[00:15] hi, is here an expert in vsftpd present? [00:17] he went to proftpd :-) [00:18] sry, joke :-) [00:18] just ask :-) [00:18] np, i was just googeling what proftpd is :) [00:18] hehe [00:18] i am behind my router, trying to connect with FileZilla within the lan on an ubuntu server box, when i connect unencrypted, so non-secure, it works just fine, when i do it with SSL it gives me an error: Connection timed out! [00:19] so basically, the problem is i can't get it to work with SSL [00:20] dou213: which servertype ou chose in filezilla? [00:21] OsAC, FTP over SSL (explicit encryption) ... anything else but 'FTP' won't work [00:22] I would sugest you setup sshd and than use sftp [00:23] OsAC, sry wrong info: it works also (until operation times out) with FTP over TLS [00:23] i already use ssh [00:26] OsAC, do u have a good guide or tutorial for setting up sftp? a guide which u actually know about that it's good [00:26] SFTP is a nicer protocol than FTP over anything, if only because FTP implicitly requires bidirectional routing (i.e. chokes on NAT). [00:27] SFTP is set up automatically by installing the OpenSSH server: aptitude install openssh-server. [00:27] You can then configure sshd_config to remove full shell access, so that only SFTP is left. [00:27] twb, interesting thing you're saying, ftp chockes on NAT? well, i'm behind a router [00:28] could that be the problem? [00:29] dou213: it works on *some* clients; they have to implement either the EPORT or PASVE (IIRC) extension. I remember that this is not the case for Firefox. [00:29] Note that SFTP is not just FTP over SSH; it's actually a quite different (and better) protocol. [00:30] http://en.wikipedia.org/wiki/FTP#FTP_and_NAT_devices [00:30] ftp is legacy protocol ...so you are better using something else for transfering files [00:31] if u need only to dwnl files http is better choice [00:31] Depends on the privacy requirements. [00:31] https :-p [00:32] i need something like a ftp-server which allows me to upload and download files (securely) from outside my lan [00:32] ScottK: and other requirements, of course. Maybe you need write access and DAV is sucky. [00:32] should i try it with WebDAV? [00:32] Yeah [00:32] dou213: SFTP is the best choice for that by far, IMO. [00:33] sftp is totally wonderful. [00:33] maybe a tutorial which i can use about sftp? [00:34] i went for vsftpd because it is the only one on the ubuntu server guide page [00:34] if u have sshd installed , eg you can ssh to your box [00:35] dou213: no configuration is necessary for SFTP. [00:35] go to filezilla add new conn [00:35] dou213: except if you want to lock it down more. [00:35] enter server hostname, ssh port and choose sftp [00:36] and it will work [00:36] you have it working allready .-) [00:36] no need for vsftpd [00:36] try it :-) [00:36] w8 i-ll try it this way [00:38] Response: Fatal: unable to initialise SFTP: could not connect [00:39] i'm using SSH already with pub/private keys authentification (secure)... maybe that's why it won't work [00:39] yes [00:39] you need user/pass [00:40] but ain't this a major security risk? [00:40] because i'm open for brute force attacks [00:41] and twb, what did u mean with lock it down more? [00:41] yes, dont allow root to be able to use ssh (use sudo) and move ssh port away from 22 to something like 15000 [00:41] dou213: as in, disable password-based access, and disable access to anyone that isn't your user, and disable access except from a whitelist of source IPs. [00:42] dou213: for example, on one of my systems, you can only log into it if you are logging in as twb, from 203.7.155.19, and you have to have both my passphrase and my ssh key. [00:42] dou213: since you are interested in SFTP, you would also want to disable SSH (shell) access, so that only SFTP remains. [00:43] twb, but i need shell access over SSH very much... i'm doing all the work remotely on the server [00:43] dou213: OK, so leave that on [00:44] dou213: my point is you turn off all the bits you *don't* need, so that brute-force crackers can't use them. [00:45] the best thing is just to move sshd to another port, avoiding automated hacking tools [00:45] twb, you say disable password based access, OsAC says i must have that in order to use SFTP :S kinda confused over here [00:45] OsAC, already done that :D [00:45] dou213: SFTP does not require password-based authentication. [00:45] twb is right [00:46] [01:39] you need user/pass [00:46] what do u mean then OsAC, sry i must have misunderstood u [00:46] listen what twb has to say :-) [00:46] OsAC: I would not be comfortable with simply changing the port; I would also take the other measures I mentioned. [00:47] twb: ofc [00:47] Of course, I would also generally use port 443 because this is the least likely to be blocked by stupid corporate firewalls. [00:47] ok guys, so now that u know my situation, how can i make it work? [00:49] twb, i'm listening, what to do? [00:50] dou213: about what, specifically? [00:50] the security measures you specified earlier were all been taken care of :) [00:50] twb, how can i make sftp work? [00:51] What isn't working now? [00:51] do i got to change some settings in /etc/ssh/sshd_Config ? [00:51] nope, told u: error: Response: Fatal: unable to initialise SFTP: could not connect [00:52] dou213: what gives that error? [00:52] dunno the cause, it says so when i try to connect in FileZilla [00:52] drop filezilla and use http://winscp.net/eng/index.php [00:52] andyou are done [00:53] dou213: you are on a Windows machine? [00:53] twb, yes [00:53] :-) [00:53] dou213: please get a copy of pscp.exe from putty's website. [00:54] dou213: while you're there, get putty.exe, too. [00:54] i have them both already [00:54] i also use them [00:54] ohh [00:54] told u i was doing all the work remotely on the server [00:54] with putty and winscp === OsAC is now known as OsAC|AFK [00:55] Oh, oops. I was confusing pscp and psftp. [00:56] Get psftp.exe and run it with the server's name as the argument. [00:56] so as i got it: FileZilla won't work for me because i can't specify a private key to use right? which is possible in WinSCP so it works [00:56] I'm not interested in helping you get filezilla working. [00:57] If you have already established that the problem is in filezilla, then we are done; you can take up the problem with filezilla's team. [00:59] i was just asking so that i get it why it won't work with the one while it works with the other [01:00] ok it works with psftp.exe [03:02] Hello, I'm looking for some help with a BIND9 problem [03:03] When I run named-checkzone I get the error that my db file has no current owner === KterinK is now known as dou213 [04:13] thats a new error [04:56] Its ok I've resolved it now, got some help in #dns [06:59] hello, [08:17] ucf is very cool stuff :) [08:17] what is ucf? [08:18] update configuration file [08:18] http://packages.debian.org/sid/ucf [08:19] it's for development of .deb packages [08:20] i didn't think installing webmail would be so easy [08:20] roundcube? [08:20] yes [08:20] how about configuring whole mail stack? [08:21] i've been struggling with horde forever [08:21] :) [08:21] in my perfect world, this should be even easier: [08:21] how about configuring whole mail stack? <--- what do you mean? [08:21] sudo apt-get install ubuntu-mail-server [08:21] pop, imap, mta... [08:21] how did you configure imap and pop? [08:22] sudo apt-get install postfix dovecot [08:22] yeah, but you had to configure it :) [08:22] not postfix [08:22] only rbl stuff [08:23] true [08:23] so, you don't have SSL and you don't use dovecot's LDA [08:23] not SSL, SASL [08:23] nope [08:23] i have tls, but i have a