Postings by Florin Andrei

more complex IfDefine directives

IfDefine currently only takes one argument, and even that one is pretty

Sometimes this leads to complex configuration files, where IfDefine is
repeated over and over, often with the same content.

Is there a way to create more complex IfDefine clauses, perhaps linking
together multiple conditions, using logical operators?


where are all the Redhat 8 -devel packages?

I'm probably missing something really simple.

I've installed an RH8 IAM in AWS and I'm trying to build packages on it.

useradd -r doesn't work right in some contexts

"useradd -r testuser" run as root from an interactive ssh session does
the right thing: it creates a user account with a UID in the system
users range (< 400).

Running the same command as a cron job (just for testing), also does the
right thing.

Now I'm trying to accomplish the same result via chef-client. I'm trying
to run "useradd -r" as a simple command, as a bash command, or as a
script, from chef-client.

state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages

I looked in the yum repositories for CentOS 7 and I noticed that there
are no packages for any of the major open source IPSec VPN apps -
Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan

What is the current consensus w.r.t. building an IPSec VPN "server"
(concentrator, whatever) on CentOS 7, that will do site-to-site
connections with Cisco hardware at the other end? Is any of the *swan
apps still considered the best option for that?

Any guidelines w.r.t. IPSec VPN in general on this platform?


print something on console after boot

CentOS 7

How do I print something on the text-mode console right after the OS has
finished booting?

I've a virtual instance and I need to know its IP address after it has
finished booting up, to know where to ssh into it. I've tried adding "ip
-4 addr > /dev/tty0" to rc.local, but that obviously doesn't work,
because the login prompt overwrites everything I do.

glusterfs-server package: what happened to it?

I'm doing some experiments with GlusterFS. Most documents online suggest
to install the glusterfs-package as if it was available directly in the
repo, and therefore installable via a simple "yum install".

Unless I'm wrong, it appears that this package is not in the repo for
CentOS 6. Does anyone know what happened to it?

allow some senders, but block everyone else

This is a clone of the production site, for QA and testing. This being
QA, whenever we run a test of our software, we don't want our test suite
to go ahead and blast the Internet with lots of random email messages.
OTOH, we need to keep the configuration of the QA site as close to
production as possible. Finally, a handful of very specific sender
addresses must be allowed to go through QA.

I've tried to achieve this with sender_dependent_default_transport_maps.

forward the bounce message to Reply-To

Sending out messages through a Postfix server. Delivery is refused for
whatever reason (e.g. recipient does not exist), and then a bounce is
sent by Postfix to a local inbox on that server, as a failure notification.

I'd like to forward that bounce to whatever address is in the Reply-To
field of the original message. This should apply only to bounces
delivered to this particular inbox.

Sounds like a procmail job, but if it's doable in Postfix alone I'd like
to take that route since it's less resource-intensive.

installed connman and it trashed my network

Using Ubuntu 12.10 Gnome edition, classic Gnome session, on a Dell
laptop with wired network and WiFi.

Installation went fine. I had to install openconnect because Cisco
AnyConnect wouldn't work for some reason. Openconnect worked great.

Then I read on the openconnect site that there's a GUI manager for
openconnect, called connman, and I decided to install it. HUGE MISTAKE.

Networking is offline. The network indicator has disappeared from the

network printing with Samba broken for months, no action taken, this is ridiculous

Take a look at this gem:

<a href="" title=""></a>

Let me summarize it for you. Network printing with Windows clients has
been broken for months - since the 12.04 release basically. Everyone
using Ubuntu 12.04 as a server, on a network with Windows clients, where
printing is performed (fairly typical application of a Linux server) is

During all this time, there was no visible attempt at fixing the bug.
Someone, please tell me this is a joke.

stop updating resolv.conf on DHCP

Multihomed server, external interface on DHCP, internal interfaces with
fixed addresses. Server is running its own DNS resolver with Bind. So
there's no need to update resolv.conf via the DHCP client.

