Re: [CentOS-virt] Fedora 12 2.6.31.5-127.fc12 domU on CentOS 5.4 2.6.18-164.6.1.el5xen fails to boot
Interesting... I tried something similar using KOAN/Cobbler and believe that is the error I saw as well... On Mon, 23 Nov 2009, Charles J Gruener wrote: Doing a kickstart install of Fedora 12 results in a non-bootable image. From a virt-maanger instance, the error produced when trying to run the domU is: Traceback (most recent call last): File /usr/share/virt-manager/virtManager/engine.py, line 498, in run_domain vm.startup() File /usr/share/virt-manager/virtManager/domain.py, line 573, in startup self.vm.create() File /usr/lib64/python2.4/site-packages/libvirt.py, line 287, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: POST operation failed: xend_post: error from xen daemon: (xend.err Error creating domain: Boot loader didn't return any data!) If you drop to the command line to see what pygrub gets back, you get: # pygrub /var/lib/xen/images/fedora12.img Traceback (most recent call last): File /usr/bin/pygrub, line 677, in ? fs = fsimage.open(file, get_fs_offset(file)) IOError: [Errno 95] Operation not supported The kickstart worked perfectly in Fedora 11 on a CentOS 5.4 dom0. I've tried investigating all sorts of grub options and even tried copying kernel and initramfs files out from the domU to dom0 and booting from those with no luck. The only thing that does work is if I install Fedora 11 and then perform an upgrade to Fedora 12. I really don't want to have to deploy machines this way. Is anyone else experiencing this issue? I can provide any further information requested. Basically, to repeat my error, install CentOS 5.4 with Virtualization, then try to install a Fedora 12 domU. The installation finishes without error but you can't boot. The systems are all x86_64. Thanks. Charles ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt Scot P. Floess 27 Lake Royale Louisburg, NC 27549 252-478-8087 (Home) 919-890-8117 (Work) Chief Architect JPlate http://sourceforge.net/projects/jplate Chief Architect JavaPIM http://sourceforge.net/projects/javapim Architect Keros http://sourceforge.net/projects/keros ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Fedora 12 2.6.31.5-127.fc12 domU on CentOS 5.4 2.6.18-164.6.1.el5xen fails to boot
I specifically call out to create an ext3 filesystem in the kickstart file for /boot. I did neglect to mention that in my original post. Charles On Nov 23, 2009, at 3:56 PM, Andri Möll wrote: This looks like your host doesn't support the filesystem your domU's using. I think Fedora's on ext4 by default. One solution is to use ext2/ext3 for the domU's boot media or partition. Andri ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Fedora 12 2.6.31.5-127.fc12 domU on CentOS 5.4 2.6.18-164.6.1.el5xen fails to boot
I've only got the one virtual disk. /boot is on xvda1 with / and swap in LVs. The PV is xvda2. Charles On Nov 23, 2009, at 4:43 PM, Andri Möll an...@dot.ee wrote: If /boot is on another virtual drive, make sure it's the first one in the VM's 'disk' listing (/etc/xen/foo). I remember reading that Xen gives only the first disk to pygrub as an arg. /usr/bin/pygrub is a Python script. Probably printing the 'file' var to stderr before the line fsimage.open(file, get_fs_offset(file)) shows what it's trying to open. Andri On Mon, 2009-11-23 at 15:59 -0500, Charles J Gruener wrote: I specifically call out to create an ext3 filesystem in the kickstart file for /boot. I did neglect to mention that in my original post. Charles On Nov 23, 2009, at 3:56 PM, Andri Möll wrote: This looks like your host doesn't support the filesystem your domU's using. I think Fedora's on ext4 by default. One solution is to use ext2/ext3 for the domU's boot media or partition. Andri ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] virt-manager issues?
Found the cause of the problem. It seems virt-manager parses both its own config files and those under /etc/xen. There were still the config files for the old VMs in /etc/xen but after the virsh edit libvirt also create new ones for the renamed VMs. This apparently confused virt-manager. After removing the old config files in /etc/xen things look ok now. Looks like the rename-case is not properly handled by libvirt (the old files should be removed after creating the new ones). Regards, Dennis On 11/23/2009 06:56 PM, Andri Möll wrote: Maybe restarting libvirtd on the host helps. Or virt-manager --debug --no-fork # might say something informative. Andri On Mon, 2009-11-23 at 17:26 +0100, Dennis J. wrote: Hi, A short while ago I renamed two VMs by shutting them down, lvrenaming the storage devices and adjusting the storage path and vm name using virsh edit. This works fine so far and virsh list shows them correctly however virt-manager has gone bonkers and still shows them with the old names and alternating between the status Shutoff and Running with every display refresh and CPU usage alternating between 0% and 100%. All other VMs on the host are fine and are displayed correctly by virt-manager. Does anybody know what the problem could be and how to fix it? While this issue seems to display related rather than being an actual problem with the VMs it's pretty irritating to say the least. Regards, Dennis ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-es] squid+squidguard+videocache
Hola, Que bueno escuchar que solucionaste eso de el cacha, talvez nos puedas iluminar de donde sacaste la Info? Gracias y buena suerte. El 22 de noviembre de 2009 21:14, ces can arvega...@hotmail.com escribió: Saludos: Me de gusto decirles que mi idea funciono ahora ya no consumo mucho ancho de banda con youtube Cesar Canales -- From: arvega...@hotmail.com To: centos-es@centos.org Date: Fri, 20 Nov 2009 17:14:08 -0500 Subject: [CentOS-es] squid+squidguard+videocache Hola: Tengo un problema con el squid + squidguard+videocache no se si lo han probado, lo que sucede es que aveces me deniega una pagina de youtube y al hacerle f5 al navegador ingresa correctamente, aparte hay paginas que me sale que el video no esta disponible. Busque una solucion y fue la siguiente: dado que squid+videocache funicona correctamente: instalar en un servidor el centos con kernel-xen crear un virtual e instalar alli un centos con squid y videocache y en el servidor fisico un instalar squid con squidguard este deberia apuntar al servidor proxy squid virtual con parent, entonces si un usuario desea ingresar a una pagina de youtube el proxy connsultaria con el proxy virtual y este comenzaria a guardarlo en la cache, a la proxima cuando ingrese a la misma pagina y este le solicite a al proxy virtual el video le dara lo que ya tiene en la cache. Bueno no se si funcionara pero cualquier ayuda estare atento gracias. -- Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! Try it!http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us -- Discover the new Windows Vista Learn more!http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Atentamente Andrés Genovez Tobar / Sistemas COMERCIAL SALVADOR PACHECO MORA S.A. / DESDE 1945 Tecnologías Cuenca, Luis Cordero 9-70 y Gran Colombia Teléfono. 593-7-2842388 ext 408 Fax. 593-7-2842388 ext 120 Celular 593-97670874 593-96816996 Alegro Mail:ageno...@cspmsa.com Personal: andresgeno...@gmail.com www.cspmsa.com www.crice.org ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] squid+squidguard+videocache
El día 22 de noviembre de 2009 20:14, ces can arvega...@hotmail.com escribió: Saludos: Me de gusto decirles que mi idea funciono ahora ya no consumo mucho ancho de banda con youtube de un tiempo para ca videocache es de pago , en su momento estuvo libre , pero ya no lo pude coger a tiempo , tienes un rpm o tar.gz que puedas compartirlo ... saludoss -- rickygm http://gnuforever.homelinux.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Resumen de CentOS-es, Vol 35, Env ío 38
Gracias, por sus respuestas, les explico un poco lo que pretendo, quiero que el servidor realice las siguientes funciones: - Haga de servidor de impresora, ósea la impresora ira conectada a este y el resto de pcs en la red, podrán imprimir conectándose a la este. - Luego quiero que haga de servidor de ficheros. - Luego pretendo también utilizarlo como servidor de correos, para usar un par de cuentas con un dominio que tengo en mente. Básicamente es eso lo que pretendo que haga el servidor, a ver si alguien m puede echar un cable por dónde empezar. Saludos a todos y gracias por su tiempo Oscar Enzo Administrador de Sistemas Unix / Linux -Mensaje original- De: centos-es-boun...@centos.org [mailto:centos-es-boun...@centos.org] En nombre de centos-es-requ...@centos.org Enviado el: lunes, 23 de noviembre de 2009 10:03 Para: centos-es@centos.org Asunto: Resumen de CentOS-es, Vol 35, Envío 38 Envíe los mensajes para la lista CentOS-es a centos-es@centos.org Para subscribirse o anular su subscripción a través de la WEB http://lists.centos.org/mailman/listinfo/centos-es O por correo electrónico, enviando un mensaje con el texto help en el asunto (subject) o en el cuerpo a: centos-es-requ...@centos.org Puede contactar con el responsable de la lista escribiendo a: centos-es-ow...@centos.org Si responde a algún contenido de este mensaje, por favor, edite la linea del asunto (subject) para que el texto sea mas especifico que: Re: Contents of CentOS-es digest Además, por favor, incluya en la respuesta sólo aquellas partes del mensaje a las que está respondiendo. Asuntos del día: 1. Re: Resumen de CentOS-es, Vol 35, Envío 37 (Oscar Arroyo) 2. Re: Resumen de CentOS-es, Vol 35, Envío 37 (Nilton Morales) 3. Re: squid+squidguard+videocache (ces can) 4. Re: Ayuda adicionar Windows 7 a dominio (Mario Ganga) 5. Re: Resumen de CentOS-es, Vol 35, Envío 37 (Eduardo Grosclaude) 6. Re: squid+squidguard+videocache (Andres Genovez) -- Message: 1 Date: Sun, 22 Nov 2009 19:24:26 +0100 From: Oscar Arroyo e...