problem with it [08:23] i get offered the wrong certificate [08:24] it's not wrong [08:24] it's generic [08:24] you have to create your own [08:24] i created one for 5 years, what i get offered is for 1 year [08:25] dovecot and postfix, by default, offer 'snakeoil' certificate [08:25] and it keeps asking and keeps asking [08:25] so, you have to configure both services to use your certificate [08:25] do you follow postfix-users ML? [08:25] no [08:29] ivoks, i love you :) [08:29] you got me the right direction [08:29] i thought postfix offered the certificate [08:30] i tweaked dovecot and i get offered the right certificate now [08:30] yay! [08:30] great [08:32] heh! [08:32] now, how can i create & use one ssl certificate for roundcube? [08:33] i think i have to make dovecot listen on 993, right? [08:33] do i? [08:34] oh, my server already listens on 993 [08:48] moin [08:49] good morning [08:50] hi guys, stupid apache question, but if i add a virtual host for domain.com... do i need to add another for www.domain.com or is this taken care of via dns? [08:51] suigeneris: you need to setup apache to use ssl [08:52] Zlogger: you need to do both [08:52] Zlogger: set up DNS and configure apache [08:52] Zlogger: in apache, you need to add 'ServerAlias domain.com' to www.domain.com vhost [08:53] Zlogger: but if DNS doesn't point domain.com to your apache server, there's nothing you can do [08:53] ivoks, can i do something like a wild card? [08:54] Zlogger: i'm not sure, i've never tried that [08:54] ivoks: i.e. servername *.domain.com [08:54] ah ok coolio. i have a user who's using webmin [08:54] doh :( [08:54] webmin [08:54] would be nice if he didnt have to add twice :) [08:58] we hate webmin on this channel [08:58] !webmin [08:58] webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead. [08:59] i hate webmin as well [08:59] thanks for the heads up on ebox!! [08:59] will def check it out. [08:59] !ebox [08:59] ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox [09:01] ivoks: do you use ebox? thoughts on it? [09:01] Koon: good morning [09:01] Zlogger: one of my clients use it, yes [09:01] ivoks: hey [09:01] Zlogger: it's great, easy to use and quite simple [09:02] Zlogger: my client manages smb shares and user accounts with it [09:03] it looks a lot cleaner than webmin [09:05] i once used ebox, but it overwrote my smb.cnf so i got rid of it [09:06] suigeneris: what do you mean? like it installed a blank conf over what u had? or did u try to make a change and lose everything? [09:06] i live happily with webmin [09:07] Zlogger, i don't remember exactly what it did, but i remember losing my shares [09:08] those things take full control of your configuration files [09:09] you can customize ebox's templates, if you don't like defaults [09:09] suigeneris: sux man. [09:19] ivoks, do i have to create another certificate for apache? [09:19] depends on common name you used for mail certificate [09:20] if the common name is the same as MTA, then no [09:20] in another words [09:20] if your mail server is mail.domain.com, and you created certificate with common name mail.domain.com [09:20] if you have webmail on mail.domain.com, then no, you don't need additional certificate [09:21] but if your pop/imap is mail.domain.com, and your webmail is www.domain.com/webmail, then you need additional certificate [09:25] that means i need, because my mx is mail.domain.com and my webmail is on webmail.domain.com [09:25] right? [09:26] right [11:25] hi, is anyone running hardy server with spamassasin and amavis, i getting the error that bayes synced databases every 3 hours with the cronuser [11:25] very annoying :), can place a dirty hack but that's not nice [11:26] anyone else having this problem? [11:26] what's the error? [11:27] bayes: synced databases from journal in 0 seconds: 646 unique entries (1023 total entries) [11:27] that's not an error [11:27] and that's not default in 8.04 [11:27] check your cron scripts [11:27] redirect stdout to /dev/null [11:28] i didnt change the cronscript, it start emailing since the last update i guess [11:28] go to /etc/cron.d/ [11:28] you get that via email? [11:29] yes [11:29] from the cron daemon [11:29] so, subject of email should have more info [11:30] Cron test -e /usr/sbin/amavisd-new-cronjob && /usr/sbin/amavisd-new-cronjob sa-sync [11:30] grep -sr 'amavisd-new-cronjob' /etc/cron* [11:31] http://pastebin.ubuntu.com/116411/ [11:31] so, you see where the problem is [11:32] i have those scripts and they don't return anything to me [11:33] how can i see what the problem is? [11:33] without editting the scripts, i didnt change anything :) [11:33] those scripts are ok [11:33] ok [11:33] ls -dl /bin/sh? [11:36] have you customized spamassassin configs? [11:40] nope defaults [11:40] serge@silvio:~$ ls -ld /bin/sh [11:40] lrwxrwxrwx 1 root root 4 2008-04-16 10:28 /bin/sh -> dash [11:46] sergevn: log into that server, become root [11:46] sergevn: do su - amavis [11:47] sergevn: and then run /usr/bin/sa-learn --sync [11:47] does that generate any output? === OsAC|AFK is now known as OsAC [12:15] http://paste.ubuntu.com/116431/ <---- is 'hostname' a valid option in dhcpd.conf? [12:33] man 5 dhcpd.conf says it is [12:41] I get the error "apt-get install build-essential." but the "build-essential" package is installed and up to date. How can i fix this? [12:42] <_ruben> there's nothing to fix [12:42] err sory errors is "error: C++ compiler cannot create executables" [12:45] UndertakerX2: Remove the '.' at the end? [12:46] what . there is no . in the eroor "error: C++ compiler cannot create executables" [12:47] You said: "apt-get install build-essential." [12:48] Also, you probably need to install g++ [12:48] sudo apt-get install g++ [12:48] then i corected myself after _ruben replied [12:48] already installed [12:48] Although, that should be included in build-essential. [12:48] Dunno. Look at the config.log [12:49] that was the only problem i found [12:50] http://pastebin.ubuntu.com/116439/ but maybe i missed something? [12:54] how do i change the sim link for g++? === _AshTray- is now known as AshTray- [13:25] i have a file server and i've set up samba for sharing home dirs to windows boxes, nfs for linux and what can i do to make it easy for mac guys? [13:26] tell them to use nfs or samba? [13:26] you'll have to set up 'unsecure' nfs for mac [13:26] how does gnome build the 'network' list of servers [13:26] so it's better for them to use samba [13:27] or, there's netatalk for old afp protocol [13:30] what protocol builds up the 'Network' file browser [13:31] wrong place for that question [13:31] try #ubuntu [13:31] i'd say it's smb [13:33] its not smb as there is 'Windows NEtwork' [13:33] all the macs are appearing there [13:35] macs have samba too [13:35] it shows computers from same workgroup [13:35] if you select windows network, it shows all workgroups [13:36] apple suggests using smb as default network protocol [13:36] nfs is also supported [13:37] afp is considered old, but imho, still is the best file sharing protocol for macs [13:37] its doing something more [13:37] as its picked up an sftp server [13:37] are you sure that sftp server doesn't have smb? [13:37] hi, operationally how different is 8.04 LTS and 8.10? am i going to continually run into issues installing PHP 4, MySQL 5 etc on .04? I like the sound of the LTS release, but if its more hassle to support locally.... [13:37] php4? [13:38] why would you use php4? [13:38] ivoks: legacy code [13:38] RichardP, if you want to for production go with 8.04 [13:38] i don't think php4 is in 8.04 [13:38] well, i'd still go with 8.04 [13:38] fw1: i would be surprised if it isnt [13:38] !info