owh | Having some "fun" with postfix. Last week, email was being filtered because an ironport server decided I had a "poor reputation" - which turned out to be because emails to root were being sent to the internet. I fixed that by setting "mydestination = localhost.localdomain, localhost" in main.cf - all good ... | 00:09 |
---|---|---|
owh | Now I have a problem where mail is filtered because my local mail name does not match my dns mail name, as-in, post fix identifies itself as: "localhost.localdomain", not my dns name. How do I fix this? | 00:11 |
giovani | owh: set mailname | 00:11 |
owh | Well, to fix the first problem, that is now set to localhost.localdomain, rather than my dns name which is what it was. | 00:12 |
owh | If I set it to my dns name, then mail to root gets routed along the internet. | 00:13 |
giovani | it shouldn't | 00:13 |
giovani | that doesn't make any sense, honestly | 00:13 |
giovani | where is this mail being 'routed" to on the internet? | 00:13 |
giovani | what's the destination address? | 00:13 |
owh | To an external SMTP server, initially it was being sent to the non-existent address root@mydomain | 00:13 |
giovani | to WHAT external smtp server? | 00:14 |
giovani | if it's being sent to root@mydomain.com and you own mydomain.com -- this cannot earn you a bad reputation, since nobody but you will see that mail | 00:14 |
owh | The one that is in the MX record for mydomain. | 00:14 |
giovani | wait ... you didn't set mydomain? | 00:14 |
giovani | sigh | 00:14 |
owh | Well, I'm not the smtp server for my domain. | 00:14 |
owh | This is a stand-alone server that sends out VoIP logs every week. | 00:15 |
giovani | why do you need postfix to send out logs? | 00:15 |
giovani | that's serious overkill | 00:15 |
owh | The reputation was because of a poor configuration on the external smtp server. | 00:15 |
owh | This server will eventually become the local mail server within the organisation. | 00:15 |
owh | Is the problem because mydestination *had* mydomain as an endpoint, until I changed it? | 00:16 |
owh | You wrote: "wait ... you didn't set mydomain" -- what did you mean? | 00:17 |
owh | Other than that it made you sigh :) | 00:17 |
owh | When it was broken, before last week, /etc/mailname was set to mydomain.com and mydestinations was localhost.localdomain, localhost, mydomain.com -- that sent root emails to root@mydomain.com, which was being sent to the internet. | 00:19 |
owh | If I set /etc/mailname to mail.mydomain.com, then mail to root gets sent to root@mail.mydomain.com, not to the local server. | 00:27 |
owh | Do I also need to change my hostname and domain, in addition to the postfix settings? | 00:27 |
owh | I really don't want to do that, the machine is known by its local name, not as mail.mydomain.com | 00:28 |
jmedina | owh: so you want mails sent to root go to the local root? | 00:34 |
owh | Yes - in essence. | 00:35 |
Rafael_ | can somebody provide help with backups or sync of data files with an NAS? | 00:35 |
jmedina | owh: what I do is create a transport entry for root | 00:35 |
jmedina | I add this to /etc/postfix/main.cf | 00:36 |
jmedina | transport_maps = hash:/etc/postfix/transport | 00:36 |
jmedina | and then create /etc/postfix/transport with the follow content: | 00:37 |
jmedina | root@mydomain.com local: | 00:37 |
jmedina | and: | 00:37 |
jmedina | postmap /etc/postfix/transport | 00:37 |
jmedina | restart postfix and you are done | 00:37 |
jmedina | of course I recommend to create a local alias for root | 00:37 |
jmedina | this way postfix wont try to send root's mail to a external account when mydomain is hosted in a external server | 00:38 |
jmedina | Rafael_: dont you NAS provide a backup system/feature? | 00:40 |
Rafael_ | jmedina: it is a linksys nas 200, i believe they only do it for windows, my server is ubuntu, and i would like to backup the data only from the server to the NAS | 00:41 |
mattt | anyone here running a xen dom0 on jaunty? | 00:41 |
owh | jmedina: Hmm, that's an interesting approach. I think I've managed to find out what is wrong at this end though. dpkg-reconfigure postfix showed me a different mailname than /etc/mailname, and I suspect that this is what caused the problem. Now that I've made them both the same, it *appears* to work :) | 00:41 |
owh | Rafael_: Does the NAS run rsync ? I have a WD MyBook World Edition II and after some "tweaking", it now runs rsync and I backup to it with a simple rsync command. | 00:42 |
owh | Rafael_: The alternative is to mount it with samba and copy to the mount point. | 00:43 |
jmedina | yeap mount it and backup | 00:43 |
jmedina | smbmount //NAS/share /mnt/NAS -o username=writeuser | 00:43 |
jmedina | you need smbfs package | 00:44 |
Rafael_ | owh: how can i know if it runs rsync?, i have ubuntu server and on top while i learn i have the desktop version, i have samba install and i can see it from Ubuntu desktop on the network area. how can i see it form the command prompt? | 00:47 |
Rafael_ | owh: does the rsync needs to be installed on the NAS or on the ubuntu serever? | 00:52 |
owh | Rafael_: An rsync server needs to be running on the NAS for rsync to work. | 00:52 |
owh | Rafael_: Your ubuntu workstation/server then needs to run an rsync client to talk to the rsync server. samba is simpler. | 00:53 |
jmedina | you can mount the share and then use rsync to copy/sync data | 00:54 |
Rafael_ | owh: if i can see now the NAS from the desktop version, isisnt it already connected thru samba? | 00:54 |
owh | Rafael_: Well possibly, it's more likely connected via gnome_vfs. | 00:55 |
Rafael_ | other question i have, does rsync makes a backup copy or i will be able to see the data, if you dont mind let me elaborate a little bit more | 00:55 |
Rafael_ | i have windows clients connecting to the ubuntu server (i am a newby), they store data like word, jpeg, pdf files in the server, lets say this files are saved in the folder called "main", i would like "Main"to be copy to the NAS so if the server is down my window client can see them from the NAS | 00:58 |
jmedina | Rafael_: so, why dont you mount your NAS share, and then cp -a /sambadata/main /mnt/NAS/ | 01:00 |
jmedina | or even better | 01:00 |
jmedina | rsyn -a /sambadata/main /mnt/NAS | 01:00 |
jmedina | so next time you can only backup only changed data | 01:00 |
owh | +c | 01:00 |
owh | Rafael_: You need to understand that there are two "modes" in which rsync operates, local and network mode, I was talking about the network mode, jmedina is talking about the local mode. | 01:01 |
Rafael_ | jmedina: Thanks, but can you said it in simplier to understand..(sorry for my being newby), and is the data store as is or as a backup extention, also looking over the net i have seen unison and synkron..what would be the direrence | 01:02 |
Rafael_ | Also, i am planning to palce a second NAS at home to also do the sma thing from the ubuntu server..will this be easy with rsync? | 01:03 |
jmedina | Rafael_: I already give you a full solution | 01:03 |
owh | Rafael_: Most of the tools you'll find on the net, with whatever name they dream up, are using rsync underneath - that's a wild assumption, but more or less valid. jmedina provided you with the outline of what is needed. If you're going to do this across the Internet, you'll likely have issues with exceeded bandwidth limits, timeouts and backups going longer than 24 hours. | 01:05 |
owh | Rafael_: You'll also have to deal with the "first" backup, the one where the NAS is empty. And finally, you'll need to deal with users moving a whole tree, which rsync won't notice, it will see new files and deleted files, not moved files. | 01:06 |
owh | Using a NAS as a failover is not really a smart solution. Making your server more robust is likely more effective. A NAS in your stated environment is better suited to an archival backup IMHO. | 01:07 |
owh | A NAS for a few users, fine, it's like a baby server. Once you hit multiple users, not so fine. | 01:07 |
owh | Unless you have a real NAS :) | 01:07 |
Rafael_ | owh and jmedina: thanks so much, so far you 2 have help me a lot, my plan was not for users to use the NAS but the server, in case of crash or server down then the clients can acess the NAS | 01:10 |
owh | Is it on purpose that /etc/mailname and dpkg-reconfigure postfix [mailname] are not the same, or is that a "feature"? | 01:11 |
