itemprop="text"> I'd like to enable the new href="http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail" rel="nofollow noreferrer">Domain Keys DKIM email authentication feature for a href="http://www.google.com/support/a/bin/answer.py?answer=180504" rel="nofollow noreferrer">domain hosted in Google Apps . Some of my users use an external SMTP gateway (such that when they send email, it doesn't go through smtp.gmail.com). I have an href="http://en.wikipedia.org/wiki/Sender_Policy_Framework" rel="nofollow noreferrer">SPF record configured for the domain, and this allows the external SMTP gateways as valid SMTP hosts. (I realise SPF is different to DKIM) Will enabling DKIM adversely affect the external gateway email? eg. Are the externally sen

I'd like to enable the new Domain Keys DKIM email authentication feature for a domain hosted in Google Apps . Some of my users use an external SMTP gateway (such that when they send email, it doesn't go through smtp.gmail.com). I have an SPF record configured for the domain, and this allows the external SMTP gateways as valid SMTP hosts. (I realise SPF is different to DKIM) Will enabling DKIM adversely affect the external gateway email? eg. Are the externally sent emails at risk of being marked as spam because they would not have the DKIM signature, or will DKIM only positively benefit emails sent through Google's SMTP server? Answer Your users can use an external SMTP server. But of course, their emails will have a worse reputation, compared to those directly sent from Google's server, and for two reasons : The first one is that they won't be signed by DKIM (luckily the server is declared in the SPF record) You'll send mails from a server that i

itemprop="text"> We had a successful hack attempt from Russia and one of our servers was used as a staging ground for further attacks, actually somehow they managed to get access to a Windows account called 'services'. I took that server offline as it was our SMTP server and no longer need it (3rd party system in place now). Now some of our other servers are having these ANONYMOUS LOGIN attempts in the Event Viewer that have IP addresses coming from China, Romania, Italy (I guess there's some Europe in there too)... I don't know what these people want but they just keep hitting the server. How can I prevent this? I don't want our servers compromised again, last time our host took our entire hardware node off of the network because it was attacking other systems, causing our services to go down which is really ba

We had a successful hack attempt from Russia and one of our servers was used as a staging ground for further attacks, actually somehow they managed to get access to a Windows account called 'services'. I took that server offline as it was our SMTP server and no longer need it (3rd party system in place now). Now some of our other servers are having these ANONYMOUS LOGIN attempts in the Event Viewer that have IP addresses coming from China, Romania, Italy (I guess there's some Europe in there too)... I don't know what these people want but they just keep hitting the server. How can I prevent this? I don't want our servers compromised again, last time our host took our entire hardware node off of the network because it was attacking other systems, causing our services to go down which is really bad. How can I prevent these strange IP addresses from trying to access my servers? They are Windows Server 2003 R2 Enterprise 'containers' (virtual machines) running o

I want to map a naked domain (i.e., example.com instead of www.example.com) to my EC2 server. I also have gmail setup on my example.com domain. A few weeks ago I attempted to map this together using CNAME to map to my EC2 URL. My email stopped working and it took some time to get back online; thus, I want to be extra careful to ensure I don't have an error if I try this again. I have a static IP mapping to my EC2 server now. Thus, it is my understanding that the following host records will work: -A record to @ host name (example.com) which points to my static IP address on AWS. -Maintain my gmail MX record settings. Can anyone confirm that this is the right way to set my domain settings and that email will continue to be correctly routed? Thanks!

I want to map a naked domain (i.e., example.com instead of www.example.com) to my EC2 server. I also have gmail setup on my example.com domain. A few weeks ago I attempted to map this together using CNAME to map to my EC2 URL. My email stopped working and it took some time to get back online; thus, I want to be extra careful to ensure I don't have an error if I try this again. I have a static IP mapping to my EC2 server now. Thus, it is my understanding that the following host records will work: -A record to @ host name (example.com) which points to my static IP address on AWS. -Maintain my gmail MX record settings. Can anyone confirm that this is the right way to set my domain settings and that email will continue to be correctly routed? Thanks!

