| Self-hosted solution for password management and SSH Jump server Posted: 30 Mar 2021 01:55 AM PDT We're trying to find a self-hosted solution that can act as an "SSH Jump server" AND a "Password Management" to securely share access credentials. Is there anyway that we can find a single solution that handles both? We're open for both free and commercial products. Thank you!  |
| Unexpected 301 redirect in limited devices Posted: 30 Mar 2021 01:29 AM PDT I have an EC2 instance that hosts a Django app with Gunicorn and served by Nginx with following configuration. upstream app_server { server unix:/home/ubuntu/domain/app.sock fail_timeout=0; } server { listen 80; listen [::]:80; server_name domain.com www.domain.com; include /etc/nginx/sites-available/static-media.conf; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; include proxy_params; proxy_pass http://app_server; } }
There wasn't much of an issue until I used certbot -d domain.com --nginx for ssl. Certbot redirected all 80 traffic to 443; however, it resulted in ERR_TOO_MANY_REDIRECTS. I couldn't figure out the cause for it and ended up using both 80 and 443 in the same server block. It temporarily fixed my problem since the React SPA webapp is working properly with both http and https routes. However, the flutter mobile app has its HTTP GET requests working properly but HTTP POST requests are now causing 301 permanent redirect. I have no idea where to start looking for the cause because as far as I know, I have removed all 301 redirects from the conf and there should not be any redirections.  |
| How to avoid bottlenecking when setting up home network? Posted: 30 Mar 2021 01:17 AM PDT Let's say I have a router with 4 1Gb/s ethernet output ports. If I require more ethernet lines output, first instinct will be to take one of the lines from the router and and plug it into the switch. However, will this not limit the total bandwidth of the devices on the switch to 1Gb/s? For instance 2 devices running at full capacity simultaneously will only have 0.5Gb/s max at a given time. How to work around this bottle-necking? Lets say I have a router, multiple wireless access points, and few switches that I want connected on the same network. What configuration of these devices would cause the least bottleneck?  |
| Zimbra Does not send Email (local and External) Posted: 30 Mar 2021 12:30 AM PDT So i managed to get the Zimbra installed today, and Its on here https://mail.betheluniversityeu.gq:7071/zimbraAdmin/ i am using Digital ocean as VPS to run the mailserver I have this issue, when I check on MXTOOLBOX it appears to be working beautifully well. Now i want to send email to be sure it sends email and I decide to check the email Log like this tail -f /var/log/mail.log , I am getting this as response Mar 30 06:35:10 betheluniversityeu postfix/smtpd[27035]: NOQUEUE: filter: RCPT from localhost[127.0.0.1]: <emeka.iwuagwu@betheluniversityeu.gq>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<emeka.iwuagwu@betheluniversityeu.gq> to=<e.iwuagwu@hotmail.com> proto=ESMTP helo=<betheluniversityeu.gq> Mar 30 06:35:10 betheluniversityeu postfix/smtpd[27035]: BB9FEFC604: client=localhost[127.0.0.1] Mar 30 06:35:10 betheluniversityeu postfix/smtpd[27035]: BB9FEFC604: filter: RCPT from localhost[127.0.0.1]: <emeka.iwuagwu@betheluniversityeu.gq>: Sender addre ss triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<emeka.iwuagwu@betheluniversityeu.gq> to=<iwuagwuemmy@yahoo.com> proto=ESMTP helo=<betheluniversityeu.gq> Mar 30 06:35:10 betheluniversityeu postfix/smtpd[27035]: BB9FEFC604: filter: RCPT from localhost[127.0.0.1]: <emeka.iwuagwu@betheluniversityeu.gq>: Sender addre ss triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<emeka.iwuagwu@betheluniversityeu.gq> to=<e.iwuagwung@gmail.com> proto=ESMTP helo=<betheluniversityeu.gq> Mar 30 06:35:10 betheluniversityeu postfix/cleanup[27038]: BB9FEFC604: message-id=<804426382.31.1617086110640.JavaMail.zimbra@betheluniversityeu.gq> Mar 30 06:35:10 betheluniversityeu postfix/qmgr[27852]: BB9FEFC604: from=<aaaaa@betheluniversityeu.gq>, size=1084, nrcpt=3 (queue active) Mar 30 06:35:10 betheluniversityeu postfix/smtpd[27035]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=3 data=1 quit=1 commands=7 Mar 30 06:35:10 betheluniversityeu