Re: [gentoo-user] How to emerge bugzilla w/ postgresql
Richard Broersma Jr wrote: I am creating a new gentoo server, and I am in the handbook section to specify USE variables. No matter how I errange my USE variable in the make.conf, emerge --update --pretend bugzilla -- wants to use mysql [ebuild N] dev-db/mysql-4.1.20 [ebuild N] dev-perl/DBD-mysql-2.9007 ... USE=server symlink bugzilla sshd postgresql -mysql -mysqli postfix -X -xorg -berkdb -kde -gnome -metacity emerge -pv bugzilla [ebuild R ] www-apps/bugzilla-2.22 USE=apache2 graphviz mysql vhosts -extras -postgres 1,911 kB Change postgresql to postgres in your USE flags. Mysql is probably a default if no db is specified. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to emerge bugzilla w/ postgresql
Richard Broersma Jr wrote: Thanks for the suggestion. I defenitly see an improvement! But the problem hasn't completly gone away. [ebuild N] dev-db/mysql-4.1.20 [ebuild N] dev-perl/DBD-mysql-2.9007 [ebuild N] dev-db/libpq-8.1.4 [ebuild N] dev-db/postgresql-8.1.4 [ebuild N] dev-perl/DBD-Pg-1.43 Any other idea? try emerge -pvt bugzilla for tree mode so you can see what's pulling in Mysql. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Suggested network fs for small lan ?
Alexander Skwar wrote: Enrico Weigelt schrieb: what network filesystem would you suggest for an small LAN ? NFS. If Windows systems need to access the resources, I'd think about installing MS SFU on those boxes. I spent a week fighting with SFU on 2003 last month. While I'm sure I missed a number of things and did a few things wrong it was far simpler to run NFS for the Linux boxes and Samba for the Windows boxes on the main storage head rather than trying to get Windows to play nicely with NFS. YMMV. On the original question a dedicated NFS server sounds like a solution rather than chaining NFS through multiple machines. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Filtering spam for a business address
Grant wrote: Greylisting because it doesn't filter anything it merely delays email with a temp 450 error. Real emails retry after an interval and spam does not so it eliminates about 90-95%. Couple with reasonable Postfix checks like making sure the sender domain exists, etc and a mail client with internal filtering. With the above in place I see maybe 1-2 actual spams in my inbox a week and averaging about eight a day in my spam folder. Postgrey is in portage and it'll take you about almost two full minutes to get setup and working. I suggest making the the greylist time 30 seconds and the whitelist time 32 days. kashani That sounds really nice. Would you say sending back a 450 error is 100% reliable? Which config option makes postfix check to see if the sender domain exists. I can't find it in /etc/postfix/main.cf. Nothing is 100% reliable and greylisting is no different. Somewhere someone is running a mail server that retries every 4 hours instead of the usual 5 minutes, 15 minutes, 60 minutes that most servers do. Mail that shows up in 4-8 hours may be no different that if you have dropped the mail in the first place. Additionally some things like Amazon newsletters do not retry at all so you'd have to white-list them. And I've seen two instances where email originates from a different server each time it retires... which makes no sense at any level and seems incredibly in efficient. I'd keep an eye on things the first month you run it, but generally I have had very few issues over the past two years. You want to look at smptd_recipient_restrictions. I like the following, but I would not blindly use them unless you are sure it's the behavior you really want. smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, check_policy_service inet:127.0.0.1:10030, reject_unauth_destination, permit kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Filtering spam for a business address
Grant wrote: That's a great article. Where do you implement the changes he suggests on the first page? I searched /etc/postfix/main.cf for the configuration options but they aren't there. You have to add them. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Cron and Local Root Vuln
Ow Mun Heng wrote: There was a disclosure in bugtraq/full-disclosure on this issue. Main thread is here http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047831.html Workround is here http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047868.html Proof of concept is here http://www.milw0rm.com/exploits/2006 This is on a GentooLInux Box 2.6.16-suspend2-r1 kernel. updating to gentoo sources 2.6.16-r12 (2.6.16.24) or 2.6.17-r2 (2.6.17.4) also fixes it. genpatch-2.6.16-14 is the important file if you're using other sources and the ebuild for suspend2-sources-2.6.16-r11 includes it. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Things that can be improved
Rafael Fernández López wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What to do when your smtp server needs authentification ? add sasl support to yout MTA? kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] bind: no logging...?
Jarry wrote: Hi, I'm testing my chrooted bind/nameserver with dig/nslookup, but I think I screwed up its configuration somehow, because I'm not getting expected answers. So I tried to search logs, but to my surprise, it seems to me that bind does not make any logs. Or at least I can not find anything, just starting and loading zone-files (/var/log/syslog) but after that no info about clients requesting dn/ip-resolving... Does bind write logs about its activities somewhere? Should it be in /var/log, or /chroot/dns/var/log? Bind is like Apache in that it does its own logging. Here's my config with all named logs split out into their own files. Just change the paths to something local in your chroot. http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_BIND#Logging_conf kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] bind: no logging...?
Jarry wrote: kashani wrote: Does bind write logs about its activities somewhere? Should it be in /var/log, or /chroot/dns/var/log? Bind is like Apache in that it does its own logging. Here's my config with all named logs split out into their own files. Just change the paths to something local in your chroot. http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_BIND#Logging_conf Thanks for pointing me to the right place. So many log-files? I hope I can reduce it somehow... But I am surprised that bind does not do logging right of the box, like apache... In an ISP setting having the logs broken out like that made it easier to troubleshoot things. Also made it easier to estimate the number of lookups per second or tail the general.log for errors without having to see all the queries or lame servers. Bind may log right out of the box, but it would depend on the configuration in your named.conf. I've been using my confs for a few years and haven't looked at the Gentoo default lately. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Anyone using Yahoo as Postfix relay? (Name service error for name=smtp1.mail.vip.ukl.yahoo.com type=MX: Malformed name server reply)
Stroller wrote: Did you authenticate propery @smtp.mail.yahoo.co.uk ? I believe so. There's nothing in the logs to indicate that I haven't, and the user:pass in /etc/postfix/sasl_passwd is correct, In my case I noticed that sasl auth on relay doesn't seem to work unless I set the following in main.cf smtpd_sasl_auth_enable = no smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous broken_sasl_auth_clients = yes it's the smtp_sasl_auth_enable = yes line that is the most important. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Anyone using Yahoo as Postfix relay?
Enrico Weigelt wrote: * kashani [EMAIL PROTECTED] wrote: snip In my case I noticed that sasl auth on relay doesn't seem to work unless I set the following in main.cf smtpd_sasl_auth_enable = no ^ Are you sure you have to *disable* sasl auth on your (incoming) smtp server ? With more than one admin here it's easy to mistake smtp for smtpd. Additionally I believe is explicitly turning off things I don't need so they don't come back to bite me in the ass when the default settings of a daemon changes eight months down the line. If you need sasl on incoming mail then by all means leave it on. it's the smtp_sasl_auth_enable = yes line that is the most important. Of course. You have to tell him that he should (try to) authenticate itself at another server. Hard to auth when you're not telling Postfix it needs to with the smtp_sasl = yes line. At least that hasn't been mentioned in this thread so I thought it was worth the mention. Going back to the original problem you won't see sasl auth in the logs unless you add a -v to smtp is master.cf, again not smtpd which is the first line in master.cf, but smtp. I'd flip it on while you're troubleshooting. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] /usr/sbin/mysqld: No such file or directory
Jarry wrote: Hi, I installed mysql (amd64), but it does not want to start: obelix ~ # /etc/init.d/mysql start * Caching service dependencies ...[ ok ] * ... * Starting mysql (/etc/mysql/my.cnf) start-stop-daemon: stat /usr/sbin/mysqld: No such file or directory * MySQL NOT started (2) [ !! ] obelix ~ # And there is really no /usr/sbin/mysqld... But why does start-up script want to start /usr/sbin/mysqld??? Saw a guy with this same issue last night on IRC. You didn't happen to use the minimal USE flag did you? If you did, you've only installed the client libs rather than the whole package. Or at least that's what we figured and he never got back to me on whether -minimal fixed it. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] where's good old inetd ?
Enrico Weigelt wrote: Ah. Interesting argument. Because it's quite modern (for the kids) to wear overwide pants, there's no need to produce tight ones anylonger ? Great. It's more along the lines of inetd being utter crap compared to xinetd. What next, complaining that NCSA httpd isn't in portage and how you're forced to use Apache? :-) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Best webmail
Stroller wrote: On 26 Jun 2006, at 21:54, kashani wrote: Tibor Liktor wrote: roundcube? http://www.roundcube.net/ Unfortunately after a nice release back in Feb the project is looking like it's dead in the water. What makes you say that? The changelog seems to suggest activity. http://trac.roundcube.net/trac.cgi/wiki/Changelog The forums were down for a month while CVS up and disappeared. Looks like they were transitioning to SVN which makes me feel better, but almost five months without a release doesn't thrill me especially when there are so many things that could be worked on. The changelog isn't very impressive either IMHO. I'd rather see features like global address books being worked on rather than what I interpret to be mostly cosmetic changes. YMMV. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Best webmail
Tibor Liktor wrote: roundcube? http://www.roundcube.net/ Unfortunately after a nice release back in Feb the project is looking like it's dead in the water. Roundcube is a little feature short to be a full webmail system for real users though it's passable if you just need a web interface to get to your mail on occasion. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] where's good old inetd ?