php4 hardy [13:39] RichardP, its not [13:39] Package php4 does not exist in hardy [13:39] then im screwed [13:39] you can always install and maintain php4 from source yourself [13:39] even php5 is old :) [13:39] Deeps: i wanted to avoid that [13:40] anyone has seen thing like that, lsi 1030 hard drives just wont show up [13:40] i have two x345 ibm server [13:40] one installed everytokey [13:40] everything okey [13:40] but with second server cant find drives [13:40] any suggestions _ [13:40] ? [13:41] have you initialized drives in raid controller? [13:41] ivoks, its resyncing array at the moment [13:41] thou there was live system running on it before [13:41] i tried to install ubuntu on it [13:42] thou redhat [13:42] all driver disks i have found are aswell for redhat/suse [13:42] you have lsi raid controller? [13:42] yes lsi 1030 [13:43] both boxes to [13:43] that what makes it strange [13:43] thats [13:44] 8.04? [13:44] yes [13:45] any errors in logs? [13:46] hmmmz will check === jjesse__ is now known as jjesse [13:53] ivoks: sorry was afk, lemme check [13:55] ivoks: it gives the same output as in the email :) [13:55] sergevn: that means your spamassassin is configured for verbose output [13:57] check /etc/spamassassin/* [13:57] i'm sure you changed something there [13:57] in local.cf everything is outcommented === KterinK is now known as dou213 [13:59] could you paste that line again? [13:59] what line? [13:59] the output [14:00] sec [14:00] $ /usr/bin/sa-learn --sync [14:00] bayes: synced databases from journal in 0 seconds: 117 unique entries (117 total entries) [14:01] https://bugs.edge.launchpad.net/ubuntu/+source/amavisd-new/+bug/165184 [14:01] Launchpad bug 165184 in amavisd-new "amavisd-new + spamassassin: cronjob spams root user" [Medium,Triaged] [14:02] yeah found that one, but the date is 2007 [14:03] really strange booted up ubuntu again to check the logs for errors and what happens it found my hdd [14:03] only option is that my array was broken or smt [14:03] sergevn: so what? last activiy is 4 days ago [14:04] kinnaz: it probably wasn't initalized [14:04] ivoks, thou i didnot change anything in raid configuration util [14:04] just booted up debian [14:04] then it hanged or smt [14:04] and then booted up ubuntu cd [14:04] thou it was resyncing my array [14:04] all the that time [14:04] ivoks: ok :) well i thought that if it was reported in 2007, and having problems since an update it would not matter :) [14:04] ivoks, tnx for help anyways === KterinK is now known as dou213 === espacious_ is now known as espacious [14:18] ivoks: thanks for the help ivoks, going to try those hacks later tonight [14:19] Hi. Is there a netboot installer for ubuntu server? The only one I can find is this: http://archive.ubuntu.com/ubuntu/dists/hardy-updates/main/installer-i386/current/images/netboot/ [14:20] and that seems to be a regular ubuntu installation. [14:20] The CD drive on my very old Dell only reads the inner parts of a CD, so I need a small iso :-p [14:25] Ko_deZ, i would suggest you to go pxe boot [14:29] kinnaz: Thanks for the tip. Will have a look at it. [14:37] Why do my servers crash when I try to get an iscsi-device attached? [14:37] (Hardy) [14:37] <_ruben> ouch [14:38] <_ruben> wasnt there a bug in open-iscsi some time ago .. or are you using iscsi hba's? [14:39] I'm trying to mount iscsi-devices exported by Sun storage (open storage, solaris) [14:40] <_ruben> server fully up to date? (wrt to the open-iscsi bug) [14:40] I just dist-upgraded :) [14:41] It's pxe-booting as we speak :) [14:41] So that will be a complete reinstall [14:42] <_ruben> havent tried ubuntu as initiator, only as target .. using esxi's software initiators at the other end of the "wire" [14:42] Jeeves__: did you try to mount an iscsi volume from your netapps? [14:43] exported by Sun storage (open storage, solaris) [14:43] I wasn't even mounting yet [14:43] just discovering and attaching [14:45] <_ruben> bah .. why is squid's logging so damn nasty .. its pretty much undoable to write filter regexps for the useless stuff [15:03] I just installed server with the LAMP, Samba & FTP options. Testing FTP results in no connection. Any idea which FTP package was installed and where the conf file is? [15:04] dpkg -l |grep ftp [15:04] at a guess, vsftpd, and the configuration should be in /etc/vsftpd/ [15:04] good idea [15:04] Deeps: nope not fsftpd [15:05] Deeps: it's using ftp/lftp.. ftp is the client and lftp is the server [15:05] task-sel --list-tasks, find the task name for the ftp server [15:05] then tasksel --show-packages [15:05] lftp is a client, not a server [15:05] Scunizi: how did you install FTP server? [15:06] oh.. hard to tell on the readout of the grep command [15:06] ivoks: as part of the standard install of the server edition.. there's a point that asks what additional services you want.. I ticked Lamp, samba and ftp [15:07] but dpkg -l | grep vsftpd results with nothing [15:07] either you didn't select it or you've hit a bug [15:07] which ubuntu version is that? [15:08] cant be hardy, no ftp-server task in hardy [15:08] at least, according to tasksel, anyway [15:08] i don't think we have ftp task at all [15:08] ivoks: it rusults in ii ftp (next line) The FTP client (next line) ii lftp [15:08] Scunizi: notice: dpkg -l | grep vsftpd [15:08] vsftpd [15:08] not ftp [15:08] k [15:09] Scunizi: what ubuntu version is that? [15:09] looked in ~ for the .vsftpd.conf file but there wasn't one.. grep returns nothing .. version is 8.10 [15:10] vsftpd is system service [15:10] it doesn't have users configuration [15:11] you just didn't install ftp service [15:11] I haven't yet manually.. [15:12] right, there's no FTP task in ubuntu-server [15:12] http://images.howtoforge.com/images/perfect_server_ubuntu8.10/24.png [15:12] so, you installed something else... [15:13] tasksel --list-tasks | egrep ^i [15:13] ivoks: yep.. the pic jogged my memory .. it was ssh .. should have remembered that since I'm on the server box via ssh now. [15:13] this will tell you what you have installed [15:13] there you go... [15:13] we suggest vsftpd as FTP service [15:14] once you install it, configuration file is /etc/vsftpd.conf [15:16] ivoks: yes.. I have vsftpd on another machine and works well. I have issues though, setting it up so Joomla functions..It's been driving me nuts for several days [15:16] vsftpd has nothing to do with joomla [15:17] ivoks: it does on the back end when you need to change templates or upload pic etc.. [15:17] ivoks: not just vsftpd but ftp in general.. [15:17] dou213: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/308952 may relevant to you [15:17] Launchpad bug 308952 in vsftpd "FireFTP(Mozilla) cannot LIST files" [Undecided,Incomplete] [15:18] interesting [15:20] so maybe proftpd? [15:21] hmmmz anyone worked around with drbd ? [15:21] should i make the filesystems to partitions i want to sync before sync ? [15:22] <_ruben> kinnaz: not too sure about your wording, but the sync can be initiated either before or after the partitions are in use (data wont be destroyed) [15:22] <_ruben> *if* done correctly [15:22] <_ruben> but no, i dont have any experience with drbd, just did some limited research [15:22] _ruben, i have no data just two partitions without filesystems, was wondering what type of filesystem i should create to there [15:23] <_ruben> whatever filesystem you want to use [15:23] ah okey tnx :) [15:23] not FAT [15:23] <_ruben> there's tons of howtos out there on how to setup up dbrb properly [15:23] <_ruben> drbd [15:24] yeah i was following the guide at drbd website [15:24] just it mentioned lvm and stuff like that [15:24] couldnot figure out can