[CentOS] CentOS 8.2: error running non-shared postrotate script for /var/log/mysql/mysqld.log

2020-12-05 Thread Alexander Farber 
Hello fellow CentOS users!

I have installed CentOS 8.2.2004 with the following packages:

mysql-common-8.0.21-1.module_el8.2.0+493+63b41e36.x86_64
mysql-8.0.21-1.module_el8.2.0+493+63b41e36.x86_64
mysql-errmsg-8.0.21-1.module_el8.2.0+493+63b41e36.x86_64
mysql-server-8.0.21-1.module_el8.2.0+493+63b41e36.x86_64

Then I have run mysql_secure_installation and among other things set the
root password for MySQL

As result I am greeted with the following anachron mail every morning:

/etc/cron.daily/logrotate:

 mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'
error: error running non-shared postrotate script for
/var/log/mysql/mysqld.log of '/var/log/mysql/mysqld.log '

I understand that the reason is me having set the root password for MySQL.

But my question is how to provide the password to postrotate without
disclosing it too much?

Other than that the MySQL works well, I use it to host 3 Wordpress websites
at my CentOS 8 Linux server (haproxy -> Jetty x 3 -> FastCGI -> php-fpm ->
Wordpress -> MySQL)

Greetings from Germany
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] certbot stopped working on CentOS 7: pyOpenSSL module missing required functionality

2020-10-05 Thread Alexander Farber 
Yes, I had a typo in the mail, but not in the cronjob

Still wondering how to get certbot-1.7.0-1.el7.noarch working on CentOS 7
again.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] certbot stopped working on CentOS 7: pyOpenSSL module missing required functionality

2020-10-05 Thread Alexander Farber 
Hello fellow CentOS users,

I had this cronjob working for many moons on CentOS 7.8.2003:

#minute hourmdaymonth   wdaycommand
6   6   *   *   1   certbot renew --post-hook
"cat /etc/letsencrypt/live/raspasy.de/fullchain.pem /etc/letsencrypt/live/
raspasy.de/privkey.pem > /etc/letsencrypt/live/raspasy.de/haproxy.pem;
systemctl resstart haproxy"

(I run a post hook, because haproxy-1.5.18-9.el7.x86_64 from the CentOS
packages wants to have the cert and the key in one file).

Unfortunately, now certbot-1.7.0-1.el7.noarch has stopped working and the
error message is:

/usr/lib/python2.7/site-packages/josepy/util.py:9:
CryptographyDeprecationWarning: Python 2 is no longer supported by the
Python core team. Support for it is now deprecated in cryptography, and
will be removed in a future release.
  from cryptography.hazmat.primitives.asymmetric import rsa
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in 
load_entry_point('certbot==1.7.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in
load_entry_point
return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in
load_entry_point
return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in
load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 2, in

from certbot._internal import main as internal_main
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line
20, in 
from certbot._internal import account
  File "/usr/lib/python2.7/site-packages/certbot/_internal/account.py",
line 18, in 
from acme.client import ClientBase  # pylint: disable=unused-import
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 39, in

requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()  #
type: ignore
  File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py",
line 118, in inject_into_urllib3
_validate_dependencies_met()
  File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py",
line 160, in _validate_dependencies_met
"'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try
upgrading to v0.14 or newer.

I have the following python packages installed:

#  rpm -qa | grep python2
python2-oauthlib-2.0.1-8.el7.noarch
python2-futures-3.1.1-5.el7.noarch
python2-cryptography-1.7.2-2.el7.x86_64
python2-pip-8.1.2-14.el7.noarch
python2-acme-1.7.0-1.el7.noarch
python2-psycopg2-2.8.6-1.rhel7.x86_64
python2-certbot-1.7.0-1.el7.noarch
python2-pyrfc3339-1.1-3.el7.noarch
python2-distro-1.2.0-3.el7.noarch
python2-configargparse-0.11.0-2.el7.noarch
python2-josepy-1.3.0-2.el7.noarch
python2-pyasn1-0.1.9-7.el7.noarch
python2-six-1.9.0-0.el7.noarch
python2-parsedatetime-2.4-6.el7.noarch
python2-future-0.18.2-2.el7.noarch
python2-requests-oauthlib-0.8.0-5.el7.noarch
python2-mock-1.0.1-10.el7.noarch

Does anybody please have an idea, what could I do?

I like to use the stock packages only (for easier maintenance), wonder if a
solution is still possible there...

Thank you for any suggestions
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /dev/md1 => 93% Used. Warning. Disk Filling up. - what would be safe to delete in /boot ?

2018-02-07 Thread Alexander Farber 
Thank you Pete for the very insightful answer!

This has worked like a charm -

On Wed, Feb 7, 2018 at 10:16 AM, Pete Biggs  wrote:

>
> In fact there are a number of tools to help you.  By default yum keeps
> 5 versions of old kernels (which is usually too many for the default
> /boot size - good joined-up thinking there!), that number is specified
> in /etc/yum.conf as "installonly_limit=5" - change that to a suitable
> number for you, personally I use '3', some people have '2' - don't put
> it at '1' because then you'll not be able to use an old version to boot
> in to in emergency.
>
> The package yum-utils has the package-cleanup command to deal with
> various yum issues, including sorting out old kernels. Do
>
>package-cleanup --oldkernels --count=3
>
> to clean everything to do with old kernels leaving 3 versions on your
> system.
>


I had:

/dev/md1488M  428M   34M  93% /boot

Then I after running

# package-cleanup --oldkernels --count=3
Loaded plugins: fastestmirror
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-693.2.2.el7 will be erased
---> Package kernel.x86_64 0:3.10.0-693.5.2.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved


 Package   Arch  Version  Repository
Size

Removing:
 kernelx86_643.10.0-693.2.2.el7   @updates
59 M
 kernelx86_643.10.0-693.5.2.el7   @updates
59 M

Transaction Summary

Remove  2 Packages

Installed size: 119 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Erasing: kernel.x86_64
1/2
  Erasing: kernel.x86_64
2/2
  Verifying  : kernel-3.10.0-693.5.2.el7.x86_64
1/2
  Verifying  : kernel-3.10.0-693.2.2.el7.x86_64
2/2

Removed:
  kernel.x86_64 0:3.10.0-693.2.2.el7 kernel.x86_64 0:3.10.0-693.5.2.el7

Complete!

I've ended up with comforting

/dev/md1488M  279M  184M  61% /boot

Have a nice day!
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] /dev/md1 => 93% Used. Warning. Disk Filling up. - what would be safe to delete in /boot ?

2018-02-07 Thread Alexander Farber 
Hello CentOS users,

in the recent time I keep getting the logwatch warnings from my 2 dedicated
servers running CentOS 7.4.1708.

I guess because of the numerous kernel updates (because of
Spectre+Meltdown) in the near past?

Could someone please suggest me, which files in my /boot partition would be
safe to delete?

I would like to avoid the situation of having to boot the rescue partiton
etc. remotely... and at the same time I am not proficient with grub or
whatever my provider has configured my dedicated hosts to use...

#  ls -al /boot
total 427877
dr-xr-xr-x.  6 root root 6144 28. Jan 10:33 .
dr-xr-xr-x  18 root root 4096  7. Feb 03:34 ..
-rw-r--r--   1 root root   140899  5. Dez 01:04
config-3.10.0-693.11.1.el7.x86_64
-rw-r--r--   1 root root   140915  4. Jan 02:19
config-3.10.0-693.11.6.el7.x86_64
-rw-r--r--   1 root root   140915 25. Jan 21:26
config-3.10.0-693.17.1.el7.x86_64
-rw-r--r--   1 root root   140898 13. Sep 00:38
config-3.10.0-693.2.2.el7.x86_64
-rw-r--r--   1 root root   140898 20. Okt 22:56
config-3.10.0-693.5.2.el7.x86_64
drwxr-xr-x   3 root root 1024 15. Sep 09:43 efi
drwxr-xr-x.  2 root root 1024 11. Apr 2016  grub
drwx--.  5 root root 1024 28. Jan 10:31 grub2
-rw-r--r--.  1 root root 40142116 15. Dez 2015
initramfs-0-rescue-34946d7b5edb0946bfb52c0f6cae67af.img
-rw---   1 root root 50402914  6. Dez 09:23
initramfs-3.10.0-693.11.1.el7.x86_64.img
-rw---   1 root root 18149718  6. Dez 09:24
initramfs-3.10.0-693.11.1.el7.x86_64kdump.img
-rw---   1 root root 50405879  5. Jan 09:02
initramfs-3.10.0-693.11.6.el7.x86_64.img
-rw---   1 root root 18150336  5. Jan 09:04
initramfs-3.10.0-693.11.6.el7.x86_64kdump.img
-rw---   1 root root 50402830 28. Jan 10:31
initramfs-3.10.0-693.17.1.el7.x86_64.img
-rw---   1 root root 18147918 28. Jan 10:33
initramfs-3.10.0-693.17.1.el7.x86_64kdump.img
-rw---   1 root root 50341850 15. Sep 09:45
initramfs-3.10.0-693.2.2.el7.x86_64.img
-rw---   1 root root 18147818 22. Okt 10:07
initramfs-3.10.0-693.2.2.el7.x86_64kdump.img
-rw---   1 root root 50393743 24. Okt 09:39
initramfs-3.10.0-693.5.2.el7.x86_64.img
-rw---   1 root root 18146720 24. Okt 09:40
initramfs-3.10.0-693.5.2.el7.x86_64kdump.img
-rw-r--r--.  1 root root   611928 15. Sep 09:45 initrd-plymouth.img
drwx--   2 root root12288 25. Mai 2016  lost+found
-rw-r--r--   1 root root   293093  5. Dez 01:07
symvers-3.10.0-693.11.1.el7.x86_64.gz
-rw-r--r--   1 root root   293110  4. Jan 02:21
symvers-3.10.0-693.11.6.el7.x86_64.gz
-rw-r--r--   1 root root   293109 25. Jan 21:28
symvers-3.10.0-693.17.1.el7.x86_64.gz
-rw-r--r--   1 root root   293064 13. Sep 00:40
symvers-3.10.0-693.2.2.el7.x86_64.gz
-rw-r--r--   1 root root   293084 20. Okt 22:59
symvers-3.10.0-693.5.2.el7.x86_64.gz
-rw---   1 root root  3228852  5. Dez 01:04
System.map-3.10.0-693.11.1.el7.x86_64
-rw---   1 root root  3232490  4. Jan 02:19
System.map-3.10.0-693.11.6.el7.x86_64
-rw---   1 root root  3232454 25. Jan 21:26
System.map-3.10.0-693.17.1.el7.x86_64
-rw---   1 root root  3228852 13. Sep 00:38
System.map-3.10.0-693.2.2.el7.x86_64
-rw---   1 root root  3228852 20. Okt 22:56
System.map-3.10.0-693.5.2.el7.x86_64
-rwxr-xr-x.  1 root root  5156528 15. Dez 2015
vmlinuz-0-rescue-34946d7b5edb0946bfb52c0f6cae67af
-rwxr-xr-x   1 root root  5877504  5. Dez 01:05
vmlinuz-3.10.0-693.11.1.el7.x86_64
-rw-r--r--   1 root root  171  5. Dez 01:05
.vmlinuz-3.10.0-693.11.1.el7.x86_64.hmac
-rwxr-xr-x   1 root root  5889728  4. Jan 02:19
vmlinuz-3.10.0-693.11.6.el7.x86_64
-rw-r--r--   1 root root  171  4. Jan 02:19
.vmlinuz-3.10.0-693.11.6.el7.x86_64.hmac
-rwxr-xr-x   1 root root  5890720 25. Jan 21:26
vmlinuz-3.10.0-693.17.1.el7.x86_64
-rw-r--r--   1 root root  171 25. Jan 21:26
.vmlinuz-3.10.0-693.17.1.el7.x86_64.hmac
-rwxr-xr-x   1 root root  5878848 13. Sep 00:38
vmlinuz-3.10.0-693.2.2.el7.x86_64
-rw-r--r--   1 root root  170 13. Sep 00:38
.vmlinuz-3.10.0-693.2.2.el7.x86_64.hmac
-rwxr-xr-x   1 root root  5878368 20. Okt 22:56
vmlinuz-3.10.0-693.5.2.el7.x86_64
-rw-r--r--   1 root root  170 20. Okt 22:56
.vmlinuz-3.10.0-693.5.2.el7.x86_64.hmac

#  cat /etc/grub2.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
set pager=1

if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="${saved_entry}"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then

Re: [CentOS] File access in Apache 2.4

2017-11-23 Thread Alexander Farber 
Hi David,

On Tue, Nov 21, 2017 at 3:19 AM, david  wrote:

> I'm having file-access problems in Apache 2.4 under Centos 7.  In
> particular:
>
> - I have a file that's readable to every user and every application,
> (writeable by only one user), but my CGI scripts cannot read it.
>
> - Some of my CGI scripts need temporary storage for some files.  They are,
> for example, some internal log files, tnat get cleaned up over time, but I
> want to be able to look at them (as root).  Where would you suggest they be
> placed?  I've tried /tmp/my_private_files/, and /var/tmp/my_private_files/,
> but Apache fails to find even the directory.
>


in the /usr/lib/systemd/system/httpd.service file change PrivateTmp=true to
PrivateTmp=false
and then "systemctl daemon-reload" and "systemctl restart httpd"

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] An rpm package with country flags in PNG format for CentOS 6

2017-02-10 Thread Alexander Farber 
awstats is good suggestion, thank you Frank

Also found https://github.com/hjnilsson/country-flags - public domain and
any size
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] An rpm package with country flags in PNG format for CentOS 6

2017-02-10 Thread Alexander Farber 
Hello fellow CentOS users,

does anybody please know a package for CentOS 6 with at least 200 country
flag images in PNG format and (lowercased or uppercased) ISO-conform
2-letter naming (like "us.png", "de.png", "ru.png", ...)?

This does not have to be a specific graphic-related package, but can be
anything - like a Nagios package, or maybe KDE-help package...

I am looking for a package to install at my CentOS 6 LAMP server and to
(ab)use those images to display the country flags on the served webpages.

Thank you for any ideas
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

2016-08-31 Thread Alexander Farber 
You should have provided more info initially.

"goes out in text format" might mean several things.

On Wed, Aug 31, 2016 at 5:31 PM, Arun Khan <knu...@gmail.com> wrote:

> On Wed, Aug 31, 2016 at 7:58 AM, Alexander Farber
> <alexander.far...@gmail.com> wrote:
> > logwatch is run as cronjob.
>
> Let's take cron out of the picture.  Invoking logwatch from an
> interactive shell -- no joy.  The report still goes out in text
> format.
>
> -- Arun Khan
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

2016-08-31 Thread Alexander Farber 
logwatch is run as cronjob.

On Wed, Aug 31, 2016 at 4:11 PM, Arun Khan <knu...@gmail.com> wrote:

> On Mon, Aug 29, 2016 at 10:24 PM, Alexander Farber
> <alexander.far...@gmail.com> wrote:
> > No, I mean there is sometimes a variable for mail format too:
>
> The HTML formatting is a logwatch option, invoked through the
> logwatch.conf file.
>
> -- Arun Khan
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

2016-08-29 Thread Alexander Farber 
No, I mean there is sometimes a variable for mail format too:

# crontab -l
CONTENT_TYPE="text/plain; charset=utf-8"
MAILFROM=webmas...@xxx.de
MAILTO=alexander.far...@xxx.com
LANG=en_US.UTF-8
PGHOST=/tmp
#minute hourmdaymonth   wdaycommand


On Tue, Aug 30, 2016 at 3:37 AM, Arun Khan <knu...@gmail.com> wrote:

> On Sun, Aug 28, 2016 at 10:56 PM, Alexander Farber
> <alexander.far...@gmail.com> wrote:
> > Maybe the format is set in
> >
> > sudo crontab -l
>
> You mean in the way it is invoked from the cron entry?
>
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

2016-08-28 Thread Alexander Farber 
Maybe the format is set in

sudo crontab -l

Am Montag, 29. August 2016 schrieb Arun Khan :

> CentOS 6 (amd64) up to date with latest security / bug fixes.
>
> The logwatch reports come in plain text even though the config states HTML.
>
> 
> mailer = "/usr/sbin/sendmail -t"
> TmpDir = /tmp
> MailFrom = logwa...@example.com 
> MailTo = admin1 admin2 admin3
> Range = yesterday
> Detail = Medium
> HostName = www.example.com
> Print = No
> Output = mail
> Format = html
> 
>
> The same settings in Debian/Ubuntu servers send the reports in HTML format.
>
> In my search, I did not come across any solution for CentOS 6.
>
> Any ideas on how to get logwatch to generate HTML reports?
>
> Thanks for your help.
>
> -- Arun Khan
> ___
> CentOS mailing list
> CentOS@centos.org 
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] haproxy + Apache + virtual hosts -> wrong host is displayed

2016-06-24 Thread Alexander Farber 
Ok, I had to add ServerAlias for each server, didn't think of it because
before I had a mod_rewrite rule to remove the "www." prefix...

On Fri, Jun 24, 2016 at 9:58 PM, Alexander Farber <
alexander.far...@gmail.com> wrote:

>
> On CentOS 7.2.1511 I have installed:
> haproxy-1.5.14-3.el7.x86_64
> httpd-2.4.6-40.el7.centos.1.x86_64
>
> The /etc/haproxy/haproxy.cfg binds HAProxy to
> ports 80 and 443 and accepts HTTPS to slova.de:
>
> defaults
> modehttp
> option http-server-close
> option forwardfor   except 127.0.0.0/8
> option  redispatch
> 
> frontend public
> bind 144.76.184.151:80
> bind 144.76.184.151:443 ssl crt /etc/pki/tls/certs/slova.de.pem
> reqidel ^X-Forwarded-Proto:
> reqidel ^X-Forwarded-For:
> reqadd X-Forwarded-Proto:\ https if { ssl_fc }
> option forwardfor
> default_backend apache
>
> backend apache
> server domain 127.0.0.1:8080
>
> The /etc/httpd/conf/httpd.conf binds Apache
> to port 8080 and serves several Wordpress sites:
>
> Listen 127.0.0.1:8080
> ServerName 144.76.184.151
>
> 
> DocumentRoot /var/www/html/afarber.de
> ServerName afarber.de
> ErrorLog logs/afarber.de/error_log
> CustomLog logs/afarber.de/access_log common
> 
>
> 
> DocumentRoot /var/www/html/ruhrgebietsingle.de
> ServerName ruhrgebietsingle.de
> ErrorLog logs/ruhrgebietsingle.de/error_log
> CustomLog logs/ruhrgebietsingle.de/access_log common
> 
>
> 
> DocumentRoot /var/www/html/bukvy.de
> ServerName bukvy.de
> ErrorLog logs/bukvy.de/error_log
> CustomLog logs/bukvy.de/access_log common
> 
>
> 
> DocumentRoot /var/www/html/slova.de
> ServerName slova.de
> ErrorLog logs/slova.de/error_log
> CustomLog logs/slova.de/access_log common
> 
>
> When I open http://slova.de or https://slova.de <https://www.slova.de>
> they work fine. But when I try to open same URLs
> with "www." prepended, the browser displays
> http://afarber.de <http://ruhrgebietsingle.de> (the 1st site out of 4)
>
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] haproxy + Apache + virtual hosts -> wrong host is displayed

2016-06-24 Thread Alexander Farber 
Hello,

I hope my question is not off-topic here.

On CentOS 7.2.1511 I have installed:
haproxy-1.5.14-3.el7.x86_64
httpd-2.4.6-40.el7.centos.1.x86_64

The /etc/haproxy/haproxy.cfg binds HAProxy to
ports 80 and 443 and accepts HTTPS to slova.de:

defaults
modehttp
option http-server-close
option forwardfor   except 127.0.0.0/8
option  redispatch

frontend public
bind 144.76.184.151:80
bind 144.76.184.151:443 ssl crt /etc/pki/tls/certs/slova.de.pem
reqidel ^X-Forwarded-Proto:
reqidel ^X-Forwarded-For:
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
option forwardfor
default_backend apache

backend apache
server domain 127.0.0.1:8080

The /etc/httpd/conf/httpd.conf binds Apache
to port 8080 and serves several Wordpress sites:

Listen 127.0.0.1:8080
ServerName 144.76.184.151


DocumentRoot /var/www/html/afarber.de
ServerName afarber.de
ErrorLog logs/afarber.de/error_log
CustomLog logs/afarber.de/access_log common



DocumentRoot /var/www/html/ruhrgebietsingle.de
ServerName ruhrgebietsingle.de
ErrorLog logs/ruhrgebietsingle.de/error_log
CustomLog logs/ruhrgebietsingle.de/access_log common



DocumentRoot /var/www/html/bukvy.de
ServerName bukvy.de
ErrorLog logs/bukvy.de/error_log
CustomLog logs/bukvy.de/access_log common



DocumentRoot /var/www/html/slova.de
ServerName slova.de
ErrorLog logs/slova.de/error_log
CustomLog logs/slova.de/access_log common


When I open http://slova.de or https://www.slova.de
they work fine. But when I try to open same URLs
with "www." prepended, the browser displays
http://ruhrgebietsingle.de (the 2nd site out of 4)

Why does it happen? I just can not figure it out.

What tool would help here to debug?

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?

2016-06-21 Thread Alexander Farber 
I think I have finally figured it out -

http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html

says that "-j REDIRECT" is just a shortcut for "-j DNAT" with destination
address being the one of the interface:

"There is a specialized case of Destination NAT called redirection: it is a
simple convenience which is exactly equivalent to doing DNAT to the address
of the incoming interface."

And in my case that just can not work, because my CentOS 7 server has 4 IP
addresses.

(I am sorry, that I haven't mentioned it, because I didn't think it would
matter).

At "eth0" port 80 I have Apache+WordPress (which can drop root rights).

And at "eth0:1" port 8080 I run Jetty (which can not drop root rights). But
I need Jetty at port 80 (so that websockets work for corporate users behind
proxies) and I want it to run as user "nobody".

So I have created a custom systemd service file
/etc/systemd/system/websocket-handler.service to start Jetty:

[Unit]
Description=WebSocket Handler Service
After=network-online.target

[Service]
Type=simple
User=nobody
Group=nobody
ExecStart=/usr/bin/java -classpath '/usr/share/java/jetty/*'
de.afarber.MyHandler 144.76.184.151:8080
ExecStop=/bin/kill ${MAINPID}
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

And now I have figured out, how to redirect the incoming requests with
net.ipv4.ip_forward=1 in /etc/sysctl.conf and with the following
/etc/sysconfig/iptables:

*filter
:INPUT DROP
:OUTPUT ACCEPT
:FORWARD DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 25,80,443,8080
-j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 22 --tcp-flags FIN,SYN,RST,ACK
SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
-A FORWARD -p tcp --dst 144.76.184.154 --dport 8080 -j ACCEPT
COMMIT

*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
-A PREROUTING -p tcp --dst 144.76.184.154 --dport 80 -j DNAT
--to-destination 144.76.184.154:8080
COMMIT

The only thing that I don't understand is if

:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT

is ok (and what it means here) or if I should use DROP.

I have tried few combinations... but I am not sure

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?

2016-06-21 Thread Alexander Farber 
Hello Gordon and others

On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.mess...@gmail.com>
wrote:

> On 06/21/2016 02:30 AM, Alexander Farber wrote:
>
>> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
>> --to-ports 8080
>>
>
>
> I think you have the ports backward, here.
>

here the problem description again:

I have Jetty running as user "nobody" at the port 8080.

I need to redirect incoming HTTP requests to port 80 to the above port.

(So I don't think I have ports backwards).

Here is my current /etc/sysconfig/iptables:

*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
:FORWARD ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports
25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
-A FORWARD -p tcp -m tcp --dst 144.76.184.154 --dport 8080 -j ACCEPT
COMMIT

*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
-A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT
--to-port 80
COMMIT

And here is my /etc/sysctl.conf:

net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

Unfortunately, the redirect does not work:

When I browse to my site port 8080, I see Jetty.

When I browse to my site port 80, connection is refused.

Here I print the tables:

#  iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all  --  anywhere anywhere
ACCEPT icmp --  anywhere anywhere icmp any
ACCEPT tcp  --  anywhere anywhere tcp state NEW
multiport dports smtp,http,https,webcache
ACCEPT tcp  --  anywhere anywhere tcp dpt:ssh
flags:FIN,SYN,RST,ACK/SYN state NEW limit: avg 2/min burst 1

Chain FORWARD (policy ACCEPT)
target prot opt source   destination
ACCEPT tcp  --  anywhere afarber.de   tcp
dpt:webcache

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source   destination
REDIRECT   tcp  --  anywhere afarber.de   tcp
dpt:webcache redir ports 80

Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source   destination

Please help
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?

2016-06-21 Thread Alexander Farber 
Hello again,

unfortunately the following /etc/sysconfig/iptables file does not work:

*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
#-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
--to-ports 8080
COMMIT

*filter
:INPUT DROP
:OUTPUT ACCEPT
:FORWARD DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports
25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
COMMIT

I need incoming HTTP-connections to 144.76.184.154:80
to be redirected to 144.76.184.154:8080 (where Jetty is listening
as user "nobody"), but for some reason this does not happen.

When I browse to http://144.76.184.154:8080 then I see Jetty response.

But when I browse to http://144.76.184.154 nothing is returned.

Can anybody please spot the error for me?

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?

2016-06-20 Thread Alexander Farber 
Good evening,

on a CentOS 7 LAMP (not gateway) dedicated server I am
using iptables-services with the following /etc/sysconfig/iptables:


*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports
25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
COMMIT


Also I am running Jetty as user "nobody" at the port 8080 using
the /etc/systemd/system/websocket-handler.service file:

[Unit]
Description=WebSocket Handler Service
After=network-online.target

[Service]
Type=simple
User=nobody
Group=nobody
ExecStart=/usr/bin/java -classpath '/usr/share/java/jetty/*'
de.afarber.MyHandler 144.76.184.151:8080
ExecStop=/bin/kill ${MAINPID}
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target


However I actually need my Jetty program to run at port 80 - so that users
behind corporate firewalls can connect too.

The Jetty doc at
https://www.eclipse.org/jetty/documentation/current/setting-port80-access.html
suggests to run the command

# iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

but I can not figure out the corresponding line for the
/etc/sysconfig/iptables

I have tried running the above command and then "iptables -S" to see the
added rule, but that didn't really work.

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Error: Could not find or load main class with OpenJDK and Oracle Java

2016-06-17 Thread Alexander Farber 
Nevermind, I had to move my test file under
thepackagename/TheClassName.class and then it runs fine.

However my real program [1] consisting of few jar-files still
does not run on CentOS (while running fine on Windows).

I have to investigate more and will ask a separate question.

Regards
Alex

[1]: https://github.com/afarber/jetty-newbie/tree/master/WebsocketHandler
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Error: Could not find or load main class with OpenJDK and Oracle Java

2016-06-17 Thread Alexander Farber 
Hello fellow Linux users,

on CentOS 7.2 I have successfully downloaded and installed Oracle Java [1]
with:

# rpm -Uvh jdk-8u91-linux-x64.rpm

Also there is already OpenJDK installed:

# rpm -qa | grep -i jdk
java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.x86_64
java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.x86_64
jdk1.8.0_91-1.8.0_91-fcs.x86_64

I can switch between the 2 using this command:

# alternatives --config java

There are 2 programs which provide 'java'.

  SelectionCommand
---
*  1
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.x86_64/jre/bin/java
 + 2 /usr/java/jdk1.8.0_91/jre/bin/java

Enter to keep the current selection[+], or type selection number:

And see the selected version with:

# java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)

# javac -version
javac 1.8.0_91

Now to my problem please -

I have created a simple java file named TheClassName.java:

package thepackagename;

public class TheClassName {
public static final void main(String[] args)  {
System.out.println("Hello World!");
}
}

After successfully compiling it with "javac TheClassName.java"
(which produces TheClassName.class file in the same dir)
I unfortunately can not run it:

# java -cp . thepackagename.TheClassName
Error: Could not find or load main class thepackagename.TheClassName

Here another try:

# export
JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.x86_64/jre

# $JAVA_HOME/bin/java -cp . thepackagename.TheClassName
Error: Could not find or load main class thepackagename.TheClassName

Setting another environment variable does not help either:

# export CLASSPATH=.

Similar command on Windows 7 works well and I have tried
copying the TheClassName.class file from there to Linux too.

The setting is SELINUX=disabled and the server
was installed few weeks ago, serving (without errors) as
LAMP with MySQL/PostgreSQL/Apache/WordPress.

Any suggestions please, have I missed anything?

Regards
Alex

  [1]: http://www.oracle.com/technetwork/java/javase/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables.service listed as: not-found inactive dead

2016-05-31 Thread Alexander Farber 
Thank you, I have put my firewall rules into /etc/sysconfig/iptables:

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports
25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
COMMIT
Then issued the commands (there was no firewalld installed):

# yum install iptables-services
# systemctl enable iptables
# systemctl start iptables

And it seems to work well now

Regards
Alex

On Tue, May 31, 2016 at 3:29 PM, Marcelo Roccasalva <
marcelo-cen...@irrigacion.gov.ar> wrote:

> On Tue, May 31, 2016 at 9:57 AM, Alexander Farber <
> alexander.far...@gmail.com> wrote:
>
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html
> >
> > I try to enable iptables with following commands:
> >
> > # cat /etc/centos-release
> > CentOS Linux release 7.2.1511 (Core)
> >
> > # rpm -qa | grep iptables
> > iptables-1.4.21-16.el7.x86_64
> >
>
> ​you need iptables-services rpm (and disable/remove firewalld)​
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] iptables.service listed as: not-found inactive dead

2016-05-31 Thread Alexander Farber 
Hello fellow CentOS users,

on a freshly installed 7.2 machine and after reading

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html

I try to enable iptables with following commands:

# cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)

# rpm -qa | grep iptables
iptables-1.4.21-16.el7.x86_64

# sudo systemctl list-units --type service --all | grep iptables
● iptables.service   not-found inactive dead
 iptables.service

# sudo systemctl enable iptables.service
Failed to execute operation: No such file or directory

What missing file is meant here please?

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Alexander Farber 
What about SO_LINGER at the Linux side, have you tried that?
http://stackoverflow.com/questions/3757289/tcp-option-so-linger-zero-when-its-required

On Fri, Jan 16, 2015 at 1:18 PM, Glenn Eychaner geycha...@mac.com wrote:
 Since you always use the same local port -
 maybe you need to set SO_REUSEADDR option.

 I assume I would have to set that on the client (DOS) side (the box which is
 using the same local port 1025 each time); setting it on the bound-listener
 socket on the Linux side doesn't seem like it would do anything to resolve
 the issue, based on my reading of SO_REUSEADDR on the net:
 http://www.unixguide.net/network/socketfaq/4.5.shtml
 http://stackoverflow.com/questions/14388706/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-15 Thread Alexander Farber 
Since you always use the same local port -
maybe you need to set SO_REUSEADDR option.

Greetings from Germany
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Changing LANG from de_DE to en_US in CentOS 6

2014-12-21 Thread Alexander Farber 
Hello,

on a Macbook with OSX Yosemite (which prints de_DE.UTF-8 as value of
$LANG in Terminal) and VmWare Fusion 7 I have installed CentOS 6.6
minimal.

When I ssh to my new VM as root, the $LANG is de_DE.UTF-8 too.

I would like it to be en_US.UTF-8 instead.

I have grepped /etc and /root for de_DE, but nothing is found there.

Grepping for LANG in /etc gives many results, esp. /etc/sysconfig/i18n contains:

   LANG=en_US.UTF-8
   SYSFONT=latarcyrheb-sun16

So where does the change to de_DE happen and what is the best spot in
CentOS 6 to set that to en_US.UTF-8

(I understand that I could set LANG in /root/.bash_profile but am
looking for a better place to do that).

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Not To James B. Byrne

2014-11-14 Thread Alexander Farber 
On Wed, Nov 12, 2014 at 4:46 PM, Kai Schaetzl mailli...@conactive.com wrote:
 That's ridiculous, you don't even know what's wrong or if it's wrong at
 all or what you want him to do but you have to cry it out loud to the list
 to put social pressure on him.

No, actually it's more like you have to get out of a bus -
And you ask a person at the door to move a bit.
Then suddenly some passengers turn to you and shout:
You don't even know how to drive a bus. :-))

Greetings from Germany
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] To James B. Byrne

2014-11-11 Thread Alexander Farber 
Dear James,

everyday I look into my Gmail SPAM folder and your mails (sent to
Centos list) are there. Noone else is there but you.

Please finally fix your MX records or whatever is needed. No offence

Greetings from Germany
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] To James B. Byrne

2014-11-11 Thread Alexander Farber 
And ignore the Chrome people getting
the certificate warning at https://harte-lyne.ca too ;-)


On Tue, Nov 11, 2014 at 5:24 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
 Dear James,

 I for one would suggest: just ignore what gmail people are saying about
 your MX records.

 No offense intended. Just moral support meant.

 Valeri

 On Tue, November 11, 2014 10:16 am, Alexander Farber wrote:
 Dear James,

 everyday I look into my Gmail SPAM folder and your mails (sent to
 Centos list) are there. Noone else is there but you.

 Please finally fix your MX records or whatever is needed. No offence

 Greetings from Germany
 Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] To James B. Byrne

2014-11-11 Thread Alexander Farber 
Of couse I could explain my Gmail mailbox not move messages by James -
but I assumed the person sending 3-4 messages daily to this mailing list
might be asked to consider to fix his own settings (MX and http certificate).

The Chrome warning for harte-lyne.ca looks dreadful by the way.

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] To James B. Byrne

2014-11-11 Thread Alexander Farber 
Reindl, you should relax a bit.

I didn't mean exactly MX, just meant a heads up to take a look at
own configs.

I like how you defend using a broken http cert.

Regards
Alex


On Tue, Nov 11, 2014 at 7:42 PM, Reindl Harald h.rei...@thelounge.net wrote:

 Am 11.11.2014 um 19:34 schrieb Alexander Farber:

 Of couse I could explain my Gmail mailbox not move messages by James -
 but I assumed the person sending 3-4 messages daily to this mailing list
 might be asked to consider to fix his own settings (MX and http
 certificate)


 you could also stop talking about things you don't have any clue - the MX
 has nothing to do with outgoing mail and SPF is as explained also not the
 reason

 it's the *list software* mangle DKIM signed messages

 The Chrome warning for harte-lyne.ca looks dreadful by the way


 WTF - whatever certificate is used on a website has no business in context
 of mail and any software crying in context of mail because a self signed
 website certificate is broken

 complain at Chrome!

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help for issue with /etc/ppp/ip-down in Centos 6.4 64 bits

2014-09-01 Thread Alexander Farber 
Have you tried:

# fgrep -r ip-down /etc


On Mon, Sep 1, 2014 at 11:35 AM, nampt2 nam_phamt...@yahoo.com wrote:


 I have question about /etc/ppp/ip-down

 What 's the script call this one when ppp interface down ?
 Or how can i check it's working ?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide

2014-08-18 Thread Alexander Farber 
Thanks Adam, it works for me now and I have summarized my setup at:


http://serverfault.com/questions/619537/use-postfix-and-spamassassin-packages-on-centos-6-to-reject-spam-without-custo

I don't see a reason to add a milter or amavis - because my server is
idling.

Regards
Alex



On Thu, Aug 14, 2014 at 2:23 PM, Adam King ki...@sghs.org.uk wrote:

 A message to the original poster do you still need help?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide

2014-08-12 Thread Alexander Farber 
Hello again,

here is my solution on how to use Postfix + Spamassassin on CentOS in 4
steps:

1) yum install spamassassin

2) useradd spam

3) Add the following line to /etc/postfix/header_checks:

/^Subject: \[SPAM\]/ DISCARD

4) Add the following lines to /etc/postfix/master.cf:

smtp inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

More details:

http://serverfault.com/questions/619537/use-postfix-and-spamassassin-packages-on-centos-6-to-reject-spam-without-custo

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide

2014-08-11 Thread Alexander Farber 
Hello fellow CentOS-users,

on the net there are lots of Spamassassin related HOWTOs - describing how
to create a shell script for Postfix and how to install Spamassassin and
start its spamd daemon - step by step. Additionally antivirus setups are
described...

But I have a strong feeling, that this is unneeded on CentOS 6 - because
there are already preconfigured stock packages for postfix and spamassassin.

So I have installed the both packages and I have configured postfix (it
works fine).

Also I have started the spamd (and can see it in ps uawx) with:

# chkconfig spamassassin on
# service spamassassin start

So I'm just missing the connection between postfix and spamd.

Could anybody using these 2 programs on CentOS 6 please share it with me?

Should I add something (involving spamc?) into /etc/postfix/master.cf?

Thank you
Alex

P.S. Below is my postconf -n. I accept mails (here I'd like to filter
spam) for 6 virtual domains and then forward them to different GMail
accounts:

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

header_checks = pcre:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

inet_protocols = ipv4

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

mydestination = $myhostname, localhost.$mydomain, localhost

myhostname = www.afarber.de

newaliases_path = /usr/bin/newaliases.postfix

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

sample_directory = /usr/share/doc/postfix-2.6.6/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_destination_concurrency_limit = 2

smtp_destination_rate_delay = 40s

smtp_generic_maps = hash:/etc/postfix/generic

unknown_local_recipient_reject_code = 550

virtual_alias_domains = videoskat.de balkan-preferans.de simplex.ru
larissa-farber.de bukvy.de slova.de

virtual_alias_maps = hash:/etc/postfix/virtual
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide

2014-08-11 Thread Alexander Farber 
Hi Adam,

there is no spamd.conf file in the spamassassin package for CentOS 6:

 # rpm -ql spamassassin|grep -i spamd.conf
 #

That's the point of my question: I am looking for advice for how to use the
postfix and spamassassin packages - i.e. not installing both programs
manually from scratch.

(Unless I have misunderstood your question, then I am sorry).

Regards
Alex


On Mon, Aug 11, 2014 at 1:04 PM, Adam King ki...@sghs.org.uk wrote:

 whats your database user in spamd.conf?


 - Original Message -
 From: Alexander Farber alexander.far...@gmail.com

 So I have installed the both packages and I have configured postfix (it
 works fine).

 Also I have started the spamd (and can see it in ps uawx) with:

 # chkconfig spamassassin on
 # service spamassassin start

 So I'm just missing the connection between postfix and spamd.

 Could anybody using these 2 programs on CentOS 6 please share it with me?

 Should I add something (involving spamc?) into /etc/postfix/master.cf?
 .

 P.S. Below is my postconf -n. I accept mails (here I'd like to filter
 spam) for 6 virtual domains and then forward them to different GMail
 accounts:

 alias_database = hash:/etc/aliases

 alias_maps = hash:/etc/aliases

 command_directory = /usr/sbin

 config_directory = /etc/postfix

 daemon_directory = /usr/libexec/postfix

 data_directory = /var/lib/postfix

 debug_peer_level = 2

 header_checks = pcre:/etc/postfix/header_checks

 html_directory = no

 inet_interfaces = all

 inet_protocols = ipv4

 mail_owner = postfix

 mailq_path = /usr/bin/mailq.postfix

 manpage_directory = /usr/share/man

 mydestination = $myhostname, localhost.$mydomain, localhost

 myhostname = www.afarber.de

 newaliases_path = /usr/bin/newaliases.postfix

 queue_directory = /var/spool/postfix

 readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

 sample_directory = /usr/share/doc/postfix-2.6.6/samples

 sendmail_path = /usr/sbin/sendmail.postfix

 setgid_group = postdrop

 smtp_destination_concurrency_limit = 2

 smtp_destination_rate_delay = 40s

 smtp_generic_maps = hash:/etc/postfix/generic

 unknown_local_recipient_reject_code = 550

 virtual_alias_domains = videoskat.de balkan-preferans.de simplex.ru
 larissa-farber.de bukvy.de slova.de

 virtual_alias_maps = hash:/etc/postfix/virtual
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide

2014-08-11 Thread Alexander Farber 
Hello again, here is what I'm trying at my CentOS 6.5:

1) Installed postfix and spamassassin packages
2) Configured postfix - it works well (I omit details here)
3) Added -x to the SPAMDOPTIONS in /etc/sysconfig/spamassassin
4) Added the following 2 lines to the /etc/postfix/master.cf:

smtp inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

Unfortunately, when I send the test SPAM mail with the subject
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

- it still comes through! (And the subject isn't rewritten).

I wonder, what have I missed? My /var/log/maillog is below.

I've also asked my question at
http://serverfault.com/questions/619537/use-postfix-and-spamassassin-packages-on-centos-6-to-reject-spam-without-custo

Regards
Alex

postfix/postfix-script[2546]: starting the Postfix mail system
postfix/master[2547]: daemon started -- version 2.6.6, configuration
/etc/postfix
postfix/qmgr[2550]: D5B19807033: from=bsdglvlcwc...@yandex.ru, size=1843,
nrcpt=1 (queue active)
postfix/qmgr[2550]: 831CA809733: from=equipment...@saic.com, size=41369,
nrcpt=1 (queue active)
postfix/qmgr[2550]: 42B7A80A312: from=minzhigrou...@minzhigroup.vicp.cc,
size=4399, nrcpt=1 (queue active)
postfix/qmgr[2550]: AED94809D29: from=market...@groupmenumagazine.co.uk,
size=28035, nrcpt=1 (queue active)
postfix/qmgr[2550]: E69AA809D3C: from=, size=3487, nrcpt=1 (queue active)
postfix/qmgr[2550]: 2BDE980A61B: from=haky...@yahoo.co.jp, size=4073,
nrcpt=1 (queue active)
postfix/qmgr[2550]: 0D37280A51F: from=i...@c21.com, size=7888, nrcpt=1
(queue active)
postfix/smtp[2552]: D5B19807033: host gmail-smtp-in.l.google.com[74.125.136.27]
said: 421-4.7.0 [144.76.184.154  15] Our system has detected an unusual
rate of 421-4.7.0 unsolicited mail originating from your IP address. To
protect our 421-4.7.0 users from spam, mail sent from your IP address has
been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0
http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0
Email Senders Guidelines. l16si23407549wjr.0 - gsmtp (in reply to end of
DATA command)
postfix/smtp[2552]: D5B19807033: to=abram.far...@gmail.com, orig_to=
simp...@simplex.ru, relay=alt1.gmail-smtp-in.l.google.com[74.125.25.27]:25,
delay=6325, delays=6323/0/1.2/0.61, dsn=4.7.0, status=deferred (host
alt1.gmail-smtp-in.l.google.com[74.125.25.27] said: 421-4.7.0
[144.76.184.154  15] Our system has detected an unusual rate of
421-4.7.0 unsolicited mail originating from your IP address. To protect our
421-4.7.0 users from spam, mail sent from your IP address has been
temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0
http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0
Email Senders Guidelines. f7si4794087pdm.22 - gsmtp (in reply to end of
DATA command))
postfix/smtpd[2557]: connect from mail-ie0-f180.google.com[209.85.223.180]
postfix/smtpd[2557]: B3FFF809367: client=mail-ie0-f180.google.com
[209.85.223.180]
postfix/cleanup[2561]: B3FFF809367:
message-id=CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=
ekh...@mail.gmail.com
postfix/qmgr[2550]: B3FFF809367: from=alexander@gmail.com, size=1767,
nrcpt=1 (queue active)
spamd[2034]: spamd: connection from localhost [127.0.0.1] at port 42928
spamd[2034]: spamd: setuid to nobody succeeded
spamd[2034]: spamd: processing message
CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=ekh...@mail.gmail.com for
nobody:99
postfix/smtpd[2557]: disconnect from mail-ie0-f180.google.com
[209.85.223.180]
spamd[2034]: spamd: identified spam (999.9/5.0) for nobody:99 in 0.2
seconds, 1730 bytes.
spamd[2034]: spamd: result: Y 999 -
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,GTUBE,HTML_MESSAGE,T_TO_NO_BRKTS_FREEMAIL
scantime=0.2,size=1730,user=nobody,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=42928,mid=CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=
ekh...@mail.gmail.com,autolearn=no
postfix/pickup[2549]: 3124F80A3DA: uid=99 from=alexander@gmail.com
postfix/cleanup[2561]: 3124F80A3DA:
message-id=CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=
ekh...@mail.gmail.com
postfix/pipe[2562]: B3FFF809367: to=alexander.far...@gmail.com, orig_to=
webmas...@bukvy.de, relay=spamassassin, delay=0.59,
delays=0.37/0.01/0/0.22, dsn=2.0.0, status=sent (delivered via spamassassin
service)
postfix/qmgr[2550]: B3FFF809367: removed
spamd[2032]: prefork: child states: II
postfix/qmgr[2550]: 3124F80A3DA: from=alexander@gmail.com, size=2843,
nrcpt=1 (queue active)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to update MySQL with CentOS 6 in most unintrusive way - in regard to perl and PHP packages

2014-08-05 Thread Alexander Farber 
Dear fellow CentOS users,

for my few hobby projects (web games + forums) I have been using CentOS 5
(then 6) with Drupal and PostgreSQL plus few custom PHP and Perl scripts
written by mysef.

Since PostgreSQL version delivered with CentOS package has been a bit
dated, I always used the PGDG packages:

# rpm -qa | grep -i pgdg

pgdg-centos93-9.3-1.noarch
postgresql93-9.3.5-1PGDG.rhel6.i686
postgresql93-libs-9.3.5-1PGDG.rhel6.i686
postgresql93-server-9.3.5-1PGDG.rhel6.i686

As a web developer this has been a very pleasant experience, since (by some
great magic) all the other CentOS packages (like php-pgsql and perl-DBD-Pg)
just worked with the PGDG packages.

Now I have decided to switch to WordPress for my new projects and am
(sadly) forced to switch the database too:

I have to use MySQL or MariaDB with CentOS 6.5.

So my question is: if anybody can recommend a similarly comfortable package
repository for MySQL/MariaDB - which wouldn't mess up any other CentOS
packages and which would update itself (with yum update).

And please do not suggest something like Fedora or EPEL repositories,
because other than for MySQL/MariaDB I would like not to add any additional
packages to have my server as stable as possible.

Thank you for any hints
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] don't use centos 7 as a developer workstation

2014-08-04 Thread Alexander Farber 
Oh noes, are sed and gzip not included?


On Sun, Aug 3, 2014 at 1:19 PM, Farkas Levente lfar...@lfarkas.org wrote:


 Don't use CentOS 7 as a developer workstation since currently there is
 not included any developer IDE.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Tuning MySQL - what's the best place for mysqld parameters?

2013-11-11 Thread Alexander Farber 
Hello CentOS users,

for a Wordpress website I have installed
mysql-server-5.1.69-1.el6_4.x86_64 and
run /usr/bin/mysql_secure_installation on
a CentOS 6.4 machine with mucho RAM (32 GB)
and I wonder, what would be the best place
for the mysqld parameters descibed at
http://dev.mysql.com/doc/refman/5.1/en/server-parameters.html

mysqld_safe --key_buffer_size=64M --table_open_cache=256 \
   --sort_buffer_size=4M --read_buffer_size=1M 

Should I just edit the file /etc/init.d/mysqld or is
there a better place in CentOS for that (under sysconfig?)

Thanks
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to use watchdog daemon with hardware watchdog driver interface?

2013-09-18 Thread Alexander Farber 
Good morning!

On a CentOS 6.4 / 64 bit server I have
installed the watchdog 5.5 package.

The rpm -qi watchdog states:

The watchdog program can be used as a powerful software watchdog
daemon or may be alternately used with a hardware watchdog device such
as the IPMI hardware watchdog driver interface to a resident Baseboard
Management Controller (BMC).
...
This configuration file is also used to set the watchdog to be used as
a hardware watchdog instead of its default software watchdog
operation.

In the dmesg output of my server
( full text at http://pastebin.com/GbF7dRt7 )
I see such a device:

NMI watchdog enabled, takes one hw-pmu counter.
...
ipmi message handler version 39.2
IPMI System Interface driver.
ipmi_si: Adding default-specified kcs state machine
ipmi_si: Trying default-specified kcs state machine at i/o address
0xca2, slave address 0x0, irq 0
ipmi_si: Interface detection failed
ipmi_si: Adding default-specified smic state machine
ipmi_si: Trying default-specified smic state machine at i/o address
0xca9, slave address 0x0, irq 0
ipmi_si: Interface detection failed
ipmi_si: Adding default-specified bt state machine
ipmi_si: Trying default-specified bt state machine at i/o address
0xe4, slave address 0x0, irq 0
ipmi_si: Interface detection failed
ipmi_si: Unable to find any System Interface(s)
...
iTCO_vendor_support: vendor-support=0
iTCO_wdt: Intel TCO WatchDog Timer Driver v1.07rh
iTCO_wdt: Found a Lynx Point TCO device (Version=2, TCOBASE=0x1860)
iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)

My question is: what should I put into
/etc/watchdog.conf to enable the
hardware watchdog instead of the
default software watchdog mode?

I've also asked this question at
http://serverfault.com/questions/539816/how-to-use-watchdog-daemon-with-hardware-watchdog-driver-interface

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to use watchdog daemon with hardware watchdog driver interface?

2013-09-18 Thread Alexander Farber 
Hello Steve,

yes, I have that device:

# ll /dev/watchdog
crw-rw 1 root root 10, 130 Sep 17 23:21 /dev/watchdog

#  ps uawwx|grep w[a]tchdog
root 6  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/0]
root10  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/1]
root14  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/2]
root18  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/3]
root22  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/4]
root26  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/5]
root30  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/6]
root34  0.0  0.0  0 0 ?SSep17   0:00 [watchdog/7]
root 12175  0.0  0.0   6236  2140 ?SLs  11:11   0:00
/usr/sbin/watchdog -v

# grep -v ^# /etc/watchdog.conf
ping= 144.76.XXX.XXX
admin   = root
logtick = 360
realtime= yes
priority= 1

So you think killing with -9 will indicate
if I have hardware watchdog or just software?

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] MySQL 5.1.69 at CentOS 6.4 doesn't know enable-named-pipe?

2013-09-13 Thread Alexander Farber 
Hello,

I've only had experience with PostgreSQL sofar,
but have now to install MySQL (and WordPress)
on a CentOS 6.4 /64 bit server.

I have installed the mysql-5.1.69-1.el6_4.x86_64
package and executed the following commands:

# chkconfig mysqld on
# service mysqld start
# /usr/bin/mysqladmin -u root password 'x'
# /usr/bin/mysql_secure_installation

Then I've noticed that mysqld_safe process
is listening at 0.0.0.0 and decided to change that -
so that my WordPress installation only uses
domain sockets (or unix pipes? not sure).

So I've modified the /etc/my.cnf to:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
bind-address = localhost
skip-networking
enable-named-pipe

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

But now MySQL refuses to start:

# service mysqld restart
Stopping mysqld:   [  OK  ]
MySQL Daemon failed to start.
Starting mysqld:   [FAILED]

The  /var/log/mysqld.log contains:

 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
  InnoDB: Initializing buffer pool, size = 8.0M
  InnoDB: Completed initialization of buffer pool
  InnoDB: Started; log sequence number 0 44233
 [ERROR] /usr/libexec/mysqld: unknown option '--enable-named-pipe'
 [ERROR] Aborting
  InnoDB: Starting shutdown...
  InnoDB: Shutdown completed; log sequence number 0 44233
 [Note] /usr/libexec/mysqld: Shutdown complete
 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended

I've searched Google and grepped
/usr/share/mysql/*.cnf for that directive,
but haven't found any hints there.

Any hints please?

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] MySQL 5.1.69 at CentOS 6.4 doesn't know enable-named-pipe?

2013-09-13 Thread Alexander Farber 
Thank you, that was it.

I didn't realize mysqld-nt means Windows only
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Make server reboot by itself instead of dropping to kernel debugger

2013-08-23 Thread Alexander Farber 
Hello,

on OpenBSD if you put ddb.panic=0
into /etc/sysctl.conf, the server won't
drop into debugger on kernel panic.

Is there please a similar setting
for CentOS 6.4 / 64 bit?

The background is that I have a new
dedicated server with Haswell CPU
and once a month it is stuck, displaying
kernel trace (the other users at my
hoster have similar problems).

So the users of my web site complain.

I'd prefer my web server to just reboot

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Make server reboot by itself instead of dropping to kernel debugger

2013-08-23 Thread Alexander Farber 
I've ended up doing this (hope it's valid for CentOS 6.4):

# echo 10  /proc/sys/kernel/panic
# echo kernel.panic=10  /etc/sysctl.conf
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Make server reboot by itself instead of dropping to kernel debugger

2013-08-23 Thread Alexander Farber 
Thank you, I have this

# dmesg|grep -i watch
NMI watchdog enabled, takes one hw-pmu counter.
iTCO_wdt: Intel TCO WatchDog Timer Driver v1.07rh

do you have any tips or doc pointers?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Make server reboot by itself instead of dropping to kernel debugger

2013-08-23 Thread Alexander Farber 
Ok, sorry - I've found the man watchdog and man watchdog.conf
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Make server reboot by itself instead of dropping to kernel debugger

2013-08-23 Thread Alexander Farber 
I am not sure though, if I need to start
the watchdog daemon at all -
because I altready have these lines in my dmesg:

iTCO_vendor_support: vendor-support=0
iTCO_wdt: Intel TCO WatchDog Timer Driver v1.07rh
iTCO_wdt: Found a Lynx Point TCO device (Version=2, TCOBASE=0x1860)
iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)

Does it mean there is some hardware watchdog
active at my CentOS 6.4 / 64 bit (Haswell CPU) server already?

Thank you for any hints
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6.4 with VMWare Fusion on MBA 2013

2013-07-12 Thread Alexander Farber 
Hello,

is anybody successfully using CentOS 6.4
with VMWare Fusion 5 on a Macbook?

I have tried moving a CentOS 6.4 VM from
VMWare Workstation on Win 7 (where it works well)
to VMWare Fusion on a Macbook Air (2013)
and when it boots it says:

Detected CPU family 6 model 69

unsupported hardware device

After that a progress bar is displayed at
the bottom and CentOS 6.4 on the right bottom.

The progress bar fills and then - nothing happens

Thank you for any hints
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Finding matching words in a word game

2013-03-05 Thread Alexander Farber 
Hello,

is there maybe a clever way of finding all possible words
from a given set of letters by means of PostgreSQL
(i.e. inside the database vs. scanning all database
rows by a PHP script, which would take too long) -
if the dictionary is kept in a simple table like:

create table good_words (
word varchar(16) primary key,
stamp timestamp default current_timestamp
);

I could add a column above, where same letters as in word
would be sorted alphabetically... but then I don't know.

I've described my question in more detail at
http://stackoverflow.com/questions/15220072/postgresql-and-word-games

Thank you for any suggestions
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Finding matching words in a word game

2013-03-05 Thread Alexander Farber 
I apologize - sent to a wrong mailing list!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Using postfix in CentOS 6 to relay mails to first.l...@gmail.com

2013-01-16 Thread Alexander Farber 
Hello -

On Tue, Jan 15, 2013 at 3:05 PM, Wietse Venema wie...@porcupine.org wrote:
 http://www.postfix.org/BASIC_CONFIGURATION_README.html

with CentOS 6 I've ended up adding

inet_interfaces = all
virtual_alias_domains = videoskat.de balkan-preferans.de

to /etc/postfix/main.cf and

@balkan-preferans.de   first.l...@gmail.com
@videoskat.de  first.l...@gmail.com

to /etc/postfix/virtual and then

# postmap /etc/postfix/virtual
# service reload postfix

I've found that in
http://www.postfix.org/VIRTUAL_README.html#virtual_alias

Thanks
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Using postfix in CentOS 6 to relay mails to first.l...@gmail.com

2013-01-15 Thread Alexander Farber 
Hello fellow CentOS users,

I'm using:

# cat /etc/*release
CentOS release 6.3 (Final)

# rpm -qa | grep post
postfix-2.6.6-2.2.el6_1.x86_64

on 2 servers: preferans.de and (yes, funny name)
static.103.78.9.176.clients.your-server.de

I own several domains and would like all
incoming mails addressing those domains
to be forwarded to my Gmail address.

So I have setup the MX-records for my domains:

# host videoskat.de
videoskat.de has address 176.9.40.169
videoskat.de mail is handled by 100 static.103.78.9.176.clients.your-server.de.
videoskat.de mail is handled by 10 preferans.de.

# host balkan-preferans.de
balkan-preferans.de has address 176.9.40.169
balkan-preferans.de mail is handled by 100
static.103.78.9.176.clients.your-server.de.
balkan-preferans.de mail is handled by 10 preferans.de.

And at the both servers I have added:

# head /etc/postfix/virtual
@balkan-preferans.de first.l...@gmail.com
@videoskat.de first.l...@gmail.com

# postmap /etc/postfix/virtual

# postmap -q @videoskat.de /etc/postfix/virtual
first.l...@gmail.com


And have opened port 25 in the firewall:

# grep -w 25 /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports
25,22 -j ACCEPT

But now when I send a mail to s...@videoskat.de
there is nothing to see in postfix logs:

# sudo tail /var/log/maillog
Jan 15 10:50:42 postfix/postfix-script[1401]: starting the Postfix mail system
Jan 15 10:50:42 postfix/master[1402]: daemon started -- version 2.6.6,
configuration /etc/postfix

So I'm probably missing something?

BTW the daily logwatch mails arrive
from both servers just fine at my
Gmail-mailbox first.l...@gmail.com

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Using postfix in CentOS 6 to relay mails to first.l...@gmail.com

2013-01-15 Thread Alexander Farber 
Thanks -

On Tue, Jan 15, 2013 at 2:10 PM, John Doe jd...@yahoo.com wrote:
 Tried both MXs and none answered...

 $ telnet static.103.78.9.176.clients.your-server.de 25
 Trying 176.9.78.103...

I've opened the firewall for 176.9.78.103 only sofar...
(doing hosts one by one).

Is mayb postfix listening for local connections only
in the default CentOS 6 install? I see:

# netstat -an |grep -w 25
tcp0  0 127.0.0.1:250.0.0.0:*
 LISTEN

Thanks
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Doubled up RAM to 32 GB - now how to speed up a LAPP server?

2012-09-29 Thread Alexander Farber 
Dear CentOS users,

I run a small Facebook game at a CentOS 6.3 machine
with PostgreSQL 8.4.3 + few PHP scripts + 1 Perl daemon
and even though the server worked ok,
I've suggested my users to double up the RAM
to 32 GB and they have collected money for that.

Now my problem is that I don't know, which knob
to turn and how to really use the additional memory.

Below is my top output at the peak time (evenings) -
as you see, 27 GB of RAM aren't used:

# top - 18:47:55 up 23:12,  2 users,  load average: 2.17, 2.31, 2.56
Tasks: 246 total,   2 running, 244 sleeping,   0 stopped,   0 zombie
Cpu(s): 12.1%us,  0.2%sy,  0.0%ni, 87.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:  32790380k total,  5296664k used, 27493716k free,   197132k buffers
Swap:  2096056k total,0k used,  2096056k free,  3815840k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
12363 postgres  20   0 4376m 717m 710m S 40.6  2.2   2:03.48 postmaster
 3842 nobody20   0  118m  23m 3920 S 12.0  0.1  46:24.68 pref.pl
 9178 postgres  20   0 4375m 518m 514m S 11.3  1.6  53:50.63 postmaster
12380 postgres  20   0 4377m 668m 660m S 11.3  2.1   2:33.26 postmaster
12243 postgres  20   0 4377m 668m 662m S  9.3  2.1   2:20.49 postmaster
12438 postgres  20   0 4374m 502m 498m S  6.3  1.6   1:03.34 postmaster
12249 postgres  20   0 4384m 852m 839m S  3.0  2.7   3:59.11 postmaster
12241 postgres  20   0 4378m 632m 625m S  1.7  2.0   2:48.62 postmaster
12156 apache20   0  366m  27m  17m S  1.0  0.1   0:05.12 httpd
   36 root  20   0 000 S  0.3  0.0   0:01.32 events/1
  100 root  39  19 000 S  0.3  0.0   0:06.04 khugepaged
 9217 postgres  20   0 21976 1036  516 S  0.3  0.0   1:01.07 pgbouncer
12010 apache20   0  376m  37m  17m S  0.3  0.1   0:07.58 httpd
12280 apache20   0  370m  30m  16m S  0.3  0.1   0:03.17 httpd
12362 apache20   0  365m  15m 6816 R  0.3  0.0   0:01.90 httpd
12457 apache20   0  360m 9.8m 3456 S  0.3  0.0   0:00.14 httpd
1 root  20   0 19352 1584 1284 S  0.0  0.0   0:01.03 init
2 root  20   0 000 S  0.0  0.0   0:00.00 kthreadd


# vmstat 10
procs ---memory-- ---swap-- -io --system-- -cpu-
 r  b   swpd   free   buff  cache   si   sobibo   in   cs us sy id wa st
 6  2  0 27323416 196988 385253600 3   165   159
14  0 84  2  0
 1  0  0 27422148 197012 381486000 0  5284 4784 2104
46  1 51  2  0
 1  0  0 27454748 197020 382665600 4  1734 2021 1200
16  0 83  1  0
 0  2  0 27514008 197028 381346400 0   702 1475 1208
8  0 90  2  0
 0  0  0 27465612 197040 381396800 0  1435 1764 1725
10  0 85  5  0
 1  0  0 27459260 197060 381424800 0  2032 2667 1304
22  0 76  1  0
 1  0  0 27440076 197064 382706400 0  1604 3146 2109
27  0 72  1  0
 1  0  0 27466796 197068 381486800 2  1241 2014 1637
13  0 83  3  0
 4  0  0 27380104 197072 384825600 0  1064 2375  894
20  0 79  1  0
 1  0  0 27488168 197096 381529600 0  2075 2697 2220
23  0 75  1  0
 1  0  0 27462168 197116 382138000 0   871 1750  943
13  0 86  1  0
 4  0  0 27432100 197128 382232000 0  3980 4767 2340
46  1 53  1  0
 0  0  0 27493716 197132 381584400 0  1871 3209 2078
27  0 72  1  0
 3  0  0 27424284 197132 382703600 0  1452 2551 1487
18  0 78  3  0
 3  0  0 27435428 197160 382411600 0  2066 3430 2082
29  0 70  1  0
 2  0  0 27452004 197172 381744000 0  1356 2722 1895
23  0 76  1  0
 2  0  0 27436668 197176 382664800 0  1633 3629 2162
30  0 69  1  0
 1  0  0 27439924 197204 382312400 0  1502 1786 1293
14  0 86  0  0
 0  0  0 27466696 197212 381678000 0  1200 1701 1164
13  0 86  0  0
 3  0  0 27432204 197212 381834400 0  2587 2098 2154
16  0 83  1  0
 2  0  0 27421088 197224 382722400 0  1229 2635 1421
21  0 75  3  0
 3  0  0 27319136 197232 38320880013  2965 4220 1951
40  0 59  1  0
procs ---memory-- ---swap-- -io --system-- -cpu-

What I've already done:

/var/lib/pgsql/data/postgresql.conf (local connections only)

max_connections = 10
shared_buffers = 4096MB
work_mem = 16M

/etc/php.ini
memory_limit = 300M
[PostgresSQL]
pgsql.allow_persistent = Off# because I use pgbouncer

/etc/pgbouncer.ini (local connections only too)
max_client_conn = 600
default_pool_size = 80

/etc/httpd/conf/httpd.conf (didn't modify yet):
IfModule prefork.c
StartServers  10
MinSpareServers8
MaxSpareServers   30
ServerLimit  512
MaxClients   512
MaxRequestsPerChild  4000
/IfModule

Any suggestions please?

I was actually hoping that Linux would use the additional
memory for caching disks, but this doesn't seem to happen?

Thank you
Alex

P.S. Below my dmesg output -

#

Re: [CentOS] Doubled up RAM to 32 GB - now how to speed up a LAPP server?

2012-09-29 Thread Alexander Farber 
Sorry a typo, I have

max_connections = 100

in postgresql.conf (I was advised not to change that number).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to rotate PHP error log - since it belongs to apache

2012-06-05 Thread Alexander Farber 
Hello,

I'm using CentOS 6.2 with the stock rpm
php-5.3.3-3.el6_2.8.x86_64
and the following /etc/php.ini file:

  error_reporting = E_ALL  ~E_DEPRECATED
  display_errors = Off
  error_log = /var/log/php/php_errors.log

and that file is very useful for me because I have many custom
PHP-scripts at my site, but that file keeps growing too... :-)

So my question is for how to rotate it (esp. since it should
be owned by apache user) - what do you guys use?

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to rotate PHP error log - since it belongs to apache

2012-06-05 Thread Alexander Farber 
Hello Luigi and others,

On Tue, Jun 5, 2012 at 4:04 PM, Luigi Rosa li...@luigirosa.com wrote:
 Alexander Farber said the following on 05/06/12 15:57:

 So my question is for how to rotate it (esp. since it should be owned by
 apache user) - what do you guys use?

 the standard logrotate config /etc/logrotate.d/httpd or a modified copy of it

 since the rotation moves the old log and then reloads Apache, you don't have
 to worry about the ownership issue

yes, I'm aware of that file and have modified
the docs path in it because I have several vhosts too...

Here is my current /etc/logrotate.d/httpd file:

/var/log/httpd/my_vhost_1/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload  /dev/null 2/dev/null || true
endscript
}

But my problem is I don't know how to do it best -
i.e. where to put the PHP log file
/var/log/php/php_errors.log
in the directives above and also how to rotate
the logs for all vhosts I have (I currently rotate just
for one - the my_vhost_1 as you can see above)

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to rotate PHP error log - since it belongs to apache

2012-06-05 Thread Alexander Farber 
And also the files I rotate by the
 /etc/logrotate.d/httpd
belong to root and not Apache

# ls -al /var/log/httpd/my_vhost_1/
-rw-r--r--. 1 root root 144298773 Jun  5 16:17 access_log
-rw-r--r--. 1 root root 391503903 May 13 03:18 access_log-20120513
-rw-r--r--. 1 root root 369049605 May 20 03:35 access_log-20120520
-rw-r--r--. 1 root root 373837973 May 27 03:18 access_log-20120527
-rw-r--r--. 1 root root 381816772 Jun  3 03:32 access_log-20120603
-rw-r--r--. 1 root root  2854 Jun  5 14:01 error_log
-rw-r--r--. 1 root root  4255 May 13 00:40 error_log-20120513
-rw-r--r--. 1 root root  5580 May 19 20:17 error_log-20120520
-rw-r--r--. 1 root root  6634 May 27 00:17 error_log-20120527
-rw-r--r--. 1 root root  6014 Jun  3 02:46 error_log-20120603
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6.2: suspending vim with ctrl-z and resuming with fg - stopped working

2012-05-26 Thread Alexander Farber 
Hello,

pardon my chaotic question, but does anybody have an idea,
why can't I suspend vim-enhanced-7.2.411-1.6.el6.x86_64
with a CTRL-Z, then execute few commands at my bash prompt
and then get back to the vim session again with fg?

It has stopped working at my CentOS 6.2 machine (I haven't
noticed exactly when) but works fine with CentOS 5.x.

I'm using PuTTY to login to both. The error message I get is:

afarber@www:~ fg
sudo vim test.pl
~
[1]+  Stopped sudo vim test.pl

(and nothing comes up)

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Block outgoing connections for certaing uids (root, apache, nobody)

2012-04-04 Thread Alexander Farber 
Good morning

With iptables in CentOS 5 and 6 Linux - how can you please
prevent processes running as root, apache or nobody
from initiating outgoing connections?

On CentOS 5 Linux I've tried putting these lines into /etc/sysconfig/iptables:

-A OUTPUT -m owner --uid-owner root -j DROP
-A OUTPUT -m owner --uid-owner apache -j DROP
-A OUTPUT -m owner --uid-owner nobody -j DROP

but unfortunately get the error:

# sudo service iptables restart
iptables: Flushing firewall rules: [  OK  ]
iptables: Setting chains to policy ACCEPT: filter  [  OK  ]
iptables: Unloading modules:   [  OK  ]
iptables: Applying firewall rules: iptables-restore v1.4.7: owner: Bad
value for --uid-owner option: apache
Error occurred at line: 27
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
   [FAILED]

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Block outgoing connections for certaing uids (root, apache, nobody)

2012-04-04 Thread Alexander Farber 
Yep, I've locked out myself out of the dedicated server today.

The numeric uids work, thank you.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] sshd: listen on ip1:port1 and ip2:port2

2012-01-24 Thread Alexander Farber 
Hello,

with CentOS 6.2 - is it possible to configure OpenSSH
daemon to listen on different IPs _and_ ports?

I have received a 2nd IP address for my server
and have successfully configured by adding the new
/etc/sysconfig/network-scripts/ifcfg-eth0:1 file.

I'd like SSHd to keep listening at the_old_ip:22
but also at the_new_ip:443.

The 443 on the_old_ip is already taken by Apache,
so I can't just write Port 22 + Port 443 to sshd_config.

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sshd: listen on ip1:port1 and ip2:port2

2012-01-24 Thread Alexander Farber 
Thank you!  And sorry for not re-reading the man sshd_config!

I guess, I was too stressed by having to configure my 2nd IP address :-)

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Setting From address for cronjob mails (because Gmail rejects)

2012-01-20 Thread Alexander Farber 
Hello,

I have two identical CentOS 6.2 machines with
stock Postfix package and unchanged config:

# rpm -qa|grep post
postfix-2.6.6-2.2.el6_1.x86_64

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

On both machines I have appended

 afarber: alexander.far...@gmail.com
 root:   alexander.far...@gmail.com

to the /etc/aliases and run newaliases.

Both machines have several cronjobs and logwatch.

One machine is a database server,
I receive its cronjob mails just fine.

The other machine (preferans.de) is running Drupal 7.
I've configured it's MX records to point to Google Apps,
so that I can receive mails addressed to that domain
and this works well.

Also I've set Drupal's From address to
webmaster@prеferans.de  and so sending mails
by Drupal (for its user registration) works too.

But sending mails to my Gmail address by cronjobs
doesn't work. I suspect this happens, because
Google is too clever and it thinks
that mails coming from preferans.de
shouldn't have the From header set to
afar...@static.169.40.9.176.clients.your-server.de

Jan 20 09:34:10 static sendmail[10577]: q0K8Y7mj010577: from=afarber,
size=201, class=0, nrcpts=1,
msgid=201201200834.q0k8y7mj010...@static.169.40.9.176.clients.your-server.de,
relay=afarber@localhost
Jan 20 09:34:10 static postfix/smtpd[10578]: connect from
localhost.localdomain[127.0.0.1]
Jan 20 09:34:10 static postfix/smtpd[10578]: 9B84B31EA0A1:
client=localhost.localdomain[127.0.0.1]
Jan 20 09:34:10 static postfix/cleanup[10581]: 9B84B31EA0A1:
message-id=201201200834.q0k8y7mj010...@static.169.40.9.176.clients.your-server.de
Jan 20 09:34:10 static sendmail[10577]: q0K8Y7mj010577: to=afarber,
ctladdr=afarber (500/500), delay=00:00:03, xdelay=00:00:00,
mailer=relay, pri=30201, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0,
stat=Sent (Ok: queued as 9B84B31EA0A1)
Jan 20 09:34:10 static postfix/qmgr[10025]: 9B84B31EA0A1:
from=afar...@static.169.40.9.176.clients.your-server.de, size=823,
nrcpt=1 (queue active)
Jan 20 09:34:10 static postfix/smtp[10582]: connect to
static.169.40.9.176.clients.your-server.de[176.9.40.169]:25:
Connection refused
Jan 20 09:34:10 static postfix/smtp[10582]: 9B84B31EA0A1:
to=afar...@static.169.40.9.176.clients.your-server.de, relay=none,
delay=0.14, delays=0.12/0.01/0.01/0, dsn=4.4.1, status=deferred
(connect to static.169.40.9.176.clients.your-server.de[176.9.40.169]:25:
Connection refused)

So does anybody please have an
advice on how to fix my cronjob mails?

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Setting From address for cronjob mails (because Gmail rejects)

2012-01-20 Thread Alexander Farber 
Hello,

thank you for your reply.

I'd like to provide 2 quick additional details before trying your suggestions:

1) If I add a from address at the command line, then mail is delivered ok:

  $ mail Alеxander.far...@gmail.com -r wеbmaster@prеferans.de

   But if I just run

  $ mail Аlеxander.far...@gmail.com

  then it is rejected by Gmail.

  So I could append | mail -r wеbmas...@preferans.de
  to all my cronjobs, but I'm looking for better solution

2) My ISP (hetzner.de) doesn't provide mail relaying at all.

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Setting From address for cronjob mails (because Gmail rejects)

2012-01-20 Thread Alexander Farber 
Hello, thank you for all the replies.

I've solved my current problem by going back to sendmail
(which I'm better used than to postfix)
and adding this line to the stock CentOS sendmail.mc:

MASQUERADE_AS(`preferans.de')dnl

Yes, I use Google Apps for incoming mail
and that is why I have their MX servers.

I also been using GMail and SMTP AUTH before -
but I've removed that now, because I couldn't
set the From or Reply-To header with that solution -
Google was always rewriting it and thus it was bad
for my Drupal site (users can't send mails to other users).

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] max user processes - is /etc/security/limits.conf the best place to change?

2011-12-14 Thread Alexander Farber 
Hello centos-users,

in CentOS 6.1 is /etc/security/limits.conf
the best place to change the number of
max user processes for a daemon process?

(I'm asking because the .../security/... part
of the path sounds a bit strange)

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] PCIe errors handled by OS

2011-10-26 Thread Alexander Farber 
Does anybody please have any experience with
the following CentOS 6 warnings in logwatch?

WARNING:  Kernel Errors Present
   ACPI Error (psargs-0359): [ ...:  1 Time(s)
   pci :00:01.0: PCIe errors handled by OS. ...:  1 Time(s)
   pci :00:1c.0: PCIe errors handled by OS. ...:  1 Time(s)
   pci :00:1c.5: PCIe errors handled by OS. ...:  1 Time(s)
   pci :00:1c.6: PCIe errors handled by OS. ...:  1 Time(s)
   pci :00:1c.7: PCIe errors handled by OS. ...:  1 Time(s)

The /var/log/mcelog is empty.

The dmesg output is below:

Initializing cgroup subsys cpuset
Initializing cgroup subsys cpu
Linux version 2.6.32-131.17.1.el6.x86_64
(mockbu...@c6b5.bsys.dev.centos.org) (gcc version 4.4.5 20110214 (Red
Hat 4.4.5-6) (GCC) ) #1 SMP Thu Oct 6 19:24:09 BST 2011
Command line: ro root=/dev/md2 crashkernel=auto
SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=de
KERNEL supported cpus:
  Intel GenuineIntel
  AMD AuthenticAMD
  Centaur CentaurHauls
BIOS-provided physical RAM map:
 BIOS-e820:  - 0009d800 (usable)
 BIOS-e820: 0009d800 - 000a (reserved)
 BIOS-e820: 000e - 0010 (reserved)
 BIOS-e820: 0010 - 2000 (usable)
 BIOS-e820: 2000 - 2020 (reserved)
 BIOS-e820: 2020 - 4000 (usable)
 BIOS-e820: 4000 - 4020 (reserved)
 BIOS-e820: 4020 - bac15000 (usable)
 BIOS-e820: bac15000 - bac71000 (ACPI NVS)
 BIOS-e820: bac71000 - bada4000 (reserved)
 BIOS-e820: bada4000 - badb5000 (ACPI NVS)
 BIOS-e820: badb5000 - badcc000 (reserved)
 BIOS-e820: badcc000 - badce000 (usable)
 BIOS-e820: badce000 - badd6000 (reserved)
 BIOS-e820: badd6000 - bade (ACPI NVS)
 BIOS-e820: bade - bae3a000 (reserved)
 BIOS-e820: bae3a000 - bae7d000 (ACPI NVS)
 BIOS-e820: bae7d000 - bb00 (usable)
 BIOS-e820: bb80 - bfa0 (reserved)
 BIOS-e820: fed1c000 - fed2 (reserved)
 BIOS-e820: ff00 - 0001 (reserved)
 BIOS-e820: 0001 - 00043fe0 (usable)
DMI 2.6 present.
SMBIOS version 2.6 @ 0xF0450
AMI BIOS detected: BIOS may corrupt low RAM, working around it.
e820 update range:  - 0001 (usable) == (reserved)
e820 update range:  - 1000 (usable) == (reserved)
e820 remove range: 000a - 0010 (usable)
last_pfn = 0x43fe00 max_arch_pfn = 0x4
MTRR default type: uncachable
MTRR fixed ranges enabled:
  0-9 write-back
  A-B uncachable
  C-C write-protect
  D-E7FFF uncachable
  E8000-F write-protect
MTRR variable ranges enabled:
  0 base 0 mask C write-back
  1 base 4 mask FC000 write-back
  2 base 0BB80 mask FFF80 uncachable
  3 base 0BC00 mask FFC00 uncachable
  4 base 0C000 mask FC000 uncachable
  5 base 43FE0 mask FFFE0 uncachable
  6 disabled
  7 disabled
  8 disabled
  9 disabled
x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
original variable MTRRs
reg 0, base: 0GB, range: 16GB, type WB
reg 1, base: 16GB, range: 1GB, type WB
reg 2, base: 3000MB, range: 8MB, type UC
reg 3, base: 3008MB, range: 64MB, type UC
reg 4, base: 3GB, range: 1GB, type UC
reg 5, base: 17406MB, range: 2MB, type UC
total RAM covered: 16310M
Found optimal setting for mtrr clean up
 gran_size: 64K chunk_size: 128Mnum_reg: 8  lose
cover RAM: 0G
New variable MTRRs
reg 0, base: 0GB, range: 2GB, type WB
reg 1, base: 2GB, range: 1GB, type WB
reg 2, base: 3000MB, range: 8MB, type UC
reg 3, base: 3008MB, range: 64MB, type UC
reg 4, base: 4GB, range: 4GB, type WB
reg 5, base: 8GB, range: 8GB, type WB
reg 6, base: 16GB, range: 1GB, type WB
reg 7, base: 17406MB, range: 2MB, type UC
e820 update range: bb80 - 0001 (usable) == (reserved)
last_pfn = 0xbb000 max_arch_pfn = 0x4
initial memory mapped : 0 - 2000
init_memory_mapping: -bb00
 00 - 00bb00 page 2M
kernel direct mapping tables up to bb00 @ 1-14000
init_memory_mapping: 0001-00043fe0
 01 - 043fe0 page 2M
kernel direct mapping tables up to 43fe0 @ 12000-24000
RAMDISK: 1f39c000 - 1ffef811
ACPI: RSDP 000f0420 00024 (v02 ALASKA)
ACPI: XSDT bac63068 0004C (v01 ALASKAA M I 01072009 AMI  00010013)
ACPI: FACP bac6cfa0 000F4 (v04 ALASKAA M I 01072009 AMI  00010013)
ACPI: DSDT bac63140 09E5F (v02 ALASKAA M I  INTL 20051117)
ACPI: FACS badd7f80 00040
ACPI: APIC bac6d098 00092 (v03 ALASKAA M I 01072009 AMI  00010013)
ACPI: SSDT bac6d130 001D6 (v01 AMICPU PROC 0001 MSFT 0301)
ACPI: MCFG

[CentOS] PAM unable to dlopen(/lib64/security/pam_fprintd.so)

2011-10-14 Thread Alexander Farber 
Hello

the logwatch from my CentOS 6 / 64 bit machine (minimal install,
with permissive SELinux) keeps reporting me:

 **Unmatched Entries**
   PAM adding faulty module: /lib64/security/pam_fprintd.so: 9 Time(s)
   PAM unable to dlopen(/lib64/security/pam_fprintd.so):
/lib64/security/pam_fprintd.so: cannot open shared object file: No
such file or directory: 9 Time(s)

I've found this bug report -
https://bugzilla.redhat.com/show_bug.cgi?id=656434

But I'm not sure what's the best workaround for me -
if I'm just running an Apache (Drupal) + PostgreSQL website?
Should I install fprintd-pam (got that from yum whatprovides)

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] WARNING: Deprecated config file /etc/modprobe.conf

2011-10-09 Thread Alexander Farber 
Hello,

I've changed the web hoster recently
and also upgraded from CentOS 5 to6.

Now I get this warning:

# service iptables restart
iptables: Flushing firewall rules: [  OK  ]
iptables: Setting chains to policy ACCEPT: filter  [  OK  ]
iptables: Unloading modules:   [  OK  ]
iptables: Applying firewall rules: WARNING: Deprecated config file
/etc/modprobe.conf, all config files belong into /etc/modprobe.d/.

# cat /etc/modprobe.conf

### Hetzner Online AG - installimage
# load all modules

# networking
alias eth0  r8169

# hdds
alias scsi_hostadapter sata_via
alias scsi_hostadapter1 sata_sil
alias scsi_hostadapter2 sata_nv
alias scsi_hostadapter3 sd_mod
alias scsi_hostadapter4 ahci
alias scsi_hostadapter5 raid0
alias scsi_hostadapter6 raid1
alias scsi_hostadapter7 raid5
alias scsi_hostadapter8 raid6
alias scsi_hostadapter9 raid10
alias scsi_hostadapter10 3w-
alias scsi_hostadapter11 3w-9xxx
alias scsi_hostadapter12 aacraid

I wonder if it is safe to

# mv /etc/modprobe.conf /etc/modprobe.d/

Where there are already some files:

#  ll /etc/modprobe.d/
-rw-r--r--.  1 root root   52 Jul 11 10:53 anaconda.conf
-rw-r--r--.  1 root root  884 Jul 20 12:46 blacklist.conf
-rw-r--r--.  1 root root  382 Nov 12  2010 dist-alsa.conf
-rw-r--r--.  1 root root 5596 Nov 12  2010 dist.conf
-rw-r--r--.  1 root root  473 Nov 12  2010 dist-oss.conf

I'd hate to lock out myself, as I don't have
a remote console attached to my server.

(I'd have to book it and to wait)

Any opinions please?
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Migrating CentOS 5 - 6: where to put /etc/inittab respawn scripts?

2011-10-05 Thread Alexander Farber 
Hello,

unfortunately /etc/init.d doesn't seem to suit me:

I want my (sockets) script to be restarted when crashed or killed

(I kill it every night to solve memory issues with perl interpreter)

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

2011-10-05 Thread Alexander Farber 
Thanks Craig for your comments.