Enrico Weigelt wrote: * Bruno Lustosa [EMAIL PROTECTED] wrote: snip anyway, why use old inetd at all? xinetd is way more powerful and secure! well, I've already been using it for over 10 years, I never had serious problems with it, and has all I need. So why should I now switch to xinetd ? Because most of us switched to xinetd at least six years ago. :-) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] 64bit vs 32bit
Hemmann, Volker Armin wrote: you don't need a chroot. Just emerge firefox-bin for flash and mplayer-bin for wmv files. Everything else does not make problems. Depending on the video files you'd like to decode 32bit can make a difference. Many of the stranger codecs are supported through the win32 codecs which are not 64bit safe or at least that's what I've read. I'd assume that qt, mp4, and wmv would generally be okay. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] [OT] Looking for a tool to produce 'reverse' SQL
Benjamin Blazke wrote: Hi, I'm looking for a tool that given an existing (base) database schema and an 'update patch' DDL .sql script on input would produce a 'reverse' script that could be used to undo the changes done by the patch. For example: base.sql: CREATE TABLE xxx (...); patch.sql: CREATE TABLE yyy (...); ALTER TABLE xxx ADD COLUMN aaa ...; ALTER TABLE xxx CHANGE column bbb ... reverse.sql: DROP TABLE yyy; ALTER TABLE xxx DROP column aaa; ALTER TABLE xxx CHANGE column bbb get this from the original base schema The purpose of this exercise is to have a production database (MySQL) server that needs to update its schema once in a while to reflect the changes in the related application without the need to recreate the schema from scratch (and possibly losing data). The reverse.sql script could be later used to rollback the schema changes at any time, even rollback multiple patches. How do people generally solve this? I'm sure this must be a fairly common problem. The tool you're looking for is called a DBA. :-) On a more serious note: I normally do the schema changes and table updates followed by updating the code on the servers. Once the code is live we're pretty much stuck with it because it often relies on the new fields or uses the new data we populated. I could revert back to the original data, but we'd lose any new data that came in after the upgrade. If your changes were minor it wouldn't be too hard to manually reverse. On the other hand anything very complicated to reverse where you'd want a tool to do it is likely going to fall into my situation where the new data isn't going to work in the old tables, the old application isn't going to like the new data or tables, and so on. We get around it by doing lots and lots of testing. I probably run through the schema and data updates five or so times depending on the complexity on the changes along with continual QA as the new application is being built in the staging environment. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] [OT] Looking for a tool to produce 'reverse' SQL
Benjamin Blazke wrote: --- kashani [EMAIL PROTECTED] wrote: The tool you're looking for is called a DBA. :-) I see. So it's up to QA to test extensively and up to the DBA to recover from a disaster. I hoped there would be a more automated solution but it seems that it's not really doable. Thanks for such a quick answer ;-) That's pretty much the way we've been doing it, but if there is a better way I'd like to hear it too as I'm a poor imitation of a DBA. However I don't see any easy solutions for combined application, data, schema change rollbacks especially when changes to one cause dependencies in others. As an illustration you change u_user.login_name to varchar(64) from varchar(32). Users start creating longer users names. A few hours later you find some problems in how your application handles longer names. If you needed to rollback the alter table command is easy, but some of your data would now be invalid. Rather than rollback the easier fix is to update the application and hopefully the change is a single file update. I still think there are cases when you could rollback, but they'd have to be so simple that having a tool to generate the sql would be overkill. Ramin -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Module philosophy: Compile-in or Load
Evan Klitzke wrote: On 6/11/06, Anthony E. Caudel [EMAIL PROTECTED] wrote: I was wondering what gentoo-users think and practice about kernel modules. Do most compile them in the kernel or load them at boot-up. I have heard a security argument made that it is safer to compile everything into the kernel, and disable support for modules entirely. The reason for this is that if someone can load malicious modules on your system they can basically circumvent any security systems you are using, including things like SELinux and grsec. If an attacker can load malicious modules into your kernel I'd argue that your security model has already failed and failed spectacularly. Sounds like security as thought up by someone who has never had to managed a system unless someone has a plausible attack scenario. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Daemons log on Gentoo
Mick wrote: On 06/06/06, Leandro Melo de Sales [EMAIL PROTECTED] wrote: Apache, for instance... do you know? Sorry, I don't. I have not installed apache. Check the man page for apache and the man page for its configuration file(s). Also, there must be adequate online documentation because it is everybody's favourite webserver. Have you googled for it? Apache does it's own logging. Look in /var/log/apache2/ kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] sys-apps/pam-login
JimD wrote: Hemmann, Volker Armin wrote: education? I think he meant education of the others asking questions that are easily googled though I read it the way you interpreted the first time as well. I agree that it is easily googled, *but* I can see why people might want a bit of hand holding on this one. It's Oh my God I just locked myself out of a system three thousand miles away packages like pam and shadow that you really don't want to screw up. I might have asked the same questions even after Googling, but I have a test machine and many users do not. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reconstructing a Gentoo Installer Computer
Ryan Tandy wrote: Timothy A. Holmes wrote: At this point then, I am going to actually build a second box for snort perhaps using the hardened sources (I am not in the least comfortable with running hardened on a production box). Wrong. The correct sentiment should be I am not in the least comfortable with running NON-hardened on a production box. :) ESPECIALLY for network-accessible devices. While true the first time moving to hardened sources is interesting at minimum and downright painful at its worst. The time is worth it, but you will break and app or two as well as pull some hair out along the way depending on the complexity of your environment. However if you're building a new system do it now if possible rather than after you've got your applications working or you'll fall victim to the don't fix what isn't broken rule. :) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Sorry!
Hemmann, Volker Armin wrote: that is the point, where friends are important: sometimes you need someone who calls you and suggests an evening of AxisAllies (the board game), beer, pizza and cigarillos (because puffing one while throwing the dice boosts your luck. Hours, days spent with this game have confirmed it!), or invites everybody to a drunken saunapool party *sigh* be 17 again.. or 18... or even 20 (not a teen.. but still a fun phase of life). I'd have to say I'm enjoying my early thirties much more than I ever did my late teens... being able to afford liquor that comes in glass bottles rather than plastic might have something to do with it. :-) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Portage 2.1-rc1-r2
Jerry McBride wrote: I don't know where one would post this kind of messages, so here it is. I'm using the latest version of portage on a couple of ~x86 boxes and I am very impressed. All my cry-babying about portage performance is a thing of the past. So, thank you, Portage Devs. You've made my Gentoo experience nearly 100% enjoyable. 2.1_rc2-r1 dropped yesterday. Between an RC2 and your recommendation I figure it was a bout time to start using it. Works well, I like the new USE flag layout, and some of the other features. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Portage 2.1-rc1-r2
Justin Findlay wrote: On 5/23/06, kashani [EMAIL PROTECTED] wrote: 2.1_rc2-r1 dropped yesterday. Between an RC2 and your recommendation I figure it was a bout time to start using it. Works well, I like the new USE flag layout, and some of the other features. Also try out some of the utilities in portage-utils. Also very nice. Maybe this needs to be a separate thread, but what is the state of things in app-portage? portage-utils looks nice, but is it going to be around for awhile? If it is I'd gladly ditch eix, esearch, ufed, etc and use one package. To be honest while I installed all those I never really bothered to learn much about them since they all seemed to be temporary fixes for whatever was going to be released someday and gentoolkit covers most of the functionality I actually use. Ramin -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] dev-lang/php-5.1.4 emerge failing
Jason Ausmus wrote: Okay, here's another one: I can't emerge dev-lang/php-5.1.4. It fails like this: - checking for mSQL support... no checking for MSSQL support via FreeTDS... yes checking for dnet_addr in -ldnet_stub... no checking for MySQL support... yes checking for specified location of the MySQL UNIX socket... /var/run/mysqld/mysqld.sock checking for MySQL UNIX socket location... /var/run/mysqld/mysqld.sock configure: error: Cannot find MySQL header files under /usr/lib/mysql. Note that the MySQL client library is not bundled anymore! !!! ERROR: dev-lang/php-5.1.4 failed. I see that you're updating from 5.1.1 which was released several month ago, maybe Dec/Jan? Around that time slotted Mysql was active. It is possible that you Mysql libs are installed into /usr/lib/mysql-500 or something similar? Assuming you do I'd update Mysql first to a non slotted build and then try to install PHP again. BTW if you're messing with Mysql 5.0 there was a default charset change from latin1 to utf8 around that time as well so watch your my.conf file. Bugzilla was very unhappy when its charsets suddenly changed. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cvsweb - error: permission denied
Kristian Poul Herkild wrote: I have a cvs-repository on my gentoo box, used in my exam project. However, cvsweb gives following error when trying to access the module in the repository: Error: eksamen/: Permission denied It's no doubt something really stupid, but I can't seem to find the solution. Googling didn't bring up anything particularly helpful. cvs-web version is 1.112 Likely permissions related or least those are the problems I usually have with cvsweb. I do a chmod -R 755 every day or so that Apache can read the repository. I'd make a copy of your current cvs dir and point apache to it. Then try various permissions till you get it right. Then do the same on the real cvs dir. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] MySQL DATADIR - ???
