From troy at psknet.com Wed Oct 1 20:44:08 2008 From: troy at psknet.com (Troy Settle) Date: Wed Oct 1 20:44:15 2008 Subject: spamassassin help Message-ID: <48E3AE19.1040908@psknet.com> All, I'm trying to install SA (first from ports, then via CPAN). Either way, I'm not having much luck... I think the problem is with perl, but I'm not sure. I completedly gutted perl 5.8.8 from the system and re-installed it, but with the same results. Here's the output from sa-update: Use of uninitialized value in hash element at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 52. Use of uninitialized value in pattern match (m//) at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 55. Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 35. Use of uninitialized value in string eq at /usr/local/lib/perl5/site_perl/5.8.8/LWP/UserAgent.pm line 169. Use of uninitialized value in hash element at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 52. Use of uninitialized value in pattern match (m//) at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 55. Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 35. Use of uninitialized value in string eq at /usr/local/lib/perl5/site_perl/5.8.8/LWP/UserAgent.pm line 169. Use of uninitialized value in hash element at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 52. Use of uninitialized value in pattern match (m//) at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 55. Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 35. Use of uninitialized value in string eq at /usr/local/lib/perl5/site_perl/5.8.8/LWP/UserAgent.pm line 169. http: request failed: 500 Can't call method "request" on an undefined value: 500 Can't call method "request" on an undefined value error: no mirror data available for channel updates.spamassassin.org channel: MIRRORED.BY contents were missing, channel failed ============================== The output from sa-update -D is more detailed, but results with the same errors from perl. What do I need to fix, and how do I fix it? Thanks, -- Troy Settle Pulaski Networks ~ http://www.psknet.com 866.477.5638 ~ 540.994.4254 From ekamara at gmail.com Wed Oct 1 22:43:15 2008 From: ekamara at gmail.com (Eric Kamara) Date: Wed Oct 1 22:43:22 2008 Subject: spamassassin help In-Reply-To: <48E3AE19.1040908@psknet.com> References: <48E3AE19.1040908@psknet.com> Message-ID: <432df22f0810011512l92142bak54899fd230717a88@mail.gmail.com> Hi Troy, Maybe you will find help here - http://www.perlmonks.org/?node_id=700362 HTH, Eric On Wed, Oct 1, 2008 at 8:06 PM, Troy Settle wrote: > All, > > I'm trying to install SA (first from ports, then via CPAN). Either way, > I'm not having much luck... I think the problem is with perl, but I'm not > sure. I completedly gutted perl 5.8.8 from the system and re-installed it, > but with the same results. > > Here's the output from sa-update: > > Use of uninitialized value in hash element at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 52. > Use of uninitialized value in pattern match (m//) at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 55. > Use of uninitialized value in concatenation (.) or string at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 35. > Use of uninitialized value in string eq at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/UserAgent.pm line 169. > Use of uninitialized value in hash element at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 52. > Use of uninitialized value in pattern match (m//) at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 55. > Use of uninitialized value in concatenation (.) or string at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 35. > Use of uninitialized value in string eq at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/UserAgent.pm line 169. > Use of uninitialized value in hash element at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 52. > Use of uninitialized value in pattern match (m//) at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 55. > Use of uninitialized value in concatenation (.) or string at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/Protocol.pm line 35. > Use of uninitialized value in string eq at > /usr/local/lib/perl5/site_perl/5.8.8/LWP/UserAgent.pm line 169. > http: request failed: 500 Can't call method "request" on an undefined > value: 500 Can't call method "request" on an undefined value > error: no mirror data available for channel updates.spamassassin.org > channel: MIRRORED.BY contents were missing, channel failed > > ============================== > > The output from sa-update -D is more detailed, but results with the same > errors from perl. > > What do I need to fix, and how do I fix it? > > Thanks, > > > -- > Troy Settle > Pulaski Networks ~ http://www.psknet.com > 866.477.5638 ~ 540.994.4254 > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- Eric --Ad augusta per angusta From jakelleydds at sbcglobal.net Fri Oct 3 10:26:34 2008 From: jakelleydds at sbcglobal.net (Jeff Kelley, DDS) Date: Fri Oct 3 10:26:41 2008 Subject: The Scariest Halloween Trend Message-ID: <8932a2b682ea4450833d18930180ebb0@1stnewsletters.com> Greetings from Jeff Kelley, DDS! Sugar: The Scariest Halloween Trend Halloween is approaching, and so are all those scary costumes and haunted houses. It shouldn?t be the ghouls and ghosts that you fear, however, but the candied apples, trick-or-treat sweets and all the soda that washes them down! Sugary and acidic foods can lead to tooth decay, and that can put a damper on anyone?s festive spirit. While it would be nice if your neighbors all gave out fresh fruit or sugar-free candy (though we?re sure the kids disagree!), high-sugar sweets are still America?s favorite Halloween treat. If possible, try to limit children?s sugar intake. Encourage them to drink plenty of water while snacking ? soda will only make things worse! And finally, while it?s easy to slip into a "sugar coma" and just pass out while watching a favorite horror flick, this is not the time to stray from your brushing or flossing routine. Let your children know that if they eat sweets without their toothbrushes on hand, they should rinse their mouths out with warm water. If you think your child may have developed a cavity (whether the result of Halloween indulgences or not), please call us at (817)877-1651 for a check up. Even temporary baby teeth need to be properly cared for, as tooth decay can affect permanent adult teeth as well. We?d like to wish you and your family the best this fall season. We hope that when the sweets of autumn runneth over, you?ll think of us (and your smiles)! If you have questions regarding sugar and dental health, please call our office at (817)877-1651 or email us at jakelleydds@sbcglobal.net today. Best Regards, Jeff Kelley, DDS P.S. If you have any friends or family members who you feel could use our services, please don't hesitate to have them call us. We'll be sure to take good care of them. From technical at halenet.com.au Wed Oct 8 02:21:03 2008 From: technical at halenet.com.au (lists) Date: Wed Oct 8 02:21:11 2008 Subject: ssh to remote machines using authorized keys Message-ID: <009b01c928e9$fbe1f3b0$6500a8c0@hal> Hi all I have the following situation which I am trying to get around I have a need to be able to ssh without_password using rsa keys to authenticate the ssh session. I have created and installed the ~/.ssh/authorized_keys for both a system user and for root on the remote machine and I have changed the /etc/ssh/sshd_config accordingly and I have run /etc/rc.d/sshd restart. I have successfully logged into the remote machine using the rsa keys for both the root user and the system user. The problem I have is that I want to log into the remote machine as root from a system user on the main machine. Each time I try I get a password prompt and even if I enter the correct root password it gives me "Permission denied (publickey,keyboard-interactive,hostbased)" If I type user prompt $ ssh user@remote.machine it works fine root prompt # ssh root@remote.machine it works fine but when I type user prompt $ ssh root@remote.machine I get prompted for a password followed by the error above, which is "Permission denied (publickey,keyboard-interactive,hostbased)" Can anyone tell me how to get around this? Is it possible? Thanks and Regards Tim From jon at radel.com Wed Oct 8 04:32:29 2008 From: jon at radel.com (Jon Radel) Date: Wed Oct 8 04:32:36 2008 Subject: ssh to remote machines using authorized keys In-Reply-To: <009b01c928e9$fbe1f3b0$6500a8c0@hal> References: <009b01c928e9$fbe1f3b0$6500a8c0@hal> Message-ID: <48EC29B2.3010509@radel.com> lists wrote: > > Hi all > > I have the following situation which I am trying to get around > > I have a need to be able to ssh without_password using rsa keys to > authenticate the ssh session. ... > but when I type > user prompt $ ssh root@remote.machine I get prompted for a password > followed by the error above, which is "Permission denied > (publickey,keyboard-interactive,hostbased)" > > Can anyone tell me how to get around this? Is it possible? Very possible to get around. Make sure the private key for root on the remote machine is available to the system user on the local machine and then specify that file with the -i option to the ssh command. What is almost certainly happening is that your ssh command defaults to the private key for system user which is not the same key as your root (your e-mail isn't 100% clear to me as to whether you are using the same key for the system user and root, but it appears you aren't). If you're going to do that a lot, you can set a default in ~systemuser/.ssh/config to specify that all connections to root@remote should default to using root's private key. --Jon Radel jon@radel.com From technical at halenet.com.au Wed Oct 8 07:15:52 2008 From: technical at halenet.com.au (lists) Date: Wed Oct 8 07:15:58 2008 Subject: ssh to remote machines using authorized keys References: <009b01c928e9$fbe1f3b0$6500a8c0@hal> <48EC29B2.3010509@radel.com> Message-ID: <0b6701c92915$ac7153d0$6500a8c0@hal> Thanks Jon > If you're going to do that a lot, you can set a default in > ~systemuser/.ssh/config to specify that all connections to root@remote > should default to using root's private key. If you don't mind I would like you to clarify the steps to address the config above The machine I am ssh ing from is local The machine I am ssh ing to is remote To do as above, do I create a .~ssh/config file with the following contents on the local machine and restart sshd /etc/rc.d/sshd restart Host remote.domainname #which is the connection name I am assuming User root Port 22 HostName remote.domainname # which is the hostname of the remote machine I am not sure what the permissions should be though. Do they need to be changed? do I need to change the /root/.ssh/id_rsa and id_rsa.pub to the systemuser? or should they stay the same. Or do I change the authorized_keys permissions The error I am getting is a permission denied which makes me think that I need to change some of the permissions. Currently the perms are 600 on both the /root/.ssh/id_rsa and id_rsa.pub and the /home/systemuser/authorized_keys Thanks and Regards Tim From mario at schmut.com Wed Oct 8 07:56:15 2008 From: mario at schmut.com (Mario Theodoridis) Date: Wed Oct 8 07:56:30 2008 Subject: ssh to remote machines using authorized keys In-Reply-To: <0b6701c92915$ac7153d0$6500a8c0@hal> References: <009b01c928e9$fbe1f3b0$6500a8c0@hal> <48EC29B2.3010509@radel.com> <0b6701c92915$ac7153d0$6500a8c0@hal> Message-ID: <200810080029.31645.mario@schmut.com> On Wednesday 08 October 2008 12:15:42 am lists wrote: > Thanks Jon > > > If you're going to do that a lot, you can set a default in > > ~systemuser/.ssh/config to specify that all connections to root@remote > > should default to using root's private key. > > If you don't mind I would like you to clarify the steps to address the > config above > > The machine I am ssh ing from is local > The machine I am ssh ing to is remote > > To do as above, do I create a .