Re: [gentoo-user] STARTTLS verification problem

On 10.04.2010 11:08, Mick wrote: > Apr 9 21:45:47 my_box sendmail[4013]: STARTTLS=client, > relay=smtp.comcast.net, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA- > AES256-SHA, bits=256/256 > > Any idea why this is happening? Nothing to worry about. It just means you do not trust the certif

Re: [gentoo-user] STARTTLS verification problem

On 10.04.2010 18:12, Robin Atwood wrote: > That's very interesting, I have puzzled about STARTTLS stuff for years! How > do > I make sendmail trust the CAs? This is neither necessary nor recommended for TLS. > define(`CERT_DIR',`/etc/mail/certs') > define(`confCACERT_PATH',`CERT_DIR') > define(

Re: [gentoo-user] STARTTLS verification problem

On 10.04.2010 19:04, Mick wrote: > On Saturday 10 April 2010 16:32:37 Eray Aslan wrote: >> On 10.04.2010 18:12, Robin Atwood wrote: >>> That's very interesting, I have puzzled about STARTTLS stuff for years! >>> How do I make sendmail trust the CAs? >> >&g

Re: [gentoo-user] custom package make options?

On Sun, Apr 18, 2010 at 02:46:58PM -0400, David Mehler wrote: > I've got a box with two processors so i have MAKEOPTS set to -j2. One > package gnome breaks during compile under these circumstances so am > wanting to install it and only it with MAKEOPTS set to -j1 i'm > thinking i have to put a fil

Re: [gentoo-user] {OT} hardening SSL without rejecting users

On 27.04.2010 05:19, Grant wrote: > I've been advised to harden my SSL in the following ways: > > 1. disable SSL 2.0 Agreed. There is no need to support SSL 2.0 anymore. > 2. disable use of SSL ciphers which offer either weak or no encryption For maximum compatibility, support AES, RC4 and 3DE

Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure

On Tue, May 18, 2010 at 08:57:58PM +0200, Stefan G. Weichinger wrote: > Am 18.05.2010 19:57, schrieb Jan Engelhardt: > Ok, I see. So my current setup with one disk only and SSL-generated > keyfile does not add security but flexibility (being able to switch > passwords more quickly). Keep the keyfi

Re: [gentoo-user] Two openvpn tunnels... and /etc/init.d et al.

On 06.07.2010 08:17, Steve wrote: > What's the recommended gentoo way to launch two openvpn instances? (I > assume that's what's required...) $ ls -l /etc/init.d/openvpn* -rwxr-xr-x 1 root root 4198 Feb 17 08:31 /etc/init.d/openvpn lrwxrwxrwx 1 root root7 Mar 1 12:28 /etc/init.d/openvpn-inte

Re: [gentoo-user] configure error - how to debug

On 06.07.2010 18:55, Helmut Jarausch wrote: > ./configure: line 14859: test: too many arguments > > Looking at this line it shows > if test $ax_python_header != no; then Wild guess (since you did not mention which ebuild): quote the variable and try again, i.e. something like - if test $ax

Re: [gentoo-user] Migration to baselayout2 / openrc

On 10.10.2009 13:01, meino.cra...@gmx.de wrote: > On gentoo web I found this: 2. > Migration to OpenRC > Migration to OpenRC is fairly straightforward; it will be pulled in > as part of your regular upgrade process by your package manager. PPP startup scripts still do not work with openr

Re: [gentoo-user] strange cron messages...

On 15.11.2009 13:45, Mick wrote: > On Saturday 14 November 2009 16:53:24 Alex Schuster wrote: >> I assume you are using logrotate, and have the /etc/logrotate.d/kernel >> file? I guess the 'compytruncate' is misspelled and should be >> 'copytruncate'. And 'endscript' is used after using 'prerotate'

Re: [gentoo-user] strange cron messages...

On 16.11.2009 10:08, Graham Murray wrote: > Eray Aslan writes: > >> - No need to logrotate with time based filenames. Hence, no need to >> "kill -HUP" the syslog daemon. No missed logs. > > But you still need some system (eg tmpwatch) to delete old l

Re: [gentoo-user] strange cron messages...