jmedina | owh: probably postfix is charooted and then /etc/mailname is /var/spool/postfix/etc/ | 01:13 |
ScottK | Yes, we chroot Postfix by default. | 01:13 |
jmedina | I never use myorigin = /etc/mailname | 01:13 |
jmedina | I prefer to use myorigin = mydomain.com directly | 01:13 |
owh | So, is this a trap for young players, or did I do something wrong? | 01:14 |
owh | Or does /etc/mailname not matter and I used it as a red herring? | 01:15 |
Rafael_ | owh: I was planning to do the backup process at nigth and if i do the first backup of the NAS insde the netwrok and tehn take at home for nigth backups and incremental will there be bandwidth problems? | 01:18 |
Rafael_ | jmedina: one more tiem thanks...i knwo you give me directions but for somebody like me new, how should i implemtn and do this in an easy way, were should i start? | 01:19 |
jmedina | Rafael_: if you want automatic backups full/incremental you can install backuppc it support backup on shared folders using cifs+rsync | 01:20 |
owh | Rafael_: That depends on how much data there is, how wide your pipe is, how much data is moved and if network outages occur. In some parts of the world bandwidth is charged by Mb, so you might also see a data charge which might run into thousands of dollars if you're unlucky. Let me say this again: | 01:20 |
jmedina | your NAS provides cifs shares | 01:20 |
jmedina | I think is easier and with a web interface | 01:20 |
owh | Rafael_: ** YOU CANNOT GUARANTEE ** that a backup completes in 24 hours, so running multiple backups over the top of each other is a recipe for problems. | 01:21 |
owh | Rafael_: Over a slow WAN, this is especially true. Over a LAN it's possible, but not probable. | 01:23 |
owh | Rafael_: All I'm saying is "Administrator Beware". | 01:24 |
Rafael_ | owh: do not understant your last line, please expalin? | 01:24 |
owh | Rafael_: When you are the administrator of a system, you are responsible for the pitfalls of that system. If you create an elephant, you are in charge of its nurture. If you create a backup system that explodes, it's your neck. So, "Administrator Beware". | 01:25 |
Rafael_ | ok i got it | 01:26 |
owh | Rafael_: The minefield you just stepped into is one where great pain awaits if you're not careful. | 01:26 |
Rafael_ | so is the solution that jmedina gave me better with bckuppc? | 01:27 |
owh | backuppc uses rsync :) | 01:27 |
Rafael_ | owh: so in your opinion, where should i start, and how should i do this? | 01:28 |
Rafael_ | owh: in relation to 24h backup...if i bring the 2nd NAS at the office and do the first backup there woulnd the incremental be faster over the net? | 01:29 |
owh | Rafael_: Start as jmedina suggested. Mount the NAS partition locally on your server using samba. use rsync to backup to it. Monitor the backups and see what you learn about the behaviour of your users. Expand the system as required. | 01:29 |
owh | Rafael_: In a small LAN I run there is a NAS used like you're proposing. In addition there are two physical drives that alternate daily - a user comes in and removes the old drive and adds the new one. The server has RAIDed disks. | 01:30 |
Rafael_ | owh: thanks so much and sorry for so many question...how do i mount the nas on the server? | 01:30 |
owh | On the Phone | 01:30 |
Rafael_ | owh: on the phone...i can call if you tell me where? | 01:31 |
jmedina | :D | 01:32 |
ScottK | Rafael_: He's saying he's on the phone and can't pay attention right now. | 01:33 |
Rafael_ | thanks ScottK, i guess was a dum comment mine/, | 01:34 |
ScottK | It's not a problem. | 01:34 |
Rafael_ | do you know how to Mount the NAS partition locally on your server using samba. | 01:35 |
ScottK | I don't know a thing about Samba. | 01:36 |
owh | Rafael_: jmedina gave you the basics of the mount command. I suggest you look for some examples in the manpage. | 01:40 |
Rafael_ | in the mainpage of ubuntu, samba or rsync? | 01:41 |
owh | samba | 01:41 |
Rafael_ | Also he said: cp -a /sambadata/main /mnt/NAS/ and then he said better rsyn -a /sambadata/main /mnt/NAS, so should i try the later one? | 01:43 |
owh | Rafael_: The first command copies all the files. The latter will only copy the difference, but the command is rsync, not rsyn, and you should also look at the --delete flag. | 01:44 |
Rafael_ | what do you mena with "delete flag | 01:45 |
owh | Rafael_: read the rsync manpage | 01:46 |
Rafael_ | ok will do my homework, thanks so much | 01:46 |
owh | Excellent. | 01:47 |
Rafael_ | owh is very hard to find people as helpfull and friendly as you, thnaks so much | 01:47 |
owh | And here I thought I was being abrupt :) | 01:47 |
Rafael_ | absolutely not | 01:48 |
owh | Give it time :) | 01:48 |
TimReichhart | hey guys I am just wondering if you guys could help me out I want to know if there is anyway that I can watch my incoming and outgoing mail logs on dovecot/postfix? | 02:21 |
owh | tail -F /var/log/mail.log | 02:21 |
TimReichhart | alright can I do that in a link some how? | 02:23 |
giovani | what do you mean by a link? | 02:25 |
TimReichhart | like say domain.com/smtp then it will show the logs | 02:29 |
giovani | you mean you want your mail logs displayed via a web server | 02:29 |
giovani | I wouldn't advise that | 02:29 |
giovani | what's wrong with sshing into the server and looking at the logs? | 02:29 |
TimReichhart | well see only people with admin rights will be able to see it | 02:30 |
ScottK | Right. That's a feature, not a bug. | 02:30 |
giovani | how are you authenticating them? | 02:30 |
giovani | it seems overly complex to set up an entirely separate auth system on a web server just so that people can see logs they can see right on the server with proper permissions | 02:30 |
TimReichhart | there is only going to be 2 admins so when they click on the link its going ask for a password | 02:31 |
TimReichhart | its going to be setup as .htaccess | 02:31 |
giovani | TimReichhart: well, you can create a symlink to the file if you really want | 02:31 |
giovani | but I don't see the advantage here -- it only increases risk | 02:31 |
TimReichhart | well can you please tell me how to do that giovani | 02:31 |
giovani | ln -s /var/www/smtp-log /var/log/mail.log | 02:32 |
giovani | or whatever your mail log is named | 02:32 |
TimReichhart | alright thanks | 02:32 |
giovani | oh I apologize | 02:32 |
giovani | that's backwards | 02:32 |
giovani | ln -s /var/log/mail.log /var/www/whatever | 02:32 |
TimReichhart | thank you for your help | 02:33 |
owh | I'm in the process of investigating implementation of google apps for a client domain. There is a local ubuntu server within their lan, but they like the integration that google offers. What I'd like to figure out is: "If I migrate them all to google apps, how can I configure the ubuntu server to act as their local mail server, so internal email stays on the LAN and they have local IMAP access?" or am I creating a world of pain? | 02:50 |
ScottK | It's doable within the constraints of Gmails IMAP implementation is weird. | 02:52 |
owh | Is that sentence missing a word or two ScottK? | 02:54 |
ScottK | Not particularly. | 02:54 |
ScottK | Just Google has an odd approach to IMAP (I don't recall the details), so test first. | 02:54 |
owh | Ah, right. Yes, it hasn't got folders, it has "labels". | 02:55 |
ScottK | You would have to figure out how to fetch the mail from Gmail. | 02:55 |
owh | fetchmail :) | 02:55 |
ScottK | Fetchmail comes to mind, but then you get into Gmails POP implementation is weird. | 02:55 |
ScottK | So I'd test first. | 02:55 |
owh | Same weirdness AFAIK. | 02:55 |
ScottK | It's been a while since I was required to care, so I don't remember. | 02:56 |
owh | Fair enough. | 02:56 |
owh | So, if I use google as my smarthost, then if I'm not careful, the email will be going out as "on behalf of", or does that no longer happen if you are running premier edition? | 02:57 |
owh | Or should I avoid google as my smarthost altogether? | 02:57 |
twb | What are google apps? | 02:58 |
owh | twb: Google offers a whole bunch of integrated cloud applications under the name of google apps. | 02:59 |
owh | Things like gmail/contacts/calendar/sites/moderator/ etc. | 03:00 |