Currently my iptable is as follows to limit the number of concurrent connections per ip to 10 from any http client. However, I tried a simulated http test and I'm not getting dropped at all. what's wrong? *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [21:15123] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 10 --connlimit-mask 32 -j REJECT --reject-with tcp-reset -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

Currently my iptable is as follows to limit the number of concurrent connections per ip to 10 from any http client. However, I tried a simulated http test and I'm not getting dropped at all. what's wrong? *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [21:15123] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 10 --connlimit-mask 32 -j REJECT --reject-with tcp-reset -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

I have a number of EC2 servers on AWS running apache behind a load balancer (ELB). Every now and then some IP address abuses the API hosted on the EC2 servers and causes a denial of service. I have no access to the load balancer so I need to block access at the server's level. I changed the apache access log to display IP's based on the X-Forwarded-For header provided by the load balancer (otherwise it just displays the load balancer's IP), so I can identify these IP's and block them (again by specifying the X-Forwarded-For) with something like: api_dir> SetEnvIF X-FORWARDED-FOR "1.1.1.1" DenyIP Order allow,deny allow from all deny from env=DenyIP However, this still means that I need to manually handle every attack, and my server suffers some downtime as a result. What is the recommended

I have a number of EC2 servers on AWS running apache behind a load balancer (ELB). Every now and then some IP address abuses the API hosted on the EC2 servers and causes a denial of service. I have no access to the load balancer so I need to block access at the server's level. I changed the apache access log to display IP's based on the X-Forwarded-For header provided by the load balancer (otherwise it just displays the load balancer's IP), so I can identify these IP's and block them (again by specifying the X-Forwarded-For) with something like: SetEnvIF X-FORWARDED-FOR "1.1.1.1" DenyIP Order allow,deny allow from all deny from env=DenyIP However, this still means that I need to manually handle every attack, and my server suffers some downtime as a result. What is the recommended way to automatically block attacks of repeated HTTP calls, based not on IP but on the Forwarded-For header coming from

itemprop="text"> i have a dns server on windows 2008 x64 and i want to change its ip address. If i keeping the DNS server name (typically "ns#.domain.com") and just moving it to a new IP address, what time it takes log to update? and what happening if i change this ip at the next time again? class="post-text" itemprop="text"> class="normal">Answer Very, very general: It's all depend on your zone configuration. If you are using in-bailiwick (the term in-bailiwick means that nameservers for a domain are in the same domain) type of configuation you need to change all your glue records in every domain for the new IP (you change that via your registar). If you are not using glue records (out-of-bailiwick/glueless) you need prepeare you DNS name for change (lowe

i have a dns server on windows 2008 x64 and i want to change its ip address. If i keeping the DNS server name (typically "ns#.domain.com") and just moving it to a new IP address, what time it takes log to update? and what happening if i change this ip at the next time again? Answer Very, very general: It's all depend on your zone configuration. If you are using in-bailiwick (the term in-bailiwick means that nameservers for a domain are in the same domain) type of configuation you need to change all your glue records in every domain for the new IP (you change that via your registar). If you are not using glue records (out-of-bailiwick/glueless) you need prepeare you DNS name for change (lower TTL). In both cases you should run both servers together (old and new) for some time (it's just good advice and is not a requirement). Change (propagation) in registry takes from 24 to more hours.

