Re: [gentoo-user] RFC: Implementing a spamfiltering frontend
On 21/05/11 06.13, Pandu Poluan wrote: Hello list! Due to the increase of spam/phishing emails received by my office, I decided to explore the idea of implementing a spamfiltering 'frontend' in front of my email server. Here's how I plan to do it: fetchmail (G) -- postfix (G) -- amavisd+spamassassin+database (G) -- postfix (G) -- current email back-end (WS) -- clients (W) Having a second postfix instance between amavisd and the email server is going to make things way more complicated. Amavisd is perfectly capable of speaking smtp/lmtp by itself, so unless you need to perform complex mail routing you could directly send the filtered mail to the windows server. Other than that, I have very similar setup (fetchmail-postfix-amavis-cyrus-imap, where all hops but the first are done with lmtp) that has been working quite well for the past few years. HTH, andrea
Re: [gentoo-user] [HEADSUP] libreoffice versus bison-2.5
On Fri, 20 May 2011 15:34:59 -0700, walt wrote: For you users of unstable gentoo: the recent update of 'icu' broke dozens of packages (as it always does) including libreoffice. Although LO appears to continue working fine without the rebuild, at least for my basic usage. The problem is that libreoffice fails to build if you have bison-2.5 installed on your machine. A gentoo bug report was filed by our own Nikos Chantziaras -- who did not post a headsup to this list :p The fix is to downgrade bison to the 'stable' version 2.4.3, as stated in Nikos's bug report. There's a patch to fix this without downgrading at -- Neil Bothwick QOTD: The only easy way to tell a hamster from a gerbil is that the gerbil has more dark meat. signature.asc Description: PGP signature
[gentoo-user] How can I disable some apache modules?
Hi, I'd like to disable some apache modules (mod_autoindex and mod_userdir). I checked /etc/apache2/httpd.conf, but it says # GENTOO: Automatically defined based on APACHE2_MODULES # USE_EXPAND variable. # Do not change manually, it will be overwritten on upgrade. OK, when this is not recommended way, I tried to set it up in /etc/make.conf: APACHE2_MODULES=${APACHE2_MODULES} -autoindex -userdir But when I try re-emerge apache, I get a lot of errors like this: Invalid '-' operator in non-incremental variable 'APACHE2_MODULES': '-autoindex' So how can I control which apache modules are build and loaded? Jarry -- ___ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
Re: [gentoo-user] How can I disable some apache modules?
On Saturday 21 May 2011 14:34:51 Jarry wrote: Hi, I'd like to disable some apache modules (mod_autoindex and mod_userdir). I checked /etc/apache2/httpd.conf, but it says # GENTOO: Automatically defined based on APACHE2_MODULES # USE_EXPAND variable. # Do not change manually, it will be overwritten on upgrade. OK, when this is not recommended way, I tried to set it up in /etc/make.conf: APACHE2_MODULES=${APACHE2_MODULES} -autoindex -userdir But when I try re-emerge apache, I get a lot of errors like this: Invalid '-' operator in non-incremental variable 'APACHE2_MODULES': '-autoindex' So how can I control which apache modules are build and loaded? Jarry APACHE2_MODULES aren't incremental. All you put in is built, all you don't put in isn't built ! That's it. -- Stéphane Guedon page web : http://www.22decembre.eu/ carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf clé publique gpg : http://www.22decembre.eu/downloads/Stephane-Guedon.asc signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] How can I disable some apache modules?
Apparently, though unproven, at 14:34 on Saturday 21 May 2011, Jarry did opine thusly: Hi, I'd like to disable some apache modules (mod_autoindex and mod_userdir). I checked /etc/apache2/httpd.conf, but it says # GENTOO: Automatically defined based on APACHE2_MODULES # USE_EXPAND variable. # Do not change manually, it will be overwritten on upgrade. OK, when this is not recommended way, I tried to set it up in /etc/make.conf: APACHE2_MODULES=${APACHE2_MODULES} -autoindex -userdir But when I try re-emerge apache, I get a lot of errors like this: Invalid '-' operator in non-incremental variable 'APACHE2_MODULES': '-autoindex' So how can I control which apache modules are build and loaded? Jarry APACHE2_MODULES is non-incremental (the output message says so right there) which means you can't take stuff out. You can only prevent it ever going in: Remove the things you don't want from APACHE2_MODULES in /etc/make.conf -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] RFC: Implementing a spamfiltering frontend
On 2011-05-21, Andrea Conti a...@alyf.net wrote: On 21/05/11 06.13, Pandu Poluan wrote: Hello list! Due to the increase of spam/phishing emails received by my office, I decided to explore the idea of implementing a spamfiltering 'frontend' in front of my email server. Here's how I plan to do it: fetchmail (G) -- postfix (G) -- amavisd+spamassassin+database (G) -- postfix (G) -- current email back-end (WS) -- clients (W) Having a second postfix instance between amavisd and the email server is going to make things way more complicated. Amavisd is perfectly capable of speaking smtp/lmtp by itself, so unless you need to perform complex mail routing you could directly send the filtered mail to the windows server. Other than that, I have very similar setup (fetchmail-postfix-amavis-cyrus-imap, where all hops but the first are done with lmtp) that has been working quite well for the past few years. HTH, andrea Hmm... interesting points. But can it still do the 2nd part of the equation, that is, perform outgoing routing? I had thought that I'll need amavisd to re-inject the email to postfix so that postfix can do mail routing, i.e., mails to my domain get routed to the Windows server, while outgoing emails get routed to my ISP's mail relay. Of course I can have postfix to skip amavisd for outgoing emails, but then I guess I'll lose amavisd's automated whitelisting (the so-called 'pen pal' feature). Rgds, -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/
Re: [gentoo-user] How can I disable some apache modules?
