File: lg_answer69.html

package info (click to toggle)
lg-issue69 2-1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 1,996 kB
  • ctags: 141
  • sloc: perl: 131; sh: 59; sql: 49; makefile: 45
file content (352 lines) | stat: -rw-r--r-- 18,843 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
	LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<P> <hr> 
<CENTER>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_bytes69.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="lg_tips69.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom"  ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
</CENTER>
</p>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<p align="center">
<table width="100%" border="0"><tr>
<td align="right" valign="center"
        ><IMG ALT="" SRC="../gx/navbar/left.jpg"
        WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
><A HREF="..//"
        ><IMG SRC="../gx/navbar/toc.jpg" align="middle"
              ALT="[ Table Of Contents ]" border="0"></A
><A HREF="../lg_answer68.html"
        ><IMG SRC="../gx/dennis/answertoc.jpg" align="middle"
              ALT="[ Answer Guy Current Index ]" border="0"></A></td>
<td align="center" valign="center">
  <A HREF="../issue67/tag/bios.html">A few Answer Gang biographical notes</A> 
  </td>
<td align="left" valign="center"><A HREF="../tag/kb.html"
        ><IMG SRC="../gx/dennis/answerpast.jpg" align="middle"
              ALT="[ Index of Past Answers ]" border="0"></A
><IMG ALT="" SRC="../gx/navbar/right.jpg" align="middle"
        WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
</p>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<center>
<H1><A NAME="answer">
	<img src="../../gx/dennis/qbubble.gif" alt="(?)" 
		border="0" align="middle">
	<font color="#B03060">The Answer Gang</font>
	<img src="../../gx/dennis/bbubble.gif" alt="(!)" 
		border="0" align="middle">
</A></H1> 
<BR>
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
	the Editors of Linux Gazette... 
	and You!
<br>Send questions (or interesting answers) to
	<a href="mailto:linux-questions-only@ssc.com"'
		>linux-questions-only@ssc.com</a>
</H4>
<p><em><font color="#990000">There is no guarantee that your questions
	here will <b>ever</b> be answered.  Readers at confidential sites
	must provide permission to publish.  However, you can be published 
	anonymously - just let us know!
</font></em></p>
</center>

<p><hr><p>
<!--  endcut ======================================================= -->
<A NAME="tag/greeting"><HR WIDTH="75%" ALIGN="center"></A>
<H3 align="left"><img src="../gx/dennis/hbubble.gif"
        height="50" width="60" alt="(&para;) " border="0"
        >Greetings from Heather Stern</H3>
<!-- begin hgreeting -->
<p>
Hello, everyone, and welcome once more to the world of the Linux Gazette
Answer Gang.
</p><p>
The peeve of the month having been Non-Linux questions for a few too many
weeks in a row,  The Answer Gang has a new address.  Tell your friends:
</p><h3 align="center">
	linux-questions-only
</H3><p>	
...at ssc.com is now the correct place to mail your questions, and your
cool Linux answers.  It's our hope this will stop us from getting anything
further about pants stains, U.S. history, etc.  Cross platform matters with
Linux involved are still fine, of course.
</p><p>
For some statistics... there were over 31 answer threads, 25 tips (some
were mini threads) and over 600 messages incoming - and that's <em>after</em>
I deleted the spam that always leaks through. 200 more messages than last
month.  I'm pleased to see that the Gang is up to the task.
</p><p>
Now at this point I bow humbly and beg your forgiveness, that, being a 
working consultant with more clients than usual keeping me busy, I wasn't 
able to get all of these HTML formatted for you this time.  In theory
I can put a few as One Big Column but the quality is worse and we drive
the search engines crazy enough already.  I can definitely assure you that
next month's Answer Gang will have <em>tons</em> of juioy answers.
</p><p>
Meanwhile I hope I can mollify you with some of the Linux tools that have
been useful or relevant to me during my overload this month.
