Server is under severe pressure with 1000+ POP / IMAP checks per day.

Enabled ports 37 and 123 TCP/UDP to allow the windows 2000 Server to access the time servers.
Going to harden the system and explicitly restrict some ports:

Configuring the Mailman software for the BELTA Mailing List.

Following configuration options obtained from:

http://www.whoopis.com/howtos/mailman-howto.html


Edit /var/mailman/Mailman/mm_cfg.py and fix these lines:
DEFAULT_URL_HOST = 'www.domain.com'
DEFAULT_EMAIL_HOST = 'domain.com'

Edit /etc/httpd/conf.d/mailman.conf and uncomment/fix this line:

RedirectMatch /mailman[/]*$ http://www.domain.com/mailman/listinfo
Then restart httpd.

cd /var/mailman/bin and run "mmsitepass" to set the Mailman site password.

Create a "site-wide" mailing list. This is the one that password reminders will appear to come from.
It needs to be called "mailman." cd /var/mailman/
./newlist

Follow the prompts.
NOTE: When it asks for admin "name", enter an email address, or it'll fail.
Ignore the /etc/aliases line that it spews out at you, you don't care about messages being sent TO the "mailman" list. (Right?)
(sudo) /etc/init.d/mailman start

Now create your real mailing list(s) via the web interface.
It will tell you to paste some lines into /etc/aliases, like this: mymailinglist:

"/var/mailman/mail/mailman post mymailinglist"
mymailinglist-admin: "/var/mailman/mail/mailman admin mymailinglist"
mymailinglist-bounces: "/var/mailman/mail/mailman bounces mymailinglist"
mymailinglist-confirm: "/var/mailman/mail/mailman confirm mymailinglist"
mymailinglist-join: "/var/mailman/mail/mailman join mymailinglist"
mymailinglist-leave: "/var/mailman/mail/mailman leave mymailinglist"
mymailinglist-owner: "/var/mailman/mail/mailman owner mymailinglist"
mymailinglist-request: "/var/mailman/mail/mailman request mymailinglist"
mymailinglist-subscribe: "/var/mailman/mail/mailman subscribe mymailinglist"
mymailinglist-unsubscribe: "/var/mailman/mail/mailman unsubscribe mymailinglist"
Then run the "newaliases" command. Also, make sure that the installation of Mailman already put in two similar lines (add them if not): # Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
postmaster: root
If you're using /etc/mail/virtusertable and you want to have a catchall/wildcard address, add entries like this to virtusertable: # mailman aliases
mailman@domain.com mailman
mailman-owner@domain.com mailman-owner
mymailinglist@domain.com mymailinglist
mymailinglist-admin@domain.com mymailinglist-admin
mymailinglist-bounces@domain.com mymailinglist-bounces
mymailinglist-confirm@domain.com mymailinglist-confirm
mymailinglist-join@domain.com mymailinglist-join
mymailinglist-leave@domain.com mymailinglist-leave
mymailinglist-owner@domain.com mymailinglist-owner
mymailinglist-request@domain.com mymailinglist-request
mymailinglist-subscribe@domain.com mymailinglist-subscribe
mymailinglist-unsubscribe@domain.com mymailinglist-unsubscribe
Restart sendmail.
Explanation: Because virtusertable is parsed before aliases, these lines in virtusertable hand off matches to aliases which in turn pipes them to the appropriate Mailman processors. This way you can still have a wildcard address in your virtusertable file, after the Mailman meta-aliases.
Another badly-documented task. To delete specific messages from your list archives, do the following: cd /var/mailman/archives/private # public archs are just symlinked to private
rm -rf mailinglist
cd /var/mailman/archives/private/goosepondchat.mbox
edit goosepondchat.mbox, delete the lines containing the messages you want gone
cd /var/mailman/bin
run ./arch mailinglist
The last command shown here will regenerate the database and html so that the rest of the archived messages are restored and viewable.
References:
Mailman Site Administrator documentation. http://www.list.org/site.html
Mailman & Postfix HOWTO for Debian Woody. http://homex.subnet.at/~max/mail/mailman.php#install
(a thread in a support forum.) http://www.support-forums.com/showthread.php?p=3419
Mailman INSTALL document. http://cvs.sourceforge.net/viewcvs.py/*checkout*/mailman/mailman/INSTALL?content-type=text%2Fplain&rev=2.19.2.6

