[00:10] NTQ: start debugging by watching logs on both client & server === Lcawte is now known as Lcawte|Away [00:12] (client logs might require that you start your mail client from a terminal with certain options) [00:13] JanC: My client is thunderbird. And it says the username-password combination could be wrong. On the server side I see this: http://nopaste.info/index.html [00:14] NTQ: wrong link? [00:14] yes, sorry [00:15] http://nopaste.info/8593b482dc.html [00:15] I was too fast [00:16] that's for sending mail? [00:17] That's for trying to login into the IMAP account over STARTLS or SSL. [00:17] all those messages are from Postfix, none from Dovecot? [00:18] Thunderbird has a mechanism to guess the right parameters for a new mailserver. So it tries different settings for connecting to the server. [00:18] I know, but I configured postfix to use dovecot for authentication. [00:19] But maybe I have some misconfigurations in postfix. I don't know. Because I am new to it. [00:20] In my first paste you can find the output of postconf -n [00:20] you say "I can not login as that user to get the mails" --> "getting mails" requires IMAP/POP, and thus Dovecot? [00:22] if you don't see any Dovecot messages, then you probably aren't connecting to Dovecot [00:22] According to this tutorial yes: https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql [00:23] As you can see I have a lot to learn about this mail server stuff. [00:32] as there is no Dovecot log there, you probably want to check Thunderbird log output (and/or maybe use Wireshark) [00:32] Okay, now I have new logs from dovecot.log: http://nopaste.info/035691232e.html [00:32] oh, and check if the Thunderbird config is actually correct [00:33] I guess "fatal unkown CA" is a problem from thunderbird, because of the self signed certificate. [00:34] yes, probably something like that [00:34] is it self-signed or do you use your own CA? [00:35] It's the standard dovecot certificate. [00:36] ugh [00:36] I thought I can use this for testing [00:37] you should always create your own certs (then you can test that too ;) ) [00:37] What's about that snakeoil cert? [00:38] there might be an option in TB to disable or relax the CA check [00:39] NTQ: not sure if anything is wrong with it really, or what [00:40] but usually default passwords/certs are not something you want to use :) [00:40] Do I need a qualified certificate for each of the virtual domains or only one for the mail server itself? [00:42] The mailserver has the name loft1234.serverloft.de and then there are many other domains domain1.tld, domain2.tld and their MX record points to mail.domainX.tld. And mail.domainX.tld points directly to the loft1234 with an A record. [00:44] NTQ: are you using a client cert? [00:45] No [00:45] anyway, you should probably try to get client-side logs too [00:50] also, google for error messages after removing the parts that are specific to your case (i.e. domains, IP addresses, usernames, etc.) [00:50] and try what changes in the logs when you change certain settings [00:51] (assuming you are trying this on a server that's not directly connected to the internet?) [00:51] * JanC has to go [00:51] JanC: The server is directly connected to the internet [00:51] I got logs from thunderbird. [00:53] Does this help? http://nopaste.info/aa306323c2.html [00:55] There is always a "authlogin failed" [00:55] Is it because the mail address is webmaster@domain.tld, but the server is mail.domain.tld? [00:56] Because domain.tld resolves to an other IP than mail.domain.tld [00:56] But the MX record of domain.tld points to mail.domain.tld [00:57] ntq, nothing is wrong with dovecot [00:57] fix thunderbird [00:57] I added the certificate to thunderbird. [00:58] I can not change much in thunderbird except trying different login parameters. [00:58] how did you add the cert? [00:59] why would you add the cert to thunderbird? [00:59] that has nothing to do with the problem [00:59] I deleted all certificates in thunderbird which belongs to domain.tld. Then I added the new mail account and TB asked me if I want to accept the certificate. [00:59] so? that isn't the problem [00:59] [AUTHENTICATIONFAILED] Authentication failed. [00:59] right from the log [00:59] okay, adding it that way should be right [01:00] at the point it errors on username/password [01:00] it is LONG past dealing with certificates [01:00] Patrickdk: Dovecot ay something about "fatal unknown CA" though [01:00] says [01:01] no it doesn't [01:01] it's a warning, not an error [01:01] it should be an unknown, he is not using cert logins [01:01] Woah. I got it. [01:02] he enabled all kinds of extra debugging, that is confusing the issue [01:02] true, is listed as a Warning [01:02] The login is not webmaster@domain.tld. it's webmaster@domain.tld@domain.tld [01:02] not sure why it says "fatal" [01:02] I got mail [01:02] it is fatal :) [01:02] cert logins will not work, fatal