Mark Knecht wrote: I saw this message scroll by when doing an update to MYSQL this evening. * MySQL DATADIR is /var/lib/mysql * Previous datadir found, it's YOUR job to change * ownership and take care of it What is my job? Really? What previous datadir did it find? I believe that's a generic message if /var/lib/mysql exists when the ebuild runs. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] .wmv files
Farhan Ahmed wrote: For converting from .wmv to other formats I recommend mencoder (it comes with MPlayer).. Make sure you compile MPlayer with win32codecs USE flag.. Here's an example to convert movie.wmv to movie.avi (DivX) : mencoder movie.wmv -o movie.avi -ovc lavc -oac lavc It's important to note that the above only works for wmv8 and older files not the newer wmv9 codec that many sites/tools are starting to use. I don't believe there is any free decoder of wmv9 files on Linux at the moment. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] .wmv files
kashani wrote: It's important to note that the above only works for wmv8 and older files not the newer wmv9 codec that many sites/tools are starting to use. I don't believe there is any free decoder of wmv9 files on Linux at the moment. I take some of this back. I've got a custom mencoder build off current CVS that reads wmv9 aka wmv v3 aka wm MPEG-4 v3... or at least that's the story as far as I can tell. However some of the wmv9 stuff can work strangely. I currently have a 70 sec clip that managed to shove itself into 60 sec and then add 10 sec of black to the end. I am transcoding files for the Internet so I'm doing things like changing the size and frame rate which makes me more likely to run into issues. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Web mail
Michael Sullivan wrote:
On Tue, 2006-05-02 at 23:14 -0400, Jim wrote:
Can anyone recommend a webmail client? I am looking for something more modern
than
SquuirrelMal. I have been using SquuirrelMal, however I find it the interface
too old
and outdated.
I also looking into the code to see if I could freshen it up. From a quick
look, the
code is based on really outdated procedural-style PHP where the code and HMTL
is all
mushed together resulting in a mess like this in compose.php:
What other style is there besides procedural?
I had the same sort of thought about six months ago when I switched
jobs. I handle the infrastructure for a complicated web app now and it
is definitely not procedural. I tried to troubleshoot some PHP issues
since I had done some minor work like that at the last job for idiot web
devs.
ws01 site # more index.php
?PHP
_load_class('HomePage');
$ui = new HomePage();
$ui-display();
And that's it. Of course you can track class homepage to homepage.class
which loads mysql.class, forms.class, not to mention the Smarty
framework with templates and the CSS. My days of simple procedural
troubleshooting of PHP code intermingled with display code are
definitely over.
Moving on to the webmail bit, I like Roundcube as well. My personal
server is completely overbuilt so it seems as snappy as Squirrel. If
you're using PHP 4.4, I'd install pecl-apc which should speed things up
greatly. pecl-apc has *issues* with PHP 5.1.x especially if you're using
PHP in any sort of object oriented kind of way. I skipped the overly
complicated Gentoo ebuild/overlay and installed from source. Works fine
with Mysql 5.0 and PHP 5.1.2 if you're that bleeding edge.
Roundcube is low on features like shared address books and things you
might find in Horde, but has a nice interface. It's also likely to
change quite a bit since it's in early beta so it may not be the most
stable choice.
kashani
--
gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Alternative to netkit-telnetd
Dan Johansson wrote: Yes I know that I can just let the server disabled. But I was just wondering if there where any alternatives so that the server don't get started by accident. Will probably delete the server after the emerge. Tanks for your input! You might want to delete chmod and chown as well since files could accidentally get owned to another users or have its permissions changed. :-) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Alternative to netkit-telnetd
Neil Bothwick wrote: On Tue, 25 Apr 2006 10:44:12 -0700, kashani wrote: You might want to delete chmod and chown as well since files could accidentally get owned to another users or have its permissions changed. :-) rm -f /sbin/init should remove the possibility of accidents :) heh, I like this one best. The point we're making, yes there is a point, is there are more dangerous tools that are part of your OS than any telnet daemon. Assuming someone has enough access to start telnet your system is pretty much toast. If you really think you're going to sonasysadmin then adding an iptables rule for port 23 is probably the best method Personally I keep the telnet server around so I can start it when I'm updating openssh. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] qmail queue delete help
Stefan Onken wrote: Am Freitag, 21. April 2006 16:54 schrieb El Nino: My Question:- 1) how to delete un preprocessed(not yet preprocessed) messages in the qmail queue? http://packages.gentoo.org/search/?sstring=qmhandle Yes he said he was using qmhandle so I don't mentioning it again is unlikely to help. IIRC I always ended up stopping qmail, deleting the queue, and then recreating it, but I was usually trying to delete 100k+ emails. I don't recall there being a way to delete mails in the preprocessed queue with qmhandle, but things might has changed since I last used it. I would not delete the queue on a production system without practicing a few times on a dev box. qmail tends to be touchy with it's queue. I'd also check Life with Qmail. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Oracle DB question
Rolf Wathne wrote: Gentoo-wiki.com has a howto for 10g: http://gentoo-wiki.com/HOWTO_Install_Oracle_10g The Wiki will probably get you installed, but if you need general Oracle/Linux knowledge this is one of the best sites around. It's saved my ass a couple of times. http://www.puschitz.com/ kashani -- gentoo-user@gentoo.org mailing list
[gentoo-user] apache 2.2.0-r2 building woes
Anyone actually get Apache 2.2 to compile cleanly? Mine repeated craps out at this point. /usr/share/apr-1/build-1/libtool --silent --mode=link i686-pc-linux-gnu-gcc -pthread -Os -march=pentium4 -pipe -L/usr/lib -o rotatelogs rotatelogs.lo -lm /var/tmp/portage/apache-2.2.0-r2/work/httpd-2.2.0/srclib/pcre/libpcre.la /usr/lib/libaprutil-1.la -lgdbm -ldb-4.2 -lexpat /usr/lib/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl /usr/lib/libapr-1.so: undefined reference to `find_if_index' collect2: ld returned 1 exit status make[2]: *** [htpasswd] Error 1 make[2]: *** Waiting for unfinished jobs /usr/lib/libapr-1.so: undefined reference to `find_if_index' collect2: ld returned 1 exit status make[2]: *** [htdigest] Error 1 /usr/lib/libapr-1.so: undefined reference to `find_if_index' collect2: ld returned 1 exit status make[2]: *** [rotatelogs] Error 1 make[2]: Leaving directory `/var/tmp/portage/apache-2.2.0-r2/work/httpd-2.2.0/support' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/apache-2.2.0-r2/work/httpd-2.2.0/support' make: *** [all-recursive] Error 1 Packages I'm using apache-2.2.0-r2 (and r1) apr 1.2.7 apr-util 1.2.7 (tried 1.2.2 for both as well where I ran into the ipv6 bug) I also did an emerge -e apache for the hell of it which didn't help. Also played with USE flags as well which didn't seem to help. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] apache 2.2.0-r2 building woes
Michael Stewart (vericgar) wrote: Known issue upstream http://issues.apache.org/bugzilla/show_bug.cgi?id=39199 By adding USE=ipv6 it should work. Note that these versions (apache 2.2.x, apr/apr-util 1.2.x) are still hard-masked because they still have issues. I'm not surprised to be having issues though I somehow thought there'd be more people playing with 2.2 which doesn't seem to be the case. I was looking through the gentoo bugzilla where it appeared that the ipv6 issue had been fixed with apr-1.2.6 so I assumed it was some other issue I was hitting with 1.2.7. Yep adding ipv6 to apr got me through the compile. Thanks for the heads up. BTW if apr is the only place I've enabled ipv6, am I likely to run into problems by not having ipv6 in anything else? kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] squid webaccess log via email
El Nino wrote: Dear all my Gentoo list friends, i deployed a squid server for our office. now my boss wants to monitor the Internet users' web access. he asked to get the squid web access log file via the email daily[wants to automated this process]. how can i set this on squid? please help me to configure this. He wants a 10MB or larger raw access.log emailed to him everyday? If you hate him or don't really want him looking at logs, go ahead and set that up. I'd emerge squid with logrotate support and have the rotated log emailed to him every night. If you like him then you may want to look at squid-graph, squidsites, or squidalyser. Some combination should make nice graphs and generate summary reports. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] portage logging configuration
Leigh Stewart wrote: could someone tell me where i can configure logging for portage? i.e. i would like emerge.log to be longer, and i would rather portage logging was all placed under a directory in /var/log thanks mkdir /var/log/portage echo PORT_LOGDIR=/var/log/portage /etc/make.conf kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Only one processor ?