I have a problem with a RAID 10, I have 4 disks on raid. A disc has just been changed (0,3). But I can not rebuild the array. Logical device are setted as "Missing". All commands return to me the following error /usr/StorMan# /usr/StorMan/arcconf setstate 1 device 0 3 rdyControllers found: 1 The device specified does not exist. Command aborted. /usr/StorMan# /usr/StorMan/arcconf getconfig 1 Controllers found: 1 ---------------------------------------------------------------------- Controller information ---------------------------------------------------------------------- Controller Status : Optimal Channel description : SAS/SATA Controller Model : Adaptec 2405 Controller Serial Number : 2D2711FE327 Physical Slot : 16 Temperature : 68 C/ 154 F (Normal) Installed memory : 128 MB Copyback : Dis

I have a problem with a RAID 10, I have 4 disks on raid. A disc has just been changed (0,3). But I can not rebuild the array. Logical device are setted as "Missing". All commands return to me the following error /usr/StorMan# /usr/StorMan/arcconf setstate 1 device 0 3 rdyControllers found: 1 The device specified does not exist. Command aborted. /usr/StorMan# /usr/StorMan/arcconf getconfig 1 Controllers found: 1 ---------------------------------------------------------------------- Controller information ---------------------------------------------------------------------- Controller Status : Optimal Channel description : SAS/SATA Controller Model : Adaptec 2405 Controller Serial Number : 2D2711FE327 Physical Slot : 16 Temperature : 68 C/ 154 F (Normal) Installed memory : 128 MB Copyback

itemprop="text"> My Apache won't reload after doing some changes, in this case after adding a new VHOST via Webmin. It's not the first time it happens, last time I resolved reinstalling Apache, indeed not a satisfactory way to solve the problem. In Webmin I get this error Failed to start apache : : Starting apache2 (via systemctl): apache2.service. So I try to reload Apache manually vis ssh This is what happens root@myvps:/# /etc/init.d/apache2 reload Reloading apache2 configuration (via systemctl): apache2.serviceJob for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details. failed! So this is the journalctl -xn response Jan 04 08:55:51 myvps systemd[1]: Reload failed for LSB: Apache2 web serve

My Apache won't reload after doing some changes, in this case after adding a new VHOST via Webmin. It's not the first time it happens, last time I resolved reinstalling Apache, indeed not a satisfactory way to solve the problem. In Webmin I get this error Failed to start apache : : Starting apache2 (via systemctl): apache2.service. So I try to reload Apache manually vis ssh This is what happens root@myvps:/# /etc/init.d/apache2 reload Reloading apache2 configuration (via systemctl): apache2.serviceJob for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details. failed! So this is the journalctl -xn response Jan 04 08:55:51 myvps systemd[1]: Reload failed for LSB: Apache2 web server. -- Subject: Unit apache2.service has finished reloading its configuration -- Defined-By: systemd -- Support: lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit apache2.service has finished reloading its configuration -- -- The re

itemprop="text"> I've just moved a collection of sites over to a brand-new server, running Apache 2.2.3, PHP 5.3, and Plesk 10.1.1. I am having problems with file permissions on PHP sessions, which are being stored in /var/lib/php/session . I originally set the permissions like so for this folder: drwxrwx--- 2 apache psacln 8192 Mar 22 23:25 session This worked fine, for HTTP sessions. Files were being saved in that folder with these permissions: -rw------- 1 client1 psacln 0 Mar 22 23:24 sess_507... -rw------- 1 client2 psacln 0 Mar 22 23:25 sess_8o1... The problem, however, is that PHP scripts accessed via HTTPS do not seem to be run by the same client1 or client2 user. I deleted files in the session directory and accessed a login page via HTTPS to see how session

I've just moved a collection of sites over to a brand-new server, running Apache 2.2.3, PHP 5.3, and Plesk 10.1.1. I am having problems with file permissions on PHP sessions, which are being stored in /var/lib/php/session . I originally set the permissions like so for this folder: drwxrwx--- 2 apache psacln 8192 Mar 22 23:25 session This worked fine, for HTTP sessions. Files were being saved in that folder with these permissions: -rw------- 1 client1 psacln 0 Mar 22 23:24 sess_507... -rw------- 1 client2 psacln 0 Mar 22 23:25 sess_8o1... The problem, however, is that PHP scripts accessed via HTTPS do not seem to be run by the same client1 or client2 user. I deleted files in the session directory and accessed a login page via HTTPS to see how sessions were being saved when initiated via this protocol: -rw------- 1 apache apache 0 Mar 22 23:25 sess_507... So, for whatever reason, sessions initiated by clients browsing with HTTPS were being saved by apache:apa

I changed the ssh port from 22 to 2021 and it worked correctly till 3hours ago,after that when I can't connect to ssh. ssh: connect to host 130.185.72.125 port 2021: Connection refused so I checked iptables,I stop it from webmin,and Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination where is the problem?