failed, no certs are trusted :) [01:02] NTQ: that sounds like a server config error [01:03] I guess the SQL statement is wrong [01:03] the sql looks fine [01:03] maybe the SQL used to add an account was wrong [01:03] That was postfixadmin [01:04] but a question though [01:04] that sql seems so odd though [01:04] username="webmaster@domain.tld", local_part="webmaster", domain="domain.tld" [01:04] That's the entry in the database. [01:04] ya, the domain is probably screwing it up [01:05] here is what I use [01:05] password_query = SELECT username AS user,password, CONCAT('/var/mail/virtual/', maildir) AS home, 106 AS uid, 106 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1' [01:05] user_query = SELECT CONCAT('/var/mail/virtual/', maildir) AS home, 106 AS uid, 106 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1' [01:05] iterate_query = SELECT username AS user FROM mailbox where active='1' [01:06] if you use postfixadmin you should probably check that your SQL/tables are compatible with that... [01:06] this was from my one and single postfixadmin install :) [01:06] normally I just do it all custom [01:07] if you use my sql above, you can do this: http://paste.ubuntu.com/9449319/ [01:07] it makes it use less sql lookups [01:07] I've never used postfixadmin even :) [01:08] I need postfixadmin for some customers which wants to set up mail addresses for their domains. [01:08] instead of looking up user + password, it will lookup password first and get user info also [01:08] I adjusted my postfixadmin to use real password hashs though, md5 just sucks [01:09] I should add on my nice sql password rotation limits [01:09] That's a good idea. [01:09] Okay, next problem is that thunderbird doesn't want to send mails. [01:10] But I will go to bed now. It's already 2:10 am [01:10] NTQ: same problem for sending? [01:10] as it uses Dovecot SASL for auth? [01:10] I tryed both logins. with and without double domain [01:10] logs? [01:11] Only two lines from postfix/smtpd. "connect from ..." "lost connection after UNKNOWN ..." "disconnect from ..." [01:12] heh? there should also be some dovecot lines [01:12] and postfix should print more [01:12] if that is all, thunderbird failed to connect using ssl [01:13] Maybe [01:13] what does your master.cf look like today? [01:13] according to netstat dovecot is listening to 993 and 995 and master (postfix) is listeing to 587, 465 and 25 [01:13] not what I asked [01:14] and remove that smtpd_use_tls = yes line, that was killed long long ago [01:15] master.cf : http://nopaste.info/8ca730c60b.html [01:16] it's all commented out [01:16] no wonder [01:16] remove those comments [01:16] from line 17 to 21 [01:16] and comment out line 22 [01:17] Okay. are the last two lines correct? [01:17] and when your ready to stop spam, the first thing to do, is learn about postscreen [01:17] you don't use the last two lines, and should never use them [01:17] lmtp is MUCH better [01:17] and your already using lmtp now [01:17] ok [01:17] to enable postscreen, comment out line 11, and uncomment 12 to 15 [01:17] but lets leave that till after email works :) [01:18] I got now some warnings: " unused parameter: dovecot_destination_recipient_limit=1" and [01:18] just remove that line [01:21] Yes. Sending works. Thank you! [01:22] Wow. The good thing is I have learned many new things. :) [01:23] Good night, guys. [01:23] doing email is so much nicer in #postfix [01:23] where I have a bot to abuse :) [01:28] Better I write my own tutorial for postfix, dovecot and postfixadmin in german language. The next time I can come back to it. ;) [01:47] NTQ: consider helping with the ubuntu server guide! [01:47] https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation/UbuntuServerGuide === markthomas is now known as markthomas|away === zz_DenBeiren is now known as DenBeiren [03:05] Does anyone know if/when systemd will fully replace startupd in ubuntu? [03:10] probably never [03:10] there is no startupd [03:10] Patrickdk: systemd [03:10] and yes there is [03:10] Debian uses it [03:10] I think [03:10] debian uses systemd [03:10] Does anyone know if/when systemd will fully replace startupd in ubuntu? [03:10] but there is no such thing as startupd in debian/ubuntu [03:10] Systemd [03:11] oh [03:11] Nevermind [03:11] We use upstart [03:12] yep [03:12] debian never used upstart [03:12] upstart has grown on me [03:12] I was *kindof* excited to move to systemd, till I looked at it [03:44] how can I check the file descriptor limit of a user? [04:24] smb: thanks for the kvm-spice fix. i notice DEB_VENDOR is still used in 2 places, wonder what else breaks. [05:16] i'm using ufw for my linode servers firewall and I want to deny all traffic, allow only certain ports for znc and ssh on port 7926. is it better to reject by default or deny? [06:39] hi guys, what would you suggest to use as a management panel for free these days? [06:47] great question. i too am curious === DenBeiren is now known as zz_DenBeiren [08:03] Good morning. [08:15] hallyn, Oh did I miss other places. I thought I had checked at least the rules file for it. But it was a bit of a pass-by-shooting... :/ [08:24] EuaD: Generally, deny is better. [08:42] Hey guys! Is there a way to trigger automysqlbackup to send mail? I want to test if it works [08:45] How can I find out which commands have been run on a linux box by other users, possibly using sudo? [08:46] rioch: you can check the users .bash_history if not removed [08:46] rioch: sudo actions should have been loggen in /var/log/auth.log [08:47] maybe have a look at snoopy syslogging al executed commands [08:47] https://github.com/a2o/snoopy [08:52] henkjan: nice tips, thanks. Snoopy looks really useful1 [08:54] rioch: snoopy is in the repo's. you can install it with apt-get === MeltedLux is now known as MeltedDed === Lcawte|Away is now known as Lcawte [09:57] if i want to add ethernet card with pci passthrought do i require vd-t [09:57] is vt-d and iommu are same ? === Lcawte is now known as Lcawte|Away === Lcawte|Away is now known as Lcawte [10:52] samba35: IOMMU is a concept. VT-d is Intel's implementation. === Lcawte is now known as Lcawte|Away === Lcawte|Away is now known as Lcawte [12:57] Could I get some help with the command I ran. # apt-get install rpcbind nfs-kernel-server. Output: #: Pakcage 'rpcbind' has no installation candidate. E: Unable to locate package nfs-kernel-server. [12:59] linuxmint: Try "apt-get update" first. [13:00] linuxmint: If that doesn't fix it, your sources.list is probably busted. [13:05] soren: thanks. Even # apt-get update seems to output errors: Failed to fetch... and Temporary failure resolving... [13:05] linuxmint: The you need to.... your... [13:05] soren: reinstall ubuntu server? [13:05] linuxmint: No, why would you do that? [13:06] soren: don't know, if in doubt, reinstall. [13:06] naw, probably a temporary mirror issue. try a different mirror [13:06] linuxmint: But you see it's kinda hard to work out what the other person means when they just replace important bits with "..."? [13:11] soren: sorry. Here's a sample, as I have to type it http://pastebin.com/S8m8QA0D [13:12] linuxmint: Why do you have to type it? [13:12] soren: The output is on a machine next to me. [13:13] linuxmint: ssh? [13:13] soren: yes, I could...let me see. [13:15] and dont use pastebin.com.. [13:17] dorftrottel: Howcome? I don't want to paste numerous lines here. [13:18] thats not what i meant.. [13:18] pastebin.com tends to screw up code and uses cloudflare which is an annoyance for tor users and i hear its full of advertisement [13:23] linuxmint: Use another pastebin service. Like http://paste.ubuntu.com/ or whatever. === frankban__ is now known as frankban [13:32] soren: ok, kind of fixed the issue. Another package isn't downloading. # apt-get install nfs-kernel-server. I'll try the long nfs install version though. [14:36] Hello, I installed NFS server. Any suggestions how I can manage the HDDs. I currently have one HDD running the Ubuntu server and NDS server. I plan to add 3 more HDDs which will store the backups and movies etc. Do I just connect the HDDs and NFS recognises/mounts them? [14:37] linuxmint: No, nfs only exports what is defined in /etc/exports. [14:39] lordievader: that sounds confusing. I thought the NFS server will store the data from the computers with data (NFS clients). [14:39] lordievader: so, on computer2 (an NFS client), I transfer a file to computer1 (the NFS server), I decide on computer 2 which HDD to transfer to on the NFS server? [14:41] linuxmint: Your nfs server doesn't really care about hdd's. The export file defines what clients have what rights on what shares. [14:42] lordievader: ok, sounds like I need to go through the install walkthrough again to clarify that https://help.ubuntu.com/community/SettingUpNFSHowTo [14:43] lordievader: I plan to let the NFS server export file allow the clients to to have all rights. The NFS server will just be a dumb place to dump data. [14:44] lordievader: ok, have to go. Thanks, I'll figure it out tomorrow. === ogra_` is now known as ogra_ === Lcawte is now known as Lcawte|Away [15:39] zul, stgraber: any ideas? - https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148 [15:39] Launchpad bug 1401148 in lxc "Re/starting an lxc container corrupts all network namespaces on the same physical host" [Undecided,New] [15:40] smells like a kernel bug === MeltedDed is now known as MeltedLux [15:42] jamespage: what stgraber said [15:43] Though apparmor also can cause some pain... ok that can be a kernel bug, too [15:46] jamespage, I assume that is Vivid. Still the 3.16 kernel? [15:46] oops no [15:46] one just needs to read === martinst is now known as martins-afk [15:51] Why does my document root point to /var/www/html/lunarrecruitment.co.uk ? http://109.74.192.130/ - I've checked the default-ssl.conf and