Back to Home / #linode / 2018 / 09 / Prev Day | Next Day
#linode IRC Logs for 2018-09-21

---Logopened Fri Sep 21 00:00:59 2018
00:07-!-CodeMouse92 [] has quit [Quit: Oh freddled gruntbuggly | Thy micturations are to me | As plurdled gabbleblotchits | On a lurgid bee]
00:09-!-NomadJim [~Jim@2001:5b0:2d1f:5ee8:4c6f:9053:871c:e72d] has quit [Read error: Connection timed out]
00:10-!-NomadJim [~Jim@2001:5b0:2d1f:5ee8:4c6f:9053:871c:e72d] has joined #linode
00:10-!-NomadJim is "Nomad" on #linode
00:27-!-NomadJim [~Jim@2001:5b0:2d1f:5ee8:4c6f:9053:871c:e72d] has quit [Read error: Connection timed out]
00:27<dwfreed>Woet: lol
00:27-!-NomadJim [~Jim@2001:5b0:2d1f:5ee8:4c6f:9053:871c:e72d] has joined #linode
00:27-!-NomadJim is "Nomad" on #linode
00:31-!-NomadJim [~Jim@2001:5b0:2d1f:5ee8:4c6f:9053:871c:e72d] has quit []
01:07-!-NomadJim [~Jim@] has joined #linode
01:07-!-NomadJim is "Nomad" on #linode
01:13-!-FenderBender38 [] has joined #linode
01:13-!-FenderBender38 is "OFTC WebIRC Client" on #linode
01:15<FenderBender38>so... cant seem to resize my ext4 disk to a larger size.. says it cannot determine filesystem. running a linode in direct disk mode and freepbx boots just fine. i think it just hates me :(
01:15<FenderBender38>cant image it either, which grrr
01:17<MrPPS>as in, the linode console says that, or your actual server says that?
01:17<FenderBender38>the console. try to do in linux but it sees the free space as a separate drive, not appended to sda
01:18<MrPPS>that's weird - are you running one of linodes images, or have you done some custom stuff? if it's one of their images, presumably you'd be able to contact support and find out
01:18<FenderBender38>so basically the only option i see as a dev is to image the system and repartition
01:18<MrPPS>seeing as that *shouldn't* happen
01:18<FenderBender38>but images cant be over 2gb
01:19<FenderBender38>can we direct clone to cloud and back again?
01:19<MrPPS>you can clone from one linode to a blank linode
01:19<FenderBender38>yeah, only have the one
01:20<MrPPS>yeah, so you can just deploy a blank one
01:20<MrPPS>clone to that
01:20<MrPPS>then clone back
01:20<FenderBender38>got freepbx14 running great with video calling over gswave, mint, installed a gui over top and backdoored my way into getting openvpn server.... then the low space alert
01:21<FenderBender38>ill try it
01:22<MrPPS>but, given you're mucking around with disk resizing etc
01:22<MrPPS>have them, have them tested
01:25<FenderBender38>for sure..
01:30-!-Shentino [] has quit [Remote host closed the connection]
01:44-!-scorche [~scorche@] has joined #linode
01:44-!-scorche is "_" on #linode
02:05<FenderBender38>but wait, after i trying to figure out how to move this installation (partitions and all) to just a larger drive. doesnt seem to be a mechanism to do that in the manager
02:08-!-Shentino [] has joined #linode
02:08-!-Shentino is "realname" on #linode @#tux3
02:13-!-VladGh [] has quit [Ping timeout: 480 seconds]
02:35-!-eyepulp [] has quit [Remote host closed the connection]
02:37-!-Shentino [] has quit [Remote host closed the connection]
02:37-!-VladGh [] has joined #linode
02:37-!-VladGh is "Vlad" on #linode
02:50-!-FenderBender38 [] has quit [Quit: Page closed]
02:50-!-VladGh [] has quit [Ping timeout: 480 seconds]
02:54-!-razordev [] has joined #linode
02:54-!-razordev is "OFTC WebIRC Client" on #linode
02:56-!-Shentino [] has joined #linode
02:56-!-Shentino is "realname" on #linode @#tux3
02:59-!-VladGh [] has joined #linode
02:59-!-VladGh is "Vlad" on #linode
03:11<razordev>normally how many days it takes to verify an account?
03:14-!-wasanzy [~oftc-webi@] has joined #linode
03:14-!-wasanzy is "OFTC WebIRC Client" on #linode
03:17-!-Juan_Tek [~Thunderbi@2a02:1205:34f8:16b0:bd00:5f25:e86a:9554] has joined #linode
03:17-!-Juan_Tek is "Juan_Tek" on #linode
03:18-!-Shentino [] has quit [Remote host closed the connection]
03:19-!-razordev [] has quit [Quit: Page closed]
03:21-!-Shentino [] has joined #linode
03:21-!-Shentino is "realname" on #linode @#tux3
03:28-!-leong [~oftc-webi@] has joined #linode
03:28-!-leong is "OFTC WebIRC Client" on #linode
03:28<leong>i need 24 server host on the cloud
03:29<leong>need the quote
03:33<leong>any email ?
03:35-!-Juan_Tek1 [] has joined #linode
03:35-!-Juan_Tek1 is "Juan_Tek" on #linode
03:36<dwfreed>But support are pretty much just going to point you to the pricing page
03:36-!-Juan_Tek [~Thunderbi@2a02:1205:34f8:16b0:bd00:5f25:e86a:9554] has quit [Read error: Connection reset by peer]
03:36-!-Juan_Tek1 is now known as Juan_Tek
03:43<wasanzy>Can anyone here advise if Linode is the best platform to use in terms of enterprise services which require a very high security? Considering this because the platform will be used for payment cards processing and this require PCI certification
03:44<dwfreed>Linode runs itself on Linodes, and they have PCI compliance (have since forever)
03:50-!-Shentino [] has quit [Remote host closed the connection]
03:50<wasanzy>But they don't have a firewall solution as in a device that can protect their customers unless they make use of a software firewall eg iptables ... is that not a problem? I mean having your application server act as a firewall and same time processing application requests etc.
03:51<erik_>wasanzy: Well. You could have a separate linode doing that task
03:51<Woet>wasanzy: what made you think iptables is not a capable firewall?
03:51<Woet>wasanzy: or nftables. fyi, most commercial firewalls are just an interface for one of those.
03:52<erik_>wasanzy: But saying that. It sounds to me that you are more concerned about availability and security than cost. There might be other providers out there who can provide a wider range of services that might suit your needs better.
03:52-!-Shentino [] has joined #linode
03:52-!-Shentino is "realname" on #linode @#tux3
03:53<erik_>wasanzy: Linode are very good at what they do though but many things that other providers might provide you would have to do yourselves if hosting on Linode. Nothing wrong with that if you have the skills and the time for it.
03:53<wasanzy>Woet: I am not saying iptable is not capable firewall, my only concern is having one server act as a firewall and application server and database. I know iptable is a versy strong firewall software.