@arroyof.com Subject: Re: [CentOS-es] Resumen de CentOS-es, Vol 35, Envío 37 To: centos-es@centos.org Message-ID: !!AAAYAN4Rc+cZoWRDs5dDIBR+stHCgAAAEM7CL1SlemNGhxVb5jP6 idsba...@arroyof.com Content-Type: text/plain; charset=iso-8859-1 Buenas tardes una consulta, a ver si me echan un cable, estoy pensando en montar un pequeño servidor en la oficina, y he pensado en cenTOS, indiscutiblemente. Una duda que tengo es, a ver qué sistema me aconsejan como panel de control, más que servidor Web será un servidor de ficheros, pero pienso también utilizarlo como servidor de e-mail, a ver si me pueden orientar un poco, gracias a todos de antemano. Saludos. Oscar Enzo Administrador de Sistemas Unix / Linux -Mensaje original- De: centos-es-boun...@centos.org [mailto:centos-es-boun...@centos.org] En nombre de centos-es-requ...@centos.org Enviado el: domingo, 22 de noviembre de 2009 18:00 Para: centos-es@centos.org Asunto: Resumen de CentOS-es, Vol 35, Envío 37 Envíe los mensajes para la lista CentOS-es a centos-es@centos.org Para subscribirse o anular su subscripción a través de la WEB http://lists.centos.org/mailman/listinfo/centos-es O por correo electrónico, enviando un mensaje con el texto help en el asunto (subject) o en el cuerpo a: centos-es-requ...@centos.org Puede contactar con el responsable de la lista escribiendo a: centos-es-ow...@centos.org Si responde a algún contenido de este mensaje, por favor, edite la linea del asunto (subject) para que el texto sea mas especifico que: Re: Contents of CentOS-es digest Además, por favor, incluya en la respuesta sólo aquellas partes del mensaje a las que está respondiendo. Asuntos del día: 1. Re: Ahora si Centos 5.4 (Jose Sabastizagal) -- Message: 1 Date: Sun, 22 Nov 2009 09:24:24 -0500 From: Jose Sabastizagal jsabastiza...@gmail.com Subject: Re: [CentOS-es] Ahora si Centos 5.4 To: centos-es@centos.org Message-ID: b7bcfe0b0911220624t4d92c886yd8e63d50fccef...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 Lo descargue desde aquí vía torrent: http://mirror.centos-br.org/5.4/isos/ Aquí están las listas de mirrors http://mirror.centos.org/centos/5/isos/ Saludos -- ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Fin de Resumen de CentOS-es, Vol 35, Envío 37 * -- Message: 2 Date: Sun, 22 Nov 2009 18:41:40 -0500 From: Nilton Morales morales.nil...@gmail.com Subject: Re:
[CentOS-es] Problemas acceso ssh permiso de carpetas
Buenas, Durante mucho tiempo he estado siguiendo la lista pero nunca habia posteado. Asi que gracias a todos por los aportes que hacen. Me ha surgido un problema con el acceso a las carpetas mediante ssh. Les expongo el problema, en una red de un colegio que he empezado a administrar tengo un problema que no se como solucionarlo, tengo unos usuarios en samba que tienen acceso a una serie de carpetas y a otras que no. Esto funciona correctamente cuando se entra desde dentro de la red local. El problema lo tengo cuando los usuarios acceden desde el exterior mediante ssh. Los usuarios acceden utilizando el WINSCP y se loguean perfectamente. El problema está a la hora de acceder a las carpetas. Ya que tienen acceso total a todas las carpetas con permisos de lectura y escritura. Y esto no tendria que ser así ya que se están utilizando los mismos usuarios que están en el samba. ¿Donde puede estar el problema? Espero sus respuetas y desde ya muchas gracias. Saludos, Ivan ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] squid+squidguard+videocache
El día 22 de noviembre de 2009 20:41, Andres Genovez andresgeno...@gmail.com escribió: Hola, Que bueno escuchar que solucionaste eso de el cacha, talvez nos puedas iluminar de donde sacaste la Info? Gracias y buena suerte. aqui lo tienes , el problema es que es de pago http://maxid.com.ar/?p=1257 -- rickygm http://gnuforever.homelinux.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] HAproxy Keepalived
El 19/11/09 20:08, Mauricio Cesar Ramirez Torres escribió: Hola! ya probé incluso cambiando de distribución (ubuntu, Debian y CentOS) pero el resultado es el mismo y ese es mi problema, cuando enciendo el servicio lo puedo ver y me alterna las peticiones a cada servidor web, si apago un servidor web dirige toda la carga al que queda encendido, de igual forma si apago un balanceador, pero mi problema es que solo veo el servicio desde los balanceadores, si trato de acceder desde otro equipo no puedo, tarda un buen tiempo tratando de conectarse y se corta por tiempo excedido. Por lo que comentas posiblemente sea un problema de ARP, estas utilizando LVS-DR, ¿verdad? Si utilizas DR, tienes que configurar la VIP en un interfaz loopback y despúes debes configurar arp_ignore y arp_announce vía sysctl del siguiente modo: net/ipv4/conf/eth0/arp_ignore = 1 net/ipv4/conf/eth0/arp_announce = 2 net/ipv4/ip_forward=1 Haz estos cambios y luegos nos cuentas si ya puedes ver la VIP desde cualquier sitio ;-) Saludos! -- Santi Saez http://woop.es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] squid+squidguard+videocache
Hola: Bueno yo lo baje de los repositorios de FreeBSD que tambien manejo. Siguen el manual de instalacion de la pagina de videocache y estara listo en menos de 1 minuto. Cesar Canales. From: xserverli...@gmail.com Date: Sun, 22 Nov 2009 21:59:16 -0600 To: centos-es@centos.org Subject: Re: [CentOS-es] squid+squidguard+videocache El día 22 de noviembre de 2009 20:14, ces can arvega...@hotmail.com escribió: Saludos: Me de gusto decirles que mi idea funciono ahora ya no consumo mucho ancho de banda con youtube de un tiempo para ca videocache es de pago , en su momento estuvo libre , pero ya no lo pude coger a tiempo , tienes un rpm o tar.gz que puedas compartirlo ... saludoss -- rickygm http://gnuforever.homelinux.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] squid+squidguard+videocache
El día 23 de noviembre de 2009 13:12, ces can arvega...@hotmail.com escribió: Hola: Bueno yo lo baje de los repositorios de FreeBSD que tambien manejo. Siguen el manual de instalacion de la pagina de videocache y estara listo en menos de 1 minuto. ok gracias por la info , pero cual es la url de los repositorios , para bajarlo? saludoss -- rickygm http://gnuforever.homelinux.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problemas acceso ssh permiso de carpetas
El 23 de noviembre de 2009 10:13, Ivan Boluda Puig ivan.bol...@gmail.comescribió: Buenas, Durante mucho tiempo he estado siguiendo la lista pero nunca habia posteado. Asi que gracias a todos por los aportes que hacen. Me ha surgido un problema con el acceso a las carpetas mediante ssh. Les expongo el problema, en una red de un colegio que he empezado a administrar tengo un problema que no se como solucionarlo, tengo unos usuarios en samba que tienen acceso a una serie de carpetas y a otras que no. Esto funciona correctamente cuando se entra desde dentro de la red local. El problema lo tengo cuando los usuarios acceden desde el exterior mediante ssh. Los usuarios acceden utilizando el WINSCP y se loguean perfectamente. El problema está a la hora de acceder a las carpetas. Ya que tienen acceso total a todas las carpetas con permisos de lectura y escritura. Y esto no tendria que ser así ya que se están utilizando los mismos usuarios que están en el samba. ¿Donde puede estar el problema? Espero sus respuetas y desde ya muchas gracias. A ver, espacios entre los párrafos ayudaría a leer mejor y entender tu problema. Cuando dices que al acceder por ssh tienen acceso a todos los directorios. ¿A que directorios te refieres? ¿Podrías explicar mejor tu ambiente? De entrada, es normal que un usuario que accede por ssh pueda navegar por la jerarquía de directorios, siempre y cuando; los directorios tengan permisos que lo permitan. Una forma de evitar esto es encerrando al usuario de ssh con chroot. En google hay varios tutoriales en español de como hacer esto en CentOS, en alcancelibre.org hay uno. Saludos, Ivan Saludos Ernesto Celis (Usuario Linux #323140) irc.freenode.net #centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Inquiry:How to enable NAT on CentOS 5 ?
Sorry. It seems that I didn't illustrate what I mean correctly . I mean that it is appeared to me that my CentOS 5 server will support for NAT by default (as I checked it on VirtualBox) but after Asterisk DECT installation it does not . Can you please let me know which settings maybe influenced and need to be double-checked ? Thank you in advance On Mon, Nov 23, 2009 at 7:54 AM, Barry Brimer li...@brimer.org wrote: Dear All On my CentOS 5 , I installed the Asterisk 1.4.13 and DECT application software and then when I want to try for NAT I issue as the followings : #iptables -t nat -A POSTROUTING -s 10.20.30.0/24 -o eth0 -j MASQUERADE But it didn't get through . So I checked if the NAT is enabled on my CentOS server , as the followings : #echo 1 /proc/sys/net/ipv4/ip_forward But still I cannot try for NAT . Can you please let me know which other setings maybe influenced and need to be checked for enabling the NAT ? You have your outgoing traffic NATed .. but you need a PREROUTING rule to forward the traffic to your Asterisk server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] APIC error on CPU0: 00(60)
Hi All! I have a some problem: On the my motherboard Intel DG45NB with Processor Box Intel Core 2 Duo E6300 , i see in the dmesg(log file): dmesg | grep CPU0 APIC error on CPU0: 00(60) or the sometime: dmesg | grep CPU1 APIC error on CPU1: 00(60) How can I fix this problem??? This Bug is my motherboard or the kernel??? The system good working is uptime... Without reboot... Other error in the log file - not found. My kernel 2.6.18-164.6.1.el5 My system CentOS 5.4... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's wrong with yum-priorities?
