2013

Using ezjail-admin archive to create a new jail, almost like an existing jail

Leave a Comment / ezjail, FreeBSD, Jails, PostgreSQL / By /

I use FreeBSD Jails. I use them a lot. I have jails for websites. I have jails for regression testing, mail servers, OpenVPN servers, etc. I like jails for many reasons. One of which is being able to create a new jail which is pretty much identical to another jail, except for a few things. In this case, I wanted to create a new jail to do regression testing for Bacula, the best […]

Using ezjail-admin archive to create a new jail, almost like an existing jail Read More »

One StartCOM cert works; the other does not

Leave a Comment / Open Source / By /

Following on from the StartCOM verus Apple issues I mentioned yesterday, I have created a new 4K certificate from StartCOM. Apple has no problem with that certificate. I was in the process of setting up some test servers: Dovecot with a 2048-bit cert Dovecot with a 4096-bit cert Cyrus with a 2048-bit cert Cyrus with a 4096-bit cert I started with Dovecot and was testing each one as I set it up. As

One StartCOM cert works; the other does not Read More »

Postfix client certificate verification

Leave a Comment / FreeBSD, Mail, Open Source, Postfix / By /

I decided to set up some of my mail servers to require certification authentication on the submission port (587). In my case, I want to forward mail from my server at home to my public servers out there on the Internet. I don’t want just anyone to be able to submit mail here, so the easiest way for me do to this was with certification. I could have done it with IP addresses,

Postfix client certificate verification Read More »

mail.app on Apple OSX and IOS fail when connecting to 4096-bit StartCOM certificates

Leave a Comment / Security / By /

NOTE: this post title is inaccurate. It was not until later that I discovered the problem was related to 4908-bit certs, not 4096-bit certs. I appear to have found a bug with OSX and iOS. Neither one can handle a 4096-bit certificate by StartCom. Changing to a 2048-bit cert allowed the connection. I have not tested 4096-bit certs from other issuers. The scenario in question is an IMAP server running Dovecot. I tested

mail.app on Apple OSX and IOS fail when connecting to 4096-bit StartCOM certificates Read More »

Unable to load config info from /etc/ssl/openssl.cnf

Leave a Comment / General / By /

There I was, just minding my own business, creating a new certificate request, when bang! I got hit with this: # openssl sl genrsa -des3 -out imaps.unixathome.org.key 2048 Generating RSA private key, 2048 bit long modulus ………………………………………………+++ ……………………………………………………………………………..+++ e is 65537 (0x10001) Enter pass phrase for imaps.unixathome.org.key: Verifying – Enter pass phrase for imaps.unixathome.org.key: # openssl req -new -key imaps.unixathome.org.key Unable to load config info from /etc/ssl/openssl.cnf What? Are you in a jail?

Unable to load config info from /etc/ssl/openssl.cnf Read More »

different times despite running ntpd

Leave a Comment / FreeBSD, Nagios, nrpe / By /

Last week, while at EuroBSDCon in Malta, I noticed that one of my servers had the wrong time. It was Bacula who told me, through this message in one of the backup jobs: 28-Sep 21:59 nyi-fd JobId 144899: DIR and FD clocks differ by -5 seconds, FD automatically compensating Fixing the time I connected to all my systems, and ran date(1). One system was by 2 seconds, and another was off by 5

different times despite running ntpd Read More »

Things to do

Leave a Comment / FreeBSD, Mail, Open Source, Postfix / By /

I have a number of things I want to get done in the short term: remove the mail server on my gateway box at home and start using a mail server on an internal box Configure my external mail servers (out there on the Internet) to use TLS when talking to each other Configure those same servers to accept mail from that new internal mail server Stop using Postfix on servers which only

Things to do Read More »

postfix/postdrop: warning: uid=0: File too large

4 Comments / Postfix / By /

NOTE added 2013-11-10: I think I found the cause. Read about it in this FreeBSD Forums post. I’ve seen seeing the following in the mail log for my imap server. The mail messages in question are the daily run and security run emails that go out from FreeBSD machines. They aren’t big. As shown above, you can see one was only 1157 bytes. What is curious about this setup: the imap server runs

postfix/postdrop: warning: uid=0: File too large Read More »

ZFS system hits high load during scrub

Leave a Comment / FreeBSD, Open Source, ZFS / By /

My ZFS system hits a high load average every week during its scrub. Here is what top looks like after I pressed i and then S: last pid: 42049; load averages: 3.78, 3.26, 3.42 up 18+13:47:14 11:43:01 220 processes: 3 running, 216 sleeping, 1 waiting CPU: 7.5% user, 0.0% nice, 12.8% system, 1.2% interrupt, 78.5% idle Mem: 765M Active, 236M Inact, 8667M Wired, 17M Cache, 3284M Buf, 22G Free Swap: 8192M Total, 2404K

ZFS system hits high load during scrub Read More »

named and forwarding

Leave a Comment / DNS, Open Source / By /

In your named.conf, you will find this: I have always turned that on. I like to use my upstream hosts. Today, I turned it of, because of this: $ host lkjsdf lkjsdf has address 199.101.28.20 Host lkjsdf not found: 3(NXDOMAIN) What’s that IP address? That’s not relevant, but it is important. It’s the hostname of a web assistant engine. My upstream has decided to implement what I think is a dirty hack. I

named and forwarding Read More »

Scroll to Top