On 21. 5. 2011 14:46, Alan McKinnon wrote: APACHE2_MODULES is non-incremental (the output message says so right there) which means you can't take stuff out. You can only prevent it ever going in: Remove the things you don't want from APACHE2_MODULES in /etc/make.conf But I did not have any APACHE2_MODULES in /etc/make.conf so there is nothing I could remove, and I do not know what I should put in it. I do not want to change anything else, except for those two modules. Where can I find default value of APACHE2_MODULES? Jarry -- ___ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
Re: [gentoo-user] How can I disable some apache modules?
Apparently, though unproven, at 15:18 on Saturday 21 May 2011, Jarry did opine thusly: On 21. 5. 2011 14:46, Alan McKinnon wrote: APACHE2_MODULES is non-incremental (the output message says so right there) which means you can't take stuff out. You can only prevent it ever going in: Remove the things you don't want from APACHE2_MODULES in /etc/make.conf But I did not have any APACHE2_MODULES in /etc/make.conf so there is nothing I could remove, and I do not know what I should put in it. I do not want to change anything else, except for those two modules. Where can I find default value of APACHE2_MODULES? emerge --info | grep APACHE2_MODULES copy|paste|edit -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] RFC: Implementing a spamfiltering frontend
so unless you need to perform complex mail routing you could directly send the filtered mail to the windows server. Hmm... interesting points. But can it still do the 2nd part of the equation, that is, perform outgoing routing? That's what I meant with complex mail routing :) The problem with having two passes through postfix in the mail routing chain is that you either run two separate postfix instances with independent configurations or you have to figure out a robust way to avoid loops. It can be done, it's just more difficult :) Of course I can have postfix to skip amavisd for outgoing emails, but then I guess I'll lose amavisd's automated whitelisting (the so-called 'pen pal' feature). True. In my case that's not really a problem as we only have amavisd add a spam level header to messages; actually deleting spam is left to the clients, and most clients that support user-configurable spam policies and rulesets can do some sort of address whitelisting. andrea
Re: [gentoo-user] RFC: Implementing a spamfiltering frontend
On 21/5/2011, at 5:13am, Pandu Poluan wrote: ... Due to the increase of spam/phishing emails received by my office, I decided to explore the idea of implementing a spamfiltering 'frontend' in front of my email server. Here's how I plan to do it: fetchmail (G) -- postfix (G) -- amavisd+spamassassin+database (G) -- postfix (G) -- current email back-end (WS) -- clients (W) (G) = the single Gentoo server working as mailfilter (WS) = mail server on Windows Server (W) = various Windows clients (XP and 7) I need fetchmail because currently we still use a hosting company, at least until August when we host everything on our own. Then, we'll drop fetchmail and expose postfix for the world to deliver the mails to. You shouldn't need amavisd / spamassassin, once you're exposing Postfix to the outside world, if you configure it well. You should do things like checking that the DNS name matches the helo response given by the server trying to send you mail (this alone filters out a good deal of spam) and be able to use things like DKIM, SPF and even SpamHaus. http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail http://en.wikipedia.org/wiki/Sender_Policy_Framework http://www.spamhaus.org/ (SpamHaus says free for personal use upto x,000 messages per period, but they don't mind business use as long as you're under that limit; still it's cheap, once you've used the free account to prove the service) Using fetchmail you're unable to reject mail in the same way, so you have to use stuff like amavisd / spamassassin. Lots of discussion of this on the Postfix mailing list. You should definitely read that for a week or two before deploying. Stroller.
