[00:34] <fredrik2> Hi! I can't get Postfix with Dovecot SASL working correctly.
[00:34] <fredrik2> I followed the server guide, but with no sucess.
[00:35] <fredrik2> When i telnet host 25. I'm not seeing the AUTH option
[00:35] <fredrik2> I've restarted postfix, dovecot & sasauthd & even reinstalled everything
[00:35] <fredrik2> Started postfix in -v mode. Checked logs.
[00:35] <fredrik2> Don't know what do next. Anyone ?
[00:47] <Daviey> hallyn: thanks, now have a good weekend :)
[04:26] <excalibr> Is there a way to sync packages/configs across multiple servers?
[04:30] <escott> !clone | excalibr
[07:27] <trimeta> Does ubuntu-zfs install anything to help me perform a weekly scrub of the zpool? There seem to be mentions of cronjobs in the changelog, but I have nothing in /etc/cron.*.
[07:56] <trimeta> Oddly enough, my version of zfsutils is 0.6.0.65-0ubuntu1~precise1, despite the latest version online being 8.3~svn226546-6...maybe this is related to the problem.
[07:57] <trimeta> Oh, that's just for kfreebsd.
[12:23] <halvors> May somone help me with my iptables setup?
[12:23] <halvors> iptables -P INPUT DROP
[12:23] <halvors> iptables -P OUTPUT DROP
[12:23] <halvors> iptables -P FORWARD DROP
[12:23] <halvors> iptables -A INPUT -i lo -j ACCEPT
[12:23] <halvors> (13:42:34) halvors: iptables -A OUTPUT -o lo -j ACCEPT
[12:23] <halvors> (13:42:36) halvors: iptables -A INPUT -i eth0 -j ACCEPT
[12:23] <halvors> (13:42:36) halvors: iptables -A OUTPUT -o eth0 -j ACCEPT
[12:23] <halvors> (13:43:28) halvors: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[12:23] <halvors> (13:42:34) halvors: iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
[12:23] <halvors> My current config-
[12:24] <Cromulent> use a pastebin...
[12:25] <remix_tj> halvors: what's the problem?
[12:33] <halvors> Well, my LAN hosts can't access the internet
[12:35] <halvors> The best way is to DROP anything and allow what i want, right?
[12:37] <halvors> remix_tj: You there? :)
[12:38] <remix_tj> yes
[12:38] <remix_tj> uhm
[12:38] <remix_tj> i think it's correct. Where are your lan devices connected?
[12:39] <halvors> on eth0
[12:40] <halvors> And eth1 is WAN :)
[12:44] <halvors> remix_tj: Did you get that? I forgot to mention your nick :(
[12:44] <remix_tj> with this config
[12:45] <remix_tj> you can't go to the internet because incoming packets are dropped, so you're not able to open tcp connections
[12:45] <remix_tj> maybe you should add something like
[12:45] <remix_tj> iptables -A FORWARD -p tcp -m state --state RELATED, ESTABLISHED -j ACCEPT
[12:46] <remix_tj> and
[12:47] <remix_tj> you should insert something allowing icmp echo reply halvors
[12:47] <remix_tj> without that rule clients cannot get ping response
[12:48] <halvors> client can't get ping response from the Ubuntu Box or?
[12:49] <remix_tj> from host in the internet
[12:49] <halvors> Shouldn't i do something like: iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT
[12:49] <halvors> You mean for remote hosts to be able to ping the Ubuntu box?
[12:50] <remix_tj> you should explicitely specify -p tcp
[12:50] <remix_tj> (afaik)
[12:51] <remix_tj> for icm reply i mean your LAN hosts cannot ping outside machines
[12:51] <remix_tj> *icmp
[12:52] <halvors> Why should i specify tcp?
[12:53] <halvors> With that i allow TCP, UDP and ICMP, right?
[12:53] <halvors> iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT
[12:54] <remix_tj> -p tcp
[12:54] <halvors> Why?
[12:55] <halvors> Shouldn't i be able to use UDP and ICMP?
[12:55] <remix_tj> halvors: maybe do not work, i no not remember if iptables has a conntrack method for icmp and udp
[12:55] <remix_tj> *do not
[12:55] <halvors> hmm.
[12:56] <halvors> So you mean that this command won't work?
[12:56] <halvors> 148.122.169.23
[12:56] <halvors> Obs
[12:56] <halvors> iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT
[12:56] <halvors> That should be routing tcp...
[12:57] <remix_tj> halvors: try
[12:57] <remix_tj> if does not work you'll get an iptables error message
[12:57] <halvors> Ok.
[12:57] <halvors> Thanks you.
[12:58] <halvors> Maybe i'll loose connectivity now when trying this out.
[13:07] <halvors> remix_tj: When using the command "iptables -A FORWARD -p tcp -m state --state RELATED, ESTABLISHED -j ACCEPT" how gain udp and icmp too?
[13:07] <remix_tj> uhm
[13:08] <remix_tj> this depends on conntrack of the operating sistem, i do not know if there is something for conntracking udp and icmp, since they are stateless
[13:57] <RoyK> halvors: afaik there is no real conntrack for udp and icmp, since those are stateless protocols
[15:57] <jkyle> anyone have a reference for installing juju on osx?
[15:58] <jkyle> zookeeper keeps failing for me, figure others would have to solve that too
[16:34] <halvors> I get an error with isc-dhcp-server, this is the error i'm getting:
[16:34] <halvors> Jun 23 18:32:50 skymia-server dhcpd: /etc/dhcp/dhcpd.conf line 129: subnet 192.168.50.1 netmask 255.255.255.0: bad subnet number/mask combination.
