nuxx.net
Making, baking, and (un-)breaking things in Southeast Michigan.

Category nuxx.net

nuxx.net Is Back Up

Well, my site, nuxx.net is back up. I have the new server here at home and I’m starting to take a look at it. Hopefully I’ll have some sort of answer soon.

Unfortunately, in looking at it, I both screwed the BIOS and the software RAID array. In the BIOS I tried to backrev the BIOS, only to find out that Tyan (motherboard manufacturer) had changed Flash chips with the particular board I got, and the older BIOS’ don’t support it. Long story short, I was able to downgrade to an older BIOS, but as that older BIOS doesn’t support the new chip type, attempting to upgrade it again simply causes the flashing program to report “Error : Flash part is not supported”.

Beyond that, I was waiting for the server to rebuild the array (after the hard power off of the failure on Sunday morning) and getting impatient, so I decided to disconnect (via software) the inconsistent half of the array, thinking that I could just let it finish building later. This didn’t go so well (for some reason) and I ended up breaking the array. I think it’s back together, but I do worry a bit that something may be lost. We’ll see, I guess.

Mail is back up, things were sync’d over, but there is/will be some quirkyness with the mail received in the last day or two. Expect to see some duplicates. Sorry.

Oh, great: Sep 7 22:37:12 banstyle smartd[863]: Device: /dev/ad6, 1 Currently unreadable (pending) sectors

Right now I’m feeling really frustrated with this whole process and wanting to just put it away and maybe start over later. I just don’t want to leave everyone else’s stuff down.

computersnuxx.net

banstyle.nuxx.net: It’s Back

The display on the VGA output of my new server, banstyle.nuxx.net, after it went down hard at ~01:30 EDT on 05-Sep-2008.

My server, banstyle.nuxx.net is back. In case you didn’t see the LiveJournal post I made about the server being down, know that it went down about 01:30 EDT this morning and didn’t come back up over night. The symptoms were that the machine had an active link to the switch, but the arp cache was aging and the box was generally unreachable and unresponsive. Here’s a Cacti graph showing the outage.

At lunch I drove down to the colo facility, was escorted down to the room, and first noticed that the box was powered up, the network activity LED was blinking, but the disk controller LED was dark. Plugging in a monitor I saw that blinky colored bars overlaid on the normal console, looking like a hardware problem. Perhaps something with the video controller.

The box was rebooted, and as a precaution I went into the BIOS and disabled the bits which redirect video output (text mode only, of course) to the serial port, essentially allowing the whole box to be managed from a terminal. I figure that maybe, possibly, somehow this contributed. After that, I booted the OS back up, did an initial check to be sure everything was okay, started the backed up mail on the old box flushing, and left. Things were a bit slow at first while fsck ran in the background and the mail filtered through, but after that everything seemed good.

So, to be honest, I don’t really know what went wrong. The server is working well again, I guess I’ll just have to keep a close eye on for a while. This is particularly frustrating because it’d been working great for the last four months while I had it at home. If there are any more problems, please bear with me…

For reference, here’s the stuff in /var/log/messages showing that there was nothing between the events noted in last night’s post about SMTP-AUTH and the reboot this morning:

Sep 4 23:05:50 banstyle postfix/smtpd[91552]: sql_select option missing
Sep 4 23:05:50 banstyle postfix/smtpd[91552]: auxpropfunc error no mechanism available
Sep 5 11:57:31 banstyle syslogd: kernel boot file is /boot/kernel/kernel
Sep 5 11:57:31 banstyle kernel: Copyright (c) 1992-2008 The FreeBSD Project.
Sep 5 11:57:31 banstyle kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Sep 5 11:57:31 banstyle kernel: The Regents of the University of California. All rights reserved.
Sep 5 11:57:31 banstyle kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Sep 5 11:57:31 banstyle kernel: FreeBSD 7.0-RELEASE #2: Wed Aug 20 12:57:10 EDT 2008

computerslivejournalnuxx.net

SMTP-AUTH for Postfix via courier-authlib (authdaemond)

Getting SMTP authentication working with Postfix via authdaemond on FreeBSD 7.0 without occasional, useless errors in /var/log/messages has just caused me an hour of frustration. Therefore, I wish to document what I had to do to make it work right:

First off, Postfix (mail/postfix) and courier-authlib with MySQL support (security/courier-authlib with AUTH_MYSQL set in the config) must be installed. Setting up courier-authlib to talk to a MySQL db is beyond the scope of this document, but it basically involves setting the following lines:

