353 lines
18 KiB
HTML
353 lines
18 KiB
HTML
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_bytes69.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="lg_tips69.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer68.html"
|
|
><IMG SRC="../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center">
|
|
<A HREF="../issue67/tag/bios.html">A few Answer Gang biographical notes</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../tag/kb.html"
|
|
><IMG SRC="../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Gang</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
|
|
the Editors of Linux Gazette...
|
|
and You!
|
|
<br>Send questions (or interesting answers) to
|
|
<a href="mailto:linux-questions-only@ssc.com"'
|
|
>linux-questions-only@ssc.com</a>
|
|
</H4>
|
|
<p><em><font color="#990000">There is no guarantee that your questions
|
|
here will <b>ever</b> be answered. Readers at confidential sites
|
|
must provide permission to publish. However, you can be published
|
|
anonymously - just let us know!
|
|
</font></em></p>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<A NAME="tag/greeting"><HR WIDTH="75%" ALIGN="center"></A>
|
|
<H3 align="left"><img src="../gx/dennis/hbubble.gif"
|
|
height="50" width="60" alt="(¶) " border="0"
|
|
>Greetings from Heather Stern</H3>
|
|
<!-- begin hgreeting -->
|
|
<p>
|
|
Hello, everyone, and welcome once more to the world of the Linux Gazette
|
|
Answer Gang.
|
|
</p><p>
|
|
The peeve of the month having been Non-Linux questions for a few too many
|
|
weeks in a row, The Answer Gang has a new address. Tell your friends:
|
|
</p><h3 align="center">
|
|
linux-questions-only
|
|
</H3><p>
|
|
...at ssc.com is now the correct place to mail your questions, and your
|
|
cool Linux answers. It's our hope this will stop us from getting anything
|
|
further about pants stains, U.S. history, etc. Cross platform matters with
|
|
Linux involved are still fine, of course.
|
|
</p><p>
|
|
For some statistics... there were over 31 answer threads, 25 tips (some
|
|
were mini threads) and over 600 messages incoming - and that's <em>after</em>
|
|
I deleted the spam that always leaks through. 200 more messages than last
|
|
month. I'm pleased to see that the Gang is up to the task.
|
|
</p><p>
|
|
Now at this point I bow humbly and beg your forgiveness, that, being a
|
|
working consultant with more clients than usual keeping me busy, I wasn't
|
|
able to get all of these HTML formatted for you this time. In theory
|
|
I can put a few as One Big Column but the quality is worse and we drive
|
|
the search engines crazy enough already. I can definitely assure you that
|
|
next month's Answer Gang will have <em>tons</em> of juioy answers.
|
|
</p><p>
|
|
Meanwhile I hope I can mollify you with some of the Linux tools that have
|
|
been useful or relevant to me during my overload this month.
|
|
</p><p>
|
|
Mail configuration has been a big ticket item here at Starshine. You may
|
|
or may not be aware that by the time we go to press, the MAPS Realtime
|
|
Blackhole List is now a paid service. That means folks who have been
|
|
depending on the RBL and its companion, the Dialup List, have to pay for
|
|
the hard work of the MAPS team... and their bandwidth. You can find other
|
|
sources of blacklisting information, or start enforcing your own policies
|
|
... but I would like to make sure and spread the news that they aren't
|
|
going exclusively to big moneybags - file for hobbyist, non-profit or
|
|
small site usage and you don't have to pay as much. Maybe nothing. But
|
|
you do have to let them know if you want to use it, now.
|
|
</p><dl>
|
|
<dt>Mail Abuse Prevention System:
|
|
<dd> <a href="http://www.mail-abuse.org/"
|
|
>http://www.mail-abuse.org/</a>
|
|
</dl><p>
|
|
My fellow sysadmins had been seeing this coming for a long time. Many
|
|
actually prefer to know what sort of things are being blocked or not,
|
|
anyway. Censorship after all, is the flip side of the same coin.
