The Answer Man
Upgrades and new (or different) versions. Often times things change, and
things that used to work magically become broken. This month we have an
interesting set of questions dealing with compatibility issues between
versions of software. A couple dealing with migrating to the freeBSD
5.1-RELEASE, one dealing with postgresql and a couple dealing with the time
and more commands.
Spam, and email filtering are issues that are becoming more and more
relevant as everyone becomes less and less interested in reading about
various enhancement products. We have a couple of strategies that may be
helpful in this battle.
Throw in some postfix, NAT, X, ominous AEN messages, and the desire to
listen to music and you get more(1) ways to pass your time(1).
Enjoy, and if you have trouble tracking down an answer to a question,
solution to a problem let us know. We are here to help (and to
sometimes make lame unix puns!).
for all in the AnswerCrew,
Barry Fox
Apr 8 11:50:00 prioris postfix/smtpd[56481]: connect from unknown[IP]
Apr 8 11:50:00 prioris postfix/smtpd[56481]: 460A12438D:
client=unknown[IP]
Apr 8 11:50:00 prioris postfix/smtpd[56481]: reject: RCPT from
unknown[IP]: 450
Client host rejected: cannot find your hostname, [IP];
from=<sender@domain> to=<rcpt@domain>
Apr 8 11:50:05 prioris postfix/smtpd[56481]: disconnect from unknown[IP]
What's going on here?
A: Postfix offers a variety of parameters that limit the delivery of
unsolicited commercial email (UCE). Although you didn't send your UCE
control settings you must have set:
smtpd_client_restrictions = reject_unknown_client .
The manual says:
reject_unknown_client:
Reject the request when the client IP address has no PTR (address to name)
record in the DNS, or when the PTR record does not have a matching A (name
to address) record. The unknown_client_reject_code parameter specifies the
response code to rejected requests (default: 450).
This UCE checks reverse DNS. The IP seen in your logs does not
resolve to domain - PTR (address to name).
A: That means that your netBSD system is having some disk trouble. The twe
driver is used for raid cards by 3ware (and compatible).
The first AEN message indicates that the drive in slot 1 has decided to
pack it in, the second AEN message indicates that the drive in unit 1 is
still up and running ok, however the mirror is in a degraded state. This
means you are down to one drive.
Generally the course of action is to schedule some down time as soon as
possible to investigate further. The drive may be suffering from a loose
connection, it may be dead, or it may have overheated. Usually you will
want to reboot the box and go into the 3ware configuration utility (alt+3
during boot). if you do not see all the drives listed, then it means that
the controller card cannot see the missing drive. if you do see all the
drives then you can try to rebuild the mirror. You just select to rebuild
it, then continue along the boot process. eventually you will see messages
like:
May 28 22:05:54 /netbsd: twe0: AEN 0x000b (rebuild started) received for
unit 0
May 28 23:28:08 /netbsd: twe0: AEN 0x0005 (rebuild done) received for unit 0
If a drive is missing then you will have to investigate things
further. power down the box, and take a look at the drives. if they are
really hot, they may have overheated. let them cool down, and rig up a
better cooling system. then start up the system and see if the disk is now
visible. It may be a cable problem, so you could try swapping out the
cables from the drives to the card and see if that helps. If not then
there may be a problem with the actual drive. Some drives have firmware
upgrades, so you should check with the drive manufacturer to see if there
is one for the drive. otherwise you can swap out the drive with a new one
and rebuild the mirror.
You can then examine the problem drive more closely to see what the problem
is (or send it off if it is under warrantee, or use it as a paper weight if
you are sick of dealing with the drive).
A: Very simple answer. In /etc/ttys, simply turn
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure
to
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm on secure
When you boot your system, it will always autoboot into the xlogin
screen. If you ever want to go back to booting to the standard console
(where you have to login as root to fire off xdm) just edit the on
back to off.
NB:
For most non-system-admin machines, it is probably good to boot straight
into an X-Window xlogin. It may keep users happier. For administrative
types, booting straight to X can mean letting console-output messages
slip past. It is always wise to check your /var/log files upon reboot.
(Since with BSD, obviously, ahem, reboots are so infrequent!)
A. All rprotocols work fine with NAT. One exception is outbound rsh
traffic. rsh requires remote server to initiate a data channel. To make
this work use that command:
map IP -> IP proxy port 514 rcmd/tcp
Better way would be to use OpenSSH which offers more security and does not
need a proxy.
A. For ATAPI drivers you can use this script:
#!/bin/sh -
# DEVR is a device to read from.
DEVR/dev/acd1c
# DEVRR is a device to read from; "c" dropped.
DEVRR/dev/acd1
# DEVW is a device to write to.
DEVW/dev/acd0c
# DIR is a place to keep tem files.
DIR/home/reapped
OLIST`ls $DIR | xargs`
cd $DIR
if [ -z "$OLIST" ]; then
echo -n "$DIR is clean."
else
rm $OLIST
echo -n "Cleaned."
fi
for i in `cdcontrol -f $DEVR info | awk '/audio/{print $1}' | \
sed -e 's/^[1-9]$/ 0&/'`
do
dd if${DEVRR}t${i} of$DIR/track${i}.cdr bs2352
done
LIST`ls $DIR | xargs`
burncd -f $DEVW -s 4 -e audio $LIST fixate
rm $LIST
echo -n "Cleaned."
cd
# END
Change the variables to suit your needs.
A. This sysctl has been moved to security. Use this command to fix -
sysctl -w security.bsd.see_other_uids=0
As a security note you may consider using kern.ps_argsopen.
sysctl -w kern.ps_argsopen=0
A:
Indeed, there were some changes in PostgresSQL. Previously you had (I
guess) something like this in you pg_hba.conf file:
host db_name 127.0.0.1 255.255.255.255 password db_name-pass
That config allowed to connect to a database "db_name" from localhost,
using password set with pg_passwd(1) and stored in "db_name-pass" file.
Now, the config is different:
host db_name user 127.0.0.1 255.255.255.255 password
This line allows user "user" to connect to a database "db_name" from
localhost using password set with a query:
CREATE USER user WITH PASSWORD 'password';
A. Have you read "Release Notes" on www.freebsd.org? It states:
A second process scheduler, designed to be a general purpose scheduler
with many SMP benefits, has been added to the scheduler framework. Exactly
one scheduler must be specified in a kernel configuration. The original
scheduler may be selected using options SCHED_4BSD. The newer (experimental)
scheduler can be selected by using options SCHED_ULE.
add "options SCHED_4BSD" or "options SCHED_ULE" to your kernel config
located in /usr/src/sys/i386/conf and rebuild.
% time -h ping -c 5 freebsd.org
but
-h: Command not found.
0.000u 0.000s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
is spit back at me. Any clues?
A:
The shell you are using is calling its builtin version of time
that has no support for the BSD -h flag. TO get around with you can
try
$ \time -h ping -c 5 freebsd.org
or
$ /usr/bin/time -h ping -c 5 freebsd.org
If you use time -h often, you might want to make this into a shell alias,
say "htime" or possibly even a script.
A: In the Berkeley distributions of Unix, more actually
is less, believe it or not :)
The inode values will convince you
$ ls -li /usr/bin/more /usr/bin/less
8104 -r-xr-xr-x 2 root wheel 85740 Apr 6 12:59 /usr/bin/less
8104 -r-xr-xr-x 2 root wheel 85740 Apr 6 12:59 /usr/bin/more
To get less to work as more does, you might want to type simply
$ less -E filename
and less with quit at each EOF. Using the binary this way will also
highlight any string you search for with / or ?
Perhaps a more sensible approach to using less is to put this into
your /bin/sh initialization file ( ~/.bashrc, ~/.profile, ~/.zshrc, etc)
#
## "less" flags
#
LESS='-Eac -j5'
export LESS
If you are using csh, just put
setenv LESS '-Eac -j5'
within your ~/.cshrc
The -j5 places the search hit 5 lines from the top of xterm
so you can see some of what precedes it.
As mentioned, the '-E' above causes less to exit when it sees an EOF.
The -a and the -c are left to the reader to scope out. man less will
amuse both you and you cat for hours. ...Or maybe not
A: There are a couple of ways to accomplish this depending on how much
control you have over your domain name and mail server. The goal is to
quickly and easily create unique email addresses that you can then use to
filter your email.
The simplest solution is to use an email address like
"user+keyword@domain.com" where "user@domain.com" is your real email
address. This works with sendmail. Postfix uses an underscore instead of
a plus sign (but can be configured both ways). The only problem with this
method is that many online forms don't allow the use of a plus sign in an
email address.
In other words, if you are "John Q. Smith" with the user name of "jqs"
at example.org, the following concrete examples would serve:
jqs+amazon@example.org
jqs+freebsd@example.org
jqs+daemon@example.org
If you have control of your own mail server and domain (or have a nice
ISP) you can set up a domain such as "user.domain.com" and configure
things so that mail sent to any user at that domain will be forwarded to
"user@domain.com". This has the benefit that "keyword@user.domain.com"
is a completely valid email address and will be accepted by all online
forms.
To configure this using sendmail do the following as root. Be sure to
make a backup of all files first!
- Add "user.domain.com" to /etc/mail/local-host-names.
- Add "@user.domain.com user@domain.com" to /etc/mail/virtusertable.
- Type "make".
You can now test the setup by sending an email to
"keyword@user.domain.com" and see if it arrives at "user@domain.com".
Now you can give your online vendors their own unique email address such
as "amazon@user.domain.com" and then filter your email based on that. If
you ever get spam sent to that address you have the added bonus of knowing
that Amazon was responsible. At this point you can change your email with
Amazon to "amazon1@user.domain.com" and then configure filtering to delete
all mail sent to "amazon@user.domain.com".
Another use is to manage your mailing list subscriptions. Subscribe to
freebsd lists as "freebsd@user.domain.com", PHP lists as
"php@user.domain.com", etc.
A: One way to accomplish this is to forward every email received by your
mail server to a special account and then do all your spam testing on that
account. Here's one way to do this:
- 1 - Make sure that procmail is installed and is used automagically by
your
MTA.
- 2 - Create the user "spamtest" on your mail server.
- 3 - Create /usr/local/etc/procmailrc and put the following in it:
-----------------
:0 c
!spamtest
-----------------
This will forward all mail to the user spamtest but not mail that is
already on it's way to the spamtest user. The "c" is important so that
the original user receives a copy as well.
- 4 - Test and install whatever spam filter you want under the 'spamtest'
account. I find it's best to set things up to delete legitimate email and
save spam. That way you can read spamtest's inbox and check to see if any
legitimate email was classified as spam.
One thing to keep in mind is that spamtest will receive a lot of email so
be sure you've got enough space to hold it. If /var/mail is too small you
can always create a small ~spamtest/.procmailrc containing:
-----------------
:0
$HOME/incoming
----------------
which will move all incoming mail to the file 'incoming' in spamtest's
home directory. Then just make sure that spamtest's home directory is on
a big disk.
About the Authors
Allan Dib,
MCSE (Microsoft Certified Systems Engineer), CCA (Citrix Certified
Administrator)
Allan Dib is Director of Technical Services at qtec a
Melbourne/Australia based IT consulting specialising in cross platform
solutions and information security.
[mail]
Grzegorz Czapliński, B.Sc. in Computer Science. I spend
most of my time
with computers, mainly administration. I work for Sun Microsystems
and Warsaw University of Technology. I like reading, walking and
climbing. I am here to help people with BSD systems.
[home
|mail]
Ryan Dooley
UNIX Systems Administrator and Open Source Advocate since 1993
is a developer for Intelligent Engines, and has been managing and
writing code for BSD systems since 1996.
[mail]
Gary Kline has been porting code since the late 1970's. When he isn't hacking code, he's hacking prose or
philosophical poetry, or listening to jazz and slurping down French roast.
Currently he studies philosophy.
Recent adventures include the thrills of learning about the Domain Name System and network and mail administration.
[home|mail]
Travis Stevenson Life in Computer Science. I am the Chief Netwo
rk Engineer
for Maverik Country Stores in Star Valley, Wy.
I have been using/administrating
BSD's since 1994. I'm here to help people feel the joy. :)
[mail]
Andy Wallis
I am Software Engineer for Lockheed Martin Air Traffic Management. I build
and package Commercial Off The Shelf software into packages for ATC
systems(UNIX across the board; Solaris and AIX mostly) that we sell to Civil
Aviation Authorities like the FAA. I have BS in Computer Science from Ball
State University; known for Dave Letterman, drunkards, and Garfield. I like
to work on various molding computer and the BSDs(esp NetBSD). I also like
read, cycle, and play roleplaying games.
[mail]
If you have a BSD-type question, the AnswerCrew may be able to help.
Please write us at the following email address:
dn-answerman@daemonnews.org
| 