[16:34] <halvors> Jun 23 18:32:50 skymia-server dhcpd: subnet 192.168.50.1 netmask 255.255.255.0
[16:34] <halvors> Jun 23 18:32:50 skymia-server dhcpd:                                         ^
[16:34] <halvors> Why?
[16:34] <halvors> Isn't that right?
[16:38] <halvors> When i does:
[16:39] <halvors> "service isc-dhcp-server restart" get the error message, "Unknown instance"...
[16:39] <TheLordOfTime> have you heard of patience before?
[16:39] <TheLordOfTime> !Patience
[16:39] <TheLordOfTime> sometimes it takes a bit to get an answer
[16:39] <TheLordOfTime> just an FYI
[16:40]  * TheLordOfTime thinks you've got more than one issue going on though
[16:40] <halvors> Sorry, but i'm in a bit if a hurry here.
[16:41] <halvors> Is there any way to restore the startup script to default? Also the one from the dhcp3-server package.
[16:42] <RoyK> halvors: I guess perhaps a bad character at the end
[16:43] <RoyK> or perhaps a missing semicolon
[16:47] <jkyle> wow, that was quite the drive by question.
[16:47] <jkyle> off hand, 192.168.50.1 isn't a subnet
[16:49] <jkyle> halvors: 192.168.50.1 isn't a subnet, pastebin your conf though
[17:02] <halvors1> Solved it, thanks for help :D
[17:02] <RoyK> halvors1: network problems? ;)
[17:04] <halvors1> Yrah.
[17:04] <halvors1> Yeah.
[17:43] <jkyle> Daviey: ping
[19:27] <axisys> a pci compliance require adding some awareness if someone delete a log file.. what is the least amount of work to acheive that with a security pkg may be?
[19:28] <axisys> we are sending the log file to splunk and arcsight.. but there might be another way to achieve locally.. bsm audit looks not verbose and open-audit does seems only look at hardware
[19:29] <axisys> s/not verbose/too verbose/
[19:29] <axisys> did not see much discussion in https://help.ubuntu.com/12.04/serverguide/security.html
[19:30] <axisys> AppArmor profile does not look to be least amount of work..
[19:58] <Skaag> trying to rescue a crashed system, that had software raid
[19:58] <Skaag> I believe raid5 on /dev/sda2, /dev/sdb2 and /dev/sdc2
[19:59] <Skaag> I'm now in "rescue mode" and I have no idea how to assemble them back
[20:03] <axisys> Skaag: you could boot from a live cd and fix it that way as a easier route
[20:03] <Skaag> I'm already in the shell, trying to use mdadm...
[20:03] <axisys> cat /proc/mdstat ?
[20:04] <axisys> oops.. i have to run..
[20:04] <Skaag> it shows me md127 with sda2 and sdc2 but not sdb2
[20:04] <Skaag> and md0 with sdc1 which is the /boot partition I believe
[20:07] <Skaag> is the order important?
[20:09] <Skaag> right now I have sdb2, sda2, sdc2 but i'm not sure that's the original order of physical devices in the array
[20:15] <qman__> the order is irrelevant
[20:15] <qman__> it can assemble in any order, the metadata says what's where
[20:15] <Skaag> ok cool
[20:15] <Skaag> so /proc/mdstat now says it's rebuilding
[20:16] <Skaag> but I'm failing to mount it
[20:16] <Skaag> despite having an active raid5 device
[20:16] <Skaag> maybe now there's lvm on top..?
[20:16] <qman__> possibly
[20:17] <Skaag> i'm lost.
[20:18] <Skaag> how do I know what type of volume is on /dev/md127 … ?
[20:18] <qman__> you can fdisk -l
[20:19] <qman__> actually not
[20:19] <qman__> trying to remember what the right thing is
[20:20] <Skaag> all frisk says is about the physical devices, they are all Linux raid autodetect
[20:20] <Skaag> fdisk
[20:20] <Skaag> damn autocorrect...
[21:14] <D3lirious> Good day, or evening .. how is everyone Im good my self lol
[21:15] <TheLordOfTime> SpamapS:  i hope you're around
[21:17] <D3lirious> chatty group aint ya lol
[21:22] <TheLordOfTime> patience
[21:22] <TheLordOfTime> :P
[21:23] <qman__> well, this is a support channel; if you have a question, !ask it
[21:23] <Daviey> jkyle: hey
[21:23] <qman__> if you're just looking to chat, I think it's #ubuntu-social
[21:23] <TheLordOfTime> qman__:  isnt it -offtopic?
[21:23] <qman__> probably
[21:24] <Daviey> jkyle: How are you doing?
[23:42] <iSIEMENS> Hello!
[23:54] <Yankees52> !ops
[23:54] <Yankees52> ban me
[23:54] <IdleOne> Yankees52: why do you keep doing this?
[23:55] <Yankees52> i am drunk right now ban me!
[23:55] <IdleOne> so what was your excuse for this morning?
[23:55] <Yankees52> hangover
[23:56] <IdleOne> I wonder if there is something more productive you could do with your time
[23:56] <Yankees52> drink booze!
[23:56] <IdleOne> I mean you seem like a half intelligent person.
[23:56] <Yankees52> ban me!
[23:56] <Yankees52> vodka babty
[23:56] <Yankees52> baby
[23:57] <qman__> not to fuel a fire, but high intelligence tends to lead to substance abuse rather than away from it
[23:57] <patdk-lap> thought it leads to bordom
[23:58] <patdk-lap> and then various other bad activities, like virus making
[23:58] <patdk-lap> spam emails
[23:58] <patdk-lap> ...