Well, I think reality is that most of us have had very good experience with yum-priorities. There is no thing as absolute security. And I'm going to continue to use it, it certainly allows for a more fine- grained control than protect-base. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] APIC error on CPU0: 00(60)
Andrey Garkin wrote: Hi All! I have a some problem: On the my motherboard Intel DG45NB with Processor Box Intel Core 2 Duo E6300 , i see in the dmesg(log file): dmesg | grep CPU0 APIC error on CPU0: 00(60) or the sometime: dmesg | grep CPU1 APIC error on CPU1: 00(60) How can I fix this problem??? This Bug is my motherboard or the kernel??? The system good working is uptime... Without reboot... Other error in the log file - not found. My kernel 2.6.18-164.6.1.el5 My system CentOS 5.4... http://lists.centos.org/pipermail/centos/2006-June/023374.html James Pearson ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Logo origin
Hello I was just asked what the logo means and I had to admit that I really had no idea, as it was chosen way before my time. Can someone please enlighten me about the logo. I have tried google but nothing really came up :) Some pointers would be very helpful. Cheers Didi -- My www page: www.ribalba.de Email / Jabber: riba...@gmail.com Skype : ribalba ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] again, nic driver order
On Sun, Nov 22, 2009 at 9:33 PM, Tom H tomh0...@gmail.com wrote: On Mon, Nov 23, 2009 at 2:38 AM, Gordon McLellan gordonth...@gmail.com wrote: KERNEL==eth?, SYSFS{address}==00:21:e9:17:64:b5, NAME=eth1 # Now, all three network cards get assigned as eth0! eth1 and eth2 are no longer found. The pci-express nics (onboard) get detected first, and the pci nic is last, so it ends up owning the eth0 alias. Changing SYSFS to ATTR should do it. ___ Tom, Now I get in the syslog: Unknown key: ATTR{address} I also tried ATTRS{address} seen in some examples, same error. Digging around google a bit more I came up with different rules, and fingers crossed, they seem to work! SUBSYSTEM==net, SYSFS{address}==00:1b:21:4d:c3:e8, NAME=eth0 # pro/1000gt SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:30, NAME=eth1 # internal 1 SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:31, NAME=eth2 # internal 2 I also performed chmod +x on the 60-net.rules file, I noticed some other files in rules.d were marked as executable, so I figured it couldn't hurt! Gordon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] smtp+pop3+imap+tls+webmail+anti spam+anti virus
Eugeneapolinary Ju wrote: hi! does anyone has a good howto, docs how to set up an smtp, pop3, imap server, with webmail, and has anti virus solution, and even spam filtering? :D [plus secure connection for the clients :D ] wich softwares are the best for this? [e.g.: vsftpd is the most secure ftp server..] users would be from /etc/passwd [so not virtual users] There is a tutorial for using Postfix, Courier, Squirelmail, and mySQL on FC10 at: http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10 We have gotten this working on Amahi (amahi.org), see: http://wiki.amahi.org/index.php/Amahi_Mail_System I have been running this since mid september (I was bigfoot's beta tester). I run 4 domains and about 30 users on a 1Ghz/512Mb Compaq SFF server. I process around 5000+ smtp connections/day or which only half get processed as 'reasonable' connections and 2/3 of that get canned as spam resulting in ~700/day good messages. So the system really works to filter out the trash. We are working on moving Amahi to FC11 and develop a Centos version. I tried contribs.org, but I could not 'live' with the limitation of an email address in only one domain and the workaround to deal with it. My address of 'rgm' is used in a number of my domains, for example. The mySQL tables for the above setup are easy to manage. All the mail ends up in /home/vmail/domain/user, making it easy to manage. I ran SCALIX for about 7 years, and all the mail in a SQL database was nothing but a pain. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] again, nic driver order
On Mon, Nov 23, 2009 at 8:04 AM, Gordon McLellan gordonth...@gmail.com wrote: Digging around google a bit more I came up with different rules, and fingers crossed, they seem to work! SUBSYSTEM==net, SYSFS{address}==00:1b:21:4d:c3:e8, NAME=eth0 # pro/1000gt SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:30, NAME=eth1 # internal 1 SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:31, NAME=eth2 # internal 2 Replying to myself here, as I'm going crazy anyway. It turns out it was just a fluke the server booted up with the correct order. Another reboot and the nic's are all screwed up again, the built in and external card sharing eth0, the second built in as eth1. On the second server, things are the same even with the new rules, nic drvier order is seemingly chosen at random with each boot. Any other thoughts and suggestions!? Gordon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] again, nic driver order
Gordon McLellan wrote: On Mon, Nov 23, 2009 at 8:04 AM, Gordon McLellan gordonth...@gmail.com wrote: Digging around google a bit more I came up with different rules, and fingers crossed, they seem to work! SUBSYSTEM==net, SYSFS{address}==00:1b:21:4d:c3:e8, NAME=eth0 # pro/1000gt SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:30, NAME=eth1 # internal 1 SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:31, NAME=eth2 # internal 2 Replying to myself here, as I'm going crazy anyway. It turns out it was just a fluke the server booted up with the correct order. Another reboot and the nic's are all screwed up again, the built in and external card sharing eth0, the second built in as eth1. On the second server, things are the same even with the new rules, nic drvier order is seemingly chosen at random with each boot. Any other thoughts and suggestions!? Normally, the nic devices are renamed to match the DEVICE= name specified in the /etc/sysconfig/ifcfg-eth? file with the matching HWADDR= mac address even if they were detected as something else. Can you use these and still layer the bonding on top of them (they don't have to have an IPADDR)? Note that they get the name of the DEVICE= inside the file, not the eth? of the filename if they happen to differ, and it may not work if you don't have matches for every nic. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SNAT question
Hi, I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables. I have the following setup: eth0: connects to internet with static public IP 1.2.3.1 (obscured here for privacy) eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy) eth2: connects to LAN with static private IP 192.168.0.1 Traffic to hosts in the DMZ/Internet through eth0/1 work fine. I tried masqueradig the LAN with following: ptables -A FORWARD -i eth2 -j ACCEPT iptables -A FORWARD -o eth2 -j ACCEPT iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.1 After this I can ssh to a server in the Internet from the LAN using the server's IP address but not its name. The w command on the server tells me that my address has not been masqueraded (its 192.168.0.2, the LAN client's private IP). What am I doing wrong? Best, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SNAT question
On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen peter.pelto...@gmail.com wrote: Hi, I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables. I have the following setup: eth0: connects to internet with static public IP 1.2.3.1 (obscured here for privacy) eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy) eth2: connects to LAN with static private IP 192.168.0.1 Traffic to hosts in the DMZ/Internet through eth0/1 work fine. I tried masqueradig the LAN with following: ptables -A FORWARD -i eth2 -j ACCEPT iptables -A FORWARD -o eth2 -j ACCEPT iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.1 After this I can ssh to a server in the Internet from the LAN using the server's IP address but not its name. The w command on the server tells me that my address has not been masqueraded (its 192.168.0.2, the LAN client's private IP). If you can ssh to a server on the Internet then your connectivity is working. You might want to check if DNS is allowed and working from the LAN hosts to the Internet. The fact that 'w' shows your internal IP address is because you're connecting from the LAN to the gateway, which doesn't trigger the SNAT because it's not forwarding any packets... only accepting your connection. -- Giovanni. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] again, nic driver order
On Nov 23, 2009, at 8:29 AM, Gordon McLellan gordonth...@gmail.com wrote: On Mon, Nov 23, 2009 at 8:04 AM, Gordon McLellan gordonth...@gmail.com wrote: Digging around google a bit more I came up with different rules, and fingers crossed, they seem to work! SUBSYSTEM==net, SYSFS{address}==00:1b:21:4d:c3:e8, NAME=eth0 # pro/1000gt SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:30, NAME=eth1 # internal 1 SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:31, NAME=eth2 # internal 2 Replying to myself here, as I'm going crazy anyway. It turns out it was just a fluke the server booted up with the correct order. Another reboot and the nic's are all screwed up again, the built in and external card sharing eth0, the second built in as eth1. On the second server, things are the same even with the new rules, nic drvier order is seemingly chosen at random with each boot. Any other thoughts and suggestions!? Don't touch udev, expecting admins to write udev rules for network interface binding is just not realistic. Udev rules are meant to be static across hardware reconfigurations while ifcfg files are meant to be modified to suit your current configuration. Use HWADDR=00:1b:21:4d:c3:e8 in the ifcfg files along with NAME=eth0 for eth0 and so on. modprobe.conf associates an alias with a driver, and the ifcfg files associate a MAC address with an alias. Also for CentOS 5 you can specify the bonding interface options in the ifcfg files (so you can have varying types of bonded interfaces) with MODPROBE_OPTIONS=. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SNAT question
Hi, On Mon, Nov 23, 2009 at 4:15 PM, Giovanni Tirloni tirl...@gmail.com wrote: On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen peter.pelto...@gmail.com wrote: Hi, I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables. I have the following setup: eth0: connects to internet with static public IP 1.2.3.1 (obscured here for privacy) eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy) eth2: connects to LAN with static private IP 192.168.0.1 Traffic to hosts in the DMZ/Internet through eth0/1 work fine. I tried masqueradig the LAN with following: ptables -A FORWARD -i eth2 -j ACCEPT iptables -A FORWARD -o eth2 -j ACCEPT iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.1 After this I can ssh to a server in the Internet from the LAN using the server's IP address but not its name. The w command on the server tells me that my address has not been masqueraded (its 192.168.0.2, the LAN client's private IP). If you can ssh to a server on the Internet then your connectivity is working. You might want to check if DNS is allowed and working from the LAN hosts to the Internet. The fact that 'w' shows your internal IP address is because you're connecting from the LAN to the gateway, which doesn't trigger the SNAT because it's not forwarding any packets... only accepting your connection. Hmm,I am SSHing not to the gateway but to a server in the Internet, so shouldn't it masquerade the address and w show the gateway's IP and not the client's -- isn't this the whole point of the SNAT? No other service than SSH seems to work. If I do telnet mydnsip 53 there is no response, it just hangs. I also have correct DNS in /etc/resolv.conf. Best, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] APIC error on CPU0: 00(60)
Andrey Garkin wrote: Hi All! I have a some problem: On the my motherboard Intel DG45NB with Processor Box Intel Core 2 Duo E6300 , i see in the dmesg(log file): dmesg | grep CPU0 APIC error on CPU0: 00(60) or the sometime: dmesg | grep CPU1 APIC error on CPU1: 00(60) How can I fix this problem??? This Bug is my motherboard or the kernel??? The system good working is uptime... Without reboot... Other error in the log file - not found. My kernel 2.6.18-164.6.1.el5 My system CentOS 5.4... usual fix is to upgrade the BIOS on the board. I don't see a DG45NB on Intel's site, rather, a DG43NB. Latest BIOS for that board is NBG4310H.86A 0098 here, http://downloadcenter.intel.com/Detail_Desc.aspx?agr=YDwnldID=18145ProdId=2979=eng http://downloadcenter.intel.com/Detail_Desc.aspx?agr=YDwnldID=18145ProdId=2979lang=eng ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logo origin
On Mon, Nov 23, 2009 at 4:02 AM, Geerd-Dietger Hoffmann riba...@gmail.com wrote: Hello I was just asked what the logo means and I had to admit that I really had no idea, as it was chosen way before my time. Can someone please enlighten me about the logo. I have tried google but nothing really came up :) Some pointers would be very helpful. The logo was found on an ancient stone. It was thought to ward off Old Ones like Cthulhu and such but just made the developers insaner. It was later discovered to be based on an ancient symbol of Chaos which explained its uselessness against Old One's who guard the secrets of anaconda and rpm. http://en.wikipedia.org/wiki/Symbol_of_Chaos Cheers Didi -- My www page: www.ribalba.de Email / Jabber: riba...@gmail.com Skype : ribalba ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Recommend Mail Server
Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? TIA, Suzie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Postfix.. Check it out at http://www.postfix.org. Its very powerful and is the future of mailing. Rgds Dhiraj Charles de Gaullehttp://www.brainyquote.com/quotes/authors/c/charles_de_gaulle.html - The better I get to know men, the more I find myself loving dogs. On Mon, Nov 23, 2009 at 21:15, Susan Day suzieprogram...@gmail.com wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? TIA, Suzie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Hi there -- The postfix e-mail server is one possibility. From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Susan Day Sent: Monday, November 23, 2009 10:45 AM To: CentOS mailing list Subject: [CentOS] Recommend Mail Server Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? TIA, Suzie The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? Postfix -- Eero, RHCE ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? SMTP only provides for relaying mail.a mail server typically needs a MTA (message transfer agent, smtp such as sendmail, postfix), a MDA (message delivery agent, such as procmail), and a MUA (message user agent, such as POP, IMAP, and various local unix mail readers). any mail server is only as secure as you configure it. the usual alternative to sendmail is postfix, which many people find simpler to configure than sendmail. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash variable expansion moment
On 16-Nov-2009 ken wrote: On 11/15/2009 06:32 PM Stephen Harris wrote: On Sun, Nov 15, 2009 at 06:21:40PM -0500, ken wrote: echo This is line ${BASH_LINENO[0]} $@ That's all I needed. Thanks. You might also want to check out bash's built in `caller` command. -Philip ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