03:53<Woet>wasanzy: I don't know what that concern is based on.
03:55<wasanzy>erik_; well, security is very paramount, so am very concern about security.
03:56<erik_>wasanzy: Most likely any security issues will be in the application
03:56<Woet>wasanzy: perhaps someone familiar with security should be concerned about security?
03:57<wasanzy>Woet: My concern is based on the pressure that will be on the server if it has to act as a firewall and application server and database server.
03:57<wasanzy>A server with just 8GB Ram
03:57<erik_>wasanzy: Firewalling is not a task that takes a lot of power
03:57<Woet>wasanzy: anyways, that's baseless. again, I'd recommend someone with actual security knowledge to be concerned about your security.
03:57<erik_>wasanzy: Not at the traffic levels a 8GB Linode could handle at least
03:58<erik_>wasanzy: you would not notice it at all
03:58<grawity>basic firewalls practically don't need RAM
03:59<grawity>maybe large IDSes do
04:00<wasanzy>And this will be enough to handle DDoS attacks?
04:00<Woet>wasanzy: no, it will not.
04:01<Woet>wasanzy: you said PCI compliance. DDoS has nothing to do with that.
04:01<Woet>wasanzy: I'm still confused, if security is so paramount, why don't you hire someone with security experience?
04:02<wasanzy>Woet: well securring the server is not only about PCI, is about securing the system from all forms of attacks. that is my point
04:02<Woet>wasanzy: but a DDoS attack has nothing to do with security.
04:03<Woet>wasanzy: Linode doesn't offer any DDoS protection, if that's your question.
04:04<erik_>wasanzy: What is your budget for this project?
04:04<Woet>erik_: $5 ought to be enough
04:04<erik_>Woet: Trying to get a sense of what the budget vs expectations are
04:05<Woet>yea, they're definitely out of sync.
04:05<erik_>there are solutions for these concerns but it is a different budget than a 8GB Linode
04:07<wasanzy>Woet: Are you saying DDoS attack is not a security treat?
04:07<Woet>wasanzy: nothing to do with PCI, that's for sure.
04:08<Woet>wasanzy: and an entirely different problem and solution
04:09<wasanzy>I never said DDoS has somthing to do with PCI, I was talking about computer security in general
04:09<wasanzy>here is the my case:
04:09<erik_>security in general in my optionion comes to CIA
04:10<erik_>Confidentiality, Integrity. Availability
04:10<Woet>you have the best optionions.
04:10<erik_>The correct levels of each is depending on the requirements for the application in question
04:11<wasanzy>I want a secure enviroment to protect the systems from all kinds of attacks including DDoS attack. the PCI aspect is just to secure certificate for payment processing. If I should be certified yet a DDoS attack is able to go through, then the certficate makes no sense to me.
04:11<dwfreed>a secure environment has nothing to do with DDoS
04:11<erik_>for some 90% availability might be fine. for others 99.99 is paramount
04:11<dwfreed>which is what Woet has been trying to say for the last 5 minutes
04:11<Woet>dwfreed: I mentioned the like 3-4 times at this point
04:11<erik_>wasanzy: What availability does your application require?
04:12<Woet>wasanzy: ok, I hinted at this a few times now, I'll be up front. why are you the guy working on this? rather than someone familiar with security?
04:12<dwfreed>The digital equivalent of Fort Knox could still be DDoSed
04:13<wasanzy>erik_: yes CIA is very important to the business. The application provides services that thousands of users need aviabale at least 99.9% of uptime. we need to maintain their confidentiality and also protect the integrity
04:14<Woet>wasanzy: 99.9% means it can be offline 43 minutes a month
04:14<Woet>just fyi.
04:14<Woet>or nearly 9 hours a year
04:15<erik_>wasanzy: Your uptime requirements. Is it including or excluding scheduled maintenance?
04:16<erik_>wasanzy: Eg, deploying new version of application, upgrading software, general hardware maintenance and so on
04:16<Woet>we're discussing like 3-4 different things at the same time
04:16<Woet>and i'm still not sure how it's related to Linode
04:16<erik_>Woet: I am trying to figure out if wasanzy has a realistic budget to achieve what he wants
04:16<wasanzy>Woet: yes I know about the 99.99% uptime.
04:17<Woet>well, they're definitely not the right person to be working on this in the first place
04:17<Woet>that's more concerning than the lack of budget
04:17-!-leong [~oftc-webi@] has quit [Quit: Page closed]
04:17<erik_>Woet: Well, if there is a proper budget skills can be hired in
04:17<wasanzy>erik_: it includes maintaince, nothing is to affect the uptime
04:17<Woet>erik_: then we shouldn't be talking to them in the first place
04:18<erik_>wasanzy: Ok, that is doable on Linode but I would probably not choose Linode as my first choise if I had those requirements
04:20<erik_>wasanzy: You need a proper budget, people with previous experience setting things like this up. Either partner with a hosting provider who can provide you with a managed platform for your application
04:20<erik_>or hire staff yourself
04:21<Woet>or just use any token service like Stripe
04:22<wasanzy>dwfreed: I disagreed in a way to say DDoS has nothing to do with a secure environmemt. secure is not only about firewall, but lot of things coming into play like HA and all.
04:22<Woet>wasanzy: only if you have a super weird and uncommon definition of "secure".
04:23<wasanzy>Woet: I don't understand what you mean by they are not the right persons to be working on this in the first place....
04:24<Woet>wasanzy: I don't think someone with limited knowledge of security and servers should be working on securing an unmanaged Linode server for the purposes of storing CC information.
04:25<wasanzy>Woet: it relate to Linode because am tryingi to figure out if Linode is the best platform to chose for my requirements.
04:26<Woet>wasanzy: ask your sysadmin and security people.
04:28<Woet>wasanzy: like I said, I'm not sure why you're the person making that decision.
04:28<erik_>wasanzy: Linode provides unmanaged VPS with some services around it like load balancers and backup and block storage. If your requirements can be fullfilled with that then Linode is fine.
04:28<wasanzy>Woet: I don't get it, the sysadmins can't just get up and know my magic if the platform is the best. they need to ask questions, understand how Linode works and compare it with the requirements. this is what am doing. Maybe you are not getting the points am raising here, I can explain further
04:29<Woet>wasanzy: yea, so let us talk to them.
04:30<erik_>wasanzy: In the price bracket Linode are the best in the business in my opinion
04:30<Woet>wasanzy: Linode offers unmanaged Linux VPSes with some addons like DNS, backups, storage, load balancers and monitoring.
04:31<wasanzy>erik_: Thank you
04:32<erik_>wasanzy: If you want the provider to be able to provide multiple avaliablity zones, auto scaling for load, ddos protection, managed database services for high availability and so on there are other providers that would fit better. For a different price though
04:33<wasanzy>Woet: I am asking the questions because I am the one setting up the severs. which of my questions shows that I don't have sysadmin knowledge? am only trying to understand what Linode has to offer base on my requirements.