</p><p>
Mail configuration has been a big ticket item here at Starshine.  You may 
or may not be aware that by the time we go to press, the MAPS Realtime 
Blackhole List is now a paid service.  That means folks who have been 
depending on the RBL and its companion, the Dialup List, have to pay for 
the hard work of the MAPS team... and their bandwidth.   You can find other
sources of blacklisting information, or start enforcing your own policies
... but I would like to make sure and spread the news that they aren't 
going exclusively to big moneybags - file for hobbyist, non-profit or 
small site usage and you don't have to pay as much.  Maybe nothing.  But 
you do have to let them know if you want to use it, now.
</p><dl>
<dt>Mail Abuse Prevention System:
<dd>	<a href="http://www.mail-abuse.org/"
		>http://www.mail-abuse.org/</a>
</dl><p>
My fellow sysadmins had been seeing this coming for a long time.  Many 
actually prefer to know what sort of things are being blocked or not, 
anyway.  Censorship after all, is the flip side of the same coin. 
Choosing what's junk TO YOU is one thing, junking stuff you actually need
is entirely another.  If others depend on you then you have to be much more
careful.  Plaintext SMTP isn't terribly secure but it's THEIR mail, unless
you have some sort of contract with them about it.
</p><p>
So, I've been performing "Sherriff's work" for at least one client for a 
long while now anyway - just tweaking the filter defenses so that the kind of
spam which gets in, stays out next time.  There's a fairly new project on 
Sourceforge called Razor, which aims for anti-spam by signatures, the same 
way that antivirus scanners check for trojans and so on.  I haven't had time
to look into it, but I think they're on the right track.
</p><dl>
<dt>Razor:
<dd>	<a href="http://razor.sourceforge.net/"
		>http://razor.sourceforge.net/</a>
</dl><p>
Procmail (my favorite local delivery agent) has this great scoring mechanism;
it can help, or it can drive you crazy (depending on whether you grok their
little regex language - I like it fine).  I definitely recommend taking a
look at "junkfilter" package of recipes for it even if you are planning to
roll your own.  The best part is that it is <strong>not</strong> just one
big recipe - it's a bunch of them, so you can choose which parts to apply.  
</p><p>
Do make sure you have at least version 3.21 of procmail though. It's actually
gotten some improvement this month.
</p><dl>
<dt>Procmail:
<dd>	<a href="http://www.procmail.org/"
		>http://www.procmail.org/</a>
</dl><dl>
<dt>Junkfilter:
<dd>	<a href="http://junkfilter.zer0.org/"
		>http://junkfilter.zer0.org/</a>
</dl><p>
Folks who hate this stuff can try Sendmail's milters, Exim's filtering 
language, or possibly, do it all at the mail clients after the mail has
been delivered to people.
</p><p>
Whether your filters are mail-client, local-delivery, or MTA based, making
them sanity check that things are coming really to you, and from addresses
that really exist, can have a dramatic improvement.  The cost is processing
power and often, a certain amount of network bandwidth, but if you're really
getting hammered, it's probably worth it.  Besides if my 386 can deal with
just plain mail your PentiumIII-700 can actually do some work for a living
and probably not even notice, until your ethernet card starts complaining.
More on that 386 in a bit...
</p><p>
I've got a client who just switched from University of Washington's IMAP
daemon over to Courier.  The Courier MTA is just terrible (we tried, but
ended up thoroughly debugging a sendmail setup instead, and the system is
MUCH happier).  But the IMAP daemon itself is so much better it's hard
to believe.  He's convinced that it is more than the switch to maildirs
that makes it so incredibly fast.   He does get an awful lot of mail, so
I suspect Maildirs is what made the difference noticeable.  We may never 
know for sure.
</p><dl>
<dt>Courier-IMAP:
<dd>	<a href="http://www.inter7.com/courierimap/"
		>http://www.inter7.com/courierimap/</a>
</dl><p>
The world of DNS is getting more complicated every month, and slower.  
This has been clearly brought to light for me by two things - my client
at last taking over his own destiny rather than hosting through an ISP,
and my own mail server here at Starshine.