On 16.11.2009 14:46, Neil Bothwick wrote: > On Mon, 16 Nov 2009 09:05:18 +0200, Eray Aslan wrote: > >> - No need to logrotate with time based filenames. Hence, no need to >> "kill -HUP" the syslog daemon. No missed logs. > > Then how do you get the server

Re: [gentoo-user] strange cron messages...

On 17.11.2009 10:59, Neil Bothwick wrote: >>> Then how do you get the server to use the new logfile names each >>> day/week? >> It creates and uses a new file each hour/day/etc. Perhaps, you missed >> the file(...) directive? > > I didn't miss it. My question was how to you get the process to USE

Re: [gentoo-user] strange cron messages...

On 17.11.2009 17:08, Neil Bothwick wrote: >>> You wouldn't miss a log messsage by sending a SIGHUP to your mail >>> server, the logger would keep running. >> When syslog-ng cannot process messages for whatever reason, it will >> buffer them. When the buffer is full, it will drop the messages. The

Re: [gentoo-user] Quick quesition regarding "linux-2.6.31.x" and "gentoo-sources-2.6.31-rx"

On Thu, Nov 19, 2009 at 03:49:19PM -0500, Marcus Wanner wrote: > I was just wondering if a package such as "gentoo-sources-2.6.31-r6" > uses kernel 2.6.31.6, or just 2.6.31. I have been digging through > timestamps and the like for a while, but I just can't figure it out. http://sources.gentoo.o

Re: [gentoo-user] Devicekit - especially just for Dale

On Sun, Jan 17, 2010 at 09:39:27AM -0600, Dale wrote: > From my understanding, isn't the same guy doing devicekit that did > hal? I'm not saying it won't be better because it should be. From what > I read a good while back, he learned a lot about the pitfalls of hal. > He, most likely, will

Re: [gentoo-user] Which IPSEC to go?

On 24.01.2010 23:38, Konstantinos Agouros wrote: > since I am a while out of the game of doing ipsec with Linux: > What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon. > > Emerge -p gave me some ~ for ipsec-tools while openswan goes without. > > Any input welcome. I need this

Re: [gentoo-user] Gentoo router for multiple ISPs?

On 12.04.2008 21:11, Mark Knecht wrote: Hi all, I need to get a second ISP line into the house. I currently have a cable modem but it goes down once in a while and my work requires higher reliability so I was thinking of getting a DSL line to supplement it. I'd like to investigate creating som

Re: [gentoo-user] autorespond

On 29.04.2009 14:30, Neil Bothwick wrote: >> In fact, all that's needed is already there (just the other way round, >> though): every list I'm subscribed to adds a "Precedence" header field >> (with values of "bulk" or "list") to the messages. A sane auto-responder >> will not send replies to messa

Re: [gentoo-user] 'if echo hello' in .bashrc

On 08.05.2009 17:10, Alan McKinnon wrote: >>>if echo hello|grep --color=auto l >/dev/null 2>&1; then >>> export GREP_OPTIONS='--color=auto' GREP_COLOR='1;32' >>>fi >>> >>> to ~/.bashrc >>> >>> Why does he echo hello, please? >> Some greps (like BSD one) might not support '--color' opti

Re: Tweaks for SSDs [Was: [gentoo-user] [ot] no more inodes]

On Sat, May 30, 2009 at 02:40:34PM +0100, Neil Bothwick wrote: > On Sat, 30 May 2009 12:06:04 +0200, Florian Philipp wrote: > > > Delaying commits with ext4 and/or laptop-mode will reduce the wear-down > > of your SSD but it might as well freeze your system when the actual > > commit takes place b

Re: [gentoo-user] [postfix - bug?] error in master.cf - problem with restart

On 22.06.2009 13:02, Marcin Niskiewicz wrote: > I noticed that when someone makes an error in master.cf > (for example write anything at the beginning of the > file) and then restart postfix there is a problem: > > postfix is stopped (that's ok), then it should be started but it

Re: [gentoo-user] Machine doesn't respond to broadcast ping.