i use ext [15:24] Scunizi: that's a bug in client, not server [15:25] Scunizi: notice 'Hello, i reverted back to FileZilla_3.0.7.1_i586-linux-gnu.tar.bz2 and it is working fine now' [15:25] Scunizi: that bug has no relation to you, it was for dou213 (notice the line prefixed with dou213:) [15:26] <_ruben> when using drbd i'd use lvm logical volumes to replicate, makes things a tad easier .. i hardly ever use "raw" partitions these days, apart from /boot [15:27] Deeps, ivoks thanks.. I was just picking up on that. with joomla it's just a setup issue. there's lots of how to's but nothing a-z definitive. Once I figure it out I'll have to write one [15:29] Scunizi: you'll probably find that whatever issue you have with vzftpd+joomla, will occur with any other ftpd [15:29] Deeps: I'm sure.. [15:29] Scunizi: anyway, good luck configuring joomla :) [15:30] Deeps: thanks. on public shared servers it hasn't been an issue at least with the isp's I use. on the home server it's been a little different :/ [15:33] soren: where you the one looking at cobbler a cycle or two ago? [15:34] jcastro: Yes. [15:34] fyi, 1.3 seems to support debian/ubuntu directly: https://fedorahosted.org/cobbler/wiki/SupportForOtherDistros [15:34] jcastro: Oh, someone else did my job. Fantastic! [15:35] I wonder if someone has messed with it yet [15:51] thx Deeps, i'll give it a check [16:00] what is the most common cause of max cpu utilization by udevd? [16:01] server team meeting in #ubuntu-meeting now [16:08] !screen [16:08] screen is a terminal multiplexer. See http://www.kuro5hin.org/story/2004/3/9/16838/14935 and http://en.wikipedia.org/wiki/GNU_Screen [16:40] Anyone have success installing Ubuntu server with hardware raid on an HP Proliant dl160 g5--or is software raid the only solution? [16:43] hi. what is the best way to set up an FTP server ? [16:46] orudie: sftp (imo) [16:47] which would be a recomended file system to store email on a SAN? [16:47] imo ? [16:47] i usually use xfs [16:47] orudie: in my opinion [16:48] right, but how would i make useres login to the same directory [16:48] the FTP users [16:48] orudie: hmm, i read a how to once... [16:48] ill have to look for it [16:48] heheh ok [16:51] ivoks: is there a wiki page to track the postfix/dovecot integration? [16:52] no [16:52] i was working on this today [16:52] trying to get it in before FF [16:52] ivoks: I'm just trying to remember what are the goals [16:52] goal is to provide full postfix-dovecot integration [16:53] including, not related to that, maildir support [16:53] and other optimizations [16:53] ivoks: right - that means: maildir by default in /home/$USER/Maildir/, postfix using dovecot sasl, postfix using dovecot lda [16:53] i don't see why i can't use ucf to take over package [16:53] it even has examples in man page how to do that [16:54] mathiaz: right [16:54] s/package/config [16:55] orudie: take a look at . at the bottom of the page, you'll find a method for 'jailing' users in their own directories [16:56] ivoks: since we've decided to provide a tight integration between dovecot and postfix I think that dropping a different configuration file and update the init script to look for it is the easiest solution [16:57] how about making dovecot.conf a link to dovecot-original.conf in dovecot-common, and then in dovecot-ubuntu, making it a link to dovecot-ubuntu.conf? === cjwatson_ is now known as cjwatson [16:57] erzlaute, right, but if i want multiple users to access the same directory for FTP === Abracadabra is now known as [Abracadabra_Lon [16:57] that way we don't have to change init script === [Abracadabra_Lon is now known as [Abra_London] [16:58] or use alternatives or something [17:01] oh, right--sorry--i should've read more closely. not sure how that would be done securely...maybe a better solution will come up [17:03] anyway, dovecot needs serious update [17:03] new version [17:04] Adri2000: what's your proposal? [17:04] ivoks: yeah - it seems that experimental has an up-to-date package. [17:05] mathiaz: current is .11, irrc [17:05] iirc too [17:05] ivoks: well - I don't know if symlinking would be accepted [17:06] cjwatson: ping :) [17:06] wanted to ask about what samba version do we want in jaunty. 3.3 is out but it may not be a good idea as it's really recent. the latest release of the 3.2 branch is 3.2.8 whereas jaunty only has 3.2.6. does anyone object to updating samba to 3.2.8? [17:06] let's ask before we spend another day for nothing :D [17:06] jaunty has 3.2.5 even [17:07] Adri2000: right - there is a discussion about that on the samba maintainer list in debian [17:07] ivoks: yes [17:07] ? [17:07] cjwatson: i have a question [17:07] just reading scrollback [17:07] cjwatson: would creating symlinks (dovecot.conf -> dovecot-[ubuntu|original].conf) be bad? [17:07] * andol isn't sure about 3.3, but would definatly not mind seeing 3.2.8 in Jaunty. [17:07] why is a symlink necessary? why not just run dovecot with some different argument to use a different configuration file? [17:07] that would be perfectly reasonable and far less complex [17:08] cjwatson: cause then will have to change init script [17:08] so what? [17:08] ivoks: I thinks that's reasonable [17:08] ok then [17:08] honestly, messing about with configuration files and symlinks is going to get you tons of bugs down the road [17:08] keep it simple [17:08] ivoks: some of the init scripts have specific logic to handle ltsp [17:08] if [ -f /etc/dovecot/dovecot-ubuntu.conf ]; then NAME=dovecot-ubuntu [17:09] mathiaz: http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2009-February/thread.html which one? [17:09] Adri2000: http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2009-February/006337.html [17:10] or, better CONF=blablabla, instead NAME [17:10] cjwatson: thank you! [17:10] i realize that a fresh install of Ubuntu doesn't have UFW turned on, but is there a type of firewall that's already on? i think my port 9103 (bacula) should be trying to accept data.. but i'm getting a connection refused. is there something blocking it? [17:10] should i just turn on ufw and ask it to open 9103? [17:10] mathiaz: but, i already see tons of bugs 'i've changed this and this in dovecot.conf, and nothing works' :) [17:11] AndyGraybeal: what do logs on that server say [17:11] AndyGraybeal: Shouldn't be any rules active by default. You can always check by running "sudo iptables -L" [17:12] ivoks: right - we could drop a comment in dovecot.conf about that [17:12] ivoks: or change the way configuration files are used [17:12] Faust-C: what log do you have in mind, in particular? (i'm fairly new to this and i understand that /var/log/syslog is important... i do see a /var/log/bacula/log but it doesn't look like much is in it. [17:13] ivoks: hm - nevermind [17:13] ivoks: it would too complicated [17:13] right [17:13] ivoks: let's just modify the init script to use dovecot-postfix.conf if it's there [17:13] ok [17:13] and i'll add warning in dovecot.conf [17:13] ivoks: and add a comment to dovecot.conf to point to dovecot-postfix.conf if it's there [17:13] big warrning :) [17:13] AndyGraybeal: like andol said firewall isnt on by default [17:14] but there is also /var/log/messages [17:14] AndyGraybeal: you should check if bacula is listening on port 9103 [17:14] AndyGraybeal: and is accepting connection from the outside - it may be configured to only listen on localhost [17:15] mathiaz: i've forgot to mention one thing at meeting [17:15] thank Faust-C and andol -- andol i tried the 'sudo iptables -L' and i don't really understand what it says- - but this is a fresh install, and i haven't touched iptables or ufw yet. i'm trying to get bacula working (first thing) before i enable anything else. [17:15] ivoks: no problem, hope that's all doable, sorry for sticking my oar in late [17:15] ivoks: I wouldn't call the package ubuntu-mail-server [17:15] ivoks: dovecot-postfix seems the best choice IMO [17:15] mathiaz: should we enable managesieve by default or not? none of ubuntu clients support it [17:16] mathiaz: right, i won't call it ubuntu-* [17:16] mathiaz: ahh interesting, i did an 'nmap -p1-65535' (or something like that) to see what would turn up on my host, and it only showed port 22 (ssh obviously) was open. [17:16] ivoks: the managesieve patch is included [17:16] mathiaz: where do i look to see if bacula isn't accepting connections from the outside? [17:16] mathiaz: still, managesieve is just great stuff, supported by kmail and thunderbird plugin [17:16] ivoks: what do you mean by enabling it? [17:16] mathiaz: ok, but that doesn't say what we decide for ubuntu jaunty [17:16] ivoks: I agree. [17:16] mathiaz: managesieve listens on port 2000 [17:17] AndyGraybeal: what does "sudo netstat -tlp" tell you? It should give you information about which services listens on which ports. [17:17] mathiaz: so, it's an additional port, but none of our clients (except kmail) can use it [17:17] AndyGraybeal: netstat -lnp [17:17] out ob the box [17:17] evolution even doesn't want to work on it [17:17] ivoks: that's ok [17:17] ok [17:17] so, on by default? :) [17:17] ivoks: a new port can be opened. [17:17] i know [17:18] ivoks: we'd have to make sure that sieve scripts are stored correctly and processed by the lda [17:18] right, there's an open bug about that [17:18] Adri2000: true - but it gives us clues about what debian is doing [17:18] any users can overwrite others sieve scripts :D [17:18] Adri2000: and we're working closely with debian on the samba packages [17:19] ivoks: oh! that should be fixed before enabling managesieve by default then [17:19] of course [17:19] ivoks: as we're close to FF may be we should defer managesieve by default for the next release [17:20] well, we have to update dovecot anyway [17:20] once we do that, we've closed that bug [17:20] mathiaz: I know, and I already asked slangasek about that. he said 3.3 is probably not a good idea but a more recent version of 3.2 should work. so does anyone in the server team disagrees? [17:21] ivoks: let's focus on updating dovecot and integrate with postfix (sasl, maildir and lda) [17:21] Adri2000: I think trying to get the latest 3.2 would be a good thing [17:22] ok [17:23] Adri2000: however we'd have to package the latest release since debian won't push it to unstable before our FF [17:24] why wouldn't they? Steve told me it was possible [17:24] Adri2000: true - what matters here is a timeframe [17:25] Adri2000: we need to get 3.2.8 (IIRC) before Thursday, next week [17:25] andol and Faust-C okay, i've done both netstat commands, 'netstat -tlp' shows me that 'bacula-dir' and 'bacula-sd' are doing something (i can't see what. 'netstat -lnp' shows me that 127.0.0.1:9101 and 127.0.0.1:9103 (the bacula ports) are LISTENing; can you help me with what this may mean? [17:25] Adri2000: and I don't think that debian will package 3.2.8 for unstable within a week [17:26] AndyGraybeal: If you'd like to interpret the result you can always paste it onto http://paste.ubuntu.com/ [17:26] New bug: #327703 in dnsmasq (universe) "DHCP Request Cycle can get caught in infinite loop" [Undecided,New] https://launchpad.net/bugs/327703 [17:26] rad thanks andol [17:26] mathiaz: see the end of http://irclogs.ubuntu.com/2009/02/08/%23ubuntu-devel.txt and the beginning of the next day [17:27] i'm going to go through my bacula .conf files to see if i can make heads or tails to see if i'm only accepting from localhost or something like mathiaz said. [17:28] cause i pretty much swear i haven't to uched any firewall stuff [17:29] Adri2000: ok - well we'll see then [17:29] Adri2000: if 3.2.8 hits unstable before FF we can merge it [17:31] ok, I'll follow this closely, to make sure we either have it via merging from debian or via packaging it ourselves [17:32] why did we choose IT/computers? I should have chosen the blue pill.... [17:32] lol teddy [17:54] lamont: is there a way (like postconf) to write something in master.cf? [17:55] lamont: if i would like to integrate amavis with postfix, right from amavis package, for example [17:55] afaik, there's no such thing [17:56] okay, bacula doesn't want to connect to either 'buddleia:9103' (buddleia is the host name) or 'localhost:9103' i don't know what to do ... (i understand in the bacula director conf file i'm not supposed to use 'localhost' in the 'storage' section, i just did it for testing purposes. [17:56] so bconsole connects fine to the director, but the director isn't connecting fine with the storage daemon [17:57] AndyGraybeal: i could help, just give me a minute to sort some thing first [17:59] ivoks, thank you so much. i guess i'm still in the holding hand stages with this -- i've been working with linux off and on for almost 10.. probably more.. years.. and i still don't understand it [17:59] i've got a grypted root volume from which i boot, is it possible to type in the passphrase via tty0 and ttyS0? [18:00] kraut: why not? [18:00] AndyGraybeal: ok, let's see [18:00] and how? [18:00] a created ttyS0 in event.d, the getty starts after that [18:01] kraut: you need to tell grub to use terminal [18:02] it does, but i'm not able to type in the passphrase [18:02] kraut: you see the output? [18:02] i can move through the menu of grub, but after i boot the kernel, it stops [18:02] kraut: that's not it, do you see kernel loading in terminal? [18:02] kraut: that's *after* grub is loaded [18:03] no [18:03] kraut: http://ivoks.blogspot.com/2008/09/full-control-over-server.html [18:03] kraut: check out grub section [18:03] serial --unit=0 --speed=9600 [18:03] terminal --timeout=10 serial console [18:03] that are the first lines of menu.lst [18:03] ivoks, what do you want me to share with you? [18:03] kraut: quiet serial console=ttyS1,57600n8 (in my case) [18:03] aha! [18:03] yeees, that's it [18:03] gah! ;) [18:03] AndyGraybeal: just a second [18:03] ivoks, also looks like i lost my mouse.. so i can't cut and paste (i'll bring in a mouse on friday [18:04] AndyGraybeal: so, in bconsole [18:04] AndyGraybeal: when you do status, it waits where? [18:05] i've never done status before... i have 1,director, 2 storage, 3 client 4 all [18:05] just go ahead and hit 2? [18:05] 4 [18:05] all [18:05] k [18:06] did it stop somewhere? [18:06] or did everything go without problems? [18:06] yea, 'failed to connect to Storage daemon File' also failed to connect to Client [18:06] but it connected to the first one, the director [18:06] ok, let's take care of storage first [18:06] which ubuntu version is that? [18:06] 8.10 [18:06] server amd [18:06] nise [18:06] nice [18:07] ok, open bacula-sd.conf [18:07] k [18:07] check the Storage section [18:07] is there SDAddress? [18:07] yea, it's 192.168.2.104 ... originally it was 127.0.0.1 .. i changed it for 'testing' purposes because id idn't know what was going on -- i don't mind changing it back to 127.0.0.1 [18:07] ivoks: now i'm only able to type in the passphrase via ttyS0 [18:08] AndyGraybeal: just delete it :) [18:08] delte.. okay [18:08] how abotu # instead of delete? [18:08] w/ iscsi how do you have it auto mount devices after iscsi works [18:08] kraut: that's why you can have multiple grub entries, where you can define for each how to handle that problem [18:08] AndyGraybeal: or comment it out, yes [18:08] ivoks: isn't there any soloutions? :/ [18:09] and per default there is only standard