/usr/local/etc/authlib/authdaemonrc:

authmodulelist="authmysql"

/usr/local/etc/authlib/authmysqlrc:

MYSQL_SERVER localhost
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_USERNAME mail
MYSQL_PASSWORD [OBSCURED]
MYSQL_DATABASE mail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD pobox
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD CONCAT(homedir,'/',maildir,'/')
MYSQL_QUOTA_FIELD quota
MYSQL_NAME_FIELD name

After that is set, Postfix’s main.cf must have SASL enabled with smtpd_sasl_auth_enable = yes. Next, the following smtpd.conf must be placed in /usr/local/etc/sasl2:

/usr/local/etc/sasl2/smtpd.conf

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket

auxprop_plugin: mysql
sql_select: select password from users where email = '%u@%r'

Now, here’s the stupid part. See those last two lines, auxprop_plugin: mysql and sql_select: select...? They don’t do anything, and that SELECT statement won’t even return anything useful on my db. Without them there SMTP AUTH works great. However, if you don’t have those lines there, Postfix will regularly complain loudly with errors such as these:

Sep 4 21:30:02 banstyle postfix/smtpd[47677]: sql_select option missing
Sep 4 21:30:02 banstyle postfix/smtpd[47677]: auxpropfunc error no mechanism available

Please note that with authdaemond, CRAM-MD5 and DIGEST-MD5 authentication mechanisms won’t work. (These would normally be set with mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5.) If enabled they will appear available but won’t work.

One final thing… Want to know how to be sure that the server is notifying clients that it supports authentication? Just simply telnet to port 25 on your mail server and type in EHLO domain.com. The AUTH LOGIN PLAIN and AUTH=LOGIN PLAIN lines show you that plain-text authentication is now available:

c0nsumer@banstyle:~> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banstyle.nuxx.net ESMTP Postfix
EHLO nuxx.net
250-banstyle.nuxx.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

computersnuxx.net

nuxx.net Mail Move

Tonight I ran into a harsh realization that the setup I’d intended to use for mail administration, Postfix Admin, has no facilities for editing server-side filters. Therefore, I’m moving my old, highly modified vMail.Admin install over to the new server.

Tonight I got everything working and tested except for the web-based front end for Postfix’s database. That shouldn’t be too hard to get going, I just don’t feel like working on it any more tonight. After that is going I will be shutting down mail on the old box and moving it to the new one. During this time you may (read:will) experience problems having mail delivered, checking mail, the works.

Sorry.

Due to how email works nothing should be lost, it might just take a while to arrive. Just keep using secure.nuxx.net for pop3s / imaps or SquirrelMail and everything will work fine.

nuxx.net

Sites Moved to banstyle.nuxx.net

As mentioned before, I am in the process of moving to a new colo provider while at the same time moving everything hosted on nuxx.net to the shiny new banstyle.nuxx.net.

As part of this I moved all websites to the new server. That means if I host your site, it’s now on the new box. Mail, nor any of the shiny tools used for checking logs and such have been moved; I hope to get to that later in the week.

If you have any problems, please don’t hesitate to contact me.

Oh, and I might be sticking ads on the sites of people for whom I host just simple galleries (aka nuxxfriends). This is to offset the cost of the server and colocation. Hopefully that’s not a problem.

nuxx.net

Moving from Waveform

Tomorrow I will begin the move away from Waveform Technology to Clear Rate Communications. Within the last six months I have been having a number of weird problems (to be detailed at a later time) with Waveform, prompting the move to a new provider. At the same time I’ll be moving to a much faster box, banstyle.nuxx.net (photo gallery retired). Provided everything goes as planned I’ll be moved over to the new box by the end of next week.

This means that, during the move, all of you who I host stuff for will be down for a little while. If there are any problems, just get a hold of me and we’ll sort it out.

computersnuxx.net

Postgrey Is Disabled on nuxx.net

I’ve just disabled Postgrey on nuxx.net to see how things go without it. I’d like to work on more aggressively filtering spam, particularly after conversations with some other individuals about how greylisting isn’t a proper / scalable solution.