On 25.06.2009 07:34, Stroller wrote: > I've got one machine here on the LAN which isn't responding to broadcast > ping. Any idea why not? You need to set icmp_echo_ignore_broadcasts to 0. Default is 1, mainly for dos prevention: # sysctl net.ipv4.icmp_echo_ignore_broadcasts=0 -- Eray

Re: [gentoo-user] emerge --update --newuse too eager?

On 13.07.2009 10:11, Helmut Jarausch wrote: > would anybody please be so kind to explain to me how > emerge --update --newuse --deep @system @world > works. > > E.g. it wants to re-emerge sys-devel/gcc because of the > "new use flag nptl" according to > > [ebuild R ] sys-devel/gcc-4.4.0 US

Re: [gentoo-user] {OT} zflashpoint for Linux? (SSD performance "accelerator")

On 09.08.2009 16:13, Florian Philipp wrote: [..] > When you think about the situation, laptop-mode might actually make the > situation worse. You see, it was originally developed to help HDDs > staying in standby for longer periods by delaying writes until a read > action causes the drive to spin u

Re: [gentoo-user] kernel linux-2.6.27-gentoo-r7 won't load network!

On 06.01.2009 12:14, Steven Susbauer wrote: > Dirk Heinrichs wrote: >> Am Dienstag, 6. Januar 2009 02:56:28 schrieb Denis: >>> I have Intel network hardware that >>> runs on the E1000 driver >> >> Did you try e1000e? >> >> Bye... >> >> Dirk > > e1000e had been disabled in 2.6.27 versions, was it p

Re: [gentoo-user] Postfix and Domainkeys

On 12.01.2009 00:13, Jason Carson wrote: > Greetings, > > I am trying to setup postfix with domainkeys. I installed dk-milter and > ran the following as I was told to do after emerging it ... DomainKeys is deprecated and is replaced by DKIM. You are much better off using mail-filter/dkim-milter.

Re: [gentoo-user] Postfix and Domainkeys

On 12.01.2009 17:33, Jason Carson wrote: [...] > I don't understand what this part below means... > > Make sure you add these parameters to your dk-filter command line: > -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private > -S default > > I tried the following two commands with no

Re: [gentoo-user] Postfix and Domainkeys

On 14.01.2009 06:24, Jason Carson wrote: >> On 12.01.2009 00:13, Jason Carson wrote: >>> Greetings, >>> >>> I am trying to setup postfix with domainkeys. I installed dk-milter and >>> ran the following as I was told to do after emerging it ... >> DomainKeys is deprecated and is replaced by DKIM. Y

Re: [gentoo-user] Commenting out multiple lines in vim

On 13.02.2009 07:48, Stroller wrote: > On 13 Feb 2009, at 00:53, Philip Webb wrote: >> 090212 Stroller quoted: >>> In vim, you can just select the rectangular region with Ctrl-v, >>> then type "I#". This will insert # in each line at the same >>> column. >> >> If you want to comment a series of li

Re: [gentoo-user] Kernel update messed up console encoding

On 28.02.2009 12:34, Florian v. Savigny wrote: [...] > I'll follow your suggestion and re-post the problem on gentoo-user-de, > although I think running into that sort of problem might happen to > anybody who uses a European language other than English (one of those > covered by iso-8859-1, more pr

Re: [gentoo-user] eselect-news

On Tue, Apr 07, 2009 at 12:21:12PM -0500, Dale wrote: > Just to make sure my light bulb is burning correctly, after I upgrade I > can see the message or after I sync and use eselect the message will > appear? I'm trying to figure out if the horse is in front of the cart > or behind it. o_O After