04:34<Woet>wasanzy: you thought RAM would be an issue with iptables
04:34<Woet>wasanzy: you thought iptables could protect against DDoS attacks
04:34<wasanzy>erik_: yea sure. I will check on Rackspace as well and compare
04:35<erik_>wasanzy: With your requirements I would probably look towards AWS
04:35<erik_>wasanzy: My experience with rackspace is not so very good
04:35<Woet>wasanzy: storing CC info is a big deal. you need to know what you're doing.
04:35<erik_>wasanzy: I would not recommend anyone to run anything on rackspace to be honest
04:36<wasanzy>Woet: You misunderstood my points. I never said RAM will be an issue with iptables. neighter did I say iptable will protect me against DDoS
04:36<erik_>wasanzy: But, setting AWS up properly requires knowledge too. It is not just point and click
04:36<Woet>wasanzy: if you say so. you don't come across as an experienced sysadmin that's familiar with the security that comes with dealing with CC info.
04:36<dwfreed>there's a reason AWS has certifications that amount to "how to use their web panel"
04:37<erik_>wasanzy: All that you are talking about requires knowledge to do it properly. Based on your questions I believe you might be quite new to this with not much experience running things like this
04:38<erik_>wasanzy: So I would recommend you find a consultant that could help you in the process to ensure that things are done the right way. You will learn a lot from that
04:38<wasanzy>erik_: Why wopuld you not recommend racksapce? I have worked on their managed servers for quite a long time. I setup linux servers from scratch in their managed data centers, not much with their cloud servers though.
04:39<erik_>wasanzy: For me it is mostly unconsistent performance and quite lousy support
04:39<erik_>wasanzy: The availability was fairly good
04:39<wasanzy>Woet: that is your opinion about me though.
04:40<Woet>wasanzy: sure, which happens to match two other people that saw the same questions.
04:40<Woet>wasanzy: so I'm pretty confident it's accurate.
04:40<erik_>wasanzy: But Linode is cheaper and better than Rackspace. At least when it comes to basic unmanaged VPS'es
04:41<wasanzy>erik_: yes sure, Linode is cheaper.
04:42<wasanzy>I will explore AWS as well just as you have suggested
04:42<erik_>wasanzy: Do it. But remember. Doing this correctly is more about the ones setting the things up than the provider
04:43<Woet>yea, none of this has absolutely anything to do with the provider
04:43<wasanzy>erik_: I already wrote a procedure to harden the servers so that won't be a problem. just needed some aditional features.
04:44<Woet>wasanzy: what does your procedure include?
04:46<wasanzy>Woet: for example, how to secure ssh server on the system, user account managment etc...
04:46<Woet>wasanzy: how do you secure your SSH server?
04:48<wasanzy>Woet: this is more like an interview. You want to know if I know what am doing right?
04:48<Woet>wasanzy: you asked us lots of questions, it's only fair if we get to ask some back
04:52<wasanzy>the line of your question is just to prove your point about me. anyway, one way is to disallow password authentication and use ssh key, prevent root login, chagnge default port etc....
04:52<Woet>wasanzy: pretty good. port changing is debatable, but as long as it's below 1024 it can't hurt.
04:56<wasanzy>Woet, well yea port change can be debated but it helps in a way which is why you need something like fail2ban to prevent brute force
04:56<Woet>wasanzy: good luck brute forcing a public key
05:07-!-azwieg103 [] has quit [Remote host closed the connection]
05:42-!-yin [] has joined #linode
05:42-!-yin is "OFTC WebIRC Client" on #linode
05:42<yin>any one online?
05:43-!-yin [] has quit []
05:43-!-yin [] has joined #linode
05:43-!-yin is "OFTC WebIRC Client" on #linode
05:46-!-yin [] has quit []
05:48-!-yin [] has joined #linode
05:48-!-yin is "OFTC WebIRC Client" on #linode
05:49-!-yin [] has quit []
06:11-!-king13 [~oftc-webi@] has joined #linode
06:11-!-king13 is "OFTC WebIRC Client" on #linode
06:11-!-king13 [~oftc-webi@] has quit []
06:22-!-wasanzy [~oftc-webi@] has quit [Remote host closed the connection]
06:35-!-Shentino_ [] has joined #linode
06:35-!-Shentino [] has quit [Read error: Connection reset by peer]
06:35-!-Shentino_ is "realname" on #linode #tux3
06:36-!-Shentino_ [] has quit []
07:02-!-Juan_Tek [] has quit [Quit: Juan_Tek]
07:10-!-Shentino [] has joined #linode
07:10-!-Shentino is "realname" on #linode @#tux3
07:18-!-Ikaros [] has quit [Quit: Heading to work]
07:27-!-Shentino [] has quit [Remote host closed the connection]
07:30-!-Guest1689 [] has quit []
07:30-!-mteufel [] has joined #linode
07:30-!-mteufel is "mteufel" on #linode #tor-project #tor-dev
07:55-!-Cajs|BNC [Cajs@] has joined #linode
07:55-!-Cajs|BNC is "Cajs" on #linode
07:56-!-Cajs [Cajs@2a0a:54c1:6:108::1:1] has quit [Read error: Connection reset by peer]
07:56-!-Cajs|BNC is now known as Cajs
07:56-!-marshmn [~matt@] has joined #linode
07:56-!-marshmn is "Matt Marsh" on #linode
07:59-!-jhq [] has quit [Remote host closed the connection]
08:05-!-leonyan [~oftc-webi@] has joined #linode
08:05-!-leonyan is "OFTC WebIRC Client" on #linode
08:07-!-leonyan [~oftc-webi@] has quit []
08:08-!-marshmn [~matt@] has quit [Ping timeout: 480 seconds]
08:10-!-jback [] has joined #linode
08:10-!-jback is "Jasper Backer (jhq)" on #anmd #debian-next #linode
08:21-!-jback [] has quit [Remote host closed the connection]
08:32-!-jback [] has joined #linode
08:32-!-jback is "Jasper Backer (jhq)" on #anmd #debian-next #linode
08:51-!-acald3ron [] has joined #linode
08:51-!-acald3ron is "Armando" on #linode #debian-next #debian-mx #debian-es
08:56-!-eyepulp [] has joined #linode
08:56-!-eyepulp is "eyepulp" on #linode
08:57-!-eddy_ [~oftc-webi@] has joined #linode
08:57-!-eddy_ is "OFTC WebIRC Client" on #linode
08:58-!-_eyepulp [] has joined #linode
08:58-!-_eyepulp is "eyepulp" on #linode
08:59-!-eddy_ [~oftc-webi@] has quit []
09:01-!-anomie [] has joined #linode
09:01-!-anomie is "Anomie" on #linode
09:04-!-eyepulp [] has quit [Ping timeout: 480 seconds]
09:04-!-ntox [~textual@] has joined #linode
09:04-!-ntox is "Textual User" on #ovirt #linode
09:08<LouWestin>Anyone hear about Linus temporarily taking a break from Linux? Apparently there was complaints about him being too vulgar.