ScottK | owh: All large scale commercial mail providers have at best mediocre reputations from a spam scoring perspective. If you have a decent volume, you can do better. | 03:05 |
owh | ScottK, hmm, I've seen exactly the opposite, as-in, I've been using google for domain clients with excellent results and very little mis-representation. Local spam filters on the other hand appear to be an ongoing maintenance headache. | 03:06 |
ScottK | I guess i wasn't clear. | 03:06 |
ScottK | I meant the other way around. | 03:06 |
owh | Ah, as a sender? | 03:07 |
ScottK | If you use Google outbound, your reputation looks mediocre | 03:07 |
ScottK | Yes. | 03:07 |
owh | Right. | 03:07 |
owh | Well, that's an interesting observation. | 03:07 |
owh | And on the up-side, it means I can control sending limits locally :) | 03:08 |
owh | I'll mull over that for a bit. Tah. | 03:08 |
ScottK | That too. | 03:08 |
ScottK | owh: If you do it yourself, please do outbound virus scanning. | 03:09 |
owh | Local workstations are running AVG 8.5, are you suggesting additional scanning? | 03:09 |
ScottK | One way you can shoot yourself in the foot very quickly is to have a compromised windows box spew through your relay. | 03:09 |
ScottK | Yes. | 03:09 |
ScottK | I like AVG, but Windows has inherent zero day risk even with good scanning. | 03:10 |
ScottK | I use clamav + clamsmtp with good effect. | 03:10 |
owh | That's true, but that opens up a whole can of worms in terms of keeping the additional AV scanner up to date and functioning. | 03:10 |
ScottK | Not really. | 03:11 |
ScottK | One of the good things about Ubuntu is we basically do that for you. | 03:11 |
owh | Well clamav will need to be kept up to date won't it? | 03:11 |
ScottK | Yep. | 03:11 |
owh | As in, the database. | 03:11 |
ScottK | By default, freshclam checks for new signatures every hour | 03:11 |
ScottK | We also update the engine once the new ones are tested. | 03:12 |
ScottK | Unlike most packages, with A/V "stable" means falling behind, so you have to try to pace the threat. | 03:12 |
owh | So, the engine package is updated regularly with database updates which replicate the freshclam updates? | 03:13 |
owh | Or am I misunderstanding? | 03:13 |
ScottK | Database (signature) updates come based on the freshclam check. | 03:13 |
ScottK | Engine updates are regular package updates and come that way. | 03:13 |
ScottK | First we have them in a PPA for integration and testing, then in *-backports, and finally to *-updates/security after thorough testing. | 03:14 |
owh | So, does the security updates contain the database updates as well, or is one supposed to run freshclam *and* update the package regularly? | 03:15 |
owh | I think I got waylaid when you said: "One of the good things about Ubuntu is we basically do that for you." | 03:16 |
ScottK | On the phone | 03:17 |
owh | I took that to mean the signatures and the application, but I'm suspecting that's not the case. | 03:17 |
owh | c. | 03:17 |
owh | ScottK, sure I'll phone you <grin> | 03:23 |
ajmitch | owh: as long as you're willing to pay for the phone call :) | 03:30 |
owh | ajmitch: It was a reference to a previous comment where I was on the phone, typed "Phone" and the person I was talking to thought I was offering to support them via the phone. sk came along to clarify - I was having a little dig :)) | 03:31 |
ScottK | owh: Back. | 03:32 |
owh | Hey | 03:32 |
owh | Having fun with ajmitch :) | 03:32 |
ScottK | owh: What I meant was that all you need to do to keep your clamav up to date is do your normal system updates. | 03:32 |
ScottK | If you look at the package history, you'll see we update clamav a lot; https://launchpad.net/ubuntu/+source/clamav/+publishinghistory | 03:32 |
owh | Right, but freshclam does the signatures separately in addition to that -- right? | 03:32 |
ScottK | Yes. | 03:32 |
owh | Now I'm on the same page :) | 03:33 |
owh | It's old age, gets you every time. Next my hair will start falling out I'm told :) | 03:33 |
owh | So, run an smtp server locally, run clamav, run fetchmail to google, deliver to imap, sounds too simple :) | 03:34 |
ScottK | Also if there is a security issue with a particular module in clamav, upstream can turn that module off remotely via the updates so the insecure code doesn't run. | 03:35 |
ScottK | Then when we issue the security patch, we can turn it back on. | 03:35 |
owh | That sounds excellent. | 03:35 |
owh | With the risk of getting my head bashed in. The server is currently offering workgroup file/print services. I've been steadily cleaning up the workstations to the point where I'm getting ready to run as a domain controller so I can centrally manage the lot. When I create user accounts in that scenario, it would be grand if their imap accounts were part of the same account. | 03:35 |
* owh is guessing that I'm going to need to run openldap to achieve that. | 03:36 | |
ScottK | So now you're getting into stuff I don't know a lot about. | 03:36 |
owh | Lets stay on your solid ground. IMAP accounts? | 03:36 |
owh | Can they be "virtual", as in, not mapped to linux user accounts. | 03:37 |
ScottK | Yes | 03:37 |
owh | They're then stored somewhere on the file-system in a tree right? | 03:37 |
ScottK | Yes. | 03:37 |
owh | Or in a database? | 03:37 |
ScottK | Dovecot handles all that. | 03:37 |
owh | Cool. | 03:37 |
ScottK | I think in the file system. | 03:37 |
owh | How do I manage users? | 03:38 |
owh | Is there an RTFM I should be consulting> | 03:38 |
* ScottK is finding said FM ATM | 03:38 | |
owh | Phone | 03:39 |
ScottK | owh: What release of Ubuntu will you be using? | 03:39 |
ScottK | owh: (assuming 9.04): Here is where I would start - https://help.ubuntu.com/9.04/serverguide/C/email-services.html | 03:40 |
owh | 8.04lts - still phone | 03:40 |
ScottK | https://help.ubuntu.com/8.04/serverguide/C/email-services.html then | 03:41 |
ScottK | Also http://www.postfix-book.com/ is a must. | 03:42 |
Rafael_ | owh: i was chtting with somebody on the samba chat, can you take a look at: http://paste.ubuntu.com/176861/ accessing the nas, should the user be with passowrd or not | 03:48 |
carlgibson | hellos | 03:49 |
carlgibson | anyone available for a quick question? | 03:50 |
ScottK | !ask | carlgibson | 03:51 |
ubottu | carlgibson: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) | 03:51 |
carlgibson | i just placed some automount lines in fstab, and rebooted the system. The mounts failed to occur, but now the physical drive is not appearing in the /dev folder and fdisk is failing to fins the physical drive and the partitions. Any suggestions on where to go from here? | 03:53 |
carlgibson | at this point i have restored fstab back to its original state without the lines i added | 03:53 |
carlgibson | the mounts were working when i did them manually before placing the lines in fstab | 03:53 |
=== carlgibson is now known as rkitect | ||
Rafael_ | i just connected with putty and see on the terminal prompt that i have "new mail"how can i check it | 03:55 |
tomsdale | what would you guys recommend as a cheap webserver (rackmount) to install ubuntu on? get a used dell powerblade off ebay? any other tips? | 04:02 |
Alex_21 | Hi, when launching Songbird I get "songbird: error while loading shared libraries: libjemalloc.so: cannot open shared object file: No such file or directory" | 04:19 |
Alex_21 | Please help | 04:19 |
ScottK | Alex_21: How is that related to Ubuntu Server? | 04:20 |
Alex_21 | It is on my media server. I asked in #Ubuntu but being blind I find it to be too high traffic | 04:21 |
Alex_21 | So I asked in here | 04:21 |
ScottK | Alex_21: What Ubuntu release are you running? | 04:25 |
ScottK | Alex_21: If you are running Jaunty, 9.04 you need to install xulrunner-1.9 | 04:29 |
=== yann2_ is now known as Yann2 | ||
uvirtbot | New bug: #378920 in samba (main) "WebDAV fights Samba, WebDAV wins, Windows looses. Blame it on RUN_MODE=inet." [Undecided,New] https://launchpad.net/bugs/378920 | 05:36 |
owh | Right, finally off the phone. | 05:36 |
owh | Thanks for your links ScottK. | 05:36 |
ScottK | owh: You're welcome. | 05:37 |
owh | Did I mention how much I *love* USB modems and NetworkManager? I've been on the phone attempting to determine why NM decided that the USB modem should stop working for no apparent reason. Lovely. Suffice to say that the Sierra Aircard is not stable under Hardy :( --- meanwhile back at the ranch, it's time for lunch :) | 05:38 |