Re: [gentoo-user] eliminating packages/ebuilds from the portage tree

On Thu, Apr 09, 2009 at 12:52:18AM -0400, Valmor de Almeida wrote: > There are a couple of packages (ebuilds) in the portage tree that I > would like to eliminate completely from my system and not get them back > after an emerge --sync. Is this possible? You can exclude part of the tree with POR

Re: [gentoo-user] Re: eliminating packages/ebuilds from the portage tree

On Thu, Apr 09, 2009 at 11:32:22AM +0200, Alan McKinnon wrote: > > > is there a good reason to remove them, instead of masking? > > > > If you like spending half a day masking hundreds and hundreds of > > packages using an inflated package.mask, then no, there's no good reason :) > > The OP said "

[gentoo-user] Netfilter TRACE target?

How do you get the TRACE target to work in iptables? north ~ # /sbin/iptables -t raw -A PREROUTING -j TRACE iptables v1.3.8: Couldn't load target `TRACE':/lib/iptables/libipt_TRACE.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more inform

Re: [gentoo-user] Gentoo on the server side

On 01.12.2007 09:03, Alan wrote: > This used to be a debian system and was moved over to gentoo about 4 > years ago when I had been spending lots of time with gentoo on my > desktop at home. I like gentoo, however I would exercise caution if > you're deploying on "real" systems. We have also mo

[gentoo-user] recover from disk crash lvm2 group

Hello, One of the disks in a 3-disk lvm2 group crashed. I would like to continue with the remaining 2 disks. How to remove the non-functioning disk from the group and re-create the volume with 2 disks? I have backups. # vgremove home_vol Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-

Re: [gentoo-user] recover from disk crash lvm2 group

On 02.08.2008 15:02, Albert Hopkins wrote: > On Sat, 2008-08-02 at 12:49 +0300, Eray Aslan wrote: [...] >> One of the disks in a 3-disk lvm2 group crashed. I would like to >> continue with the remaining 2 disks. How to remove the non-functioning >> disk from the group and

Re: [gentoo-user] Circular blocks after last night's sync?

On Tue, Oct 28, 2008 at 03:09:00PM -0400, Allan Gottlieb wrote: > I have unmerged all the files involved in the blockage > > allan Mail # emerge --ask --unmerge e2fsprogs e2fsprogs-libs ss com_err > > >>> These are the packages that would be unmerged: > > --- Couldn't find 'e2fsprogs

Re: [gentoo-user] kerberos use flag

On 08.11.2008 17:27, Allan Gottlieb wrote: > Today's emerge --ask --verbose --deep --tree --newuse --update world > turned up a bunch of reinstalls due to -kerberos*. > > I have not changed make.conf. Did some profile change? > Output from emerge --info is below. Kerberos was removed from deskto

Re: [gentoo-user] Squirrelmail plugins the Gentoo way?

On 09.03.2007 02:22, Grant wrote: [...] > It appears squirrelmail is installed with the crypt USE flag. 'equery > uses squirrelmail' says this about crypt: > > Add support for encryption -- using mcrypt or gpg where applicable > > Does anyone know if that is the gpg plug-in or not? If so, does

[gentoo-user] mysql emerge error

Hello, New server. While emerging mysql, I got the following: > [...] > make[4]: Entering directory > `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase/trx' > Makefile:251: .deps/trx0purge.Po: No such file or directory > make[4]: *** No rule to make target `.deps/trx0purge.Po'. Stop. >

Re: [gentoo-user] mysql emerge error

On 20.04.2007 11:06, Eray Aslan wrote: >> [...] >> make[4]: Entering directory >> `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase/trx' >> Makefile:251: .deps/trx0purge.Po: No such file or directory >> make[4]: *** No rule to make target `.deps/trx0pu

Re: [gentoo-user] IMAP server recommendations.

On 17.05.2007 06:52, Josh Helmer wrote: > I was just looking for some opinions. I am replacing my current mail server. > > Right now I am using courier-imap and I am happy with it. The only thing > that concerns me is that I have heard grumblings that courier has some > security issues. I

Re: [gentoo-user] how do you keep up with system administration?