I changed the ssh port from 22 to 2021 and it worked correctly till 3hours ago,after that when I can't connect to ssh. ssh: connect to host 130.185.72.125 port 2021: Connection refused so I checked iptables,I stop it from webmin,and Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination where is the problem?

I have (almost) developed website for my client and now need to decide on hosting. Most of the users of the site will be located in Australia, and so am I and my client. Now, I want to consider everything before deciding on host and few questions comes to my mind: I cannot afford website being down, and all hosts say something like "99% uptime guranted". Should just that be enough or shall I ask hosts for some stats maybe? Does it make any difference if servers and whole hosting company is located in Australia or outside? I've been hosting few sites with JustHost.com on shared hosting (cheapest plan, servers in US I believe) and never seen any delays but could that be an issue? I would prefer Australian company so I can actually go to them and give them piece of my mind if something goes wrong, but US servers seem cheaper. Would s

I have (almost) developed website for my client and now need to decide on hosting. Most of the users of the site will be located in Australia, and so am I and my client. Now, I want to consider everything before deciding on host and few questions comes to my mind: I cannot afford website being down, and all hosts say something like "99% uptime guranted". Should just that be enough or shall I ask hosts for some stats maybe? Does it make any difference if servers and whole hosting company is located in Australia or outside? I've been hosting few sites with JustHost.com on shared hosting (cheapest plan, servers in US I believe) and never seen any delays but could that be an issue? I would prefer Australian company so I can actually go to them and give them piece of my mind if something goes wrong, but US servers seem cheaper. Would share hosting do? Its ecommerce custom build php application, I know there are security issues with sessions etc on shared hosting. Will take pre

itemprop="text"> Is there any options to force the PCIe SSD during install to be not /dev/sda? I was hoping to reserve the SSD to be limited to be only /var but the grub loader fails each time when I try to set the bootable partition to be /dev/sdc2 (sdb is usb install drive). I have been installing on Dell r610 and HP DL385 G6 servers using both CentOS 6.6 and Ubuntu 14 and the PCI device always shows up before the raid devices. itemprop="text"> class="normal">Answer I wouldn't eff with udev rules for this. Modify your install scripts (preseed or kickstart) to ignore /dev/sda . See: href="https://serverfault.com/questions/615678/consistent-install-disk-selection-in-rhel-kickstart/615682#615682">Consistent Install Disk Selection in RHEL Kickstart Also

Is there any options to force the PCIe SSD during install to be not /dev/sda? I was hoping to reserve the SSD to be limited to be only /var but the grub loader fails each time when I try to set the bootable partition to be /dev/sdc2 (sdb is usb install drive). I have been installing on Dell r610 and HP DL385 G6 servers using both CentOS 6.6 and Ubuntu 14 and the PCI device always shows up before the raid devices. Answer I wouldn't eff with udev rules for this. Modify your install scripts (preseed or kickstart) to ignore /dev/sda . See: Consistent Install Disk Selection in RHEL Kickstart Also, is there any way you can run a network install. USB installation of the OS is fraught because of SCSI enumeration issues .

itemprop="text"> We recently received a new Dell R710 with a PERC 6/i RAID controller and six 15k SAS drives. I have been doing some performance testing using hdparm and seeker on two different configurations and I'm not quite sure what to make of the results. Configurations: 6 Disk RAID 10 - 64k stripe - Write through, no read ahead - RHEL 5.5 Results: Timing buffered disk reads: 1024 MB in 3.01 seconds = 340.69 MB/sec Results: 206 seeks/second, 4.848 ms random access time (137662331 < offsets < 436165962118) 4 Disk RAID 10, RAID 1 for OS - 64k stripe - Write through, no read ahead - RHEL 5.5 Timing buffered disk reads: 956 MB in 3.01 seconds = 318.13 MB/sec Results: 209 seeks/second, 4.771 ms random access time (58179688 < offsets < 292314580383) My first

