Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 08/14/2014 07:14 AM, Ned Slider wrote: > On 13/08/14 17:32, Timothy Murphy wrote: >> BC wrote: >> I've never seen a 1-page document that said, "These are the changes I made after downloading packages X, Y and Z." >>> There is a large chasm between configuring a mail server and understanding >>> the configuration of a mail server. Due to the many pitfalls and custom >>> environments, it is very difficult to have a 1-page document that does >>> much more than be an outbound MTA. >> Note what I asked for. >> If you have installed postfix + spamassassin or whatever under CentOS >> then presumably you downloaded certain packages >> and then made certain changes in config files and perhaps elsewhere. >> Therefore it is possible to write a short document just listing >> the changes you have made. >> It may be a waste of time in your view; >> but in my experience this is exactly what I want to read >> for my very basic home server needs. >> > Yes, I did exactly that for CentOS 5, and you can find it on the Wiki here: > > http://wiki.centos.org/HowTos#head-0facb50d5796bee0bd394636c32ffa9a997a6ab5 > > There's a basic Postfix/Dovecot guide: > > http://wiki.centos.org/HowTos/postfix > > It lists all the config changes required in Postfix and Dovecot for a > basic Postfix server (assumes networking knowledge). > > Then you can add in some simple spam filtering with Postfix restrictions: > > http://wiki.centos.org/HowTos/postfix_restrictions > > or greylisting: > > http://wiki.centos.org/HowTos/postgrey > > or bolt on Amavisd/SpamAssassin: > > http://wiki.centos.org/HowTos/Amavisd > > or bolt on some encryption with SASL and SSL/TLS > > http://wiki.centos.org/HowTos/postfix_sasl > > These guides were all designed to be fully functional and modular so you > could pick just the bits you wanted to extend your basic Postfix > installation. > > There will be some config differences between el5 and el6 due to the > different versions of the packages used. If you can't figure out the > differences just go with the docs provided on el5 - it's supported for > another 3 years or so. > > If you get it working on el6/el7 please feel free to fork the docs for > those dists. I know of at least one person running this setup on el6 > with the extra packages from EPEL. > > This really isn't that difficult. The Postfix docs are excellent. You > just need to spend a day reading (and understanding) the docs. The main > confusion seems to stem from the fact that there are so many different > ways to implement a solution and there is no right or wrong way to do > it. But this just illustrates the ultimate flexibility of the software > you are using. > > The methods documented above illustrate one such approach. I (and > another contributor to this list) documented it for the wider community > as it's the method we use. If you don't like it feel free to use another > approach, but please don't complain that there isn't any documentation > when we worked really hard to develop those docs for the community. > I have used these docs a number of times (yes all of them) for CentOS-5 with no apparent issues - Thanks guys - much appreciated from me. I have just (8 months) set up a new CentOS-6 server using the same guides with few changes needed - I have just implemented virtual mail boxes on this for multiple domains, all working but no admin interface - i.e. need to edit config files to add users etc. Still looking into this bit to see if there is an option that is not full of security holes, thus far I would not expose the admin interfaces to the internet, i.e. only make them internally accessible. HTH > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 - Firewall always allows outgoing packets?
On 08/14/2014 01:16 AM, Timothy Murphy wrote: > Jonathan Billings wrote: > >> 'FirewallD' doesn't replace 'iptables' except in the sense of activated >> system services, not the core firewall functionality. FirewallD just >> builds and modifies iptables rules. > I'm a bit surprised no-one has mentioned shorewall. > I'm using it on two tiny home servers, > one under CentOS-6 and the other CentOS-7. > Basically, this is because I don't understand iptables, > or really want to understand it. > Is firewalld a reasonable alternative in CentOS-6? > > I often wonder if I am in a small minority of CentOS users, > who are just running home servers of some kind. > Most of the posters to this mailing list > seem to be in charge of systems with hundreds if not thousands of users. > I run 6 servers currently (4 running CentOS-5 and 2 running CentOS-6) plus a laptop and a workstation running CentOS-6. Still to take the plunge into CentOS-7. My operating space is small business situations wanting low touch, high up time and reliability. Also a high aversion to being sold expensive software that in no way out-performs FOSS for all the basic tasks a small business needs to survive. Thus you are not alone and probably not that small a minority. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 2014-08-13, Timothy Murphy wrote: > > I seem to recall that you have very occasionally made helpful suggestions - > maybe I am confusing you with someone else. I am somewhat mortified that you are not applying Occam's razor here. If you believe that I have been helpful in the past, isn't the simplest explanation that it's possible I'm being helpful now? (Whether I actually have been helpful is in the eye of the beholder; I like to believe it myself, but that's pure conceit.) > I give you the same answer - if you believe the TASK of postfix > is difficult to understand, explain why. It is difficult to understand because two of postfix's primary tasks are to implement SMTP and deliver mail safely. Both of these tasks are themselves difficult to do well, especially SMTP, a service widely targeted by attackers which offers little in the way of authentication. > BC hasn't answered this, and I very much doubt if KK will either. We both did; don't blame us if you didn't like the response. > As I see it, the principal task of postfix is to take in email > arriving at port 25, and convey it to one or more destinations. There are *so* many details that you ignore in this gross oversimplification. The most dangerous one is, what mail do you accept, and what mail are you willing to convey? One mistake in this area and you become a spam relay. > In my experience email has been working without problems > for as long as Unix has been running, This is patently untrue. Here's just one example: https://en.wikipedia.org/wiki/Morris_worm > It is not necessary to understand how the internal combustion engine works > in order to drive a car; and there is no evidence that those who do know > make better drivers. In this analogy, drivers == email users. If you are running an SMTP server, you're a mechanic, *not* a driver! If you don't want to understand how a car works, you shouldn't be a mechanic. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slow i/o with a raid 50 on a 3ware controller