See sendmail, postfix, Exim, qmail, dovecot, cyrus, Zimbra all related mail world. regards, Santiago N. El lun, 23-11-2009 a las 08:55 -0800, John R Pierce escribió: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? SMTP only provides for relaying mail.a mail server typically needs a MTA (message transfer agent, smtp such as sendmail, postfix), a MDA (message delivery agent, such as procmail), and a MUA (message user agent, such as POP, IMAP, and various local unix mail readers). any mail server is only as secure as you configure it. the usual alternative to sendmail is postfix, which many people find simpler to configure than sendmail. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, 2009-11-23 at 10:45 -0500, Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? As others have already suggested, consider Postfix. I'm putting in my $0.02(US) so I can add my experience when I first had a need for a decent MTA. I had used Sendmail in the past, but I didn't want to fight with the arcane syntax of the config files, and at that time the add-on management tools and scripts were not nearly as friendly to a beginner. When Postfix was suggested to me, I started reading the docs on their Web site, and discovered that the learning curve is nowhere near as steep as it is with Sendmail. So far, Postfix has done everything I have needed, and with a LOT less pain. As always, YMMV. TIA, Suzie ___ -- Ron Loftin relof...@twcny.rr.com God, root, what is difference ? Piter from UserFriendly ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-DS Configuration/Setup Issue
All, Thanks for all of the input! Actually, I fixed the issue by using a single yum command: yum -y reinstall centos-ds* It seems that I was using my laptop to work on my server via putty and something 'broke' which caused the original install to have issues. But, the above command corrected all of the dependencies and other issues. All is working fine now! One last question: Where can I find a definitive how to on creating a LDIF file? Thanks, Gene Poole From: Gene Poole/MST/MACYS To: CentOS@centos.org Date: 11/20/2009 09:49 AM Subject: CentOS-DS Configuration/Setup Issue All, I'm running CentOS 5.4 and I've installed the CentOS Directory Server by running yum -y install centos-ds* without any errors. But as soon as I attempt to run the setup I get the following: [r...@jpdsys3 ~]# /usr/sbin/setup-ds-admin.pl Can't locate Setup.pm in @INC (@INC contains: /usr/lib64/dirsrv/perl /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/sbin/setup-ds-admin.pl line 24. BEGIN failed--compilation aborted at /usr/sbin/setup-ds-admin.pl line 24. How can I find out what's missing? Thanks, Gene Poole ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, 23 Nov 2009, Ron Loftin wrote: As others have already suggested, consider Postfix. I'm putting in my $0.02(US) so I can add my experience when I first had a need for a decent MTA. I had used Sendmail in the past, but I didn't want to fight with the arcane syntax of the config files, and at that time the add-on management tools and scripts were not nearly as friendly to a beginner. When Postfix was suggested to me, I started reading the docs on their Web site, and discovered that the learning curve is nowhere near as steep as it is with Sendmail. So far, Postfix has done everything I have needed, and with a LOT less pain. As always, YMMV. +1. Let me throw in something else. If youa re sending more than one email at a time (to more than one person simultaneously), Postfix will beat Sendmail. It can handle high loads better than Sendmail as well. Is it the fastest MTA out there? Doing some Google Fu some time ago, it's right there with the very fastest ones. For my job, I need to send out emergency notifications to 400 people at once. With Sendmail, that took over 7 minutes. With Postfix, that takes seconds, and mostly because of the handshaking with the downstream host. If it's fast, I haven't even got time to send the message, get to a command prompt and type mailq and see it leaving the outbox queue...because it is already gone! Gilbert *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
thus Susan Day spake: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? TIA, Suzie postfix rocks. :) HTH, Timo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
As others have already suggested, consider Postfix. I'm putting in my $0.02(US) so I can add my experience when I first had a need for a decent MTA. I had used Sendmail in the past, but I didn't want to fight with the arcane syntax of the config files, and at that time the add-on management tools and scripts were not nearly as friendly to a beginner. When Postfix was suggested to me, I started reading the docs on their Web site, and discovered that the learning curve is nowhere near as steep as it is with Sendmail. So far, Postfix has done everything I have needed, and with a LOT less pain. As always, YMMV. +1. Let me throw in something else. If youa re sending more than one email at a time (to more than one person simultaneously), Postfix will beat Sendmail. It can handle high loads better than Sendmail as well. Is it the fastest MTA out there? Doing some Google Fu some time ago, it's right there with the very fastest ones. For my job, I need to send out emergency notifications to 400 people at once. With Sendmail, that took over 7 minutes. With Postfix, that takes seconds, and mostly because of the handshaking with the downstream host. If it's fast, I haven't even got time to send the message, get to a command prompt and type mailq and see it leaving the outbox queue...because it is already gone! Gilbert I can second this; having deployed a bunch of mailing list servers myself, I can tell postfix is _very_ efficient. One can tweak it even further using multiple instances [0], thusly each 'tuneable' to special purposes (e.g., serving mailing lists). exim [1] also is very powerful and on some topics even more configureable, but IMHO not as easily implemented as postfix and, due to it's design, not as efficient. [0] -- http://www.postfix.org/MULTI_INSTANCE_README.html [1] -- http://exim.org/ *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, Nov 23, 2009 at 11:55 AM, John R Pierce pie...@hogranch.com wrote: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? SMTP only provides for relaying mail.a mail server typically needs a MTA (message transfer agent, smtp such as sendmail, postfix), a MDA (message delivery agent, such as procmail), and a MUA (message user agent, such as POP, IMAP, and various local unix mail readers). any mail server is only as secure as you configure it. the usual alternative to sendmail is postfix, which many people find simpler to configure than sendmail. Thanks! Suzie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Gilbert Sebenste wrote: On Mon, 23 Nov 2009, Ron Loftin wrote: As others have already suggested, consider Postfix. I'm putting in my $0.02(US) so I can add my experience when I first had a need for a decent MTA. I had used Sendmail in the past, but I didn't want to fight with the arcane syntax of the config files, and at that time the add-on management tools and scripts were not nearly as friendly to a beginner. When Postfix was suggested to me, I started reading the docs on their Web site, and discovered that the learning curve is nowhere near as steep as it is with Sendmail. So far, Postfix has done everything I have needed, and with a LOT less pain. As always, YMMV. +1. Let me throw in something else. If youa re sending more than one email at a time (to more than one person simultaneously), Postfix will beat Sendmail. It can handle high loads better than Sendmail as well. Is it the fastest MTA out there? Doing some Google Fu some time ago, it's right there with the very fastest ones. For my job, I need to send out emergency notifications to 400 people at once. With Sendmail, that took over 7 minutes. That doesn't make any sense unless you have a backed up queue with at least many thousands of messages - in which case you should tune sendmail to use multiple queue directories. With Postfix, that takes seconds, and mostly because of the handshaking with the downstream host. SMTP handshaking has to follow standards. The difference must really be in DNS lookup time. Sendmail does several more DNS lookups per delivery than postfix, but unless something is broken, DNS should be fast and certainly shouldn't account for 7 minutes on 400 messages. If it's fast, I haven't even got time to send the message, get to a command prompt and type mailq and see it leaving the outbox queue...because it is already gone! That should be the same for sendmail. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? Postfix is probably a reasonable choice, but I'm curious as to how you reached the decision that you don't want to use the standard, mostly-preconfigured tool without already knowing anything about the other choices. Sendmail may have a long history of exploits back in the day with it was monolithic and ran as root, but now it is probably the most carefully audited piece of code shipped in the distribution. The milter interface developed for sendmail (and now also implemented in postfix) lets you add functionality that wasn't designed in, so it is hard to imagine a mail job or environment that either couldn't handle. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Via EPIA m10000 Nemehiah
I dont seem to have any problems ( use this machine as a cheap h/w random number generator, so its always under load ~ 1 ) Same board, same model. Thanks for the information. This looked and felt like an acpi induced problem. I discovered that acpid was turned on for some reason, so I turned off the acpid daemon and it has behaved well for the last day. Are you booting yours with acpi=off as well ?? Thanks again. regards, benm ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
I know everyone else has said it but postfix is a great replacement for sendmail. Another tool I've found that I like is ssmtp. It's not a replacement for sendmail/postfix by any stretch but if you want a simple down dirty tool to send email from an internal server to your main email server it's good. I use it on a server at home and on test rigs at work for emailing results of cron jobs to my own account. Don't know if it's available in yum as I haven't used it on a CentOS box yet. -- Drew Nothing in life is to be feared. It is only to be understood. --Marie Curie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Is there a CentOS selinux mailing list?
The subject says it all. I've still got that irritating problem of selinux complaining with smagent writing to its own logfile, and as I mentioned here, weeks ago, I've done everything that sealert says, a number of times, and it didn't fix it, and I've determined that it's clearly an error handling failure of selinux. So, I'm hoping to find someone else who's run into the same thing mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
Hello all, As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network switch. The switch detects it, but it only shows that it is giving me 100 mb/sec throughput. That card is rated for 1 GB...is there a way to force it to try to use 1 GB/sec? System-config-network isn't helping me here. Thanks for any help! *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
Gilbert Sebenste wrote: Hello all, As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network switch. The switch detects it, but it only shows that it is giving me 100 mb/sec throughput. That card is rated for 1 GB...is there a way to force it to try to use 1 GB/sec? System-config-network isn't helping me here. Check using ethtool that it is really connected with 1GB. Anyway, lot of stuff like harddisk affects speed of line. You need enought fast harddisks (possibly with raid) to saturate full 1GB line .. on both ends.. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
Gilbert Sebenste wrote: Hello all, As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network switch. The switch detects it, but it only shows that it is giving me 100 mb/sec throughput. That card is rated for 1 GB...is there a way to force it to try to use 1 GB/sec? System-config-network isn't helping me here. Does ethtool say it is running at 1Gb? What is the source of the data? Many things can't generate much more than 100Mb, especially going too or from a disk. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, 2009-11-23 at 10:45 -0500, Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? TIA, as root... yum install postfix system-switch-mail # edit /etc/postfix/main.conf system-switch-mail # choose postfix, confirm # done Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a CentOS selinux mailing list?
On Mon, 2009-11-23 at 11:01 -0700, m.r...@5-cent.us wrote: The subject says it all. I've still got that irritating problem of selinux complaining with smagent writing to its own logfile, and as I mentioned here, weeks ago, I've done everything that sealert says, a number of times, and it didn't fix it, and I've determined that it's clearly an error handling failure of selinux. So, I'm hoping to find someone else who's run into the same thing the problem with sealert's is that the paths are relative so just running the command without doing a 'cd /path/affected/by/selinux/' doesn't actually work. to specifically answer your question, no, I don't know of a specific CentOS-SELinux list but the general SELinux list is certainly all you need... https://www.redhat.com/mailman/listinfo/fedora-selinux-list Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, Nov 23, 2009 at 1:23 PM, Craig White craigwh...@azapple.com wrote: yum install postfix system-switch-mail # edit /etc/postfix/main.conf system-switch-mail # choose postfix, confirm # done Craig, I stopped qmail, which I had installed outside of yum, turning off sendmail first, then I just did a yum install postfix and (I believe) /etc/init.d/postfix start or some such and it's sending email. All well, or should I do a yum remove postfix and then your commands? TIA, Suzie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a CentOS selinux mailing list?
On Mon, 2009-11-23 at 11:01 -0700, m.r...@5-cent.us wrote: The subject says it all. I've still got that irritating problem of selinux complaining with smagent writing to its own logfile, and as I mentioned here, weeks ago, I've done everything that sealert says, a number of times, and it didn't fix it, and I've determined that it's clearly an error handling failure of selinux. So, I'm hoping to find someone else who's run into the same thing the problem with sealert's is that the paths are relative so just running the command without doing a 'cd /path/affected/by/selinux/' doesn't actually work. Wait - you mean I have to cd to /var/log/httpd, to run setsebool httpd_unified on? That makes no sense. And I made the roles, etc, as close as I could, both on smagent and on its log file. to specifically answer your question, no, I don't know of a specific CentOS-SELinux list but the general SELinux list is certainly all you need... https://www.redhat.com/mailman/listinfo/fedora-selinux-list Ah, ok, that's what I want, then. I looked over to selinux's site, and all they have is a developers' list, which is not who I should bother. Thanks! mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a CentOS selinux mailing list?