Trying to increase the EIDE disk access speed on Aparajita by carefully using the "hdparm" utility. Current setting are as follows:

[root@aparajita root]# hdparm /dev/hda

/dev/hda:
multcount = 16 (on)
IO_support = 0 (default 16-bit)
unmaskirq = 0 (off)
using_dma = 1 (on)
keepsettings = 0 (off)
readonly = 0 (off)
readahead = 8 (on)
geometry = 4998/255/63, sectors = 80293248, start = 0

* Changing the IO_support = 0 (default 16-bit) to IO_support = 3 (32-bit w/sync)
by issuing the command: hdparm -c3 /dev/hda

* Changing unmaskirq = 0 (off) to unmaskirq = 1 (on)
by issuing the command: hdparm -c3 -u1 /dev/hda

Have to put the entire command - hdparm -c3 -u1 -d1 -m16 /dev/hda in the /etc/rc.d/rc.local file since hdparm does not remember previous commands after reboot.

Final Settings:

hdparm /dev/hda

/dev/hda:
multcount = 16 (on)
IO_support = 3 (32-bit w/sync)
unmaskirq = 1 (on)
using_dma = 1 (on)
keepsettings = 0 (off)
readonly = 0 (off)
readahead = 8 (on)
geometry = 4998/255/63, sectors = 80293248, start = 0


Now going to optimize the "bdflush" event:

Current "bdflush" settings:

0 1000 64 256 500 3000 100 20 0

changing to:

100 1200 128 512 15 5000 500 1884 2 by issuing the following command:

echo "100 1200 128 512 15 5000 500 1884 2">/proc/sys/vm/bdflush

Original setting in /etc/sysctl.conf file on line 34: vm.bdflush=0 1000 64 256 500 3000 100

Changing to : vm.bdflush = 100 1200 128 512 15 5000 500 1884 2

Restarting network to see if this will increase performance.

Updated the squid package. Recompiled the Squid 2.5 STABLE5 with the following options:

Version 2.5.STABLE5
configure options: --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --target=i386-asplinux-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/local/bin --sbindir=/usr/local/sbin --sysconfdir=/etc --datadir=/usr/local/share --includedir=/usr/local/include --libdir=/usr/local/lib --libexecdir=/usr/local/libexec --localstatedir=/var --mandir=/usr/share/man --infodir=/usr/share/info --sharedstatedir=/usr/com --exec_prefix=/usr --bindir=/usr/local/sbin --libexecdir=/usr/local/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs --enable-ssl --with-openssl=/usr/kerberos --enable-linux-netfilter --with-pthreads --enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT --enable-ntlm-auth-helpers=SMB,winbind --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group --enable-cache-digests --enable-useragent-log --enable-referer-log --enable-icmp --enable-gnuregex --enable-splaytree --enable-xmalloc-statistics --enable-dlmalloc --enable-kill-parent-hack --enable-err-language=English --with-dl --with-aio --enable-htcp


Updated BIND from 9.2.1 to 9.2.3 and configuring host to run to "named" process and "views" to enhance security.

Updated the apache package, which reports that it was compiled in March 2003 and is version 2.0.40 while the current version is 2.0.49! Compiled with following options:

Server version: Apache/2.0.49
Server built: Jun 11 2004 22:32:53
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
mod_env.c
mod_setenvif.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_PROC_PTHREAD_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/local/apache2"
-D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Thats it for the time being, will finish up the "real" split DNS tomorrow.

KOHA Install and NIC Problems:

Due to a thunderstorm last night, the Aparajita server's internet connection went down around 7:30 AM because the 3COM NIC connected to the DSL modem went dead, more than likely because of lightening or an electrical surge. Had a similar 3COM NIC as a backup and server came online again after installation, no new configuration was required.
Mr. IM Faisal called to tell me to install the KOHA library interface as the librarians were sitting idle nowadays and needed to finish up entering the the books. Starting KOHA install at 6:27PM as I did not get time all day because of FED computers.

Following the instructions on "Software / lib installs on host "mhkhan"" blog to install KOHA and its dependencies, that blog is dated February 20, 2004.