</p><p>
It used to be that there was only one choice for DNS, so ubiquitous
it's called "the internet name daemon" - BIND, of course.  And I'm very 
pleased to see that its new design seems to be holding up.  Still it has
the entire kitchen sink in it, and that makes it very complicated for 
small sites, even though there are a multitude of programs out there
to help the weary sysadmin.
</p><p>
A bunch of folks - including some among the Gang - really enjoy djbdns, 
but you have to buy into DJ Bernstein's philosophy about some things in 
order to be comfortable with it.  Its default policies are also a bit 
heavy handed about reaching for the root servers, which are, of course,
overloaded.  Still it's very popular and you can bet the mailing list 
folks will help you with it.
</p><dl>
<dt>djbdns:
<dd>	<a href="http://cr.yp.to/djbdns.html"
		>http://cr.yp.to/djbdns.html</a>
</dl><p>
However, his stuff (especially his idea of configuration files and "plain
english" in his docs) gives me indigestion, so I kept looking.  There are so
many caching-only nameservers I can't count them all.  It's a shame that
freshmeat's DNS category doesn't have sub categories for dynamic-dns, 
authoritative, and caching only, because that sure would make it easier 
to find the right one for the job.
</p><p>
However, I did find this pleasant little gem called MaraDNS.  It was 
designed first to be authoritative <em>only</em>, uses a custom string
library, and is trying to be extra careful about the parts of the DNS spec
it implements.  It was also easy to set up; zone files are very readable.
It looks like the latest dev version allows caching too... though whether
that's a creeping-feature is a good question.
</p><dl>
<dt>MaraDNS:
<dd>	<a href="http://www.maradns.org/"
		>http://www.maradns.org/</a>
</dl><p>
For years I've been pretty proud that we can run our little domain on a
386.  (Ok, we are cheating, that's not the web server.)  But I could just
<strong>kick myself</strong> for forgetting to put a DNS cache on it 
directly.  So the poor thing has been struggling with the evil internet's
timeouts lately and bravely plugging on...  occasionally sending me "sorry
boss, I couldn't figure out where to send it" kind of notes.  (No, it's not
qmail. I'm translating to English from RFC822-ese.) 
</p><p>
So I look at the resolv.conf chain.  No local cache.  What was I thinking?
(or maybe: What?  Was I thinking?  Obviously not.)
</p><p>
I tried pdnsd, because I liked the idea of a permanent cache... much more 
like having squid between you and the web, than just having a little memory
buffer for an hour or two.
</p><p>
However, the binary packages didn't work.  I wasn't going to compile it 
locally at the 386.  I'll get to reading its source maybe, but if anyone 
has successful experiences with it, I'd enjoy seeing your article in the 
<em>Gazette</em> someday soon.  I don't think I've tried very hard yet, 
but I had hoped it would be easier.
</p><p>
Meanwhile I had no time left and Debian made it a snap to have bind in cache
only mode.  Resolutions during mail seem to be much happier now.
</p><dl>
<dt>pdnsd:
<dd>	<a href="http://home.t-online.de/home/Moestl/"
		>http://home.t-online.de/home/Moestl/</a>
</dl><p>
There are also more mailing list managers out there than plants in my garden.
I've got a big project for a different client where the "GUI front end" is 
being dumbed down for the real end users, and I get to cook up a curses front 
end in front of the real features, for the staff to use.  It's very customized
to their environment.  I do hope they like it.
</p><p>
If you're working on a mailing list project, I beg, I plead, try and have 
something in between the traditional thrashing through pools of text files, 
and the gosh-nobody-wants-security-these-days web based administration.   
That way I can take less time to make the big bucks, and folks are a little 
bit happier with Linux. 
</p><p>
However, if you have in mind to do anything of the sort on your own, and you
prefer to work with shell scripts, I recommend Dialog.  Make sure you get a
recent version though.  There are a gazillion minor revisions and brain damaged
variants like whiptail.  Debian seemed to have the newest and most complete
amongst the distros I have lying around, so I ended up grafting its version
into another distro.  But, I finally tripped across a website for it that 
appears to be up to date. Use the "home" link to read of its muddied past.