On 30.05.2007 10:21, Neil Bothwick wrote: > This runs in the early hours, so I can read it whenever it suits me during > the day and apply the changes as I want. I run testing, so frequent > updating is a good thing; with a stable system, weekly would be fine, but > the longer you leave it the more

Re: [gentoo-user] HEADS UP - postfix-2.9.0 is broken

/lib{,64)/postfix). Adjust your main.cf accordingly. I'll add a warning to the ebuild. -- Eray Aslan

Re: [gentoo-user] HEADS UP - postfix-2.9.0 is broken

On Mon, Feb 06, 2012 at 06:51:51PM +0100, Andrea Conti wrote: > Luckily the error messages are informative enough... but let's say that > a word of caution in the emerge message would have been welcomed. There is a warning printed if you emerged without the berkdb flag when you upgraded from

Re: [gentoo-user] Circular blockage

On Mon, Mar 28, 2011 at 11:16:48PM +0100, Peter Humphrey wrote: > How do I get out of this? Re-sync your tree. Temp breakage when virtual/mta was added to the tree. Sorry about that. -- Eray

Re: [gentoo-user] drbd primary standalone ...

want to check become-primary-on directive in drbd.conf -- Eray Aslan

Re: [gentoo-user] netqmail blocks maildrop requiered by qmail-scanner.

tools flag by default. -- Eray Aslan signature.asc Description: Digital signature

Re: [gentoo-user] Re: OT: advice sought on new laptop for Gentoo

On 07.09.2010 15:29, Alan McKinnon wrote: > I figure that just like a top-grade mechanic should be looking at SnapOns or > similar in his toolbox, this here sysadmin also needs high quality tools. My > chief tool is my notebook. It's the weight not the price that is the deciding factor us. I gu

Re: [gentoo-user] newaliases - unsupported map type: hash

On Fri, Aug 31, 2012 at 3:06 AM, Joseph wrote: > I just upgraded to postfix-2.9.3 and not getting any local mail. > > When I type "newaliases" I get: > postalias: fatal: unsupported map type: hash Do not turn off the berkdb USE flag if your setup uses hash or btree lookups. There is a warning in

Re: [gentoo-user] GSSIAPIKeyExchange is not supportd on OpenSSH_5.9p1

On Wed, Sep 5, 2012 at 12:06 PM, Ali Gholami wrote: > .ssh/config: Bad configuration option: GSSAPIKeyExchange That config option needs a separate patch which has been around for ages but upstream OpenSSH maintainers are being an arse^H^H^H^H uncooperative. Sadly, Gentoo decided not to ship it a

Re: [gentoo-user] courier-imap cannot find courier-authlib

On Fri, Nov 02, 2012 at 08:05:34AM -0400, Mike Edenfield wrote: > Is anyone else seeing this problem, or know how to make it go away? Should be fixed in =courier-authlib-0.65.0-r2. In the meantime, try -r1 with the static-libs USE flag. -- Eray

Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma

to change the default mta from ssmtp to one of them in semi-near future (probably nullmailer now that it has TLS/SSL support). -- Eray Aslan

RE: [gentoo-user] OT: Web mail suggestions...

> Anybody out there able to point me to an existing open-source, solid > package? > > Thanks! > > Dave > I've had no problems with squirrelmail so far: www.squirrelmail.com Eray -- gentoo-user@gentoo.org mailing list

RE: [gentoo-user] daemon monitoring programs

> > for some reason I've got a couple of daemons that keep going out to > lunch on me. Are there any good tools for monitoring daemons and > possibly restarting them when they go away? > Write a small script running out of cron every x minutes or inittab (man 5 inittab) Do not forget to che

[gentoo-user] Out of portage

Hello, I am using portage for packet management. But there are a few programs (postfix for example) that I have emerged and now would like to manage myself. What is the best way to take a program out of portage without unmerging the program? Deleting the appropriate line from /var/lib/portag