Re: [gentoo-user] RFC: Implementing a spamfiltering frontend
On 2011-05-21, Stroller strol...@stellar.eclipse.co.uk wrote: On 21/5/2011, at 5:13am, Pandu Poluan wrote: ... Due to the increase of spam/phishing emails received by my office, I decided to explore the idea of implementing a spamfiltering 'frontend' in front of my email server. Here's how I plan to do it: fetchmail (G) -- postfix (G) -- amavisd+spamassassin+database (G) -- postfix (G) -- current email back-end (WS) -- clients (W) (G) = the single Gentoo server working as mailfilter (WS) = mail server on Windows Server (W) = various Windows clients (XP and 7) I need fetchmail because currently we still use a hosting company, at least until August when we host everything on our own. Then, we'll drop fetchmail and expose postfix for the world to deliver the mails to. You shouldn't need amavisd / spamassassin, once you're exposing Postfix to the outside world, if you configure it well. You should do things like checking that the DNS name matches the helo response given by the server trying to send you mail (this alone filters out a good deal of spam) and be able to use things like DKIM, SPF and even SpamHaus. http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail http://en.wikipedia.org/wiki/Sender_Policy_Framework http://www.spamhaus.org/ (SpamHaus says free for personal use upto x,000 messages per period, but they don't mind business use as long as you're under that limit; still it's cheap, once you've used the free account to prove the service) Using fetchmail you're unable to reject mail in the same way, so you have to use stuff like amavisd / spamassassin. Lots of discussion of this on the Postfix mailing list. You should definitely read that for a week or two before deploying. Stroller. Well, we've been receiving obvious spams from @yahoo.com, @gmail.com, and these are valid addresses (apparently people who got phished). Plus, the Gentoo document I linked earlier also linked to a document that considers RBLs as... not quite effective. In addition, if I rely only on DKIM+SPF+RBL, there will be collateral damage, i.e., false positives. For business reasons, we'd rather have false negatives (one or two spams got through every week) rather than false positives. In addition, a cursory check on our clients indicates that only a few percentage of them implemented SPF. Much less DKIM. Due to the above reasons, I need a spamfiltering solution that relies on analyzing the messages themselves. Rgds, -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/
[gentoo-user] Speech-synthesizer ?
Hi, can someone recommend a speech synthesizer, which parameters like voice (child/adult/male/female...and other) are configurable and which is -not- festival? I treid festival and have failed to chance exactly that parameters and according to postings, others have made the same expericence... I am running a recent gentoo on a AMD64 platform. What is the most promising application to emerge? Thank you very much in advance for any hint/help! Best regards and have a nice weekend! Best regards, mcc
Re: [gentoo-user] RFC: Implementing a spamfiltering frontend
On Sat, 21 May 2011 16:40:02 +0200, Andrea Conti wrote about Re: [gentoo-user] RFC: Implementing a spamfiltering frontend: [snip] The problem with having two passes through postfix in the mail routing chain is that you either run two separate postfix instances with independent configurations or you have to figure out a robust way to avoid loops. It can be done, it's just more difficult :) Actually, it is quite simple: you just configure a re-injection port in your original instance of Postfix. I have been running this arrangement for some few years now, and I use port 25 for the initial insertion of an email into Postfix and port 10025 for amavisd to re-insert the message after spam and virus scans have been completed. -- Regards, Dave [RLU #314465] *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* dwn...@ntlworld.com (David W Noon) *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* signature.asc Description: PGP signature
Re: [gentoo-user] RFC: Implementing a spamfiltering frontend
On 21/5/2011, at 5:14pm, Pandu Poluan wrote: ... Well, we've been receiving obvious spams from @yahoo.com, @gmail.com, and these are valid addresses (apparently people who got phished). Have you checked they're originating at yahoo / gmail servers? Anyone can spoof a from: address. Plus, the Gentoo document I linked earlier also linked to a document that considers RBLs as... not quite effective. I am sceptical of this conclusion, but you certainly shouldn't be relying upon them as if they're a magic bullet. In addition, if I rely only on DKIM+SPF+RBL, there will be collateral damage, i.e., false positives. Only if you choose to reject them on this basis. Why don't you greylist messages that fail DKIM/SPF? For business reasons, we'd rather have false negatives (one or two spams got through every week) rather than false positives. In addition, a cursory check on our clients indicates that only a few percentage of them implemented SPF. Much less DKIM. Due to the above reasons, I need a spamfiltering solution that relies on analyzing the messages themselves. You're not looking at email filtering in a layered, holistic manner. Your answer is throw spamassassin at the problem, that'll fix it. Personally I've found spamassassin exceedingly poor, if dumbly used in a naive manner. Since you've done a check on your clients, you already have some hosts you know to permit. Why would you throw away messages from them? If your answer is because you told me to do DKIM+SPF+RBL then you're wrong - I just advised you to look at the bigger picture. Stroller.