postfix/dkimmilter/smtpd[27042]: connect from localhost[127.0.0.1] Mar 30 06:35:10 betheluniversityeu postfix/dkimmilter/smtpd[27042]: D887DFC607: client=localhost[127.0.0.1] Mar 30 06:35:10 betheluniversityeu postfix/cleanup[27038]: D887DFC607: message-id=<804426382.31.1617086110640.JavaMail.zimbra@betheluniversityeu.gq> Mar 30 06:35:10 betheluniversityeu postfix/qmgr[27852]: D887DFC607: from=<aaaaaa@betheluniversityeu.gq>, size=1526, nrcpt=3 (queue active) Mar 30 06:35:10 betheluniversityeu postfix/dkimmilter/smtpd[27042]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=3 data=1 quit=1 commands=7 //Mail Sends here Mar 30 06:35:10 betheluniversityeu postfix/smtp[27040]: BB9FEFC604: to=<*****@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.19, delays=0.02/0.02/0 .01/0.14, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 25 0 2.0.0 Ok: queued as D887DFC607) Mar 30 06:35:10 betheluniversityeu postfix/smtp[27040]: BB9FEFC604: to=<*********@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.19, delays=0.02/0.02/0 .01/0.14, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 25 0 2.0.0 Ok: queued as D887DFC607) Mar 30 06:35:10 betheluniversityeu postfix/smtp[27040]: BB9FEFC604: to=<**********@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.19, delays=0.02/0.02/0 .01/0.14, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 25 0 2.0.0 Ok: queued as D887DFC607) Mar 30 06:35:10 betheluniversityeu postfix/qmgr[27852]: BB9FEFC604: removed Mar 30 06:35:11 betheluniversityeu postfix/amavisd/smtpd[27045]: connect from localhost[127.0.0.1] Mar 30 06:35:11 betheluniversityeu postfix/amavisd/smtpd[27045]: 1BE7DFC606: client=localhost[127.0.0.1] Mar 30 06:35:11 betheluniversityeu postfix/cleanup[27038]: 1BE7DFC606: message-id=<804426382.31.1617086110640.JavaMail.zimbra@betheluniversityeu.gq> Mar 30 06:35:11 betheluniversityeu postfix/qmgr[27852]: 1BE7DFC606: from=<aaaaa@betheluniversityeu.gq>, size=1839, nrcpt=3 (queue active) Mar 30 06:35:11 betheluniversityeu postfix/amavisd/smtpd[27045]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=3 data=1 quit=1 commands=7 Mar 30 06:35:11 betheluniversityeu postfix/smtp[27040]: D887DFC607: to=<*******@gmail.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.24, delays=0.05/0.01/0 /0.18, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BE7DFC606) Mar 30 06:35:11 betheluniversityeu postfix/smtp[27040]: D887DFC607: to=<********@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.24, delays=0.05/0.01/0 /0.18, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BE7DFC606) Mar 30 06:35:11 betheluniversityeu postfix/smtp[27040]: D887DFC607: to=<********@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.24, delays=0.05/0.01/0 /0.18, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BE7DFC606) Mar 30 06:35:11 betheluniversityeu postfix/qmgr[27852]: D887DFC607: removed Mail Returns here //-------------------------- Mar 30 06:35:11 betheluniversityeu postfix/smtp[27046]: 1BE7DFC606: to=<*****@hotmail.com>, relay=none, delay=0.02, delays=0.01/0.01/0/0, dsn=4.4.3, status= deferred (Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) Mar 30 06:35:11 betheluniversityeu postfix/error[27047]: 1BE7DFC606: to=<******@gmail.com>, relay=none, delay=0.03, delays=0.01/0.02/0/0.01, dsn=4.4.3, sta tus=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again) Mar 30 06:35:11 betheluniversityeu postfix/smtp[27048]: 1BE7DFC606: to=<*****@yahoo.com>, relay=none, delay=0.03, delays=0.01/0.02/0/0, dsn=4.4.3, status= deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
Any idea why it does not Send Emails, Could this be because I have not setup SPF, DKIM?  |
| How to explain UFW firewall blocking log entry from external source on non-forwarded port? Posted: 30 Mar 2021 12:05 AM PDT I have a small home server with hostname mango running Debian, with UFW firewall and logcheck installed. For years, my router has a very limited number of port forwards to this mango server. UPnP is turned OFF at my router (at least, that's what it says). ┌───────────┐ ┌───────────┐ ┌──────────┐ │ cable │ DMZ │ router │ │ mango │ INTERNET ──┤ modem ├─────────┤(some port ├────┬────┤10.0.0.213│ │ │ │forwarding)│ │ │(runs UFW)│ └───────────┘ └───────────┘ │ └──────────┘ │ │ ┌──────────┐ │ │ │ ├────┤ │ │ │ │ │ └──────────┘ ...
