[03:39] hey folks; i need wordpress to be able to send emails upon order completion; i have the site on a VPS; any point in trying to install something locally; or should i use something like sendgrid/mailgun/sparkpost etc? i want to make sure emails get inboxed... [03:42] arooni: if you aren't totally sure what you're doing, use a service like the ones you mentioned [03:43] arooni: local email is doable but takes work - and sometimes it's simply out of your control, e.g. if your host or neighbours have a bad reputation in spam lists [03:43] arooni: (the above is just my opinion, not objective facts) [03:48] gotcha [03:48] next question [03:48] what do i need to do if i want to set up a few email aliases at mydomain.com to forward to my gmail account? for instance; abuse@domain.com ; support@domain.com; arooni@domain.com ; do i need to go a hosted email provider like zoho? or is there something i can do in the vps itself? [03:51] you could install a mail server in the VPS, and have mail delivered there (set the MX DNS record for the domain to point at the VPS); that's reasonably straightforward, but then you're responsible for all your own spam filtering etc [03:52] or you can use a provider; I like google apps, but they aren't free any more [03:52] I gave up on filtering my own spam years ago, google is just too good [03:53] if all you want is everything forwarded, mail server right on the VPS isn't difficult. postfix and exim can both be configured to do that pretty easily [03:54] and you probably want something running anyway so that daemons (e.g. cron) can send you mail === stoned is now known as EnchanterTim [08:19] whats the best way to sniff http and https traffic and block it by predefined rules (e.g OS user, url, get/post data length etc) [08:22] Sircle: The common approach is to have firewall rules in place, only allowing http(s) traffic through a proxy server, and have the proxy server do the filtering. Whatever that is the best way or not kind of depend on your scenario. [08:45] hi, my bootpartition is full,.. apt-get autoremove does not work [08:45] output of ls /boot/ is the following http://prntscr.com/d5uo3y [08:46] i'm running 4.4.0-42-generic atm [08:47] can i simply rm all that is not -42 ? [08:48] denbeiren: dpkg -S /boot/vmlinuz*, and instead of rm, uninstall the packages you think you don't need [08:49] andol: can proxy server do filtering on POST?GET data that is to be uploaded, multipart, url and OS user? [08:49] denbeiren: you probably want to keep the latest and boot into that one instead of -42- as soon as convenient [08:51] sudo apt-get purge /boot/linux.... ? [08:52] you purge the package names, not the file paths. [08:52] dod you look at the output of "dpkg -S /boot/vmlinuz*" ? [08:53] it tells you which packages those file paths belong to [08:54] so copy those package names on the left side of the output, without the last colon character, and purge _those_ [08:54] http://prntscr.com/d5url8 [08:54] http://prntscr.com/d5urq4 [08:55] Sircle: While that obviously depends on the implemetantion, doing that kind of filtering appear a lot more doable on an http level than on a network level. [08:56] denbeiren: apt complains because its main goal is to keep dependencies satisfied. Add those linux-image-extra-4.4.0-34-generic to the purge command. [08:57] and perhaps use dpkg to purge instead of apt [08:57] denbeiren: put all the unneeded packages into a single command, both apt-get and dpkg allow multiple package names there [08:59] andol: so what choices do I have? [09:01] Sircle: No idea, never setup such filtering myself. [09:01] sadly i can't use tab key to complete commands :s [09:03] nm, i wasn't in /boot [09:06] http://prntscr.com/d5uw8y still not ok i'm afraid [09:14] fixed it [09:14] thx for the help [09:37] is there a method for convient patch managment on 50+ servers? [10:11] DK2: unattended-upgrades? Landscape? [10:25] mostly ubuntu [10:25] rbasak: does not need to be unattended-upgrades [10:42] Apparently poewrsvave should be the default according to this bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1579278 . However for me it is set to performance. Can anyone else check the default CPU governor for ubuntu server xenial? [10:42] Launchpad bug 1579278 in sysvinit (Ubuntu Xenial) "Keep powersave CPU frequency scaling governor for CPUs that support intel_pstate" [Medium,Triaged] [11:01] is it possible to mitm via squid and filter POST from even