On Wed, Aug 6, 2014 at 2:44 PM, Chuck Campbell wrote: > I have a raid 50 array on a 3ware controller. The box is running centos > 6.5 and > the file system is ext4. > > I'm going to try some other filesystems, but could anyone suggest any > alternative raid setups as well as stripe sizes I should try? > > The old server uses the same controller on a centos 5.10 setup, using > ext3, and > it performs much faster i/o. The old 3ware setup is raid 5. > > -chuck > tuned-adm list tuned-adm profile throughput-performance ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 6:19 PM, Timothy Murphy wrote: > >> That was back when it was safe to assume that those one or more >> destination wanted to receive anything that showed up on port 25. Or >> that you could reasonably accept the unwanted data and subsequently >> send it back to wherever the From: line said it came from. Which was >> basically never but people used to do it before they knew better. > > But it is still reasonably easy to say what you want to do with email, > even if it is hard to implement. No, it is next to impossible to describe what is spam and fairly difficult with viruses. And you have to categorize it before you can do something with it. > My statement was that "the TASK of postfix is fairly easy to understand". Sure, as long as you don't need to make any choices... > You are clutching at straws. > > "Whatever can be said can be said clearly" - Wittgenstein 'Clearly' isn't a problem. 'Concisely' would be a problem for anything that permits more or less arbitrary choices. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Website
On 8/13/2014 1:29 PM, Andreas Benzler wrote: > on the website > > remove > http://isoredirect.centos.org/centos/6/isos/i386/ why? centos 6 ISO's are still supported, still available for download. thats the generic link to the mirror farm. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Website
On 08/13/2014 03:29 PM, Andreas Benzler wrote: > Hello Guys... > > Get Centos -> download > > Minimal Install Images point to 6.5 > > http://wiki.centos.org/Manuals/ReleaseNotes/CentOSMinimalCD6.5 > > something like > > http://wiki.centos.org/Manuals/ReleaseNotes/CentOSMinimalCD7.0 This page doesn't exist. Meanwhile I've updated it to point directly to the minimal iso itself. If someone would like to create the Release notes, I'll happily update again. > > > on the website > > remove > http://isoredirect.centos.org/centos/6/isos/i386/ > > only > > http://centos.psw.net/centos/7/isos/x86_64/ No. We won't single out a specific mirror for the whole community to download from. > > Thanks.. > > AndyBe > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
Les Mikesell wrote: > On Wed, Aug 13, 2014 at 5:55 PM, Timothy Murphy >> In my experience email has been working without problems >> for as long as Unix has been running, >> long before system administrator exams were invented. > > That was back when it was safe to assume that those one or more > destination wanted to receive anything that showed up on port 25. Or > that you could reasonably accept the unwanted data and subsequently > send it back to wherever the From: line said it came from. Which was > basically never but people used to do it before they knew better. But it is still reasonably easy to say what you want to do with email, even if it is hard to implement. My statement was that "the TASK of postfix is fairly easy to understand". >> It is not necessary to understand how the internal combustion engine >> works in order to drive a car; and there is no evidence that those who do >> know make better drivers. > > Not a good analogy. Cars have a fairly useful user interface for the > decisions drivers need to make. MTA's need to have helper programs > hooked into various places that are much less standardized to make > some decisions for you. You are clutching at straws. "Whatever can be said can be said clearly" - Wittgenstein -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 5:55 PM, Timothy Murphy wrote: > > > As I see it, the principal task of postfix is to take in email > arriving at port 25, and convey it to one or more destinations. > > In my experience email has been working without problems > for as long as Unix has been running, > long before system administrator exams were invented. That was back when it was safe to assume that those one or more destination wanted to receive anything that showed up on port 25. Or that you could reasonably accept the unwanted data and subsequently send it back to wherever the From: line said it came from. Which was basically never but people used to do it before they knew better. > It is not necessary to understand how the internal combustion engine works > in order to drive a car; and there is no evidence that those who do know > make better drivers. Not a good analogy. Cars have a fairly useful user interface for the decisions drivers need to make. MTA's need to have helper programs hooked into various places that are much less standardized to make some decisions for you. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anaconda, kickstart, lvm over raid, logvol --grow, centos7 mystery
Just want to mention that this behaviour is already known bug https://bugzilla.redhat.com/show_bug.cgi?id=1093144#c7 2014-07-31 12:01 GMT+03:00 Maxim Shpakov : > Hi! > > I can confirm this. > > --grow on LVM partition is broken for raid+lvm kickstart installs. > > > bootloader --location=mbr --driveorder=sda,sdb --append="net.ifnames=0 > crashkernel=auto rhgb quiet" > zerombr > clearpart --all --drives=sda,sdb --initlabel > > part raid.1 --asprimary --size=200 --ondisk=sda > part raid.2 --size=1 --grow --ondisk=sda > part raid.3 --asprimary --size=200 --ondisk=sdb > part raid.4 --size=1 --grow --ondisk=sdb > > raid /boot --fstype=ext4 --level=RAID1 --device=md0 raid.1 raid.3 > raid pv.1 --level=RAID1 --device=md1 raid.2 raid.4 > > volgroup vg0 --pesize=65536 pv.1 > > logvol swap --name=swap --vgname=vg0 --size=4096 > logvol /tmp --fstype=ext4 --name=tmp --vgname=vg0 --size=4096 > --fsoptions="noexec,nosuid,nodev,noatime" > logvol / --fstype=ext4 --name=root --vgname=vg0 --size=10240 --grow > --fsoptions="defaults,noatime" > > Such partitioning scheme is now working. Anaconda is complaining about > "ValueError: not enough free space in volume group" > > Buf if I remove --grow from last logvol - everything is ok. > > I don't understand what I'm doing wrong, such kickstart works > flawlessly for C6 installs. > > 2014-07-16 14:21 GMT+03:00 Borislav Andric : >> I am testing some kickstarts on ESXi virtual machine with pair of 16GB disks. >> Partitioning is lvm over raid. >> >> If i am using "logvol --grow i get "ValueError: not enough free space in >> volume group" >> Only workaround i can find is to add --maxsize=XXX where XXX is at least >> 640MB less than available. >> (10 extents or 320Mb per created logical volume) >> >> Following snippet is failing with "DEBUG blivet: failed to set size: 640MB >> short" >> >> part raid.01 --size 512 --asprimary --ondrive=sda >> part raid.02 --size 1 --asprimary --ondrive=sda --grow >> part raid.11 --size 512 --asprimary --ondrive=sdb >> part raid.12 --size 1 --asprimary --ondrive=sdb --grow >> raid /boot --fstype="xfs" --device="md0" --level=RAID1 raid.01 >> raid.11 >> raid pv.01 --fstype="lvmpv" --device="md1" --level=RAID1 raid.02 >> raid.12 >> volgroup vg0 pv.01 >> logvol / --fstype="xfs" --grow --size=4096 --name=lvRoot >> --vgname=vg0 >> logvol swap --fstype="swap" --size=2048 --name=lvSwap >> --vgname=vg0 >> >> If i only add --maxsize=13164 everything is working. >> (but after install i have 640MB in 20 Free PE in vg0, for details see "after >> --maxsize install") >> >> logvol / --fstype="xfs" --grow --size=4096 --name=lvRoot >> --vgname=vg0 >> --changed to -> >> logvol / --fstype="xfs" --grow --size=4096 --name=lvRoot >> --vgname=vg0 --maxsize=13164 >> >> >> Some interesting DEBUG lines : >> >>> 15840MB lvmvg vg0 (26) >>> vg0 size is 15840MB >>> Adding vg0-lvRoot/4096MB to vg0 >>> vg vg0 has 11424MB free >> >> should it be 11744 or there is 320MB overhead ? >> >>> Adding vg0-lvSwap/2048MB to vg0 >>> vg vg0 has 9056MB free >> >> 320MB missing again, total of 640MB >> >>> vg vg0: 9056MB free ; lvs: ['lvRoot', 'lvSwap'] >> >> nice, i have 9056MB free in vg0 (640MB short but still ... ) >> >>> 1 requests and 303 (9696MB) left in chunk >>> adding 303 (9696MB) to 27 (vg0-lvRoot) >> >> wtf, who is counting what !! >> >>> failed to set size: 640MB short >> >> >> Could anyone shed some light ? >> >> >> >> >> >> P.S. >> >> "after --maxsize install" >> = >> If i limit root logvol with --maxsize=13164, after installation i get 640MB >> of free space (20 Free PE). >> >> >> Missing 640Mb is free according to lvm : >> [root@c7-pxe-install ~]# pvdisplay >> --- Physical volume --- >> PV Name /dev/md1 >> VG Name vg0 >> PV Size 15.49 GiB / not usable 22.88 MiB >> Allocatable yes >> PE Size 32.00 MiB >> Total PE 495 Free PE 20 >> Allocated PE 475 >> PV UUID uBLBqQ-Tpao-yPVj-1FVA-488x-Bs0K-ebQOmI >> >> >> And i can use it : >> [root@c7-pxe-install ~]# lvextend -L +640M vg0/lvRoot >> Extending logical volume lvRoot to 13.47 GiB >> Logical volume lvRoot successfully resized >> >> [root@c7-pxe-install ~]# xfs_growfs / >> meta-data=/dev/mapper/vg0-lvRoot isize=256agcount=4, >> agsize=841728 blks >> = sectsz=512 attr=2, >> projid32bit=1 >> = crc=0 >> data = bsize=4096 blocks=3366912, >> imaxpct=25 >> = sunit=0 swidth=0 blks >> naming =version 2
