hi aury hi, what's up ? in your local mirror do you exclude the distfiles directory? never Im installing another gentoo server here :P well I just cloned one I rsync to the another computers you rsync all the /usr/portage dir? well... I need to go... I'll be back in 30 no ok just the /usr/portage/distfiles and portage too... that's right ok thanks for the another computer emerge sync's hi jorge hi do you know that your server answer to ping's ? yes ok :) why? I only answer to source-quench because is more secure ohh I was reading about a attack that can be done using ping discovered by an argentine where? was some months ago TCP/IP has a flaw in the architecture that permits ping to do a DoS very hard to be done, but possible hi jorge hi do you know any way to do a permit IP and sender in postfix ? access? yes I mean /etc/psotfix/access no, I mean you can send as root@chewbacca.git.com.br from 192.168.0.1, but not from 192.168.0.2 aury I need to go now no problem I'll read the pf book do you have it/ in paper? yes no, in PDF ok share it Im going home just tell me when jorgearma1982@gmail.com please ceya hi jorge it's possible to redirect something going to 172.20.x.x to 200.x.x.x ? inbound? no, it's originating in my machine where is 200? a remote server I want to go 200.x.x.x instead of 172.20.x.x 172 is in your LAN? and 200 outside? no, my lan is 192.... 172 is a lan in the 200.x.x.x site that's why I need to rewrite because I need to go to 172 mm dont understand :( I connect to a software in 200 right ? ok this software replies and tell's me to connect in 172 but 172 isn't here so I need to rewrite to go to 200 again but, I you do that will be a loop, no? no, because the reply tell's me that the request was accepted in 172.x.x.x in another port but the program uses the ip of reply so, I want to know if it's possible to rewrite in iptables to go to 200 instead of 172 Im not sure i you can use REDIRECT dnat iptables -t nat -A PREROUTING -d 172.20.187.253 -j DNAT --to-destination 201.20.146.130 hi jorge hi do you use amavis? yeap do you know how to whitelist a sender globally ? in the file amavisd.conf are examples but you use ldap, no? I dont use ldap yes, I use but is per user only I want to know globally there is seccion # ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL (RECIPIENT-INDEPENDENT) where? in amavid.conf in section V well you know I'm good in cleaning config files :P jeje takae you backup jejje it'll take 2 hours jeje can you send to me ? /usr/share/doc/amavisd-new-2.3.3-r2/amavisd.conf-default.gz  k no there's no section V that is not the file :) yeah that I have damn I forgot how to send a file from the console cat file | mail nuny@aury.com.br mail aury@aury.com.br < amavisd.conf.orig check your mail http://www.git.com.br/greylist.php?d=aury.com.br :) hehe 100 seconds requeued I requeued with pfqueue :) my girlfriend gave me her old playstation yesterday I downloaded a lot of games to play :P jeje you get the file? not yet did you get the mail  ? aury did you whitelisted the address yesterday? no, but I received it just was delayed http://www.ijs.si/software/amavisd/release-notes.txt find for aury good I dont use amavis with ldap ohh amavis 2.4.0 Ohh!! yep I'm waiting for gentoo to stabilize and release you can use your overlay I have my own version of rules_du_jour sure, you can but this was recently released you cannot for sure that it will no break everything yeap off topic have you check last.fm? it rulz!! I registered created my profile and I'm using the client and listening the radio good metal music :) hehehe no, I'm busy last weeks doing my thesis and finishing some scripts I did a script to calculate and notify the domain admin that there's a e-mail with quota over 90% do you use mysql ? yes what charset? the default utf8 I use latin1 and mysql is compiled with utf8 by default yes and you can't change it I could't change my db to utf8 :( I changed all the settings to latin1 in my,cnf in one server my.cnf doesn't matter for php it will use utf8 because is compiled in I have my database in latin1 but I counn't find a easy way to change my data in utf8 :( yeah, I filled a bug there is lots of info to make a way to choose the charset that mysql is compiled in 4.1 the default is to utf8 exactly I need the default in latin1 It was latin1 they changed again you can change the settins in my.cnf I did that but not for php for me worked php uses the compiled in charset no way to change only querying mmm I'll ask my clients to convert to utf8 ohh I tried createing a database, and tables in latin1 but I could'nt :( no, you can't you need to set the charset