oh_noes | is it possible (even via a special kernel or something) to allow a non root PID to bind to priviledged ports? | 05:41 |
ScottK | oh_noes: What problem are you trying to solve? | 05:46 |
owh | Is there any particular reason you need to do this, to me it looks like a security breach waiting to happen. | 05:46 |
oh_noes | because we're an ISV and we have our own listeners, syslog, ntp etc. | 05:48 |
oh_noes | at the moment we're running as root | 05:48 |
oh_noes | the priv ports is the ONLY reason it needs to run as root, so I'd like to get around it | 05:49 |
oh_noes | solaris has net_priv_auth permisisons which makes it really easy | 05:49 |
oh_noes | and we know solaris is 74x more advanced than linux, but iwas hoping there was a project in the midst that could handle this | 05:49 |
* owh scratches head and chews on lunch. | 05:51 | |
ScottK | Could be, but I haven't needed such a thing, so I don't know. | 05:52 |
owh | ScottK, does postfix run as root? | 05:52 |
ScottK | Some parts of it do. | 05:53 |
ScottK | It's got a segmented architecture and each bit runs with the minimum needed permissions. | 05:53 |
* owh guesses that the listener is part of that part :) | 05:53 | |
owh | Could you forward services to unprivileged ports? | 05:54 |
ScottK | Sure. | 05:54 |
ScottK | Or via some other kind of socket. | 05:54 |
owh | I suppose you could make an iptables rule that did that, so ntp would magically appear on a non-privileged port. | 05:55 |
owh | oh_noes: Would that help you? | 05:55 |
oh_noes | not really | 05:56 |
oh_noes | It's a workaround | 05:56 |
oh_noes | the crust of the problem is all our apps are java, and in java there is no conception of 'start as root, then spawn a non root pid' (like what apache does) | 05:56 |
owh | Ahh. | 05:57 |
oh_noes | iptables wont help because the app is running as non-root. And I doubt a non-root user can modify iptables | 05:57 |
owh | oh_noes: So, what about running two independent processes, one as root, one as non-root. | 05:57 |
owh | The iptables would be a one-off configuration, something the administrator does once. Not a dynamic thing. | 05:58 |
oh_noes | well thats the problem, our stuff can bind to any port at any time | 05:58 |
owh | What does the java code actually do? | 05:58 |
* owh is thinking that inetd opens and closes privileged ports on demand. Or is that the wrong end of the conversation? | 06:00 | |
oh_noes | Stuff that doesnt need root permissions | 06:00 |
owh | oh_noes: Let's approach this from another angle. How does sloaris deal with this? | 06:02 |
oh_noes | usermod -K defaultpriv=basic,net_privaddr NONROOTUSER | 06:04 |
oh_noes | done | 06:04 |
oh_noes | they can now bind to < 1024 | 06:04 |
owh | Well, google came up with this: http://www.debian-administration.org/article/Running_network_services_as_a_non-root_user. | 06:09 |
owh | And the first idea is an iptables rule :) | 06:10 |
owh | But there are other ideas too :) | 06:10 |
owh | And here is another: http://www.jscape.com/secureftpserver/docs/index.html?runningasnon_rootuserinun.htm | 06:11 |
owh | It talks about using xinetd to do the redirect. | 06:11 |
rcsheets | i'm looking for an MTA (or better yet an example postfix configuration) for a development server, where i want mail to look like it's sent successfully to any address, but where it's actually just all dumped into one mailbox, so it doesn't escape into the wild. | 06:11 |
ScottK | I recall discussions of a setup for doing that with postfix, but not the details. | 06:12 |
rcsheets | believe it or not i'm a little lost on what to google for... | 06:12 |
ScottK | heh. | 06:12 |
rcsheets | can you think of any terms you'd use to describe that? | 06:12 |
ScottK | Look on postfix.org in the add-ons section. Maybe it's there. | 06:13 |
rcsheets | hmm ok | 06:13 |
ScottK | oh_noes: The authbind thing sounds at least vaguely like what you were looking for. | 06:13 |
owh | When google doesn't tell you the answer, you know that the question's the problem :) | 06:13 |
rcsheets | yeah, definitely :) | 06:13 |
rcsheets | i was hoping there would be some commonly used term for this kind of configuration. it seems like it would be useful in a lot of cases. | 06:14 |
owh | Yay! PPC-1 has landed in Sydney - we're going to get connected to the Internet thingy soon :) | 06:14 |
rcsheets | yay the series of tubes! | 06:14 |
* owh is currently typing via string. | 06:16 | |
owh | rcsheets: You sure have a tricky question to google for :) | 06:16 |
rcsheets | yeah i've noticed... :-\ | 06:17 |
rcsheets | man, it's a lot more calm in here than in #ubuntu | 06:17 |
owh | rcsheets: postfix force local delivery came up with: http://www.softwarefreedom.org/blog/2008/jan/09/postfix-secondary-mx-local-deliver/ | 06:18 |
rcsheets | i also just found tihs: http://thedrupalblog.com/configure-your-development-server-deliver-all-mail-locally | 06:19 |
owh | I have no idea if it's gonna help, but it might :) | 06:19 |
rcsheets | thanks i will look at that | 06:19 |
owh | oh_noes: Did you see the links? | 06:19 |
oh_noes | yep ta | 06:20 |
oh_noes | probably not what i want and def overkill | 06:20 |
oh_noes | but might suffice for a workaround | 06:20 |
wizardslovak | hello people | 06:20 |
owh | oh_noes: I saw a reference to privileged tcp ports, but I think it's a red herring: http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1242882365194+28353475&threadId=615536 | 06:22 |
owh | wizardslovak: No people here, just monkeys :) | 06:22 |
wizardslovak | owh: i knew monkeys are great with ubuntu | 06:23 |
owh | wizardslovak: We eat them among ourselves :) | 06:23 |
wizardslovak | owh: roasted tastesss soo good, back to ubuntu tho | 06:24 |
owh | wizardslovak: For that to happen you need to actually ask a question. | 06:24 |
wizardslovak | well so far i have none tho , still cant make dovecot work | 06:25 |
rcsheets | beautiful. got it working. | 06:25 |
owh | rcsheets: For the logs, how did you do that? | 06:25 |
rcsheets | oww. and then i jabbed the corner of a motherboard into my leg. | 06:26 |
rcsheets | fsck | 06:26 |
rcsheets | started with a "local delivery only" postfix configuration | 06:26 |
* owh shudders to imagine the state of the development server and the blood coming from rcsheets' leg. | 06:26 | |
wizardslovak | lol | 06:27 |
rcsheets | then created this /etc/postfix/transport file (2 lines): | 06:27 |
rcsheets | rcsheets@fry.localdomain local: | 06:27 |
rcsheets | * discard: | 06:27 |
wizardslovak | only think i am looding are nervers | 06:27 |
ScottK | It all MTA configuration wanted was a little blood, then it's user friendly. | 06:27 |
ScottK | It/If | 06:27 |
owh | Hey, we're not talking about sendmail here :) | 06:28 |
rcsheets | which configures mail destined for my address *only* to use the local transport, and for everything else to be discarded | 06:28 |
rcsheets | then added to the end of /etc/postfix/main.cf the following two lines: | 06:28 |
rcsheets | transport_maps = hash:/etc/postfix/transport | 06:28 |
rcsheets | always_bcc = rcsheets | 06:28 |
owh | Niiice. | 06:28 |
rcsheets | and finally reloaded postfix with: | 06:28 |
rcsheets | sudo postmap /etc/postfix/transport | 06:28 |
rcsheets | sudo /etc/init.d/postfix reload | 06:29 |
rcsheets | and voila! | 06:29 |
rcsheets | i get this in the logs for the discarded original... | 06:30 |
rcsheets | May 21 01:29:31 fry postfix/discard[11151]: 76D125FE2B: to=<test@example.com>, relay=none, delay=0.1, delays=0.09/0.02/0/0, dsn=2.0.0, status=sent (example.com) | 06:30 |
rcsheets | (note the postfix/discard) | 06:30 |
ScottK | rcsheets: One caution: If the always_bcc deliver fails, it will create a real bounce message. | 06:30 |
rcsheets | and my copy: | 06:30 |
rcsheets | May 21 01:29:31 fry postfix/local[11150]: 76D125FE2B: to=<rcsheets@fry.localdomain>, relay=local, delay=0.12, delays=0.09/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) | 06:30 |
rcsheets | ScottK: won't that real bounce message just get discarded? | 06:30 |
ScottK | No. | 06:30 |
rcsheets | where would it go? | 06:31 |
ScottK | It may, but I'm not sure. | 06:31 |
wizardslovak | its making me nuts, 2nd week and still cant make it work | 06:31 |