Downloading and installing the following dependencies first as they are listed in the previous install blog.

perl-Event-0.87-1.noarch.rpm 147766
perl-HTML-Template-2.6-1.noarch.rpm 53067
perl-Mail-Sendmail-0.79-1.noarch.rpm 19818
perl-MARC-Record-1.29-1.noarch.rpm 94703
perl-Net-Z3950-0.34-1.noarch.rpm

Used the following commands to install the dependencies listed above:

perl -MCPAN -e 'install "HTML::Template"'

perl -MCPAN -e 'install "MARC::Record"'

perl -MCPAN -e 'install "Mail::Sendmail"'

perl -MCPAN -e 'install "Event"'

Need to install the "yaz" libraries before installing the last Perl module as it will not install without it.

Downloading Yaz from ftp://ftp.pbone.net/mirror/ftp.nest.pld-linux.org/test/i386/yaz-2.0.15-1.i386.rpm
since the default host references in the KOHA documentation http://www.indexdata.dk/yaz is down at this time.
Getting the devel package also
ftp://ftp.pbone.net/mirror/ftp.pld-linux.org/dists/2.0/PLD/i586/PLD/RPMS/yaz-devel-2.0.4-1.i586.rpm

Installed the yaz client and devel rpm with the --nodeps sqitch as it was failing some dependencies ...


perl -MCPAN -e 'install "Net::Z3950"'


Module installed succesffuly. Installed Webmin as well to start up the MySQL Server and going to restart the KOHA library installation.

Installation compeleted, now going to test the library database on Northstar.

Aparajita lost its internet connection at 8 AM due to a surge in the electrical supply which hung the modem. Resetting the modem did not help and thus the server was rebooted by Shah Alam manually by turning the switch off and then on again after I called at 8:15. It seems that this created a problem with the Apache configuration which prevented it from running after it restarted. The problem was the ssl cache file in /var/cache/mod_ssl/scache. It was not deleted due to an uclean shutdown and I had to manually delete it at which point it started to work ok again. However, it still gives the following error message - something which I'll look into at a later time after creating DISK images from Norton Ghost.

"[Mon May 17 13:19:24 2004] [error] Cannot allocate shared memory: (17)File exists
[Mon May 17 13:20:02 2004] [warn] Init: (aparajita.presidency.edu.bd:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Mon May 17 13:20:02 2004] [notice] Digest: generating secret for digest authentication ...
[Mon May 17 13:20:02 2004] [notice] Digest: done
[Mon May 17 13:20:03 2004] [warn] Init: (aparajita.presidency.edu.bd:443) You configured HTTP(80) on the standard HTTPS(443) port!"

The 40GB Hard Disk Drive on Aparajita has completely failed with the HD showing up as Mactor AXIS C64A as the hd on the BIOS. The Maxtor website and google search showed that when this is displayed by a maxtor drive, it means that the firmware is corrupted and the HD platter damamged due to high temperature. Had backups of the /var/mail/spool, /etc, /var/www, DNS files and BELTA website backup.

Installed ASPLinux 9.0 and starting on rebuilding the entire server.

Issues that need to be addressed immediately:

a) Upgrade SquirrelMail from version 1.2 to the latest version as the configuration file from the production version is 1.4 and is not working with the older version.

b) Configure Postfix to receieve email from the domain
c) Configure the firewall with firestarter and fine tune the squid proxy server again.


Downloaded the latest version(0.9.3) of firestarter from http://firestarter.sourceforge.net/ Installing with the following command:

rpm -Uvh firestarter*rpm

rpm -Uvh firestarter-0.9.3-1.i386.rpm
Preparing... ########################################### [100%]
1:firestarter ########################################### [100%]

Had moved the customized configs to firestarter-original, now deleteing the newly installed ones and putting the customized ones back.

Installed successfully and working now.

Now going to download and install the latest version of the squirrelmail webmail interface.
Installing / upgrading to squirrelmail-1.4.2-1.noarch.rpm since this is the latest one in FC1 RPM format. Installing via the webmin interface on Aparajita. Cannot install, no package for ASPLinux. Downloading the source and doing a rpmbuild -rebuild to rebuild the rpm package so that it can be installed.
Rebuilt Squirrelmail 1.4.2 rpm for ASP Linux and now installing.
Failed dependency, reuires aspell, installing from
ftp://ftp.pbone.net/mirror/ftp.nest.pld-linux.org/test/i386/aspell-0.50.5-1.i386.rpm
RPM packages were not working, manually downloaded aspell 0.50-3 from the GNU website, configure, compiled and installed in /usr/local/bin
Downloaded, compiled and installed the english dictionaries for aspell.
Going on to installing squirrelmail now!
Also upgrading webmin to the latest version while the squirrelmail package is built