On Mon, 2009-11-23 at 11:41 -0700, m.r...@5-cent.us wrote: On Mon, 2009-11-23 at 11:01 -0700, m.r...@5-cent.us wrote: The subject says it all. I've still got that irritating problem of selinux complaining with smagent writing to its own logfile, and as I mentioned here, weeks ago, I've done everything that sealert says, a number of times, and it didn't fix it, and I've determined that it's clearly an error handling failure of selinux. So, I'm hoping to find someone else who's run into the same thing the problem with sealert's is that the paths are relative so just running the command without doing a 'cd /path/affected/by/selinux/' doesn't actually work. Wait - you mean I have to cd to /var/log/httpd, to run setsebool httpd_unified on? That makes no sense. And I made the roles, etc, as close as I could, both on smagent and on its log file. No, for setsebool, it's just a boolean policy and of course switching the pwd is meaningless but for setting file contexts, it's very meaningful...sorry for the lack of clarity. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, 2009-11-23 at 13:30 -0500, Susan Day wrote: On Mon, Nov 23, 2009 at 1:23 PM, Craig White craigwh...@azapple.com wrote: yum install postfix system-switch-mail # edit /etc/postfix/main.conf system-switch-mail # choose postfix, confirm # done Craig, I stopped qmail, which I had installed outside of yum, turning off sendmail first, then I just did a yum install postfix and (I believe) /etc/init.d/postfix start or some such and it's sending email. All well, or should I do a yum remove postfix and then your commands? No but you need to do this then... chkconfig postfix on chkconfig sendmail off and if there is some mechanism for starting qmail on startup, you will have to disable it...perhaps there is a sysv initscript that you can discover here... chkconfig --list Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Microsoft .mdb files in Open office
Hi, Is there is anyway to Open Microsoft .mdb files in open office on Centos 5.3 ? Thanks linux ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, Nov 23, 2009 at 1:46 PM, Craig White craigwh...@azapple.com wrote: No but you need to do this then... chkconfig postfix on chkconfig sendmail off and if there is some mechanism for starting qmail on startup, you will have to disable it...perhaps there is a sysv initscript that you can discover here... chkconfig --list Thanks! Suzie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? See my slightly prior post on: Re: [CentOS] smtp+pop3+imap+tls+webmail+anti spam+anti virus It points you to: http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10 Now granted this is for FC10, but I suspect it would be easy to fit into Centos. Also the patch to Postfix is for quota support. If you don't need quotas, you canprobably skip that part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
On Mon, 23 Nov 2009, Les Mikesell wrote: Gilbert Sebenste wrote: Hello all, As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network switch. The switch detects it, but it only shows that it is giving me 100 mb/sec throughput. That card is rated for 1 GB...is there a way to force it to try to use 1 GB/sec? System-config-network isn't helping me here. Does ethtool say it is running at 1Gb? What is the source of the data? Many things can't generate much more than 100Mb, especially going too or from a disk. Nope, it says at 100 mb. I wonder why? Yep, I know I can only probably go somewhat faster, but it would be nice. Here's ethtool's output before I did something below... ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on Supports Wake-on: g Wake-on: d Current message level: 0x0037 (55) Link detected: yes But then I tried this. Typing: ethtool --change eth0 speed 1000 duplex full autoneg on DID work! But I wonder why it didn't pick up on that automagically. ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on Supports Wake-on: g Wake-on: d Current message level: 0x0037 (55) Link detected: yes And thanks, Les, for the ethtool reminder/tip! *** Gilbert Sebenste (My opinions only!) ** Staff Meteorologist, Northern Illinois University E-mail: seben...@weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Susan Day wrote: On Mon, Nov 23, 2009 at 1:46 PM, Craig White craigwh...@azapple.com mailto:craigwh...@azapple.com wrote: No but you need to do this then... chkconfig postfix on chkconfig sendmail off and if there is some mechanism for starting qmail on startup, you will have to disable it...perhaps there is a sysv initscript that you can qmail usually uses daemon-tools. check supervise man page. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, Nov 23, 2009 at 08:55:38AM -0800, John R Pierce wrote: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? SMTP only provides for relaying mail.a mail server typically needs a MTA (message transfer agent, smtp such as sendmail, postfix), a MDA (message delivery agent, such as procmail), and a MUA (message user agent, such as POP, IMAP, and various local unix mail readers). any mail server is only as secure as you configure it. the usual alternative to sendmail is postfix, which many people find simpler to configure than sendmail. :) but then what ISN'T simpler to configure than sendmail? :) -- Fred Smith -- fre...@fcshome.stoneham.ma.us Do you not know? Have you not heard? The LORD is the everlasting God, the Creator of the ends of the earth. He will not grow tired or weary, and his understanding no one can fathom. - Isaiah 40:28 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Microsoft .mdb files in Open office
2009/11/23 linux-crazy hichee...@gmail.com Hi, Is there is anyway to Open Microsoft .mdb files in open office on Centos 5.3 ? Thanks linux _ try mdbtools: http://sourceforge.net/projects/mdbtools/files/ -- Linux counter #213090 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Microsoft .mdb files in Open office
linux-crazy wrote: Hi, Is there is anyway to Open Microsoft .mdb files in open office on Centos 5.3 ? Short of running Access under wine or a virtual machine with windows, I don't think so. Depending on your usage, it might be feasible to convert the tables to a postgresql or mysql database that could subsequently be accessed from access and common linux tools, even simultaneously. There might be some convoluted ways to access them through a proxy to a running windows program if it is always available. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
Gilbert Sebenste wrote: As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network switch. The switch detects it, but it only shows that it is giving me 100 mb/sec throughput. That card is rated for 1 GB...is there a way to force it to try to use 1 GB/sec? System-config-network isn't helping me here. Does ethtool say it is running at 1Gb? What is the source of the data? Many things can't generate much more than 100Mb, especially going too or from a disk. Nope, it says at 100 mb. I wonder why? Yep, I know I can only probably go somewhat faster, but it would be nice. Here's ethtool's output before I did something below... ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised auto-negotiation: Yes Speed: 100Mb/s I'd expect that to mean that it was connected to a 100Mb switch port or a managed switch configured to force 100Mb. But then I tried this. Typing: ethtool --change eth0 speed 1000 duplex full autoneg on DID work! But I wonder why it didn't pick up on that automagically. But then that wouldn't have worked either. And thanks, Les, for the ethtool reminder/tip! Mii-tool does some of the same things but won't show/force 1000BaseT. Also, you can put ETHTOOL_OPTS=... in your ifcfg-eth? files if you need to force something odd. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised auto-negotiation: Yes Speed: 100Mb/s I'd expect that to mean that it was connected to a 100Mb switch port or a managed switch configured to force 100Mb. But then I tried this. Typing: ethtool --change eth0 speed 1000 duplex full autoneg on DID work! But I wonder why it didn't pick up on that automagically. But then that wouldn't have worked either. And thanks, Les, for the ethtool reminder/tip! Mii-tool does some of the same things but won't show/force 1000BaseT. Also, you can put ETHTOOL_OPTS=... in your ifcfg-eth? files if you need to force something odd. Are you using cat 5e or cat 6 (gigabit certified) cable? -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
On Mon, 23 Nov 2009, Les Mikesell wrote: I'd expect that to mean that it was connected to a 100Mb switch port or a managed switch configured to force 100Mb. Managed switch, yes. But then I tried this. Typing: ethtool --change eth0 speed 1000 duplex full autoneg on DID work! But I wonder why it didn't pick up on that automagically. But then that wouldn't have worked either. Hmmm. Why not? It did on my other servers. Mii-tool does some of the same things but won't show/force 1000BaseT. Also, you can put ETHTOOL_OPTS=... in your ifcfg-eth? files if you need to force something odd. Great! Thanks for the tips. Take care. *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
On Mon, 23 Nov 2009, Eero Volotinen wrote: Are you using cat 5e or cat 6 (gigabit certified) cable? Yes. *** Gilbert Sebenste (My opinions only!) ** Staff Meteorologist, Northern Illinois University E-mail: seben...@weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, Nov 23, 2009 at 01:59:40PM -0500, Robert Moskowitz wrote: It points you to: http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10 Now granted this is for FC10, but I suspect it would be easy to fit into Centos. Please, for the love of god and country, do not follow garbage like this. Under 1. Preliminary Note is this text: You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!). Documents that advocate disabling SELinux should be tossed in a pile and set on fire. Documents that tell you to disable your firewall with no mention in the remaining portion of the document to reenable it post install or how to properly configure it should join the burn pile. Howtoforge, while perhaps useful for *something* at *some* point in time, more often than not provides information which will either break your system outright or lead to tears and suffering before bedtime. John -- When there are too many policemen, there can be no liberty. When there are too many soldiers, there can be no peace. When there are too many lawyers, there can be no justice. -- Lin Yutang (10 October 1895 - 26 March 1976), Chinese writer and translator, as quoted in Alexander, James (2005). The World's Funniest Laws. Cheam: Crombie Jardine. pp. page 6 pgpOxz2DLLVXs.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
On Mon, 23 Nov 2009, Gilbert Sebenste wrote: On Mon, 23 Nov 2009, Les Mikesell wrote: I'd expect that to mean that it was connected to a 100Mb switch port or a managed switch configured to force 100Mb. Managed switch, yes. D'oh! make that unmanaged switch, sorry. *** Gilbert Sebenste (My opinions only!) ** Staff Meteorologist, Northern Illinois University E-mail: seben...@weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
fred smith wrote: On Mon, Nov 23, 2009 at 08:55:38AM -0800, John R Pierce wrote: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? SMTP only provides for relaying mail.a mail server typically needs a MTA (message transfer agent, smtp such as sendmail, postfix), a MDA (message delivery agent, such as procmail), and a MUA (message user agent, such as POP, IMAP, and various local unix mail readers). any mail server is only as secure as you configure it. the usual alternative to sendmail is postfix, which many people find simpler to configure than sendmail. :) but then what ISN'T simpler to configure than sendmail? :) Hardly anything, given that it is almost completely done for you in the supplied /etc/mail/sendmail.mc file. You just have to fix the intentionally-borked DAEMON_OPTIONS if you want to receive outside mail, fill in SMART_HOST if you'd like another machine to relay for you, and add entries in the access file for networks you want to relay for. And restarting the sendmail service will do the updates you need after changing these files. Beyond that, you'd probably want to add a milter like MimeDefang so you can do anything complex and non-standard in perl. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Mon, 2009-11-23 at 13:25 -0600, Les Mikesell wrote: fred smith wrote: On Mon, Nov 23, 2009 at 08:55:38AM -0800, John R Pierce wrote: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? SMTP only provides for relaying mail.a mail server typically needs a MTA (message transfer agent, smtp such as sendmail, postfix), a MDA (message delivery agent, such as procmail), and a MUA (message user agent, such as POP, IMAP, and various local unix mail readers). any mail server is only as secure as you configure it. the usual alternative to sendmail is postfix, which many people find simpler to configure than sendmail. :) but then what ISN'T simpler to configure than sendmail? :) Hardly anything, given that it is almost completely done for you in the supplied /etc/mail/sendmail.mc file. You just have to fix the intentionally-borked DAEMON_OPTIONS if you want to receive outside mail, fill in SMART_HOST if you'd like another machine to relay for you, and add entries in the access file for networks you want to relay for. And restarting the sendmail service will do the updates you need after changing these files. This reminds me of the Woody Allen movie where they asked the couple, how often they had sex and the man said, hardly ever, maybe only twice a week and the woman said it seems like all of the time...maybe twice a week Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