~ssh/config file with the following > contents on the local machine and restart sshd /etc/rc.d/sshd restart > > Host remote.domainname #which is the connection name I am assuming > User root > Port 22 > HostName remote.domainname # which is the hostname of the remote machine > > I am not sure what the permissions should be though. Do they need to be > changed? do I need to change the /root/.ssh/id_rsa and id_rsa.pub to > the systemuser? or should they stay the same. Or do I change the > authorized_keys permissions The error I am getting is a permission denied > which makes me think that I need to change some of the permissions. > Currently the perms are 600 on both the /root/.ssh/id_rsa and id_rsa.pub > and the /home/systemuser/authorized_keys These are the permissions on my system: #ll ~/.ssh/ total 24 drwx------ 2 root wheel 512 Sep 11 00:05 . drwxr-xr-x 30 root wheel 2048 Oct 8 00:21 .. -rw-r--r-- 1 root wheel 1838 Jan 29 2008 authorized_keys -rw------- 1 root wheel 883 Jul 23 2006 id_rsa -rw-r--r-- 1 root wheel 232 Jul 23 2006 id_rsa.pub -rw-r--r-- 1 root wheel 12503 Sep 30 22:46 known_hosts Note the lack of group writability in the home directory. These are the same for every user, i.e. root is not special in this respect. So when i want to ssh to user@remote.system then ~user/.ssh/authorized_keys on remote.system needs to contain my id_rsa.pub. Hope this sums it up. mario;> From wolf at k18.ch Mon Oct 13 11:05:09 2008 From: wolf at k18.ch (Alain Wolf) Date: Mon Oct 13 11:05:15 2008 Subject: Suhosin Segmentation Fault Message-ID: After upgrading FreeBSD from 6.3-p3 to 6.3-p5 on our server, all websites just display a blank page and every HTTP request created a line as follows in the logs: child pid 80326 exit signal Segmentation fault (11) This same problem happened on another server a few months ago after the upgrade from 6.3-p3 to 6.3-p4, but after a rebuild of all FreeBSD ports all went back to normal. However several rebuilds of all ports did not solve the problem on this one. To narrow down the problem: After disabling the PHP module in Apache the problem disappears. Re-enabling PHP, but disabling the Suhosin extension also works fine. The trick found in this forum, to load the Suhosin extension before all other PHP extensions in /usr/local/etc/php/extensions.ini does not help. In fact not loading any extension at all except Suhosin creates the segfault errors. Commenting out our Suhosin settings in php.ini to load it with default values did not help. FreeBSD 6.3-RELEASE-p5 Apache 2.2.9 (DAV/2 mod_python/3.3.1 Python/2.5.2 SVN/1.5.2) PHP Version 5.2.6 Suhosin Patch 0.9.6.2 Suhosin PHP extension 0.9.27 All installed from the ports. PHP (cli) seems to run fine at all times when called from the command-line. Any suggestions? Thanks Alain Wolf, Zurich, Switzerland From michael.schuh at gmail.com Mon Oct 13 12:51:18 2008 From: michael.schuh at gmail.com (Michael Schuh) Date: Mon Oct 13 12:51:25 2008 Subject: Suhosin Segmentation Fault (Alain Wolf) Message-ID: <1dbad3150810130523i5d0b4dffr94440a59d9bf9d26@mail.gmail.com> > 1. Suhosin Segmentation Fault (Alain Wolf) > Hello Alain, Hello @list, try to change the order of loading the php-modules.....they could get not loaded with respects to their dependencies....one possibility in my case it has helped.... if i remember right :/usr/local/etc/php/extensions.ini is to edit.... greetings michael -- === m i c h a e l - s c h u h . n e t === Michael Schuh Postfach 10 21 52 66021 Saarbr?cken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m === Ust-ID: DE251072318 === From wolf at k18.ch Mon Oct 13 14:57:22 2008 From: wolf at k18.ch (Alain Wolf) Date: Mon Oct 13 14:57:28 2008 Subject: Suhosin Segmentation Fault In-Reply-To: <1dbad3150810130523i5d0b4dffr94440a59d9bf9d26@mail.gmail.com> References: <1dbad3150810130523i5d0b4dffr94440a59d9bf9d26@mail.gmail.com> Message-ID: <48F35B8E.5000709@k18.ch> On 13.10.2008 09:49, Alain Wolf wrote: > The trick found in this forum, to load the Suhosin extension before all > other PHP extensions in /usr/local/etc/php/extensions.ini does not help. > In fact not loading any extension at all except Suhosin creates the > segfault errors. On 13.10.2008 14:23, Michael Schuh wrote: >> 1. Suhosin Segmentation Fault >> > > Hello Alain, > Hello @list, > > try to change the order of loading the php-modules.....they could get not > loaded > with respects to their dependencies....one possibility > in my case it has helped.... > if i remember right :/usr/local/etc/php/extensions.ini > is to edit.... > > greetings > > michael > > Hello Michael We tried that already. As soon as the line "extension=suhosin.so" is present anywhere in the file, the apache-children crash. cat /usr/local/etc/php/extensions.ini extension=gd.so