Keats wrote: Hi, on a recent gentoo installation, i ve noticed that i have only one of my processor detected... i have dual xeon ht so i should have 4 processors detected but i only have two, like on my xeon ht... physical id : 0 for the two processors detected means that only one physicval processor is detected... I'd suspect the bios at this point. The other gotcha is that without ACPI in 2.6.15... and maybe earlier you don't see the HT CPUs either. That looks fine in your config so I don't think it's your kernel. I do recall reading some articles recently about HT being not so good in server environments. It's possible your provider sets them up without hT by default. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Postfix authentication
JimD wrote: Can Postfix do authentication on its own? I currently use Postfix/SASL. I am building a mail server and I was wondering if I need SASL. My mail server setup is simple. There are only two users, my wife and everything else goes to me. I want Postfix to send emails from localhost to anywhere and from remote hosts to anywhere if authenticated. I don't have a problem with my current postfix/sasl setup. However, I would rather have as little software running as possible to simplify the new setup. Nope you need sasl if you'd like to auth from outside the system. Or you can just ssh in and tunnel your email down your session which will appear to be coming from localhost or a trusted IP. Or go with some sort of VPN type setup. sasl is probably easier than all that. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] telnet localhost
THUFIR HAWAT wrote: I want to test that leafnode is up and running, so am using telnet: Wow, you got some wacky ass answers on this. First off telneting to the port should work as long as you're on the same box since it's supposed to be running on 127.0.0.1 otherwise known as lo or the loopback address which should clear up that. Then I'd look at logs. xinetd can be finicky about starting services if they aren't configured right. I'd restart xinetd and see what it drops in /var/log/messages about which services it's activating. It's usually pretty good about telling you if it's accepting a service though it may not tell you why it decided a service wasn't up to snuff. As root a netstat -ptln might tell you if xinetd is holding the port, but since xinetd is a superdaemon of sorts it might not show it on the port unless there is a working connection... I'm not sure and have no desire to install xinetd to find out. :) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ffmpeg emerging
Luigi Pinna wrote: media-video/ffmpeg-0.4.9_p20051216 +a52 +aac (-altivec) -debug -doc -dts +encode +ieee1394 +imlib (-mmx) -network +ogg -oss +sdl +test +theora +threads +truetype +v4l +vorbis +xvid +zlib All the dependencies are installed (if I use emerge -D ffmpeg is the once package) I ask your help because that package is a critish package for me: (kino and xine cannot work for me...) What did I forget? Or is it a bug? You might try dropping ieee1394 if you don't explicitly need it. However I'd had a number of weird issues with 2006.0 that eventually resolved themselves with an emerge -e world though I'd only do that as a last resort since it'll take forever. I still haven't decided if it's something I'm doing or left over bits from the gcc 3.3 to 3.4 upgrade. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] telnet localhost
THUFIR HAWAT wrote: I've been rebooting :( Is there a better way? /etc/init.d/xinetd stop /etc/init.d/xinetd start or /etc/init.d/xinetd restart localhost ~ # date Mon Mar 27 21:30:44 IST 2006 localhost ~ # I and many others aren't inclined to go searching through a page and half of logs ranging over two days especially when it appears that the problem has changed or been fixed. So is it working now? It appears to be doing something. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] CRON (Vixie) not working for local users ...
Thomas T. Veldhouse wrote: According to this document, it indicates my setup SHOULD be working. It does suggest creating a cron.allow and adding all members that are allowed to use cron to this file. I fail to see the reasoning of adding users to the cron group AND to this file, but that is something the package maintainers have chosen I guess. Still, it does not make sense why my current configuration is not working. Users are in the cron group. /etc/cron.allow does not exist and /etc/cron.deny exists and is empty. The cron daemon is running and processing nightly jobs at the system level. Tom Veldhouse Hmmm I've never had to so more than add users to the cron group... is it possible that the crons are running, but that the scripts have path issues or something similar? kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] no-nptl profile by default?
Thomas T. Veldhouse wrote: Probably want the P4 stage3. I think I used the i686 which seems to That's what I was using in 2005.1, but the P4 stage doesn't exist anymore in 2006. I'll give the i686 one a shot and see if it's less annoying. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] how long does an install take on average?
THUFIR HAWAT wrote: The times: start: March 20 2006 14:00:01 finish: March 21 2006 13:22:39 Depends entirely on what you installed, your CPU, your RAM, and half a dozen other things. I'd expect with X and KDE/Gnome that looks about right. If all your src is local (portage, stage3, and distfiles), you have dual CPU, lots of RAM, and are installing a stripped down build to be a server it takes just under two hours or so depending on the amount of software I need for that type of server. kashani -- gentoo-user@gentoo.org mailing list
[gentoo-user] no-nptl profile by default?
I'm starting to wonder if I've got a goofy stage3-x86-2006.0.tar.bz2. By default I get the no-nptl profile instead of the 2006.0 profile I was expecting. Am I just grabbing the wrong stage3 and would i686 or whatever be the correct one for a dual P4 Xeon setup? kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re-creating an Empty Qmail Queue
El Nino wrote: Dear friends, how to re-creating and Empty QMail Queue? 1. i need to delete my existing queue folder due to huge unwanted spam mails. 2. how to re-creating the queue now? hope your valuable advice(s)... emerge net-mail/qmhandle That will allow you to delete everything from the queue. You should not need to recreate it if you use qmhandle. I believe the syntax is qmhandle -D or something similar, but it's been about three years since I played with it. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Anyone run Gentoo on a Dell PowerEdge SC430?
Jim Hatfield wrote: They are so, so cheap right now. Dell UK has them at £199+VAT for the entry level configuration, with free delivery to the end of the month. I'm tempted. I've got three of them running Gentoo in our dev environment. 2005.1 and 2006.0 disks worked just fine and had no kernel or driver issues running them as servers without X. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: php4 vs php5
Neil Bothwick wrote: Yes, but you need dev-lang/php-4*, not dev-php/php-4*. Unmerge the blockers and dev-lang/php-4* will emerge. You don't need mod_php anymore, it is provided by the apache(2) USE flags of dev-lang/php. If the JFFNMS ebuild explicitly depends on dev-php/php, it is broken. file a bug and add it to /etc/portage/profile/package.provided to work around it until it is fixed (or fix the ebuild yourself). It looks like jffnms just hit portage at large on Monday. Still masked, but it's in there. Assuming James is using this version it seems happy to use to dev-lang/php-4.4.2 On a side note, didn't jffnms want java serverlets or some nonsense in the past? I seem to recall looking at it and then dropping it due to the requirements. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] php4 vs php5
James wrote: Calculating dependencies ...done! [blocks B ] dev-php/mod_php (is blocking dev-lang/php-4.4.2) [blocks B ] dev-php/php (is blocking dev-lang/php-4.4.2) [ebuild N] dev-lang/php-4.4.2 dev-php is on it's way out and has not been updated in some time. You're likely vulnerable at this moment. So the question is what do I put in /etc/portage/? file to get the system to accept the older dev-php files and not try to install 'dev-lang/php' ? You don't. You remove dev-php and install dev-lang/php when you have some time to deal with change. I had no issues moving from dev-php to dev-lang/php with 4.4.x and the whole thing took about 30 minutes. Didn't even have downtime as Apache had the old module cached until I stopped and started to pick up the new build. However PHP USE flags have gotten a bit more complex. You'll want apache (or apache2), cli for the php commandline binary, and session at minimum plus anything else you might need. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: php4 vs php5
James wrote: kashani kashani-list at badapple.net writes: James wrote: Calculating dependencies ...done! [blocks B ] dev-php/mod_php (is blocking dev-lang/php-4.4.2) [blocks B ] dev-php/php (is blocking dev-lang/php-4.4.2) [ebuild N] dev-lang/php-4.4.2 dev-php is on it's way out and has not been updated in some time. You're likely vulnerable at this moment. Um, I must not have been clear. JFFNMS is critical. It requires php4. so upgrading to php5 is NOT an option, until the JFFNMS devs move to php5. Since it wants to install 4.4.2 I figured your package.mask was good. If not use this. echo =dev-lang/php-5 /etc/portage/package.mask Then it's pretty much remove the dev-php php4 packages and install the dev-lang php4 package like I mentioned before. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] -nls
Jim wrote: Has anyone gotten burned by turning off Native Language Support? The only thing I've ever run into on the server side that wanted it was the Horde framework requiring PHP to have NLS... however I didn't look real hard for a workaround so that might not have been a hard requirement. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] -nls
Jim wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 163381024 kashani [EMAIL PROTECTED] wrote: Jim wrote: Has anyone gotten burned by turning off Native Language Support? The only thing I've ever run into on the server side that wanted it was the Horde framework requiring PHP to have NLS... however I didn't look real hard for a workaround so that might not have been a hard requirement. kashani Thanks kashani. BTW I went with -nls in /etc/make.conf and added +nls to /etc/portage/package.use for PHP on that server. That worked well so I assume you can just add NLS as needed to any web framework stuff. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Where do these use flags come from?
