 2.6.x kernel? I'm running SATA (1) on: * ASUS av7600 (non-native) * Intel 945/ICH7 (native) * Intel other (powered off at the moment) In general, things just work... you may have to tell your bios to enable the SATA channel, and likely tell it to run SATA native (or you get IDE emulation). The Debian 2.6 kernels work pretty damn well, except for very new hardware ! My Thinkpad T60 is not at all stable with Linux, even with a tailored kernel (but does run fine under Windows) :( -- Rick Nelson By golly, I'm beginning to think Linux really *is* the best thing since sliced bread. (By Vance Petree, Virginia Power) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail in Sarge and Etch
On Thu, 14 Sep 2006, T.J. Duchene wrote: What is the appropriate list for this? Bugs? Yes, bugs, or directly to the maintainer I'm not sure if you would really consider this a flaw or not. I do, but then I've had more experience with Sendmail than most. A flaw, but a cosmetic one This, of course, is not permitted. While the generated sendmail.cf file appears to work (I haven't inspected it.), this causes an error every time that sendmail is configured. This has been a long standing problem - over a year. It not only appears to work, but in fact does work I'd also like to suggest enabling some of the more commonly used features, such as virtusertable and blacklisting. I hear the maintainer gladly accepts patches, and has only refused one thusfar :) I'd rather use the Debian stock packages rather than have to replace sendmail every time I update. I can even donate a preconfigured sendmail.mc file if it will help. You're making alot of work for yourself edit sendmail.mc once, and help the maintainer fix sendmailconfig, or don't use it and your file will not be overwritten - no need to replace sendmail or build your own -- Rick Nelson toor netgod: what do you have in your kernel??? The compiled source for driving a space shuttle??? Spoo time to make a zip drive your floppy drive then. if the kernel doesn fit on that, the kernel is an AI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: testsaslauth works but sendmail will not authenticate -- please help.
On Mon, 12 Jun 2006, John Covici wrote: I have a Debian system where I have the sasl2 library set up -- there were some problems doing that which I will get to in another message, but the main problem is that I have used testsaslauthd with a userid and password using my imap server for authentication. The imap server uses a mysql database and that part works. Now, what baffles me is that sendmail will still not authenticate -- even though I have pwcheckmethod: authdaemond it still tries to use pam somewhere and it fails. I've never used authdamon for SASL - but your comment about PAM usage is interesting... You'll want to verify the following settings in /etc/mail/sasl/Sendmail.2 auto_transition: -- should be false pwcheck_method: -- make sure it only has your authdaemon, not also auxprop allowanonymouslogin: -- probably not relevant, but check allowplaintext: -- this may need to be set to 0 My understanding, is that for plaintext passwords, PAM is called by SASL and /etc/pam.d/smtp is used for authentication. For non-plaintext, the pwcheck_method kicks in -- Rick Nelson netgod my client has been owned severely netgod this guy got root, ran packet sniffers, installed .rhosts and backdoors, put a whole new dir in called /lib/ , which has a full suite of smurfing and killing tools netgod the only mistake was not deleting the logfiles netgod question is how was root hacked, and that i couldnt tell u netgod it is, of course, not a debian box * netgod notes the debian box is the only one left untouched by the hacker -- wonder why -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Broken sendmail
On Mon, 27 Mar 2006, Steve Johnson wrote: 1) SMTP AUTH/SASL wont authenticate.. Everything looks right, but if I look at the log files when someone tries to authenticate, it says a possible SMTP hack has occured. *shrug* The full message would be very helpful 2) I can't send mail from the local machine. So if I log into this box, and try to send mail via mutt or ever directly through sendmail, it sits in a queue wiht a defered error also says 127.0.0.1 connection refused, but I can telnet to 127.0.0.1 on this box and hand enter an e-mail and it sends just fine. This has something to do with teh /var/spool/mqueue-client and MSP queue. Again, I'd like to see why the mail is defered If anyone has any ideas, or a working debian sendmail.mc, I would really appreciate your help. Send me your sendmail.mc, and some of the error messages, and we'll get you going -- Rick Nelson quit When the quit statement is read, the bc processor is terminated, regardless of where the quit state- ment is found. For example, if (0 == 1) quit will cause bc to terminate. (Seen in the manpage for bc. Note the if statement's logic) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Boot hang at Starting: MTA
On Mon, 20 Jun 2005, Elmer E. Dow wrote: I was traveling on business and attempted to connect to the Internet (mail and browse) via a network at the office where I was working. Now that I'm home I notice that when booting the system hangs for approximately 60 seconds at Starting: MTA. MTAs like to have a working DNS, it sounds like your hostname is not resolvable during MTA startup. You'll have similiar issues with apache, squid, etc. You can either: 1) install a caching DNS (bind9, etc) 2) make sure /etc/hosts has an entry for your box -- Rick Nelson Microsoft is a cross between the Borg and the Ferengi. Unfortunately, they use Borg to do their marketing and Ferengi to do their programming. -- Simon Slavin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: squirrelmail+sendmail
On Thu, 9 Jun 2005, Chavdar Videff wrote: Recently my boss wanted to be able to check his mail through a web interface when he is abroad. After some initial searching I decided to test Squirrelmail. Installation and initial configuration was OK. It is now accessed through the browser. Try dovecot - it includes both pop and imap servers, and setup was trivial -- Rick Nelson Manoj shaleh: I am not, despite your implication, God -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Logrotate + sendmail work bad