09:17<nate>He's always been vulgar, he just apparently finally realized it himself
09:18<nate>though to be fair he hasn't been the primary maintainer of a kernel release since somewhere in the 2.4 version I think up until the current one he opt'd to handle
09:18<Woet>he just says fuck/shit every now and then
09:18<Woet>we're all adults
09:19<Woet>but it's not very politically correct and that's what 2018 is all about
09:21<DrJ>props to anyone who doesn't follow the PC bullshit of this era
09:21<DrJ>oh crap, I think I'm racist now
09:22<trippeh>nah, just an asshole.
09:31-!-Shentino [] has joined #linode
09:31-!-Shentino is "realname" on #linode @#tux3
09:48-!-acald3ron [] has quit [Remote host closed the connection]
10:01<LouWestin>I’m not into the whole political correctness fad. If swearing is required to get your point across, then so be it. I agree with Linus’s opinion that he’d rather be genuine than be polite and fake.
10:03<LouWestin>I’ve used “vulgarness” when all other avenues didn’t work or get the point across.
10:07<dzho>I think you miss the point if you think this is about the use of vulgarity.
10:07<dzho>I don't think we'd be here if his usage were, for example, of the form "oh wow this patch is fucking great!"
10:08<Woet>yea, his usage is "you're a fucking awful developer stop ruining my kernel"
10:08<Woet>perfectly acceptable
10:09<dzho>that's why everyone is so content
10:10<nate>I liked when development was just treated as a form of personal expression to an extent and we could write goofy ass frameworks/classes/etc that these days people would toss a fit and a half over lol
10:11<dzho>world domination is a Faustian bargain
10:11*nate can only imagine what some portions of certain communities would have thought about his original iteration of his 'EMO' error object in PHP
10:12<LouWestin>I’m probably missing the point.
10:13<LouWestin>Though he does make it interesting. Lol
10:13<nate>LouWestin: To my comment or linus?
10:13<nate>Ah, I don't really think there's a point, I mean maybe he did simply have a self reflection moment that he can be a bit overly brutal at times
10:14<nate>and that maybe he should chill out as he approaches nearly 50 :P
10:15<LouWestin>I think he’s around my age, maybe a couple years older, so i can relate to the “I don’t care what anyone thinks about me.”
10:15<LouWestin>Though I learned fairly quickly that development is NOT for me.
10:16<nate>he's 48 if I recall
10:16<LouWestin>Ok. Almost 8 years a head of me.
10:16<nate>like I said, approaching nearly 50 :P
10:17<LouWestin>Lol. Eh, maybe the break will do him good anyway.
10:23<hawk>Indeed, if the point being made is along the lines that the main problem is not the vulgarity in itself but rather the complete beratement that occurs every so often when there is a disagreement and, in turn, the problems that causes for the community, I'd agree with that view.
10:27<hawk>As for the "break", it didn't sound like the point was to "take a break" so much as needing to free some time where he could get some help to essentially improve team communication skills.
10:40-!-ntox [~textual@] has quit [Quit: ntox]
10:40<hawk>As for making it into "waa-waa political correctness waa-waa", I find that reaction pretty tiresome, personally. Surely it's better if he is less of an asshole to the people involved in the community, purely looking at it from the perspective of the health of the project, not level of vulgarity on the lkml or whatever?
10:53-!-thegodlikehobo_ [] has joined #linode
10:53-!-thegodlikehobo_ is "thegodlikehobo" on #linode
10:54-!-thegodlikehobo [] has quit [Read error: Connection reset by peer]
10:57-!-azwieg103 [] has joined #linode
10:57-!-azwieg103 is "Andrew B. Zwieg" on #linode #lunchdudes
11:10-!-acald3ron [] has joined #linode
11:10-!-acald3ron is "Armando" on #linode #debian-next #debian-mx #debian-es
11:22-!-jeremiah_ [] has quit [Quit: jeremiah_]
11:25-!-jeremiah_ [] has joined #linode
11:25-!-jeremiah_ is "Jeremiah C. Foster" on #linode
12:09-!-acald3ron [] has quit []
12:27-!-_01122 [~oftc-webi@] has joined #linode
12:27-!-_01122 is "OFTC WebIRC Client" on #linode
12:27-!-_01122 [~oftc-webi@] has quit []
12:31-!-jeremiah_ [] has quit [Quit: jeremiah_]
12:38-!-kaare_ [] has quit [Quit: Konversation terminated!]
12:38-!-kaare_ [] has joined #linode
12:38-!-kaare_ is "Kaare Rasmussen" on #linode
12:40<grawity>hawk: that's the thing, there are people who believe that the leader being an asshole was better for the project...
13:04<millisa>last time he took a break, this little tool called 'git' showed up.
13:14-!-ntox [~textual@] has joined #linode
13:14-!-ntox is "Textual User" on #ovirt #linode
13:18-!-jeremiah [] has joined #linode
13:18-!-jeremiah is "Jeremiah C. Foster" on #linode
13:18-!-jeremiah is now known as Guest992
13:19<nate>grawity: I mean it got them pretty frequent attention and it seems any sort of attention is good attention these days people act like
13:24-!-kaare_ [] has quit [Quit: Konversation terminated!]
13:42<chesty>git turned up because linus needed it to manage the kernel source code. linux turned up because linus needed it. the scuba app turned up because linus needed it. while he has fun coding, he doesn't code for fun, he codes to solve a problem he has. what code is going to fix his self describe lack of empathy?
13:45<millisa>are you suggesting he isn't a cyborg?
13:47<grawity>chesty: if I had to guess, he'll be writing skynet next
13:49-!-marshmn [] has joined #linode
13:49-!-marshmn is "Matt Marsh" on #linode
14:10-!-BryanBlack [] has joined #linode
14:10-!-BryanBlack is "OFTC WebIRC Client" on #linode
14:11<BryanBlack>Hi, which ports are closed on vps?
14:11<millisa>None of 'em
14:11<millisa>It's up to you to setup your firewall and open ports
14:11-!-BryanBlack [] has quit []
14:24<linbot>New news from community: Test <>
14:28<darwin>does Linode filter port 113 or could that just be my linode's configuration? I need it for IRC...
14:29<LouWestin>Filter as in block?
14:29<dwfreed>do you have an identd running?
14:30<darwin>I guess. I have it running from inetd
14:30<dwfreed>do you have a firewall configured to block 113 ?
14:31<grawity>is your inetd listening on both and [::]:113?
14:32<darwin>when it runs from inetd it just starts when a program asks for it on that port
14:32<darwin>oh, yes
14:32<darwin>or if it is, it's only on but I also manually run ident on [::]::113
14:33<grawity>can you successfully connect to both at and [::1]:113?
14:33<dwfreed>what's your Linode's IP?