when inserting data and when querying to get the correct results back hi jorge do you do backups to tapes or know tape commands? mt sucks I use bacula bacula is the better solution for backups in fact im configuring the win2000 client of bacula for one server it's just one servers we're doing tar direct to tape I really prefer bacula even to backup to disk well im goiing to lunch brb hi jorge can you help me ? do you know how to redirect stderr to a variable ? yea how ? mm but but what about something like this VAR=`command 2>&1 >/dev/null` yeah thanks (Putting the 2>&1 before the >/dev/null means that stderr gets redirected first.) hi aury did you configured mailman with ldap? no... I never used mailman any software for mailing list? never it's in my TODO for months...hehehe yeap I remember that jeje I think it's the number 2.... in 40 tickets... hehehe well Im going to read about this im reading the mailman ebuild well, if you find something good for ldap, tell me I have not found a good way wait only populating the list with a flat file http://www.linuxdicas.com.br/sections-viewarticle-271.html http://www.noticiaslinux.com.br/nl1124416923.html I have these 2 links http://mail.python.org/pipermail/mailman-coders/2005-February/001571.html In portuguese....but not hard to understand  as you know spanish yeap thansk http://webserver.offal.homelinux.org/LDAPMemberAdaptor/V3.0/LDAPMemberAdaptor/ appears to be cool I'll bookmark I've a lot of things to do port every script to use authentication and remove the permit_mynetworks from postfix although I dont care to have the recipients in the ldap you can simulate a list using ldap and postfix but there's no membership, remove using mail...etc yap yeap I think I going to do flat mailing list is for notifications to our customers tousand fo customers :) the problems is when you need to deliver to all customers but if the customer reply will be to all customers too you know what I mean ? I think I can limit that maybe if you discover how I would like to know I remember some config in mailman hi aury are you there? yep what's up?? which greylist daemon do you use? postgrey thanks no problem jorge do you use postfix with sasl ? hi yes are you getting this in syslog ? Apr 18 16:28:16 skywalker postfix/smtpd[26951]: auxpropfunc error invalid parameter supplied Apr 18 16:28:16 skywalker postfix/smtpd[26951]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb  yes I saw that this morning right you know what is that? I saw about 3 hours ago no idea it's since I upgraded from the previous version the auth works correctly you mean the cyrus-sasl version? yes yeap is since the last update   ::: (22 to of 30) dev-libs/cyrus-sasl-2.1.21-r2 to / http://www.xml-dev.com:8000/message/20050816.221312.c9c7c64a.en.html I alredy saw it mmmm at least I discovered a thing what? smtpd_sasl_application_name = smtpd in postfix means /etc/sasl2/smtpd.conf mm I dont undestand the smtpd if you put smtpd_sasl_app... = blabla you need a /etc/sasl2/blabla.conf ohhh!! where you found that I'm looking in the sources to discover the problem nobody knows the answer :O I can't believe let's check hehehe solved apparently im going to lunch brb cd /usr/lib/sasl2 rm -rf libldap* and solved jorge, do you get a lot of lame servers in your DNS ? yes RBL ones ? I dont know I'm using RBL in postfix and a lot of lame was appearing in the logs I removed the ones that was appearing in the blocks I dont use rbl because these are useless in the logs logging { category lame-servers { null; }; }; I send lame messages to null in my config I don't want to send to null to see the problems Apr 18 19:20:16 tatooine named[21687]: lame server resolving '243.107.155.200.spam.dnsrbl.net' (in 'dnsrbl.NET'?): 38.96.4.21#53  I discovered that way that dnsrbl.net is out and removed from postfix let show a cool thing http://www.securitysage.com/antispam/intro.html I dont understat that lame server message it means that another server is answering for example, I should answer for aury.com.br but if I answer for terra.com.br, I'm a lame server if somebody in the path answer for aury.com.br, it's a lame server isn't autoritative ok Apr 18 19:20:16 tatooine named[21687]: lame server resolving '243.107.155.200.spam.dnsrbl.net' (in 'dnsrbl.NET'?): 38.96.4.21#53  there the problem is when a domain dosn't exists you where queryinf for 243.107.155.200.spam.dnsrbl.net and another server answers yes and a server answered for it and 38.96.4.21 answer right ok I understand my DNS cache discovers that 38.96.4.21 is lame I think they are trying to forge the rbl lists no dnsrbl.net doesn't exists and