|
|
Choosing what's junk TO YOU is one thing, junking stuff you actually need
|
|
is entirely another. If others depend on you then you have to be much more
|
|
careful. Plaintext SMTP isn't terribly secure but it's THEIR mail, unless
|
|
you have some sort of contract with them about it.
|
|
</p><p>
|
|
So, I've been performing "Sherriff's work" for at least one client for a
|
|
long while now anyway - just tweaking the filter defenses so that the kind of
|
|
spam which gets in, stays out next time. There's a fairly new project on
|
|
Sourceforge called Razor, which aims for anti-spam by signatures, the same
|
|
way that antivirus scanners check for trojans and so on. I haven't had time
|
|
to look into it, but I think they're on the right track.
|
|
</p><dl>
|
|
<dt>Razor:
|
|
<dd> <a href="http://razor.sourceforge.net/"
|
|
>http://razor.sourceforge.net/</a>
|
|
</dl><p>
|
|
Procmail (my favorite local delivery agent) has this great scoring mechanism;
|
|
it can help, or it can drive you crazy (depending on whether you grok their
|
|
little regex language - I like it fine). I definitely recommend taking a
|
|
look at "junkfilter" package of recipes for it even if you are planning to
|
|
roll your own. The best part is that it is <strong>not</strong> just one
|
|
big recipe - it's a bunch of them, so you can choose which parts to apply.
|
|
</p><p>
|
|
Do make sure you have at least version 3.21 of procmail though. It's actually
|
|
gotten some improvement this month.
|
|
</p><dl>
|
|
<dt>Procmail:
|
|
<dd> <a href="http://www.procmail.org/"
|
|
>http://www.procmail.org/</a>
|
|
</dl><dl>
|
|
<dt>Junkfilter:
|
|
<dd> <a href="http://junkfilter.zer0.org/"
|
|
>http://junkfilter.zer0.org/</a>
|
|
</dl><p>
|
|
Folks who hate this stuff can try Sendmail's milters, Exim's filtering
|
|
language, or possibly, do it all at the mail clients after the mail has
|
|
been delivered to people.
|
|
</p><p>
|
|
Whether your filters are mail-client, local-delivery, or MTA based, making
|
|
them sanity check that things are coming really to you, and from addresses
|
|
that really exist, can have a dramatic improvement. The cost is processing
|
|
power and often, a certain amount of network bandwidth, but if you're really
|
|
getting hammered, it's probably worth it. Besides if my 386 can deal with
|
|
just plain mail your PentiumIII-700 can actually do some work for a living
|
|
and probably not even notice, until your ethernet card starts complaining.
|
|
More on that 386 in a bit...
|
|
</p><p>
|
|
I've got a client who just switched from University of Washington's IMAP
|
|
daemon over to Courier. The Courier MTA is just terrible (we tried, but
|
|
ended up thoroughly debugging a sendmail setup instead, and the system is
|
|
MUCH happier). But the IMAP daemon itself is so much better it's hard
|
|
to believe. He's convinced that it is more than the switch to maildirs
|
|
that makes it so incredibly fast. He does get an awful lot of mail, so
|
|
I suspect Maildirs is what made the difference noticeable. We may never
|
|
know for sure.
|
|
</p><dl>
|
|
<dt>Courier-IMAP:
|
|
<dd> <a href="http://www.inter7.com/courierimap/"
|
|
>http://www.inter7.com/courierimap/</a>
|
|
</dl><p>
|
|
The world of DNS is getting more complicated every month, and slower.
|
|
This has been clearly brought to light for me by two things - my client
|
|
at last taking over his own destiny rather than hosting through an ISP,
|
|
and my own mail server here at Starshine.
|
|
</p><p>
|
|
It used to be that there was only one choice for DNS, so ubiquitous
|
|
it's called "the internet name daemon" - BIND, of course. And I'm very
|
|
pleased to see that its new design seems to be holding up. Still it has
|
|
the entire kitchen sink in it, and that makes it very complicated for
|
|
small sites, even though there are a multitude of programs out there
|
|
to help the weary sysadmin.