We recently received a new Dell R710 with a PERC 6/i RAID controller and six 15k SAS drives. I have been doing some performance testing using hdparm and seeker on two different configurations and I'm not quite sure what to make of the results. Configurations: 6 Disk RAID 10 - 64k stripe - Write through, no read ahead - RHEL 5.5 Results: Timing buffered disk reads: 1024 MB in 3.01 seconds = 340.69 MB/sec Results: 206 seeks/second, 4.848 ms random access time (137662331 < offsets < 436165962118) 4 Disk RAID 10, RAID 1 for OS - 64k stripe - Write through, no read ahead - RHEL 5.5 Timing buffered disk reads: 956 MB in 3.01 seconds = 318.13 MB/sec Results: 209 seeks/second, 4.771 ms random access time (58179688 < offsets < 292314580383) My first question is whether these results are within the expected range for our hardware. Using a RAID calculator it seems that I should be able to get higher speeds out of either configuration. Also, while the first configuration perfo

i'm running a server with debian stable : Linux myhostname 2.6.32-5-xen-amd64 #1 SMP Tue Mar 8 00:01:30 UTC 2011 x86_64 GNU/Linux It is running a nginx, mail server,ftp server and a mysql database. This morning postfix complained it''s running out of space, so I double checked the free storage and it is as such root@myhostname:# cat /etc/fstab /dev/xvda1 / ext3 defaults 1 1 /dev/xvda2 /mnt ext3 defaults 0 0 /dev/xvda3 swap swap defaults 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 root@myhostname:# cat /etc/mtab /dev/xvda1 / ext3 rw 0 0 tmpfs /lib/init/rw tmpfs rw,nosuid,mode=0755 0 0 proc /proc proc rw,noexec,nosuid,nodev 0 0 sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0 udev /dev tmpfs rw,mode=0755 0 0 tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0 devpts /dev/pts devpts rw,noexec,nosui

i'm running a server with debian stable : Linux myhostname 2.6.32-5-xen-amd64 #1 SMP Tue Mar 8 00:01:30 UTC 2011 x86_64 GNU/Linux It is running a nginx, mail server,ftp server and a mysql database. This morning postfix complained it''s running out of space, so I double checked the free storage and it is as such root@myhostname:# cat /etc/fstab /dev/xvda1 / ext3 defaults 1 1 /dev/xvda2 /mnt ext3 defaults 0 0 /dev/xvda3 swap swap defaults 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 root@myhostname:# cat /etc/mtab /dev/xvda1 / ext3 rw 0 0 tmpfs /lib/init/rw tmpfs rw,nosuid,mode=0755 0 0 proc /proc proc rw,noexec,nosuid,nodev 0 0 sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0 udev /dev tmpfs rw,mode=0755 0 0 tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0 devpts /dev/pts devpts rw,noexec,nosuid,gid=5,mode=620 0 0 /dev/xvdf /mnt ext4 rw 0 0 So "/dev/xvdf" is a big hdd (500GB) mounted on /mnt and it is where all the stuff related

itemprop="text"> Is there any way to export a Microsoft SQL Server database to an sql script? I'm looking for something which behaves similarly to mysqldump, taking a database name, and producing a single script which will recreate all the tables, stored procedures, reinsert all the data etc. I've seen href="http://vyaskn.tripod.com/code.htm#inserts" rel="noreferrer">http://vyaskn.tripod.com/code.htm#inserts , but I ideally want something to recreate everything (not just the data) which works in a single step to produce the final script. itemprop="text"> class="normal">Answer In SQL Server Management Studio right-click your database and select Tasks / Generate Scripts. Follow the wizard and you'll get a script that recreates the data structure i