rcsheets | well, how shall i make that happen... change the always_bcc to a nonexistent username? | 06:31 |
rcsheets | might as well find out how it fails now rather than later | 06:31 |
ScottK | rcsheets: Make it fail on a message from an address that it won't be embarassing to have get the bounce. | 06:32 |
rcsheets | which from are we talking about? | 06:32 |
rcsheets | sendmail -f <this?> | 06:33 |
ScottK | Mail From | 06:33 |
ScottK | rcsheets: Yes | 06:33 |
rcsheets | k | 06:33 |
* ScottK goes off to be. | 06:33 | |
ScottK | be/bed | 06:33 |
rcsheets | well, please don't stop doing that | 06:33 |
ScottK | Proving i should | 06:34 |
ScottK | Good night | 06:34 |
rcsheets | thanks for the advice :) | 06:34 |
wizardslovak | when i send mail to my gmail account , i am getting user@server1.wizzy.us as sender, what should i change to be user@wizzy.us? | 06:34 |
wizardslovak | change hostname? | 06:34 |
rcsheets | you shouldn't need to change the machine's actual hostname | 06:34 |
rcsheets | how are you sending the mail? | 06:34 |
wizardslovak | from shell | 06:35 |
wizardslovak | mail user@wizzy.us | 06:35 |
lamont | see /etc/mailname | 06:35 |
wizardslovak | ok i changed /etc/mailname and it wrks | 06:36 |
wizardslovak | thx ;) | 06:36 |
rcsheets | with always_bcc = nonexistent, the bcc copy is discarded as well as the original | 06:37 |
rcsheets | so no mail is generated | 06:37 |
rcsheets | just two discards | 06:37 |
rcsheets | cool! :D | 06:37 |
* rcsheets hugs postfix | 06:43 | |
wizardslovak | what do you use with postfix cyrus or dovecot? | 06:44 |
rcsheets | i have always used dovecot, though on my production mail system i now use dbmail | 06:44 |
wizardslovak | i am having problems with dovecot | 06:44 |
wizardslovak | http://pastebin.com/m39cc404 | 06:44 |
rcsheets | perhaps you should try setting postmaster_address ? | 06:45 |
wizardslovak | ?? | 06:45 |
wizardslovak | my problems are ssl | 06:45 |
rcsheets | well it does mention | 06:45 |
rcsheets | Fatal: postmaster_address setting not given | 06:45 |
rcsheets | SASL != SSL | 06:46 |
rcsheets | i would fix the obvious one first | 06:46 |
rcsheets | which is simply "please set this setting or i won't work" | 06:46 |
wizardslovak | ok can you help me with it? | 06:46 |
rcsheets | with setting postmaster_address? | 06:46 |
wizardslovak | yes | 06:46 |
rcsheets | this seems relevant. http://www.dovecot.org/list/dovecot/2007-March/020434.html | 06:47 |
rcsheets | which directs the user to read the dovecot wiki about lda | 06:47 |
rcsheets | i have never used dovecot's LDA, so i'm not particularly experienced with that, but you might start on the dovecot wiki | 06:47 |
wizardslovak | i ordered book about postfix and dovecot | 06:48 |
wizardslovak | can you actually help me? | 06:48 |
wizardslovak | i like to chat more then read whole book to find one little think | 06:48 |
rcsheets | i have suggested reading the dovecot wiki entry about lda. did you want me to read it for you? | 06:48 |
wizardslovak | nooo | 06:49 |
rcsheets | i don't know how to fix your problem. i would have to do the same research to fix it that i'm suggesting for you to do. | 06:49 |
wizardslovak | ok what about sasl? | 06:49 |
rcsheets | have you googled for that error message? i've never seen it before. | 06:49 |
wizardslovak | for about 2 weeks i did chat with couple people here about it , but i cant make it work | 06:50 |
wizardslovak | i will post it on launchpad | 06:50 |
wizardslovak | maybe there | 06:50 |
rcsheets | this mailing list thread may be helpful. https://lists.ubuntu.com/archives/ubuntu-users/2007-July/118466.html | 06:50 |
wizardslovak | i am on wiki.dovecot.org and there are lots names with lda | 06:51 |
wizardslovak | which should i read? | 06:51 |
rcsheets | i would think http://wiki.dovecot.org/LDA and http://wiki.dovecot.org/LDA/Postfix | 06:52 |
rcsheets | the other ones (when i search for lda) seem to be mostly LDAP and other MTA specific things | 06:52 |
rcsheets | like qmail, exim, etc. | 06:52 |
rcsheets | you're using postfix so you don't need to worry about qmail, exim, etc. | 06:53 |
wizardslovak | well i am trying to use squirrelmail | 06:53 |
rcsheets | ok... | 06:56 |
wizardslovak | i can log in and check mail , i cant send or receive mail tho | 06:56 |
rcsheets | i would tackle sending and receiving separately | 06:58 |
wizardslovak | i left note on launchpad.net so hopefully ill ge answer | 07:08 |
wizardslovak | if not i will have to "reinstall" dovecot+postfix | 07:08 |
=== ejat is now known as e-jat | ||
uvirtbot | New bug: #358616 in php5 (main) "php5 crashed with SIGSEGV in start_thread()" [Medium,New] https://launchpad.net/bugs/358616 | 09:12 |
uvirtbot | New bug: #360947 in php5 (main) "php5 crashed with SIGSEGV in curl_global_cleanup()" [Medium,New] https://launchpad.net/bugs/360947 | 09:12 |
uvirtbot | New bug: #356359 in php5 (main) "php5-cgi crashed with SIGSEGV in vspprintf()" [Medium,New] https://launchpad.net/bugs/356359 | 09:15 |
uvirtbot | New bug: #284661 in php5 (main) "php5 crashed with SIGSEGV in execute()" [Medium,New] https://launchpad.net/bugs/284661 | 09:26 |
kwork | http://paste.ubuntu.com:80/177027/ <--- any suggestions ? | 09:38 |
macno | kwork: LTS does not upgrade automatically https://help.ubuntu.com/community/IntrepidUpgrades#Network%20Upgrade%20for%20Ubuntu%20Servers%20(Recommended) , and if you're root you don't need sudo ;) | 09:43 |
kwork | macno, tnx, just too used to sudo lately :P | 09:43 |
kwork | otherwise i do know that sudo runs command as root | 09:43 |
=== tuxlinux_ is now known as tuxlinux | ||
jetole | does anyone know how to get vim to recognize crontab syntax in server 9.04, I set syntax on in vimrc and when I run crontab -e, it says that command is not supported in this version | 11:05 |
jetole | nevermind, just figured it out by editing ~/.selected_editor to just say vim | 11:06 |
kwork | i have two nics both have diffrent ips on diffrent networks | 11:11 |
kwork | i need diffrent gateways for diffrent interfaces | 11:11 |
kwork | but when i add gateway to both interfaces i can access only one interface | 11:11 |
kwork | rather then both | 11:11 |
PhotoJim | kwork: you can't have two default gateways. you have to create routing rules to decide which traffic goes onto which NIC. | 12:12 |
kwork | the thing is i can set route to network without gateway just fine | 12:42 |
kwork | but when i specify gw | 12:42 |
kwork | route add -net networkadr/prefix gw gwip dev ifdev | 12:44 |
kwork | and i get no such proccess | 12:44 |
j0nr | hi all. I am trying to set up my own web server, (basic user here) so taking it slowly step by step. I just installed apache2 and as far as I am aware, as default shouldn't I be able to view /var/www/index.html now from the web? | 12:49 |
kwork | if its running | 12:50 |
kwork | netstat -an | grep 80 | 12:50 |
kwork | netstat -an | grep www | 12:50 |
kwork | one of them | 12:50 |
j0nr | what will that do? | 12:52 |
j0nr | well both return nothing | 12:53 |
j0nr | so what does that mean...port 80 not open or something? | 13:00 |
kwork | you dont have webserver running probably | 13:01 |
kwork | /etc/init.d/apache2 start | 13:01 |
j0nr | i did do that tho... | 13:06 |
W8TAH | ive gotten 4 used servers -- they are dual xeon 2.0 or 2.4 ghz -- because they are used, i dont have original system specs etc. How can i tell if i should be running 32 bit or 64 bit server edition? | 13:07 |
macno | W8TAH: uname -a | 13:08 |
W8TAH | theres no os installed on them at this time | 13:08 |
W8TAH | im still in setup phase | 13:08 |
giovani | you boot into a livecd | 13:09 |
W8TAH | oh - -ok - -makes sense -- thanks | 13:09 |
giovani | and cat /proc/cpuinfo | 13:09 |
kwork | j0nr, check the apache error log then | 13:10 |
W8TAH | thanks giovani | 13:11 |
W8TAH | :) | 13:11 |
j0nr | [Thu May 21 12:08:12 2009] [alert] No active workers found... Apache is exiting! | 13:12 |
j0nr | but that was over an hour ago | 13:12 |
j0nr | i have tried /etc/init.d/apache2 start since then and no error message | 13:12 |
niekie | Odd. | 13:13 |
macno | j0nr: /etc/init.d/apache2 status what returns? | 13:13 |
j0nr | macno: no status command available | 13:14 |
j0nr | how can i check if apache is running or not? | 13:14 |
macno | j0nr: ps -ef | grep apache | 13:14 |