Bo Andresen wrote: I decided I wanted to remove the ipv6 use flag which I have had enabled in make.conf for quite a while but never really been on a ipv6 network and don't suspect I will in the near future. When upgrading firefox I noted it has that use flag and decided I want to know what it actually does. Only, I cannot find it anywhere in the ebuilds! So where does it come from and what *exactly* does it do? Looks like you've already been answered. However when the ipv6 flag first hit the scene about two years ago it seemed to cause a number of weird problems so I disabled it on most machines. I'm not sure if that's the case today, but as always you're better off disabling something if you're not using it. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - 2 Questions
Michael Sullivan wrote: Based on what I read at the link you sent me, I think what I want is the following: CRAM-MD5: Protects the password in transit against eavesdroppers. Somewhat good support in clients. The problem is that the web site doesn't tell me how to create a CRAM-MD5 password database... Why not use tls/ssl with imaps? http://wiki.dovecot.org/MainConfig#head-cd53a8f9b61ccdaf56665ce9819bd5dfea7a554c kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: apache and php
Nick Smith wrote: On 2/24/06, Catalin Trifu [EMAIL PROTECTED] wrote: Hi, I think if you first emerge dev-lang/php and apache, you will not get the blockers anymore. dev-lang/php will update the virtuals available on the system and horde depends on virtual/php and not dev-php/php. Catalin ill give it a shot, i hope your right. You'll also need the unstable versions of horde and horde-imp, 3.x and 4.x respectively. Horde has no plans to support PHP5 in older versions. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tracking the life of an email.
Nick Smith wrote: for some reason qmail spreads things out into 3 or 4 or 5 different log files, one for sent, smtp, pop, imap etc, its a real pain to go through those files, i dont know if its qmail or syslog-ng thats doing it, but ive been wanting to find a way to combine all those logs into one mail.log file for easy grepping. thanks for the input. It's qmail that does that. Unless you mess with it, it does it's own logging in binary no less. Look for the qmail-analog package which makes parsing it easier. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mysql DB file
Nick Smith wrote: where is the actual mysql DB file stored? what it the name as well? found info on the net that pointed to either /usr/local/mysql/data or /usr/local/var neither of which contain a mysql dir, the latter doesnt even exsist on gentoo. Gentoo default is /var/lib/mysql/ or you can try a locate somedbname assuming you have slocate installed. IIRC /var/lib/mysql is the Mysql default as well, but I can seem to find any reference to that or any other location. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar)
Hans-Werner Hilse wrote: Hi, On Sat, 18 Feb 2006 18:51:21 +0100 Maarten [EMAIL PROTECTED] wrote: Back to the thread... I started wondering about something. I thought a 100% full root filesystem was deadly, but never thought about /tmp. So I'd like to ask, what is more deadly for a system, a full root FS, a full /tmp or a full /var ? Why ? And as a bonus question: which one is worse during boot, and which one is worse on a fully booted and running system ? /tmp shouldn't matter. full/read-only /var will disturb the gentoo rc scripts. When running, programs/daemons may act funny when they can't cope with the situation of full disks (e.g., PHP can't create session files anymore). You can't expect logging to work, too. Assuming it's a database server a full /tmp will cause some issues. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar)
Alexander Skwar wrote: kashani wrote: Assuming it's a database server a full /tmp will cause some issues. In how far? Neither Oracle nor MySQL write to /tmp. MySQL may create a socket file, which by default resides in /tmp. But /tmp is a rather bad place for such a file anyway... Never ran a Mysql query that returned more results than would fit in ram have you? [EMAIL PROTECTED] ~ $ grep tmp /etc/mysql/my.cnf tmpdir = /tmp/ Not sure about other db servers. Also Apache writes session date to /tmp and PHP pear stuff uses /tmp as well. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar)
Alexander Skwar snippage of pedantic nit picking and back peddling Yes Mysql writes to /tmp by default and yes you can change it in which case if that partition is full then you see the same behavior. So we can say that Mysql really wants its temp space to have enough room for it to write and sometimes it needs a few GB rather than a few hundred MB depending on what you're doing and how badly a programmer wrote the query. Ain't no possible about the session data unless you've manually changed this. Apache writes it to /tmp/ because I go and look before I shoot my mount off. [EMAIL PROTECTED] ~ $ ls -l /tmp/ total 84 drwxr-xr-x 3 root root4096 Oct 28 11:11 pear -rw--- 1 apache apache 5155 Nov 11 10:16 sess_6c40c9326faf2c5ab4acf8cc28185962 -rw--- 1 apache apache 1783 Nov 2 11:33 sess_97e700cd3b82b36a9e7fc44cd898df52 -rw--- 1 apache apache30 Jan 13 14:41 sess_c2f99d41593771d2c4ccee93ab6d3355 -rw--- 1 apache apache 1783 Nov 6 22:29 sess_cea4c86ed58f11824519ee8d09205fbb drwx-- 2 kashani users 4096 Feb 19 12:50 ssh-DGEYh15924 kashani -- gentoo-user@gentoo.org mailing list
[gentoo-user] really large inline replies
Really large inline replies with five people and thirteen separate arguments are pretty much unreadable. I'm all for fighting things out to bitter end, but not when it's impossible to follow along. I'd recommend the following: 1. snip. snip a lot. Keep the point you're arguing and snip the rest. If someone can't follow then they should check the archives or use a threaded client. 2. Paragraphs and summaries are your friends. Here's an example. We agree on points a and b so I'll skip them for now. However you say x and y are the best choices for w reasons. I say sure x is fine, but only with z. And y by itself is right out because of i, j, and k. Also you can work an insult in a little easier. Something like, You're under the delusion that x and y are the best choices and then proceed to misunderstand w as some logic for your nonsense. Now you've made the other guy sound like a complete knucklehead while showing that you do understand his so called logic while summing it up for the rest of us and follow it up with a your own argument which reads and flows nicely without having to parse thirty lines hidden in two hundred lines of quotes. :-) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How many GB for / partition?
Alexander Skwar wrote: I can't. But that's just not needed. Make the filesystems as large as they *now* need to be. If more space is required, extending is a matter of a few seconds. I agree with that. 80GB drive, lvm up 50GB of it, and then you can grow whatever as needed. It's not like you need all that space to begin with. Maybe you end up needing more in /var? Add another 10GB. Maybe /home? Add another 10GB. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SMP not working?
Nick Smith wrote: actually the SMP is working, as in top shows 2 CPU's. but when i do an emerge --sync CPU1 stays pegged at 99% and CPU0 stays below 1% the entire time. this is a dual 200mhz U2 Sparc system, i was just wondering if this was normal or is there something messed up in my config? and sorry for posting this in the normal user list, i figured i would get more responses here as i dont think this is specific to Sparc hardware, but i could be wrong. Checked it out on one of my dual servers. There is never more than a single process running, emerge, then rsync, then emerge, so the second CPU never gets used. However I did see the second CPU doing some kjournald while data was being written to the filessytem so it's not a total loss on a dual CPU system. :) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] 4/8 CPU Gentoo server
gentuxx wrote: The main purpose of this box is going to be log crunching and archival. We have logs that range from tens of MBs to a GB a piece (uncompressed). The scripts running on it will be transferring (over the network), decompressing, grepping, normalizing, recompressing, and inserting into a local database from dozens of sources simultaneously. In a prior situation, I had a Sun e4500 with 8 UltraSPARC IIIs, 12GB of RAM, and about a TB of disk attached (SCSI and FC). There were times it wasn't enough. I'm hoping to at least match that functionality (preferably better it). Single boxes don't scale. :-) That's probably simplifying too much, but there is some truth there as well. I'd seriously think about setting up a preprocessing farm of 1U boxes that do most of the crunching and then doing inserts into a smaller db box. I've even worked on systems where logs go directly into a db, then are pulled and processed by another farm, then inserted into more of a data warehouse system for reporting later. You'll have to decide if the application can be broken up into separate processing units or whatever. If you do go that route it's usually an easy sell to management. We have one $15k box, but it's too small. We could buy one $30k box to do everything and completely replace the $15k box that we haven't fully depreciated yet or I can buy three $4k boxes to sit in front of our existing server which will share the load. And next year when we start to slow down again instead of buying an even bigger $60k box we just buy three more $4k boxes. Can I have some programmer time to make some architecture changes so I can save you around $65k over the next two years? The more comparisons and reviews I read are leaning me in that direction. However, it doesn't look like HP offers a 4-way Opteron box. I'll have to ask the vendor. from hp.com the DL585's appear to be configurable for 4-way once you get into their config tool. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] splunk
Timothy A. Holmes wrote: --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! They're a startup in silicon valley and have been around for around two years. I went to a sysadmin roundtable they sponsored at a wine bar in SF last month. Got to hang out with Eric Allman (sendmail) and Ethan Galstad (nagios) who were leading two of the roundtables. On the Splunk side I talked to their support manager, BTW they're hiring for Level 2/3 support, and their lead architect who laughed when I asked about their schema. They're using some sort of processed hash of all the interesting data vs shoving it into a database. Interesting product especially if you currently have no central loghost, logwatch, monitoring, etc infrastructure. IIRC you can download the demo, runs only on Linux at the moment, for free and get a feel for it. Pricing for the full package wasn't bad either though I don't remember the exact details. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] max threads per process linux-2.6 nptl
pepone pepone wrote: Hi I want increase the max number of threads that can be created in a sigel process I read in mysqldoc that i must changue this and recompile pthreads /usr/include/bits/local_lim.h /* The number of threads per process. */ #define _POSIX_THREAD_THREADS_MAX 64 is this correct? It seems to be, but I just checked one of my larger Mysql boxes and I've got 713 threads and one process. I didn't do anything other than enable nptl. thanks in advantage I think you mean thanks in advance. :) kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] 4/8 CPU Gentoo server
gentuxx wrote: Hi all, Just wondering if anyone here has any experience with gentoo on a 4/8 CPU server. I say 4/8 because we're looking at Xeons that'll, at a minimum, have HT but could possibly be dual-core. I run gentoo on a P4 w/ HT and it runs great! But I have no idea how it will scale to this many processors. I've done some preliminary googling, but haven't come up with muchprobably using the wrong search terms. I've been running a Dell 6650, 4 x 1.9 GHZ Xeons for about a year under Gentoo. Linux sees it as 8 processors with the HT stuff turned on. I sort of inherited that machine and we've never come close to pushing it, but it's been great for Mysql which is highly threaded. My only advice is that quad physical CPU boxes and up are much more expensive than dual proc boxes though that seems to be changing. Make sure you really need that sort of concentrated CPU power rather than three or four smaller boxes. Also remember that most of your dual core CPUs can have significantly less cache than single core CPUs. The Intels top out at 8MB on single and 2MB on dual core from a quick look around. On the application side you're want something highly threaded or with a large number of processes. No point in having eight procs when six are likely to be sitting around doing nothing. I'll also second the AMD recommendation. A number of LAMP people have mentioned that they're getting much better performace out of their 64bit AMD's than the equivalent Intels. Specifically the Cnet/Gamestop guys have been retiring three dual Xeon DL380s for each dual dual core DL385 they install. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] dev-php/php blocking dev-lang/php
Darren Grant wrote: In my /etc/conf.d/apache2 file I have APACHE2_OPTS=-D DEFAULT_VHOST -D PHP -D SSL. Is there some tweaking I need to do to my /etc/apache2/modules.d/70_mod_php.conf? You need a PHP4 not PHP. APACHE2_OPTS=-D DEFAULT_VHOST -D PHP4 -D SSL kashani -- gentoo-user@gentoo.org mailing list
Re: OT - What is mod_status? (WAS: Re: [gentoo-user] apache permssions)
Michael Sullivan wrote: What is mod_status? I assume it is something for www-apache, but I can't find it in /usr/portage/www-apache and eix has no idea about it... It's a default module within Apache like mod_rewrite or mod_proxy http://webauthv3.stanford.edu/manual/mod/mod_status.html And then you can use little scripts in Cacti to make graphs. http://forums.cacti.net/viewtopic.php?t=9861 kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Squirrelmail doesn't work after recent PHP upgrade
Michael Sullivan wrote: I'm having some trouble with Squirrelmail since the recent PHP upgrade. On almost every folder I click on in Squirrelmail (including the Inbox), I get this: Fatal error: Only variables can be passed by reference in /var/www/localhost/htdocs/squirrelmail/functions/imap_messages.php on line 480 What version of php did you upgrade from? kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Blocking weirdness
Michael Sullivan wrote: Calculating world dependencies ...done! [blocks B ] dev-lang/php (is blocking dev-php/php-4.4.0-r4) [ebuild N] dev-php/php-4.4.0-r4 +X +berkdb +crypt +curl -debug +doc -fdftk -firebird -flash -freetds +gd -gd-external +gdbm +gmp -hardenedphp +imap -informix -ipv6 +java +jpeg +kerberos +ldap -mcal -memlimit -mssql +mysql +ncurses +nls -oci8 -odbc +pam +png -postgres +readline -snmp +spell +ssl +tiff +truetype +xml2 -yaz 0 kB [ebuild N] dev-php/PEAR-DB-1.7.6 121 kB Total size of downloads: 121 kB How can I get rid of this block? Is there any danger in masking PHP5? echo dev-php/PEAR-DB ~x86 /etc/portage/package.keywords Just about anything PEAR based is going to need a ~x86 or it'll attempt to pull dev-php/php4 in as a dep. At least that's been my experience over the last weeks installing all the groundwork for a major php app. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SATA Hardware vs Software RAID
Mike Williams wrote: Yesterday an IBM ServeRAID decided to mark it's 3 SCSI disks as defunct when they are all in fact perfectly fine, giving me a 4am finish this morning after the major hassle of rebuilding, so I'm now heavily biased against hardware RAID, when I know software RAID is fully capable. Plus, mdadm can give you all the information you could ever need, and bugs get squashed quickly. http://bugzilla.kernel.org/show_bug.cgi?id=5181 I think the general consensus is that now CPUs are so cheap, and so powerful, that they can quite easily offset the extra horsepower needed, unless your workload is heavily CPU bound. None of the workloads on any of my servers are heavily CPU bound, so apart from this one server that came with the card (though an acquision of another company), all my RAID needs (on some 16 servers) are done in software. Both software and hardware RAIDs can and will flake at some point so it's a toss up there. I find hardware a bit easier to work with as I never need to mess with grub and whatnot to get things to boot correctly. CPU is just part of the equation in RAID. Assuming I/O is your biggest problem having a nice 256MB cache on the raid card can change expensive short writes into nice long writes can really help an underperforming server. I'd say if you want raid for better fault tolerance stay with software raid. If you also need performance spend the money and get a decent RAID card. Do not get the lame ass winmodem raid cards. You'll have driver issues and they basically emulate a software raid badly. kashani -- gentoo-user@gentoo.org mailing list
[gentoo-user] ending the htaccess madness
I've been setting up a number of new webapps and have a dozen or so .htaccess/.htpasswd doodads floating around. It's not too terrible to manage, but I think there should be a better way. I'm imagining some sort of php interface that allows users to change their passwords and admins to managed the users. Maybe even allows access per site in a little drop down menu. Then edit all my .htaccess files to use mod_auth_mysql and call it a day. Anyone heard of something like this? Or am I going to have to attempt round three with mod_auth_kerb/mod_auth_ldap in an attempt to use Windows as a backend. *shudder* kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Concerns (possible security threat?)
Michael Sullivan wrote: camille ~ # telnet espersunited.com 25 Trying 64.149.52.102... Connected to espersunited.com. Escape character is '^]'. 220 bullet.espersunited.com ESMTP Sendmail 8.13.4/8.13.4; Tue, 17 Jan 2006 11:33:21 -0600 helo somedomain.com 250 bullet.espersunited.com Hello [192.168.1.1], pleased to meet you msg from someforeigndomain.com 500 5.5.1 Command unrecognized: msg from someforeigndomain.com rcpt to someotherforeigndomain.com 503 5.0.0 Need MAIL before RCPT mail from: rather than msg from: I'd also try it from a machine not on your local network unless you don't allow local machines to relay. Your server will likely care much more about the src IP being in the allow list than using J Random domain as the sender. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Concerns (possible security threat?)