14:33-!-drussell[m] [~drussellm@2001:470:1af1:101::2570] has joined #linode
14:33-!-drussell[m] is "" on #linode
14:34<dwfreed>works here
14:35<grawity>looks firewalled here
14:35<grawity>'here' being Linode London
14:35<darwin>how would I connect to them to test them?
14:36<dwfreed>grawity: weird, socat didn't give me a nice error message
14:36<dwfreed>but nmap tells me filtered
14:37<grawity>well, the only error message you'd get in this case is "timed out"
14:39<dwfreed>it didn't give me an error at all
14:40<dwfreed>but yeah, 113 specifically comes back as filtered when everything else not in use in the low ports comes back closed
14:43<darwin>isn't there an option in my linode configuration to set it unfiltered?
14:43<grawity>it's not filtered by linode configuration
14:44<grawity>it's most likely filtered by something *inside* your linode
14:44<darwin>it's not
14:44<dwfreed>pastebin iptables-save
14:44<grawity>how are you sure about that?
14:44<grawity>are you not even receiving the TCP SYNs in tcpdump?
14:45<darwin>my OS doesn't come with a firewall setup by default. If you want one, you have to install one from elsewhere
14:45<dwfreed>what are you running
14:45<darwin>Slackware 14.2 up-to-date stable
14:45<dwfreed>Linux has a firewall built into it
14:45<dwfreed>Slackware is a distribution of Linux
14:46<grawity>dwfreed: "built in" does not mean "set up by default"
14:46<grawity>however, I would double-check anyway
14:46<grawity>but the firewall comes later, in any case
14:47<grawity>can you confirm that your eth0 isn't receiving any TCP SYNs for port 113 even if you try to connect?
14:47<darwin>how do I do it?
14:47<grawity>tcpdump -e -n -i eth0 'tcp port 113'
14:47<grawity>then connect from outside to your server, using e.g. nc or telnet
14:50<darwin>there's some output from that but I don't know how to read it. It's not saying TCP SYN
14:50<darwin>nmap told me it's filtered, on the server
14:50<darwin>and other ports aren't
14:50<drussell[m]>It's been a LONG time since I worked at Linode, but erm, what data centre are you in darwin? If you're in Atlanta, they filter some ports.
14:50<drussell[m]>At the DC level.
14:50<dwfreed>drussell[m]: Linode doesn't use DC transit anymore
14:50<dwfreed>in any DC
14:50<millisa>looks like SJ anyways
14:50<dwfreed>so that filtering doesn't apply
14:51<drussell[m]>dwfreed: Wasn't aware of that, ok :P
14:51<grawity>darwin: specifically you're supposed to see, if nothing else, then:
14:51<grawity>21:51:16.520530 f2:3c:91:18:05:b7 > 00:00:0c:9f:f0:0b, ethertype IPv4 (0x0800), length 74: > Flags [SEW], seq 2703234167, win 29200, options [mss 1460,sackOK,TS val 2207484831 ecr 0,nop,wscale 7], length 0
14:52<dwfreed>or something that looks like that
14:52<grawity>well, with different MACs, but the same remainder
14:52<dwfreed>millisa: you mean Fremont?
14:52<millisa>yes, that evil place
14:53<grawity>shh, it's called "us-west" now.
14:54<grawity>darwin: the "Flags [SEW]" or "Flags [S]" (varies) indicates an attempt to establish a TCP connection
14:54<grawity>darwin: if you see such lines in tcpdump, then the connection attempt reaches your linode without filtering
14:55<darwin>ok, I see those lines
14:56<grawity>good, then the problem is with your OS
14:56*grawity stops the `while true; do nc` script
14:58<darwin>no, the problem isn't with my OS; it's with oident
14:58<dwfreed>either way, we've established that it's definitely not Linode filtering it
14:58<grawity>close enough
14:59<grawity>tbh I would suggest xinetd instead of an outdated IPv4-only inetd
14:59<grawity>I used to run oidentd and other stuff through it
15:00<grawity>config format is different but it's still not systemd
15:00<darwin>no, it's not close enough. Oidentd isn't part of Slackware
15:00<kenyon>oidentd has been working fine for me on linode for years, dual stack
15:00<grawity>well, oidentd isn't part of Linode either
15:01-!-kaare_ [] has joined #linode
15:01-!-kaare_ is "Kaare Rasmussen" on #linode
15:01<dwfreed>you could also just run oidentd as a daemon instead of through inetd
15:01<darwin>it seems it won't work for IPv4 and IPv6 at the same time when you do that
15:02<grawity>it should in the latest version
15:02<grawity>yes, after many years, oidentd finally has new versions coming out
15:02<dwfreed>oidentd definitely runs dual-stack
15:02<kenyon>wfm dual stack standalone daemon
15:03<dwfreed>have 2.0.8 on this host
15:03<grawity>I have `curl [-4|-6]` for my ident testing needs
15:04<darwin>I have 2.1.0
15:04<dwfreed>grawity: nice
15:05<grawity>I seem to recall older versions did *run* dual-stack but didn't always *find the info* in /proc, due to depending on ooooold conntrack files
15:05<grawity>some distros carried patches for this, others didn't, Slackware almost definitely doesn't
15:05<grawity>IIRC, that was one of the issues fixed in 2.3.x
15:05<grawity>hell, I even used to patch it myself for a short while
15:06<LouWestin>dwfreed: What’s a recommended irc daemon?
15:07<grawity>at this point I'd say inspircd
15:10<grawity>not nearly as eww as half of the charybdis dev team
15:11<dwfreed>grawity: according to my strace, the oidentd in ubuntu 16.04 asks via netlink socket who owns the connection
15:11<grawity>that might be one of the patches
15:11<grawity>pop quiz: is someone trying to use my openvpn server for DDoS reflection?
15:12<grawity>because that's not one of my usual clients' IP addresses (my VPN server's clients being me, me, and me)
15:13<dwfreed>grawity: not a really a good reflection
15:13<darwin>well you were right, I reenabled default ident instead, now nmap says the port is open. So, it was something about running oidentd from inetd
15:13<darwin>though the default ident does not even work for IRC
15:14<LouWestin>dwfreed: Ok thanks
15:15<grawity>(ok, correction to be fair: the parts of the charybdis dev team which worked on the C++ port. Kind of permanently ruined it for me.)
15:16<LouWestin>And thanks grawity
15:16<dwfreed>grawity: the C++ port is dead
15:16<darwin>I upgraded oidentd to 2.3.1. Would I need to run it with any special command (or not) for dual-stack? I currently was running it 'oidentd -a ::' for IPv6, then the inetd was supposed to handle it for IPv4 but apparently didn't...