niekie | Uhh... uname -a won't tell you if you should be running 32 bit or 64 bit. | 13:14 |
niekie | It will tell you *IF* you're running 32-bit or 64-bit. | 13:15 |
macno | j0nr: which version are you using? | 13:15 |
niekie | It'll say nothing about if your processor is capable of 64-bit. | 13:15 |
niekie | W8TAH: I'd consider just trying out booting 64-bit. You'll find out soon enough if it fails. (might waste a CD that way, though :\) | 13:15 |
j0nr | macno i did apt-get install apache2 | 13:16 |
niekie | W8TAH: you can also run 32-bit Ubuntu on a 64-bit system fine. | 13:16 |
j0nr | macno: no result from ps | 13:16 |
niekie | W8TAH: but you'll miss specific features offered by 64-bit platforms though. | 13:18 |
j0nr | macno: root@server:/var/log/apache2# /etc/init.d/apache2 restart | 13:18 |
j0nr | * Restarting web server apache2 | 13:18 |
j0nr | httpd (pid 27714?) not running | 13:18 |
j0nr | ...done. | 13:18 |
niekie | W8TAH: like being able to address a bigger amount of memory. | 13:18 |
j0nr | [Thu May 21 12:19:06 2009] [warn] pid file /var/run/apache2.pid overwritten -- Unclean shutdown of previous Apache run? | 13:20 |
j0nr | [Thu May 21 12:19:06 2009] [notice] Apache/2.2.8 (Ubuntu) configured -- resuming normal operations | 13:20 |
j0nr | [Thu May 21 12:19:06 2009] [alert] (12)Cannot allocate memory: apr_thread_create: unable to create worker thread | 13:20 |
j0nr | [Thu May 21 12:19:06 2009] [alert] (12)Cannot allocate memory: apr_thread_create: unable to create worker thread | 13:21 |
j0nr | [Thu May 21 12:19:08 2009] [alert] No active workers found... Apache is exiting! | 13:21 |
macno | j0nr: have you edited apache2.conf or something else? | 13:21 |
j0nr | macno: only looked thru it, didn't think I changed anything | 13:23 |
Eoch | Is there a way to tunnel traffic through ssh without having to redirect through local host? I have an app that uses like tcp 4000 and 6000 and it goes from one machine out to many machines on the same ports, so I don't really want to create separate redirective ports and send to localhost if I don't have to. | 13:34 |
j0nr | macno: sorted, apache2-mpm-prefork solved it. thanks :) | 13:45 |
=== asac_ is now known as asac | ||
W8TAH | hi folks - -i booted a live CD did cat / proc/cupinfo looking for info as to wether my cpus are 64 bit or 32 bit pentiums - its not specifically listed that i can see - -i also tried uname -a and the only indicator in there was that it mentioned i686 | 14:44 |
W8TAH | can someone help me out please? | 14:44 |
aptanet | is dmidecode on there? that has a detailed section on the cpu | 14:47 |
W8TAH | is that a piece of software? | 14:48 |
aptanet | yup, it's in /usr/sbin on my debian box | 14:49 |
W8TAH | yup - -its there - got multiple screen fulls of info - will it come right out and say 64 bit processor? | 14:51 |
akince1 | I have a script that keep kicking out with "Unexpected end of file" when it hits an if [ <condition> ] portion of the code despite there having been many other such constructs previously in the file | 14:52 |
akince1 | Anyone think they might know why? | 14:52 |
aptanet | W8TAH, not sure, I don't have a 64 bit cpu to test it on, although it doesn't specifically state 32 bit | 14:54 |
W8TAH | ok -- this one specifically says neither | 14:55 |
W8TAH | its an older dell power edge 2650 | 14:55 |
W8TAH | so im going to guess at 32 bit | 14:55 |
aptanet | you may have to use the info there to check using google | 14:55 |
W8TAH | ok | 14:55 |
aptanet | looks likely to be a xeon cpu, so http://en.wikipedia.org/wiki/Xeon may be of help | 14:59 |
macno | who create links in /dev/disk/by-uuid/ ? | 15:00 |
ScottK | macno: What problem are you trying to solve. My prediction is that if you have to ask that question you don't know enough to mess with it directly (me neither) | 15:03 |
W8TAH | ya - -i was looking at that | 15:04 |
macno | ScottK i added a first lvm disk to a test system, get uuid, modify fstab and try to mount it by mountpoint but fails with http://pastebin.ubuntu.com/177229/ | 15:06 |
macno | ScottK i'd like to add other disks but i dislike to reboot to test if it works | 15:07 |
ScottK | Did you try the mount again after reboot? | 15:07 |
macno | I have the row in fstab | 15:08 |
ScottK | So it mounted? | 15:08 |
macno | yes it is | 15:08 |
ScottK | OK. So the real question "If I and an lvm disk, how do I get the UUID to be availalbe without reboot" | 15:09 |
macno | ScottK yes, right | 15:09 |
ScottK | OK, i don't know that answer to that question, but that's a much better question. | 15:09 |
macno | ScottK ok, I understand | 15:11 |
ScottK | Now that you have a better question, you may have more luck with Google too. | 15:12 |
Sangrial | Good Morning, I was wondering how can I uninstall ubuntu-server 9.04? windows xp wont let me reformat over it. | 15:45 |
Sangrial | Anyone know? | 15:48 |
uvirtbot | New bug: #379061 in apache2 (main) "Please merge apache2((2.2.11-4)(main) from debian unstable(main)" [Undecided,In progress] https://launchpad.net/bugs/379061 | 16:01 |
acalvo | Hello | 16:25 |
acalvo | I need some advise, I want to know, fom your POV, which is the best solution for a mail server (pop3/imap/smtp). Thanks! | 16:26 |
ScottK | acalvo: The standard Ubuntu choice for this is Postfix (smtp) + Dovecot (pop3/imap). In Jaunty the postfix-dovecot package (or is it the other way around) automates a lot of the setup for you. | 16:28 |
acalvo | ScottK, thank you, you said what I wanted to hear :-) | 16:29 |
\sh | Sangrial: delete the partitions with <insert fdisk on xp or whatever os you are using> | 16:30 |
\sh | Sangrial: the linux partition I mean | 16:30 |
=== scfh is now known as scfh_ | ||
=== scfh_ is now known as scfh | ||
radovan | hi | 16:45 |
radovan | looking for some kvm guru. got some serious issues with kvm-84 in 9.04 | 16:46 |
eolo999 | hi, i tried changing loglevel from debug to warn but still get debug messages in /var/log/eucalyptus/*log. where am i wrong? | 17:00 |
eolo999 | obviously in /etc/eucalyptus/eucalyptus.con | 17:00 |
eolo999 | f | 17:00 |
billybigrigger_ | is it possible to setup an alias, or subdomain or something in apache2, so that, for example, im trying to setup webmail, using roundhouse, now instead of having users go to mydomain.com/webmail, can i setup http://webmail.mydomain.com???? | 17:01 |
billybigrigger_ | im not sure what this is called, or where to find info on it | 17:01 |
yann2 | virtual hosting :) | 17:01 |
billybigrigger_ | ahh :P | 17:01 |
yann2 | search for virtual hosts in apache documentation | 17:01 |
\sh | billybigrigger_: it's called "virtual hosting" and "subdomains" and yes it works | 17:01 |
billybigrigger_ | also, before i can any further...i have setup dovecot and postfix already... | 17:01 |
billybigrigger_ | i have a working mail server...but is it too late to configure virtual users for my webmail? | 17:02 |
billybigrigger_ | or does anyone know if roundcube does its own virtual users? | 17:02 |
macno | billybigrigger_: how many users? | 17:03 |
billybigrigger_ | hmmm, ~10-20 | 17:03 |
billybigrigger_ | no, less than 10, sorry | 17:03 |
macno | billybigrigger_: with less then 10 you can create them as linux users | 17:03 |
billybigrigger_ | i could just make system users i guess for that little of users...but i do have mysql so... | 17:04 |
billybigrigger_ | ya | 17:04 |
billybigrigger_ | k, thanks | 17:04 |
uvirtbot | New bug: #379093 in nagios-plugins (universe) "check_by_ssh does not populate output file in passive mode" [Undecided,New] https://launchpad.net/bugs/379093 | 17:06 |
W8TAH | anyone have a dell power-edge 2650 and able to answer a few questions in PM? | 17:36 |
|eagles0513875| | hey guys i have a question if i setup dhcp can i get it to use mac addresses to get the same ip's instead of using my router | 17:40 |
Sam-I-Am | usually those router boxes support static addressing if you give them mac addresses | 17:42 |
|eagles0513875| | can i use it as more then a router box though then install firewall etc | 17:44 |
Sam-I-Am | ubuntu or the router box? | 17:45 |
|eagles0513875| | ubuntu-server but right now dont have it installed | 17:45 |
Sam-I-Am | sure ubuntu can do firewall/router activities | 17:46 |
Sam-I-Am | iptables and whatnot | 17:46 |
|eagles0513875| | i was thinking for firewall shorewall + snort +snortwall | 17:47 |