Is there any way to export a Microsoft SQL Server database to an sql script? I'm looking for something which behaves similarly to mysqldump, taking a database name, and producing a single script which will recreate all the tables, stored procedures, reinsert all the data etc. I've seen http://vyaskn.tripod.com/code.htm#inserts , but I ideally want something to recreate everything (not just the data) which works in a single step to produce the final script. Answer In SQL Server Management Studio right-click your database and select Tasks / Generate Scripts. Follow the wizard and you'll get a script that recreates the data structure in the correct order according to foreign keys. On the wizard step titled "Set Scripting Options" choose "Advanced" and modify the "Types of data to script" option to "Schema and data" TIP: In the final step select "Script to a New Query Window", it'll work much faster that way.

itemprop="text"> The price difference between SATA and SAS is really very big. Of course I understood, that SAS drives have their advantages, but does this really legitimate a price difference of 100% or more? Should I really spend 1 Euro per GB? Of course I understand, that this comes down to my usage of servers. But in may case we are not taking about high performance computing, but merely file servers and web servers etc. I tried to find some information about this topic, and it came down to the following: (I did not find statistics, that back up any of that) A) SAS Drives are better in big numbers B) The SAS Protocol is superior and allows more control and optimisation C) The quality of the SAS Drive is also expected to be better, as those drives are produced for enterprise market (of course I am aware, that SAS does not

The price difference between SATA and SAS is really very big. Of course I understood, that SAS drives have their advantages, but does this really legitimate a price difference of 100% or more? Should I really spend 1 Euro per GB? Of course I understand, that this comes down to my usage of servers. But in may case we are not taking about high performance computing, but merely file servers and web servers etc. I tried to find some information about this topic, and it came down to the following: (I did not find statistics, that back up any of that) A) SAS Drives are better in big numbers B) The SAS Protocol is superior and allows more control and optimisation C) The quality of the SAS Drive is also expected to be better, as those drives are produced for enterprise market (of course I am aware, that SAS does not mean, that a Drive has a better quality) D) Drives with higher speed are available for SAS. Now for my scenario, the prize for SAS seems insane. I need some big storage for educati

itemprop="text"> Is there a good command line utility to monitor hard disk load on linux? Something like top but then monitoring disk activity i.s.o. cpu usage. More specifically, I suspect that for some (heavy load) servers after several optimizations on various parts of the program(s) that run on it, right now the bottleneck is simply the logging to files on the disk. But I find it very difficult to assess how much traffic the servers can handle. My ideal tool would be something that prints "You're using 35% of your disk bandwidth right now". Any ideas? Answer You can get a pretty good measure of this using the iostat tool. % iostat -dx /dev/sda 5 Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sda 0.78 11.03 1.19 2.82 72.98 111.07 45

Is there a good command line utility to monitor hard disk load on linux? Something like top but then monitoring disk activity i.s.o. cpu usage. More specifically, I suspect that for some (heavy load) servers after several optimizations on various parts of the program(s) that run on it, right now the bottleneck is simply the logging to files on the disk. But I find it very difficult to assess how much traffic the servers can handle. My ideal tool would be something that prints "You're using 35% of your disk bandwidth right now". Any ideas? Answer You can get a pretty good measure of this using the iostat tool. % iostat -dx /dev/sda 5 Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sda 0.78 11.03 1.19 2.82 72.98 111.07 45.80 0.13 32.78 1.60 0.64 The disk utilisation is listed in the last column. This is defined as Percentage of CPU time during which I/O reque

My ISP recently changed the configuration of its mail servers so that it's no longer possible to forward them to Gmail to take advantage of its huge SPAM database and have the e-mails be sent back to my ISP. Instead, all e-mails that are deemed SPAM are sent to each domain's spam@ mailbox, and the ISP expects all users to sort through SPAM using some desktop solution (I'm using POPFilter). Since SPAM represents over 90% of the e-mails I get, it's very time-consuming to go through the SPAM folder just to recover the very occasionnal legit e-mail :-/ For those of you managing e-mails for ISP's or big organizations, what are the current techniques available to filter SPAM on the servers so that users spend as little time as possible sorting e-mail? Off the top of my head: outgoing mail: Forbid outgoing connections w