|
|
</p><p>
|
|
A bunch of folks - including some among the Gang - really enjoy djbdns,
|
|
but you have to buy into DJ Bernstein's philosophy about some things in
|
|
order to be comfortable with it. Its default policies are also a bit
|
|
heavy handed about reaching for the root servers, which are, of course,
|
|
overloaded. Still it's very popular and you can bet the mailing list
|
|
folks will help you with it.
|
|
</p><dl>
|
|
<dt>djbdns:
|
|
<dd> <a href="http://cr.yp.to/djbdns.html"
|
|
>http://cr.yp.to/djbdns.html</a>
|
|
</dl><p>
|
|
However, his stuff (especially his idea of configuration files and "plain
|
|
english" in his docs) gives me indigestion, so I kept looking. There are so
|
|
many caching-only nameservers I can't count them all. It's a shame that
|
|
freshmeat's DNS category doesn't have sub categories for dynamic-dns,
|
|
authoritative, and caching only, because that sure would make it easier
|
|
to find the right one for the job.
|
|
</p><p>
|
|
However, I did find this pleasant little gem called MaraDNS. It was
|
|
designed first to be authoritative <em>only</em>, uses a custom string
|
|
library, and is trying to be extra careful about the parts of the DNS spec
|
|
it implements. It was also easy to set up; zone files are very readable.
|
|
It looks like the latest dev version allows caching too... though whether
|
|
that's a creeping-feature is a good question.
|
|
</p><dl>
|
|
<dt>MaraDNS:
|
|
<dd> <a href="http://www.maradns.org/"
|
|
>http://www.maradns.org/</a>
|
|
</dl><p>
|
|
For years I've been pretty proud that we can run our little domain on a
|
|
386. (Ok, we are cheating, that's not the web server.) But I could just
|
|
<strong>kick myself</strong> for forgetting to put a DNS cache on it
|
|
directly. So the poor thing has been struggling with the evil internet's
|
|
timeouts lately and bravely plugging on... occasionally sending me "sorry
|
|
boss, I couldn't figure out where to send it" kind of notes. (No, it's not
|
|
qmail. I'm translating to English from RFC822-ese.)
|
|
</p><p>
|
|
So I look at the resolv.conf chain. No local cache. What was I thinking?
|
|
(or maybe: What? Was I thinking? Obviously not.)
|
|
</p><p>
|
|
I tried pdnsd, because I liked the idea of a permanent cache... much more
|
|
like having squid between you and the web, than just having a little memory
|
|
buffer for an hour or two.
|
|
</p><p>
|
|
However, the binary packages didn't work. I wasn't going to compile it
|
|
locally at the 386. I'll get to reading its source maybe, but if anyone
|
|
has successful experiences with it, I'd enjoy seeing your article in the
|
|
<em>Gazette</em> someday soon. I don't think I've tried very hard yet,
|
|
but I had hoped it would be easier.
|
|
</p><p>
|
|
Meanwhile I had no time left and Debian made it a snap to have bind in cache
|
|
only mode. Resolutions during mail seem to be much happier now.
|
|
</p><dl>
|
|
<dt>pdnsd:
|
|
<dd> <a href="http://home.t-online.de/home/Moestl/"
|
|
>http://home.t-online.de/home/Moestl/</a>
|
|
</dl><p>
|
|
There are also more mailing list managers out there than plants in my garden.
|
|
I've got a big project for a different client where the "GUI front end" is
|
|
being dumbed down for the real end users, and I get to cook up a curses front
|
|
end in front of the real features, for the staff to use. It's very customized
|
|
to their environment. I do hope they like it.
|
|
</p><p>
|
|
If you're working on a mailing list project, I beg, I plead, try and have
|
|
something in between the traditional thrashing through pools of text files,
|
|
and the gosh-nobody-wants-security-these-days web based administration.
|
|
That way I can take less time to make the big bucks, and folks are a little
|
|
bit happier with Linux.