existed? yes, someday now isn't answering 38.96.4.21 is NS1.SPLITINFINITY.NET is listed in the whois it's correct but isn't answering authoritative for this domain for example, ns1.git.com.br is the dns listed for aury.com.br ... but if ns1.git.com.br doesn't hosts aury.com.br .... is a lame yes yes I understand just to clarify... I was thinking that I misspelled myself :) I think someday I learned that :) when I was learning the dns system jej you know Im going to replace a mail system in a few hours :) in a double xeon I fond that I can use the pentium4 use flags so I did a stage4 of one system I have :) I hope in one our the server will be up and runing I said a few hours? I mean, a few minutes jeje stage4? you men mean... copied everything ? :P almos everything is about 280MB compressed less than my daily backup I exclude all this default_exclude_list=" --exclude=/tmp/* --exclude=/var/tmp/* --exclude=/lost+found/* --exclude=/dev/* --exclude=/proc/* --exclude=/mnt/* --exclude=/sys/* --exclude=/usr/portage/* --exclude=/var/log/* --exclude=$stage4Location" # depending on your choice these files or directories will additionally be excluded custom_exclude_list=" --exclude=/usr/src/* --exclude=/var/amavis/quarantine --exclude=/home/*" I don't backup configs I backup the svn, that contains the configs.... because I like to see the versioning I need to do that but I dont know how :( I have a wiki where? the trac wiki right.... I don't have nothing about creating a repository I think it's just svn create /var/projects im installing the server :) firewall-stage4-03.04.2006-minimal.tar.bz2 100% 182MB 10.8MB/s 00:16  10.8 mb/s ? gigabit ? I dont know the stage is 182MB in SSH 10 mb/s is a gigabit link ohh im remotelly dont know thefisical location damn didnt boot the servers server SCSI ? yes she says it sasys probably screwed up with the drivers cannot mount boot> please especify a device or a shell ... IIRC, this is when the boot CD doesn't works correctly I got it using a USB key Im waiting for she to solve this damn I need to fix this server can I leave the server running in with the livecd? doing the chroot and configuring all the services well... you can... but isn't the best thing to do... yes !! Block device /dev/sda3 is nor a valid root device (09:48:46) Yami:  !! the root block device is unspecify or not detected  Please specify a device to boot or "shell" for a shell scsi drivers you didn't compiled the correct drivers for scsi at least I believe damn I cant found the scsi drivers it's a dell ? I dont know is a lsi a dell is megaraid or aacraid lsi ? I never saw one of these no, I saw vmware uses this yep wait I have a .config for this LSI is megaraid im in the livecd now http://pastebin.com/669597 those are the modules loaded wait... I'm slow here vmware compiling gcc and glibc yeah, livecd load every drivers lspci can help 0000:01:04.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07)  1 sec you know in my server I dont have the device blocks files in /dev/ # ls /mnt/gentoo/dev/ console null  I''m really slow here... I think that I've a install guide for a server exactly the same im extracting one stage1 to copy the files in /dev/ I think you need the LSI Logic New Generation RAID Device Drivers # modinfo mptscsih author: LSI Logic Corporation description: Fusion MPT SCSI Host driver license: GPL parmtype: mpt_dv:i  oh those Fusion MPT I think I need to put those drivers in /etc/modules.autoload/kernel-2.6 Look at Device Drivers just compile in kernel the Fusion MPT and the LSI Logic driver this should make your kernel boot ok im trying that some spywares actually use the outlook express config to send email yes most of trojans in the 2002 did that right, I blocked some account here 3 or 4 are sending spam in your net? jee I always block outgoing connections to tcp/25 no in my net where? outside a client that conects here to send mail just one client ohhh with about 75 desktops 3 of them I blocked what do you use for backup ? tape ? disc I need to put the backup outside the datacenter tsss its hard to compile kernels remotelly :) I did with genkernel why? I do it all time :P to include almost everything hm with genkernel when you boot you need doscsi I where? in the kernel parameters for grub and you need to set the initrd and so on THAT'S WHY NOT WORKED !! without doscsi in the boot of livecd fuck I never setup a server with scsi :( you get the same problem well, not exactly because the cd doesn't needs scsi but you need scsi to make the filesystem but after the boot, scsi modules are loaded but to boot a scsi hd, you need scsi modules loaded in boot time for a liveusb you