RE: [gentoo-user] Out of portage

Renat Golubchyk wrote: > > If postfix becomes a dependency of another package in the > future it will > get updated by portage regardless of it being in the world-file. Possible but unlikely. It is a stable mail server. I doubt we will add or remove any software in

RE: [gentoo-user] Out of portage

Renat Golubchyk wrote: > > You can copy the ebuild to your overlay and patch postfix from there. > If you don't have to do anything else before compiling it then it's as > trivial as "epatch /path/to/postfix.patch" somewhere in src_unpack(). > Doing it this way has the be

RE: [gentoo-user] recommendatoin for a new server

El Nino wrote: > Dear friends,i'm planning on buying a server for running gentoo(will > b our 1st gentoo server) with a mail+dns server(<1000mails/per > day).i'm looking for sata raid,amd opteron & around 1GB ram. has > anyone built a server recently that worked?1) can an

[gentoo-user] high packet loss

Hello, I wanted to change the router/firewall at a small office lan to hardened gentoo. The machine in question sits between a consumer grade adsl modem and 3 different networks (so a total of 4 eth cards on the server). However, there is a high packet loss (25-50%) between server and adsl modem

Re: [gentoo-user] Guidance on encrypting my /home

On Sun, August 13, 2006 3:22 am, John J. Foster wrote: [snip] > So, before I get to settled on using this, a few questions. > > Do you encrypt your home directory? /home and swap > What apps and/or combination of apps do you use, and why? cryptsetupLUKS > Which ciphers do you prefer? Why? AES

Re: [gentoo-user] I think my machine is being used for spam

On Fri, September 15, 2006 8:48 am, Kevin O'Gorman wrote: > My mail queue is chock full of messages that appear to be > error-reports from MAILER_DAEMON to the effect that some piece of mail > is undeliverable. The form of the messages is baffling to me, and I > cannot figure out what the original

Re: [gentoo-user] Ansible, puppet and chef

On Tue, Sep 16, 2014 at 10:43:18PM +0200, Alan McKinnon wrote: > Puppet seems to me a good product for a large site with 1000 hosts. > Not so much for ~20 or so. I find that for a few machines, puppet is overkill. For a lot of machines, puppet can become unmanageable - with puppet master and secu

Re: [gentoo-user] Re: Secure DNS servers

erver. For a high volume dns server, you don't want to reach conntrack limits before you reach the limits of your dns software - which are usually much higher. A stateful firewall for a dns server is not always a good choice - do not make it easier to DoS. -- Eray Aslan

Re: [gentoo-user] postfix: /etc/postfix/aliases or /etc/mail/aliases ?

On Mon, Jul 12, 2021 at 01:21:14PM +1000, Adam Carter wrote: > The location is currently configured in main.cf; > # postconf alias_maps > alias_maps = hash:/etc/postifix/aliases That's a non-default value. /etc/mail/aliases is the gentoo default. Changing the default is fine but you need to let p

Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?

On Sat, Aug 22, 2020 at 09:17:56PM +0100, Ashley Dixon wrote: > On Sat, Aug 22, 2020 at 04:15:38AM +, Caveman Al Toraboran wrote: > > just to double check i got you right. due to > > flushing the buffer to disk, this would mean that > > mail's throughput is limited by disk i/o? [...] > When an

Re: [gentoo-user] Re: Why does bind-tools 9.18 depend on bind?

On Sat, Oct 26, 2024 at 11:42:32AM +0100, Peter Humphrey wrote: > On Saturday 26 October 2024 09:10:44 BST Eray Aslan wrote: > > fwiw, net-dns/unbound is a good choice for a resolver even if you are > > running in a systemd environment. > > Interesting. I run dnsmasq here; wo

Re: [gentoo-user] Re: Why does bind-tools 9.18 depend on bind?

On Fri, Oct 25, 2024 at 01:53:05PM -, Grant Edwards wrote: > On 2024-10-25, Michael Orlitzky wrote: > > BIND may actually be the least bad option. > > Indeed. Seconded. I find that net-dns/bind is good for authoritative dns servers and for its tools so it tends to get installed even on lapto