and rescue [18:09] perhaps i need to violate rescue for that [18:09] kraut: i didn't think about them and now i'm helping AndyGraybeal, and i can't help everybody at the same time :D [18:09] ivoks == god [18:09] no, i'm not [18:10] pff ;) [18:10] it works! holy crap [18:10] AndyGraybeal: it does? nice [18:11] AndyGraybeal: open bacula-dir.conf [18:11] AndyGraybeal: find 'Storage' section [18:12] ok [18:12] AndyGraybeal: check Address [18:13] address = buddleia (my server name) [18:13] Address in Storage section of bacula-dir.conf and SDAddress in bacula-sd.conf must be the same [18:13] hmm [18:13] buddleia needs to resolve to 192.168.2.104 [18:13] i thought i just uncommented SDAddress out in bacula-sd.conf [18:14] i'm just telling where the problem was [18:14] aaah understood [18:14] now, bacula-sd listens on all IP addresses [18:14] but you might want to squize that a bit [18:14] *understood. [18:14] if director and storage are on the same server [18:14] it would be reasonable to hade localhost for Storage Address and SDAddress [18:15] s/hade/have [18:15] buddleia doesn't really resolvge i don't think.. i just made the name up [18:15] how do i know if it resolves? [18:15] hehe [18:15] ah so your saying i could just use localhost then and all is okay? [18:15] AndyGraybeal: yes [18:15] on both [18:15] rock on thank you [18:15] for Storage [18:15] not for everything [18:15] ivoks: there's a tool that scottk gave me that's in postfix. outside of that (which we can modify...), there isn't a postfix-provided api [18:16] ivoks, for storage and director, correct? [18:16] AndyGraybeal: correct [18:16] notice that we haven't talked about Director at all :D [18:16] lamont: ok [18:16] lamont: i'll check it out [18:17] ivoks, nods, is there a reason .. should i not touch my director conf? [18:17] AndyGraybeal: no, i'm just saying... bacula is very complex piece of software [18:17] AndyGraybeal: Storage section in bacula-dir.conf describes how to contact storage daemon [18:18] AndyGraybeal: you could have director on one machine, storage on another, clients all over the world and console on your ipod [18:18] AndyGraybeal: bacula makes that possible, but cause of that, for newcomers it's PITA to set up :D [18:19] AndyGraybeal: in 8.10, everything should be set up out of the box, so i don't really understand why you changed configs :D [18:19] thanks alot ivoks. so far director and storage are on the same place, no ipod with linuxes yet for me. [18:20] ivoks, it didn't work, i didn't change the configs! [18:20] it did [18:20] remeber the SDAddress? :) [18:21] bacula is nice :) [18:22] very nice :) [18:23] sommer: is the ebox fix in a ppa or somewhere i can get the .deb? [18:23] nxvl: dont tell me you use ebox to run your system [18:23] no [18:23] a friend of mine is having troubles [18:23] :D [18:23] he updates from hardy to intrepid [18:23] updated* [18:24] http://forum.eboxplatform.com/index.php?topic=980.new;topicseen#new [18:24] nxvl: riiiight...:) [18:25] if it isn't reported on launchpad, it doesnt't exist :D [18:25] heh [18:27] when is FF? [18:27] i would like to squeeze support for DELL servers into ipmitool :) [18:28] okay, ivoks, thanks for the hand holding. appreciated. [18:28] AndyGraybeal: everything works now? [18:28] i'm pretty sure i can go from here. [18:28] if you have problems with client, check FDAddress [18:28] status turns out fine thoug, still need to play with the client, but i think i'll be fine with that [18:29] in client's bacula-fd.conf and Address in Client section of bacula-dir.conf [18:29] gotcha, awesome th anks for say ing that. [18:30] np [18:30] and, if you find some bugs, report them on lp [18:30] i'm trying to keep bacula in shape in ubuntu [18:30] but there's one bug across all ubuntu version >8.04, which i'll deal with next week :D [18:32] nxvl: I think interpid-proposed [18:32] nxvl: other than that I don't think so... the version in my ppa is old [18:32] mm [18:33] i don't find it on -proposed [18:33] i will apply your patch and upload to my ppa [18:33] ivoks: all checks out good now. [18:33] nxvl: err wherever mathiaz uploaded it [18:33] AndyGraybeal: i know, that bug isn't related to you, since you've managed to install bacula :) [18:33] nxvl: if you want to run the latest the ebox-ppa has packages that work for intrepid [18:33] really? [18:34] AndyGraybeal: i wasn't talking about the bug :P but just about the last test i ran with the Client alsol. [18:34] ok [18:34] nxvl: it's not the version that shipped with intrepid, but it will run on intrepid.. if that makes sense [18:35] right [18:35] he just wants it to run [18:35] nxvl: https://launchpad.net/~ebox-unstable/+archive/ppa [18:35] in case you didn't have it :0 [18:36] i was looking at https://edge.launchpad.net/~ebox/+archive/ppa [18:36] ah, probably the same thing [18:37] yeah one is stable and the other developent i think [18:43] ivoks, can you help me with btape? i'm doing this: "sudo -u bacula btape -c bacula-sd.conf Quantum" it gives me a prompt with no errors, i type 'test' and nothing happens. [18:44] sudo -u bacula "btape -c bacula-sd.conf Qantum" ? [18:44] well the quotes were around the whole thing.. just to distinguish it from the rest of my typing [18:44] but, that's wrong [18:44] sudo -u bacula "btape -c bacula-sd.conf Qantum" [18:45] otherwise, -c will be considered as sudo switch [18:45] interesting [18:46] i swore btape worked y esterday [18:46] now it doesn't? [18:47] looks like it... so evil [18:47] i co uldn't get bacula to work, but btape did the 'test' just fine yesterday [18:49] did you enclose btape in "" now? [18:49] as i told you? [18:50] yea, i did.. and it says: sudo: btape -c bacula-sd.conf /dev/nst0: command not found [18:51] i'm in /etc/bacula (just in case your wondering) [18:51] you didn't then [18:52] sudo is executing bacula-sd [18:52] well earlier it atleast worked, when i enclose it in quotes, it doesn't work [18:52] become root [18:52] sudo -i [18:52] k [18:52] then move to bacula user: su - bacula [18:53] then run, as bacula user, btape -c bacula-sd.conf [18:54] that gets me into bconsole, and i run 'test' and no diec from there. [18:54] *dice [18:54] any thoughts? [18:54] i ran 'test' just fine yesterday [18:54] are you sure you are bacula user? [18:54] ivoks: Note that the scripts lamont added to postfix for adding policy servers or smtpd proxies are very basic. They do the limited thing they were meant to do, but could certainly do with improvement. [18:54] whoami [18:54] ScottK: if they can add amavis, that's all i'm looking for :) [18:55] ivoks: I was cribbing from the amavisd-new docs when I wrote it. [18:55] ;-) [18:55] :) [18:55] ivoks: i did "su - bacula" like you said, and it appears that i didn't become the bacula user [18:55] right, bacula has /bin/false shell by default [18:55] change it tu bash [18:55] to [18:55] ok [18:58] ivoks, okay now i'm 'bacula' i ran btape, and test just sits there. yesterday it made the tape dance a little [18:58] mathiaz: i think i have dovecot sorted out [18:59] mathiaz: care for a debdiff? [18:59] ivoks: sure [18:59] ivoks: I can have a look at it [19:00] why does mtop try to install itself using root@localhost with no password? shouldn't it try to install itself using the debian-sys-maint user? [19:01] or as man mtop states... make a mysqltop user with all privileges set to N except Process_priv ... [19:05] mathiaz: http://www.init.hr/dev/jaunty/dovecot-postfix.debdiff [19:05] pteague: report it as a bug [19:05] aah it says "ensure that bacula is not running" when i use btape.... maybe this will change the circumstances when i turn off bacula. [19:06] ScottK lamont ^^ i'm also interested