[03:39] <arooni> hey folks; i need wordpress to be able to send emails upon order completion; i have the site on a VPS; any point in trying to install something locally; or should i use something like sendgrid/mailgun/sparkpost etc?  i want to make sure emails get inboxed...
[03:42] <tarpman> arooni: if you aren't totally sure what you're doing, use a service like the ones you mentioned
[03:43] <tarpman> arooni: local email is doable but takes work - and sometimes it's simply out of your control, e.g. if your host or neighbours have a bad reputation in spam lists
[03:43] <tarpman> arooni: (the above is just my opinion, not objective facts)
[03:48] <arooni> gotcha
[03:48] <arooni> next question
[03:48] <arooni> what do i need to do if i want to set up a few email aliases at mydomain.com to forward to my gmail account?  for instance; abuse@domain.com ; support@domain.com; arooni@domain.com ;  do i need to go a hosted email provider like zoho?  or is there something i can do in the vps itself?
[03:51] <tarpman> you could install a mail server in the VPS, and have mail delivered there (set the MX DNS record for the domain to point at the VPS); that's reasonably straightforward, but then you're responsible for all your own spam filtering etc
[03:52] <tarpman> or you can use a provider; I like google apps, but they aren't free any more
[03:52] <tarpman> I gave up on filtering my own spam years ago, google is just too good
[03:53] <tarpman> if all you want is everything forwarded, mail server right on the VPS isn't difficult. postfix and exim can both be configured to do that pretty easily
[03:54] <tarpman> and you probably want something running anyway so that daemons (e.g. cron) can send you mail
[08:19] <Sircle> whats the best way to sniff http and https traffic and block it by predefined rules (e.g OS user, url, get/post data length etc)
[08:22] <andol> Sircle: The common approach is to have firewall rules in place, only allowing http(s) traffic through a proxy server, and have the proxy server do the filtering. Whatever that is the best way or not kind of depend on your scenario.
[08:45] <denbeiren> hi, my bootpartition is full,.. apt-get autoremove does not work
[08:45] <denbeiren> output of ls /boot/ is the following http://prntscr.com/d5uo3y
[08:46] <denbeiren> i'm running 4.4.0-42-generic atm
[08:47] <denbeiren> can i simply rm all that is not -42 ?
[08:48] <jelly> denbeiren: dpkg -S /boot/vmlinuz*, and instead of rm, uninstall the packages you think you don't need
[08:49] <Sircle> andol:  can proxy server do filtering on POST?GET data that is to be uploaded, multipart, url and OS user?
[08:49] <jelly> denbeiren: you probably want to keep the latest and boot into that one instead of -42- as soon as convenient
[08:51] <denbeiren> sudo apt-get purge /boot/linux.... ?
[08:52] <jelly> you purge the package names, not the file paths.
[08:52] <jelly> dod you look at the output of "dpkg -S /boot/vmlinuz*" ?
[08:53] <jelly> it tells you which packages those file paths belong to
[08:54] <jelly> so copy those package names on the left side of the output, without the last colon character, and purge _those_
[08:54] <denbeiren> http://prntscr.com/d5url8
[08:54] <denbeiren> http://prntscr.com/d5urq4
[08:55] <andol> Sircle: While that obviously depends on the implemetantion, doing that kind of filtering appear a lot more doable on an http level than on a network level.
[08:56] <jelly> denbeiren: apt complains because its main goal is to keep dependencies satisfied.  Add those linux-image-extra-4.4.0-34-generic to the purge command.
[08:57] <jelly> and perhaps use dpkg to purge instead of apt
[08:57] <jelly> denbeiren: put all the unneeded packages into a single command, both apt-get and dpkg allow multiple package names there
[08:59] <Sircle> andol:  so what choices do I have?
[09:01] <andol> Sircle: No idea, never setup such filtering myself.
[09:01] <denbeiren> sadly i can't use tab key to complete commands :s
[09:03] <denbeiren> nm, i wasn't in /boot
[09:06] <denbeiren> http://prntscr.com/d5uw8y    still not ok i'm afraid
[09:14] <denbeiren> fixed it
[09:14] <denbeiren> thx for the help
[09:37] <DK2> is there a method for convient patch managment on 50+ servers?
[10:11] <rbasak> DK2: unattended-upgrades? Landscape?
[10:25] <DK2> mostly ubuntu
[10:25] <DK2> rbasak: does not need to be unattended-upgrades
[10:42] <geertn> Apparently poewrsvave should be the default according to this bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1579278 . However for me it is set to performance. Can anyone else check the default CPU governor for ubuntu server xenial?
[11:01] <Sircle>  is it possible to mitm via squid and filter POST from even https?
[11:10] <rbasak> Sircle: I think it can but I'm not sure. You'd need to create a CA and add it to the browser, etc. Also there's Charles Proxy.
[11:28] <Sircle> rbasak:  CA would do on brwoser end but need config on squid end.
[11:31] <rbasak> Sircle: http://wiki.squid-cache.org/Features/SslBump maybe?
[11:36] <jamespage> smb, morning - wonder if you can help me with something
[11:37] <jamespage> smb, is there a way I can tell with VT-d is enabled from within Ubuntu?
[11:37] <jamespage> I can see the vmx cpuflag - but is there a specific one for VT-d as well?
[12:30] <ronator> hi. I have different ubuntu-servers in different countries. I also use different ppa. For Germany I use de.archive.ubuntu.com - for Italy or UK I use it.archive... / uk.archive. ... - Now I get a kernel update offered (4.4.0.47) in IT and UK but not in DE.
[12:30] <ronator> Is that due to some lag on these "apt mirrors" and considered to be normal?
[12:31] <ddellav> zul coreycb working on ocata neutron in ci
[12:44] <NOVAtechies> all hail zuul!
[13:19] <coreycb> ddellav, i pushed your keystone updates
[13:19] <ddellav> coreycb ack
[14:58] <NOVAtechies> hello all
[15:14] <Welshman> hi guys, is freenode having problems?
[15:14] <Welshman> just asked me to login as someone I do not know
[15:15] <Welshman> anyway
[15:15] <Welshman> accountservice update today
[15:15] <Welshman> whats that about exactly
[15:16] <Pici> Welshman: debian/patches/wtmp-fix-logout.patch: Backport 0.6.43 commit to fix logout records when a user shuts down or restarts their computer (LP: #1443052)
[15:17] <Welshman> ty
[15:17] <Pici> <3 apt-listchanges
[15:18] <Welshman> Pici:  in layman terms why is it a problem?
[15:19] <Pici> Welshman: Looks like it might not directly affect server users.
[15:20] <Welshman> yeah, my thought
[15:20] <Welshman> not root thoughh
[15:21] <Welshman> Pici:  not affrect root yeah
[15:21] <Welshman> affect
[15:22] <Welshman> root not affected yeah?
[15:23] <Welshman> did we just get back doored?
[15:23] <Pici> No?
[15:23] <mybalzitch> probably!
[15:23] <Welshman> quick there with the response
[15:24] <Welshman> wtf
[15:24] <Pici> Its a shared package between desktop and server installs, but the bugfix looks like its for desktop sessions.
[15:24] <Welshman> pici you Ubuntu official?
[15:25] <Pici> Welshman: I'm not a developer, but I've been doing Ubuntu stuff for 10 years or so.
[15:25] <Welshman> I know
[15:25] <Welshman> me to
[15:25] <Welshman> odd upgrade
[15:26] <Welshman> looking it up a abit
[15:26] <Welshman> seems lioke a back door
[15:26] <Welshman> like
[15:29] <Welshman> any other thoughts on thos
[15:29] <Welshman> this
[15:32] <Welshman> mybalzitch: speak up dude
[15:34] <Welshman> so who is officcial on this chat and can comment on the accountservice upgrade?
[15:34] <Welshman> very odd upgrade and little explanation
[15:35] <Welshman> reminds me ofmy divorce proceedings lol
[15:35] <Welshman> wtf is Ubuntu up to?
[15:36] <Welshman> are there any official Ubuntu guys here?
[15:37] <rbasak> Welshman: Ubuntu Server devs hang out in this channel, but Canonical staff in the US have a public holiday today, so there are fewer of us than normal.
[15:38] <Welshman> Guys, accountservice upgrade ....
[15:38] <ogra_> also, this is rather a desktop fix ...
[15:38] <ogra_> so why would you expect anyone in the server channel to know anything about it
[15:38] <Welshman> rbasak:  I dont have time for holidays
[15:38] <rbasak> Ah, I hadn't scrolled back far enough.
[15:39] <Welshman> ogra_:  nice imput
[15:39] <rbasak> Welshman: ah. I believe my employer accepts money if you need a better SLA than "best effort" :)
[15:39] <Welshman> :)
[15:40] <Welshman> no offence just curious what ever happens with my servers and never the sharpest in the box :)
[15:40] <rbasak> You have accountservice on your servers?
[15:40] <Welshman> apparently
[15:40] <Welshman> basic installs
[15:41] <zul> build deps dont need to be MIRed anymore correct?
[15:41] <rbasak> zul: right - unless you end up with a runtime dependency (whether declared through Depends or not, eg. including a static link).
[15:41] <Welshman> I just run basic installs for websites php
[15:41] <zul> rbasak: cool thanks
[15:44] <Welshman> one of the worst things in life is seeing things and not being able to explain and remedy.
[15:44] <ogra_> ?
[15:44] <Welshman> think about it
[15:45] <ogra_> it is pretty clearly explained in the bug and in the changelog
[15:45] <Welshman> really
[15:45] <ogra_> yes, really
[15:45] <ogra_> read it
[15:45] <Welshman> Trump
[15:45] <ogra_> it fixes a log entry for when users shut down the system from a graphical session
[15:45] <Welshman> ogra_:  OK
[15:46] <ogra_> (where before there was no log entry written in this case ... it used to only be written when shot down from the login manager instead)
[15:46] <ogra_> it is pretty detailed described in the bug that is mentioned in the changelog
[15:46] <ogra_> just read it ...
[15:47] <Welshman> ogra_:  so its that inocent ?
[15:47] <ogra_> ?
[15:47] <ogra_> of what
[15:47] <Welshman> perfect answer
[15:47] <ogra_> of what do you expect this change to be guilty ?
[15:47] <Welshman> nsa
[15:48] <Welshman> backdoor
[15:48] <ogra_> seriously ... just throwing word fragments at the channel wont relly get you much info ... people wont know what you mean
[15:48] <Welshman> ok
[15:48] <ogra_> (whole sentences and that grammar thing often work wonders .... )
[15:49] <Welshman> I know
[15:50] <Welshman> Hitler should have proved himself rather than obiterated.
[15:51] <Welshman> Time got tired with the guy
[15:51] <Welshman> Trump, well done USA?
[15:51] <ogra_> dude ... this isnt "#ubuntu-politics" ...
[15:52] <Welshman> I think change is good
[15:52] <Welshman> wgats the off topic?
[15:53] <Welshman> whats the off topic room here?
[15:53] <Welshman> I only logged in because of your maybe recent backdoor
[15:54] <Welshman> jesus christ who is my nigger here
[15:54] <ogra_> merci :)=
[15:54] <Pici> np
[15:54] <mybalzitch> lol
[16:27] <asyn> Hi all, I’d like to get some advice. We are considering Ubuntu Server for our network. We have a hybrid environment of Windows, Mac, and Linux computers, but the environment is about 90% Apple. We currently use OpenDirectory running from a MacMini server. Is Open LDAP a viable replacement? What limitations do we need to consider?
[16:35] <Sircle> rbasak:  thanks. So it spssible what I want?
[16:36] <Sircle> rbasak:  is squid the most featureful proxy server?
[16:36] <rbasak> It's pretty common as a proxy server.
[16:38] <Sircle> rbasak:  whats the most powerful one?
[16:38] <Sircle> rbasak:  featureful?
[16:38] <rbasak> I can't comment on that.
[16:38] <Sircle> rbasak:  your personal choices?
[16:39] <rbasak> For general proxy caching? I'd use squid. It's in main on Ubuntu, so easy to deploy, manage and keep updated.
[16:39] <Sircle> rbasak:  for more features?
[16:41] <Sircle> rbasak:  any other you like?
[16:42] <rbasak> varnish, nginx, apache and charles proxy are all alternatives I know about.
[16:42] <rbasak> Though they generally all get used in different scenarios, often not client-side.
[16:42] <rbasak> So some are probably completely unsuitable.
[16:43] <Sircle> rbasak: does squid and others manage only http(s) traffic or other protocoles as well?
[16:43] <rbasak> I don't know.
[16:44] <amoralej> hi, i'm hitting https://bugs.launchpad.net/ubuntu/+source/magnum/+bug/1632743 , i'm not sure if this is the right channel, but any plan to push the fixed package to newton-updates repo?
[16:44] <Sircle> k
[16:44] <nacc> Sircle: http, ftp, gopher, icy (per `apt-cache show`)
[16:44] <nacc> Sircle: what protocols were you interested in?
[16:45] <rbasak> amoralej: you're in the right place, but perhaps getting late for UK staff and the US have a holiday today. If you don't get an answer, try asking again on Monday?
[16:45] <amoralej> ok, thanks rbasak
[16:52] <Sircle> nacc:  I want to do mitm so I can analyze if requests are POST/multipart, (or data in them), block it if its POST or having a regex match. Its good to block other protocols like ssh or rsync etc on basis of OS user accounts
[16:54] <Sircle> nacc:  a huge web cache will be good as well
[16:55] <Sircle> nac don't know which tool to choose. Ease with features that I can use in future is good.
[17:02] <asyn> Hi all, I’d like to get some advice. We are considering Ubuntu Server for our network. We have a hybrid environment of Windows, Mac, and Linux computers, but the environment is about 90% Apple. We currently use OpenDirectory running from a MacMini server. Is Open LDAP a viable replacement? What limitations do we need to consider?
[17:08] <nacc> Sircle: well, squid can probably do the web cache, but i don't think it can do most of the other stuff you suggest, like blocking ssh or anything
[17:28] <Sircle> nacc:  what thing can do that then?
[17:30] <nacc> Sircle: i'm not sure, I don't think one tool does that; I mean to block certain *protocols* based upon user accounts, e.g. -- you mean that a particular user isn't allowed to ssh in? That's controlled by the ssh daemon. The ssh protocol needs to be open for that work, though.
[17:30] <asyn> anyone available to discuss the question I posted? :(
[17:30] <nacc> asyn: just an fyi, it's a holiday for some in the US, so might be a bit quieter today
[17:31] <nacc> asyn: http://blog.mlemoine.name/2012/09/07/migrate-mac-os-x-10.6-open-directory-to-unix-open-ldap-including-passwords.html ?
[17:32] <nacc> asyn: i assume the easiest thing to do, if you go down that route, would be setup openldap in parallel and see if it works
[18:07] <Sircle> nacc: can I install squid on a single machine and use it on that machine for cacheing/acl etc and maybe later for other machines?
[18:11] <nacc> Sircle: i think so? not sure, depends on the usage
[18:16] <arooni> background: i need to get email set up on my ubuntu vps.  i'm only going to be sending transactional emails when user makes a purchase/item is shipped etc.  so i'm planning on using a smtp provider like sendgrid to plugin to my wordpress/woocommerce setup.  i also need to be able to *receive* email say to support@domain.com; abuse@domain.com; but since it's me answering all those emails; i would think
[18:16] <arooni> forwarding to my gmail account would be a valid approach. questions: 1) does this approach make sense? 2) if i got the forwarding set up to my gmail; could i reply from support@domain.com; within my gmail account ?  3) or do i need to stop thinking about email forwarding and use a hosted email provdier like zoho to handle the inbound emails (suppot@domain.com ; abuse@domain.com ) etc?  sorry for long
[18:16] <arooni> question lol
[18:20] <nacc> arooni: you can specify what address you reply from in gmail, that's not really an ubuntu question
[18:20] <nacc> arooni: you just have to link the address to your account, iirc
[18:28] <arooni> i guess it really wa s question of whether i should run an email serer or not
[18:29] <arooni> and i think that answer is no
[18:29] <nacc> arooni: running your own email server isn't worth the hassle for *most* people
[18:29] <nacc> arooni: at least, IMO
[18:30] <arooni> thank goodness i can still find hosted email for free; dont know how zoho does
[18:30] <arooni> does it
[18:30] <arooni> must be a driver to their subscription services
[19:21] <ddellav> zul jamespage please review lp:~ddellav/ubuntu/+source/neutron ci update. Builds in zesty but missing python-coverage >= 4.0 using sbuild-ocata
[19:23] <zul> ddellav: merged
[19:24] <ddellav> zul ack
[19:29] <asyn> nacc: thanks, just now saw your response. I guess my main questions are about how full featured OpenLDAP is, and whether it is stable enough for an enterprise environment.
[19:30] <nacc> asyn: https://en.wikipedia.org/wiki/OpenLDAP, i mean it's a fairly common tool
[19:54] <CodeMouse92> asyn: FWIW, my company uses LDAP
[19:54] <CodeMouse92> *OpenLDAP
[20:34] <cdorsal> I'm having trouble passing an incoming UDP packet from one system, through my ubuntu router, to another system. I can receive the UDP packet 172.16.101.1.59117 > 239.252.101.6.60106 because I have added 239.252.101.6 via "ip add maddr" but my system listening on the other end cannot see any of the udp traffic. Please help! This is tricky.
[20:34] <cdorsal> My system is configured as follows: windows (172.16.101.1) <- eth0 -> ubuntu (172.16.3.1) <- wlan1 -> windows (172.16.4.101)
[22:12] <phantoms2> i just instaled on a fresh UServer Webmin and some other admin pages the first reboots was all ok but now they all arent responding localy:10000   i remember that it usualy has to doo with bootorder but what and where … i cant finder
[22:14] <phantoms2> tested restarting apache … but stil nothing changed
[22:27] <bekks> !webmin | phantoms2
[22:29] <NOVAtechies> phantoms2: did you get your webmin problem cleared up
[22:32] <NOVAtechies> hello?
[22:47] <Gr3mlin> hay guys
[22:48] <Gr3mlin> i have a questions about Ubuntu server headless. i need assistance with it. DNS resolving issues. anyone able to assist?
[22:50] <bekks> Gr3mlin: ask your question.
[22:53] <Gr3mlin> how does one sucessfully configure the DNS setting? ive been trying for a while now since upgrading from 14.04 to 16.04
[22:53] <Gr3mlin> i almost want to give up and just set resolv.conf and then make it readonly
[23:16] <Gr3mlin> easy.. bah... just set the dns-nameservers in the interfaces file. well. that doesnt work.
[23:22] <Gr3mlin> anyone able to help?
[23:29] <maxb> Gr3mlin: Just setting /etc/resolv.conf manually is a valid way to configure things if static settings are all you need.
[23:30] <maxb> In a classic server scenario, I don't think anything will be rewriting resolv.conf automatically
[23:30] <maxb> By "classic server scenario" I'm assuming that network-manager nor other desktop environments' similar tools are installed
[23:31] <maxb> If you want dns settings in the interfaces file to apply, I think that's dependent on the "resolvconf" package
[23:31] <maxb> Which I very much do recommend installing if a static /etc/resolv.conf is not suitable for you
[23:32] <Gr3mlin> i havent installed anything as of yet. well that i know about.
[23:34] <phantoms2> ubottu: whats the alternative to webmin????
[23:35] <Gr3mlin> i have resolvconf installed. its not resolving my issue.
[23:43] <Gr3mlin> should have just stuck with 14.04lts. would have saved myself flippin hours.