Sometimes I get emailed (multiple) logcheck entries like below which I can not understand how they are possible. Mar 29 22:03:45 mango kernel: [690469.612733] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:66:ca:e1:00:8e:f2:4b:ee:9c:08:00:45:08:00:88:e4:b9:40:00:0c:11:3b:27 SRC=18.195.48.229 DST=10.0.0.213 LEN=136 TOS=0x08 PREC=0x00 TTL=12 ID=58553 DF PROTO=UDP SPT=57673 DPT=51221 LEN=116
It reports an external ip (18.195.48.229, geolocated in Germany, not my home country) trying to access mango (10.0.0.213) on a closed UDP destination port (DPT=51221) which is NOT configured or forwarded on my router (and UPnP is turned OFF). Question: How can this traffic to a non-forwarded port, reporting an external ip source, end up in my network at this place? Where should I look to understand what is going on? Only explanation I can think of is that another device in my network is doing ip routing/forwarding (which would results in ip packets keeping their source external ip address, if I am correct). However, apart from my router, the mango server is (to my knowledge) the only other device that has ip routing/forwarding turned on (because it's running wireguard VPN). But that doesn't explain the ufw log entry in this case AFAIK.  |
| Azure SQL database migration to new region not working Posted: 29 Mar 2021 11:59 PM PDT I tried to migrate a SQL database from Azure's Central US region to another region. I used the Azure resource mover (as outlined in this Microsoft article). I completed the mover steps and it appears to have spawned some background actions. However, 24 hours later, the database is still in the Central US region and no notifications have appeared informing me that the move has completed. I stopped the app that was connecting to the db and disconnected from SSMS in case an open connection was preventing the move, but nothing changed.  |
| Linux top command hang about 25 seconds before works fine Posted: 29 Mar 2021 11:57 PM PDT On my Linux server, top command hang about 25 seconds before works fine: $ time top -b -n 1
Output: ... real 0m25.199s user 0m0.018s sys 0m0.014s
When top command is hang, I found the broken symlink in /proc/: $ ls -l /proc/$(pgrep top)/fd/
After top command works fine, there is no broken symlink in /proc: $ ls -l /proc/$(pgrep top)/fd/
I'm use strace top to troubleshot the problem, and found the EAGAIN (Resource temporarily unavailable) message in the output:  Can anyone help me?  |
| Is there a way to set custom authentication on GCP API Gateway? Posted: 29 Mar 2021 11:45 PM PDT I've been looking into GCP API Gateway to be the entrypoint of our back-end system, composed of some Cloud Run, Pub/Sub and Firestore instances. I thought the gateway would be good for, among other things, being a central place for validating authenticated requests. GCP offers some methods but none of them allows the developer to build a code implementation of what their authorization proccess should be. The idea would be to check for a secret on the header we give each of our clients and check some information about it on our database, like expiration date and some other things. I'd like to know if there is a way to set a custom authentication by code and configure the API Gateway to handle it normally as it seems to do with the other options they provide.  |
| Zimbra Does not send email to local and External Account Posted: 29 Mar 2021 11:16 PM PDT i am getting this Error Mar 30 06:09:28 betheluniversityeu postfix/smtp[6381]: 0EC7DFC5EB: to=<******@hotmail.com>, relay=none, delay=0.02, delays=0.01/0.01/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again)
When i try this in Gmail i get this Mar 30 06:13:16 betheluniversityeu postfix/smtp[9314]: 7987CFC5EF: to=<*****@gmail.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.23, delays=0.05/0.01/0/0.17, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as ADFA5FC5EE)
I do not see it anywhere in the Gmail. I setup Zimbra in digitalocean Droplet, now i try to send email and I am getting this? i used a free domain name to setup the A and MX respectively and checking on the URL it points and works fine Now i want to send email and this is what I am getting as error in return  |
| Why Getting Speed With SNMP is not Stabil? Posted: 29 Mar 2021 10:26 PM PDT I am trying to get network usage percentage and I check the time and speed between of two octets(before and next). Generally the speed of network of one octet is 1GBit(1.0E9) but sometimes I see that it became 10Mbit(1.0E7). I also check the packetReceived and packetSend sizes and they are also as big as with ..E9, for example 4.1243E9, but sometimes one of them comes low like 21234.0. These situations affect the calculation of network usage. What is best to do? Are these situations bugs of sNMP?  |
| 8: Syntax error: word unexpected (expecting ")") Posted: 30 Mar 2021 12:53 AM PDT The following code: weekday=$(date +%a) day=$(date +%d) month=$(date +%m) if [[ ( $month == 03 || $month == 10 ) && $weekday = "Sun" && $day > 24 ]] then # DO SOMETHING exit 1 else # DO SOMETHING fi
leads to the error: 8: Syntax error: word unexpected (expecting ")")
when executing with: /bin/sh script.sh
What is wrong here and how can this be fixed? I need to use sh how i need to modificate this code to get working with sh?  |
| Routing from private interface to public interface Posted: 30 Mar 2021 12:37 AM PDT Our server has two interface, one for connecting through internet and the other for internal network. 172.20.54.10 -> Interface with static ip for connecting through internet 10.1.1.1 -> Internal network
The following configurations is seen $ ip route default via 172.20.54.1 dev enp12s0f1 proto static metric 20100 10.1.1.0/24 dev enp12s0f0 proto kernel scope link src 10.1.1.1 metric 101 169.254.0.0/16 dev enp12s0f1 scope link metric 1000 172.20.54.0/24 dev enp12s0f1 proto kernel scope link src 172.20.54.10 metric 100 $ ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp12s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:e0:81:e4:84:84 brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global noprefixroute enp12s0f0 valid_lft forever preferred_lft forever inet6 fe80::a424:72eb:4702:8f86/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: enp12s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:e0:81:e4:84:85 brd ff:ff:ff:ff:ff:ff inet 172.20.54.10/24 brd 172.20.54.255 scope global noprefixroute enp12s0f1 valid_lft forever preferred_lft forever inet6 fe80::b0cf:3f53:bb4e:d836/64 scope link noprefixroute valid_lft forever preferred_lft forever
The internal network contains some VMs which have 10.1.1.X IP addresses and it seems that they are not connecting to the internet through the the public interface of the server. The server is Ubutnu 20.04. Should I config something else for ip forwarding? UPDATE: The ip_forward is enabled in the kernel $ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
I also have to say that VMs, e.g 10.1.1.3, are able to ping the private interface, 10.1.1.1, but they are not able to ping 8.8.8.8. 