Gilbert Sebenste wrote: Hello all, As the subject states, I have a 3Com 3c940 Ethernet card to a 1 gb network switch. The switch detects it, but it only shows that it is giving me 100 mb/sec throughput. That card is rated for 1 GB...is there a way to force it to try to use 1 GB/sec? System-config-network isn't helping me here. What kind of switch? many/most? NICs will often set the speed to 100 or 10Mbps if they can't auto negotiate the connection Check the switch config to make sure that it's not trying to force the connection to some lower speed. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
John R. Dennison wrote: On Mon, Nov 23, 2009 at 01:59:40PM -0500, Robert Moskowitz wrote: It points you to: http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10 Now granted this is for FC10, but I suspect it would be easy to fit into Centos. Please, for the love of god and country, do not follow garbage like this. Under 1. Preliminary Note is this text: You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!). Documents that advocate disabling SELinux should be tossed in a pile and set on fire. Documents that tell you to disable your firewall with no mention in the remaining portion of the document to reenable it post install or how to properly configure it should join the burn pile. Wow! I never noticed that, just read right past that. Thanks for the pointing that out. I am working on the firewall setup for the Amahi work, so tend not to pay proper note to things like this. Howtoforge, while perhaps useful for *something* at *some* point in time, more often than not provides information which will either break your system outright or lead to tears and suffering before bedtime. John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3Com 3c940 moel only giving me 100 mb throughput to network switch
On Mon, 23 Nov 2009, nate wrote: What kind of switch? many/most? NICs will often set the speed to 100 or 10Mbps if they can't auto negotiate the connection Check the switch config to make sure that it's not trying to force the connection to some lower speed. I checked; it's not. All seems well. If it isn't, I'll back off and go back to 100 megs. *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Via EPIA m10000 Nemehiah
On 23/11/09 17:50, Ben Mohilef wrote: This looked and felt like an acpi induced problem. I discovered that acpid was turned on for some reason, so I turned off the acpid daemon and it has behaved well for the last day. Are you booting yours with acpi=off as well ?? nope, just the straight kernel and initrd. nothing special in there. this is actually quite a boring standard install with almost nothing changed on there from what is left behind by a minimal 5.1 install ( and its been updated nightly since then ) - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Via EPIA m10000 Nemehiah
- Karanbir Singh mail-li...@karan.org wrote: On 23/11/09 17:50, Ben Mohilef wrote: This looked and felt like an acpi induced problem. I discovered that acpid was turned on for some reason, so I turned off the acpid daemon and it has behaved well for the last day. Are you booting yours with acpi=off as well ?? nope, just the straight kernel and initrd. nothing special in there. this is actually quite a boring standard install with almost nothing changed on there from what is left behind by a minimal 5.1 install ( and its been updated nightly since then ) - KB Is it possible you have an application that runs at odd times that is compiled for the wrong arch? IIRC the C3 is i586 compatible (almost i686 but missing something stupid like 'cmov' instruction). I've got a handful of C3 based systems in my personal lab and run into 'oddities' every now and then because of this... Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Via EPIA m10000 Nemehiah
On 23/11/09 21:34, Tim Nelson wrote: Is it possible you have an application that runs at odd times that is compiled for the wrong arch? IIRC the C3 is i586 compatible (almost i686 but missing something stupid like 'cmov' instruction). I've got a handful of C3 based systems in my personal lab and run into 'oddities' every now and then because of this... The Nemehiah is a full i686, cmov etc included. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Via EPIA m10000 Nemehiah
- Karanbir Singh mail-li...@karan.org wrote: On 23/11/09 21:34, Tim Nelson wrote: Is it possible you have an application that runs at odd times that is compiled for the wrong arch? IIRC the C3 is i586 compatible (almost i686 but missing something stupid like 'cmov' instruction). I've got a handful of C3 based systems in my personal lab and run into 'oddities' every now and then because of this... The Nemehiah is a full i686, cmov etc included. - KB Ah yes... I'm thinking of the Samuel 2 C3... different core. Thanks for the info. --Tim ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS4 issue
On Mon, Nov 23, 2009 at 3:00 AM, Philip Manuel p...@zomojo.com wrote: Philip Manuel wrote: We are running kernel 2.6.18-164.6.1.el5 with exporting 3 aoe provided ext4 directories. For a couple of weeks we had a small number of users using the system with no issues, today we added 7 users and the system crashed and did not perform correctly since. Nov 23 10:20:03 sulphur rpc.idmapd[5199]: nfsdcb: id '-2' too big! Nov 23 10:42:25 sulphur nfsd[27306]: nfssvc: Setting version failed: errno 16 (Device or resource busy) Check your nfsnobody user and try changing its id to something below 65536, on client and server. http://www.fedoraforum.org/forum/archive/index.php/t-134487.html -- Giovanni. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS4 issue
That's a little confusing, does that mean all the clients need to change as well as the server ? Has no-one else hit this issue? We are running all our clients and servers on x86_64. Thanks Phil Giovanni Tirloni wrote: On Mon, Nov 23, 2009 at 3:00 AM, Philip Manuel p...@zomojo.com wrote: Philip Manuel wrote: We are running kernel 2.6.18-164.6.1.el5 with exporting 3 aoe provided ext4 directories. For a couple of weeks we had a small number of users using the system with no issues, today we added 7 users and the system crashed and did not perform correctly since. Nov 23 10:20:03 sulphur rpc.idmapd[5199]: nfsdcb: id '-2' too big! Nov 23 10:42:25 sulphur nfsd[27306]: nfssvc: Setting version failed: errno 16 (Device or resource busy) Check your nfsnobody user and try changing its id to something below 65536, on client and server. http://www.fedoraforum.org/forum/archive/index.php/t-134487.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Les Mikesell wrote: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? Postfix is probably a reasonable choice, but I'm curious as to how you reached the decision that you don't want to use the standard, mostly-preconfigured tool without already knowing anything about the other choices. Sendmail may have a long history of exploits back in the day with it was monolithic and ran as root, but now it is probably the most carefully audited piece of code shipped in the distribution. The milter interface developed for sendmail (and now also implemented in postfix) lets you add functionality that wasn't designed in, so it is hard to imagine a mail job or environment that either couldn't handle. I don't see sendmailX on Centos at the moment...do you? It is therefore still monolithic as far as Centos is concerned. postfix comes with mysql/postgresql support and with connection pooling at that and which can be used directly in a lot of built-in features of postfix. Unless the supporting stuff in the milters are as efficient as what you can get in postfix, sendmail + milters might be hard pressed to handle some environments that postfix can. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Eero Volotinen wrote: Susan Day wrote: On Mon, Nov 23, 2009 at 1:46 PM, Craig White craigwh...@azapple.com mailto:craigwh...@azapple.com wrote: No but you need to do this then... chkconfig postfix on chkconfig sendmail off and if there is some mechanism for starting qmail on startup, you will have to disable it...perhaps there is a sysv initscript that you can qmail usually uses daemon-tools. check supervise man page. Just something like 'touch /service/qmail-smtpd/down' will keep qmail from receiving mail via smtp. The path may not necessarily be the same. Likewise 'touch /service/qmail-send/down' will keep qmail from running. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Susan Day wrote: On Mon, Nov 23, 2009 at 1:23 PM, Craig White craigwh...@azapple.com mailto:craigwh...@azapple.com wrote: yum install postfix system-switch-mail # edit /etc/postfix/main.conf system-switch-mail # choose postfix, confirm # done Craig, I stopped qmail, which I had installed outside of yum, turning off sendmail first, then I just did a yum install postfix and (I believe) /etc/init.d/postfix start or some such and it's sending email. All well, or should I do a yum remove postfix and then your commands? What kind of email is it sending? Email accepted via smtp? What about system generated mail? Check that the symlinks are not still pointing to qmail. ls -l /usr/sbin/sendmail, ls -l /usr/lib/sendmail. If both these are pointing to something under /etc/alternatives then check those symlinks in /etc/alternatives. (mta-mailq, mta, mta-sendmail, etc) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Les Mikesell wrote: Gilbert Sebenste wrote: On Mon, 23 Nov 2009, Ron Loftin wrote: As others have already suggested, consider Postfix. I'm putting in my $0.02(US) so I can add my experience when I first had a need for a decent MTA. I had used Sendmail in the past, but I didn't want to fight with the arcane syntax of the config files, and at that time the add-on management tools and scripts were not nearly as friendly to a beginner. When Postfix was suggested to me, I started reading the docs on their Web site, and discovered that the learning curve is nowhere near as steep as it is with Sendmail. So far, Postfix has done everything I have needed, and with a LOT less pain. As always, YMMV. +1. Let me throw in something else. If youa re sending more than one email at a time (to more than one person simultaneously), Postfix will beat Sendmail. It can handle high loads better than Sendmail as well. Is it the fastest MTA out there? Doing some Google Fu some time ago, it's right there with the very fastest ones. For my job, I need to send out emergency notifications to 400 people at once. With Sendmail, that took over 7 minutes. That doesn't make any sense unless you have a backed up queue with at least many thousands of messages - in which case you should tune sendmail to use multiple queue directories. Maybe he is not using the esmtp mailer. Not doing pipe-lining can make that difference. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] hard drive errors
Hello I seem to be getting some messages via email and in var/log/messages as well, i think its a hard drive gone bad but was wondering if anyone has seen something similar to this or would have some ideas if its fixable or not, here are the messages This email was generated by the smartd daemon running on: host name: localhost.localdomain DNS domain: localdomain NIS domain: (none) The following warning/error was logged by the smartd daemon: Device: /dev/hda, 993 Currently unreadable (pending) sectors For details see host's SYSLOG (default: /var/log/messages). Nov 23 18:20:22 localhost kernel: hda: dma_intr: status=0x51 { DriveReady SeekComplete Error } Nov 23 18:20:22 localhost kernel: hda: dma_intr: error=0x84 { DriveStatusError BadCRC } Nov 23 18:20:22 localhost kernel: ide: failed opcode was: unknown Nov 23 18:20:22 localhost kernel: hda: dma_intr: status=0x51 { DriveReady SeekComplete Error } Nov 23 18:20:22 localhost kernel: hda: dma_intr: error=0x84 { DriveStatusError BadCRC } Nov 23 18:20:22 localhost kernel: ide: failed opcode was: unknown Nov 23 18:20:22 localhost kernel: hda: dma_intr: status=0x51 { DriveReady SeekComplete Error } Nov 23 18:20:22 localhost kernel: hda: dma_intr: error=0x84 { DriveStatusError BadCRC } Nov 23 18:20:22 localhost kernel: ide: failed opcode was: unknown thanks for any ideas. LostSon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hard drive errors