https? [11:10] Sircle: I think it can but I'm not sure. You'd need to create a CA and add it to the browser, etc. Also there's Charles Proxy. [11:28] rbasak: CA would do on brwoser end but need config on squid end. [11:31] Sircle: http://wiki.squid-cache.org/Features/SslBump maybe? [11:36] smb, morning - wonder if you can help me with something [11:37] smb, is there a way I can tell with VT-d is enabled from within Ubuntu? [11:37] I can see the vmx cpuflag - but is there a specific one for VT-d as well? [12:30] hi. I have different ubuntu-servers in different countries. I also use different ppa. For Germany I use de.archive.ubuntu.com - for Italy or UK I use it.archive... / uk.archive. ... - Now I get a kernel update offered (4.4.0.47) in IT and UK but not in DE. [12:30] Is that due to some lag on these "apt mirrors" and considered to be normal? [12:31] zul coreycb working on ocata neutron in ci [12:44] all hail zuul! [13:19] ddellav, i pushed your keystone updates [13:19] coreycb ack [14:58] hello all === theGoat_ is now known as theGoat [15:14] hi guys, is freenode having problems? [15:14] just asked me to login as someone I do not know [15:15] anyway [15:15] accountservice update today [15:15] whats that about exactly [15:16] Welshman: debian/patches/wtmp-fix-logout.patch: Backport 0.6.43 commit to fix logout records when a user shuts down or restarts their computer (LP: #1443052) [15:16] Launchpad bug 1443052 in Ubuntu GNOME "User accounts login history showing incorrect history - patch" [Low,Triaged] https://launchpad.net/bugs/1443052 [15:17] ty [15:17] <3 apt-listchanges [15:18] Pici: in layman terms why is it a problem? [15:19] Welshman: Looks like it might not directly affect server users. [15:20] yeah, my thought [15:20] not root thoughh [15:21] Pici: not affrect root yeah [15:21] affect [15:22] root not affected yeah? [15:23] did we just get back doored? [15:23] No? [15:23] probably! [15:23] quick there with the response [15:24] wtf [15:24] Its a shared package between desktop and server installs, but the bugfix looks like its for desktop sessions. [15:24] pici you Ubuntu official? [15:25] Welshman: I'm not a developer, but I've been doing Ubuntu stuff for 10 years or so. [15:25] I know [15:25] me to [15:25] odd upgrade [15:26] looking it up a abit [15:26] seems lioke a back door [15:26] like [15:29] any other thoughts on thos [15:29] this [15:32] mybalzitch: speak up dude [15:34] so who is officcial on this chat and can comment on the accountservice upgrade? [15:34] very odd upgrade and little explanation [15:35] reminds me ofmy divorce proceedings lol [15:35] wtf is Ubuntu up to? [15:36] are there any official Ubuntu guys here? [15:37] Welshman: Ubuntu Server devs hang out in this channel, but Canonical staff in the US have a public holiday today, so there are fewer of us than normal. [15:38] Guys, accountservice upgrade .... [15:38] also, this is rather a desktop fix ... [15:38] so why would you expect anyone in the server channel to know anything about it [15:38] rbasak: I dont have time for holidays [15:38] Ah, I hadn't scrolled back far enough. [15:39] ogra_: nice imput [15:39] Welshman: ah. I believe my employer accepts money if you need a better SLA than "best effort" :) [15:39] :) [15:40] no offence just curious what ever happens with my servers and never the sharpest in the box :) [15:40] You have accountservice on your servers? [15:40] apparently [15:40] basic installs [15:41] build deps dont need to be MIRed anymore correct? [15:41] zul: right - unless you end up with a runtime dependency (whether declared through Depends or not, eg. including a static link). [15:41] I just run basic installs for websites php [15:41] rbasak: cool thanks [15:44] one of the worst things in life is seeing things and not being able to explain and remedy. [15:44] ? [15:44] think about it [15:45] it is pretty clearly explained in the bug and in the changelog [15:45] really [15:45] yes, really [15:45] read it [15:45] Trump [15:45] it fixes a log entry for when users shut down the system from a graphical session [15:45] ogra_: OK [15:46] (where before there was no log entry written in this case ... it used to only be written when shot down from the login manager instead) [15:46] it is pretty detailed described in the bug that is mentioned in the changelog [15:46] just read it ... [15:47] ogra_: so its that inocent ? [15:47] ? [15:47] of what [15:47] perfect answer [15:47] of what do you expect this