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
Keith Keller wrote: >> You should read more carefully. >> I said the _task_ of postfix is fairly easy to understand > As BC wrote, you think it's easy to understand because you do not > understand it. You can choose to believe that or not. I seem to recall that you have very occasionally made helpful suggestions - maybe I am confusing you with someone else. I give you the same answer - if you believe the TASK of postfix is difficult to understand, explain why. BC hasn't answered this, and I very much doubt if KK will either. As I see it, the principal task of postfix is to take in email arriving at port 25, and convey it to one or more destinations. In my experience email has been working without problems for as long as Unix has been running, long before system administrator exams were invented. It is not necessary to understand how the internal combustion engine works in order to drive a car; and there is no evidence that those who do know make better drivers. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] MySQL - replication - how to restore master?
It's quite simple really. Just make your master a slave of your slave. It's called Multi Master. see http://mysql-mmm.org/ On Wed, Aug 13, 2014 at 9:53 PM, John Horne wrote: > Hello, > > We have MySQL running as a master which is replicating to a single slave > server. We are, however, considering what is required when a 'disaster' > of some sort happens to either server. By disaster, this could be some > event which requires the entire server to be rebuilt, and which would > usually include restoring from nightly backups directories such as > '/var/lib/mysql' and '/var/log/mysql' (as set in our my.cnf file). It > could also refer to an event which only affects the mysql service, but > requires us to stop the mysql master service. This may involve > reinstalling the mysql package, and, again, restoring the > '/var/lib/mysql' and '/var/log/mysql' directories. > > In the case of losing the slave server, we have found instructions for > rebuilding the slave database and restarting replication using a > mysqldump backup taken from the master server. We have tested this and > it works fine. > > However, I am having trouble finding out what to do should we lose the > master server. Typically mysqldump backups of the master are done > overnight, so a failure during the day would mean that the slave is > ahead of the master backup. So this poses two questions: > > 1) If the master fails, and we perform (at that time) a mysqldump of the > slave, we could import the data into the master, but what commands do we > need to tell the master (and slave?) to start replication based on the > imported data? As far as I can gather the master replication data is > held in the '/var/log/mysql' directory (in our case) in the bin log > files, and these would typically be restored after a disaster. > > 2) If the master fails and we import the overnight backup data, what > commands do we then need to issue on the master and slave to restart > replication from the imported data? In particular, on the master do we > just delete the bin log files and let replication start afresh? And on > the slave, which at that time would be ahead of the master, how do we > sort out the replication? Do we drop the existing database and import > the backup data into the slave as well, so that both the master and > slave start with the same data? > > > > > Thanks, > > John. > > -- > John Horne Tel: +44 (0)1752 587287 > Plymouth University, UK > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 2014-08-13, Timothy Murphy wrote: > BC wrote: > >>> The task of postfix seems to me fairly easy to understand, >>> so I don't see why implementing a solution should be that difficult. > >> It seems easy to understand because you do not understand it. The more you >> delve into the topic of mail, the more you realize it is not easy to >> understand with just a few passing glances. > > You should read more carefully. > I said the _task_ of postfix is fairly easy to understand. As BC wrote, you think it's easy to understand because you do not understand it. You can choose to believe that or not. > The true educators are those who filter out the essential core. You could easily do s/educators/students/ and continue to be true. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos Website
Hello Guys... Get Centos -> download Minimal Install Images point to 6.5 http://wiki.centos.org/Manuals/ReleaseNotes/CentOSMinimalCD6.5 something like http://wiki.centos.org/Manuals/ReleaseNotes/CentOSMinimalCD7.0 on the website remove http://isoredirect.centos.org/centos/6/isos/i386/ only http://centos.psw.net/centos/7/isos/x86_64/ Thanks.. AndyBe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 3:06 PM, Timothy Murphy wrote: >> >> Either way, I had no intention of making you mad. I was simply trying to >> help by saying that reading a book on postfix is a very worthwhile >> pursuit. > > Not for me. > We are inundated today with an avalanche of information. > We are told far too much about everything. > The true educators are those who filter out the essential core. The problem is that with anything as complex as mail systems, OS distributions, computer languages, etc. no one ever has time to understand more than one or at best a few choices or to keep up with their changes over time. So it is almost impossible to get a good comparison or recommendation for a situation resembling your own - or anything that goes beyond 'this worked for me once...'. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