15:17<grawity>dwfreed: you know why I was thinking it's a reflection? the TTLs are *way* too high compared to ping replies from the same host
15:18<grawity>darwin: whether :: includes IPv4 or not depends on `sysctl net.ipv6.bindv6only`
15:20<darwin>I couldn't find that but the curl thing seems to show it works for both now
15:21-!-marshmn [] has quit [Ping timeout: 480 seconds]
15:22-!-ntox [~textual@] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
15:24<linbot>New news from community: PTY allocation error <>
15:25-!-ntox [~textual@] has joined #linode
15:25-!-ntox is "Textual User" on #ovirt #linode
15:30-!-Guest992 [] has quit [Quit: Guest992]
15:31-!-darwin [~d@] has quit [Quit: Hail to the forest glade! Hail Sherwood!]
15:49-!-marshmn [] has joined #linode
15:49-!-marshmn is "Matt Marsh" on #linode
16:01-!-kaare_ [] has quit [Ping timeout: 480 seconds]
16:07-!-Rudy [] has quit [Quit: ZNC 1.7.1 -]
16:08-!-Rudy [] has joined #linode
16:08-!-Rudy is "Rudy Valencia" on #virt #moocows #linode #Corsair #pandorah
16:12-!-bumbleVole [] has joined #linode
16:12-!-bumbleVole is "bumbleVole" on #linode
16:14<bumbleVole>hi, can someone please help me with my nginx/ubuntu ssl and redirect (www to non-www) config... i am completely at a lost.i think the redirect has to work first, before i can properly configure ssl, right? i have the letencrypt cert working fine, i just don't know whats wrong with my dns settings (the guides i have found suggest using @ wildcare, but the linode dns doesnt allow for it, instead i am using * that equivalent?)
16:14<bumbleVole>or if it is something wrong with my nginx config...
16:14<dwfreed>@ is not a wildcard
16:15<bumbleVole>wait, actually, under A records, right now i have hostname nothing to my ip address and www to my ip address
16:15<bumbleVole>i have had * previously
16:15<bumbleVole>and mail to my ip addy
16:15<bumbleVole>not using any CNAME, TXT, CAA or SRV records...
16:17<bumbleVole>dwfreed: oh...
16:17<bumbleVole>this is my nginx vhost config...
16:20<dwfreed>in order to redirect from www to bare, you want two separate server blocks
16:21<bumbleVole>is each server block a carbon copy of what i have, except one is www and the other non-www?
16:21<bumbleVole>how does nginx know that you want the redirect from www to bare?
16:21<dwfreed>I mean, the www one doesn't need most of that
16:21<dwfreed>you tell it
16:23<bumbleVole>should i do the non ssl solution first to make sure it works?
16:23<bumbleVole>dwfreed: is my DNS fine?
16:24<dwfreed>as long as the bare domain and www return the same IP addresses, yes
16:26<bumbleVole>and how long should i wait to test it, to make sure it works, before trying to change anything else?
16:26<bumbleVole>i have TTL set to default
16:27-!-ntox [~textual@] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
16:29<bumbleVole>dwfreed: when i do nginx -t i get this warning, which i've had before. is it safe to ignore?
16:31-!-marshmn [] has quit [Ping timeout: 480 seconds]
16:33<dwfreed>you should only have one server block for each name
16:34<bumbleVole>i thought i needed two server blocks for redirects?
16:35<dwfreed>you do, but that message is telling you you have 2 server blocks that have the same name
16:35<dwfreed>one server block should have 'server_name;' and the redirect to the bare domain, and the other should be 'server_name;'
16:37<bumbleVole>does this look right (just need to add the ssl info from letsencrypt's certbot...)
16:38<bumbleVole>hm, well i'm still getting that warning
16:38<bumbleVole>i don't understand
16:38<dwfreed>do you have another file with server blocks in it?
16:39<bumbleVole>oh maybe my backup file in sites-enabled is still being referenced
16:40<bumbleVole>that would make sense
16:40<dwfreed>remove backup files from sites-enabled
16:40<dwfreed>you can keep them in sites-available
16:40<bumbleVole>i figurd if it werent named .conf it would be ok
16:42<millisa>nginx -T might also help you tell if odd files are getting included that you dont expect
16:43-!-anomie [] has quit [Quit: Leaving]
16:44<bumbleVole>on the certbot, it is asking this. do you know what i should select?
16:44<bumbleVole>1: No redirect - Make no further changes to the webserver configuration.
16:44<bumbleVole>2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
16:44<bumbleVole>new sites, or if you're confident your site works on HTTPS. You can undo this
16:44<bumbleVole>change by editing your web server's configuration.
16:47<bumbleVole>okay, great it is redirecting to ssl
16:47<bumbleVole>but my webpages just show blank
16:48<millisa>your access/error logs might give a hint
16:53<bumbleVole>so this is my vhost config file now:
16:53<bumbleVole>i commented out the last bits at the bottom
16:53<bumbleVole>should i uncomment it and replace with the server blocks up top?
16:54<bumbleVole>I'm not really sure what i am doing wrong. it's frustrating because ive been working on this all day
16:55<bumbleVole>specifically i commented out 48-57
17:03<bumbleVole>i even removed the redirect server block and i am still getting a white screen
17:04<bumbleVole>millisa: the last error i got was 2018/09/21 17:03:11 [info] 17328#17328: *9 client closed connection while waiting for request, client:, server:
17:05<bumbleVole>but when i refresh the page, i don't get any more errors
17:06<bumbleVole>this is teh last few errors, millisa
17:06<bumbleVole>access.log just shows a GET request
17:15<bumbleVole>looks like when i curl it, everything is fine? so why a WSOD??
17:18<bumbleVole>i created a simple phpinfo test.php page and that is a white screen too. sigh
17:19-!-ODelk [~oftc-webi@] has joined #linode
17:19-!-ODelk is "OFTC WebIRC Client" on #linode
17:19<ODelk>hello there
17:20<ODelk>support here
17:21<linbot>ODelk: If you have a question, feel free to just ask it -- someone's always willing to help. If you don't get a response right away, be patient! You may want to read
17:21-!-ODelk [~oftc-webi@] has quit []
17:34-!-bumbleVole [] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
17:51-!-bumbleVole [] has joined #linode
17:51-!-bumbleVole is "bumbleVole" on #linode
17:55-!-_eyepulp [] has quit [Remote host closed the connection]
18:00<csnxs>!lick linbot
18:00<linbot>csnxs: Point given to linbot. (1337)
18:02-!-v0lksman1 [] has quit [Ping timeout: 480 seconds]
18:03-!-v0lksman [] has quit [Ping timeout: 480 seconds]
18:05-!-bumbleVole [] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
18:38-!-bumbleVole [] has joined #linode
18:38-!-bumbleVole is "bumbleVole" on #linode
18:44<Abi12>bumbleVole: curl receives the correct webpage, but using a browser does not?
18:46<Abi12>Maybe it has something to do with redirects. Allow curl to follow redirects and see what happens.
18:47<bumbleVole>how do i do that?
18:47<Abi12>-L option.
18:50<bumbleVole>just get another command prompt when i try that
18:51-!-eyepulp [] has joined #linode
18:51<Abi12>Another command prompt?
18:51-!-eyepulp is "eyepulp" on #linode
18:51<Abi12>Do you mean that there's no output?