extension=ctype.so extension=pcre.so extension=session.so extension=bz2.so extension=openssl.so extension=zlib.so extension=mbstring.so extension=mysql.so extension=pdf.so extension=mcrypt.so extension=simplexml.so extension=spl.so extension=mysqli.so extension=xml.so extension=iconv.so extension=hash.so extension=tokenizer.so extension=calendar.so extension=ftp.so extension=xmlrpc.so extension=xmlwriter.so extension=zip.so extension=filter.so ;extension=suhosin.so extension=wddx.so extension=mhash.so extension=json.so extension=dom.so extension=xmlreader.so extension=exif.so extension=ncurses.so extension=gettext.so extension=ldap.so extension=pdo.so extension=soap.so extension=tidy.so extension=pdo_sqlite.so extension=apc.so extension=readline.so extension=xsl.so extension=curl.so Regards Alain From copyright at youtube.com Tue Oct 14 19:01:49 2008 From: copyright at youtube.com (Copyright Service) Date: Tue Oct 14 19:01:56 2008 Subject: Failed (copyright@youtube.com) In-Reply-To: <20081014185114.43C6940005@sjl-mbox1.sjl.youtube.com> Message-ID: <#14.14df4267.de3e6d8.48f4ea2b.a8b@google.trakken.com> This is an automated response to let you know that your message has been caught by our spam filter. Something in your message set it off, and your message won't be read. Please don't reply to this message -- we won't get your response. We want to hear from you, however, and apologize for this inconvenience! Please try sending your message again, possibly excluding any strange text or images. Sending your message as "Plain Text" is probably a good idea too. Alternately, you can send us a message using the contact form in our help center. http://www.google.com/support/youtube Original Message Follows: ------------------------ From: freebsd-isp@freebsd.org Subject: Failed (copyright@youtube.com) Date: Tue, 14 Oct 2008 13:51:11 -0500 ******************************************************************** Original filename: Virus discovered: HTML/IFrame ******************************************************************** A file that was attached to this email contained a virus. It is very likely that the original message was generated by the virus and not a person - treat this message as you would any other junk mail (spam). For more information on why you received this message please visit: http://www.corp.google.com/ops/sysops/services/email/filtering/spam-virus/end_user.html#virusoverview For specific questions about this policy, or if this is a matter requiring the attention of a human, open a Helpdesk ticket. ******************************************************************** ******************************************************************** Original filename: message.pif Virus discovered: W32/Netsky.Q@mm ******************************************************************** A file that was attached to this email contained a virus. It is very likely that the original message was generated by the virus and not a person - treat this message as you would any other junk mail (spam). For more information on why you received this message please visit: http://www.corp.google.com/ops/sysops/services/email/filtering/spam-virus/end_user.html#virusoverview For specific questions about this policy, or if this is a matter requiring the attention of a human, open a Helpdesk ticket. ******************************************************************** From internet-drafts at ietf.org Wed Oct 15 05:26:33 2008 From: internet-drafts at ietf.org (internet-drafts@ietf.org) Date: Wed Oct 15 05:27:33 2008 Subject: Confirm: internet-drafts@ietf.org:RHQRYmSPV-yw:yi_KDYE4_ERYkqGKUbJT8M_G0wmQNxygocI1-Q Message-ID: <20081015052531.BD1393A67E7@core3.amsl.com> Confirmation of list posting -- confirmation ID: RHQRYmSPV-yw The ietf.org mailing-list server has received a list posting from freebsd-isp@freebsd.org to internet-drafts@ietf.org with the subject 'fake' As the sender address isn't subscribed to the list, and has not been confirmed earlier, we have to request a confirmation of the address. To confirm the address, send a message to internet-drafts@ietf.org, with the same subject line as this message. (Simply sending a 'reply' to this message should work from most