My ISP recently changed the configuration of its mail servers so that it's no longer possible to forward them to Gmail to take advantage of its huge SPAM database and have the e-mails be sent back to my ISP. Instead, all e-mails that are deemed SPAM are sent to each domain's spam@ mailbox, and the ISP expects all users to sort through SPAM using some desktop solution (I'm using POPFilter). Since SPAM represents over 90% of the e-mails I get, it's very time-consuming to go through the SPAM folder just to recover the very occasionnal legit e-mail :-/ For those of you managing e-mails for ISP's or big organizations, what are the current techniques available to filter SPAM on the servers so that users spend as little time as possible sorting e-mail? Off the top of my head: outgoing mail: Forbid outgoing connections with destination port TCP25 other than the ISP's mail servers, to reduce the impact of viruses that take advantage of compromised computers to send SPAM

itemprop="text"> I have a /48 IPv6 and would like to chop these up into /112's that I can assign to my VPSes. I know how to assign them manually, e.g. vzctl set 1 --ipadd ipv6IP --save But how could I assign, for example, a full /112 at once? class="post-text" itemprop="text"> class="normal">Answer Use href="http://wiki.openvz.org/Veth" rel="nofollow noreferrer">veth . In VE: /sbin/ip -6 addr add IPv6_ADDR/112 dev eth0

I have a /48 IPv6 and would like to chop these up into /112's that I can assign to my VPSes. I know how to assign them manually, e.g. vzctl set 1 --ipadd ipv6IP --save But how could I assign, for example, a full /112 at once? Answer Use veth . In VE: /sbin/ip -6 addr add IPv6_ADDR/112 dev eth0

My VMWare ESXi 4 server appears to be under a Denial of Service attack. I am getting massive packet loss to the server (60+%) and am barely able to load any services on the VMs running on the host. I have Cacti installed but cannot load it due to the attack. I can SSH in to the VMware host. Are there any commends I can run to either determine where the attack is coming from, or block all IP addresses except mine so that I can load Cacti again to troubleshoot? I tried esxcli network firewall get but received: Unknown Object firewall in namespace network All the VMs with network access are directly connected to the internet, that is, there is a virtual switch between the internet-facing VMs and the router. EDIT: href="http://chat.stackexchange.com/transcript/message/5540722#5540722">MDMarra had a

My VMWare ESXi 4 server appears to be under a Denial of Service attack. I am getting massive packet loss to the server (60+%) and am barely able to load any services on the VMs running on the host. I have Cacti installed but cannot load it due to the attack. I can SSH in to the VMware host. Are there any commends I can run to either determine where the attack is coming from, or block all IP addresses except mine so that I can load Cacti again to troubleshoot? I tried esxcli network firewall get but received: Unknown Object firewall in namespace network All the VMs with network access are directly connected to the internet, that is, there is a virtual switch between the internet-facing VMs and the router. EDIT: MDMarra had a great idea : disable the vswitch that the VMs are on. But I can't get the vSphere console to respond long enough to do this. Can this be done through SSH? Answer The ISP was unable to determine the cause of the traffic, but what they were

itemprop="text"> I've been running a small game server for a while and want to set up a second one on the same server. The issue is that these servers don't support domain names; if a request comes in on the right port (22565)it doesn't matter what domain was being visited unlike say apache with its vhosts). So my only option is to setup one game server on the default port (25565), and the other on another port (25564). So to my question: is it possible to remap a port (in this case 25565 to 25564) if it comes in from a specific domain? (I have two subdomains both pointing to my server: mc, mcold; and would like to redirect all traffic sent to 25565 to 25564 if the user came from the subdomain mcold). Thanks for any help, />Max Answer tl;dr: No. In order to do this sort of