Worst case I’ll just turn it back on, but ideally I’d like to simply get filtering working even better.

computersnuxx.net

Download Tools

You all know those shiny download tools which open loads of connections on a file to try and get it quicker? Those are crappy and put lots of unneeded load on servers. Here’s an example:

I host this simple page for a friend of mine in the UK for when he needs US-based hosting or some place high speed to distribute files from. As part of this he hosts the animations found on this page, which overall aren’t very big. However, someone in Thailand (125.24.191.195) is deciding to get them as quickly as possible using some stupid download tool.

What I see is that the workload on the httpd is at ~277, up from it’s typical of 2 or 3. netstat shows lots and lots and lots of connections (currently 276) from that box, all of them established.

The http log currently shows 9291 these:

125.24.191.195 rowla.dyndns.org - [11/Jun/2008:16:58:34 -0400] "GET /justin/img/piston_std4.mpg HTTP/1.1" 200 32768 "http://www.wis.co.uk/justin/deltic-engine.html" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"

Load on the box itself is .23, which is tolerable, so I’ll probably let this continue. If it’s still going at midnight I’ll take some action, but for now it’s just a bit of irritation. Yes, I know I could limit connections on a per-IP basis, but I prefer not to do this unless it’s actually a problem. If I do need to block that IP, I’ll probably just fail to return anything on that vhost to that netblock. Hopefully they’ll finish getting their file sooner than that.

If you’d like to see it, here’s the current netstat: netstat_11jun2008_1.txt
Here’s a capture of a minute or so of 45 seconds of traffic with that address. Note that each GET results in a whole conversation of only 10k or so: 11jun2008_weird_1.cap.gz

computersnuxx.net

SiI3124 Not Working… Right

Top view of the Koutech PSA421 on the antistatic bag. It has four internal single lane SATA ports.

Thanks to everyone who wished me a happy birthday today. You all made me smile lots. (Yes, I do share a birthday with Karl Marx, and yes, I am now 30.)

I received the SiI3124-based disk controller mentioned earlier, but it didn’t wish me a happy birthday. In fact, it just didn’t work as I hoped. For some reason its on-board option ROM isn’t starting up when the rest of the computer does, so it’s not initializing the disks and making the main BIOS aware of their existence. This prevents me from booting off of them. FreeBSD can talk to the disks on it just fine, but without the BIOS it’s not useful to me.

When I tried the card in my MAME cabinet and it works fine there, so I think something like the following is occurring: The on-board SATA / RAID controller is a SiI3114, and when I disable this via the BIOS, perhaps this somehow disables the SiI3124? Or, perhaps when the controller is enabled, the option ROM from one is interfering with the other? After all, the SiI3114 BIOS still loads and displays. I did also try changing the PCI enumeration order and tried the cards in other PCI-X slots and the lone PCI slot, and none of that produced positive results. The SiI3114 always enumerates first (or not at all?).

As a test I put a classic Adaptec AHA-2940UW (can you believe this card is more than 10 years old at this point?) card in the box and its option ROM displayed just fine. So, the motherboard seems to handle disk controllers in slots, just not this one.

Instead of the SiI3124-based card I really would like a 3ware 9550SXU-4LP, but its $319.99 price tag is a bit hard to stomach. Maybe I’ll just return the card and stick with the onboard controller and software RAID.

Oh, and if you want to see them, there are more photos of the Koutech PSA421 in banstyle.nuxx.net here on page 3 of my gallery (photo gallery retired).

computersnuxx.net

Southern Tier’s Back Burner

Souther Tier's Back Burner Barley Wine poured into a glass.

Things have been a bit boring around here lately, with me working at my job, working on the new server, riding my bike, and trying to relax a bit, so I just thought I’d post this photo of Souther Tier‘s Back Burner, a decent (and quite hoppy) barleywine which I drank while watching The Life Aquatic with Steve Zissou with Danielle on Sunday night.

Today I got GEOM-based disk mirroring working on banstyle.nuxx.net (photo gallery retired), but in doing so I realized that the on-board SiI3114 controller only supports SATA/150 (aka SATA I) and thusly no NCQ, which disappointed me. To remedy this I ordered part number N82E16816104007 from Newegg.com, a Koutech PSA421 4-Channel Serial ATA & Serial ATA II 64-bit PCI Host Controller which appears to be a reference (or very standard) implementation of the SiI3124 PCI/PCI-X to 4 Port SATA300 chipset. This should fit in the one usable slot in the case and provide the SATA interface that I really want. I just wish it’d arrive sooner.

beercomputersfoodmaking thingsnuxx.net