</p><dl>
<dt>Dialog:
<dd>	<a href="http://www.AdvancedResearch.org/dialog/left-frame.html"
		>http://www.AdvancedResearch.org/dialog/left-frame.html</a>
</dl><p>
Lastly, Debian potato for Sparc isn't nearly as hard as I thought it was
going to be, but configuring all those pesky services on a completely fresh
box, that's the same pain every time.  It wouldn't be, if every client had
the same network plans, but - you know it - they don't!
</p><p>
I also had no ready Sparc disc 1, but a pressing need to get it, and my link
is not exactly the world's speediest.
</p><p>
Debian's pseudo image kit is a very strange and cool thing.  It's a bit clunky
to get going - you need to fetch some text files to get it started, and tell
it what files are actually in the disc you're going to put together.  But, 
once you've fed it that, it creates this "dummy" image which has its own 
padding where the directory structures will go, amd the files go in between. 
If some of them don't make it, oh well.  But you can get them from anywhere
on the mirror system ... much closer to home, usually,  Leave the darn thing 
growing a pseudo image overnight, then come back the next day and run rsync
against an archive site that allows rsync access to its official Debian CDs.
Instead of a nail-biting 650 MB download, 3 to 20 MB or so of bitflips and
file changes  If you either can't handle 650 MB at a time anyway, or like 
the idea of the heavy hit on your bandwidth allocation just being that last
clump of changes, it's a very good thing.
</p><p>
All it needs now is to be even smarter, and programmatically be able to 
fetch newer copies of the packages, then compose a real directory structure 
that correctly describes the files.  If someone could do that, you'd only
have to loopback mount the pseudoCD and re-generate Packages files, to 
have a current- instead of an Official disc, including all those security 
fixes we need to chase down otherwise.  Making it bootable might be more
tricky, but I'd even take a non-bootable one so I can give clients a 
mini-mirror site just by handing them a CD.
</p><dl>
<dt>Debian CD images information site:
<dd>	<a href="http://cdimage.debian.org/"
		>http://cdimage.debian.org/</a>
</dl><p>
So, I hope some of you find this useful.  I'm sure I'll see a number of 
you, and possibly some other members of the Answer Gang, at LinuxWorldExpo.  
</p><p>
'Til next time -- Heather Stern, The Answer Gang's Editor Gal
</p>
<!-- end hgreeting -->
<!--startcut ======================================================= -->
<P> <hr> </p>
<!-- *** BEGIN copyright *** -->
<H5 align="center">This page edited and maintained by the Editors
        of <I>Linux Gazette</I>
<a href="http://www.linuxgazette.com/copying.html"
        >Copyright &copy;</a> 2001
<BR>Published in issue 69 of <I>Linux Gazette</I> August 2001</H5>
<H6 ALIGN="center">HTML script maintained by
        <A HREF="mailto:star@starshine.org">Heather Stern</a> of
        Starshine Technical Services,
        <A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H6>
<!-- *** END copyright *** -->
<P> <hr> 
<P> <hr> 
<CENTER>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_bytes69.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="lg_tips69.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom"  ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
</CENTER>
</p>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<p align="center">
<table width="100%" border="0"><tr>
<td align="right" valign="center"
        ><IMG ALT="" SRC="../gx/navbar/left.jpg"
        WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
><A HREF="..//"
        ><IMG SRC="../gx/navbar/toc.jpg" align="middle"
              ALT="[ Table Of Contents ]" border="0"></A
><A HREF="../lg_answer68.html"
        ><IMG SRC="../gx/dennis/answertoc.jpg" align="middle"
              ALT="[ Answer Guy Current Index ]" border="0"></A></td>
<td align="center" valign="center">
  <A HREF="../issue67/tag/bios.html">A few Answer Gang biographical notes</A> 
  </td>
<td align="left" valign="center"><A HREF="../tag/kb.html"
        ><IMG SRC="../gx/dennis/answerpast.jpg" align="middle"
              ALT="[ Index of Past Answers ]" border="0"></A
><IMG ALT="" SRC="../gx/navbar/right.jpg" align="middle"
        WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
</p>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->