I tried this in /etc/network/interfaces:

auto eth2
iface eth2 inet dhcp
dns-search home.local

But then the DNS servers and domain provided by DHCP are still added to
resolv.conf in addition to my own. I want to stop that altogether.

duplicate directories in /home

Using 11.04 Natty on a laptop, with classic view (not Unity).

I logged in to my account, only to be greeted by a "fresh looking"
account. The desktop settings went back to default, sound scheme, etc.

At first I thought it's a file system error, or the /home encryption
that went bad. But then I noticed the directories that begin with a
capital letter (Desktop, Documents, Pictures...) are now duplicate
(listed twice if I do "ls") and empty.

best way to stop all outbound delivery?

I've a Linux machine which is used as a final destination for test
emails. Some local inboxes are created, local delivery via Dovecot to IMAP.

I want this machine to never send out any email whatsoever. Never relay.
Accept inbound messages, deliver locally to IMAP - all that is fine. But
no message should ever leave this box, for no reason, even if it's a
notification for delivery error.

I could block outbound port tcp/25 with iptables, but it seems inelegant.

Would this do the trick?

default_transport = error:no outbound emails, sorry

chrome update fails

Running google-chrome-stable on Ubuntu 11.04. There's an update to major
version 18 available today. I launch the update manager, click install
updates, and I get an error:

Requires installation of untrusted packages

The action would require the installation of packages from not
authenticated sources.



Anyone knows what's going on? Chrome updates worked well until today.

SOCKS server other than ss5?

Anyone here using a SOCKS server? I'm using ss5 but there seems to be a
strange disconnect issue with it and openvpn. While I'm trying to figure
out whether ss5 is at fault, or openvpn, I'd like to try a different
SOCKS server. Could you recommend one that works well on CentOS?


linux-3.0 packages for CentOS?

Anyone packaging the new kernel for RH / CentOS?

6.0 text-mode installer broken?

(I'm doing tests in a VirtualBox instance, so take this with a grain of

If you give the VM only 512 MB of RAM, the text-mode installer kicks in.
It does not prompt you to configure anything related to the network or
hostname. The system boots up without a network interface configured.
Also, it won't let you choose the install mode, I guess it defaults to
Minimal (which is fine by me, but still it's a bug).

If you give the VM 768 MB of RAM, the GUI installer is launched, and
this one allows you to configure the hostname, the networking details,
and choose the install mode.

do not automount iPhone, but automount everything else?

Using 11.04 Desktop.

When I connect the iPhone via USB to the laptop to recharge the battery,
the "iPhone" and "Documents on iPhone" volumes are mounted
automatically. I don't want this to happen, since I never interact with
the iPhone like that on this system; I only connect it for recharging.

Is there a way to disable the iPhone automount, but keep automount
enabled for the embedded SD card reader and any random USB stick or
hard-drive I may connect to the system?

setting effects with Classic desktop?

I gave Unity a try, but it's a bit weird on dual screen, plus the panel
applets don't work. So I'll skip it for now.

Back to Classic desktop. But I can't seem to find the place where I
could customize the desktop effects. Before, I could choose no effects,
a small amount of effects, or full effects. I can't find that setting
anymore. It looks like it's either full effects or no effects, which is
not what I want.


amavisd-new-postfix package

I'm running an older version of Ubuntu on a server, and I need to update
the amavisd-new package. I downloaded the DSC from the Natty repo and
rebuilt it.

Lo and behold, besides the amavisd-new standard package, now there's a
binary amavisd-new-postfix. Apparently, this new package "contains
configuration files for amavis and alters postfix configuration to
utilize amavisd-new".

Okay, but I already have a working Postfix + Amavisd-new combo on this

Anybody knows what is the exact nature of the changes induced by this
package to the Postfix config files?

cross-platform email client

I'm a Thunderbird user almost since day one, but now I'm looking for
something else. For whatever reason, it doesn't work well for me - every
once in a while it becomes non-responsive (UI completely frozen for
several seconds, CPU usage goes to 100%) and I just can't afford to
waste time waiting for the email software to start working again.