email interfaces, since that usually leaves the subject line in the right form. The reply's additional "Re:" is ok.) If you do not wish your posting to the list to go through, simply disregard this message. Questions to postmaster@ietf.org. From hwahing at smartteam.net Wed Oct 15 06:55:54 2008 From: hwahing at smartteam.net (Ling Hwa Hing) Date: Wed Oct 15 06:56:00 2008 Subject: Confirm: internet-drafts@ietf.org:RHQRYmSPV-yw:yi_KDYE4_ERYkqGKUbJT8M_G0wmQNxygocI1-Q In-Reply-To: <20081015052531.BD1393A67E7@core3.amsl.com> References: <20081015052531.BD1393A67E7@core3.amsl.com> Message-ID: <48F58D02.8030704@smartteam.net> internet-drafts@ietf.org wrote: > Confirmation of list posting -- confirmation ID: RHQRYmSPV-yw > > The ietf.org mailing-list server has received a list posting from > freebsd-isp@freebsd.org to internet-drafts@ietf.org with the subject > 'fake' > > As the sender address isn't subscribed to the list, and has not been > confirmed earlier, we have to request a confirmation of the address. > To confirm the address, send a message to internet-drafts@ietf.org, > with the same subject line as this message. > > (Simply sending a 'reply' to this message should work from most email > interfaces, since that usually leaves the subject line in the right > form. The reply's additional "Re:" is ok.) > > If you do not wish your posting to the list to go through, simply > disregard this message. Questions to postmaster@ietf.org. > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From troy at psknet.com Thu Oct 16 18:17:42 2008 From: troy at psknet.com (Troy Settle) Date: Thu Oct 16 18:17:49 2008 Subject: slow file access Message-ID: <48F7852D.2080809@psknet.com> All, I have a 4-STABLE box that's been in service for 5+ years. Yes, I know it's old, but it's been rock-solid, and migration to a new server would take days to accomplish, but I fear that's what I'm faced with.. Specs on the server: Dual Xeon 2.8Ghz / 4GB / ~35GB RAID-1 (system) / ~105GB RAID-5 (mail storage) For the last week or so, I've been getting spurts of MySQL connection failures in my mail logs, but the total number of connections never even comes close the max connections allowed for the server. Occasionally, our website will appear to completely stall for a few seconds, and most frustrating of all, when I'm poking around in a shell, things will sometimes hang for several seconds while performing certain tasks (like cd, ls, tail, etc...). Even top took like 8 seconds to start displaying a process list. According to raidutil, both raid volumes are optimal. Nothing shows up in syslog. Here's some info from top(1): last pid: 8799; load averages: 0.20, 0.43, 0.38 up 35+23:48:22 14:11:46 263 processes: 2 running, 261 sleeping Mem: 1027M Active, 2100M Inact, 393M Wired, 178M Cache, 199M Buf, 75M Free Swap: 4096M Total, 72K Used, 4096M Free I'm at a loss as to what I should look at next... anyone have any suggestions before I commit myself to a VERY long weekend moving everything to a new box? Thanks, -- Troy Settle Pulaski Networks 866.477.5638 From brd at freebsd.org Tue Oct 21 16:17:32 2008 From: brd at freebsd.org (Brad Davis) Date: Tue Oct 21 16:18:04 2008 Subject: slow file access In-Reply-To: <48F7852D.2080809@psknet.com> References: <48F7852D.2080809@psknet.com> Message-ID: <35ffa5710810210856q34ec73cbhac8d2bd5b58a780@mail.gmail.com> On Thu, Oct 16, 2008 at 12:17, Troy Settle wrote: > > All, > > I have a 4-STABLE box that's been in service for 5+ years. Yes, I know it's > old, but it's been rock-solid, and migration to a new server would take days > to accomplish, but I fear that's what I'm faced with.. > > Specs on the server: Dual Xeon 2.8Ghz / 4GB / ~35GB RAID-1 (system) / ~105GB > RAID-5 (mail storage) > > For the last week or so, I've been getting spurts of MySQL connection > failures in my mail logs, but the total number of connections never even > comes close the max connections allowed for the server. > > Occasionally, our website will appear to completely stall for a few seconds, > and most frustrating of all, when I'm poking around in a shell, things will > sometimes hang for several seconds while performing certain tasks (like cd, > ls, tail, etc...). Even