change to be guilty ? [15:47] nsa [15:48] backdoor [15:48] seriously ... just throwing word fragments at the channel wont relly get you much info ... people wont know what you mean [15:48] ok [15:48] (whole sentences and that grammar thing often work wonders .... ) [15:49] I know [15:50] Hitler should have proved himself rather than obiterated. [15:51] Time got tired with the guy [15:51] Trump, well done USA? [15:51] dude ... this isnt "#ubuntu-politics" ... [15:52] I think change is good [15:52] wgats the off topic? [15:53] whats the off topic room here? [15:53] I only logged in because of your maybe recent backdoor [15:54] jesus christ who is my nigger here [15:54] merci :)= [15:54] np [15:54] lol === uaides_ is now known as uaides [16:27] Hi all, I’d like to get some advice. We are considering Ubuntu Server for our network. We have a hybrid environment of Windows, Mac, and Linux computers, but the environment is about 90% Apple. We currently use OpenDirectory running from a MacMini server. Is Open LDAP a viable replacement? What limitations do we need to consider? === degorenko is now known as degorenko|afk [16:35] rbasak: thanks. So it spssible what I want? [16:36] rbasak: is squid the most featureful proxy server? [16:36] It's pretty common as a proxy server. [16:38] rbasak: whats the most powerful one? [16:38] rbasak: featureful? [16:38] I can't comment on that. [16:38] rbasak: your personal choices? [16:39] For general proxy caching? I'd use squid. It's in main on Ubuntu, so easy to deploy, manage and keep updated. [16:39] rbasak: for more features? [16:41] rbasak: any other you like? [16:42] varnish, nginx, apache and charles proxy are all alternatives I know about. [16:42] Though they generally all get used in different scenarios, often not client-side. [16:42] So some are probably completely unsuitable. [16:43] rbasak: does squid and others manage only http(s) traffic or other protocoles as well? [16:43] I don't know. [16:44] hi, i'm hitting https://bugs.launchpad.net/ubuntu/+source/magnum/+bug/1632743 , i'm not sure if this is the right channel, but any plan to push the fixed package to newton-updates repo? [16:44] Launchpad bug 1632743 in magnum (Ubuntu) "Missing files from python-magnum 3.1.1-0~cloud0" [Undecided,Fix released] [16:44] k [16:44] Sircle: http, ftp, gopher, icy (per `apt-cache show`) [16:44] Sircle: what protocols were you interested in? [16:45] amoralej: you're in the right place, but perhaps getting late for UK staff and the US have a holiday today. If you don't get an answer, try asking again on Monday? [16:45] ok, thanks rbasak [16:52] nacc: I want to do mitm so I can analyze if requests are POST/multipart, (or data in them), block it if its POST or having a regex match. Its good to block other protocols like ssh or rsync etc on basis of OS user accounts [16:54] nacc: a huge web cache will be good as well [16:55] nac don't know which tool to choose. Ease with features that I can use in future is good. === degorenko|afk is now known as degorenko [17:02] Hi all, I’d like to get some advice. We are considering Ubuntu Server for our network. We have a hybrid environment of Windows, Mac, and Linux computers, but the environment is about 90% Apple. We currently use OpenDirectory running from a MacMini server. Is Open LDAP a viable replacement? What limitations do we need to consider? === iberezovskiy is now known as iberezovskiy|off [17:08] Sircle: well, squid can probably do the web cache, but i don't think it can do most of the other stuff you suggest, like blocking ssh or anything [17:28] nacc: what thing can do that then? [17:30] Sircle: i'm not sure, I don't think one tool does that; I mean to block certain *protocols* based upon user accounts, e.g. -- you mean that a particular user isn't allowed to ssh in? That's controlled by the ssh daemon. The ssh protocol needs to be open for that work, though. [17:30] anyone available to discuss the question I posted? :( [17:30] asyn: just an fyi, it's a holiday for some in the US, so might be a bit quieter today [17:31] asyn: http://blog.mlemoine.name/2012/09/07/migrate-mac-os-x-10.6-open-directory-to-unix-open-ldap-including-passwords.html ? [17:32] asyn: i assume the easiest thing to do, if you go down that route, would be setup openldap in parallel and see if it works === degorenko is now known as _degorenko|afk [18:07] nacc: can I install squid on a single machine and use it on that machine for cacheing/acl etc and maybe later for other machines? [18:11] Sircle: i think so? not sure, depends on the usage [18:16] background: i need to get email set up on my ubuntu vps. i'm only going to be sending transactional emails when user makes a purchase/item is shipped etc. so i'm planning on using a smtp provider like sendgrid to plugin to my wordpress/woocommerce setup. i also need to be able to *receive* email say to support@domain.com; abuse@domain.com; but since it's me answering all those emails; i would think [18:16] forwarding to my gmail account would be a valid approach. questions: 1) does this approach make sense? 