My main desktop platform is Linux, but I need a client that works the
same and looks the same on Windows too.

bizarre system slowness

Running v5 64bit on a Dell 1950.

A cluster of 3 DB machines, identical hardware. One of them suddenly
became slower 2 weeks ago.

tar -zxf with a large file on this machine takes 1.5 minutes, but takes
only 10 seconds on any of its siblings. CPU usage seems high while
untarring, with lots of user and sys cycles being used, but almost no
wait cycles.

resizing windows - the edge is way too narrow!

Is it just me? I'm trying to resize a window and it's really hard to
"grab" the edge. It looks like it's exactly one pixel wide. :( Whoever
came up with this "brilliant" idea?

(using 10.04)

DNS load-balancing two equal nexthops is not fair

Emails are sent from a machine running Postfix 2.5.0. They are generated
by software as a batch (triggered by certain events from outside), and
injected very quickly into the local Postfix instance, which never sends
out email directly to the Internet, but only through some Postfix
gateways on other machines.

Destinations are very diverse, by domain and by username, but there's
only one destination per message (no mass distribution of same message).

I want to "load balance" the outbound email between two Postfix
gateways, each one running 2.7.0.

Thunderbird 3.1 update?

Anyone knows if Thunderbird is going to be updated to 3.1 in the repository?

If yes, I'll wait. If no, I'll just install the 3.1 version in a local

dealing with Yahoo slowness

There seems to be a massive difference between the speed of various
providers, in terms of accepting messages for delivery. Yahoo stands out
as, by far, the slowest of the big ones.

Because the messages are legitimate, we signed up for the email feedback
loop with Yahoo, so that messages flagged as spam by Yahoo users are
reported back to us, so we can silence notifications for those accounts.
That didn't seem to help.

Messages just accumulate in the deferred queue and stay there
for a long time.

an IM client that's not totally broken?

Installed Ubuntu 9.10 when it came out. Tried to use Empathy, but
quickly gave up: new messages were barely noticeable. It's like the
application tries really hard to hide new messages from me. Horrible.

Went back to Pidgin, which is slightly better, but still broken. New
messages are minimized by default. I am still missing communications,
people may be thinking I ignore them. :-( All this due to a stupid
policy of minimizing new messages.

How can I modify this setting and allow new IM messages to pop-up as
normal windows? (NOT minimized)

This is very frustrating.

Empathy sucks, the most poorly written IM app ever

Bug report, feel free to subscribe:

<a href="" title=""></a>

So, let me get this straight: this is an IM application, it's for
communication, yet it manages to hide the new messages so well that I'm
almost always missing them.

When I receive a new message, I want a good visual clue as to what
happened. Opening a new window *minimized* is not a good visual clue.
This application is just, I don't know, the equivalent of a socially
challenged person.

anyone? success with smtpd_tls_req_ccert and iPhone as client?

Using smtpd_tls_req_ccert=yes on port 587.

submission inet n - - - - smtpd
-o smtpd_tls_cert_file=/blah/server.crt
-o smtpd_tls_key_file=/blah/server.key
-o smtpd_tls_CAfile=/blah/ca.crt
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_loglevel=2
-o smtpd_tls_req_ccert=yes
-o smtpd_tls_session_cache_database=btree:${data_directory}/smtpd_scache
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_auth_enable=yes

real-world issues with smtpd_tls_ask_ccert?

I'm setting up SASL with TLS for remote clients. As an additional
security measure, I would like the server to ask the email clients to
present their client certificates. According to the docs, this is
accomplished with:

smtpd_tls_ask_ccert = yes

But there are some ominous warnings about broken MTAs which may have
problems when delivering to Postfix if this option is used. If I
understand correctly, the broken delivery should only occur when those
MTAs attempt to do TLS to Postfix.