|
|
</p><p>
|
|
However, if you have in mind to do anything of the sort on your own, and you
|
|
prefer to work with shell scripts, I recommend Dialog. Make sure you get a
|
|
recent version though. There are a gazillion minor revisions and brain damaged
|
|
variants like whiptail. Debian seemed to have the newest and most complete
|
|
amongst the distros I have lying around, so I ended up grafting its version
|
|
into another distro. But, I finally tripped across a website for it that
|
|
appears to be up to date. Use the "home" link to read of its muddied past.
|
|
</p><dl>
|
|
<dt>Dialog:
|
|
<dd> <a href="http://www.AdvancedResearch.org/dialog/left-frame.html"
|
|
>http://www.AdvancedResearch.org/dialog/left-frame.html</a>
|
|
</dl><p>
|
|
Lastly, Debian potato for Sparc isn't nearly as hard as I thought it was
|
|
going to be, but configuring all those pesky services on a completely fresh
|
|
box, that's the same pain every time. It wouldn't be, if every client had
|
|
the same network plans, but - you know it - they don't!
|
|
</p><p>
|
|
I also had no ready Sparc disc 1, but a pressing need to get it, and my link
|
|
is not exactly the world's speediest.
|
|
</p><p>
|
|
Debian's pseudo image kit is a very strange and cool thing. It's a bit clunky
|
|
to get going - you need to fetch some text files to get it started, and tell
|
|
it what files are actually in the disc you're going to put together. But,
|
|
once you've fed it that, it creates this "dummy" image which has its own
|
|
padding where the directory structures will go, amd the files go in between.
|
|
If some of them don't make it, oh well. But you can get them from anywhere
|
|
on the mirror system ... much closer to home, usually, Leave the darn thing
|
|
growing a pseudo image overnight, then come back the next day and run rsync
|
|
against an archive site that allows rsync access to its official Debian CDs.
|
|
Instead of a nail-biting 650 MB download, 3 to 20 MB or so of bitflips and
|
|
file changes If you either can't handle 650 MB at a time anyway, or like
|
|
the idea of the heavy hit on your bandwidth allocation just being that last
|
|
clump of changes, it's a very good thing.
|
|
</p><p>
|
|
All it needs now is to be even smarter, and programmatically be able to
|
|
fetch newer copies of the packages, then compose a real directory structure
|
|
that correctly describes the files. If someone could do that, you'd only
|
|
have to loopback mount the pseudoCD and re-generate Packages files, to
|
|
have a current- instead of an Official disc, including all those security
|
|
fixes we need to chase down otherwise. Making it bootable might be more
|
|
tricky, but I'd even take a non-bootable one so I can give clients a
|
|
mini-mirror site just by handing them a CD.
|
|
</p><dl>
|
|
<dt>Debian CD images information site:
|
|
<dd> <a href="http://cdimage.debian.org/"
|
|
>http://cdimage.debian.org/</a>
|
|
</dl><p>
|
|
So, I hope some of you find this useful. I'm sure I'll see a number of
|
|
you, and possibly some other members of the Answer Gang, at LinuxWorldExpo.
|
|
</p><p>
|
|
'Til next time -- Heather Stern, The Answer Gang's Editor Gal
|
|
</p>
|
|
<!-- end hgreeting -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> </p>
|
|
<!-- *** BEGIN copyright *** -->
|
|
<H5 align="center">This page edited and maintained by the Editors
|
|
of <I>Linux Gazette</I>
|
|
<a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2001
|
|
<BR>Published in issue 69 of <I>Linux Gazette</I> August 2001</H5>
|
|
<H6 ALIGN="center">HTML script maintained by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<!-- *** END copyright *** -->
|
|
<P> <hr>
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_bytes69.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="lg_tips69.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer68.html"
|
|
><IMG SRC="../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center">
|
|
<A HREF="../issue67/tag/bios.html">A few Answer Gang biographical notes</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../tag/kb.html"
|
|
><IMG SRC="../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|