18:51<bumbleVole>it seems maybe somethign with php? because i type in a bs link, e.g., and i get a white screen too. but i type in and i get a 404 not found...
18:52<Abi12>Try uploading an html file and accessing it via a web browser.
18:52-!-eyepulp [] has quit [Remote host closed the connection]
18:52-!-eyepulp [] has joined #linode
18:52-!-eyepulp is "eyepulp" on #linode
18:52<Abi12>bumbleVole: You said that there's 'another command prompt'. Do you mean that when you did `curl -L [host]`, there was no output?
18:53<Abi12>and when you do `curl [host]`, it outputs the correct webpage?
18:55<bumbleVole>yes! html file loads via ssl!
18:55<bumbleVole>oh shit lol
18:55<bumbleVole>maybe i had to restart not just nginx but php5fpm
18:57<bumbleVole>nope, restarting php72-fpm didntdo anything
18:58<Abi12>You're using 7 or 5?
18:58<Abi12>and what are the contents of your example php file you're trying to access?
18:58<bumbleVole>oh maybe i don't have php72 ssl extensions?
18:58<Abi12>A simple <?php echo "Hello"; ?> doesn't load?
18:58<Abi12>No. That's unlikely.
18:58<bumbleVole>well, i have drupal running, but the phpinfo() files also doesnt load
18:59<Abi12>disregard any framework, and just create an example.php which echo's something
18:59<Abi12>and trying accessing it.
18:59-!-eyepulp [] has quit [Read error: Connection reset by peer]
19:00-!-eyepulp [] has joined #linode
19:00-!-eyepulp is "eyepulp" on #linode
19:00<Abi12>bumbleVole: You will likely need to restart both the fpm and the web server.
19:00<Abi12>also what kernel are you running?
19:00<bumbleVole>nothing, still a white screen
19:01<bumbleVole>ubuntu 18.04
19:01<Abi12>do `uname -a`
19:01<bumbleVole>Linux plato 4.15.0-32-generic #35-Ubuntu SMP Fri Aug 10 17:58:07 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
19:01<Abi12>What does `service php7.0 status` say?
19:01<Abi12>Did you rollback the kernel?
19:02<Abi12>bumbleVole: Take a look at this topic:
19:02<bumbleVole>no? should i have...?
19:04<Abi12>Well. I'm not sure if the issue described in that topic is the same issue that you're currently having though. Was this working before, or is this a brand new stuff?
19:04<bumbleVole>i cant find the actual service name
19:04<Abi12>s/brand new stuff/brand new setup/
19:04<bumbleVole>this is the closest i found from ps aux root 18358 0.0 0.6 439200 27684 ? Ss 18:56 0:00 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.
19:04<Abi12>yeah check the status on that.
19:04<bumbleVole>php worked fine before i tried setting up SSL with letencrypt via certbot
19:05<Abi12>uhhh you don't need to touch php for that.
19:05<bumbleVole>service php-fpm service says not found
19:05<bumbleVole>php72-fpm also not found
19:05<Abi12>`ps -a | grep php` results in..?
19:06<bumbleVole>this is my original vhost config, which does www to non-www redirect:   this is my nginx vhost config AFTER certbot adds stuff to it: . since adding certbot stuff i get a white screen now
19:06<bumbleVole>thats what i posted in #nginx Abi12 ^^
19:07<bumbleVole>no results when i run that line
19:07<bumbleVole>\wtf sigh
19:07<bumbleVole>oh lol
19:08<bumbleVole>oh but still service not found
19:08<Abi12>do ` /etc/init.d/php-fpm status `
19:09<Abi12>Well. I'm still sort of in the dark. Your server is indeed servining pages using SSL though right?
19:09<bumbleVole>yay $ sudo /etc/init.d/php7.2-fpm status
19:09<bumbleVole>that worked
19:09<Abi12>Is it running?
19:09<bumbleVole>one sec
19:10<Abi12>restart it as well as nginx. I'd first stop both services. ` service nginx stop ` , ` /etc/init/php-fpm stop ` - then start both of them.
19:11<Abi12>Then check to see if your example.php works.
19:13<bumbleVole>still a white screen
19:14<Abi12>Have you made any changes to your php configuration files while troubleshooting this?
19:15<Abi12>Did you make sure your processes were actually stopped?
19:15<Abi12>via ps -A
19:20<Abi12>You can try two more things. 1. Stop your php process and run it in the foreground with a verbose option enabled to see what it outputs, 2. Enable access logging in your php configuration, reload the service and check those logs.
19:20<Abi12>If both of those things don't work. Then I'm out of advice. It doesn't seem like you're experiencing the same issue as mentioned in that topic I linked though, so rolling back your kernel may not help.
19:20<bumbleVole>where are logs stored on ubuntu?
19:21<bumbleVole>its not in var/log
19:22<Abi12>Check your `php-fpm.conf` file.
19:22<Abi12>It should be commented out on new installs I think.
19:24<Abi12>The option may also be in your php.ini.
19:24-!-eyepulp [] has quit [Remote host closed the connection]
19:26<Abi12>I'm running php7.0, and the option is in the php.ini but the error log path is specified in the php-fpm.conf bumbleVole
19:26<bumbleVole>oh not php.ini?
19:28<bumbleVole>log_level should be set to debug?
19:28<Abi12>In 7.0 - I have `log_errors = On` in php.ini and `error_log = /var/log/php7.0-fpm.log` in the 'php-fpm.conf'. It might different in 7.2 though * shrugs *.
19:30<bumbleVole>you didnt change log_level ?
19:30<Abi12>Yes, set it as debug.
19:33<bumbleVole>no errors showing up
19:34<bumbleVole>maybe i should reinstall php
19:34<bumbleVole>see if that helps
19:34<bumbleVole>i want to drop down to php70 anyway
19:35<bumbleVole>that cant hurt, can it, Abi12 ?
19:35<bumbleVole>the drupal site is brand new, i don't mind losing it
19:35<Abi12>uhhh no? I don't know how your system is setup, and what depends on what.
19:35-!-seme4ka [~yehor@] has joined #linode
19:35-!-seme4ka is "seme4ka" on #linode
19:36<Abi12>If it's a brand new setup. It might be best to just try reinstalling.
19:36<Abi12>this doesn't seem related to your SSL configuration though.
19:36<Abi12>btw ##php won't help
19:36<Abi12>oh Yeah. We're not freenode. nvm.
19:37<Abi12>Yeah. Try reinstalling it if you think that's best. If that doesn't fix it then try figuring out why logging isn't working or try running php in the foreground and see what displays.
19:38<bumbleVole>okay thank you :)
19:39<Abi12>bumbleVole: np. Sorry I couldn't be more help. I'll be around for a while longer if you do need something though :).
19:41-!-seme4ka [~yehor@] has quit [Quit: Lost terminal]
19:44<bumbleVole>white screen again
19:44<bumbleVole>idont get it
19:44<bumbleVole>how do i run php in the goreground?