On Wed, 3 Nov 2004, Eriberto wrote: However, the mail.log is rotated daily and compressed. How to make logrotate work fine with sendmail? Use a different syslog package (that doesn't do its own rotation). -- Rick Nelson MSDOS didn't get as bad as it is overnight -- it took over ten years of careful development. -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: upgrade to sarge has sendmail rejecting mail
On Mon, 18 Oct 2004, Wayne Sitton wrote: Yesterday I upgraded to sarge on my email server. Now suddenly and email sent to it gets sent back with ... while talking to zlabinc.com.: RCPT To:[EMAIL PROTECTED] 503 This mail server requires authentication. Please check your mail client settings. The above is *not* a message in the sendmail distribution Now my client settings have not changed, only the sendmail server(upgrade). Are you sure it was sendmail ? And the funny thing is, this only happens to one domain, while there are 4 others that are having no problem, plus I don't even send out through that server I send out through roadrunner, and none of my other email accounts have that problem There isn't enough information above to do any diagnosis, but it may not matter in the slightest if you send mail FROM the server - if it wants inbound mail to be authenticated. And to add to the problem, when I try to check the email from that account, it will not accept the password yet I can ftp and ssh into the box with this password. SASL was also upgraded - and it *COULD* cause this in that it changed the way that the realms are handled for authentication... I think there is a note regarding the changes in a README in the sasl doc dir. -- Rick Nelson Flood netgod: I also have a Evil Inside T-shirt (w/ Intel logo).. on the back it states: When the rapture comes, will you have root? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail - how to disable ipv6 AAAA lookups
On Sat, 11 Sep 2004, Robert S wrote: I have posted a question recently about sendmail not resolving host names. It looks to me as if it is failing to do lookups. That'd be a DNS failure - not sendmail... Some resolvers are b0rked wrt /A6 lookups :( Is is possible to prevent sendmail from trying to do lookups? This might solve the problem. From: /usr/share/sendmail/cf.README.gz: Some DNS based rejection lists cause failures if asked for records. If your sendmail version is compiled with IPv6 support (NETINET6) and you experience this problem, add define(`DNSBL_MAP', `dns -R A') From: /usr/share/sendmail/changelog.gz: Add use_inet6 as a new ResolverOptions flag to control the RES_USE_INET6 resolver option. Based on patch from Rick Nelson of IBM. Wait... I know that guy... Oh, never mind, that'd be something akin to: dnl define(`confBIND_OPTS', dnl `-use_inet6')dnl #% From: /usr/share/sendmail/op/op.txt.gz: O ResolverOptions=+AAONLY -DNSRCH turns on the AAONLY (accept authoritative answers only) and turns off the DNSRCH (search the domain path) options.Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE flags on and all others off. If NETINET6 is enabled, most libraries default to USE_INET6 as well. You can also include HasWild- cardMX to specify that there is a wildcard MX record matching your domain; this turns off MX matching when canonifying names, which can lead to inappropriate canonifications. Use WorkAroundBroken when faced with a broken nameserver that returns SERVFAIL (a temporary failure) on T_ (IPv6) lookups during hostname canonification. Notice: it might be neces- sary to apply the same (or similar) options to sub- mit.cf too. Which, in .m4 parlance would be something akin to: dnl define(`confBIND_OPTS', dnl `+WorkAroundBroken -DNSRCH -DEFNAMES')dnl #% I'm not very keen on recompiling sendmail - I'd like to keep the original (debian 3.0) binary for ease of upgrading!! I haven't managed to find answers on google groups. Should be no need What is the exact nature of your problem, now that you've apparently narrowed it down some more ? -- Rick Nelson Marticus There's too much blood in my caffeine system. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail: Deferred: Name server: address: host name lookup failure
What does /etc/resolv.conf have ? does `host hypothetical.recipient.address` work ? -- Rick Nelson * Knghtbrd assigns 3 to Chris * variable wonders who else is named chris besides me Knghtbrd variable - you. = * Knghtbrd waits for variable to dramatically say I feel SO used! variable Knghtbrd: :) * variable ++ variable :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache2 logs ([notice] child pid nnnn exit signal Segmentation fault (11))
On Tue, 31 Aug 2004, John Harrold wrote: [Sun Aug 22 06:25:32 2004] [notice] child pid 3881 exit signal Segmentation fault (11) [Sun Aug 22 06:25:32 2004] [notice] child pid 3880 exit signal Segmentation fault (11) [Sun Aug 22 06:25:33 2004] [notice] child pid 3894 exit signal Segmentation fault (11) upgrade apache2 *and* any modules (ie apache2-mod-security) to the latest levels and this should no longer be an issue -- Rick Nelson If I have trouble installing Linux, something is wrong. Very wrong. -- Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: List mail not coming to me either...
On Tue, 17 Aug 2004, Kenward Vaughan wrote: Last (but outside my personal account) is the fact that I have now subscribed to the list through my work, and have yet to receive an email here after the confirmation. hrm... not good - wonder why it is somefolk thing, instead of all of us. Please do remember to have some patience, these are trying times for everyone as any and all effort is placed upon getting sarge out the door. I'll see if I can dig up some answers - but I don't have anything other than luser privs anywhere. -- Rick Nelson finlandia:~ apropos win win: nothing appropriate. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: List mail not coming to me either...