lostson wrote: Hello I seem to be getting some messages via email and in var/log/messages as well, i think its a hard drive gone bad but was wondering if anyone has seen something similar to this or would have some ideas if its fixable or not, here are the messages Run manufacturer diagnostics and replace the disk nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Christopher Chan wrote: Les Mikesell wrote: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? Postfix is probably a reasonable choice, but I'm curious as to how you reached the decision that you don't want to use the standard, mostly-preconfigured tool without already knowing anything about the other choices. Sendmail may have a long history of exploits back in the day with it was monolithic and ran as root, but now it is probably the most carefully audited piece of code shipped in the distribution. The milter interface developed for sendmail (and now also implemented in postfix) lets you add functionality that wasn't designed in, so it is hard to imagine a mail job or environment that either couldn't handle. I don't see sendmailX on Centos at the moment...do you? It is therefore still monolithic as far as Centos is concerned. By not-monolithic, I mean that now submission queuing, forwarding, and local delivery are all different processes, each running with limited credentials most of the time. And milters also can run under different uids. postfix comes with mysql/postgresql support and with connection pooling at that and which can be used directly in a lot of built-in features of postfix. You probably really want ldap for that sort of thing. Unless the supporting stuff in the milters are as efficient as what you can get in postfix, sendmail + milters might be hard pressed to handle some environments that postfix can. MimeDefang gets this right - it runs as a multiplexor that connects multiple processes as needed so you don't have a 1:1 ratio of mailers to backend milters and you don't have fast step waiting on slow steps to complete. See page 31 of http://www.mimedefang.org/static/mimedefang-lisa04.pdf. Most other approaches use simple pipelines that make everything wait while spamassin runs and have to reparse the mime headers to break out attachments for each scanning step. Some very large sites are running it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Les Mikesell wrote: Christopher Chan wrote: Les Mikesell wrote: Susan Day wrote: Hi; I don't want sendmail. What's a good secure email server that I can yum? I really only need smtp right now, but who knows what the future will bring? Postfix is probably a reasonable choice, but I'm curious as to how you reached the decision that you don't want to use the standard, mostly-preconfigured tool without already knowing anything about the other choices. Sendmail may have a long history of exploits back in the day with it was monolithic and ran as root, but now it is probably the most carefully audited piece of code shipped in the distribution. The milter interface developed for sendmail (and now also implemented in postfix) lets you add functionality that wasn't designed in, so it is hard to imagine a mail job or environment that either couldn't handle. I don't see sendmailX on Centos at the moment...do you? It is therefore still monolithic as far as Centos is concerned. By not-monolithic, I mean that now submission queuing, forwarding, and local delivery are all different processes, each running with limited credentials most of the time. And milters also can run under different uids. All that means naught if there is a remote root exploit. sendmail 8.12.x already worked like that. postfix comes with mysql/postgresql support and with connection pooling at that and which can be used directly in a lot of built-in features of postfix. You probably really want ldap for that sort of thing. You probably really want to reconsider using ldap for anything that gets loads of changes daily. Unless the supporting stuff in the milters are as efficient as what you can get in postfix, sendmail + milters might be hard pressed to handle some environments that postfix can. MimeDefang gets this right - it runs as a multiplexor that connects multiple processes as needed so you don't have a 1:1 ratio of mailers to backend milters and you don't have fast step waiting on slow steps to complete. See page 31 of http://www.mimedefang.org/static/mimedefang-lisa04.pdf. Most other approaches use simple pipelines that make everything wait while spamassin runs and have to reparse the mime headers to break out attachments for each scanning step. Some very large sites are running it. I fail to see how that becomes an advantage for sendmail. I can very well pair postfix and mimedefang for just spamassassin and the rest of the stuff handled by native postfix features. That at the very least cuts out another layer to go through for postfix. In the end, sendmail is at a disadvantage having to depend on a third party for extra features. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Christopher Chan wrote: By not-monolithic, I mean that now submission queuing, forwarding, and local delivery are all different processes, each running with limited credentials most of the time. And milters also can run under different uids. All that means naught if there is a remote root exploit. sendmail 8.12.x already worked like that. How do you have a remote root exploit if you aren't running as root? Unless the supporting stuff in the milters are as efficient as what you can get in postfix, sendmail + milters might be hard pressed to handle some environments that postfix can. MimeDefang gets this right - it runs as a multiplexor that connects multiple processes as needed so you don't have a 1:1 ratio of mailers to backend milters and you don't have fast step waiting on slow steps to complete. See page 31 of http://www.mimedefang.org/static/mimedefang-lisa04.pdf. Most other approaches use simple pipelines that make everything wait while spamassin runs and have to reparse the mime headers to break out attachments for each scanning step. Some very large sites are running it. I fail to see how that becomes an advantage for sendmail. It lets you control load very precisely. You can limit sendmail to some number of instances that can be much larger than the number of big/slow scanning backend processes that you permit and the sendmails don't wait for the milters until/unless they need one of their functions and you don't have to start a new process for each message. I can very well pair postfix and mimedefang for just spamassassin and the rest of the stuff handled by native postfix features. Where does your virus scan go? Since spamassassin is perl, MimeDefang can run it internally. That at the very least cuts out another layer to go through for postfix. In the end, sendmail is at a disadvantage having to depend on a third party for extra features. On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Sent from my iPhone On Nov 23, 2009, at 6:14 PM, Les Mikesell lesmikes...@gmail.com wrote: On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax. Hmm... I wouldn't exactly call that an advantage... I'd much rather plug in a kilter and spend 20 minutes configuring it properly than have to wrestle custom perl for getting mail flowing... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Nov 23, 2009, at 5:34 PM, Christopher Chan christopher.c...@bradbury.edu.hk wrote: Les Mikesell wrote: You probably really want ldap for that sort of thing. You probably really want to reconsider using ldap for anything that gets loads of changes daily. In the case of a mail relay, at one point years back I decided to drop (not bounce) all email to bogus recipients at the relay level rather than let it get to (yuck) Exchange, which would bounce it. The trick was having an updated recipient list. My first thought was to query Active Directory for each user, thus getting an up-to-date result. This turned out to be a *bad* idea for a couple of reasons. 1) if I can't reach AD, mail won't queue up on the relays, which is one of their major functions. 2) I'm making the relays directly dependent on AD latency. 3) any flood of email from outside can cause a large amount of queries against AD, causing a DOS that the relays are supposed to shield the internal network from. So instead, I found a script to gather the list of users from AD, did some modifications and wrote some wrappers. The result? A script that runs from cron to get the list of valid addresses, convert them into an access file that sendmail (or postfix, in the first case years ago) can use instead. There's a little more latency, but as long as I do some sanity checking (too many changes? Send an alert and don't change the access file) it works just fine. Ldap-based, yes. But loosely coupled. A good compromise in my experience...___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Ian Forde wrote: Sent from my iPhone On Nov 23, 2009, at 6:14 PM, Les Mikesell lesmikes...@gmail.com wrote: On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax. Hmm... I wouldn't exactly call that an advantage... I'd much rather plug in a kilter and spend 20 minutes configuring it properly than have to wrestle custom perl for getting mail flowing... There are canned examples for anything remotely common. How do you handle something your program wasn't intended to do? When you are doing it in perl you can do whatever you want. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Ian Forde wrote: On Nov 23, 2009, at 5:34 PM, Christopher Chan christopher.c...@bradbury.edu.hk mailto:christopher.c...@bradbury.edu.hk wrote: Les Mikesell wrote: You probably really want ldap for that sort of thing. You probably really want to reconsider using ldap for anything that gets loads of changes daily. In the case of a mail relay, at one point years back I decided to drop (not bounce) all email to bogus recipients at the relay level rather than let it get to (yuck) Exchange, which would bounce it. The trick was having an updated recipient list. My first thought was to query Active Directory for each user, thus getting an up-to-date result. This turned out to be a *bad* idea for a couple of reasons. 1) if I can't reach AD, mail won't queue up on the relays, which is one of their major functions. 2) I'm making the relays directly dependent on AD latency. 3) any flood of email from outside can cause a large amount of queries against AD, causing a DOS that the relays are supposed to shield the internal network from. So instead, I found a script to gather the list of users from AD, did some modifications and wrote some wrappers. The result? A script that runs from cron to get the list of valid addresses, convert them into an access file that sendmail (or postfix, in the first case years ago) can use instead. There's a little more latency, but as long as I do some sanity checking (too many changes? Send an alert and don't change the access file) it works just fine. Ldap-based, yes. But loosely coupled. A good compromise in my experience... Precisely why a buffer like this for sites with a very large user base might want to use cdb. postfix supports cdb and sendmail can get cdb support from sf.net/sendmail-cdb. Both need the tinycdb library though. Even mysql/postgresql could do with a break for legit users. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Les Mikesell wrote: Christopher Chan wrote: By not-monolithic, I mean that now submission queuing, forwarding, and local delivery are all different processes, each running with limited credentials most of the time. And milters also can run under different uids. All that means naught if there is a remote root exploit. sendmail 8.12.x already worked like that. How do you have a remote root exploit if you aren't running as root? Ask the sendmail advisories for 8.12.x. Unless the supporting stuff in the milters are as efficient as what you can get in postfix, sendmail + milters might be hard pressed to handle some environments that postfix can. MimeDefang gets this right - it runs as a multiplexor that connects multiple processes as needed so you don't have a 1:1 ratio of mailers to backend milters and you don't have fast step waiting on slow steps to complete. See page 31 of http://www.mimedefang.org/static/mimedefang-lisa04.pdf. Most other approaches use simple pipelines that make everything wait while spamassin runs and have to reparse the mime headers to break out attachments for each scanning step. Some very large sites are running it. I fail to see how that becomes an advantage for sendmail. It lets you control load very precisely. You can limit sendmail to some number of instances that can be much larger than the number of big/slow scanning backend processes that you permit and the sendmails don't wait for the milters until/unless they need one of their functions and you don't have to start a new process for each message. Sorry, I meant to say, an advantage for sendmail over postfix. I can very well pair postfix and mimedefang for just spamassassin and the rest of the stuff handled by native postfix features. Where does your virus scan go? Since spamassassin is perl, MimeDefang can run it internally. You know the answer to that one. If I am going to use MimeDefang for spamassassin and postfix obviously does not have anti-virus features (unless you call using body_checks to check for known patterns anti-virus support) where do you think I would plug in anti-virus support? Again, in a sendmail + mimedefang versus postfix + mimedefang, sendmail is the loser. That at the very least cuts out another layer to go through for postfix. In the end, sendmail is at a disadvantage having to depend on a third party for extra features. On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax. Simply because it made sense to use available existing tools that support spamassassin and virus scanners than make yet another interface. No more smtp proxying. Good riddance amavisd. postfix was after all a replacement for sendmail and it would be incomplete without milter support. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Tue, 2009-11-24 at 11:00 +0800, Christopher Chan wrote: Ian Forde wrote: On Nov 23, 2009, at 5:34 PM, Christopher Chan christopher.c...@bradbury.edu.hk mailto:christopher.c...@bradbury.edu.hk wrote: Les Mikesell wrote: You probably really want ldap for that sort of thing. You probably really want to reconsider using ldap for anything that gets loads of changes daily. In the case of a mail relay, at one point years back I decided to drop (not bounce) all email to bogus recipients at the relay level rather than let it get to (yuck) Exchange, which would bounce it. The trick was having an updated recipient list. My first thought was to query Active Directory for each user, thus getting an up-to-date result. This turned out to be a *bad* idea for a couple of reasons. 1) if I can't reach AD, mail won't queue up on the relays, which is one of their major functions. 2) I'm making the relays directly dependent on AD latency. 