 |
| Why I am Getting Higher than %100 Network Usage From SNMP? Posted: 29 Mar 2021 10:54 PM PDT I am using SNMP in Ubuntu 20.04 to get the network usage info and I am using this formula to calculate the network usage: InOctets : The difference between two poll cycles of collecting the snmp which represents the count of inbound octets of traffic. networkUsage = (InOctets x 8 x 100) / ((number of seconds between octets) x speed)
Here is the reference that I found the formula What is the problem? I sometimes get over %100000 network usage and I could not found an alternative formula for calculation. Is the formula wrong or is there something else that could make the problem? I am getting the network info from a virtual server (Ubuntu 20.04) which includes the latest SNMP installation. The server has also two ethernet cards, so it has two networks and I am using bond0 to represent them with a single IP address. I am reading SNMP values of the server from a remote computer which is a member of the LAN.  |
| Where to setup SSL key files for using in Docker services Posted: 29 Mar 2021 11:01 PM PDT On Debian servers we're supposed to store certificates on /etc/ssl/certs dir, and key files on /etc/ssl/private dir. The problem is SSL private key files use to be readable only by the owner. So, I'm wondering what's the best practices regarding how to make it readable for Docker containers? I mean, I have a service running on a Docker container, which needs to ready SSL cert and key files in order to expose it via HTTPS. In its default set up, I'm getting permission denied accessing /etc/ssl/private/server.key file. To sort this out I moved this file to another directory and set it as 644. But, is that right? Any help would be appreciated  |
| How to get around the frustrating XFF behavior in HAProxy Posted: 30 Mar 2021 12:41 AM PDT tl;dr; how to APPEND (replace-value or replace-header) to the X-Forwarded-For header when it is received by HAProxy as a comma separated list from downstream? By default HAProxy does not append to the X-Forwarded-For header like NGINX does and instead creates a duplicate header with a new value - yes according to RFC they are allowed. Now my problem is that this behavior is not acceptable to my upstream applications. I need to work around this. My HAProxy receives the X-Forwarded-For header from downstream as: "X-Forward-For: presumed client ip, edge reverse proxy ip, ingress controller ip" next in line is auth gateway (it adds some specific headers) and then comes HAProxy and backend web servers. I need to append the auth gateway ip as the fourth entry to the XFF list in HAProxy. I have tried the following in the appropriate backend definition: http-request replace-value X-Forwarded-For (.*) " %[hdr(x-forwarded-for)], %[src]"
Results in "X-Forwarded-For: ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip" http-request replace-header X-Forwarded-For (.*) " %[hdr(x-forwarded-for)], %[src]"
Results in "X-Forwarded-For: ingress controller ip, auth gateway ip" http-request replace-value X-Forwarded-For ^ " %[hdr(x-forwarded-for)], %[src]
Results in "X-Forwarded-For:ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip" http-request replace-header X-Forwarded-For ^ " %[hdr(x-forwarded-for)], %[src]
Results in "X-Forwarded-For: ingress controller ip, auth gateway ip" I initially thought that there is some 200 IQ HAProxy developer logic pertaining to XFF header and tested using a differently named duplicate header X-FF-1 which contains the downstream XFF values ... http-request replace-value X-Forwarded-For (.*) " %[hdr(x-ff-1)], %[src]
Results in "X-Forwarded-For: ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip, ingress controller ip, auth gateway ip" http-request replace-header X-Forwarded-For ^ " %[hdr(x-ff-1)], %[src]"
Results in "X-Forwarded-For: ingress controller ip, auth gateway ip" ... but no dice. I have no idea how to get around this shortcoming. It might be a simple regex fix, but I think there something totally broken in how HAProxy handles headers when they are presented as a comma separated list. In the XFF case everything but the right most value in the comma separated list is discarded. Also, I know using the XFF header for client ip is sketchy but I have zero to none influence over my company's software development team.  |
| PHP files displayed as plain text in browser Posted: 30 Mar 2021 12:12 AM PDT I have an ubuntu server installed with apache2 service. but when I run the index.php file its displays as it is. it means .php files are not executing  |
| Openvpn rules between clients/users Posted: 29 Mar 2021 11:49 PM PDT I want create an openvpn network where: - there are clients with a certificate of type A, and they CANNOT communicate with each other
- there are other clients with a certificate of type B, and they CANNOT communicate with each other
- there are some user machines C that can communicate ONLY with machine with certificate of type A
- there are some user machines D that can communicate ONLY with machine with certificate of type B
- every client cannot access to lan of openvpn server.