Michael Sullivan wrote: That's a bit difficult, seeing as I don't have access to a computer that would have telnet installed and is outside my network... Doing tests from your own network is the equivalent of going into your bathroom and then trying to break into your house to figure out if it's secure. You're just a little too likely to succeed. :) For the pedantic yes you can reconfigure your server to block local machines which is what I'd recommend if you have no other choices. I see you got it worked out and that's a good little tester I can put in my bag o tricks. And for completeness this is the proper syntax at least for Postfix. qmail tends to be a bit weird from the command line IIRC. popmail ~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 popmail.domain.com ESMTP Postfix helo localhost 250 popmail.domain.com mail from: [EMAIL PROTECTED] 250 Ok rcpt to: [EMAIL PROTECTED] 250 Ok data 354 End data with CRLF.CRLF Subject: Test test all day long Test test while I sing this song . 250 Ok: queued as 9791056D706 quit 221 Bye Connection closed by foreign host. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Basic SMTP server
Chris White wrote: On Monday 16 January 2006 04:03, Tom Smith wrote: I need to find a basic SMTP server, one that will allow the server to send outbound messages (such as Cronjob status and various alerts) and will allow LAN devices (such as printers and copiers) to relay mail through it. It doesn't need to support SMTP AUTH, TLS, or anything of that nature--it just needs to be a basic, no frills mail server. Probably best asked on the gentoo-server mailing list to be honest. Most people use either sendmail/qmail, but those are probably not as 'trim' as you'd want. You'd actually be better off reading the forums as it's been discussed a few hundred times in the past year. I suggest postfix and here's the config you should add to the end of /etc/postfix/main.cf myhostname = myhost.domain.com mydomain = domain.com myorigin = $myhostname # or maybe $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost mynetworks_style = subnet mynetworks = 127.0.0.0/8, 10.10.10.0/24 edit /etc/main/aliases run newaliases /etc/init.d/postfix restart rc-update add postfix default You're done. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
Steffen Zieger wrote: If you want to configure it, like me: If it's not working, because you can't logon to *sql-server, have a look at username and password. Maybe there is a space at the end of the line. It took me two days to find out, where's the problem. I got to thinking about this some and started to recall the details. I think pam_mysql was required in order to support virtual and local users since many users are doing their own mail with local accounts and then some virtual stuff for customers or friends. I'm not sure if authdaemon can do that. Since I'm build yet another virtual mail system this weekend I might be able to do a few tests and update some fo the virtual how-tos on the wiki. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
Steffen Zieger wrote: SASL-Authentication for Postfix (and maybe Cyrus-Imap, I've not checked it right now) is also possible through *SQL without the need of Pam using cyrus-sasl. cyrus-sasl _must_ be compiled with support for MySQL or something like that. Content of my /etc/sasl2/smtpd.conf: pwcheck_method: auxprop auxprop_plugin: sql mech_list: PLAIN LOGIN log_level: 1 password_format: crypt sql_engine: mysql sql_hostnames: localhost sql_user: USER sql_passwd: PASSWORD sql_database: Hosting sql_select: SQL_SELECT_STRING sql_verbose: no sql_usessl: no Looks like I'm a bit behind the curve. Good to know you can just connect directly. In other weirdness the Gentoo Virtual How-to manages to use the old cyrus-sasl config that went with pam_mysql and then dropped pam_mysql from the how-to. Then went on to mention using authlib, without actually compiling any support for it or changing the config. gah. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
Bill Roberts wrote: I am planning on building a simpler email system (I don't use imap, virtual domains, or a user database). In my quest for Zen-like simplicity and rock-solid quality, I'm planning on using postfix, plus courier as a pop3 server. For authentication, some guides use sasl, some use authlib. Which is better?? And why would anyone use both?! They seem to both serve the same function. Any suggestions/pointer appreciated. There are a number of different services and auth'ing going on in your mail system as proposed. Courier-imap provides imap and pop. Authlib provides authentication for all Courier processes. Authlib can auth from local accounts, mysql, postgres, or ldap. cyrus-sasl provides smtp auth for Postix in order to relay from places that aren't in your allowed IP space. cyrus-sasl can use a few different backends to auth as well which is where the problems come in. Courier-imap 4.0 and up began using courier-authlib. Since you have to run authlib to use courier-imap, many virtual how-to's started slaving cyrus-sasl off authlib rather than have it talk to Mysql directly through pam_mysql. Also with authlib you could use encrypted passwords in your db whereas you could not with pam_mysql. Additionally why troubleshoot two different auth mechanisms and and have yet another package on your system. And finally authlib supports pam, ldap, mysql, and postgres in a single place. For completeness authlib updates have caused the occasional auth issue though they seem to have settled down over the last six months. In summary: sasl + pam_mysql = the suck, IMO If you don't need any virtual nonsense I'd compile postfix, courier-imap, and cyrus-sasl with -mysql. I'd also compile cyrus-sasl -authdaemond and just run a normal system. Everything will default to local system accounts, though you might need to config /etc/sasl2/smtpd.conf to do that. I do this on my personal box and haven't had any issues over the past 3 1/2 years. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Php strangeness
Martins Steinbergs wrote: looks like i have the same problem, and it strats with [ebuild UD] dev-php/PEAR-XML_RPC-1.4.0 [1.4.4] 26 kB 1.4.4 is removed from portage In php 5.1.1 it looks like you can add xmlrpc to your USE flags. The change log in PEAR-XML_RPC leads me to believe that is probably the preferred method for getting the functionality, but it's a little ambiguous. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to control permissions on / ?
Jose Gonzalez Gomez wrote: Did you use the Gentoo installer? IIRC I used the regular manual install with 2005.1 media, but not 2005.1-r1 which I've used since. However I don't see how anything other than a PEBKAC could have caused it. I don't think the stage3 would change permissions on /mnt/gentoo when expending out which is the only other logical idea I can come up with it. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to control permissions on / ?
Jose Gonzalez Gomez wrote: Hi there, Can you control permissions on /? If so, how? I've found that I have the following in two different machines: proxy ~ # ls -ld / d-wxrt 19 root root 472 Nov 15 17:41 / protos ~ # ls -ld / drwxr-xr-x 19 root root 440 mar 10 2005 / I installed a machine a few months ago, oct?, that had the same permissions as the first machine you list above. I never did figure out why that machine had strange permissions, but a number of other people seem to have had the same issue around the same time. I've installed a number of machine since and haven't run into it again. In any case a chmod 755 / fixed it. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Sata Controllers and drives
Brett I. Holcomb wrote: I have a system I need to upgrade from SCSI with an Adaptec 3210S RAID (I'm using HItachi nee IBM SCSI Ultrastor drives which aren't holding up too well) and am looking at going with SATA. Some input from the those with recommendations or experiences would be appreciated. Seeing as that's a real RAID card, complete with an onboard cache of up to 256MB RAM, I'd try to replace it with something as good or better. That qualification pretty much eliminates 90% of the SATA cards out there. Most of them are consumer grade with no caching and usually no RAID processing since they're doing it in the driver. I've had good luck with 3ware cards and whatever OEM Adaptec AAC RAID card Dell includes in their machines these days. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] courier-imap package enhancement
Trenton Adams wrote: Hi everyone, Might I suggest that the courier-imap package adds a directory of /etc/skel/.maildir during install? That way any new users created on the system would automatically have .maildir for use with courier-imap. Otherwise, courier-imap complains, in /var/log/mail.log, that the .maildir does not exist. Is this the right list for suggesting things like this? This is generally why most systems send a new users a welcome email which forces the MTA to create the .maildir/. Courier-imap can add it to /etc/skel/ however this may make troubleshooting more complicated if you do something odd like using mbox in your MTA and decide to install Courier. You might confuse some applications, but generally it doesn't seem like a bad idea. It might make things complicated when you switch to a virtual system and your users don't get automatic maildirs anymore. I'd lean towards leaving .maildir/ out of /etc/skel/ in this case so that behavior is consistent in all installs. In any case I'd do some more thinking about it and request the enhancement through bugzilla with your well thought out arguements that consider more than just a simple system. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] i'm new of list
Dale wrote: Few words of advice. Bottom post and email text only. Folks will stomp on you until there is a mudhole then stomp it dry if you do either of those. Then add in that most block emails that have HTML in it so they will not see what you post anyway. I'm not sure why they block HTML but I was told they do. My motorcycling mailing list was having a number of issues with HTML mails as well. Here's a little writeup I did on why HTML was causing problems. * The Chivinmoto email lists accept the original mail, runs it through a process that reads the email, then rewrites it with ads at the bottom or events at the top, looks up who should get the email, and then sends them out. Just about all email lists use this sort of process whether they are adding things to the email or not. It's just something you have to support if you want anyone to use your product. The above is trivial for anything that is plain text. With the advent of HTML formated mail this got extremely hard to do correctly in all cases. In order to process an HTML mail and resend it I have to load nine packages just to parse and write the HTML correctly in the mail software. And as we've noticed it doesn't always work so well due to bugs in the parsing software and libraries, different HTML styles in various programs, and different HTML rendering engines in the mail client trying to read the email. If this breaks enough we start seeing the now infamous blank email problem. Additionally most mail lists attempt to sanitize the email as well. HTML emails can be formatted to take advantage of bugs in the mail client or OS of the machine that reads them. You can also embed tracking info and other things. Sanitizing in my case takes another three packages on the server. In summary manipulating HTML mails is hard, no one package does it well, and expect screwy things to happen. I highly suggest sending plain text emails to any mailing list. It always works, transfers less data, and nobody needs to see anything blink. Most mail clients will allow you to set outgoing mail is plain text always or something similar. Newer mail clients will allow you to specify always send plain text to blahblah.com which is a nice compromise if you need the ability to send HTML mails normally. I know Mozilla, Thunderbird, and Outlook support the latter. I'm reasonably sure you can do that in Apple Mail and the latest Eudora, but can't say for certain. kashani, who knows entirely too much about how email can be broken 1974 CB350F, now with 21HP * Our case was odd because the software really was crap, but eliminating HTML mails was much quicker solution than getting the provider to fix the problems their upgrade caused. Additionally I have ticketing systems at work that occasionally break HTML mails when a new client or Perl package comes out. The whole thing is a big pain in the ass though Gentoo lists seems to do pretty well with HTML in general. However I run 1900x1200 on my laptop and HTML tends to look like crap since it ignores my carefully selected font sizes. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
Michael Sullivan wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? What ever you did in the last 5 minutes seems to have fixed it as an nmap against your box showed no DNS ports open originally and now it does. [EMAIL PROTECTED] ~ $ dig @espersunited.com www.espersunited.com ;; QUESTION SECTION: ;www.espersunited.com. IN A ;; ANSWER SECTION: www.espersunited.com. 10800 IN CNAME bullet.espersunited.com. bullet.espersunited.com. 10800 IN A 192.168.1.2 kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Port named runs on
Michael Sullivan wrote: How would I find out what port named runs on (so I could open that port on my firewall)? port 53 udp/tcp However if your DNS server is internal I don't see why you'd need to open anything on the firewall. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Software RAID Advice Needed
Doug Brown wrote: My mobo's chipset (nvidia nf 4) doesn't support raid real well, and I have read that Linux Software raid is very good. I am getting ready to install Gentoo 2005.1 64bit real soon (I am new to Gentoo), and I was wondering what types of raid it supports. I know it supports 0 and 1, but I am more interested in raid 0+1 and 1+0. Linux software raid is capable of doing all the usual stuff as well as RAID 0+1 or 1+0. I'd want a RAID 0 stripe of mirrored RAID 1 sets rather than mirroring two RAID 0 sets, but my requirements may not be yours. Assuming this is a small home system I'd go with RAID 5 with maybe a hot spare if I have more than four drives in a normal server setting where reads happen more often than writes. That's more space with comparable performance for anything you're likely to be doing. If you really need the performance spend the money on a real RAID card with local cache. The difference is night and day. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Need help correcting my DNS configuration
Michael Sullivan wrote: I need help setting up my network's DNS configuration. I tried to subscribe myself to the bind-user mailing list (using the address at the bottom of the bind docs README file, but I saw this in the log: Dec 15 17:51:15 bullet sm-mta[29432]: jBFNpCvf029430: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (1000/100), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120297, relay=mx.sth1.isc.org. [192.228.89.21], dsn=4.2.0, stat=Deferred: 450 [EMAIL PROTECTED]: Recipient address rejected: Greylisted for 180 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help) This hasn't bounced, it's merely greylisted. It'll probably go through in the next 10 minutes or so. Once again I'll engage in some self promotion and point you to a very nice guide explaining exactly how to setup Bind on Gentoo. http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_BIND However I'd guess that 2.0.168.192.in-addr.arpa. should be 0.168.192.in-addr.arpa in your zone. And put that serial in a normal format. And don't use that lame ass db.domain format. And you don't need to put the in-addr stuff in the reverse zone... Personally I'd wipe it and follow my guide, but it might be quicker to get up and running if you look at your logs which are going to be in /var/log/messages and not in nicely split up log files like my config. I'd also run a named-checkconf and see if it says anything interesting. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Postfix as Mail-Queuing-Server
Schöffmann Matthias wrote: Hi! I have the following problem: I want a postfix-server between my mailserver (exchange) and my smarthost (postfix) witch relays all mails without attachments and put all mails with attachments in a queue to preview the mails (per web interface?) and deliver this ones only when i manually allow them. Any ideas? Maybee with a antispam-solution whicht quarantines all mails with attachments? Greets from austria I think it's much simpler to do: Internet -- Postfix/Spam/SmartHost/etc -- Exchange I'd look into setting up clamav and amavis-new which would pretty much automate the whole process. I also do some header filtering to keep obvious spam attachments from hitting the sometimes CPU intensive virus and spam filtering processes. /etc/postfix/mime_header_checks.regexp /^\s*Content-(Disposition|Type).*name\s*=\s*?(.+\.(ad[ep]|asd|ba[st]|c[ho]m|cmd|cpl|crt|dbx|dll|exe|hlp|hta|in[fs]|isp|js|jse|lnk|md[etw]|ms[cipt]|nws|ocx|ops|pcd|pi|pif|prf|reg|scf|scr|sct|sh[bms]|swf|uue|vb|vb[esx]|vxd|wab|ws[cfh]))?\s*$/ REJECT Files attached to emails that contain or end in $3 are prohibited on this server as they may contain viruses. The file named $2 was rejected. /etc/postfix/main.cf # attachement filtering mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp You may want to add or remove extentions based on what works for you and your users. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] hyperthreading
Richard Fish wrote: On 12/13/05, Nick Smith [EMAIL PROTECTED] wrote: its a server, i dont think i built ACPI into the kernel cause i didnt need/want it, dont think that should make a difference. I think it does. At least, there is an acpi=ht boot option for the kernel that says to enable just enough of ACPI to get hyperthreading working. So I think you need some level of ACPI support. I was setting up two new servers today and noticed that they both were not recognizing the HT cpus. I enabled ACPI, rebooted, and now they show up. This appears to be a new thing in 2.6.14 as my 2.6.13 box sees the HT cpus without ACPI. Here's my working config, though you may be able to strip it down some more. # Power management options (ACPI, APM) # ACPI (Advanced Configuration and Power Interface) Support CONFIG_ACPI=y CONFIG_ACPI_AC=y CONFIG_ACPI_BATTERY=y CONFIG_ACPI_BUTTON=y CONFIG_ACPI_VIDEO=y # CONFIG_ACPI_HOTKEY is not set CONFIG_ACPI_FAN=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_THERMAL=y # CONFIG_ACPI_ASUS is not set # CONFIG_ACPI_IBM is not set # CONFIG_ACPI_TOSHIBA is not set CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_EC=y CONFIG_ACPI_POWER=y CONFIG_ACPI_SYSTEM=y kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] hotplug and coldplug for a hosted server?
Grant wrote: Ok, does anyone run a udev system without hotplug and coldplug? Pretty much all my 1U/2U servers are setup that way. I think I installed hotplug and coldplug as prereqs to udev, but never run them. Anything with multiple SCSI drives is plugged into a RAID card so it's hidden form the OS regardless. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Weird Permissions error
Michael Sullivan wrote: I'm having a strange problem. I set up a DNS server for my domain today, and when I tried to start it, it wouldn't start. I consulted the log files and found this: Dec 12 15:51:39 bullet named[7709]: couldn't open pid file '/var/run/named.pid': Permission denied Dec 12 15:51:39 bullet named[7709]: exiting (due to early fatal error) big ol snip The startup script drops its privileges to user named. I'm guessing it does that before it writes the pid file. To fix you'll want to add this line to your named.conf file in the options area. pid-file /var/run/named/named.pid; I may have also editted the /etc/init.d/named file to point to that file as well. This might not need to be done depending on which Bind ebuild you used. For these and other ways to fix the somewhat retarded default Bind install, like the named/bind naming nonsene, you might want to check the wiki article. http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_BIND kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Weird Permissions error
Michael Sullivan wrote:
bullet log # cat /etc/bind/named.conf
options {
directory /etc/bind;
};
zone espersunited.com in {
type master;
file db.espersunited.com;
};
zone . in {
type hint;
file db.cache;
};
pid-file /var/run/named/named.pid;
It still won't start.
options {
directory /etc/bind;
pid-file /var/run/named/named.pid;
}
is the correct syntax.
kashani
--
gentoo-user@gentoo.org mailing list
Re: [gentoo-user] what's up with kernelnewbies?
maxim wexler wrote: Hello everybody, I posted about my kernel panic problem to kernelnewbies(they seem a competent crew), w/ subject line: kernel panic fix sought. My post was ignored. Three days later somebody posted to the list under the subject line: KERNEL PANIC FIX SOUGHT. He(Kumar is a male name isn't it?)started getting replies right away. http://mail.nl.linux.org/kernelnewbies/2005-12/ I'd say the problem was this. You asked a very specific question and noone knew the answer. Whereas the other dude asked something while not exactly general was much more general than your question and people responded. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] best filesystem for Gentoo
Colin Copley wrote: Hi List, Any comment on the best filesystem to use for Gentoo running a webserver, I prefer more speed and less journaling, is there a standard? Webserving is a general enough case where there aren't going to be huge advantages between filesystems. I'd go with ext3, maybe look at some of the tuning parameters, and not spend too much time on it. If you find yourself running into I/O issues moving your content to a second drive or adding more RAM to increase the system cache is simpler and will likely offer an order of magnitude more performance than any wacky filesystem hack. kashani -- gentoo-user@gentoo.org mailing list