in your opinion [19:07] ivoks: turning off the storage daemon, made the world of difference when running btape :) [19:07] AndyGraybeal: that's how it works [19:08] <- slowly learning [19:08] lol, ignore the changelog :D [19:10] ivoks: Right. Still needs the script called for the master.cf changes. [19:11] ScottK: yes, but that's another step, to integrate amavis [19:11] ScottK: for postfix+dovecot, this is all that's needed [19:11] OK. [19:11] Right. [19:11] ScottK: i would also like to move roundcube to main for jaunty+1 or +2 [19:11] Sorry. Brain slow today. [19:11] You'd want to add a similar binary to the amavis package for that. [19:11] and include it's sieve patch, so that we have full mail stack [19:12] for what? [19:13] for amavis, only config dropped in amavis's conf.d and two lines in master.cf is enough [19:13] that could be done in postinst of this binary (dovecot-postfix) [19:14] Doesn't amavis have to control that? [19:14] files in conf.d? [19:14] ivoks: why do you need to replace dovecot, dovecot-common in dovecot-postfix? [19:14] ivoks: AFAICT there isn't any file that is shared between the packages. [19:14] mathiaz: ah, good catch, that's from old idea [19:15] ivoks: Yes. Isn't this the same conffile problem that stopped the tasksel approach? [19:15] mathiaz: that's leftover from ucf stuff [19:15] ScottK: tasksel problem was that we couldn't edit files [19:15] there's noting stoping us in dropping files in conf.d [19:16] that's the idea of conf.d [19:16] like /etc/apache2/conf.d [19:16] ivoks: what is managesieve-vritual-users-fix [19:16] ivoks: used for? [19:16] ivoks: is it a security fix? [19:16] mathiaz: fix for https://bugs.edge.launchpad.net/ubuntu/+source/dovecot/+bug/307291 [19:16] Launchpad bug 307291 in dovecot "Security hole in ManageSieve: Virtual users can edit scripts of other virtual users" [Undecided,New] [19:16] mathiaz: yes [19:17] mathiaz: patch is provided by http://dovecot.org/list/dovecot/2008-November/035259.html [19:17] ivoks: ok. [19:17] ivoks: you've also enabled ssl for postfix [19:17] yes [19:17] ivoks: why use /etc/ssl/certs/ssl-mail.pem [19:18] ivoks: ? [19:18] and disabled weak [19:18] ssl [19:18] ivoks: rather than snakeoil directly? [19:18] well, ssl-certs create their own certificate [19:18] mathiaz: i would prefere if users would put their own certicates as ssl-mail, instead of changing configs [19:18] if they change config they'll get unneeded diff [19:19] of configs [19:19] so, ssl-mail is a link on snakeoil [19:19] so user can just relink it or remove it and put it's own [19:19] ivoks: users could update snakeoil directly? [19:19] mathiaz: i know, but in 99% they'll want to change the name :) [19:19] ivoks: or you want to support different certificates on the same system? [19:20] that could also be a usecase [19:21] ivoks: I wonder if Maildir/ is a good location for the user mailbox [19:21] if we prefere users to change config, that's no problem [19:21] mathiaz: that's unwriten default setup [19:22] ivoks: what is the default home_mailbox in postfix? [19:22] mathiaz: lots of howtos use ~/Maildir [19:22] mathiaz: default is none, which is then mbox in /var/mail/ [19:22] ivoks: Good point. [19:22] (re conf.d) [19:23] mathiaz: i'm thinking of removing dovecot's related stuff from postfix, on dovecot-postfix removal (in postrm) [19:24] mathiaz: so that postfix continues to operate once package is removed [19:24] ivoks: right - I was thinking the same [19:24] ivoks: smtpd_tls_auth_only = yes [19:24] yes? [19:24] ivoks: does this mean we won't support some smtp clients? [19:24] no [19:25] this means no SASL if it isn't crypted [19:25] Which is what you want. [19:25] we don't want plain text passwords over wire [19:26] mathiaz: if client doesn't support TLS (i can't think of any), then it won't be able to use SASL [19:26] but it'll be able to use server as a relay host if it is in the same network [19:26] ivoks: Older Outlook/Outlook Express need SMTPS. [19:26] ScottK: really? [19:26] Yes. [19:26] then we'll enable smtps too [19:27] somehow :D [19:27] I think Outlook 2007 was the first to do TLS. [19:27] that can't be true [19:27] Maybe 2003. [19:27] I don't recall for sure. [19:27] I know a lot of people still use Office 2000/XP. [19:28] i'll check that out [19:29] I think the last thing we want is "Sorry, you need to update your MS Office to use ours system." [19:29] we'll enable smtps [19:29] OK [19:30] ivoks: in dovecot-postfix.conf: disable_plaintext_auth = yes [19:30] i think outlook supports TLS for a long time [19:30] ivoks: are we loosing some clients? [19:30] it's just that you have to manualy change port === BBHoss_ is now known as BBHoss [19:31] ivoks: ie some POP/IMAP client won't be able to connect? [19:31] mathiaz: that's the same thing as postfix before [19:31] mathiaz: if you want to authenticate, use imaps or pop3s [19:31] mathiaz: no plain text passwords over wire [19:31] ivoks: ok [19:31] ivoks: mail_max_userip_connections = 5 [19:31] yes [19:31] ivoks: that's too low IMO [19:32] ivoks: thunderbird is known to open multiple connections at the same time [19:32] well... [19:32] we could raise it to 10? [19:32] ivoks: IIRC it opens an imap for each folder :/ [19:32] if that's true, then it's broken [19:33] ivoks: I'd go with the default upstream value [19:33] iirc, 10 for pop, 3 for imap :D [19:33] ivoks: oh you're right [19:33] 10 for imap [19:33] 3 for pop [19:33] ivoks: login_greeting_capability = yes [19:34] ivoks: are we breaking existing clients? [19:34] no [19:34] ivoks: or is it just an optimization issue? [19:34] it's optimization for those that support it [19:34] ivoks: imap_client_workarounds = outlook-idle delay-newmail [19:34] ivoks: ^^ we support more clients OOTB [19:34] ivoks: ? [19:34] yes [19:35] those are bugs in OE [19:35] and this is workaround [19:35] ivoks: same thing for: pop3_client_workarounds = outlook-no-nuls oe-ns-eoh [19:35] ivoks: ? [19:35] yes [19:35] ivoks: postmaster_address = postmaster@localhost [19:35] right [19:36] ivoks: is there a way to get the domain from the debconf db? [19:36] for lda, postmaster_address needs to be set [19:36] i haven't looked for it [19:36] ivoks: or take the domain name? [19:36] ivoks: how does postfix handle that? [19:36] we could do that [19:36] postfix adds localhost as designated address [19:36] so, this should be sane as default, but we could add something [19:36] postfix asks for user input on this one [19:37] ivoks: ok - I'd suggest to mimic what postfix LDA does by default [19:37] but always adds localhost [19:37] imho, @localhost is best option [19:37] ivoks: quota_full_tempfail = yes [19:37] but, i could look into scripting that into something... [19:38] right [19:38] ivoks: re @localhost, I don't what would be the best option [19:38] instead of bouncing email, give sender human report [19:38] people always resend their mail on errors [19:38] ivoks: if @localhost is standard practice we should keep it that way [19:38] ivoks: ScottK or lamont would probably know better on that subject [19:38] mathiaz: postfix deliver to $mydomain, but... [19:39] mathiaz: with $mydomain, it always accepts mail for localhost [19:39] mathiaz: otoh, taking domain name from /etc/mailname [19:39] mathiaz: in some cases results with problems [19:39] when people misconfigure it's mta [19:39] their [19:40] ivoks: ok - I don't know. But I'd do the same way as the default postfix LDA handles the postmaster_address [19:40] that's 'postmaster' :) [19:40] ivoks: regarding the quota, the default postfix LDA doesn't handle that [19:40] without the domain :) [19:40] mathiaz: it does, kind of [19:41] ivoks: ok - so why not setup the dovecot LDA to do the same? [19:41] mathiaz: it returns not quite understandable message [19:41] I think @localhost is a reasonable default [19:41] mathiaz: i didn't try without domain, but i will [19:42] ivoks: auth_socket_path = /var/run/dovecot/auth-master [19:42] ivoks: ^^ why is this commented? [19:43] ivoks: shouldn't this be enabled for dovecot LDA? [19:43] hm... [19:44] i'll check that out [19:45] it should be enabled [19:45] ivoks: so under this setup all mail users are local users [19:45] yes [19:45] ivoks: their email is stored in /home/user/Maildir/ [19:45] yes [19:45] ivoks: where are the sieve scripts stored? [19:46] ivoks: since managesieve is enabled by default, we should make sure it works correclty [19:46] ~/sieve [19:46] ivoks: ie: sieve scripts can be uploaded/managed [19:46] but we could move that into Maildir too [19:46] ivoks: *and* that the dovecot LDA process them correctly. [19:47] ivoks: I don't think that sieve scripts should be under Maildir [19:47] ivoks: or is it common/supported to upload sieve scripts via IMAP ? [19:48] over sievemanage [19:48] or ftp/sftp [19:48] ivoks: as for the security patch it's irrelevant to this setup (but should be included anyway) [19:48] ivoks: since it deals with virtual users (which is not the configuration here) [19:48] this is patch for dovecot in jaunty [19:49] it's not related only to 'setup' [19:49] ivoks: right - it's relevant to dovecot, not dovecot-postfix [19:51] i haven't tested this [19:51] so there should be a new debdiff once i trougly test it [19:52] check this out: [19:52] http://blog.janus.cx/archives/237-dovecot-Fatal-postmaster_address-setting-not-given.html [19:54] when using apt-get, is it possible to download the details of changes in a package? [19:56] argh... [19:56] aptitude shows the generic package description, but I am looking for the details of the fix [19:57] oh... "C" for changelog [19:57] weeee [19:57] mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf [19:57] that should be right :) [19:59] mathiaz: i've checked; having 'postmaster' as postmaster_address is fine [19:59] mathiaz: postfix will add domain then [20:00] or deliver to the alias [20:00] ivoks: great [20:00] ivoks: would it make sense to split all configuration in their own files? [20:01] and it's running without problems without unix_socket_auth [20:01] mathiaz: i don't understand? [20:01] ivoks: something like: dovecot-imap.conf, dovecot-pop.conf, dovecot-lda.conf, dovecot-auth.conf [20:01] ivoks: and then start relevant daemons with their own configuration files? [20:02] hm [20:02] ivoks: would that help in our setup? [20:02] is there a way to import or convert a vcard export from evolution's address book so I can import it into abook? thunderbird and abook don't import vcard files [20:02] mathiaz: we would just have more configuration files to add -postfix too :) [20:03] mathiaz: i wouldn't go there for jaunty [20:03] mathiaz: but we could explore that for +1 [20:04] this doesn't seem to be good :( http://pastebin.com/m55058262 [20:05] pteague: that application isn't supported by ubuntu-server [20:05] ivoks: ok [20:06] mathiaz: so, just for the record, this debdiff doesn't work :) [20:06] mathiaz: i'll provide a new one with some changes [20:06] should be up in next 24 hours [20:06] nevermind .. found a site http://labs.brotherli.ch/vcfconvert/ [20:07] ok, then what should i use to monitor apache? or which ubuntu supports it? [20:07] ivoks: awesome - thanks for taking up this task! [20:07] mathiaz: i hope this time it will get accepted :D [20:10] pteague: well, it works for me on 8.04 [20:10] maybe you have high traffic? [20:11] just installed a VM using intrepid... access.log is 51372 & error.log is 1109 ... not sure why that should cause a buffer overflow issue [20:12] i haven't tested it on intrepid [20:14] anyway, that's all from me for today [20:14] take care [20:22] hi - have just upgraded my server from 7.10 to 8.10 - now nothing works - no server app will start on boot and apache2 wont even start correctly :/ [20:23] lirxis: Did you upgrade directly 7.10 or stepwise 7.10 -> 8.04 -> 8.10? [20:23] ... directly 7.10 to 8.10 ... [20:23] yes 7.10 to 8.04 then 8.10 [20:24] to tell u the truth it worked pretty bad already in 8.04 so i thaught that maybe a upgrade to 8.10 would fix it but it just made it worse [20:24] * ScottK looks around for someone who knows about Apache. [20:25] * ScottK <-- mail server guy. [20:25] my mailserver dont works pretty good either now :/ [20:26] when i got things to work in 8.04 i could not send any mails :/ its pretty bad here :P [20:27] i get this when reconfig: [20:27] Warning: found /etc/apparmor.d/force-complain/usr.sbin.mysqld, forcing complain mode [20:27] hi, i just installed munin master and munin node , what is the difference between the two, and how do i use them ? [20:36] orudie: you can install munin-node on multiple machines, and each node sends the data to one machine which has munin installed [20:40] well, i'm running my first 'fill' onto my tapes; feels good. [20:40] looks like my throughput is roughtly 9250KB/s [20:46] what is the best way to install webmin on 8.10 server ? [20:46] !webmin [20:46] webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead. [20:47] orudie, you *can* do it from the webmin website, but, like ubottu says, it may cause problems :( [21:06] i just installed munin and munin-node, trying http://myip/munin no data there [21:14] !ebox [21:14] ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox [21:28] viezerd, E: Couldn't find package .^ebox-.*. [21:37] try without that first point "." ;) [21:37] @orudie [21:44] viezerd, http://pastebin.com/m6b9ff3f [21:48] viezerd, ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox [21:48] viezerd, ooops sorry [21:49] viezerd, WARNING: the eBox package released with Ubuntu 8.10 (Intrepid Ibex) is broken and cannot be installed. See bug #255368 for information and unsupported workarounds. [21:49] Launchpad bug 255368 in ebox "ebox: Depends: libapache-authcookie-perl but it is not installable " [Undecided,Fix committed] https://launchpad.net/bugs/255368 [21:49] hmmz, orudie ; drop that second point too --> sudo apt-get install ^ebox-.* [21:50] that did it for me [21:50] euh [21:50] viezerd, they say its broken for 8.10 which is what i have [21:53] orudie: I am on 8.04 myselve === Riddelll is now known as Riddell [22:45] how often would people reccomend taking snapshots (i.e. backups) of a file system with mysql on it? [22:47] kansan: it depends on your backup policy. However you'd better use mysql tools to do a backup of your mysql server [22:47] kansan: either mysqldump or mysqlhotcopy to make sure that you have a consistent backup of your mysql databases; [22:48] Yes, dumping the db to some exterior storage on a regular basis is the safest [22:48] i'm going to [22:48] with amazon's EBS snapshots [22:48] but i dont know at what frequency i should run them [22:48] nightly i think for starters [22:49] It depends on how much the data changes [22:50] I liked zrm backup [22:50] kansan: well, how worth is your data? [22:50] how much is it worth [22:50] its important [22:51] heh [22:51] could we lose a day? ugh i donnao [23:57] Hi - upgraded my server from 7.10 to 8.10 today - but that resultet in some problems... First apache2 did not work but that is fixed now :) I can get access to the server through SSH but cant access the shell on the computer locally... And no server app is starting auto. on boot Any ideas how to fix this? === osac7 is now known as OsAC [23:58] in regards to local access, what errors do you see on console or in /var/log/messages or /var/log/auth? [23:58] wait a sec