top took like 8 seconds to start displaying a > process list. According to raidutil, both raid volumes are optimal. > Nothing shows up in syslog. Here's some info from top(1): > > last pid: 8799; load averages: 0.20, 0.43, 0.38 up 35+23:48:22 > 14:11:46 > 263 processes: 2 running, 261 sleeping > Mem: 1027M Active, 2100M Inact, 393M Wired, 178M Cache, 199M Buf, 75M Free > Swap: 4096M Total, 72K Used, 4096M Free > > I'm at a loss as to what I should look at next... anyone have any > suggestions before I commit myself to a VERY long weekend moving everything > to a new box? I would check to make sure the disks aren't flaking out. Depending on if you can see the individual disks in the RAID you could run smartctl on them to make sure they aren't remapping sectors or something like that. I have seen this manifest from disk problems where the RAID controller still thinks the disks are OK. Regards, Brad Davis From copyright at youtube.com Thu Oct 23 23:54:28 2008 From: copyright at youtube.com (Copyright Service) Date: Thu Oct 23 23:54:36 2008 Subject: In-Reply-To: <20081023234351.20E9440002@sjl-mbox1.sjl.youtube.com> Message-ID: <#14.1528a2dc.e9ce540.49010c41.ba8@google.trakken.com> This is an automated response to let you know that your message has been caught by our spam filter. Something in your message set it off, and your message won't be read. Please don't reply to this message -- we won't get your response. We want to hear from you, however, and apologize for this inconvenience! Please try sending your message again, possibly excluding any strange text or images. Sending your message as "Plain Text" is probably a good idea too. Alternately, you can send us a message using the contact form in our help center. http://www.google.com/support/youtube Original Message Follows: ------------------------ From: freebsd-isp@freebsd.org Subject: Date: Thu, 23 Oct 2008 19:43:32 -0400 The original message was received at Thu, 23 Oct 2008 19:43:32 -0400 from freebsd.org [208.36.25.6] ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- while talking to youtube.com.: >>> MAIL From:freebsd-isp@freebsd.org <<< 501 freebsd-isp@freebsd.org... Refused ******************************************************************** Original filename: transcript.scr Virus discovered: W32/Mydoom.M@mm ******************************************************************** A file that was attached to this email contained a virus. It is very likely that the original message was generated by the virus and not a person - treat this message as you would any other junk mail (spam). For more information on why you received this message please visit: http://www.corp.google.com/ops/sysops/services/email/filtering/spam-virus/end_user.html#virusoverview For specific questions about this policy, or if this is a matter requiring the attention of a human, open a Helpdesk ticket. ******************************************************************** From dennis at deerfieldhosting.com Fri Oct 31 04:31:22 2008 From: dennis at deerfieldhosting.com (Dennis Mathiasen) Date: Fri Oct 31 04:31:29 2008 Subject: PF firewall and user logging Message-ID: <59140.10.0.0.6.1225450142.squirrel@main.here> Hi, On a 7.1-PRERELEASE amd64 system using the pf firewall I am attempting to get user logging working with a lines like this: pass out quick on em0 proto tcp from any to port { 80, 443 } queue www block out quick log (user, to pflog0) on em0 proto tcp from any to any port 80 Some outbound connections need to be allowed (like twitter.com, akismet.com, etc.) but most should not be. The problem is that no user information is included in the log. I found posts suggesting that tcpdump -n -e -v -r /var/log/pflog should show userid information, but it doesn't. Nor does -vv or -vvv. Because our customers are frequently lazy about updating php based software their sites occasionally get compromised. While I can eventually locate the problem user, it can take time. Sometimes the criminals who do this stuff are smart about it and only run their scripts sporadically making this very difficult. Has anyone run into this and found a solution? Am I missing something? Thanks! Dennis Mathiasen dennis@deerfieldhosting.com