BC wrote: >> The task of postfix seems to me fairly easy to understand, >> so I don't see why implementing a solution should be that difficult. > It seems easy to understand because you do not understand it. The more you > delve into the topic of mail, the more you realize it is not easy to > understand with just a few passing glances. You should read more carefully. I said the _task_ of postfix is fairly easy to understand. Many problems are easy to understand but difficult to solve. What exactly is difficult to understand about the task of postfix? > Perhaps that is why you are > not finding a simple document to answer your question. Again, you should read more carefully what I asked for, namely a 1-page document stating (for a given installer) exactly what packages were installed, and what changes were made to the given config (and perhaps other) files. > Either way, I had no intention of making you mad. I was simply trying to > help by saying that reading a book on postfix is a very worthwhile > pursuit. Not for me. We are inundated today with an avalanche of information. We are told far too much about everything. The true educators are those who filter out the essential core. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 2:06 PM, Always Learning wrote: > >> Always Learning wrote: > >> > No one really wants to revert to Sendmail - do they ? > >> It worked fine for me for years - what do you have against it? > > Sendmail lacks the configurability of Exim. Maybe, if you refuse to use the milter interface introduced in 2001. Or the available programs that do the work for you. > I refuse connections when the HELO / EHLO does not resolve to the > sender's IP address, for example > > Sender's IP : 62.25.80.157 = mail1.bemta105.messagelabs.com > Host name : mail1.bemta105.messagelabs.com = 62.25.80.157 > HELO name : server-12.bemta-105.messagelabs.com = no IP address > Date: Tuesday, 11:04, 12 August 2014, (+01:00) There's not really a requirement for that. And a multi-homed host or one behind nat may not know what IP you think it has. > Sender's IP : 202.94.83.220 = 202-94-83-220.infra.usd.ac.id > Host name : 202-94-83-220.infra.usd.ac.id = 202.94.83.220 > HELO name : ASRI-PC = no IP address > Date: Wednesday, 06:16, 13 August 2014, (+01:00) > > I can restrict sending to some email addresses to white-listed senders. > > I can get rid of pests by rejecting with a bounce message 'the > recipient's mail box is full'. I think sendmail can do those natively - or more easily with milters. > I can run a basic mailing list, within Exim, without having to use > Mailman. But why would you? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 13/08/14 17:32, Timothy Murphy wrote: > BC wrote: > >>> I've never seen a 1-page document that said, >>> "These are the changes I made after downloading packages X, Y and Z." > >> There is a large chasm between configuring a mail server and understanding >> the configuration of a mail server. Due to the many pitfalls and custom >> environments, it is very difficult to have a 1-page document that does >> much more than be an outbound MTA. > > Note what I asked for. > If you have installed postfix + spamassassin or whatever under CentOS > then presumably you downloaded certain packages > and then made certain changes in config files and perhaps elsewhere. > Therefore it is possible to write a short document just listing > the changes you have made. > It may be a waste of time in your view; > but in my experience this is exactly what I want to read > for my very basic home server needs. > Yes, I did exactly that for CentOS 5, and you can find it on the Wiki here: http://wiki.centos.org/HowTos#head-0facb50d5796bee0bd394636c32ffa9a997a6ab5 There's a basic Postfix/Dovecot guide: http://wiki.centos.org/HowTos/postfix It lists all the config changes required in Postfix and Dovecot for a basic Postfix server (assumes networking knowledge). Then you can add in some simple spam filtering with Postfix restrictions: http://wiki.centos.org/HowTos/postfix_restrictions or greylisting: http://wiki.centos.org/HowTos/postgrey or bolt on Amavisd/SpamAssassin: http://wiki.centos.org/HowTos/Amavisd or bolt on some encryption with SASL and SSL/TLS http://wiki.centos.org/HowTos/postfix_sasl These guides were all designed to be fully functional and modular so you could pick just the bits you wanted to extend your basic Postfix installation. There will be some config differences between el5 and el6 due to the different versions of the packages used. If you can't figure out the differences just go with the docs provided on el5 - it's supported for another 3 years or so. If you get it working on el6/el7 please feel free to fork the docs for those dists. I know of at least one person running this setup on el6 with the extra packages from EPEL. This really isn't that difficult. The Postfix docs are excellent. You just need to spend a day reading (and understanding) the docs. The main confusion seems to stem from the fact that there are so many different ways to implement a solution and there is no right or wrong way to do it. But this just illustrates the ultimate flexibility of the software you are using. The methods documented above illustrate one such approach. I (and another contributor to this list) documented it for the wider community as it's the method we use. If you don't like it feel free to use another approach, but please don't complain that there isn't any documentation when we worked really hard to develop those docs for the community. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, 2014-08-13 at 19:32 +0200, Timothy Murphy wrote: > Always Learning wrote: > > No one really wants to revert to Sendmail - do they ? > It worked fine for me for years - what do you have against it? Sendmail lacks the configurability of Exim. I can refuse connections if the sender's host name resembles a home Internet connection (contains dyn* static nnn-nnn-nnn-nnn or nnn.nnn.nnn.nnn or is on the list of home-type hosts such as *dsl.bell.ca etc. etc.) I refuse connections when the HELO / EHLO does not resolve to the sender's IP address, for example Sender's IP : 62.25.80.157 = mail1.bemta105.messagelabs.com Host name : mail1.bemta105.messagelabs.com = 62.25.80.157 HELO name : server-12.bemta-105.messagelabs.com = no IP address Date: Tuesday, 11:04, 12 August 2014, (+01:00) Sender's IP : 202.94.83.220 = 202-94-83-220.infra.usd.ac.id Host name : 202-94-83-220.infra.usd.ac.id = 202.94.83.220 HELO name : ASRI-PC = no IP address Date: Wednesday, 06:16, 13 August 2014, (+01:00) I can restrict sending to some email addresses to white-listed senders. I can get rid of pests by rejecting with a bounce message 'the recipient's mail box is full'. I can run a basic mailing list, within Exim, without having to use Mailman. Just a few bits of basic care can dramatically restrict, if not virtually stop, spam and the inevitable viruses sent in spam. I like Exim because it works well for me and it is reliable. > When I started using it, before sendmail.mc was introduced, > I found it even more difficult to configure than postfix today. What is really needed is a Plain Man's Guide to basic mail server operation. Describe the principles and how they are implemented on one's chosen mail server. Easy task to do, but I lack the time. -- Regards, Paul. England, EU. Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 8/13/2014 10:57 AM, Valeri Galtsev wrote: > Of course, I used exaggeration (we all had "configure sendmail" chapter in > our sysadmin exam back then). After you compile human readable sendmail > config file into what sendmail uses, you get something similar to assembly > code as opposed to high level programming language. And some of us were > able to digest that too (as sometimes you inherit this file, but not the > configuration source file)... the M4 macro compiler came fairly late in Sendmail's evolution. in the OLD days, editing the sendmail.cf file directly was all you had. you just about needed a PhD in that stuff to do anything beyond the simplest tweaks, although with the O'Reilly Sendmail book ("bat book"), you could get away with assembling bits and pieces of other peoples hacks for most any sane configuration. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 2014-08-13, Valeri Galtsev wrote: >> > > Building decent mail server with good spam filtering is different story, > and requires some system administration knowledge. Building a decent public SMTP server with good spam filtering *that does not originate spam itself* and *does not silently lose mail* is a hugely different story, and requires more than simply "some system administration knowledge". It requires a solid understanding of SMTP as well as the software involved, some knowledge of IP networks and DNS, and constant vigilance on the anti-spam sites to ensure you're not originating spam. Someone unable or unwilling to do these things should not expose their SMTP server to the public. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 12:57 PM, Valeri Galtsev wrote: > > On Wed, August 13, 2014 12:45 pm, Kirk Bocek wrote: >> >> On 8/13/2014 10:35 AM, Valeri Galtsev wrote: >>> Sendmail exists forever. ... I was extremely happy to switch away from >>> sendmail to postfix (and postfix configuration files are human >>> readable!). >> >> Sendmail's heritage reaches back to when computer's were the size of >> dishwashers and had 4k of main memory. Hence the inscrutable syntax. >> > > Of course, I used exaggeration (we all had "configure sendmail" chapter in > our sysadmin exam back then). After you compile human readable sendmail > config file into what sendmail uses, you get something similar to assembly > code as opposed to high level programming language. And some of us were > able to digest that too (as sometimes you inherit this file, but not the > configuration source file)... Ahh, the days of wooden computers and iron programmers. Back then, compilers were a rare, extra-cost item that you probably wouldn't have on your mail server and an embedded macro language was an efficient way to control it. Still works, but once the macro has been written, all you have to do is copy it and the m4 processor provides a way to make customized copies. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Looking for SElinux help
This is a little OT, but I hope that someone here could help me privately... The challenge is Redsleeve (EL6 for arm) was developed on armv5 and works just fine on armv7 if you have an armv7 kernel, which I do with the Fedora 19 remix. But no working SElinux, primarily because something like no SElinux in the armv5 kernel (little unclear as to why not, but it is not germaine to this problem). I know that my F19 remix has SELinux working. I have tested it. But my RSEL6 is showing SELinux disabled. So if someone has some time and can guide me or point me to some links, I would greatly appreciate it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, August 13, 2014 12:45 pm, Kirk Bocek wrote: > > On 8/13/2014 10:35 AM, Valeri Galtsev wrote: >> Sendmail exists forever. ... I was extremely happy to switch away from >> sendmail to postfix (and postfix configuration files are human >> readable!). > > Sendmail's heritage reaches back to when computer's were the size of > dishwashers and had 4k of main memory. Hence the inscrutable syntax. > Of course, I used exaggeration (we all had "configure sendmail" chapter in our sysadmin exam back then). After you compile human readable sendmail config file into what sendmail uses, you get something similar to assembly code as opposed to high level programming language. And some of us were able to digest that too (as sometimes you inherit this file, but not the configuration source file)... Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 12:35 PM, Valeri Galtsev wrote: >> On Wed, 2014-08-13 at 18:32 +0200, Timothy Murphy wrote: >>> If I had to read a book in order to install and configure postfix I > would go back to sendmail. >> >> No one really wants to revert to Sendmail - do they ? >> > Sendmail exists forever. Postfix emerged a bit later, and postfix was > written with security in mind. In case of sendmail on [huge] binary does > everything, including listening to external port. There are quite likely > multible bugs in large code. That was true when postfix was initially written, but subsequently, the sendmail has been audited more thoroughly than any other piece of code you are likely to use (certainly more than openssl, which everyone used to trust...) and split into submissioin and delivery processes with milter hooks to let additional processing steps run as different, non-root users. While anything can have undiscovered bugs, at this point I don't think it is fair to say that one is any more secure than the other. > Usually postfix comes more or less decently configured as a trivial mail > server (both in case of CentOS rpm, and from postfix vendor if you > download tarball and build it yourself But likewise, the rpm-packaged sendmail comes with a configuration that only needs a few tweaks to the readable sendmail.mc file for most common uses. And MimeDefang lets you do anything more complex in perl. I haven't seen anyone here claim to have hooked MimeDefang to postfix but it should be theoretically possible now that postfix supports milters. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On 8/13/2014 10:35 AM, Valeri Galtsev wrote: > Sendmail exists forever. ... I was extremely happy to switch away from > sendmail to postfix (and postfix configuration files are human readable!). Sendmail's heritage reaches back to when computer's were the size of dishwashers and had 4k of main memory. Hence the inscrutable syntax. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, August 13, 2014 11:50 am, Always Learning wrote: > > On Wed, 2014-08-13 at 18:32 +0200, Timothy Murphy wrote: >> If I had to read a book in order to install and configure postfix I would go back to sendmail. > > No one really wants to revert to Sendmail - do they ? > Sendmail exists forever. Postfix emerged a bit later, and postfix was written with security in mind. In case of sendmail on [huge] binary does everything, including listening to external port. There are quite likely multible bugs in large code. In case of postfix it is tiny piece of code (so there is virtually impossible to introduce bug into it) that listens to external ports. I was extremely happy to switch away from sendmail to postfix (and postfix configuration files are human readable!). Usually postfix comes more or less decently configured as a trivial mail server (both in case of CentOS rpm, and from postfix vendor if you download tarball and build it yourself - I probably should mention the author: Vietse Venema), you will need to make postfix listen to external connections though in main.cf. I can not compare postfix to exim, I never used exim. Building decent mail server with good spam filtering is different story, and requires some system administration knowledge. That is the reason for long replies that didn't appeal to you. RHEL is not there yet to claim as M$ does that you just get their product, few clicks and you have enterprise level [whichever service] and all auto-magically will work [thanks to RHEL and/or M$ great product]. They (RH) may be aiming to have it that way. If they succeed, anybody without special knowledge will be able to set up great Linux server, I guess. But, as I've heard once: "if even an idiot can use something only an idiot will use it". We'll see ;-) Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
Always Learning wrote: >> If I had to read a book in order to install and configure postfix >> I would go back to sendmail. > > Try EXIM - it worked for me almost out-of-the-box with very minimal > configuration. Since then I have introduced lots of extra refinements to > successfully keep spam out without using third party faciliti I should have said, perhaps, that shorewall is working perfectly for me, under both CentOS-6 and CentOS-7. I run amavis under CentOS-6 to incorporate spamassassin and clamav. However, amavisd-new wasn't available when I installed CentOS-7 - I know it is available now - so I went on a strange journey using dovecot-pigeonhole and sieve, which I would not recommend to anyone. > No one really wants to revert to Sendmail - do they ? It worked fine for me for years - what do you have against it? When I started using it, before sendmail.mc was introduced, I found it even more difficult to configure than postfix today. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 11:50 AM, Always Learning wrote: > > > No one really wants to revert to Sendmail - do they ? I've always liked MimeDefang with sendmail - and these days it should be possible to make it work with postfix.Basically you connect it as a milter to the stock MTA - without many other config changes there. Then you add all of the scanning and control steps in a small snippet of perl (with examples available for most of the things you would want to do). I'd recommend glancing through this document: http://www.mimedefang.org/static/mimedefang-lisa04.pdf for an overview of what you need to do even if you decide to use other tools. But, mimedefang is very effecient, at least with sendmail because it will unpack attachments once even if you do a number of different scans for spam/viruses, etc., and it hooks the milter interfaces for each operation separately through a multiplexer so you don't start a big perl process for every deliver and you don't keep it tied up for the steps that don't need it (see diagrams on pgs 16 and 113 of that pdf for the concept). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 12:32 PM, Timothy Murphy wrote: > You sound as though you think it is meritorious > for software to be difficult to use. > No, I believe education is meritorious. > The task of postfix seems to me fairly easy to understand, > so I don't see why implementing a solution should be that difficult. > It seems easy to understand because you do not understand it. The more you delve into the topic of mail, the more you realize it is not easy to understand with just a few passing glances. Perhaps that is why you are not finding a simple document to answer your question. Either way, I had no intention of making you mad. I was simply trying to help by saying that reading a book on postfix is a very worthwhile pursuit. You rejected it, and that is fine. The only other suggestion I could make is to also read the postfix mailing list (http://www.postfix.org/lists.html) or the spamassassin mailing list ( https://wiki.apache.org/spamassassin/MailingLists). Do with it what you will. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, 2014-08-13 at 18:32 +0200, Timothy Murphy wrote: > If I had to read a book in order to install and configure postfix > I would go back to sendmail. Try EXIM - it worked for me almost out-of-the-box with very minimal configuration. Since then I have introduced lots of extra refinements to successfully keep spam out without using third party facilities. No one really wants to revert to Sendmail - do they ? -- Regards, Paul. England, EU. Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
BC wrote: >> I've never seen a 1-page document that said, >> "These are the changes I made after downloading packages X, Y and Z." > There is a large chasm between configuring a mail server and understanding > the configuration of a mail server. Due to the many pitfalls and custom > environments, it is very difficult to have a 1-page document that does > much more than be an outbound MTA. Note what I asked for. If you have installed postfix + spamassassin or whatever under CentOS then presumably you downloaded certain packages and then made certain changes in config files and perhaps elsewhere. Therefore it is possible to write a short document just listing the changes you have made. It may be a waste of time in your view; but in my experience this is exactly what I want to read for my very basic home server needs. > Unlike apache, you can't just tweak the config after a failure > and hit 'refresh'. I don't see why not. That is exactly what I do, in both cases. The difference in my experience is that apache documentation is much better. > The postfix documentation does detail a few sane defaults, > but spamassassin is not part of postfix > and therefore the defaults have to be modified right from the get-go, > also unlike with apache where the defaults work for many people > because they don't require any complexity from their httpd servers. MySQL, LDAP, PHP, etc, are not part of httpd, but they all seem to me to work well together without studying the matter in depth. > I would highly recommend getting a book on postfix. If I had to read a book in order to install and configure postfix I would go back to sendmail. You sound as though you think it is meritorious for software to be difficult to use. The task of postfix seems to me fairly easy to understand, so I don't see why implementing a solution should be that difficult. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RH developer toolset
On Mon, Sep 16, 2013 at 11:45 PM, Karanbir Singh wrote: > >> >> Here's the link to the announcement for anyone interested: >> http://developerblog.redhat.com/2013/09/12/rhscl1-ga/ > > both of these are being worked out - and we should have CentOS releases > soon - I know Tru is hammering away at the devtools-2, and Johnny is > working on getting a first build for the scl's. > > for the first few cycles, we might want to keep this as tech-preview, i > dont think anyone really has clarity on how this is going to shape up in > the coming weeks/months. > Is there any news on this front for CentOS7? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
On Wed, Aug 13, 2014 at 7:41 AM, Timothy Murphy wrote: > > I've never seen a 1-page document that said, > "These are the changes I made after downloading packages X, Y and Z." > And there are few if any tests to determine where email is going > if it is not going where you want it to. > There is a large chasm between configuring a mail server and understanding the configuration of a mail server. Due to the many pitfalls and custom environments, it is very difficult to have a 1-page document that does much more than be an outbound MTA. One seemingly minor and innocuous change to main.cf can create an open relay or an infinite loop (especially when adding content pipes) or any number of other problems. Unlike apache, you can't just tweak the config after a failure and hit 'refresh'. The postfix documentation does detail a few sane defaults, but spamassassin is not part of postfix and therefore the defaults have to be modified right from the get-go, also unlike with apache where the defaults work for many people because they don't require any complexity from their httpd servers. See this comment in the standard httpd.conf: # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. I would highly recommend getting a book on postfix. It is very enlightening and well worth it. The problem scope of mail is large and complex and small scattered online docs will not lead you easily to an understanding of that scope. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] MySQL - replication - how to restore master?
> -Original Message- > From: John Horne [mailto:john.ho...@plymouth.ac.uk] > Sent: Wednesday, August 13, 2014 7:53 AM > To: CentOS list > Subject: [CentOS] MySQL - replication - how to restore master? > > Hello, > > However, I am having trouble finding out what to do should we lose the > master server. Typically mysqldump backups of the master are done > overnight, so a failure during the day would mean that the slave is > ahead of the master backup. So this poses two questions: > Note: I have not been running MySQL or HA systems for a very good while now. Salt appropriately. Perhaps the following URL can help: http://dev.mysql.com/doc/refman/5.0/en/replication-solutions-switch.html I believe useful sets of key words for the searching the web would be: mysql master slave promotion and mysqldump slave http://dev.mysql.com/doc/refman/5.0/en/replication-solutions-backups-mysqldump.html Even when this disclaimer is not here: I am not a contracting officer. I do not have authority to make or modify the terms of any contract. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 - Firewall always allows outgoing packets?
On Wed, August 13, 2014 8:16 am, Timothy Murphy wrote: > Jonathan Billings wrote: > >> 'FirewallD' doesn't replace 'iptables' except in the sense of activated >> system services, not the core firewall functionality. FirewallD just >> builds and modifies iptables rules. > > I often wonder if I am in a small minority of CentOS users, > who are just running home servers of some kind. > Most of the posters to this mailing list > seem to be in charge of systems with hundreds if not thousands of users. > In my understanding, _you_ are in the majority of CentOS users. It also looks like upstream system (RHEL) vendor composes system more suitable for users like you. This is why there are many posts from admins working for larger number of users have so heated discussion, as some of them feel this new philosophy [we see in RHEL 7] is less suitable for large servers. To summarize: in my evaluation this new incarnation of system will be well suited for you, even better than previous versions, and I really recommend you to keep using CentOS 7 and follow RedHat manual for RHEL 7 - someone gave URL on this list - you quite likely will find it extremely helpful and easy to digest. Valeri > -- > Timothy Murphy > e-mail: gayleard /at/ eircom.net > School of Mathematics, Trinity College, Dublin 2, Ireland > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 - Firewall always allows outgoing packets?
Am 13.08.2014 um 15:16 schrieb Timothy Murphy: > > I'm a bit surprised no-one has mentioned shorewall. > I'm using it on two tiny home servers, > one under CentOS-6 and the other CentOS-7. > Basically, this is because I don't understand iptables, > or really want to understand it. here, too, I'm using shorewall, because with the semantics in the config files, I can easily express what I want. It makes it easy to create very complex setups without knowing anything of iptables (although it helps to know about it). Moreover, the superb help of Tom Eastep and others in the support mailing list makes shorewall the firewall of my choice. Hence, the first thing I disable on a fresh centos install: firewall and sh** > I often wonder if I am in a small minority of CentOS users, > who are just running home servers of some kind. welcome to the club ;) Regards Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 - Firewall always allows outgoing packets?
Jonathan Billings wrote: > 'FirewallD' doesn't replace 'iptables' except in the sense of activated > system services, not the core firewall functionality. FirewallD just > builds and modifies iptables rules. I'm a bit surprised no-one has mentioned shorewall. I'm using it on two tiny home servers, one under CentOS-6 and the other CentOS-7. Basically, this is because I don't understand iptables, or really want to understand it. Is firewalld a reasonable alternative in CentOS-6? I often wonder if I am in a small minority of CentOS users, who are just running home servers of some kind. Most of the posters to this mailing list seem to be in charge of systems with hundreds if not thousands of users. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dual boot with 2 drives
On 08/09/2014 05:23 AM, Alan McRae wrote: > No problems Joe. I have done this multiple times. > > I assume you have Fedora 20 on sda (the first disk) with > the bootloader (grub2) on sda. Your BIOS will be set to boot sda. > > You install CentOS 7 on sdb (obvious). > > Your options are with the bootloader (grub2). If you install > the bootloader on sdb the two systems will remain separate. > You will have to change the BIOS to boot either sda (F20) or sdb (C7). > > The way I prefer would be to install the new bootloader on sda > (overwriting the current configuration). > Your BIOS will still boot sda which will take you into > the grub2 menus which will show both Fedora 20 and CentOS 7. > > You need to be aware that in the above configuration sda will > boot into /boot on sdb (C7) which will have the dual boot menus. > Don't wreck this directory or you won't be able to boot F20 (easily). > > The F20 and C7 installers are very good. They scan the disks for > linux and Windows installations and add them into the boot menu for you. > > I have a laptop which boots C7, C6, F20, XP and 3 versions of Android > using grub2. > > Alan > Alan, Thank you for your reply. I was concerned that if, during the C7 install, I put the bootloader on sda that it would wipe out what was already there and prevent me from booting F20. Apparently this is not the case. However, I decided to put the bootloader on sdb so I could easily wipe out the C7 install and use the drive for something else. I did the install from the C7 DVD disk. Maybe I missed something but once I indicated I only wanted to use the sdb disk (checkmark on icon), I did not have the option as to where to put the bootloader. After the install, when I boot the computer I go directly to F20. If I press the ESC key when booting I get a BIOS bootloader menu. Miraculously, sdb is on the list. Apparently the BIOS is smart enough to recognize that sdb is bootable and, therefore, puts it on the list. Thanks, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 114, Issue 7
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2014:1048 CentOS 6 hwloc Update (Johnny Hughes) 2. CEEA-2014:1046 CentOS 7 yum-utils Enhancement Update (Johnny Hughes) 3. CEBA-2014:1049 CentOS 7 libreswan BugFix Update (Johnny Hughes) 4. Re: CEBA-2014:1048 CentOS 6 hwloc Update (Karanbir Singh) 5. CEBA-2014:1048 CentOS 6 hwloc Update (Karanbir Singh) -- Message: 1 Date: Tue, 12 Aug 2014 17:36:17 + From: Johnny Hughes Subject: [CentOS-announce] CEBA-2014:1048 CentOS 6 hwloc Update To: centos-annou...@centos.org Message-ID: <20140812173617.ga58...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2014:1048 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1048.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a78248940b097ea5231b2c9fa1d5c9697365a869432b392daa4158eb93d5a380 hwloc-1.5-2.el6_5.i686.rpm 1e345b4d6d7bfb257e98cdbbb5f1ebb378fb394299daadf8635c7447e92c4f08 hwloc-devel-1.5-2.el6_5.i686.rpm x86_64: a78248940b097ea5231b2c9fa1d5c9697365a869432b392daa4158eb93d5a380 hwloc-1.5-2.el6_5.i686.rpm 1bb46dd739a3369249442f436ab49e3e0e290d9655a120e318db645ebbe4923d hwloc-1.5-2.el6_5.x86_64.rpm 1e345b4d6d7bfb257e98cdbbb5f1ebb378fb394299daadf8635c7447e92c4f08 hwloc-devel-1.5-2.el6_5.i686.rpm c57299cbfb26225b36aab0ba8913a15380f03606fa3c7fc648ca73d71a35559a hwloc-devel-1.5-2.el6_5.x86_64.rpm Source: 11f31bbd4e7bb2b9c80f0400cd10c1ca29c561eae37d07f1f7e464dedd5f99ad hwloc-1.5-2.el6_5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Tue, 12 Aug 2014 19:13:23 + From: Johnny Hughes Subject: [CentOS-announce] CEEA-2014:1046 CentOS 7 yum-utils Enhancement Update To: centos-annou...@centos.org Message-ID: <20140812191323.ga7...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2014:1046 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-1046.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: ea7e7baa17dd63572fef201446bb164a518ea38ef95f980f6c3ac38ab778c906 yum-NetworkManager-dispatcher-1.1.31-25.el7_0.noarch.rpm 99e02e21251aae1407b3856d8a463cfd1ad693ba98a2c75660b13fa8fa99f0e7 yum-plugin-aliases-1.1.31-25.el7_0.noarch.rpm 9aa713da4da89c0831d2faaa730ad71e8ee62a61276c95472431822fe77add03 yum-plugin-auto-update-debug-info-1.1.31-25.el7_0.noarch.rpm 676915fa0876f106a0a3f571ea6a8559d94828a5a305eddce0fdf3fce973eb95 yum-plugin-changelog-1.1.31-25.el7_0.noarch.rpm 49a1ce5f7a80c4d31701401dc894b67c6e3ba3d4bf297e78e408212823ac7ae5 yum-plugin-fastestmirror-1.1.31-25.el7_0.noarch.rpm cb8638873b0473ea38d0130089bd3e3301ed60c5b4b71895f11b5ec3e129520a yum-plugin-filter-data-1.1.31-25.el7_0.noarch.rpm 0d7568f4a6db357a69a2d5f015a1d23c38765e28773b7e59e71fe5df8e06f3fb yum-plugin-fs-snapshot-1.1.31-25.el7_0.noarch.rpm 1e43ca04c2f164396e3ae3056172de179a0a7f480ba9e72713bc3966c1a34ca4 yum-plugin-keys-1.1.31-25.el7_0.noarch.rpm d16bcfdc923ee29f6ac37407a2938327ef4aadaff189a48c6a691d9842861f75 yum-plugin-list-data-1.1.31-25.el7_0.noarch.rpm 371f70326a60d3a5b2147afcad36716ed6a779ad48d6142c1e1fbb3985dbd25a yum-plugin-local-1.1.31-25.el7_0.noarch.rpm ab84cccbea5698fccbd35e2a0b5078877cf3b2cd1f50091b7ed0bbd46489ada1 yum-plugin-merge-conf-1.1.31-25.el7_0.noarch.rpm 5d414b6ce2154fbc12a21d2b2abf71f3b8522ca66d8400096147b2d8451f9201 yum-plugin-post-transaction-actions-1.1.31-25.el7_0.noarch.rpm f9fb505035cc0fcde722b0cc61ec04f48a147aea803a6ec4313f799ed7c606a4 yum-plugin-priorities-1.1.31-25.el7_0.noarch.rpm 7ae589ea90b226d29677f54235fed5460ed5b27deabd5d5a79c0c606c3fdc537 yum-plugin-protectbase-1.1.31-25.el7_0.noarch.rpm 6cadbb650c45ff69159b020fa16b94f9b0780fc3473b0f1ae5ece4272e2badc4 yum-plugin-ps-1.1.31-25.el7_0.noarch.rpm b8588f3e50edc34585f67d5b60a2e2eba329bb6df0db9eb92857b1ea5e780ea2 yum-plugin-remove-with-leaves-1.1.31-25.el7_0.noarch.rpm 4ac167cf8b209a46962f3242d9f28c2a1975f4d6e3753478f3b29b529888c2cf yum-plugin-rpm-warm-cache-1.1.31-25.el7_0.noarch.rpm 7f35a162999acdd879a86ac58a1d9bf5e31891464edceda99fedd10655ca17f0 yum-plugin-show-leaves-1.1.31-25.el7_0.noarch.rpm 0103e7faad411d966b0e7ff93d98ec45b17fc1b8bd9e
[CentOS] MySQL - replication - how to restore master?
Hello, We have MySQL running as a master which is replicating to a single slave server. We are, however, considering what is required when a 'disaster' of some sort happens to either server. By disaster, this could be some event which requires the entire server to be rebuilt, and which would usually include restoring from nightly backups directories such as '/var/lib/mysql' and '/var/log/mysql' (as set in our my.cnf file). It could also refer to an event which only affects the mysql service, but requires us to stop the mysql master service. This may involve reinstalling the mysql package, and, again, restoring the '/var/lib/mysql' and '/var/log/mysql' directories. In the case of losing the slave server, we have found instructions for rebuilding the slave database and restarting replication using a mysqldump backup taken from the master server. We have tested this and it works fine. However, I am having trouble finding out what to do should we lose the master server. Typically mysqldump backups of the master are done overnight, so a failure during the day would mean that the slave is ahead of the master backup. So this poses two questions: 1) If the master fails, and we perform (at that time) a mysqldump of the slave, we could import the data into the master, but what commands do we need to tell the master (and slave?) to start replication based on the imported data? As far as I can gather the master replication data is held in the '/var/log/mysql' directory (in our case) in the bin log files, and these would typically be restored after a disaster. 2) If the master fails and we import the overnight backup data, what commands do we then need to issue on the master and slave to restart replication from the imported data? In particular, on the master do we just delete the bin log files and let replication start afresh? And on the slave, which at that time would be ahead of the master, how do we sort out the replication? Do we drop the existing database and import the backup data into the slave as well, so that both the master and slave start with the same data? Thanks, John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide
Valeri Galtsev wrote: > while you haven't settled on anything you could consider amavisd as > well... I'm using amavisd on a CentOS-6 server (with dovecot and spamassassin) but I found it very difficult to setup. The documentation for amavisd under CentOS is unbelievably bad. In fact, the documentation on using postfix and postfix-related packages under Linux is beginning to rival that for sendmail when it first came out, before someone wrote sendmail.mc . There are innumerable recipes involving bizarre (and unexplained) additions to main.cf and master.cf (in /etc/postfix/). I asked about one such recipe, and was advised that I would have to read 2 books on postfix before I could understand it. I've never seen a 1-page document that said, "These are the changes I made after downloading packages X, Y and Z." And there are few if any tests to determine where email is going if it is not going where you want it to. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package hwloc-1.5-2.el6_5.x86_64.rpm is not signed
yeah, I noticed that too but didn't get as far as emailing the list. if you do a yum update (or at least did one yesterday; it might have changed overnight), yum will throw this warning just before it exits. On 08/12/2014 07:37 PM, Leonard den Ottolander wrote: > Package hwloc-1.5-2.el6_5.x86_64.rpm is not signed > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos