These are more suited for administration, server configuration, etc.
ns10.dnsmadeeasy.com - IP: 208.94.148.4
ns11.dnsmadeeasy.com - IP: 208.80.124.4
ns12.dnsmadeeasy.com - IP: 208.80.126.4
ns13.dnsmadeeasy.com - IP: 208.80.125.4
ns14.dnsmadeeasy.com - IP: 208.80.127.4
ns15.dnsmadeeasy.com - IP: 208.94.149.4
After reading about IP based HELO blocking at junnkemailfilter.com and getting 3 spams today, looked at the headers:
Return-path:
Envelope-to: gregg@mochabomb.com
Delivery-date: Tue, 24 Feb 2009 04:34:44 -0800
Received: from [89.149.214.67] (helo=[192.168.139.26])
by vps2.mochabomb.info with smtp (Exim 4.69)
(envelope-from
id 1LbwUm-00044i-AB
for gregg@mochabomb.com; Tue, 24 Feb 2009 04:34:44 -0800
FROM: "Postcodeloterij-nl"
TO:
SUBJECT: CLAIM YOUR PRIZE:
DATE: 24 Feb 09 1:34:31 PM
to block a helo with an IP literal makes sense nowadays - no legitimate server will use an IP based hostname - maybe in the happy trusting 1980's, but not now where nearly 99% of email traffic is spam..
Exim is new to me - so resorted to google to help here to get it implemented...
Found the solution here:
Exim mailing list
Armed with some code - lets block some spammers!
/etc/exim.conf
########################################################################################
# DO NOT ALTER THIS BLOCK (yes - we will alter)
########################################################################################
acl_mail:
# ignore authenticated hosts
accept authenticated = *
.. some rules..
drop
condition = ${if and {{match {$sender_helo_name}{\N^\[(.+)\]$\N}}{isip4 {$1}}}{true}{false}}
message = Access denied - IP based HELO not allowed. (See RFC2821 4.1.3)
Of course you have a backup copy in case this one got borked...
restart exim and then enjoy the results with tail /var/log/exim_mainlog or whatever yours is.
Random NFS Notes
OS X: mount like any other share: mount server:/some/dir /dir
If needed, add "insecure" to server's /etc/exports:
mac:/media root# mount -v server:/home/media /media mount_nfs: /media: Operation not permitted
After adding "insecure" to server's /etc/exports and running exportfs -ra
mac:/media root# mount -v server:/home/media /media server:/home/media on /media
Linux: Verify exports with
[root@linux]# rpcinfo -p (and check for mountd, portmapper, nfs in the list) [root@linux]# exportfs -ra [root@linux]# exportfs /home/media 192.168.0.2 [root@linux]# cat /etc/exports /home/media 192.168.0.2(rw,sync,insecure)
OS X - query a server for NFS exports - here 0.3 is the NFS client..
mac:~ $ showmount -e 192.168.0.2 Exports list on 192.168.0.2: /home/media 192.168.0.3
OpenVZ Related Articles
So from home, I was trying to sftp and got this:
gregg@gregg-desktop:/usr/share/fonts/truetype/freefont$ sftp -o port=6032 someuser@mochabomb.com Connecting to 38.108.178.168... ssh_exchange_identification: Connection closed by remote host Couldn't read packet: Connection reset by peer
Ok, lets see if the server is happy..
root@vps [~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: PRNG is not seeded
[FAILED]
.. that ain't good...
Some googling of the error - mind this is my VPS - OpenVZ based - here we go:
Random device missing
"I think the reason is that you had udev daemon in physical node. Thus you have to create necessary devices by yourself inside VE (`mknod /dev/random c 1 8`)."
So will create a script to do this for me - don't need to be locked out:
#!/bin/bash if [ -z /dev/random ]; then mknod /dev/random c 1 8 ls -al /dev/random 1> /var/tmp/devrandom /sbin/service sshd restart 1> /var/tmp/devrandom mail root -s "Created /dev/random at `date` on `hostname`" < /var/tmp/devrandom rm /var/tmp/devrandom fi
Then add to cron - longest I'll ever be locked out is 15 minutes...
0,15,30,45 * * * * /root/bin/make-dev-random.sh
The --enablerepo option
[root@centos manifests]# yum -enablerepo="ruby" update ruby Loaded plugins: fastestmirror usage: yum [options] COMMAND List of Commands: check-update Check for available package updates clean Remove cached data deplist List a package's dependencies downgrade downgrade a package erase Remove a package or packages from your system groupinfo Display details about a package group groupinstall Install the packages in a group on your system grouplist List available package groups groupremove Remove the packages in a group from your system help Display a helpful usage message info Display details about a package or group of packages install Install a package or packages on your system list List a package or groups of packages localinstall Install a local RPM makecache Generate the metadata cache provides Find what package provides the given value reinstall reinstall a package repolist Display the configured software repositories resolvedep Determine which package provides the given dependency search Search package details for the given string shell Run an interactive yum shell update Update a package or packages on your system upgrade Update packages taking obsoletes into account Command line error: option -e: invalid integer value: 'nablerepo=ruby' [root@centos manifests]# yum --enablerepo="ruby" update ruby Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: centos.mirror.facebook.net * base: mirror.nexcess.net * epel: mirrors.solfo.com * extras: linux.mirrors.es.net * updates: mirror.hmc.edu ruby | 951 B 00:00 ruby/primary | 6.1 kB 00:00 ruby 18/18 Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package ruby.i686 0:1.8.6.111-1 set to be updated --> Processing Dependency: ruby-libs = 1.8.6.111-1 for package: ruby --> Running transaction check ---> Package ruby-libs.i686 0:1.8.6.111-1 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================ Package Arch Version Repository Size ============================================================================================================================ Updating: ruby i686 1.8.6.111-1 ruby 525 k Updating for dependencies: ruby-libs i686 1.8.6.111-1 ruby 2.6 M Transaction Summary ============================================================================================================================ Install 0 Package(s) Upgrade 2 Package(s) Total download size: 3.1 M Is this ok [y/N]: y Downloading Packages: (1/2): ruby-1.8.6.111-1.i686.rpm | 525 kB 00:03 (2/2): ruby-libs-1.8.6.111-1.i686.rpm | 2.6 MB 00:11 ---------------------------------------------------------------------------------------------------------------------------- Total 193 kB/s | 3.1 MB 00:16 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : ruby-libs 1/4 Updating : ruby 2/4 Cleanup : ruby 3/4 Cleanup : ruby-libs 4/4 Updated: ruby.i686 0:1.8.6.111-1 Dependency Updated: ruby-libs.i686 0:1.8.6.111-1 Complete! [root@centos manifests]#
Here - needed to install puppet 2.6 and epel did not have it - a quick google search yielded..
[root@centos yum.repos.d]# yum --enablerepo=tmz list | grep puppet puppetlabs-repo.noarch 3.0-2 installed mcollective.noarch 1.1.2-4.el5 puppetlabs mcollective-client.noarch 1.1.2-4.el5 puppetlabs mcollective-common.noarch 1.1.2-4.el5 puppetlabs puppet.noarch 2.6.6-0.1.rc1.el5 tmz puppet-dashboard.noarch 1.0.4-1 puppetlabs puppet-server.noarch 2.6.6-0.1.rc1.el5 tmz [root@centos yum.repos.d]# yum --enablerepo=tmz install puppet.noarch puppet-server.noarch Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: centos.mirror.facebook.net * base: mirror.nexcess.net * epel: mirrors.solfo.com * extras: linux.mirrors.es.net * updates: mirror.hmc.edu Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package puppet.noarch 0:2.6.6-0.1.rc1.el5 set to be updated ---> Package puppet-server.noarch 0:2.6.6-0.1.rc1.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================ Package Arch Version Repository Size ============================================================================================================================ Installing: puppet noarch 2.6.6-0.1.rc1.el5 tmz 833 k puppet-server noarch 2.6.6-0.1.rc1.el5 tmz 22 k Transaction Summary ============================================================================================================================ Install 2 Package(s) Upgrade 0 Package(s) Total download size: 855 k Is this ok [y/N]: y Downloading Packages: (1/2): puppet-server-2.6.6-0.1.rc1.el5.noarch.rpm | 22 kB 00:00 (2/2): puppet-2.6.6-0.1.rc1.el5.noarch.rpm | 833 kB 00:04 ---------------------------------------------------------------------------------------------------------------------------- Total 172 kB/s | 855 kB 00:04 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : puppet 1/2 Installing : puppet-server 2/2 Installed: puppet.noarch 0:2.6.6-0.1.rc1.el5 puppet-server.noarch 0:2.6.6-0.1.rc1.el5 Complete! [root@centos yum.repos.d]# cat tmz.repo [tmz] name="tmz.fedorapeople.org" baseurl=http://tmz.fedorapeople.org/repo/puppet/epel/5/i386/ gpgcheck=0 enabled=0 [root@centos yum.repos.d]#
I have an ext3 share on an old debian machine - 266MHz/128MBRAM that was not working...
* In CentOS check /var/log/messages for SELinux messages, if needed can disable SELinux with
# echo 0 > /selinux/enforce
also for troubleshooting the install..
# testparm /etc/samba/smb.conf
* Been running Debian Lenny/Squeeze - whoops..
* SMB was on wrong versions - foudn this link useful: Samba.org Thread
* In CentOS check /var/log/messages for SELinux messages, if needed can disable SELinux with
# echo 0 > /selinux/enforce
For troubleshooting Linxu in general for Samba -
# testparm /etc/samba/smb.conf
After looking at core dump from running
# smbd -D -F -i
Analyze with gdb (good article at Blogger
# gdb /usr/sbin/smbd /var/log/samba/cores/smbd/core (no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_files.so.2 Reading symbols from /lib/i686/cmov/libnss_compat.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_compat.so.2 Reading symbols from /lib/i686/cmov/libnss_nis.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_nis.so.2 Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libgcc_s.so.1(no debugging symbols found) Core was generated by `smbd -D -F -i'. Program terminated with signal 6, Aborted. [New process 23710] #0 0xb7f83430 in __kernel_vsyscall () (gdb)
.. and googling the errors, found my versions were wrong.
Spose this is what happens when running SID/Squeeze then changing apt repo to not include them any more...
I had mixed versions of libwbclient, libwbclient0, samba, samba-common..
# apt-get remove libwbclient0 ( also removed samba samba-common libsmbclient ) # apt-get install samba samba-common libsmbclient libwbclient0 # /etc/init.d/samba restart ( just to be sure )
And things are looking ok now..
root@debian:/# vmstat
procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
1 0 4124 3104 7448 76884 0 0 81 14 153 72 11 3 84 1
root@debian:/# top -b | head -6
top - 00:10:05 up 1 day, 4:43, 5 users, load average: 0.52, 0.20, 0.13
Tasks: 75 total, 1 running, 74 sleeping, 0 stopped, 0 zombie
Cpu(s): 4.2%us, 3.2%sy, 6.8%ni, 84.2%id, 1.4%wa, 0.1%hi, 0.0%si, 0.0%st
Mem: 125856k total, 123256k used, 2600k free, 7456k buffers
Swap: 257000k total, 4124k used, 252876k free, 76884k cached
root@debian:/# pgrep smb
24043
24045
24067
root@debian:/#
Installed Synergy on OS X Tiger - so needed to compile - the usual configure/make/make install
worked just fine..
However on CentOS 5.1 or so there is not a RPM in the repo - cool - can compile some
code...
This hint helped:
configure-error-you-must-have-the-xtest-library-to-build-synergy
Basically from the post:
yum install libXtst libXtst-devel libXext libXext-devel cd /path/to/synergy/source export CPPFLAGS='-I/usr/lib/X11' ./configure --prefix=/usr/local/synergy sed -e 's/X_DISPLAY_MISSING 1/X_DISPLAY_MISSING 0/' -i'~' config.h make make install
Fired it up with
/usr/local/synergy/bin/synergyc -f 172.16.0.22
to see it working..
Then after all is ok, restarted with
nohup /usr/local/synergy/bin/synergyc 172.16.0.22&
Ubuntu Intrepid Ibex Sendmail Smarthost configuration - I can use pine from home to send email through my ISP provider - good for Nagios running at home monitoring remote systems.. On the list is get md5 tested and setup.