|eagles0513875| | which would be better shorewall or iptables as a firewall | 17:47 |
Sam-I-Am | shorewall is its own OS | 17:47 |
Sam-I-Am | and just runs iptables internally | 17:47 |
|eagles0513875| | ahhhh ok | 17:47 |
|eagles0513875| | might have an issue then with iptables as i have never setup iptables before :( | 17:48 |
Sam-I-Am | its not too bad... there are several utils out there to automate firewall building with it | 17:48 |
|eagles0513875| | on ubuntu-server | 17:49 |
Sam-I-Am | probably | 17:49 |
|eagles0513875| | Sam-I-Am: i did find shorewall in ubuntu repos | 17:49 |
Sam-I-Am | yeah there seems to be some stuff | 17:50 |
|eagles0513875| | what would you recommend cuz im kinda torn between shorewall and iptables | 17:50 |
Sam-I-Am | ubuntu tends to use 'ufw' | 17:50 |
|eagles0513875| | ufw?? | 17:50 |
Sam-I-Am | shorewall is iptables | 17:50 |
Sam-I-Am | its just a glorified configuration mechanism | 17:51 |
|eagles0513875| | gotcha | 17:51 |
|eagles0513875| | then ill probably stick with iptables | 17:51 |
Sam-I-Am | ufw is like shorewall | 17:51 |
Sam-I-Am | its a configuration utility for iptables | 17:51 |
|eagles0513875| | gotcha | 17:54 |
|eagles0513875| | ill have to get working on it later ill be back if i have any questions thanks Sam-I-Am | 17:55 |
Sam-I-Am | sure | 17:55 |
|eagles0513875| | Sam-I-Am: i found a how to on howtoforge on setting samba as a domain controller does that work with active directory | 18:00 |
Sam-I-Am | define work with active directory... | 18:03 |
|eagles0513875| | sweet ok | 18:03 |
Sam-I-Am | if you use samba as a DC, you dont need AD | 18:03 |
Sam-I-Am | samba works as an NT domain controller, not an AD domain controller... until samba4, which isn't really out yet. | 18:03 |
|eagles0513875| | ahh ok | 18:05 |
W8TAH | hi folks - -im running 8.04 server on dell power edge 2650 servers -- ive gotten it installed -- and now when i try to start the machine -- i get as far as the remote access controller initializing and then it stops -- any suggestions? | 18:31 |
Sam-I-Am | W8TAH: sounds like the virtual decides for the RAC rearranged which device grub sees as your boot device | 18:36 |
Sam-I-Am | or the kernel sees... | 18:36 |
W8TAH | ive got the RAC disabled within its setup | 18:37 |
Sam-I-Am | so does it start booting the kernel and then hang or not even boot? | 18:37 |
W8TAH | never goes to grub as far as i can tell | 18:37 |
Sam-I-Am | hmm, it should at least get to grub | 18:38 |
Sam-I-Am | grub might puke, but it should start | 18:38 |
W8TAH | unless the different hardware means i need to install grub manuall -- ive never had to install manually for any other server install ive done | 18:38 |
dethredic | Hey guys, I am having some DNS issues | 18:39 |
Sam-I-Am | only thing i've seen with some dell hardware is the RAC's virtual devices causing device names to change between install and first boot | 18:39 |
W8TAH | ok -- how do i fix it? | 18:40 |
dethredic | I can type in my IP and get to my site, I can type in my nameservers and get to my site | 18:40 |
Sam-I-Am | depends if thats the problem | 18:40 |
dethredic | but my domain name doesn't take me to my site | 18:40 |
W8TAH | how can i diagnose? | 18:40 |
Sam-I-Am | at a minimum you'd see grub trying to load | 18:40 |
|eagles0513875| | dethredic: do you have anything in /etc/resolv.conf | 18:40 |
W8TAH | ok - | 18:41 |
W8TAH | hummmmmm | 18:41 |
Sam-I-Am | does it say 'missing operating system' ? | 18:41 |
dethredic | |eagles0513875|, yes, something with my ISP and then nameserver somerandomeiphere | 18:42 |
W8TAH | no -- it says nothing - -but i did just find something where an embedded bios device was above the hard drives in one of several boot orders | 18:42 |
W8TAH | so i changed that and im trying again | 18:43 |
dethredic | This thread might help clarify things | 18:43 |
dethredic | http://ubuntuforums.org/showthread.php?t=1161316 | 18:43 |
|eagles0513875| | dethredic: i have noticed on kubuntu not sure about ubuntu yet but resolv.conf can only have one namserver ip of your isp for some strange reason | 18:43 |
Sam-I-Am | you can have more than one resolver in resolv.conf | 18:43 |
|eagles0513875| | Sam-I-Am: strange | 18:44 |
dethredic | |eagles0513875|, can you try reading the thread, it was working before but now it doesn't | 18:44 |
|eagles0513875| | on jaunty i cant | 18:44 |
dethredic | just cause of my IP change | 18:44 |
|eagles0513875| | dethredic: can you ping with the name of the site | 18:44 |
|eagles0513875| | dethredic: wait | 18:45 |
|eagles0513875| | you have dyndns not sure on your router but can you have it update the dyndns info with the new ip | 18:45 |
Sam-I-Am | hatchseadgroup.com has address 24.150.41.56 | 18:45 |
dethredic | ya | 18:45 |
Sam-I-Am | thats what dns returns fro me | 18:45 |
dethredic | that is my old IP | 18:45 |
Sam-I-Am | so dyndns is broken | 18:45 |
|eagles0513875| | my router auto logs into my dyndns account and updates with the new ip | 18:45 |
Sam-I-Am | they didnt update your record | 18:46 |
Sam-I-Am | this has nothing to do with your client | 18:46 |
|eagles0513875| | ya probably need to go to their site and update it or seems like certain routers can do it for you | 18:46 |
dethredic | Well | 18:46 |
dethredic | After my IP changed I went to the DynDNS site | 18:46 |
dethredic | and changed my IP on my nameservers | 18:46 |
dethredic | as you can see in the pictures | 18:46 |
Sam-I-Am | and its got about half a day TTL left | 18:46 |
Sam-I-Am | you might want to send them another update | 18:47 |
dethredic | Sam-I-Am, so try updating my DynDNS records again? | 18:47 |
Sam-I-Am | yes | 18:47 |
Sam-I-Am | this isnt an ubuntu problem | 18:47 |
dethredic | even though the IP in those records are correct | 18:47 |
Sam-I-Am | yeah, but whats coming out of DNS isn't | 18:48 |
dethredic | well | 18:48 |
dethredic | If I type in one of my nameservers into my address bar (from DynDNS) | 18:48 |
dethredic | I am taken to my site | 18:48 |
Sam-I-Am | one of your nameservers? | 18:48 |
dethredic | hsg1.shacknet.nu | 18:49 |
W8TAH | Sam-I-Am: i wonder if i didnt set the bootable flag on the software raids | 18:49 |
W8TAH | its startin to look like that | 18:49 |
Sam-I-Am | heh | 18:49 |
Sam-I-Am | well, usually thats set automatically | 18:50 |
Sam-I-Am | or grub is too far away from the part of the drive the bios will read for booting | 18:50 |
Sam-I-Am | dethredic: that doesnt appear to be a nameserver to me | 18:51 |
dethredic | Sam-I-Am, What do you mean? DynDNS gave it to me. | 18:51 |
dethredic | Here is another one I got: hatseadgroup.servebbs.org | 18:51 |
Sam-I-Am | are those just servers or name servers? | 18:52 |
dethredic | I thought they were name servers | 18:53 |
dethredic | This method worked before | 18:53 |
dethredic | Sam-I-Am, They are under the section "Host Services" in DynDNS | 18:54 |
Sam-I-Am | those are just hostnames you have... not nameservers | 18:54 |
dethredic | ohhhhhhhh | 18:54 |
Sam-I-Am | hosts that resolve to your IP | 18:54 |
dethredic | Sam-I-Am, So what do you propose I do? | 18:55 |
Sam-I-Am | hsg1.shacknet.nu has address 24.150.45.130 | 18:55 |
dethredic | ya | 18:55 |
dethredic | that is my IP | 18:55 |
Sam-I-Am | so that one apparently updated correctly | 18:55 |
Sam-I-Am | the other one didnt | 18:55 |
Sam-I-Am | so just re-update dyndns | 18:55 |
dethredic | ok | 18:56 |
dethredic | I reupdated them all | 18:56 |
Sam-I-Am | if it still doesnt work, email them and ask why its broken | 18:56 |
dethredic | Ok | 18:56 |
Sam-I-Am | but its not an ubuntu thing | 18:56 |
dethredic | Sam-I-Am, alright. So I can use them as nameservers? | 18:56 |
Sam-I-Am | theyre not nameservers | 18:56 |
Sam-I-Am | er, dyndns... or those hosts? | 18:57 |
dethredic | hmm | 18:57 |
dethredic | hsg1.shacknet.nu is first on my list for nameservers | 18:58 |
dethredic | And I used them as nameservers before | 18:58 |
dethredic | I am very confused >.< | 18:58 |
Sam-I-Am | well, maybe i just cant get there from here | 18:59 |
Sam-I-Am | but if that hostname points to you, you're just using yourself as a name server | 19:00 |
Sam-I-Am | anywho, i'm off to a meeting | 19:00 |
dethredic | ok | 19:00 |
dethredic | thanks for your help | 19:00 |
chmac | echo $PATH doesn't return what's set in /etc/environment, the sbin paths are missing. Any suggestions on where to investigate? | 19:04 |