3) any flood of email from outside can cause a large amount of queries against AD, causing a DOS that the relays are supposed to shield the internal network from. So instead, I found a script to gather the list of users from AD, did some modifications and wrote some wrappers. The result? A script that runs from cron to get the list of valid addresses, convert them into an access file that sendmail (or postfix, in the first case years ago) can use instead. There's a little more latency, but as long as I do some sanity checking (too many changes? Send an alert and don't change the access file) it works just fine. Ldap-based, yes. But loosely coupled. A good compromise in my experience... Precisely why a buffer like this for sites with a very large user base might want to use cdb. postfix supports cdb and sendmail can get cdb support from sf.net/sendmail-cdb. Both need the tinycdb library though. Even mysql/postgresql could do with a break for legit users. considering that LDAP is optimized for high amounts of read and minimal writes, the problem with any SMTP daemon querying an LDAP server getting bogged down suggests that other problems are at hand and should be solved. I mean if the primary user/authentication system can't handle the load, you got problems. I admire the workarounds but damn, you have to solve the problems anyway because this surely isn't the only place where this is a problem. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Craig White wrote: On Tue, 2009-11-24 at 11:00 +0800, Christopher Chan wrote: Ian Forde wrote: On Nov 23, 2009, at 5:34 PM, Christopher Chan christopher.c...@bradbury.edu.hk mailto:christopher.c...@bradbury.edu.hk wrote: Les Mikesell wrote: You probably really want ldap for that sort of thing. You probably really want to reconsider using ldap for anything that gets loads of changes daily. In the case of a mail relay, at one point years back I decided to drop (not bounce) all email to bogus recipients at the relay level rather than let it get to (yuck) Exchange, which would bounce it. The trick was having an updated recipient list. My first thought was to query Active Directory for each user, thus getting an up-to-date result. This turned out to be a *bad* idea for a couple of reasons. 1) if I can't reach AD, mail won't queue up on the relays, which is one of their major functions. 2) I'm making the relays directly dependent on AD latency. 3) any flood of email from outside can cause a large amount of queries against AD, causing a DOS that the relays are supposed to shield the internal network from. So instead, I found a script to gather the list of users from AD, did some modifications and wrote some wrappers. The result? A script that runs from cron to get the list of valid addresses, convert them into an access file that sendmail (or postfix, in the first case years ago) can use instead. There's a little more latency, but as long as I do some sanity checking (too many changes? Send an alert and don't change the access file) it works just fine. Ldap-based, yes. But loosely coupled. A good compromise in my experience... Precisely why a buffer like this for sites with a very large user base might want to use cdb. postfix supports cdb and sendmail can get cdb support from sf.net/sendmail-cdb. Both need the tinycdb library though. Even mysql/postgresql could do with a break for legit users. considering that LDAP is optimized for high amounts of read and minimal writes, the problem with any SMTP daemon querying an LDAP server getting bogged down suggests that other problems are at hand and should be solved. I mean if the primary user/authentication system can't handle the load, you got problems. I was trumpeting postfix's mysql/postgresql support and then Les says LDAP is the way to go and then I point out that LDAP don't like heavy write environments and you are starting the circle again. /me tramples LDAP underfoot, gets a horse to trample LDAP, gets a tank to complete the job. LDAP ain't THE SOLUTION for everything you know. I admire the workarounds but damn, you have to solve the problems anyway because this surely isn't the only place where this is a problem. Ian pointed how he needs to 'replicate' a local copy of user 'accounts' from Exchange so that he does not kill Exchange. I just pointed out that this sort of thing can be done also for sites with a very large user base that will want something that is more efficient that Berkeley DB. You can chain lookups in postfix. Check cdb, then check mysql/postgresql. If the account exists in the cdb, then there is no need to check mysql/postgresql. So essentially only non-existent addresses and recently created addresses will result in hits to mysql/postgresql. This is not a work around. This is performance enhancement. Whacking a local cdb will be faster than whacking a mysql/postgresql database. Geez. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Christopher Chan wrote: Ian pointed how he needs to 'replicate' a local copy of user 'accounts' from Exchange so that he does not kill Exchange. I just pointed out that this sort of thing can be done also for sites with a very large user base that will want something that is more efficient that Berkeley DB. There might be a few places big enough where using cdb vs. the built in bdb for the virtuser table would matter. But very few. You can chain lookups in postfix. Check cdb, then check mysql/postgresql. If the account exists in the cdb, then there is no need to check mysql/postgresql. So essentially only non-existent addresses and recently created addresses will result in hits to mysql/postgresql. This is not a work around. This is performance enhancement. Whacking a local cdb will be faster than whacking a mysql/postgresql database. Geez. If you have a reasonably fast internal mailer you can just let mimedefang on your external relay check against it with smtp in real time. Exchange isn't one of those, though. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Christopher Chan wrote: How do you have a remote root exploit if you aren't running as root? Ask the sendmail advisories for 8.12.x. Wasn't the last bug found and fixed 5 or 6 years ago? I fail to see how that becomes an advantage for sendmail. It lets you control load very precisely. You can limit sendmail to some number of instances that can be much larger than the number of big/slow scanning backend processes that you permit and the sendmails don't wait for the milters until/unless they need one of their functions and you don't have to start a new process for each message. Sorry, I meant to say, an advantage for sendmail over postfix. I've been using it with sendmail for many years. Postfix has only recently added milter support and only very recently made it good enough to work with mimedefang. I don't know if it does the session multiplexing as efficiently - maybe... You know the answer to that one. If I am going to use MimeDefang for spamassassin and postfix obviously does not have anti-virus features (unless you call using body_checks to check for known patterns anti-virus support) where do you think I would plug in anti-virus support? Again, in a sendmail + mimedefang versus postfix + mimedefang, sendmail is the loser. If you just started to use email, perhaps. On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax. Simply because it made sense to use available existing tools that support spamassassin and virus scanners than make yet another interface. No more smtp proxying. Good riddance amavisd. postfix was after all a replacement for sendmail and it would be incomplete without milter support. And it was incomplete for a long time. Which is why sendmail is the standard. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Les Mikesell wrote: Christopher Chan wrote: How do you have a remote root exploit if you aren't running as root? Ask the sendmail advisories for 8.12.x. Wasn't the last bug found and fixed 5 or 6 years ago? Which is great. Just saying that if there is one still lurking around, the current model of operation might still be vulnerable. I fail to see how that becomes an advantage for sendmail. It lets you control load very precisely. You can limit sendmail to some number of instances that can be much larger than the number of big/slow scanning backend processes that you permit and the sendmails don't wait for the milters until/unless they need one of their functions and you don't have to start a new process for each message. Sorry, I meant to say, an advantage for sendmail over postfix. I've been using it with sendmail for many years. Postfix has only recently added milter support and only very recently made it good enough to work with mimedefang. I don't know if it does the session multiplexing as efficiently - maybe... I was the under the impression that it was mimedefang that handled that and not sendmail? In any case, postfix has long had very good multiplexing. You know the answer to that one. If I am going to use MimeDefang for spamassassin and postfix obviously does not have anti-virus features (unless you call using body_checks to check for known patterns anti-virus support) where do you think I would plug in anti-virus support? Again, in a sendmail + mimedefang versus postfix + mimedefang, sendmail is the loser. If you just started to use email, perhaps. Ho hum. I do not know why you keep insisting that letting mimedefang handle say lookups to mysql and perform decisions based on those is faster than if sendmail had native support. It is after all, one less layer to going through and not run in something that is interpreted. On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax. Simply because it made sense to use available existing tools that support spamassassin and virus scanners than make yet another interface. No more smtp proxying. Good riddance amavisd. postfix was after all a replacement for sendmail and it would be incomplete without milter support. And it was incomplete for a long time. Which is why sendmail is the standard. More and more distributions are using postfix as the default even though it does not allow delivery to root. That 'is' will soon become 'was' despite its incomplete milter support. I guess milters are not all that standard then. So many alternatives to milters out there that got established when milters just were not stable enough (no fault of sendmail) so that today milters are not quite as well known as stuff like resource hog amavisd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Christopher Chan wrote: Craig White wrote: On Tue, 2009-11-24 at 11:00 +0800, Christopher Chan wrote: Ian Forde wrote: On Nov 23, 2009, at 5:34 PM, Christopher Chan christopher.c...@bradbury.edu.hk mailto:christopher.c...@bradbury.edu.hk wrote: Les Mikesell wrote: You probably really want ldap for that sort of thing. You probably really want to reconsider using ldap for anything that gets loads of changes daily. In the case of a mail relay, at one point years back I decided to drop (not bounce) all email to bogus recipients at the relay level rather than let it get to (yuck) Exchange, which would bounce it. The trick was having an updated recipient list. My first thought was to query Active Directory for each user, thus getting an up-to-date result. This turned out to be a *bad* idea for a couple of reasons. 1) if I can't reach AD, mail won't queue up on the relays, which is one of their major functions. 2) I'm making the relays directly dependent on AD latency. 3) any flood of email from outside can cause a large amount of queries against AD, causing a DOS that the relays are supposed to shield the internal network from. So instead, I found a script to gather the list of users from AD, did some modifications and wrote some wrappers. The result? A script that runs from cron to get the list of valid addresses, convert them into an access file that sendmail (or postfix, in the first case years ago) can use instead. There's a little more latency, but as long as I do some sanity checking (too many changes? Send an alert and don't change the access file) it works just fine. Ldap-based, yes. But loosely coupled. A good compromise in my experience... Precisely why a buffer like this for sites with a very large user base might want to use cdb. postfix supports cdb and sendmail can get cdb support from sf.net/sendmail-cdb. Both need the tinycdb library though. Even mysql/postgresql could do with a break for legit users. considering that LDAP is optimized for high amounts of read and minimal writes, the problem with any SMTP daemon querying an LDAP server getting bogged down suggests that other problems are at hand and should be solved. I mean if the primary user/authentication system can't handle the load, you got problems. I was trumpeting postfix's mysql/postgresql support and then Les says LDAP is the way to go and then I point out that LDAP don't like heavy write environments and you are starting the circle again. And how many LDAP implementations have mysql/postgresql behind the LDAP syntax? So LDAP is frequently WORST than just a direct SQL table lookup. At least the few that I have dealt with. I LIKE LDAP. Much better than DAP any day of the year ;) /me tramples LDAP underfoot, gets a horse to trample LDAP, gets a tank to complete the job. LDAP ain't THE SOLUTION for everything you know. I admire the workarounds but damn, you have to solve the problems anyway because this surely isn't the only place where this is a problem. Ian pointed how he needs to 'replicate' a local copy of user 'accounts' from Exchange so that he does not kill Exchange. I just pointed out that this sort of thing can be done also for sites with a very large user base that will want something that is more efficient that Berkeley DB. You can chain lookups in postfix. Check cdb, then check mysql/postgresql. If the account exists in the cdb, then there is no need to check mysql/postgresql. So essentially only non-existent addresses and recently created addresses will result in hits to mysql/postgresql. This is not a work around. This is performance enhancement. Whacking a local cdb will be faster than whacking a mysql/postgresql database. Geez. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos