Re: [CentOS] Yum segmentation fault updating from 5.6 to 5.7
On 09/15/2011 02:45 PM, Sebastiano Pilla wrote: > Craig White wrote: >> mv /var/cache/yum/base/primary.xml.gz/sqlite /tmp >> >> and try again I suppose - yes, that file is supposed to be much larger - I >> suspect that it will create a new 'copy' of that file if it fails to find it. > > Unfortunately yum recreates the same corrupted file, even if I move it > out or delete it: Are you behind a proxy? I've had issues where a proxy was caching the file and after the repo had updated it's version, the cached version was out of date and resulted in errors. The fix was typically to issue a wget with the --no-cache directive to request an updated copy or restart the proxy. wget --no-cache http://... -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to stop an in-progress fsck that runs at boot?
On 09/13/2011 07:39 PM, Matt Garman wrote: ... > Also, as a side question: I always do this---let my servers run for a > very long time, power down to change/upgrade hardware, then forget > about the forced fsck, then pull my hair out waiting for it to finish > (because I can't figure out how to stop it once it starts). I know > about tune2fs -c and -i, and also the last (or is it second to last?) > column in /etc/fstab. My question is more along the lines of "best > practices"---what are most people doing with regards to regular fsck's > of ext2/3/4 filesystems? Do you just take the defaults, and let it > delay the boot process by however long it takes? Disable it > completely? Or do something like taking the filesystem offline on a > running system? Something else? ... I make an effort to note the count before rebooting and if I don't have time to allow the fsck, I will adjust the max-mount-counts to give me some time to plan an fsck on a subsequent reboot. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:57 PM, m.r...@5-cent.us wrote: > Josh Miller wrote: >> On 08/31/2011 01:37 PM, Josh Miller wrote: >>> On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: >>>> Josh Miller wrote: >>>>> On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: >>>>>> Stephen Harris wrote: >>>>>>>> Here's a thought I just thunk, folks: some scum, apparently in >>>>>>>> eastern Europe, has harvested my email, and is using it in the >>>>>>>> Reply-To: in its spamming efforts. Now, I realize that some >>>> >>>>>>> Anyway, the SMTP server should send the delivery failure to the >>>>>>> envelope address, which may be different to both the From and >>>>>>> Reply-To addresses. > >> >> Why don't you use your SPF record to prevent spoofing (to most >> providers...)? >> >> > dig -t txt 5-cent.us >> ... >> 5-cent.us. 14400 IN TXT "v=spf1 a mx ptr >> include:hostmonster.com ?all" >> ... >> >> You have one but you're not using it to prevent spoofing. > > Um, because I'm not that deep into that? Thank you, I'll look at setting > that up. One question: is that in my registrar, or my hosting site? Given > it's an MX record, I'm guessing it's the former. It's a DNS record. Hostmonster is authoritative for your domain, so you'll likely use them. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:48 PM, Bowie Bailey wrote: > On 8/31/2011 4:37 PM, Josh Miller wrote: >> On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: >>> You're saying it uses the envelope, not if exists Reply-To, else From? The >>> problem I have with that is that a few of them have returned the email, >>> with full headers, and I see the *only* reference to my email address is >>> in the Reply-To. >> You are seeing the "full" email headers. You will not see the envelope >> headers unless you capture packets or view mail server logs, etc.. > > Actually, what you are interested in is the envelope sender that the > remote server saw. And there is no way for you to see that unless you > have access to the remote server's logs. > That is not true as the remote server will present the envelope header to your mail server upon connection. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:37 PM, Josh Miller wrote: > On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: >> Josh Miller wrote: >>> On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: >>>> Stephen Harris wrote: >>>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern >>>>>> Europe, has harvested my email, and is using it in the Reply-To: in >>>>>> its spamming efforts. Now, I realize that some mails go out from >> >>>>> Anyway, the SMTP server should send the delivery failure to the >>>>> envelope address, which may be different to both the From and Reply-To >>>>> addresses. >>>>> >>>> That would be lovely. Unfortunately, a high percentage seem to use the >>>> Reply-To address. Trust me, the last four or five months, I've gotten >>> >>> The Reply-To address is an optional component of the email header and is >>> not used in email routing by mail servers. >> >> I'm well aware that it's an optional component. > > Thank you for that clarification. > >> >>> Mail server will send NDRs (non-delivery receipts) back to the envelope >>> sender every time with no regard for From or Reply-To. >> >> You're saying it uses the envelope, not if exists Reply-To, else From? The >> problem I have with that is that a few of them have returned the email, >> with full headers, and I see the *only* reference to my email address is >> in the Reply-To. > > You are seeing the "full" email headers. You will not see the envelope > headers unless you capture packets or view mail server logs, etc.. > > Mark, Why don't you use your SPF record to prevent spoofing (to most providers...)? > dig -t txt 5-cent.us ... 5-cent.us. 14400 IN TXT "v=spf1 a mx ptr include:hostmonster.com ?all" ... You have one but you're not using it to prevent spoofing. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: > Josh Miller wrote: >> On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: >>> Stephen Harris wrote: >>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern >>>>> Europe, has harvested my email, and is using it in the Reply-To: in >>>>> its spamming efforts. Now, I realize that some mails go out from > >>>> Anyway, the SMTP server should send the delivery failure to the >>>> envelope address, which may be different to both the From and Reply-To >>>> addresses. >>>> >>> That would be lovely. Unfortunately, a high percentage seem to use the >>> Reply-To address. Trust me, the last four or five months, I've gotten >> >> The Reply-To address is an optional component of the email header and is >> not used in email routing by mail servers. > > I'm well aware that it's an optional component. Thank you for that clarification. > >> Mail server will send NDRs (non-delivery receipts) back to the envelope >> sender every time with no regard for From or Reply-To. > > You're saying it uses the envelope, not if exists Reply-To, else From? The > problem I have with that is that a few of them have returned the email, > with full headers, and I see the *only* reference to my email address is > in the Reply-To. You are seeing the "full" email headers. You will not see the envelope headers unless you capture packets or view mail server logs, etc.. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: > Stephen Harris wrote: >>> Here's a thought I just thunk, folks: some scum, apparently in eastern >>> Europe, has harvested my email, and is using it in the Reply-To: in its >>> spamming efforts. Now, I realize that some mails go out from noreply, >>> but >>> other than that, is there a good reason why a mailserver would not be >>> configured to send delivery failure to *both* Reply-To and From? >> >> You don't want to send rejects to more than one address 'cos you then >> have a simple message multiplier; send one message, generate two bounces; >> the mail server will be doubling the back-scatter problem! >> >> Anyway, the SMTP server should send the delivery failure to the envelope >> address, which may be different to both the From and Reply-To addresses. >> > That would be lovely. Unfortunately, a high percentage seem to use the > Reply-To address. Trust me, the last four or five months, I've gotten > probably hundreds, if not more, of delivery failures. And I wind up at > least glancing at them, in case email to this list, or to a friend, has > bounced. Mark, The Reply-To address is an optional component of the email header and is not used in email routing by mail servers. If the Reply-To is absent, mail clients compose a message to be sent to the sender listed in the From field instead. Mail server will send NDRs (non-delivery receipts) back to the envelope sender every time with no regard for From or Reply-To. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:16 PM, m.r...@5-cent.us wrote: > Here's a thought I just thunk, folks: some scum, apparently in eastern > Europe, has harvested my email, and is using it in the Reply-To: in its > spamming efforts. Now, I realize that some mails go out from noreply, but > other than that, is there a good reason why a mailserver would not be > configured to send delivery failure to *both* Reply-To and From? There are two parts to an email that relate to routing; envelope header and email header. The only consideration given to routing is the envelope header which has sender and recipient, nothing else. Reply-To is part of the email header and is there for the email client to use. (See RFCs 2821, 2822.) HTH, -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem booting in CentOS 5.6
On 08/19/2011 09:31 AM, John J. Boyer wrote: > The last update for CentOS 5.6 included a new kernel. Now when I boot > there is a message on the console saying "mounting cifs: Password". If > someone presses enter it continues to boot. This is very inconvenient, > since I access my machine by ssh. Is there some way to get it to boot > without pausing? It sounds like you have an /etc/fstab entry to mount a cifs share without a credential file to give permissions. Is this correct? If so, you will need to resolve that issue. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenLDAP setup and bootstraping in CentOS 6
On 08/17/2011 12:03 PM, Mitch Patenaude wrote: ... > I created a /etc/openldap/slap.conf file with a default rootdn and > rootpw, and they didn't seem to take effect. After much wailing and > gnashing of teeth I found that if there is a config directory at > /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how > to translate slapd.conf into the (new?) standard of slapd.d because all > the examples I can find still use slapd.conf. > > Am I better off just deleting (or renaming) slapd.d? Does anybody know > the proper format for slapd.d entries? ... You'd be best off learning the new method of configuration as I've heard rumors that the slapd.conf file will be deprecated at some point. Here you can find some additional information: http://www.zytrax.com/books/ldap/ch6/slapd-config.html Basically, any slap* command which can reference a file will perform the conversion. HTH, -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drop manitu.net
On 08/11/2011 11:12 AM, m.r...@5-cent.us wrote: > Josh Miller wrote: >> In fact, that is one of the single most effective mechanisms used to >> combat spam, in my experience and will cut down the amount accepted at >> the gateway(s) by up to 95%. > > I'm not sure who you're answering or agreeing with, but my point is still > that 90% of everybody blocked has no clue whatever about what to do about > it, and esp. the people with infected systems. A standard channel *to* an > ISP for this kind of technical issue - either the ISP notifying the > spammer that their machine needs to be cleaned before they'll be allowed > back online, or between ISP, would do something useful. But I doubt very > much that most of those 90% of users who are *not* spammers, nor infected, > would have any idea to complain to their ISP that something needed to be > done, and so the ISP goes on thinking there's no problem. The result that > *I* see from that is that people simply drop, or change services, and > nothing gets fixed. > Mark, I totally understand your viewpoint. I have been that guy on the phone with Comcast demanding that port 25 be un-blocked so that I could continue hosting email from my home ISP as part of my service agreement included the ability to check/send/receive email on-line (that only worked 2-3 times). The problem is that most home users don't host mail and don't care to. Along with that attitude is the fact that a significant amount of spam comes from IP addresses that are dynamically assigned or assigned by residential serving ISPs. It's much easier to block those IP ranges than to care that someone might be sending a few messages out of one of them from a reputable domain. Also, where I'm from (greater Seattle area even), you don't have much choice as far as ISPs go, so changing service providers is not a big option. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drop manitu.net
On 08/11/2011 10:56 AM, m.r...@5-cent.us wrote: > Craig White wrote: >> On Aug 11, 2011, at 4:51 AM, mark wrote: >>> Always Learning wrote: >>>> On Wed, 2011-08-10 at 21:36 -0500, John R. Dennison wrote: > >>> You don't seem to understand the issue. My hosting provider has >>> literally hundreds of thousands of domains. The email gets funneled for >>> all, I assume, except those paying for co-location, through their >>> heavy-duty mailhost. manitu sees spam coming from that mailhost, and >>> blocks EVERY EMAIL FROM EVERY DOMAIN that goes through it, even though >>> none of the rest of us are running windows or spamming >> >> Not sure who it is that doesn't understand the issues. >> >> If an RBL has designated a particular SMTP server or range of SMTP servers >> as a source for spam then the solution lies with those that own the SMTP >> servers to satisfy the RBL and get the blocks removed. >> >> Yes, some RBL's are more aggressive than others but the notion that it >> blocks EVERY EMAIL FROM EVERY DOMAIN is exactly what RBL's are supposed to >> do since they don't worry at all about which e-mail or which domain at >> all... only SMTP servers from a particular IP Address or a range of IP >> Addresses. > > And that's *EXACTLY* what I'm saying is the wrong thing to do. Dunno where > you live, but go ahead, for whoever provides 'Net access to your home: > call them up, or email them, and tell them to contact manitu, and to > request that manitu put them on a whitelist. > > Let me know when they get back to you. I'll look for your email sometime > around the time when you move and change providers. In fact, that is one of the single most effective mechanisms used to combat spam, in my experience and will cut down the amount accepted at the gateway(s) by up to 95%. (I know a lot of folks on this list will maintain their own mail server and might get a few hundred or thousand messages each day going through but I've run systems with up to billions of messages a day which is a completely different ball game.) -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba 3.5.4 net map group list doesn´t work
On 07/19/2011 06:55 AM, Francisco Arencibia Quesada wrote: > Good morning to everybody, I´m using centos 5.6 with samba 3.5.4, I´m > having troubles mapping groups in samba, I write net groupmap list, > and It doesn´t show any groups, nothing, This is driving me crazy, > please if somebody can give me a hand with this, I will be thankful > forever.!!! Try running the command as root or with sudo, and with debug to a high level: > sudo net -d 3 groupmap list Do you get any additional troubleshooting information there? (3 is a good start and you can go to 10.) You should see two groups by default: > net groupmap list Administrators (S-1-5-32-544) -> BUILTIN\administrators Users (S-1-5-32-545) -> BUILTIN\users If that doesn't give you anything helpful, try running with strace for more info: > sudo strace -o /tmp/ngm.strace net groupmap list You can then analyze the output in /tmp/ngm.strace for additional clues. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