I've got my sendmail on CentOS 6 working with:

# yum erase postfix
# yum install sendmail sendmail-cf

# mkdir /etc/mail/auth
# chmod 700 /etc/mail/auth
# mkdir /etc/mail/certs
# chmod 700 /etc/mail/certs

Create the file /etc/mail/auth/client-info:

AuthInfo:smtp.gmail.com U:smmsp I:Alexander.Farber P:XXX M:PLAIN
AuthInfo:smtp.gmail.com:587 U:smmsp I:Alexander.Farber P:XXX M:PLAIN

# cd /etc/mail/auth
# makemap -r hash client-info.db  client-info

# cd /etc/mail/certs
# openssl dsaparam 1024 -out dsa1024.pem
# openssl req -x509 -nodes -days 3650 -newkey dsa:dsa1024.pem -out
/etc/mail/certs/mycert.pem -keyout /etc/mail/certs/mykey.pem
# ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem
# rm dsa1024.pem
# chmod 400 *.pem

Added to file /etc/mail/sendmail.mc:

define(`SMART_HOST', `smtp.gmail.com')dnl

define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/CAcert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')

Then make in /etc/mail and service sendmail restart

I understand your point that it is stupid of me (and probably
many other users) to ask same questions again and
again, without really understanding what's going on :-)

The file /etc/pki/tls/misc/CA.pl on CentOS is cubersome
to understand though. I tried creating ./CA.pl -newca etc.
but then I wanted to start over because of an invalid
input made by myself and I didn't even know how.

I know CA.pl keeps a text file somewhere where it
stores increasing integer numbers... but couldn't find it

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

2011-10-05 Thread Alexander Farber 
Also needed for Gmail in sendmail.mc:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl

FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Howto use Gmail with sendmail on CentOS 6

2011-10-05 Thread Alexander Farber 
Hello,

I hope nobody minds, if I post a short summary here for archives -

How to forward mails via Gmail account from CentOS 6

(I use sendmail, because haven't figured out how to setup Postfix yet):

# yum erase postfix
# yum install sendmail sendmail-cf cyrus-sasl-plain cyrus-sasl-md5

# mkdir /etc/mail/auth
# chmod 700 /etc/mail/auth

Create the file /etc/mail/auth/client-info:

AuthInfo:smtp.gmail.com U:smmsp I:your_gmail_address
P:your_password M:PLAIN
AuthInfo:smtp.gmail.com:587 U:smmsp I:your_gmail_address
P:your_password M:PLAIN

# cd /etc/mail/auth
# makemap -r hash client-info.db  client-info
# chmod 600 client-info client-info.db

Then edit /etc/mail/sendmail.mc (most lines are there already
and just need to be uncommented and edited a bit):

define(`SMART_HOST', `smtp.gmail.com')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl

FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl

Then create certificates (I've used DE, NRW, Bochum,
my hostname, my gmail address there as input):

# cd /etc/pki/tls/certs
# make sendmail.pem

Append the following line to /etc/aliases:

root: your_gmail_address

and run newaliases. If you need, also append
apache to /etc/mail/trusted-users. Finally:

# cd /etc/mail
# make  (this will generate new sendmail.cf)
# service sendmail restart

and check the /var/log/maillog for error messages
while sending test mail messages from command line.

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Migrating CentOS 5 - 6: where to put /etc/inittab respawn scripts?

2011-10-05 Thread Alexander Farber 
Hello again,

I still have 1 minor problem -

I've created a new file /etc/init/pref.conf:

start on stopped rc RUNLEVEL=3
stop on starting rc RUNLEVEL=[!3]
console output
respawn
chdir /tmp
exec /bin/su -c '/usr/local/pref/pref.pl /tmp/pref-`date +%a`.txt 21' afarber

And started my script (a TCP-sockets daemon for a game) with

# sudo initctl start pref
pref start/running, process 2590

I can also see it running with ps uawx, netstat -an and

# sudo initctl status pref

But I can not restart it with:

# sudo initctl restart pref
initctl: Unknown instance:

# sudo initctl stop pref
initctl: Unknown instance:

Why so? I was hoping to use the last command in a nightly
cronjob (I have to restart my script because of perl memory problems)

And also when I run

# sudo initctl start pref

several times, then I get

# sudo initctl status pref
  pref
stop/waiting

- even though the process seems to run ok.

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Migrating CentOS 5 - 6: where to put /etc/inittab respawn scripts?

2011-10-05 Thread Alexander Farber 
Hello Michael and others -

On Wed, Oct 5, 2011 at 5:42 PM, Michael Gliwinski
michael.gliwin...@henderson-group.com wrote:
 On Wednesday 05 Oct 2011 15:03:43 Alexander Farber wrote:

 start on stopped rc RUNLEVEL=3
 stop on starting rc RUNLEVEL=[!3]
 console output
 respawn
 chdir /tmp
 exec /bin/su -c '/usr/local/pref/pref.pl /tmp/pref-`date +%a`.txt 21'
 afarber

 # sudo initctl stop pref
 initctl: Unknown instance:

 Does your pref.pl fork or daemonize itself?  You may need to add 'expect fork'
 or 'expect daemon' to your pref.conf.  Is the PID you get from `status pref'
 the same as you see in ps output?

No, it doesn't daemoniz or fork anything and
prints stuff to stdout and stderr only -
because I was running it with /etc/inittab
on the CentOS 5.7 (and thus shouldn't daemonize).

The pid doesn't match or I can't get it:

(I've omitted sudo  below, I use CLI as afarber):

# initctl status pref
pref start/running, process 1507
# initctl restart pref
pref start/running, process 2083
# initctl restart pref
initctl: Unknown instance:
# initctl restart pref
initctl: Unknown instance:

# ps uwx
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
afarber   1532  0.0  0.0 108788 15084 ?S16:05   0:00
/usr/bin/perl -w /usr/local/pref/pref.pl

#  netstat -an | grep -w 8080
tcp0  0 0.0.0.0:80800.0.0.0:*
 LISTEN

# initctl status pref
pref stop/waiting

Any ideas please?

I've also added more details at
http://serverfault.com/questions/318742/etc-inittab-respawn-script-migrating-from-rhel-centos-5-x-to-6-x

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Migrating CentOS 5 - 6: where to put /etc/inittab respawn scripts?

2011-10-05 Thread Alexander Farber 
My script has 2 pecularities:

1) When it gets SIGTERM or SIGINT, it writes some data into PostgreSQL
and this takes 10-15 seconds

2) When it is started numerous times,
then the subsequent runs
will fail immediately, because only the 1st instance
will be able to listen at the TCP-port 8080

And in /var/log/messages I see:

...
17:44:25 static init: pref main process ended, respawning
17:44:26 static init: pref main process (2128) terminated with status 98
17:44:26 static init: pref main process ended, respawning
17:44:26 static init: pref main process (2133) terminated with status 98
17:44:26 static init: pref respawning too fast, stopped

is that all maybe the reason and is there something I could do?
(maybe somehow delay the subsequent spawns?)

Regards
Alex

On Wed, Oct 5, 2011 at 5:51 PM, Alexander Farber
alexander.far...@gmail.com wrote:
 http://serverfault.com/questions/318742/etc-inittab-respawn-script-migrating-from-rhel-centos-5-x-to-6-x

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Migrating CentOS 5 - 6: where to put /etc/inittab respawn scripts?

2011-10-05 Thread Alexander Farber 
Good idea, thank you!

On Wed, Oct 5, 2011 at 7:22 PM, Les Mikesell lesmikes...@gmail.com wrote:
 Can you make it sleep a bit and retry the socket open a few times if
 it fails due to the previous process not releasing the port yet?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6: hostname and timezone

2011-10-04 Thread Alexander Farber 
Hello,

I've purchased a new dedicated CentOS 6.0 / 64 bit server
and have 2 minor problems please:

1) The hostname is reported as CentOS-60-64-minimal at CLI -
 eventhough I've edited /etc/hosts and changed the 2nd line:

127.0.0.1 localhost
176.9.123.123  preferans

2) Why is /etc/localtime a regular file? Should I maybe

rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

   Why isn't it done by the CentOS 6.0 install?

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: hostname and timezone

2011-10-04 Thread Alexander Farber 
Thank you all,

On Tue, Oct 4, 2011 at 4:26 PM, lists-centos
replies-lists-b3z2-cen...@listmail.innovate.net wrote:
  2 - you can do the symbolic link, but i believe that RH moved
     away from that approach for some reason. the appropriate
     TZ file is copied to /etc/localtime when the TZ is selected
     on install or changed.

is there maybe a command for setting TZ in a CentOS way?

I've looked for redhat-* centos-* system-* in /sbin and /usr/sbin

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: hostname and timezone

2011-10-04 Thread Alexander Farber 
And also, which /etc/localtime do I have now?

Is there a way to find out besides running diff?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: hostname and timezone

2011-10-04 Thread Alexander Farber 
Actually I already seem to have the correct timezone file,
but why is the time wrong?


afarber@CentOS-60-64-minimal:~ sudo diff
/usr/share/zoneinfo/Europe/Berlin /etc/localtime

afarber@CentOS-60-64-minimal:~ date
Wed Oct  5 00:35:39 CEST 2011

Should I:

   chkconfig ntp on
   service ntp start

Or is the reasone elsewhere?

Sorry for the basic questions, I'm new to CentOS 6

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6: Increase shared memory limits permanently

2011-10-04 Thread Alexander Farber 
Hello again,

on CentOS 6 / 64 bit what is please the best way
to permanently increase the shared memory?

I'd like to give shared_buffers = 4096MB
to PostgreSQL 8.4 on my machine with
16 GB RAM, but I currently only have:

   # sysctl -A|grep shm
   kernel.shmmax = 33554432
   kernel.shmall = 2097152
   kernel.shmmni = 4096

and this produces the error in
 /var/lib/pgsql/pgstartup.log:

FATAL:  could not create shared memory segment: Invalid argument
DETAIL:  Failed system call was shmget(key=5432001, size=4399202304, 03600).
HINT:  This error usually means that PostgreSQL's request for a shared
memory segment exceeded your kernel's SHMMAX parameter.  You can
either reduce the request size or reconfigure the kernel with larger
SHMMAX.  To reduce the request size (currently 4399202304 bytes),
reduce PostgreSQL's shared_buffers parameter (currently 524288) and/or
its max_connections parameter (currently 103).
If the request size is already small, it's possible that it is
less than your kernel's SHMMIN parameter, in which case raising the
request size or reconfiguring SHMMIN is called for.
The PostgreSQL documentation contains more information about
shared memory configuration.

And I wonder if I should set shmmax
or shmall and also if these 2 limits
are total for all machine processes
or per process? (i.e. should I allow
a bit more for processes besides PostgreSQL)?

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: hostname and timezone

2011-10-04 Thread Alexander Farber 
Actually it is working now, thank you all!

[root@preferans afarber]# cat /etc/sysconfig/clock
ZONE=Europe/Berlin
[root@preferans afarber]# /etc/init.d/ntpd status
ntpd (pid  1365) is running...
[root@preferans afarber]# /sbin/hwclock
Tue 04 Oct 2011 07:10:06 PM CEST  -0.797338 seconds
[root@preferans afarber]# date
Tue Oct  4 19:10:09 CEST 2011
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: Increase shared memory limits permanently

2011-10-04 Thread Alexander Farber 
Thanks, I've put (for my 16GB RAM / 64 bit machine)
into /etc/sysctl.conf: kernel.shmmax = 50

And into postgresql.conf: shared_buffers = 4096MB

I didn't change shmall from the default -

# sysctl -A|grep shm
kernel.shmmax = 50
kernel.shmall = 2097152
kernel.shmmni = 4096

because

# getconf PAGE_SIZE
4096

and 2097152 * 4096  50, correct?

Now PostgreSQL 8.4.x seems to run ok

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

2011-10-04 Thread Alexander Farber 
I'm trying to configure mail forwarding through Gmail
on CentOS 6 with postfix, following the blog
http://carlton.oriley.net/blog/?p=31
and I think the blog has missed the step:

# postmap /etc/postfix/sasl_passwd

 - as I've seen in the /var/log/maillog:

postfix/smtp[1926]: fatal: open database /etc/postfix/sasl_passwd.db:
No such file or directory
postfix/master[1831]: warning: process /usr/libexec/postfix/smtp pid
1926 exit status 1
postfix/master[1831]: warning: /usr/libexec/postfix/smtp: bad command
startup -- throttling

But when I try to run postmap, I get

postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

even though the postfix service is stopped,
the SELinux is permissive and the file is writable:

[root@preferans postfix]# ll
-rw-r--r--. 1 rootroot  20K Jun 25 14:50 access
-rw-r--r--. 1 rootroot  12K Jun 25 14:50 canonical
-rw-r--r--. 1 rootroot 9.7K Jun 25 14:50 generic
-rw-r--r--. 1 rootroot  18K Jun 25 14:50 header_checks
-rw-r--r--. 1 rootroot  27K Oct  4 20:24 main.cf
-rw-r--r--. 1 rootroot  27K Oct  4 20:23 main.cf.OLD
-rw-r--r--. 1 rootroot 5.0K Jun 25 14:50 master.cf
-rw-r--r--. 1 rootroot 6.7K Jun 25 14:50 relocated
-rw-r--r--. 1 postfix root  113 Oct  4 20:25 sasl_passwd
-rw-r--r--. 1 rootroot  13K Jun 25 14:50 transport
-rw-r--r--. 1 rootroot  13K Jun 25 14:50 virtual

Has anybody fought this problem already?