Re: [gentoo-user] Speech-synthesizer ?
On Sat, May 21, 2011 at 07:47:47PM +0200, meino.cra...@gmx.de wrote: Hi, can someone recommend a speech synthesizer, which parameters like voice (child/adult/male/female...and other) are configurable and which is -not- festival? Have you looked at espeak? Does it allow this type of configuration? William pgpL3EJRLobDA.pgp Description: PGP signature
[gentoo-user] Re: [HEADSUP] libreoffice versus bison-2.5
On 05/20/2011 08:24 PM, Indi wrote: On Sat, May 21, 2011 at 12:50:01AM +0200, walt wrote: For you users of unstable gentoo: the recent update of 'icu' broke dozens of packages (as it always does) including libreoffice. The problem is that libreoffice fails to build if you have bison-2.5 I have bison-2.5, but am using libreoffice-bin which seems fine. Yes, that would be expected because bison is needed only at compile time, not at run time. I would be using libreoffice-bin too, except for a ridiculous change made about a year ago in the way openoffice charts are scaled on the y-axis. I complained bitterly on the openoffice 'chart' mail list, only to discover that openoffice changed its perfectly good scaling algorithm to ape a change made in M$ Office! Nobody at openoffice.org would consider reverting that ridiculous mee-too change, so I've been editing the open(libre)office source code to remove it myself before compiling it. I was very disappointed to find a major open- source project following M$ around like a hungry puppy :(
[gentoo-user] Re: system rescue usb stick
On 05/20/2011 04:22 AM, Coert Waagmeester wrote: On 05/19/2011 04:12 AM, Valmor de Almeida wrote: Is SystemRescueCd still a good system rescue tool? The web site has not been updated for over 1 year. Thanks for other suggestions. I use it for all my gentoo installations as well. Have even removed windows viruses from windows boxen with it. How did you repair a windows box with it? I can't even begin to guess!
[gentoo-user] Re: [HEADSUP] libreoffice versus bison-2.5
On 05/22/2011 01:03 AM, walt wrote: I was very disappointed to find a major open- source project following M$ around like a hungry puppy :( It needs to. If it's not compatible with M$, people won't use it as much.
Re: [gentoo-user] Speech-synthesizer ?
William Hubbs willi...@gentoo.org [11-05-22 01:29]: On Sat, May 21, 2011 at 07:47:47PM +0200, meino.cra...@gmx.de wrote: Hi, can someone recommend a speech synthesizer, which parameters like voice (child/adult/male/female...and other) are configurable and which is -not- festival? Have you looked at espeak? Does it allow this type of configuration? William No, I didnt. The reason for posting here before installing, was that I didnt know the answer to the question of the kind/possibility of configuration :) mcc
Re: [gentoo-user] Inkscape-0.48.1-r1 really sloooooow
On 05/20/2011 08:49 AM, Mick wrote: Hi All, I installed inkscape-0.48.1-r1 on a x86 machine. For a few seconds/minutes after opening an svg image rendering is fast as expected, but soon it gets bogged down to the point of seeing the image being rendered in slow motion, a row at a time if e.g. I scroll up or down the page. Only 20% of RAM (of 3G total) is being used at the time, so I'm guessing this could be something to do with the ATI video card? Other graphics apps open at the same time (e.g. Gimp) do not have such problems rendering graphics (albeit not svg). Before I post loads of info which may be unnecessary, have you come across anything similar and how can I troubleshoot it? PS. I unmasked 0.48.1-r1 because 0.48.0 was even worse. I don't suppose you have a ton of fonts installed? I've had Inkscape lock up for like 5 minutes at a time when it was loading the font list (either at startup or when opening the text dialog).
Re: [gentoo-user] Speech-synthesizer ?
On Sat, May 21, 2011 at 7:39 PM, meino.cra...@gmx.de wrote: William Hubbs willi...@gentoo.org [11-05-22 01:29]: On Sat, May 21, 2011 at 07:47:47PM +0200, meino.cra...@gmx.de wrote: Hi, can someone recommend a speech synthesizer, which parameters like voice (child/adult/male/female...and other) are configurable and which is -not- festival? Have you looked at espeak? Does it allow this type of configuration? William No, I didnt. The reason for posting here before installing, was that I didnt know the answer to the question of the kind/possibility of configuration :) mcc This may help; http://espeak.sourceforge.net/voices.html
Re: [gentoo-user] Speech-synthesizer ?
This may help; http://espeak.sourceforge.net/voices.html This works for a woman's voice in English; espeak -v en+f4 hello