need doscsi because you need to load usb drivers in boot time that's why I get it sometimes and when I try to boot from a USB case with a CDROM, I need doscsi too ohh thanks Im going to try I recompile d the kernel with scsi and mpt builtin well...this should work hope :) I hope but with genkernel....doscsi does the trick for you but you need to set grub correctly....with initrd, etc yes Hi aury do you know if You can do per user attachment filtering with amavisd-new? yes, you can you mean....block by user.... bypass by user, etc sorry, I was out yes block by user and bypass by user you know how? any example? I use with ldap I don't know by code.... I need to discover that's why I asked you to send me the amavisd.conf ohhhh because I didn't know how to whitelist a user and now, You know? you didnt receive d the file? @whitelist_sender_maps = ( ['cobranca@git.com.br'] ); yes, I received  NAME 'amavisBannedFilesLover' is that? this is for ldap you use amavis with ldap ? nop I dont use ldap with amavis but with amavis is that atribute? yeah, is bannedfileslover ... these will receive banned files the best is bypass_banned_checks look at the amavisd.conf sample there's config for it I really dont need this but one friend asked me because he wants to migrate from qmail-scanner why? he has problems when are clamav and SA updates he nees to recompile everything and other things he wants to change to postfix hi aury you know how can expand a php variable in the system function in php? I have this $do = add_mail ($domain, $mail_new, $quota, $real_name, $password1,$_POST["randompw"]); echo $mail_new; echo $domain; system('sudo /usr/local/bin/maildirmake.sh $mail_new'); but that doesnt works I put the echo to see if expands the variable it doesnt works inside the system function for example if I to system('sudo /usr/local/bin/maildirmake.sh testuser1'); that do works ehhe wait ok no no im doint that to automatically create the maildir for each user I create in phamm the sudo will not work when using maildrop :( dman damn you need to setup to make apache (the running user), turns to root or you can do a C program ... setuid only to create maildirs that's what I did truly... I did a lot of things in this setuid program I dont know C :( :"( :'( I can share what mail ? it's safer to use a known binary setuid than to free sudo jorgearma1982@gmail.com aury you know I changed to system("sudo /usr/local/bin/maildirmake.sh $mail_new"); with double quotes and that works I received the file thanks and how do you use it ? :$ you're running sudo from apache ? yes apache mail = NOPASSWD: /usr/local/bin/maildirmake.sh I have that in sudoers mail is the hostname right, with the file that I send, first you create the binary gcc -o admin admin.c then, chmod 4440 admin chown root.apache admin ./admin -m /var/mail/domain.com/mail#domain.com or whatever you want but this is very specific  this will make the created dir's of owner postfix if sudo works well for you, stay with it thanks anyway thanks for the script I going to change the script to support the $domain argument and check for the domain directory before creates the user dir yeah, mine created everything it it doesn't exists....just creates yeap, Im trying to read it :) maildirmake is stupid why? it's just a matter of creating cur/new/tmp aury could you show me your maildrop line in master.cf maildrop unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/bin/maildrop -w 90 -d ${recipient}  tahanks tahnsk again aruy aury no problem im going to migrate one server toldap well only the mail accounts mail+squid cool I hope I can use migrationtools because I dont want to retype the passwords but I think migration tools only supports crypt hash hm where are the passwords? in /etc/shadow? in shadow well im going home they are crypt migration tools works fine I really dont like gentoo 2006 dont like the isntaller its very confusing I installed once and? what you think? in an intel 64 something changed? :P im using the installer I never used the installer Im going to do the same is hard to use this guis :) the guy is ncurses based ? is gtk well are two the gtk and ncurses but Im going to installe in the old way well this time with stage3 jeje the gtk one appears to be nice I'm seeing the screenshots yes is nice remembers me to redhat but there is no way to especif your own use flags easyly that gui gives you a full lists of the use flags there's a screen jeje to select the use flags the console one is the same than kernel menuconfig yeah, the one specific for packages is a lot of tweak there are too much options hehe yes I'm starting to use /etc/portage/package.use to remember the USE flags for each package I always use use it the new PHP is a lot of options I never use USE="blblalbla" emerge name well I think im going to install this machine in the old way I always did that hehehe I hate to edit configs just love to issue one command that does everything and I can sleep or watch TV in mean time :P jejeje I did a script in ruby to create chroots! ohh!!! if I want one command in the chroot, the script copies everything for me good and tell me what files can be used too, plus the libs :O share it :) it's just a string strings jmedina@tuxjm.net ? that is my email sent if you would like to know ruby, it's a good start just ask me any doubt and share the improvements ;) I'm now working for the brazilian government good what are you doing there? they use open-xchange as groupware and they're demanding that all official communtication use SMIME open-xchange doesn't supports SMIME smime is for secure connections? with gpg? they're 4 months delayed in the implementation no, it's different but the same purpose I rmemeber something like that when I was configuing kmail to support smime for gpg or something like that smime is the stanard standard gpg doesn't uses smime smime is pkcs7 gpg is the own algorithm well I needed that to sign my mails and encrypt them with my pgp maybe smime is just the encoding encryption is different S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME. :? yes I don't know gpg the standard is pkcs7 gpg is the gnu implementation of pgp gpg is another algorithm what sorry pgp too I mean the gnupg :) sorry :) yes, pgp is the algorithm that's right gpg is just a free implementation but pkcs7 is the standard....different from pgp gpg is the command in gnugpg gnupg :) I remember because I was signing my slackware packages with my public key you can create a cert in cacert.org and just throw it at your thunderbird and exactly what they want? in open-xchange? 1) open-xchange doesn't supports smime they want me to support in reading and sending 2) they don't want to store the cert's in the server, because they want A1 e A3 A1 is certificate, A3 is a token usb, smart cart a security device so I need to get firefox to take the cert, encrypt/decrypt the mail somewhat advanced thing I already worked for the goverment I did the middleware implementation for digital TV not just me, of course... a lot of other people ohh the use has the private key for each user? they has the keyring in the usb? the private key stays only in the person browser in A1, of course in A3, it's stays in the security device it's different from pgp in the sense that you need 2 keys one public and one private in the pkcs7, one cert has the private key and the public key when you sign a message, you only send the public key you need to sign the message to send the key do you know manowar? the band? or what? yes the band I'm hearing the gods made heavy metal good :) I dont have music here well I do but dont have speakers :) sometimes I hear music with the headphones :( do you like soccer? nop lately I dont like sports :) but Im going to play basket in the next days I getting fat :$ hehehe I was 74 kg 3 years ago now I'm 105 http://richard.jones.name/google-hacks/gmail-smime/gmail-smime.html jejeje 3 years ago I was 31 size in pants now Im hardly fit in a 36 :) the measurement's are different from brazil 3 years ago I was 42 ... now it's 50 36 inches :( 36 inches in centimeters I'm about 110 centimeters but I never was lower than 95 centimeters 91.4 I'm somewhat strong because of genetics im 91 in waist but I have a big mmm stomache? jje i think 10 cm more jeje fucking beers ! and the musculation and martial arts helped me to stay somewhat rounded you look more thin I was in the photos where? give me again the url please http://www.aury.com.br/Photos/?page=Addry/Meu%20aniver%202005 ohh I remember the old photos :) I think 2 years ago jeje http://www.aury.com.br/Photos/?page=Nuny/New these ? yes is other jejeje I'm fat on these.... I was more thin me too I want to back to martial arts to get the black belt ohhhh I did for 3 years I left sports when I learned to play guitar I need more 4 to get the black belt.... 3 leves levels and at the same time I learned to drink :) hahaha I drinked a lot when I was young beer of course hey we still are young how old are you? johny walker 25 I'm old im 23 almost married :S you are fucked up! jejeje no....someday I'll marry now I'm just getting money I want to start to go to financial market here in brazil you can almost double the money I've a friend that put about 500 dollars in petrobras fund (a brazilian oil