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

2011-10-04 Thread Alexander Farber 
Nevermind - solved that by

# sudo chown root.root sasl_passwd

(sorry, too tired in the evening)

On Tue, Oct 4, 2011 at 9:04 PM, Alexander Farber
alexander.far...@gmail.com wrote:
 I'm trying to configure mail forwarding through Gmail
 on CentOS 6 with postfix, following the blog
 http://carlton.oriley.net/blog/?p=31
 and I think the blog has missed the step:

 # postmap /etc/postfix/sasl_passwd

  - as I've seen in the /var/log/maillog:

 postfix/smtp[1926]: fatal: open database /etc/postfix/sasl_passwd.db:
 No such file or directory
 postfix/master[1831]: warning: process /usr/libexec/postfix/smtp pid
 1926 exit status 1
 postfix/master[1831]: warning: /usr/libexec/postfix/smtp: bad command
 startup -- throttling

 But when I try to run postmap, I get

 postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

 even though the postfix service is stopped,
 the SELinux is permissive and the file is writable:

 [root@preferans postfix]# ll
 -rw-r--r--. 1 root    root  20K Jun 25 14:50 access
 -rw-r--r--. 1 root    root  12K Jun 25 14:50 canonical
 -rw-r--r--. 1 root    root 9.7K Jun 25 14:50 generic
 -rw-r--r--. 1 root    root  18K Jun 25 14:50 header_checks
 -rw-r--r--. 1 root    root  27K Oct  4 20:24 main.cf
 -rw-r--r--. 1 root    root  27K Oct  4 20:23 main.cf.OLD
 -rw-r--r--. 1 root    root 5.0K Jun 25 14:50 master.cf
 -rw-r--r--. 1 root    root 6.7K Jun 25 14:50 relocated
 -rw-r--r--. 1 postfix root  113 Oct  4 20:25 sasl_passwd
 -rw-r--r--. 1 root    root  13K Jun 25 14:50 transport
 -rw-r--r--. 1 root    root  13K Jun 25 14:50 virtual

 Has anybody fought this problem already?

 Thank you
 Alex

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

2011-10-04 Thread Alexander Farber 
Thank you, the ls -laF tip is good

And now I unfortunately get:

postfix/postfix-script[2054]: starting the Postfix mail system
postfix/master[2056]: daemon started -- version 2.6.6, configuration
/etc/postfix
postfix/qmgr[2059]: F10CC31D62CC: from=root@preferans.localdomain,
size=609, nrcpt=1 (queue active)
postfix/smtp[2061]: warning: cannot get RSA certificate from file
/etc/pki/tls/gmail_relay/server.pem: disabling TLS support
postfix/smtp[2061]: warning: TLS library problem:
2061:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE:
postfix/smtp[2061]: warning: TLS library problem:
2061:error:140DC009:SSL
routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:729:
postfix/smtp[2061]: F10CC31D62CC: to=alexander.far...@gmail.com,
orig_to=root, relay=smtp.gmail.com[74.125.39.109]:587, delay=2963,
delays=2963/0.07/0.03/0.01, dsn=5.7.0, status=bounced (host
smtp.gmail.com[74.125.39.109] said: 530 5.7.0 Must issue a STARTTLS
command first. m26sm26530788fac.6 (in reply to MAIL FROM command))
postfix/cleanup[2064]: 2FE0C31D6686:
message-id=20111004191529.2FE0C31D6686@preferans.localdomain
postfix/bounce[2063]: F10CC31D62CC: sender non-delivery notification:
2FE0C31D6686
postfix/qmgr[2059]: 2FE0C31D6686: from=, size=2696, nrcpt=1 (queue active)
postfix/qmgr[2059]: F10CC31D62CC: removed
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

2011-10-04 Thread Alexander Farber 
Eventhough I have at the bottom of main.cf:

 GMail SSL SMTP Relay
relayhost = [smtp.gmail.com]:587
#auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/pki/tls/gmail_relay/server.key
smtp_tls_cert_file=/etc/pki/tls/gmail_relay/server.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no


On Tue, Oct 4, 2011 at 9:18 PM, Alexander Farber
alexander.far...@gmail.com wrote:
 postfix/smtp[2061]: F10CC31D62CC: to=alexander.far...@gmail.com,
 orig_to=root, relay=smtp.gmail.com[74.125.39.109]:587, delay=2963,
 delays=2963/0.07/0.03/0.01, dsn=5.7.0, status=bounced (host
 smtp.gmail.com[74.125.39.109] said: 530 5.7.0 Must issue a STARTTLS
 command first. m26sm26530788fac.6 (in reply to MAIL FROM command))
 postfix/cleanup[2064]: 2FE0C31D6686:
 message-id=20111004191529.2FE0C31D6686@preferans.localdomain
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied

2011-10-04 Thread Alexander Farber 
Hello,

On Tue, Oct 4, 2011 at 10:37 PM, Craig White craig.wh...@ttiltd.com wrote:
 postfix/smtp[2061]: warning: TLS library problem:
 2061:error:0906D06C:PEM routines:PEM_read_bio:no start
 line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE:
 postfix/smtp[2061]: warning: TLS library problem:
 2061:error:140DC009:SSL

 There's something wrong with this file as it is not a PEM encoded certificate 
 file as is expected.

 Easy enough to verify...

 openssl x509 -in $YOUR_CERTIFICATE.pem -noout -text

oops, sorry, after struggling I've just deleted
that file and installed sendmail. I'll try your suggestion
later though with my development VM.

Could the reason also be that I've started with
a minimalistic CentOS 6 installation and was
missing the cyrus-sasl-plain and cyrus-sasl-md5 packages?

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Migrating CentOS 5 - 6: where to put /etc/inittab respawn scripts?

2011-10-04 Thread Alexander Farber 
Hello,

sorry, for 1 more question on CentOS 5 - CentOS 6 migration.

On my old CentOS 5.7 machine I have the following line:

pref:3:respawn:/bin/su -c '/usr/local/pref/pref.pl /tmp/pref-`date
+%a`.txt 21' afarber

and this has served me well, I don't want to install
anything else like daemontools etc. - to keep my web-server
easily reinstallable (or movable to another hoster).

But now I have migrated to CentOS 6.0, added that line
and the init q, but nothing happens - as indeed promised
by the comments in the new /etc/inittab.

Where should I move my line, which docs to read?

The pref.pl is a poll()ing TCP-sockets daemon for a game

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Is reboot needed after updating kernel, glibc, database?

2011-06-28 Thread Alexander Farber 
Hello,

I always wanted to ask: do you need to reboot after
updating packages like kernel, glibc, postgresql?

Or do you need to restart the postgresql service
after updating it with yum?

Regards
Alex

# sudo yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Update Process
Resolving Dependencies
-- Running transaction check
--- Package glibc.i686 0:2.5-58.el5_6.4 set to be updated
--- Package glibc.x86_64 0:2.5-58.el5_6.4 set to be updated
--- Package glibc-common.x86_64 0:2.5-58.el5_6.4 set to be updated
--- Package glibc-devel.x86_64 0:2.5-58.el5_6.4 set to be updated
--- Package glibc-headers.x86_64 0:2.5-58.el5_6.4 set to be updated
--- Package krb5-libs.i386 0:1.6.1-55.el5_6.2 set to be updated
--- Package krb5-libs.x86_64 0:1.6.1-55.el5_6.2 set to be updated
--- Package krb5-workstation.x86_64 0:1.6.1-55.el5_6.2 set to be updated
--- Package nscd.x86_64 0:2.5-58.el5_6.4 set to be updated
-- Finished Dependency Resolution

Dependencies Resolved


 PackageArch VersionRepository Size

Updating:
 glibc  i686 2.5-58.el5_6.4 updates   5.3 M
 glibc  x86_64   2.5-58.el5_6.4 updates   4.8 M
 glibc-common   x86_64   2.5-58.el5_6.4 updates16 M
 glibc-develx86_64   2.5-58.el5_6.4 updates   2.4 M
 glibc-headers  x86_64   2.5-58.el5_6.4 updates   594 k
 krb5-libs  i386 1.6.1-55.el5_6.2   updates   667 k
 krb5-libs  x86_64   1.6.1-55.el5_6.2   updates   679 k
 krb5-workstation   x86_64   1.6.1-55.el5_6.2   updates   914 k
 nscd   x86_64   2.5-58.el5_6.4 updates   167 k

Transaction Summary

Install   0 Package(s)
Upgrade   9 Package(s)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] apr-util-pgsql

2011-06-12 Thread Alexander Farber 
Hello,

does anybody know of a good source for a apr-util-pgsql rpm package
for CentOS 5.6 / 64 bit and even more I'm curious why isn't it included
but the apr-util-mysql is included...

Thank you
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Restarting a Perl-script (socket daemon) from /etc/inittab

2011-06-02 Thread Alexander Farber 
Hello fellow CentOS sysadmins,

I run a small multiplayer card game
with around 500 users at peak times.

The client is in Flash and the server is in Perl.

The Perl server binds to port 8080, i.e. only
1 instance of it can be started (important detail).

The Perl server poll()s TCP-sockets and forks
only once - at the startup by calling this method:

sub daemonize {
die Can not fork: $!\n unless defined (my $child = fork());
# the parent should die
exit 0 if $child;

setsid();
open(STDIN, '/dev/null');
open(STDOUT, '/tmp/pref.txt');
open(STDERR, 'STDOUT');
chdir('/');
umask(0);
}

It runs on CentOS 5.6 Linux / 64 bit,
PostgreSQL 8.4.8 and Perl 5.8.8.

Because my budget is small and I had enough
troubles already, I want to use as little additional
software as possible - so that I can change hosters
or reinstall my cheapo server quickly. That is why
I for example just log to /tmp/pref.txt instead of
installing syslog-ng. And that is why I'd like to
use /etc/inittab for restarting my Perl daemon.

My Perl daemon runs mostly stable, but
approx. once a week it can crash with a

May 29 11:06:46 myhost kernel: pref.pl[3113]:
segfault at 7fffa21e6fd8 rip 003cce274460
rsp 7fffa21e6fd0 error 6

Since I'm tired of restarting the server manually,
I've tried to add it to the /etc/inittab:

pref:3:respawn:/bin/su -c '/usr/local/pref/pref.pl' nobody

(and I've added a nightly cronjob to
pkill pref.pl in the hope to refresh perl this way).

Unfortunately this does not work as expected -
in the /var/log/messages I see that the script
is being started again and again every 5 mins:

Jun  2 18:55:56 myhost init: Id pref
respawning too fast: disabled for 5 minutes

What am I doing wrong here? I was hoping to
being able to use /etc/inittab here, because
I remember using it for a similar situation at work
few years ago (also with a Perl daemon)
and it worked well then...

Thank you!
Alex

P.S. I've also posted my question at
http://serverfault.com/questions/276428/restarting-a-perl-script-socket-daemon-from-etc-inittab
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Restarting a Perl-script (socket daemon) from /etc/inittab

2011-06-02 Thread Alexander Farber 
On Thu, Jun 2, 2011 at 10:10 PM, Les Mikesell lesmikes...@gmail.com wrote:
 On 6/2/2011 2:46 PM, Alexander Farber wrote:

 The Perl server poll()s TCP-sockets and forks
 only once - at the startup by calling this method:

      sub daemonize {
          die Can not fork: $!\n unless defined (my $child = fork());
          # the parent should die
          exit 0 if $child;

 []

 Since I'm tired of restarting the server manually,
 I've tried to add it to the /etc/inittab:

      pref:3:respawn:/bin/su -c '/usr/local/pref/pref.pl' nobody

 (and I've added a nightly cronjob to
 pkill pref.pl in the hope to refresh perl this way).

 Unfortunately this does not work as expected -
 in the /var/log/messages I see that the script
 is being started again and again every 5 mins:

      Jun  2 18:55:56 myhost init: Id pref
      respawning too fast: disabled for 5 minutes

 What am I doing wrong here?

 It needs to not fork/exit on its own if you want init to respawn when it
 exits.

Thank you Les, so init does the forking for me?

I'll try it in few hours, when I have less users online.

And I wonder how often does init try to run
a program, before it stops for 5 minutes...

Mark, my pref.pl is 80 lines long, the rest is in few modules.

Yes, perl interpreter 5.8.8 crashes for me once a week,
but I don't really have a chance to solve it - I'm not a
perl interpreter developer myself, I don't have an easy
test case for them to try, I don't have a 2nd server or time
to reproduce it myself. I need to solve this problem now
(going to vacation on Sunday).

Greetings from Germany
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Restarting a Perl-script (socket daemon) from /etc/inittab

2011-06-02 Thread Alexander Farber 
I'll omit fork() and run my script from /etc/inittab as

pref:3:respawn:/bin/su -c '/usr/local/pref/pref.pl' nobody 21  /tmp/pref.txt

Do you think I still need setsid(); chdir(/); and umask(0); ?

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Restarting a Perl-script (socket daemon) from /etc/inittab

2011-06-02 Thread Alexander Farber 
Thank you, now my perl daemon works with /etc/inittab

I've removed fork() and used this line:

pref:3:respawn:/bin/su -c '/usr/local/pref/pref.pl /tmp/pref.txt 21' nobody

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Switching to php53

2011-05-01 Thread Alexander Farber 
Hello Dave, this really works -
I run Drupal 7 at my CentOS 5.6 machine with
the native php53 and postgresql84 packages.

Just remove the older php packages first.

Regards
Alex
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server offline :-( please help to repair software RAID

2011-05-01 Thread Alexander Farber 
Hello Mark and others,

On Thu, Apr 28, 2011 at 10:21 PM,  m.r...@5-cent.us wrote:
 At this point, I'd run the long test on each drive, and (after coming back
 an hour or two later, see the results.

I have that dreadly warning again -

/etc/cron.weekly/99-raid-check:
   WARNING: mismatch_cnt is not 0 on /dev/md0

By the long tests do you mean some Linux command
I could run while booted in rescue mode?

Or do you mean inserting Seagate/WD/whatever CD?

(Because Strato.de people refuse to do the latter -
I only pay EUR 29 + 59/month, locked until Dec.,
why would they do anything for me /sarcasm)

Regards
Alex

PS: below my disk info:


# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdb1[1] sda1[0]
  1023936 blocks [2/2] [UU]

md2 : active raid1 sdb5[1] sda5[0]
  277728192 blocks [2/2] [UU]

md3 : active raid1 sdb6[1] sda6[0]
  185151360 blocks [2/2] [UU]

md1 : active raid1 sdb3[1] sda3[0]
  20479936 blocks [2/2] [UU]

unused devices: none


# df -h
FilesystemSize  Used Avail Use% Mounted on
/dev/md1   20G  1.7G   17G   9% /
/dev/md3  176G  6.2G  161G   4% /var
/dev/md0  993M   42M  901M   5% /boot
/dev/md2  263G  2.0G  248G   1% /home
tmpfs 2.0G 0  2.0G   0% /dev/shm
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

  1   2   >