2) if i got the forwarding set up to my gmail; could i reply from support@domain.com; within my gmail account ? 3) or do i need to stop thinking about email forwarding and use a hosted email provdier like zoho to handle the inbound emails (suppot@domain.com ; abuse@domain.com ) etc? sorry for long [18:16] question lol [18:20] arooni: you can specify what address you reply from in gmail, that's not really an ubuntu question [18:20] arooni: you just have to link the address to your account, iirc [18:28] i guess it really wa s question of whether i should run an email serer or not [18:29] and i think that answer is no [18:29] arooni: running your own email server isn't worth the hassle for *most* people [18:29] arooni: at least, IMO [18:30] thank goodness i can still find hosted email for free; dont know how zoho does [18:30] does it [18:30] must be a driver to their subscription services [19:21] zul jamespage please review lp:~ddellav/ubuntu/+source/neutron ci update. Builds in zesty but missing python-coverage >= 4.0 using sbuild-ocata [19:23] ddellav: merged [19:24] zul ack [19:29] nacc: thanks, just now saw your response. I guess my main questions are about how full featured OpenLDAP is, and whether it is stable enough for an enterprise environment. [19:30] asyn: https://en.wikipedia.org/wiki/OpenLDAP, i mean it's a fairly common tool [19:54] asyn: FWIW, my company uses LDAP [19:54] *OpenLDAP === amoralej is now known as amoralej|off [20:34] I'm having trouble passing an incoming UDP packet from one system, through my ubuntu router, to another system. I can receive the UDP packet 172.16.101.1.59117 > 239.252.101.6.60106 because I have added 239.252.101.6 via "ip add maddr" but my system listening on the other end cannot see any of the udp traffic. Please help! This is tricky. [20:34] My system is configured as follows: windows (172.16.101.1) <- eth0 -> ubuntu (172.16.3.1) <- wlan1 -> windows (172.16.4.101) [22:12] i just instaled on a fresh UServer Webmin and some other admin pages the first reboots was all ok but now they all arent responding localy:10000 i remember that it usualy has to doo with bootorder but what and where … i cant finder [22:14] tested restarting apache … but stil nothing changed [22:27] !webmin | phantoms2 [22:27] phantoms2: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. [22:29] phantoms2: did you get your webmin problem cleared up [22:32] hello? [22:47] hay guys [22:48] i have a questions about Ubuntu server headless. i need assistance with it. DNS resolving issues. anyone able to assist? [22:50] Gr3mlin: ask your question. [22:53] how does one sucessfully configure the DNS setting? ive been trying for a while now since upgrading from 14.04 to 16.04 [22:53] i almost want to give up and just set resolv.conf and then make it readonly [23:16] easy.. bah... just set the dns-nameservers in the interfaces file. well. that doesnt work. [23:22] anyone able to help? [23:29] Gr3mlin: Just setting /etc/resolv.conf manually is a valid way to configure things if static settings are all you need. [23:30] In a classic server scenario, I don't think anything will be rewriting resolv.conf automatically [23:30] By "classic server scenario" I'm assuming that network-manager nor other desktop environments' similar tools are installed [23:31] If you want dns settings in the interfaces file to apply, I think that's dependent on the "resolvconf" package [23:31] Which I very much do recommend installing if a static /etc/resolv.conf is not suitable for you [23:32] i havent installed anything as of yet. well that i know about. [23:34] ubottu: whats the alternative to webmin???? [23:34] I am only a bot, please don't think I'm intelligent :) [23:35] i have resolvconf installed. its not resolving my issue. [23:43] should have just stuck with 14.04lts. would have saved myself flippin hours.