company) in one month he earned 250 dollars where are the stage3 files for pentium4? in the releases dir http://gentoo.osuosl.org/releases/x86/2006.0/stages/ no more stages http://gentoo.osuosl.org/releases/x86/2006.0/stages/stage3-i686-2006.0.tar.bz2 this is for p4 ohh that changed yeah, isn't more arch specific better, processor specific well I really dont care I dont care that arch specific optimizations I want stability stable for you is 2 year running fine ? yeap updating each package well, I have this one question If im going to instaall a stage3 in a pentium4 can I change my cflags in /etc/make.conf? I alwais isntalled with stage1 :) if you change, you need to reemerge system do you recomend to installa 2006? or 2005-1-r1? ? what you recomend? in 2005 stil are stage3 for pentium 4 mmm I think Im going to download a stage4 from one of my servers and clone the manchine no dam I dont know what to do jeje http://www.gentoo.org/news/en/gwn/20060424-newsletter.xml abou openldap ? yeap I already know :) jeje because you never sleep :) I sleep but I sleep at same time than you it's 9 o'clock for you, right ? ueap 8:53 I wake up 1 hour ago I always wake up at 6am I at 12 AM :P I'll see the hdb backend what is taht? that I think it's a h-tree database ohh bdb is a b-tree I dont know what is b-tree ;$ it's when a parent leaf has 2 child's leafs ohh yeah it's ordenated so the bigger values go to right and slowers go to left the access time is always O(log n) sorry the lower bound is log n the upper bound can be n, but b+-trees reordenate the tree to make a access be always log n im reading this http://www.semaphorecorp.com/btp/algo.html oh right I confused b-trees and b+-trees http://en.wikipedia.org/wiki/B%2B_tree you like slayer? I implemented someday the h-tree, but don't remember the algorithm never heard how many gentoo servers do you have? here 2 one in usa my mail server and in other company one backup server one mail server one mailgateway filter one firewall/proxy all gentoo ? yes I migrated the last four in the ther company from redhat and fedora and one in my home I'm starting to having problems to mantain up to date what kind of problems? the time? takes too much time yes I know that :( more when are libc and gcc updates glibc I think I'll enable buildpkg feature and gcc yes im going to do that in machines with the same archv arch most of my machines are pentium4 try it, and share how it works, etc I have a dual xeon and that use pentium4 flags all the machines has the same use flags las time I updated 4 servers jeje in one night or 5 dont remembetr I'm thinking about becoming a gentoo devel :O :D I really like gentoo the way the works good forums, good bugtracks rapid releases yeah, it works well the best secuirty team and it's good to have atual packages and use the most recent features yes the problem is the upgrades....but it's the payoff jejeje much better than do a clean install each 1 or 2 years we cant get everthing :) yes you know I insalled 2005 :) I'll try 2006 later jejej you don't need to upgrade nothing than change a profile to get the new version YOu changed the profile? I always change ls /etc/profile -l damn I cant nistall grub in this machine :( I can install grub without problems but the fucking machine always tell the that cant found a operating system :( weird yees maybe I need to change something in the bios grub appears? nop yeah, something wrong MBR I nsatlled grub with grub-install /dev/hda and with the grub shell with root (hd0,0) and setup (hd0) that should work but nothing ohhh I think is my fault :( jeje I changed in the bios to hard disk 0 fro hard dik 0 to 12 to 1 :) damn this initial isntallas fly :) one Think I dont know when using quickpkg is if also builds the binaries of the dependencies ;( but I dont think so when I do a update of one system last time were about 40 packages I think that is the problem i think if you have the buildpkg enabled in the features, just doing a emerge will make bin packs of all ohh ima rading about taht Im reading quickpkg will only do of the package To create a prebuilt package you can use quickpkg if the package is already installed on your system, or emerge with the --buildpkg or --buildpkgonly options. If you want Portage to create prebuilt packages of every single package you install, add buildpkg to the FEATURES variable.  that is good http://ftp.fredan.se/gentoo/binaries/ I would like to have my local repository something like the above and than use that repositiro repository ohh PORTAGE_BINHOST="ftp://buildhost/gentoo" emerge --usepkg --getbinpkg gnumeric ohh thats it what do you thinkd about that?