19:48<Abi12>-F -R
19:49<Abi12>You might need to set daemonize to yes though ( if I remember correctly ). Search to confirm though.
19:49<bumbleVole>i thought i removed php72 but when i do php -v i get: php --version
19:49<bumbleVole>PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS )
19:49<bumbleVole>Copyright (c) 1997-2018 The PHP Group
19:50<Abi12>apt-get purge php7.2 right?
19:50<Abi12>You did install it from the repos right?
20:03<bumbleVole>HOLY SHIT
20:03<bumbleVole>i fixed it!!
20:03<bumbleVole>this is insane
20:03<bumbleVole>nofucking clue why this started acting up once setting up ssl and no fucking clue why it wasnt already added in the nginx config file
20:06<bumbleVole>thank you for walking me thru it and helping me find the solution, Abi12
20:07<Abi12>what. That was all you man.
20:07<Abi12>Congratulations :).
20:14-!-Ikaros [] has joined #linode
20:14-!-Ikaros is "Ikaros" on #linode
20:47<LouWestin>Another satisfied Linode customer!
20:57-!-bonhoeffer [] has joined #linode
20:57-!-bonhoeffer is "Tim Booher" on #linode
20:57-!-bonhoeffer [] has left #linode []
21:06-!-bumbleVole [] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
21:09-!-fstd [] has joined #linode
21:09-!-fstd is "fstd" on #gentoo #linuxfs #oftc #vserver #linode #kernelnewbies
21:17-!-fstd_ [] has quit [Ping timeout: 480 seconds]
21:26-!-bumbleVole [] has joined #linode
21:26-!-bumbleVole is "bumbleVole" on #linode
21:51-!-pambrosky [~oftc-webi@] has joined #linode
21:51-!-pambrosky is "OFTC WebIRC Client" on #linode
21:52-!-pambrosky [~oftc-webi@] has left #linode []
21:52-!-pambrosky [~oftc-webi@] has joined #linode
21:52-!-pambrosky is "OFTC WebIRC Client" on #linode
22:11-!-auraka [] has quit [Quit: WeeChat 1.4]
23:19-!-bumbleVole [] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
23:22-!-montigny34 [~oftc-webi@] has joined #linode
23:22-!-montigny34 is "OFTC WebIRC Client" on #linode
23:23<montigny34>I'm having issues with my linode running centos receiving incoming mail on my postfix, dovecot and mysql mail server
23:23<montigny34>can't find anything in the error logs
23:23<Woet>thats a lot of mailservers
23:24<millisa>It's bobby!
23:24<Woet>i should try out the mysql mail server one day
23:24<Woet>sounds exciting
23:24<montigny34>i'm not too sure how to figure out whst the issue is
23:24<millisa>if it's default log locations, /var/log/maillog would be a good place to look for something. are you able to connect to port 25 locally? remotely?
23:24<montigny34>all the ports are opened
23:25<montigny34>nothing in maillog, been checking frequently
23:25<montigny34>if it was a port error how would i find out?
23:25<Woet>montigny34: what's the domain? did you check the MX records? what happens if you manually send an email using telnet?
23:26<montigny34>I did receive two emails at some point, I'm not sure how
23:26<montigny34>I might have sent those to myself from my linode though
23:27<montigny34>mx records point to my domain which points to my linode
23:29<dwfreed>what is your domain
23:30<dwfreed>that's the domain you're sending mail to?
23:30<montigny34>thats my mailserver domain
23:30<dwfreed>what domain are you sending mail to
23:30<dwfreed>you mean ?
23:31<dwfreed>because the mx records for that domain are pointed at dreamhost
23:31<dwfreed> 14400 IN MX 0
23:31<montigny34>no, sent mail to my personal gmail
23:31<dwfreed>okay, that one has the right MX
23:31<dwfreed>with the e
23:32<dwfreed>the one without the e goes to dreamhost
23:32<montigny34>yea that one isn't used
23:32<montigny34>there's no error logs on my end that show anything which doesnt help
23:33<dwfreed>your mailserver isn't listening on port 25
23:34<dwfreed>are you sure it's running?
23:34<dwfreed>$ socat -
23:34<dwfreed>2018/09/22 03:33:33 socat[21352] E connect(5, AF=2, 16): Connection refused
23:35<montigny34>tcp 0 0* LISTEN
23:35<millisa>firewall then?
23:36<montigny34>i only use iptables
23:36<montigny34>i have my http server running on here 2
23:36<montigny34>and vsftpd
23:36<millisa>and mysql. those look open
23:36<millisa>smtp doesn't look open
23:36<montigny34>does it need to be open?
23:37<millisa>if you want to receive smtp traffic...
23:37<dwfreed>pastebin 'iptables-save'
23:38<dwfreed>yep, no 25 in that
23:39<dwfreed>oh, wait, it's at the top
23:39<dwfreed>oh, and now it works
23:39<millisa>443's in there twice
23:45<montigny34>any other thoughts?
23:45<millisa>you opened the port, i was able to telnet to 25 and say ehlo
23:46<millisa>(even though I didn't say anything the connection should be there in your maillog)
23:46<montigny34>i noticed yes
23:46<montigny34>i still am not receiving anything tho and there's no errors
23:48<millisa>tried sending to root@ - User unknown in virtual mailbox table . what's a valid user on that domain?
23:49<millisa>valid mail user (not system user)
23:52<millisa>looks like it accepted the mail:
23:53<montigny34>i received it...
23:53<montigny34>but when i send email to myself...
23:53<montigny34>is going on
23:53<millisa>from where?
23:53<montigny34>my gmail
23:53<millisa>they may have the failed attempt cached and wont retry your server again for a bit
23:54<montigny34>ive sent new ones since though
23:54<montigny34>okay i think i know what thei ssue was / is
23:54<montigny34>i just sent myself an email from gmail and received it
23:55<montigny34>apparently, when I respond to the email i sent from my machine, using gmail
23:55<montigny34>it doesnt go through
23:55<montigny34>but when i manually add my email on gmail and send it, it works
23:55<millisa>wrong address in the one you replying to? doesn't have the e?
23:56<montigny34>nope everything is right
23:56<montigny34>im just replying to the email i sent from my linode
23:58<montigny34>wait now its all working...
23:58<montigny34>that is so strange...
23:59<millisa>pretty sure postfix does the same thing with the default settings. send a mail to a server, it is unreachable, it defers up to the maximal queue lifetime, but the retry starts low, then gets longer with each retry
23:59<millisa>if other mails are sent to the same domain, it won't try the same server new; it knows it's already not accepting the mail
23:59<millisa>there used to be a page on the backoff stuff it'd do
23:59<Woet>montigny34: yes.. it wont forward emails if its from yourself.
23:59<millisa>i can't seem to find it
23:59<millisa>but it wouldn't surprise me if gmail does something similar
---Logclosed Sat Sep 22 00:00:00 2018