Is it possible create this scenario with openvpn?  |
| Not able to install docker on redhat Posted: 30 Mar 2021 01:34 AM PDT I searched for many links, they are showing only for centos even though the title is for RHEL also. My OS details: cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo) uname -r
3.10.0-693.58.1.el7.x86_64 I ran this to add repo sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
THen this sudo yum install docker-ce
But giving this error. Loaded plugins: langpacks, product-id, search-disabled-repos https://download.docker.com/linux/rhel/7/x86_64/stable/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found Trying other mirror. To address this issue please refer to the below knowledge base article https://access.redhat.com/articles/1320623 If above article doesn't help to resolve this issue please open a ticket with Red Hat Support. rhel-7-server-rpms
| 3.4 kB 00:00:00 rhui-microsoft-azure-rhel7-eus
| 2.1 kB 00:00:00 rhui-rhel-7-server-dotnet-rhui-rpms
| 2.3 kB 00:00:00 rhui-rhel-7-server-rhui-eus-optional-rpms
| 1.8 kB 00:00:00 rhui-rhel-7-server-rhui-eus-rpms
| 2.0 kB 00:00:00 rhui-rhel-7-server-rhui-eus-supplementary-rpms
| 2.0 kB 00:00:00 rhui-rhel-7-server-rhui-rh-common-rpms
| 2.1 kB 00:00:00 rhui-rhel-server-rhui-rhscl-7-rpms
| 2.0 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package docker-ce.x86_64 3:19.03.12-3.el7 will be installed --> Processing Dependency: container-selinux >= 2:2.74 for package: 3:docker-ce-19.03.12-3.el7.x86_64 --> Processing Dependency: containerd.io >= 1.2.2-3 for package: 3:docker-ce-19.03.12-3.el7.x86_64 --> Processing Dependency: docker-ce-cli for package: 3:docker-ce-19.03.12-3.el7.x86_64 --> Running transaction check ---> Package containerd.io.x86_64 0:1.2.13-3.2.el7 will be installed --> Processing Dependency: container-selinux >= 2:2.74 for package: containerd.io-1.2.13-3.2.el7.x86_64 ---> Package docker-ce.x86_64 3:19.03.12-3.el7 will be installed --> Processing Dependency: container-selinux >= 2:2.74 for package: 3:docker-ce-19.03.12-3.el7.x86_64 ---> Package docker-ce-cli.x86_64 1:19.03.12-3.el7 will be installed --> Finished Dependency Resolution Error: Package: containerd.io-1.2.13-3.2.el7.x86_64 (docker-ce-stable) Requires: container-selinux >= 2:2.74 Error: Package: 3:docker-ce-19.03.12-3.el7.x86_64 (docker-ce-stable) Requires: container-selinux >= 2:2.74 ********************************************************************** yum can be configured to try to resolve such errors by temporarily enabling disabled repos and searching for missing dependencies. To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf
Error: Package: containerd.io-1.2.13-3.2.el7.x86_64 (docker-ce-stable) Requires: container-selinux >= 2:2.74 Error: Package: 3:docker-ce-19.03.12-3.el7.x86_64 (docker-ce-stable) Requires: container-selinux >= 2:2.74 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest Please suggest.  |
| slow read on openzfs/Linux via NFSv3 on Debian 10 Posted: 29 Mar 2021 11:02 PM PDT because of my unanswered question : qemu snapshot exclude device i decided to use NFSv3 for the VM to handle user data. Because of slow performance of BTRFS after maintance-tasks i use now zfs Raid1 Version: buster-backports 0.8.3-1 on the Debian Host. When I copy data on the host there is no performance problem. BUT: the performance via NFS is exorbitant slow; in the beginning for both write and read with 10 and 40 MB/s. After some Tuning (i think it was NFS with async) i got the writes to ~80 MB/s. Thats enough for me. The reads stayed at 20 MB/s per device, yet. Any ideas what to test? I'm new to zfs and NFS. Host: Debian 10
VM: Debian 10 NFS: Host: /exports/ordner 192.168.4.0/24(rw,no_subtree_check)
client: .....nfs local_lock=all,vers=3,rw,user,intr,retry=1,async,nodev,auto,nosuid,noexec,retrans=1,noatime,nodiratime ZFS dataset: Volume with:
....create -o ashift=12 zfs-pool ....mirror
sync=default zfs set compression=off zfs-pool zfs set xattr=sa zfs-pool zfs set dnodesize=auto zfs-pool/vol zfs set recordsize=1M zfs-pool/vol zfs set atime=off zfs-pool/vol
zfs-mod-tune: options zfs zfs_prefetch_disable=1 options zfs_vdev_async_read_max_active=1 options zfs_vdev_sync_read_max_active=128 (also 1 tested) options zfs_vdev_sync_read_min_active=1
Can u give an advice?  |
| How can I delete an inaccessible folder on Windows 10? Posted: 30 Mar 2021 02:00 AM PDT I have a folder on one of my hard drives, P:\csharp\aperture\keystone\src\Keystone, which I want to delete but cannot. I have tried numerous different ways to change/reset permissions and I still cannot delete this folder. PS P:\csharp\aperture> whoami azuread\mikelloyd PS P:\csharp\aperture> rm -Recurse -Force .\keystone\ rm : Cannot remove item P:\csharp\aperture\keystone\src: The directory is not empty. At line:1 char:1 + rm -Recurse -Force .\keystone\ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (src:DirectoryInfo) [Remove-Item], IOException + FullyQualifiedErrorId : RemoveFileSystemItemIOError,Microsoft.PowerShell.Commands.RemoveItemCommand rm : Cannot remove item P:\csharp\aperture\keystone\: The directory is not empty. At line:1 char:1 + rm -Recurse -Force .\keystone\ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (P:\csharp\aperture\keystone\:DirectoryInfo) [Remove-Item], IOException + FullyQualifiedErrorId : RemoveFileSystemItemIOError,Microsoft.PowerShell.Commands.RemoveItemCommand PS P:\csharp\aperture> rmdir .\keystone\ Confirm The item at P:\csharp\aperture\keystone\ has children and the Recurse parameter was not specified. If you continue, all children will be removed with the item. Are you sure you want to continue? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A rmdir : Access to the path 'P:\csharp\aperture\keystone\src\Keystone' is denied. At line:1 char:1 + rmdir .\keystone\ + ~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (P:\csharp\aperture\keystone\:String) [Remove-Item], UnauthorizedAccessException + FullyQualifiedErrorId : RemoveItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.RemoveItemCommand PS P:\csharp\aperture> icacls.exe .\keystone\ /reset /T processed file: .\keystone\ processed file: .\keystone\src .\keystone\src\Keystone: Access is denied. Successfully processed 2 files; Failed processing 1 files
I don't have read privileges. 
It can't show the owner: 
If I try to change the owner, I don't have permission to view or edit the object: 
What is really strange is that I created the folder with my user, so I should be the effective owner. I have tried to delete the user as Administrator, but I can't do that either. I can't even delete the folder as NT\System: P:\csharp\aperture\keystone\src>whoami /user USER INFORMATION ---------------- User Name SID =================== ======== nt authority\system S-1-5-18 P:\csharp\aperture\keystone\src>rmdir /S Keystone Keystone, Are you sure (Y/N)? Y Access is denied.
How can I delete this folder that I created?  |
| kubernetes kubelet logging to files and logrotate Posted: 30 Mar 2021 01:01 AM PDT kubelet has an option to store log files in a log-dir (https://github.com/kubernetes/kubernetes/issues/21248). I start kubelet with the options --logtostderr=false --log-dir=/var/log/kubelet (I have already created the directory /var/log/kubelet) and I indeed see log files with the format kubelet.(hostname).root.log.(date) getting generated in /var/log/kubelet. In my case I see three files that look like this: kubelet.hostname.root.log.ERROR.20180301-152321.161945 kubelet.hostname.root.log.INFO.20180301-152320.161945 kubelet.hostname.root.log.WARNING.20180301-152320.161945
Moreover, a symbolic link that points to the latest log file is created for each of the ERROR, INFO and WARNING log files: kubelet.ERROR -> kubelet.hostname.root.log.ERROR.20180301-152321.161945 kubelet.INFO -> kubelet.hostname.root.log.INFO.20180301-152320.161945 kubelet.WARNING -> kubelet.hostname.root.log.WARNING.20180301-152320.161945
My question is how do I rotate and delete the log files that are older than e.g. 5 days old? It seems these files are generated by glog, but it also seems that although glog rotates the log files, it doesn't support deleting old log files (https://github.com/google/glog/issues/36). I am aware of logrotate, but then the files should have a fixed filename in order to be rotated by logrotate. Is there a way to enable kubelet logging in files with proper log rotation and deletion of old files?  |
| OpenVPN 2.4.3 connection issues with AES-256-GCM Posted: 30 Mar 2021 02:00 AM PDT I am using OpenVPN 2.4.3 and EasyRSA-3.0.1. My Tunnelblick connection fails with cipher AES-256-GCM not found
even though it's listed in openvpn --show-ciphers It works if I change it to use AES-256-CBC. While OpenVPN will connect and I can ping with compress lz4-v2, ssh connections fail but will work when I use comp-lzo  |
| Redirect Privoxy traffic through OpenVpn Posted: 30 Mar 2021 01:01 AM PDT I am not sure if this is possible but I would like to route all traffic from FireFox through my OpenVpn connection with HideMyAss. Basically the setup I have is that I am running a connection using OpenVpn through HideMyAss, I have edited the ovpn file and added "route-nopull" so that when using Chrome, IE, etc. I use my local connection, I have installed Privoxy and setup FireFox to use that proxy and what I would like to do is then have all traffic requested through just that proxy which FireFox is using use the OpenVpn connection. Forgive me as I am quite new to this, is this possible?  |
| nginx as proxy for WebSocket: inspect and block certain requests Posted: 30 Mar 2021 12:03 AM PDT I ran NodeJS as a kind of Webapplication Server serving an AngularJS frontend. They communicate solely over WebSockets, using the SailsJS implementation of Socket.IO. Between frontend (client) and the NodeJS backend, sits nginx as a proxy, configured like so: server { listen 1337 ssl; location /socket.io/ { proxy_pass https://localhost:1338; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
So far, so good. I now want to monitor and secure the Websocket connection. In particular, I want to prevent XSS attacks and exclude IPs trying to brute force the login to my application. I'm pretty new to that stuff but after some research I came across fail2ban and nginx-naxsi which might be exactly what I need. However, I have no idea how I can make them work with my setup. Is this even possible? Can I somehow intercept the traffic tunneled through a Websocket in the proxy (being nginx)?  |
| Access remote VLAN over IPsec VPN using Zyxel routers Posted: 30 Mar 2021 12:03 AM PDT I have a central site with a Zyxel Zywall 310 and a remote site with a Zyxel USG 20w. I also have a working IPsec VPN between the two sites. PCs on LAN1 of the remote site can access Server1 on LAN1 of the central site, but not Server2 on VLAN4 of the central site. What rules would I need to add to allow PCs at the remote site (behind the USG 20w) to access Server2 on VLAN4 at the central site (behind the Zywall 310)? Here's what the network looks like: 
I suspect the solution may involve either Policy or Static Route rules (I currently have none set, though I've tinkered with them a bit, but was unable to get anything working).  |
| Connection refused by AMAVISD-NEW Posted: 29 Mar 2021 10:01 PM PDT I found here many information to set a AWS server on my own. I installed the DKIM patch and it's work great, but now I can't send mails. I had already problems sending mails, but now are deeper. Some mails was sent and I tested my DKIM sign, but now I don't know what happened... ISPConfig version is 3.0.5.4p9 with Ubuntu 14.04.4 LTS You can see mail.log here: May 1 20:55:17 dingalin postfix/smtpd[3235]: connect from unknown[206.132.109.65] May 1 20:55:18 dingalin postfix/smtpd[3235]: NOQUEUE: filter: RCPT from unknown[206.132.109.65]: <my@domain.org>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<my@domain.org> to=<my@destiny.com> proto=ESMTP helo=<[127.0.0.1]> May 1 20:55:18 dingalin postfix/smtpd[3235]: A7CD1606D7: client=unknown[206.132.109.65], sasl_method=PLAIN, sasl_username=my@domain.org May 1 20:55:29 dingalin dovecot: imap-login: Login: user=<my@domain.org>, method=PLAIN, rip=206.132.109.65, lip=172.31.20.52, mpid=3273, TLS, session=<gHdZnNAxmgDOhG1B> May 1 20:55:34 dingalin postfix/cleanup[3271]: A7CD1606D7: message-id=<2cf6e686-8c98-0b9c-37e4-a0fdc5b16573@donamos.org> May 1 20:55:34 dingalin postfix/qmgr[2357]: A7CD1606D7: from=<my@domain.org>, size=12483, nrcpt=1 (queue active) May 1 20:55:34 dingalin postfix/qmgr[2357]: warning: connect to transport private/amavis: Connection refused May 1 20:55:34 dingalin postfix/error[3274]: A7CD1606D7: to=<my@destiny.com>, relay=none, delay=17, delays=16/0/0/0, dsn=4.3.0, status=deferred (mail transport unavailable) May 1 20:55:36 dingalin postfix/smtpd[3235]: disconnect from unknown[206.132.109.65]
I already read many tutorials and forums with the same problem but I still stopped on that. Obviously the problem is "warning: connect to transport private/amavis: Connection refused" I have the same results from Thunderbird and SquirrelMail. The process completed succesfully, without errors, but the e.mail never leaves the queue My /etc/postfix/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 #smtp inet n - - - 1 postscreen smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - n - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 # -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING # -o cleanup_service_name=subcleanup smtps inet n - - - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup unix n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 subcleanup unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/smtp_header_checks 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING
My /etc/postfix/main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. mydomain = dingalin.com biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination # myhostname = ip-172-31-20-52.sa-east-1.compute.internal ESTA JODE #myhostname = dingalin.com myhostname = mail.dingalin.com smtpd_banner = $myhostname alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases #myorigin = /etc/mailname myorigin = $mydomain mydestination = $mydomain, localhost.$mydomain, localhost #mydestination = $myhostname, /etc/postfix/virtual/domains #mydestination = localhost # mydestination = dingalin.com ESTA NO FUNCIONA # mydestination = mail.dingalin.com relayhost = mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html #virtual_maps = hash:/etc/postfix/virtual/addresses #virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 inet_protocols = all smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings # DKIM # -------------------------------------- milter_default_action = accept milter_protocol = 6 #smtpd_milters = inet:localhost:8891, inet:127.0.0.1:8891, inet:127.0.0.1:12768 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 #message_size_limit = 0 #mailbox_command = procmail -a "$EXTENSION" message_size_limit = 0[/CODE] netstat -tap [CODE]Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:10027 *:* LISTEN 2352/master tcp 0 0 *:submission *:* LISTEN 2352/master tcp 0 0 localhost:11211 *:* LISTEN 2199/memcached tcp 0 0 *:pop3 *:* LISTEN 1032/dovecot tcp 0 0 *:imap2 *:* LISTEN 1032/dovecot tcp 0 0 localhost:spamd *:* LISTEN 1179/spamd.pid tcp 0 0 *:urd *:* LISTEN 2352/master tcp 0 0 *:ftp *:* LISTEN 2376/pure-ftpd (SER tcp 0 0 172.31.20.52:domain *:* LISTEN 1098/named tcp 0 0 localhost:domain *:* LISTEN 1098/named tcp 0 0 *:ssh *:* LISTEN 1036/sshd tcp 0 0 *:smtp *:* LISTEN 2352/master tcp 0 0 localhost:953 *:* LISTEN 1098/named tcp 0 0 localhost:8891 *:* LISTEN 2216/opendkim tcp 0 0 *:imaps *:* LISTEN 1032/dovecot tcp 0 0 *:pop3s *:* LISTEN 1032/dovecot tcp 0 0 localhost:10024 *:* LISTEN 1173/amavisd-new (m tcp 0 0 localhost:10025 *:* LISTEN 2352/master tcp 0 0 localhost:10026 *:* LISTEN 1173/amavisd-new (m tcp 0 0 *:mysql *:* LISTEN 1106/mysqld tcp 0 0 172.31.20.52:imap2 206.132.109.65:49337 ESTABLISHED 2784/imap-login tcp 0 0 172.31.20.52:imap2 206.132.109.65:50213 ESTABLISHED 3585/imap-login tcp 0 0 172.31.20.52:imap2 206.132.109.65:50450 ESTABLISHED 3934/imap-login tcp 0 0 172.31.20.52:ssh 206.132.109.65:65344 ESTABLISHED 2457/sshd: ubuntu [ tcp 0 0 172.31.20.52:imap2 206.132.109.65:49448 ESTABLISHED 2993/imap-login tcp 0 464 172.31.20.52:ssh 206.132.109.65:50451 ESTABLISHED 3951/sshd: ubuntu [ tcp 0 0 172.31.20.52:imap2 206.132.109.65:49362 ESTABLISHED 2827/imap-login tcp6 0 0 [::]:submission [::]:* LISTEN 2352/master tcp6 0 0 [::]:pop3 [::]:* LISTEN 1032/dovecot tcp6 0 0 [::]:imap2 [::]:* LISTEN 1032/dovecot tcp6 0 0 ip6-localhost:spamd [::]:* LISTEN 1179/spamd.pid tcp6 0 0 [::]:http-alt [::]:* LISTEN 2565/apache2 tcp6 0 0 [::]:http [::]:* LISTEN 2565/apache2 tcp6 0 0 [::]:tproxy [::]:* LISTEN 2565/apache2 tcp6 0 0 [::]:urd [::]:* LISTEN 2352/master tcp6 0 0 [::]:ftp [::]:* LISTEN 2376/pure-ftpd (SER tcp6 0 0 [::]:domain [::]:* LISTEN 1098/named tcp6 0 0 [::]:ssh [::]:* LISTEN 1036/sshd tcp6 0 0 [::]:smtp [::]:* LISTEN 2352/master tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1098/named tcp6 0 0 [::]:https [::]:* LISTEN 2565/apache2 tcp6 0 0 [::]:imaps [::]:* LISTEN 1032/dovecot tcp6 0 0 [::]:pop3s [::]:* LISTEN 1032/dovecot
 |
| Set Windows default sound scheme using GPO Posted: 30 Mar 2021 01:38 AM PDT We have 50 Windows 7 client computers in an AD OU for which we need to change the Windows Default Sound Scheme to None. How can this be accomplished using Group Policy?  |
| Running python script in incrontab in Debian Posted: 29 Mar 2021 11:02 PM PDT I have a user, dropbox, that runs the Dropbox daemon, I want to monitor the directories in the Dropbox directory for new files and run a python script when they appear. I have the python script that I know works: $ /home/dropbox/monitor.py Trying to get lock Got lock, waiting for Dropbox to be idle Dropbox idle Finding instructions Done, releasing lock
I have an incrontab entry: $ incrontab -l /home/dropbox/Dropbox IN_CREATE /home/dropbox/monitor.py | logger /home/dropbox/test IN_CREATE logger "$$ $@ $# $% $&"
When I add a file to the test directory I see the output in /var/log/syslog: $ touch /home/dropbox/test/a $ tail /var/log/syslog ... Nov 9 10:18:27 vps incrond[1354]: (dropbox) CMD (logger "$ /home/dropbox/test a IN_CREATE 256") Nov 9 10:18:27 vps logger: "$ /home/dropbox/test a IN_CREATE 256" ...
However, when I add a file to the Dropbox directory the command doesn't seem to run: $ touch /home/dropbox/Dropbox/a $ tail /var/log/syslog ... Nov 9 10:24:16 vps incrond[1354]: (dropbox) CMD (/home/dropbox/monitor.py | logger) ...
So the incron daemon notices the new file and the correct command is found to be executed but it never actually gets executed. Nor are there any error messages. It kind of seems like incrontab can only be used to run the most simple of commands. This might be a similar question to: but I think that I don't have env problems, every path is absolute. I tried changing .../monitor.py to /usr/bin/python2.7 .../monitor.py just in case but it didn't make any difference. Edit Dennis Kaarsemaker offered a solution that incrontab was executing my command in a non-cron manner and that this might be causing the problem. Unfortunately, I still can't get it to work. First I removed the extra stuff from the incrontab: $ incrontab -l /home/dropbox/Dropbox IN_CREATE /home/dropbox/monitor.py
This should run just my monitor file and not try to pass anything in as arguments. No dice, still no output. Then I created a bash script that contained the execution instruction for my script: $ vim test.sh logger "$PATH" /usr/bin/python2.7 /home/dropbox/monitor.py | logger
This produces the following output: $ tail /var/log/syslog Nov 9 23:50:28 vps incrond[1354]: (dropbox) CMD (/home/dropbox/test.sh) Nov 9 23:50:28 vps logger: /usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin
So nothing from monitor.py and we can see that the directory containing python is in incrontab's environment, so we shouldn't even need to specify the path as absolutely as we do.  |
| how to make curl uploads faster with firewall Posted: 29 Mar 2021 10:01 PM PDT We recently moved a new server and are facing the slow upload issues . We suspect this because of firewall . how do I make sure applications like ftp,curl become faster with firewall. Any inputs regarding the disabling the firewall/bypassing the firewall or any other inputs is greatly appreciated . Cheers EDIT 1 We recently migrated from one server to the another .Since then we are seeing the file uploads done through ( http client (phpclasses), CURL ) is taking considerably more time . For eg for a 5MB file in the earlier server it was taking 3 seconds. But in the new server it is taking about 100 seconds . Please note that I am running a PHP daemon to upload the files. We first tried the PHP classes http client and now we are trying PHP CURL .But still we find the same issue. When we upload files > 200MB its taking almost 1hr.Both the server have 100Mbps uplink. so connection speed is not the issue.The file transfer are same if I use PHP curl or the curl command . Are we missing any setting on the server ( PHP configuration) or module or firewall ? Has anyone experienced such a issue before ? Any inputs is appreciated.  |
No comments:
Post a Comment