=== yml_ is now known as yml | ||
simplexio | chmac: fast fix: export PATH=$PATH;/sbin/;/usr/sbin | 19:18 |
chmac | simplexio: Yeah, I thought about that, or about hacking it into ~/.bashrc or something | 19:19 |
chmac | simplexio: Kinda curious to know why it's not working by default though | 19:19 |
chmac | Looks like there's other weird shell ness going on also, when I start screen, there's no shell on screen0, but screen1 works fine | 19:19 |
Holmen | I just installed a guest system on my 9.04 host...when I try to connect to it thru ssh I get connection refused ...is that the guest system blocking or network bridge that doesnt work? | 19:26 |
chmac | Holmen: I'd guess it could be either, but I'm no expert. Can you ping the guest? | 19:27 |
W8TAH | Sam-I-Am: i found it | 19:28 |
W8TAH | ubuntu cant boot when / or /boot are on raid 5 | 19:28 |
W8TAH | so i'll have to make a small partition for them to be on | 19:29 |
Holmen | chmac: right...yea, ping went thru so looks like it's the settings on the guest system | 19:30 |
ScottK | W8TAH: I think it's just /boot that's a problem. | 19:30 |
W8TAH | its software raid | 19:31 |
W8TAH | and i dont put /boot on a separate partition - - i just leave it in the same partition as / | 19:31 |
ScottK | Yes. If it was hardware raid you could have / and /boot on the array because Ubuntu wouldn't even know there was raid. | 19:31 |
W8TAH | ok | 19:32 |
simplexio | chmac: it works for me :) .. it could be that your user isnt in sudo group or similiar problem | 19:45 |
chmac | simplexio: I do have full sudo via the admin group, but I manually created that group, so I think you're onto something... | 19:45 |
simplexio | chmac: created ? in ubuntu systems it ther eis allready sudoers group for that, or it is admin group can recall it right now | 19:52 |
ivoks | admin | 19:52 |
ivoks | users in admin group have 'sudo privileges' | 19:52 |
simplexio | :) | 19:55 |
simplexio | there is debian way and ubuntu way | 19:55 |
dethredic | Hey guys, I am having a problem connecting to my server. | 20:04 |
dethredic | This thread outlines my problem better than I can do here | 20:04 |
dethredic | http://ubuntuforums.org/showthread.php?t=1161316 | 20:04 |
Sam-I-Am | and an hour later its still not an ubuntu problem :P | 20:07 |
dethredic | well I don't know where else to go to get help | 20:07 |
dethredic | gota any suggestions | 20:07 |
Sam-I-Am | did you contact dyndns? | 20:07 |
dethredic | sent them an e-mail | 20:07 |
Sam-I-Am | think thats about all you can do at this point | 20:08 |
W8TAH | Sam-I-Am: fixed it | 20:08 |
Sam-I-Am | what was it? | 20:08 |
W8TAH | ubuntu cant bood with /boot and / on a software raid 5 | 20:08 |
W8TAH | so i put them on a raid 1 | 20:08 |
W8TAH | works perfectly | 20:08 |
Sam-I-Am | linux can't boot with that either | 20:09 |
Sam-I-Am | in general | 20:09 |
W8TAH | ok | 20:09 |
Sam-I-Am | but yeah, that'd do it | 20:09 |
W8TAH | oh well - -1 down 3 to go | 20:09 |
W8TAH | :D | 20:09 |
chmac | simplexio: Yeah, /etc/lsb-release says it's Ubuntu, but root was active and no admin group existed when I was given the login | 20:17 |
chmac | It's a VPS a friend is hosting for me, so I've asked him how he installed it, doesn't seem like "stock" ubuntu / ubuntu-server | 20:17 |
LHC | hey | 20:21 |
LHC | anyone run their own email server? | 20:21 |
ScottK | LHC: Lots of people do. If you have a question, just ask it. | 20:31 |
billybigrigger_ | bah | 20:45 |
billybigrigger_ | anyone here use apache's virtual hosting? | 20:45 |
billybigrigger_ | LHC::: i just set one up yesterday... | 20:45 |
billybigrigger_ | i have created /etc/apache2/sites-available/thefrozencanuck.ca and linked it to /sites-enabled/thefrozencanuck.ca .... now im trying to create 2 subdomains, forums.thefrozencanuck.ca and webmail.thefrozencanuck.ca | 20:46 |
billybigrigger_ | here's the pastebin of my sites-available/thefrozencanuck.ca | 20:46 |
billybigrigger_ | http://pastebin.com/f6ef0ec5c | 20:47 |
billybigrigger_ | and here's what happend after /etc/init.d/apache2 force-reload....ignore the awstats aliases errros | 20:48 |
billybigrigger_ | http://pastebin.com/m44f48301 | 20:48 |
LHC | cool | 20:52 |
LHC | ahh Im thinking of settin up my own webhost, small time. and im was wondering about email | 20:52 |
LHC | I should maybe buy cpanel but I wanna do as much as I can :X | 20:52 |
billybigrigger_ | ??? | 20:55 |
LHC | im thinking of settin up my own email server and sell it with my hosting | 20:55 |
billybigrigger_ | i setup a mailserver yesterday...it was fairly painless... | 20:55 |
LHC | ssl? | 20:55 |
=== Barre_ is now known as Barre | ||
LHC | what do you use to access it | 20:55 |
billybigrigger_ | i skipped ssl/tls | 20:56 |
billybigrigger_ | its my home mail server | 20:56 |
billybigrigger_ | google, lots of tutorials out there...howtoforge has a good one | 20:56 |
=== billybigrigger_ is now known as billybigrigger | ||
LHC | kk thanks | 21:02 |
LHC | I just wanted to know if it was possible haha | 21:02 |
billybigrigger | sure it | 21:03 |
viezerd | billybigrigger: maybe try as root | 21:03 |
billybigrigger | s/it/is | 21:03 |
billybigrigger | viezerd::: ? | 21:03 |
billybigrigger | viezerd::: try what as root? | 21:03 |
viezerd | billybigrigger: http://pastebin.com/m44f48301 | 21:04 |
billybigrigger | doh | 21:04 |
billybigrigger | hmm | 21:05 |
billybigrigger | can't connect to the site now | 21:06 |
heath|work | Hello. I keep reading articles at HowToForge.com and most of them say to disabled app armor to run thing in a chroot jail, but is this really necessary? | 21:14 |
LHC | dam I hate IE | 21:27 |
=== MenZa_ is now known as MenZa | ||
Bizzeh | hi, i have just installed ubuntu server 8.04 and i was wondering if there was any way to set the power profile to "ondemand" | 21:42 |
LHC | anyone know a little php? | 21:46 |
LHC | cant get into php chan | 21:46 |
billybigrigger | viezerd::: those aren't working | 21:59 |
billybigrigger | viezerd::: still can't get those virtual hosts working correctly.... | 21:59 |
LHC | billybigrigger, do you know how to make unlimited subdomains? | 22:00 |
LHC | I never did anything like that before so im curious | 22:00 |
billybigrigger | im trying to setup subdomains right now with apache | 22:01 |
billybigrigger | its just a virtual host file... | 22:01 |
billybigrigger | that goes in /etc/apache2/sites-available | 22:01 |
billybigrigger | ie. /etc/apache2/sites-available/subdomain.domain.com | 22:01 |
billybigrigger | and in there it sets the parameters for the virtual host...then create a sym link to /etc/apache2/sites-enabled | 22:02 |
billybigrigger | but its not working out too good for me :P | 22:02 |
billybigrigger | http://httpd.apache.org/docs/2.2/vhosts/ | 22:02 |
Bizzeh | LHC: subdomains has nothing to do with php, its apache | 22:03 |
orsogrigio | Hi I just install ubunto server on virtualbox vm, how can i test if apache is working? | 22:04 |
orsogrigio | thanks | 22:05 |
billybigrigger | visit http://localhost | 22:05 |
LHC | Bizzeh, yeh the php thing I was trying to figure out was adding header and footer to each page | 22:07 |
orsogrigio | billybigrigger: no browser instal on ubunto-server | 22:07 |
LHC | like 10 pages with 1 external header and footer | 22:07 |
LHC | billybigrigger, yeah I spent 6 hours figuring out vhost, then turns out one line was commented out xD | 22:07 |
billybigrigger | orsogrigio::: ping localhost:80 | 22:14 |
billybigrigger | LHC::: which line may i ask? hehe | 22:14 |
billybigrigger | orsogrigio::: nvm | 22:15 |
LHC | haha | 22:15 |
LHC | the one with # at the start :P | 22:15 |
billybigrigger | orsogrigio::: you can use nmap or netcat | 22:15 |
billybigrigger | s/netcat/netstat | 22:16 |
LHC | howtoforge is awesome | 22:18 |
=== bomana is now known as aboman | ||
centaur5 | Is there a way in the alternate install to make apt do a --fix-missing on a package it fails to download? | 23:26 |
massctrl | hi i have a couple of kvm ubuntu jeos machines running, all works fine except that they mount but often not an nfs share defined in fstab... .when I do a mount -a afterwards all works fine, ... anyone knows about this? | 23:41 |
LHC | hey again | 23:43 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!