This is all done as root/sudo commands (use "sudo su -" to get become and stay root)
m4 and makemap are installed.root@host:/etc/mail# cd /etc/mail
/etc/mail/sendmail.mc
# define smart host - using port 25, can set to whatever you use... define(`SMART_HOST', `smtp.sbcglobal.yahoo.com') FEATURE(`access_db') define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl dnl #
/etc/mail/access# Smart host - email from home - about how mine is set up through Pac Bell/SBC/AT&T/Yahoo conglomerate AuthInfo:[smtp.sbcglobal.yahoo.com] "U:user@sbcglobal.net" "P:pAsSwoRd" "M:PLAIN"
sendmail.mc file:dnl # dnl # Allow address rewriting FEATURE(masquerade_envelope) FEATURE(genericstable, `hash -o /etc/mail/genericstable') GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain') dnl #
/etc/mail/genericsdomain
root@host:/etc/mail# hostyname -f > genericsdomain
/etc/mail/genericstable This is needed because your declared "from" address needs to match something that sbcglobal.net - now AT&T Yahoo! email needs to know about, which is why I am adding the rewrite to my home sendmail config..
root@host:/etc/mail# cat genericstable root user@sbcglobal.net user user@sbcglobal.net
/etc/aliases if needed:
root@host:/etc/mail# cat /etc/aliases # Added by installer for initial user root: user clamav: root
newlaises
root@host:/etc/mail# newaliases /etc/mail/aliases: 2 aliases, longest 5 bytes, 19 bytes total root@host:/etc/mail#
... for root can also use .forward files
root@host:/etc/mail# makemap hash /etc/mail/access.db < /etc/mail/access root@host:/etc/mail# makemap -r hash /etc/mail/genericstable.db < /etc/mail/genericstable root@host:/etc/mail# m4 sendmail.mc > /etc/mail/sendmail.cf
Restart sendmail, fire up pine (look for alpine package), test it out.
* I had problems - errors in /var/log/mail.log showed:
Aug 30 18:15:36 host sm-mta[29605]: gethostbyaddr(192.168.122.1) failed: 1 Aug 30 18:15:36 host sm-mta[29623]: starting daemon (8.14.3): SMTP+queueing@00:10:00 Aug 30 18:15:46 host sendmail[29628]: gethostbyaddr(192.168.122.1) failed: 1
.. because the IP 192.168.122.1 was not listed in /etc/hosts - added it, gave it the same hostname as the machine, restarted sendmail, ran sendmail -q and mail successfully sent out.
(1) http://does-not-exist.org/roessler/genericstable.html "sendmail address rewriting mini-HOWTO"
Ran yum update on a recently mothballed Centos Xen install and got this:
snip.....
---> Package httpd.x86_64 0:2.2.3-22.el5.centos.2 set to be updated
---> Package gnutls.x86_64 0:1.4.1-3.el5_3.5 set to be updated
---> Package apr-util.x86_64 0:1.2.7-7.el5_3.2 set to be updated
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 229, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 145, in main
(result, resultmsgs) = base.buildTransaction()
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 647, in buildTransaction
(rescode, restring) = self.resolveDeps()
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 704, in resolveDeps
for po, dep in self._checkFileRequires():
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 939, in _checkFileRequires
if not self.tsInfo.getOldProvides(filename) and not self.tsInfo.getNewProvides(filename):
File "/usr/lib/python2.4/site-packages/yum/transactioninfo.py", line 414, in getNewProvides
for pkg, hits in self.pkgSack.getProvides(name, flag, version).iteritems():
File "/usr/lib/python2.4/site-packages/yum/packageSack.py", line 300, in getProvides
return self._computeAggregateDictResult("getProvides", name, flags, version)
File "/usr/lib/python2.4/site-packages/yum/packageSack.py", line 470, in _computeAggregateDictResult
sackResult = apply(method, args)
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 861, in getProvides
return self._search("provides", name, flags, version)
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 43, in newFunc
return func(*args, **kwargs)
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 837, in _search
for pkg in self.searchFiles(name, strict=True):
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 43, in newFunc
return func(*args, **kwargs)
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 586, in searchFiles
self._sql_pkgKey2po(rep, cur, pkgs)
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 470, in _sql_pkgKey2po
pkg = self._packageByKey(repo, ob['pkgKey'])
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 413, in _packageByKey
po = self.pc(repo, cur.fetchone())
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 68, in __init__
self._read_db_obj(db_obj)
File "/usr/lib/python2.4/site-packages/yum/sqlitesack.py", line 94, in _read_db_obj
setattr(self, item, _share_data(db_obj[item]))
TypeError: unsubscriptable object
Found this here: https://www.centos.org/modules/newbb/viewtopic.php?topic_id=20237
yum clean all rm -f /var/lib/rpm/__db* rpm --rebuilddb yum update
This fixed it
/etc/rc0(1,2,3).d
see init manpage
for cron operations, use
when booted singleuser,