the 000-default.conf and they're both set to /var/www/html [15:51] jamespage, Did that namespace issue just start to happen? === bilde2910|away is now known as bilde2910 [15:54] anomie21: check your other configurations for sites. Paste them to a pastebin if you'd like me to take a look. You might have a default_server entry somewhere still pointing to there [15:55] teward: New vps so only a few domains luckily - http://pastebin.com/70AhUT5n [15:56] ... i want to send pastebin.com to the depths of hell. [15:58] anomie21: i don't know the ordering of which file is seen first, but if I'm right, whichever listener is seen first seems to be what Apache will point at. [15:58] s/listener/VirtualHost/ [15:58] in which case you might need to define a default if you want otherwise [15:58] note to self don't open 50 tabs in chrome .>. [15:59] anomie21: you might want to consider creating a default vhost that defines a specific docroot [15:59] would anybody be so kind as to take a quick look over this http://pastebin.com/hiCaWTYQ [15:59] It should order 00-deafult.conf surely? [15:59] (as a suggestion) [15:59] its a script for transpartent proxy with bypass ability [15:59] running on 14.04 in a vm on esxi [16:00] its working for some but not for others on my lan and its driving me potty [16:00] anomie21: in theory yes, it should. which of the ones you pasted was first in 000-default.conf? [16:01] teward: These are the two defaults, 000 is first- http://pastebin.com/SS78NPA8 [16:03] anomie21: which is actually enabled and in sites-enabled? both of them? [16:04] both yeah [16:04] ... crap, i'm late for a meeting................... [16:04] >.> [16:11] smb, tbh I'm not sure - I've seen issues with namespaces in the past - but this is the first time I've been able to identify a possible cause [16:12] smb, I can reproduce at will but it knocks out access to our entire qa cloud :-) [16:14] jamespage, Ok, so that could have been there all along (in T). Question always is whether you can experiment with more recent kernels (like U) [16:15] smb, I could try with the hardware enablement kernel I guess :-) [16:15] Or probably whether one can cause the same with a smaller scale environment. [16:15] smb, yeah - we should be able todo that [16:16] jamespage, Its always good if we have something we can do locally without rendering destruction on shared infrastructure. :) [16:18] sforshee, ^ in case you missed it === markthomas|away is now known as markthomas [16:52] smb, sforshee: OK - so I can reproduce quite easily [16:52] create a network namespace and then start an lxc container [16:52] before start - ip netns exec ip addr [16:52] works OK [16:52] afterwards [16:52] seting the network namespace "test-tests" failed: Invalid argument [16:53] jamespage, Wait... maybe you could update the bug with those instructions (for dummies level) [16:53] smb, doing so now [16:53] jamespage, ok cool === Lcawte|Away is now known as Lcawte [16:54] smb, added [16:54] again that's on 14.04 with stock 3.13 kernel [16:55] jamespage, ok. ack. tahnks for the update [17:22] is there some build rules (or repo) I could look at to see how UEC images are built? [17:23] in particular the ...-disk1.img images [17:39] smb, I can reproduce on utopic and vivid as well [17:40] jamespage, ok, thanks. Will try to reproduce it on a VM. Might be tomorrow, though. Or maybe sforshee beats me there. === martins-afk is now known as martinst === Lcawte is now known as Lcawte|Away === matsubara is now known as matsubara-afk === markthomas is now known as markthomas|afk === markthomas|afk is now known as markthomas === bilde2910 is now known as bilde2910|away [21:40] so if I have 30 servers and I want to sync a drive so that all the files where available on all thirty drives, would gluster be a the fit or is there something else I should look at === Lcawte|Away is now known as Lcawte [21:53] Kaelten: Why dont you just create a network share and mount it on all other servers? [21:58] assume that's not a valid solution for this use case [22:14] Kaelten: take a look at ceph [22:14] Kaelten: depending upon what you want, you might also want to consider NFS === mfisch is now known as Guest76485 === Guest76485 is now known as mfisch === MeltedLux is now known as MeltedDed [22:45] Arghhh, I just simply cannot figure out why an increasing number of hosts on my network are resolving as "hostname.local" instead of "hostname.our.fqdn" . . . [23:08] I am following this debian readme as that is the only available for how to install Atlas linear algebra package. Will this work for Ubuntu 12.04? [23:08] https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/atlas/trusty/view/head:/debian/README.Debian === Lcawte is now known as Lcawte|Away === martinst is now known as martins-afk [23:49] sarnold: i was going to mention cephfs but i'm not certain it has been released as production-ready === martins-afk is now known as martinst