On Wed, 18 Aug 2004, Richard A Nelson wrote: I'll see if I can dig up some answers - but I don't have anything other than luser privs anywhere. There is something amiss - maybe Murphy is starting to warm up - we *are* awfull close to a release (in Debian terms anyway). Seems the mail list queue is, ah, erm, Not Functionally Good It *is* being looked at - so cross your fingers and try to bear with us... I'll try to keep you posted on what I hear, but it is now 00:41 local time, dunno how much longer I'll be cognizant -- Rick Nelson WildTHing ok guys .. so whens the next commit :PP taniwha when they come to get me -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: openldap2, sarge
On Tue, 17 Aug 2004, Richard Weil wrote:
I've been waiting for the unstable version openldap2 to propogate to
sarge since there were reported severe problems with TLS with the
version currently in sarge. I checked on the status today and it says:
There a few other packages in the same boat - due to linking against
the cyrus-sasl2 libraries
--
Rick Nelson
do {
:
} while (!HELL_FROZEN_OVER);
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT:Hardly any messages getting through
On Tue, 17 Aug 2004 [EMAIL PROTECTED] wrote: I guess now it's my turn in the rape room; I haven't gotten anything from the list after August 15. (I see my subsequent post has showed up there, though.) I'll wager that this is some of the damage we'll all see more of - ISPs blocking high-volume mailing lists, assuming they are spamming. Many people are starting to use connection rate limiting - which in and of itself, isn't bad... we just gotta make our MTAs do a better job at using the connections they are allowed to make (pipelining, etc) instead of the usual 'one mail recipient, one connection'. 'Tis kinda like those that block ALL ICMP because one worm used a detectably bad ping packet (one that you can catch in filters). I'll note that I'm not having trouble getting messages, but with recent improvements in spam/virus detection here, and at the Debian mailing lists (ok, spam only there - for the nonce) - the volume is less than it used to be. -- Rick Nelson Knghtbrd learn to love Window Maker. Knghtbrd a little NeXTStep is good for the soul. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: problem installing Sendmail
hehe... I think I'll step aside and watch this one :) But, for the record, I'd like to point out that I missed the 1st post of this - dug around and found it... I replied directly to the originator and as of yet had heard nothing. We now return control of your flamefest to you (Outer Limits, anyone) ? -- Rick Nelson Well, since MS cant be sure of the username of someone downloading things, they are going to play it safe and have everything dowloaded and executed by Explorer as suid root. That way, it will run on ANY system anywhere. :) -- George Bonser [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail not sending queue's out.
On Mon, 1 Oct 2001, Mike Dresser wrote: Every couple days, i have to sendmail -q, beacuse /var/spool/mqueue has sometimes dozens of outbound unsent messages. Once i do that, most of them get sent, leaving the ones that are unreachable/etc left to be sent. what does mailq say about those messages (why are they queued)? My question is, why do I have to do this? Shouldn't there be something to sendmail -q already? There is, if sendmail is infact still running... AND is running in queue delivery mode/ I could just setup a cron job, but I'm wondering what's up with it. Not enough information to know whats up, sorry... I'm running sendmail(8.9.3) out of potato. Things will be much nicer when you go to woody... 8.12.0 (and 8.12.1, due RSN) don't fork nearly as much, and have very nice queue management facilities. -- Rick Nelson We are MicroSoft. You will be assimilated. Resistance is futile. (Attributed to B.G., Gill Bates) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bind pop/ftp/sendmail to a port?
On Wed, 3 Oct 2001, Ian Marlier wrote: I'm running a machine with multiple ethernet interfaces. The box runs sendmail, pop, and ftp...but I can't figure out how to make any of them bind to a specific one of the eth ports...it's not documented! Help! ipop2d, ipop3d, and ftpd are all run out of inetd. Sendmail runs as a daemon. For sendmail (assuming 8.12.0/1): DAEMON_OPTIONS(`Family=inet, Addr=9.51.81.11, Port=smtp')dnl See /usr/share/doc/sendmail/cf.README.gz (need sendmail-doc package) -- Rick Nelson What you end up with, after running an operating system concept through these many marketing coffee filters, is something not unlike plain hot water. (By Matt Welsh) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
XDM wont start, font 'fixed' not found.
Gack... I've seen this before, but can't recall what I need to do to get around this... I did a mkfontdir for /usr/X11R6/lib/X11/lib/fonts/* -- Rick Nelson
Re: sendmail problem: HELLLPPPPPP!!!
On Wed, 5 Jul 2000, Ron Rademaker wrote: Alright I get the following message when I try to generate sendmail.cf: Configure sendmail with the existing /etc/mail/sendmail.mc? [Y] Updating sendmail databases ... Checking sendmail.cf and databases. Scanning /etc/mail/sendmail.mc Creating /etc/mail/Makefile. done. Generating /etc/mail/sendmail.cf ... makemap: Type dbm not supported in this version Reload the running sendmail now with the new configuration? [Y] Reloading sendmail ... I want to use dbm for virtusertable (docs told me to do so, how do I get Makemap to work with it?) You don't get dbm to work with current libc6. Simply change dbm to hash and run makemap and recreate sendmail.cf (if you've make: 0) cd /etc/mail 1) update sendmail.mc (change dbm to hash) 2) touch virtusertable 3) make ) -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya
Re: sendmail problem: HELLLPPPPPP!!!
On Wed, 5 Jul 2000, Ron Rademaker wrote: okay, I a little further now, only every mail stays in the mailq with the message: Deferrred HELP!! please post (or send privately) the output of `mailq -v` so I can see why your mail is deferred - then we can figure how to get it going -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya
Re: Sendmail from single to multi domain settings
On Mon, 5 Jun 2000, Erik van der Meulen wrote: I have used sendmail for an extended period of time with a UUCP feed for a single domain. Now I have registered additional domains and I am running into some difficulties with my configuration. My server is: souterrain.avondel.nl and besides using avondel.nl as a mail domain, I also need to use paces.nl and dices.nl. Every user on my system has one username at one domain only. The receiving end works well, but I cannot prevent that outgoing mail gets avondel.nl as domain in the From: header. No matter what I put in my mail client. I think I have tried every (combination of) option in the sendmailconfig script, without reproducable results. My /etc/usr/sendmail.mc currently looks like: divert(0) VERSIONID(`@(#)sendmail.mc8.9.1a (Linux) 19981026') OSTYPE(debian)dnl LOCAL_CONFIG FEATURE(masquerade_envelope)dnl Cwavondel.nl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(redirect)dnl define(`confMAILER_NAME', `postmaster')dnl define(`confTO_QUEUEWARN', `1d')dnl MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl LOCAL_CONFIG MASQUERADE_AS(avondel.nl)dnl ## Custom configurations below (will be preserved) FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(`genericstable', `hash -o /etc/mail/genericstable.db')dnl GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain')dnl define(`confMAX_MESSAGE_SIZE', `3000')dnl define(`UUCP_MAILER_MAX', `3000')dnl MAILER(uucp)dnl FEATURE(`promiscuous_relay')dnl define(`SMART_HOST', uucp-dom:netsystem)dnl indeed, everything in Cw (local-hosts) will be munged to appear as if it was the MASQUERADE_AS() host Add the following: FEATURE(allmasquerade)dnl # rewrite recipient addrs too and possibly: FEATURE(masquerade_entire_domain)dnl # the whole enchilada I am not sure if I understand the function of genericsdomain well; does it contain domains of the client machines who's mail will be mapped, or does it contain names of domains to which sendmail can map? The former For clarity, I would like to give my users a fixed domain, irrespective of what they put in their mail client, or if they are locally on my machine, use pop or whatever. This domain should be connected to their username/password with which they connect to my machine. I hope this can be done. Any advice is very welcome, I have spent quite a bit of time without success to date. Hope this helps, write if you need more info And please investigate if you can use a smaller caliber projectile launcher aimed at your foot - wrt: promiscuous relaying... -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya
Re: Authenticating SMTP Server
On 26 May 2000, Kirk Hilliard wrote:
I would like to configure my SMTP server to relay mail for a few
friends who dial up and are dynamically assigned IPs. I certainly
don't want an open relay, but I don't know what other options I have
with Debian.
sendmail 8.10.1 can use sasl to do authentication - the debian package
works with netscape, but some levels of ie and outlook require LOGIN
support, which isn't supported in the current debian libsasl code.
sendmail 8.11.0Beta1 also supports TLS (SSL/SSH type encryption), but
there are problems creating a debian package in the US - need new
debian policy.
A web search reveals several authenticating schemes -- some password
protected, one particularly elegant one accepting outgoing mail from
any IP from which the user has successfully checked POP3 mail in the
last several hours -- but they seem to be for commercial servers.
Neither Mail-Administrator-HOWTO nor Mail-HOWTO mention authentication.
Welcome to the semi-bleeding edge
What Debian options are there?
sendmail 8.10.1, postfix-tls and file a bug requesting fetchmail to be
compiled w/sasl or tls (it supports one, I forget which) - again this
doesn't really fit in with current policy - encryption support ;-{
At this point in time, I'd recommend against AUTH after POP, there are
better alternatives
--
Rick Nelson
Life'll kill ya -- Warren Zevon
Then you'll be dead -- Life'll kill ya
Re: sendmail/aliases.db error
On Wed, 17 May 2000, Gary D wrote: newaliases gives this error Cannot open hash database /etc/aliases.db: Invalid argument WARNING: cannot open alias database /etc/aliases Why can't it open /etc/aliases - do actually have a file there? if not, cp /usr/share/doc/sendmail/examples/db-examples/aliases /etc/aliases then try newaliases again Cannot create database for alias file /etc/aliases Also, have you done anything special in sendmail.mc? aliases is usually a hash map -- don't use makemap, use newaliases -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya
WU-FTPD and passive ftp
Has anyone run wu-ftpd Version wu-2.6.0(1) Wed Mar 15 16:30:52 CET 2000 with passive ftp support? ftp ls wtf 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. -rw-r--r--1 cowboy cowboy 9269 Nov 18 17:15 wtf 226 Transfer complete. ftp passive Passive mode on. ftp ls wtf 227 Entering Passive Mode (9,51,81,11,180,209) 421 Service not available, remote server has closed connection I get no indications of anything wrong in the syslog... I know its trying passive, because if I use a host that isn't in pasv-allow, I get this: ftp passive Passive mode on. ftp ls wtf 227 Entering Passive Mode (9,51,81,11,99,62) ftp: connect: Connection refused The relevant portions of ftpaccess are: passive address 9.51.81.11 0.0.0.0/0# this *IS* required for passive passive ports 0.0.0.0/0 1024 65535 # to see if it made a difference pasv-allow all *.ibm.com# localhost fails this test port-allow all *.ibm.com# Is this needed wrt passive? -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya
diald 0.99.1-0.1 problem
Has anyone else had problems with diald/pppd since the upgrade? I'm running: Kernel 2.2.13ac2 ppp2.3.10-2 diald 0.99.1-0.1 I've not changed /etc/diald/diald.options (kept my old file) pppd (via pon/poff) work fine, but when diald calls pppd, things get hosed: Nov 4 09:31:23 back40 diald[1593]: Unknown option 'reroute' Nov 4 09:31:24 back40 diald[1594]: start sl0: SIOCSIFMETRIC: Invalid argument Nov 4 09:31:24 back40 diald[1594]: start sl0: SIOCSIFMTU: Invalid argument Nov 4 09:31:29 back40 diald[1594]: /tmp/dctrl.1554-2: log level 0x0600017f Nov 4 09:31:32 back40 diald[1594]: FIFO: force request Nov 4 09:31:32 back40 diald[1594]: Calling site 10.0.0.2 Nov 4 09:31:34 back40 diald[1594]: connector: +++ATZ Nov 4 09:31:34 back40 diald[1594]: connector: OK Nov 4 09:31:34 back40 diald[1594]: connector: ATF1M4M0H0 Nov 4 09:31:34 back40 diald[1594]: connector: OK Nov 4 09:31:54 back40 diald[1594]: connector: ATDTxxx- Nov 4 09:31:55 back40 diald[1594]: connector: CONNECT Nov 4 09:31:55 back40 diald[1594]: Connected to site 10.0.0.2 Nov 4 09:31:55 back40 diald[1594]: Running pppd (pid = 1621). Nov 4 09:31:55 back40 diald[1621]: Running pppd: /usr/sbin/pppd -defaultroute -detach modem crtscts mtu 1500 mru 1500 file /etc/ppp/peers/provider-diald connect Nov 4 09:31:55 back40 pppd[1621]: defaultroute option is disabled Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCSIFMETRIC: Invalid argument Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCSIFMTU: Invalid argument Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCADDRT: File exists Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCADDRT: File exists Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCSIFMETRIC: Invalid argument Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCSIFMTU: Invalid argument Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCADDRT: File exists Nov 4 09:31:55 back40 diald[1594]: start sl0: SIOCADDRT: File exists Nov 4 09:31:56 back40 diald[1594]: Disconnect script failed Nov 4 09:31:56 back40 diald[1594]: Disconnected. Call duration 1 seconds. Nov 4 09:31:56 back40 diald[1594]: IP transmitted 0 bytes and received 0 bytes. Nov 4 09:31:57 back40 diald[1594]: Delaying 30 seconds before clear to dial. Nov 4 09:32:09 back40 diald[1594]: FIFO: reset request received - re-reading configuration Nov 4 09:32:09 back40 diald[1594]: Unknown option 'reroute' The only differences I can see (wrt the previous diald) are: 1) diald seems to have forgotten about `reroute` -- issues an error 2) diald passing `-defaultroute` to pppd, it didn't use to do that 3) diald issuing more messages (CIFMTU) is the only thats was also issued by the prior release -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Sendmail 8.10.0.Beta6 (slated for experimental)
I've just replaced the subject on incoming so that the file
sendmail_8.10.0.Beta6.announce is in /usr/doc/sendmail.
This will be a `big` release, but *fortunately*, one that means you
don't need to anything other than rebuilding sendmail.cf (if
you've let the automagic crap run)!
Notes:
* IPV6 is *not* working properly on Linux, I've reported this
to the developers, and will keep the package updated as I get new
information/patches. In the interim, I've disabled IPV6.
* SASL isn't compiled in, my notes/temp package are at work ;-{
I hope to get this (SMTP auth) going ASAP.
* If you need/want to go back to 8.9.3, you *must* drain the mail
queue first; the queue files are *not* downward compatible!
There are some *very* nice enhancements wrt masquerading/genericstable,
include exclusion lists, and applying genericstable to an entire domain!
Please, filter any bugs through the BTS, or notes to me - I'll collect
and forward upstream through the beta mailing list.
Thanks, and have fun
--
Rick Nelson
Re: apt-get and http proxy failure
On Fri, 24 Sep 1999, Jason Gunthorpe wrote:
On Fri, 24 Sep 1999, Richard A Nelson wrote:
If I use an environment variable http_proxy, apt does use the specified
proxy.
Include the whole config file - betcha have a no proxy setting.
[badlands:/u/download 0]$ cat /etc/apt/apt.conf
// Options for the downloading routines
Acquire
{
Queue-Mode host; // host|access
Retries 0;
// HTTP method configuration
http
{
Proxy http://localhost:80;;
Proxy::wyvern.hursley.ibm.com DIRECT;
Timeout 200;
// Cache Control. Note these do not work with Squid 2.0.2
No-Cache true;
Max-Age 86400; // 1 Day age on index files
No-Store true;// Prevent the cache from storing archives
Pipeline-Depth 0; //This doesn't seem to work either ?!?!
};
};
[badlands:/u/download 0]$ cat /etc/apt/sources.list
deb http://http.us.debian.org/debian unstable main contrib non-free
deb http://wyvern.hursley.ibm.com/ilc/debian unstable main contrib non-free non-
US/main non-US/contrib non-US/non-free
--
Rick Nelson
C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
apt-get and http proxy failure
If I use an environment variable http_proxy, apt does use the specified
proxy.
However, with this in my /etc/apt/apt.conf, the proxy is silently ignored:
Acquire
{
Queue-Mode host; // host|access
Retries 0;
// HTTP method configuration
Http
{
Proxy http://localhost:80;;
I can see this in the debugging info:
Acquire::Http ;
Acquire::Http::Proxy http://localhost:80;;
Acquire::Http::Timeout 200;
Acquire::Http::No-Cache true;
Acquire::Http::Max-Age 86400;
Acquire::Http::No-Store true;
Acquire::Http::Pipeline-Depth 1;
... Acquire::Http::Proxy=http://localhost:80 ... (on the get)
-
http:102%20Status%0aURI:%20http://http.us.debian.org/debian/dists/unstable/main/binary-i386/Packages.gz%0aMessage:%20Connecting%20to%20http.us.debian.org%20(206.187.92.15)
(ignoring the proxy)
What am I doing wrong?
--
Rick Nelson
C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: clnt_call errors in NIS
On 2 Aug 1999, Miquel van Smoorenburg wrote: You tell me. I have glibc 2.0, 2.1 and 2.2pre installations here with both NIS servers and clients on them, and for me it all simply works. Alas I cannot reproduce the problems that other people are having with NIS, and I am really trying. So, I can't fix it either. I'm still able to reproduce my errors easily on this system: ii nis 3.4-1 Clients and daemons for the Network Information ii libc6 2.1.2-0pre4GNU C Library: Shared libraries and timezone Client and server are the same machine [14:23:56 [EMAIL PROTECTED]:~ 0]$ ypcat passwd yp_all: clnt_call: RPC: Timed out No such map passwd.byname. Reason: Internal NIS error ypserv log shows: - ypproc_domain(badlands) [From: 127.0.0.1:641] -- from ypbind connect from 127.0.0.1 - Ok. ypproc_all_2_svc(): [From: 127.0.0.1:638]-- from ypcat domain = badlands map = passwd.byname connect from 127.0.0.1 ypdb_close_all() called db_open(badlands, passwd.byname) -Returning OK! Opening: badlands/passwd.byname (0) 8057ae8 - First value returned. ypproc_domain(badlands) [From: 127.0.0.1:641] -- from ypbind connect from 127.0.0.1 - Ok. -- Let me know if I can do anything to help! -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: Sendmail questions (almost there!) Followup
On Thu, 15 Jul 1999, Mike Patterson wrote: Ok, black is actually the 0.69, a machine dialing in with ppp. 0.1, the relay, is white. cool, we're on the same page then (I'm suddenly reminded of a Three Dog Night song ;-} ) So I made the change above on white in the file /etc/mail/sendmail.mc. The file /etc/mail/sendmail.cf had no FEATURE lines in it, so I assumed that it was the wrong file. ah well, 'tis been a long, hard week... sorry My .mc file now looks like: -- divert(-1) divert(0) VERSIONID(`@(#)sendmail.mc 8.9.1a (Linux) 19981026') OSTYPE(debian)dnl LOCAL_CONFIG FEATURE(masquerade_envelope)dnl FEATURE(allmasquerade)dnl Cwchromatic.org FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(nouucp)dnl MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl LOCAL_CONFIG MASQUERADE_AS(chromatic.org)dnl ## Custom configurations below (will be preserved) FEATURE(relay_entire_domain)dnl -- Looks good The output I'm getting in my mail.info file is now: -- Jul 15 15:53:37 white sendmail[934]: PAA00934: ruleset=check_rcpt, arg1=[EMAIL PROTECTED], relay=black.chromatic.org [192.168.0.69], reject=550 [EMAIL PROTECTED]... Relaying denied hrm... did you run sendmailconfig and answer Y twice after editing sendmail.mc? (once to rebuild sendmail.cf from sendmail.mc, and once to restart sendmail using the new sendmail.cf) -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: Sendmail questions (almost there!)
1) Make sure /etc/resolv.conf is setup correctly if you can't do `host xxx.yyy.zzz', sendmail can't find it either 2) sendmail is restrictive by design - you have to tell it that you know the blood is upon your hands ;-} on the black machine (your apparent gateway), make sure this is in /etc/mail/sendmail.cf: FEATURE(relay_entire_domain)dnl -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: Sendmail-anything else
You can use genericstable to rewrite outgoing mail, one or more records per user: debian [EMAIL PROTECTED] ibm [EMAIL PROTECTED] etc. virtusertable works the opposite, mapping incomming mail to local user boxes... but sounds like you've probably got that part covered no? Send me a note if you'd like further help... -- Rick Nelson
Re: How to build socks5 for Debian?
wrt no extant packages:
Read the license - not very nice... you might
take a peek at DANTE (free socks4/5 client/server)
wrt it not working:
ah... you're on potato...
runsocks works fine on glibc-2.0(slink), but fails with
glibc-2.1(potato).
Note that you can use NEC socks to socksify, at compilation,
and it will run fine on potato, its just runsocks that fails.
I don't know of anyone who has managed to track this far enough
to point fingers at the culprit yet ;-{
--
Rick Nelson
C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: sendmail: why do text maps not work?
On Wed, 21 Apr 1999, Nils Rennebarth wrote: Running sendmailconfig, and answering yes to the Mailertable question creates and entry like this: FEATURE(mailertable, `text /etc/mail/mailertable')dnl which doesn't work. FEATURE(mailertable, `hash -o /etc/mail/mailertable')dnl however does work, if the maps are there and made with makemap. Adding an -o in the text case does not help. Are text maps not supported? Is this a bug? Is the format of text maps different? Mine looks like this (whitespace is tab) snip-- tabaluga.ipe.uni-stuttgart.de smtp:[tabaluga.ipe.uni-stuttgart.de] ipesun.e-technik.uni-stuttgart.de smtp:[ipesun.ipe.uni-stuttgart.de] ipesun.ipe.uni-stuttgart.de smtp:[ipesun.ipe.uni-stuttgart.de] snip-- ouch.. this is a (very old - back to 8.8.8) bug - thanks ! to keep it a text file, it would have to read something like (untested, but should do the trick): FEATURE(mailertable, `text -k0 -v1 /etc/mail/mailertable')dnl btw: What are the different map types, and where are they all documented? The O'Reilly Sendmail book (the bat book) is about the only place you'll find this information -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: Sendmail startup delay
The common problem wrt startup delay is that your /etc/hosts isn't quite upto snuff. 1) make sure you have 127.0.0.1 localhost (preferably as 1st line) 2) make sure every interface (tr, eth, ppp, etc.) has an entry -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: primenet.com rejects mail from ibm.net
Unfortunately, I think this phenomenon is only going to get worse,
I wouldn't be surprised to start seeing ISPs start firewalling port 25
;-{
This action really bites those of us who *must* use more than one ISP,
and/or send mail from multiple sites and would like to decide where
followups go...
You've got (at least two) choices, since (iirc) you run sendmail:
1) Use the ISP mailer for everything:
define(`SMART_HOST', `smtp:xxx.ibm.net')
you may also to need to define MAIL_HUB, but try this first..
2) Use the mailertable to route all mail for primenet:
.primenet.com smtp:[xxx.ibm.net]
I don't remember if the ISP side was included in the recent sale
of networking to ATT, maybe things'll change if so - but its
anyones guess of which way ?!?
--
Rick Nelson - he, still, of little to no net access, and problems to
close before I sleep
C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Subject: Potato, sendmail, glibc 2.1, and libdb2
*sigh*
Here's what I know thus far...
potato's sendmail and glibc 2.1 seem to get along fine (at least on this
box) ! Those of you with problems all seem to have also installed the newer
libdb2
I was fortunate in that my socks access died, and I have been unable to
download/install libdb2 ;-}
I see in the sendmail-8.9.2 changelog that this was done:
Support Berkeley DB 2.6.4 API change
This is the version now in potato
Unfortunately, the libdb2 in slink is 2.4.14, and that is the library
sendmail is linked against.
I'm now in kind of a mess in that I've got my developement machine
running glibc2.1, and
have several changes in various stages of completion in sendmail ;-{
If someone who still has a slink system would install libdb2 2.6.4 (if
possible), and do an NMU - I think that'd get people going until my
updates are clean, and I get socks working again (anyone tried dante,
I'm thinking of packaging it) ;-{
--
Rick Nelson
C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: Problems compiling Sendmail 8.9.3
On Tue, 16 Feb 1999, Matthew Myers wrote: When I try to compile Sendmail 8.9.3 with the Berkley DB routines from sleepycat.com, I get two errors about unresolved externals. Can someone tell me what to try? My first suggestion (if this is for i386) would be to just get the .deb and install it. If you need to compile, get the Debian source package, extract it and make whatever changes you deem necessary and then use the debian/rules file for the build. If you find you do need to make changes, please send them and a note to [EMAIL PROTECTED] -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: sendmail 8.9.2 Verisign
In the changelog for sendmail 8.9.3, there is a notice about possible signature problems due to reordered mime headers. sendmail-8.9.3-1 is in incomming, slated for frozen and unstable, please let me know if it solves your problem -- Rick Nelson
Re: Auto-Reply in Sendmail?
How would I do setup an email autoreply in Sendmail? Since sendmail only Transports mail, you don't... You'll need to install a `real` Mail Delivery Agent - something like procmail. With procmail, you can parse mail by any of the headers, or even mail body content... I use it to route mail to different mailboxes and do some elementary SPAM protection. -- Rick Nelson
Re: Sendmail config problem
Let sendmail's local delivery work as before, and add this line to your sendmail.mc: define(`SMART_HOST', `mailhub') where mailhub is the name of your firewall machine. sendmail will then forward any non-local mail to mailhub -- Rick Nelson C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: printing to a win95 shared printer *sigh*
Thanks... I can now print text to the printer - two problems: 1) The hp dj870 doesn't complete the page, must need some kind of EOF 2) I can only print text - If I send PS, it is printed as text! I guess this means I really need to be able to use magicfilter - but can I send output from something like dj500c to windows? Thanks again, I'm getting there slowly -- Rick Nelson On Thu, 14 Jan 1999 [EMAIL PROTECTED] wrote: Date: Thu, 14 Jan 1999 10:14:52 -0500 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: debian-user@lists.debian.org Subject: Re: printing to a win95 shared printer *sigh* Richard A Nelson writes: Has anyone setup lprng to print to a win95 shared printer? The printer in question is a HP DeskJet 870. I've been printing to the printer locally, but had to move the printer to a box that runs mostly lose 95. If you haven't already installed SAMBA, you should do it since SAMBA handles it correctly. Look at document /usr/doc/samba/examples/printing/smbprint It does work when all configuration (self-documented) is done.
printing to a win95 shared printer *sigh*
Has anyone setup lprng to print to a win95 shared printer? The printer in question is a HP DeskJet 870. I've been printing to the printer locally, but had to move the printer to a box that runs mostly lose 95. Thanks, -- Rick Nelson
Creative 3d blaster (2d/3d w 3dfx banshee)
Found the subject card at a good price (after rebate), but couldn't find any info on the 2d portion of the card... anyone know what I need for xf86 (or if it isn't supported)? -- Rick Nelson
Re: **IMPORTANT** Slink sendmail and libdb2
Sendmail slowly is moving everything to /etc/mail - but they haven't hit
all the databases yet.
I can update the features for Debian, and move the default files from
/etc/ to /etc/mail/
Without parsing /etc/mail/sendmail.mc, I can't tell what type of
encoding is used for the databases, so I don't think I can do the
makemaps automagically ;-{
--
Rick Nelson
On 28 Oct 1998, John Goerzen wrote:
Date: 28 Oct 1998 13:02:19 -0600
From: John Goerzen [EMAIL PROTECTED]
To: Remco van de Meent [EMAIL PROTECTED]
Cc: debian-user@lists.debian.org
Subject: Re: **IMPORTANT** Slink sendmail and libdb2
Resent-Date: 28 Oct 1998 19:02:26 -
Resent-From: debian-user@lists.debian.org
Resent-cc: recipient list not shown: ;
Remco van de Meent [EMAIL PROTECTED] writes:
On Tue, Oct 27, 1998 at 08:35:35AM -0600, John Goerzen wrote:
: Would it be possible for the sendmailconfig to update these databases?
: It wouldn't be that hard, I think. Also, how about updating the defailts
: so that they are stored in /etc/mail instead of /etc?
They default to /etc/mail, except for aliases.db, which should be in /etc
(Debian Policy, 4.5).
I know what policy says, but this is not how it works. mailertable,
etc. are in /etc and not /etc/mail.
Because of the different db-structures you can use (hash, btree, etc.), I'd
say don't let an automatic install program update those databases. It should
even be able to process customized sendmail.cf's in order to work without
failure. I personally wouldn't want any program changing those databases
itself...
It's a pain to manually have to run a long makemap command each time
something is updated. There has GOT to be a better way...
X 3.3.2.3a-6 + netscape = Bus error
I can't check the archives, because I don't have a browser anymore ;-{
But I'm sure I saw a resolution to this:
[badlands:~ 0]$ netscape
Warning:
Name: communicator-smotif.real
Class: XmDisplay
_MOTIF_DRAG_WINDOW has been destroyed
/usr/bin/X11/netscape: line 64: 3446 Bus error
LD_PRELOAD=/lib/libBrokenLocale.so.1 $netscape $@
Can anyone help me?
--
Rick Nelson
**IMPORTANT** Slink sendmail and libdb2
The last update of sendmail switched from libdb to libdb2, as recommended by the sendmail group (and requested by a sparc user). Unfortunately, this change means that sendmail databases (alias, users, etc.) *must* be rebuilt. I'll update the package to provide this warning - but those who have already synched to Slink should do this ASAP! Sorry for the confusion, -- Rick Nelson
Re: Slow ifconfig
Hrm... I'm also seeing the same problem -- Rick Nelson
Re: sendmail rejecting bad domains
On Fri, 11 Sep 1998, Gene McCulley wrote:
Date: Fri, 11 Sep 1998 09:30:34 -0400 (EDT)
From: Gene McCulley [EMAIL PROTECTED]
To: Richard A Nelson [EMAIL PROTECTED], debian-user@lists.debian.org,
Peter Iannarelli [EMAIL PROTECTED]
Subject: Re: sendmail rejecting bad domains
Rick == Richard A Nelson [EMAIL PROTECTED] writes:
Rick The sender will need to setup sendmail to masquerade as his
Rick firewall.
In my case, telling my customer to change his configuration is not and
acceptable option. I need my sendmail to be more forgiving.
No problem... add this to your sendmail.mc and regenerate:
FEATURE(accept_unresolvable_domains)dnl
you may also wish to add
FEATURE(accept_unqualified_senders)dnl
to allow those b0rked clients using HELO host /* with no domain */
Hmmm. I guess I need to convert from sendmail to smail as I can't
find anything in the sendmail documentation on this. Is there any
other option? I think I tried smail first on my mail server machine,
but I thought I had problems getting it to act as a relay for other
nodes on my network, which are running sendmail. Yuck.
Ack... no need for that ;-} The above changes will allow your machine
to accept mail from your customer...
In /usr/doc/sendmail/RELEASE_NOTES you'll find the changes - really
important since the bat book (v2) only goes to 8.8; Even with the
changes, it can be hard to figure out sometimes...
Thats where this list comes in; Unfortunately, my time has been *very*
limited of late and I've not been able to frequent the list or IRC ;-{
If I can't be found elsewhere, mail to [EMAIL PROTECTED] or
[EMAIL PROTECTED] is usually answered promptly.
Thanks for the suggestions.
Good luck, and let me know how it goes
--
Rick
Re: sendmail rejecting bad domains
The sender will need to setup sendmail to masquerade as his firewall. That is how this message is getting out, my box masqerades as vnet.ibm.com when sending mail externally. -- Rick Nelson On Thu, 10 Sep 1998, Gene McCulley wrote: Date: Thu, 10 Sep 1998 11:11:53 -0400 (EDT) From: Gene McCulley [EMAIL PROTECTED] To: debian-user@lists.debian.org Subject: sendmail rejecting bad domains Resent-Date: 10 Sep 1998 15:12:00 - Resent-From: debian-user@lists.debian.org Resent-cc: recipient list not shown: ; I have someone trying to send me email from a machine that is behind a firewall. The firewall relays the mail through, but leaves the sender's machine name on the message. The sender's machine is not in the DNS, so sendmail rejects it with 501 Sender domain must exist. The sender can't fix his corporation's broken firewall. How do I get sendmail to allow this message through? I care less about spam than I do lost email. Thanks for any clues. -- | Gene McCulley | [EMAIL PROTECTED] | Voice: (407) 265-0772 | | Cuspy Solutions, Inc. | http://cuspy.com/~mcculley/ | Fax: (407) 265-0773 | | Your father was a hamster and your mother smelt of elderberries! | -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: X's with Matrox Mystique II
I'm running Debian fine with a Mystique 220 4m. The only problem you'll have is if you install from a CD or 1.3.rx version... These include an X system that doesn't recognize the Mystique. You can use it in VGA mode whilst downloading the lastest from XFree86 (for bo), or from whereever. -- Rick Nelson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Netscape unresolved symbols
Alain Nissen wrote: Richard A Nelson wrote: When I start netscape I get a ration of the attached messages... I thought I've taken care of all the requisite symlinks, but am obviously missing something... Does anyone know what ? See bug report #14249. http://www.debian.org/Bugs/db/14/14249.html Alain Sorry for the encoded inclusion of error messages - with the change of ISPs, pine isn't quite up, having to use netscape... Anyway, I'm all set now - thanks for the quick responce -- Rick Nelson -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Netscape unresolved symbols
I've installed Netscape 4.04 on a hamm system (current through today). When I start netscape I get a ration of the attached messages... I thought I've taken care of all the requisite symlinks, but am obviously missing something... Does anyone know what ? Rick Nelson /usr/lib/netscape/netscape: can't resolve symbol 'PR_NewHashTable' /usr/lib/netscape/netscape: can't resolve symbol 'PR_HashTableEnumerateEntries' /usr/lib/netscape/netscape: can't resolve symbol 'PR_HashTableDestroy' /usr/lib/netscape/netscape: can't resolve symbol 'JS_SetNewScriptHookProc' /usr/lib/netscape/netscape: can't resolve symbol 'JS_SetDestroyScriptHookProc' /usr/lib/netscape/netscape: can't resolve symbol 'JS_ContextIterator' /usr/lib/netscape/netscape: can't resolve symbol 'JS_SetNewScriptHookProc' /usr/lib/netscape/netscape: can't resolve symbol 'JS_SetDestroyScriptHookProc' /usr/lib/netscape/netscape: can't resolve symbol 'PR_CurrentThread' /usr/lib/netscape/netscape: can't resolve symbol 'PR_HashTableLookup' /usr/lib/netscape/netscape: can't resolve symbol 'JS_SetErrorReporter' /usr/lib/netscape/netscape: can't resolve symbol 'PR_HashTableAdd' /usr/lib/netscape/netscape: can't resolve symbol 'JS_SetErrorReporter' /usr/lib/netscape/netscape: can't resolve symbol 'PR_CurrentThread'
