#linode IRC Logs for 2018-09-23

01:48-!-d1b is "db" on #linode #moocows #xen
02:02-!-kofhearts [~oftc-webi@] has joined #linode
02:02-!-kofhearts is "OFTC WebIRC Client" on #linode
02:03<kofhearts>i have a question regarding bandwidth
02:03<kofhearts>what bandwidth does linode give
02:07<retro|blah>kofhearts: This information is given on the following page. Did you have a specific question?
02:07<kofhearts>yes i have specific question
02:07<Woet>kofhearts: go ahead
02:08<kofhearts>our company is thinking of moving the application from co location to vps
02:08<kofhearts>we want to know how linode does in terms of bandwidth and netwrok speed
02:08<kofhearts>and whether it is suitable for a middle size application
02:08<Woet>kofhearts: yes.
02:12<kofhearts>it says inbound is free
02:12<kofhearts>does it mean it has no limit on people accessing the app from outside
02:12<kofhearts>does outbound account for all request made by the app to other servers?
02:13<Woet>kofhearts: yes.
02:14<kofhearts>are there any large companies using linode servers?
02:14<kofhearts>for 20$ server it says 4 TB transfer
02:14<kofhearts>is that outgoing transfer limit
02:14<Woet>kofhearts: you have a lot of odd questions
02:15<Woet>kofhearts: first result for "linode customers" -
02:15<kofhearts>is 4tb transfer outbound limit
02:15<Woet>kofhearts: we already established inbound traffic is unmetered
02:16<Woet>kofhearts: so what could 4 TB transfer possibly refer to?
02:16<kofhearts>i apologize
02:16<kofhearts>for lame question
02:17<kofhearts>this is the first time we are thinking of switching from server co location
02:17<kofhearts>to VPS
02:17<kofhearts>what is your personal opinion
02:17<kofhearts>is cloud service better than server colocation
02:17<kofhearts>one problem we have faced with server colocation
02:18<Woet>for starters, "cloud" doesn't mean anything
02:18<Woet>and comparing a vps with colocation is a bit odd
02:18<Woet>comparing a vps to a dedicated server would be better
02:18<Woet>in which case, they're pretty much the same, just no potentially abusive neighbours on a dedicated server.
02:20<kofhearts>i see
02:22<kofhearts>we are using dedicated server right now
02:22<kofhearts>it has 8 gb
02:23<kofhearts>do you have any idea how much ram is necessary for a grails app
02:26-!-kofhearts [~oftc-webi@] has quit [Quit: Page closed]
12:15<Abi12>Woet: I feel like does the same exact thing.
12:15<Abi12>They email you `your password is: ...`.
13:15-!-Cruiser is now known as Cruiser`
13:56<LouWestin>That was a bunch of weird questions about switching from a dedicated server to VPS. As far as memory requirements, you should already know what you’re using on average and thus that’ll tell you what package you need.
16:19<nyancat>Woet: that thread hurt to read
16:19<nyancat>Oh my god
16:19<retro|blah>Hello. How many emails can I send with 8 GB of RAM?
16:19<Toba>it's not that uncommon for companies to do idiotic things like this..
16:19<Toba>retro|blah: 8 giga-emails.
16:23<linbot>New news from community: Why can not connect to from my VPS host? <>
16:46<@scrane>Wait. retro|blah was that a serious question?
16:46<@scrane>I feel like I may have missed something
16:46<retro|blah>No, not a serious question
16:47<@scrane>oh thank goodness
19:11<montigny34>I'm having issues connecting to my mail on outlook using dovecot
19:11<montigny34>not sure why
19:13<montigny34>i can send and receive email fine on my linode
19:21<@scrane>hey montigny34 What's' the error you're getting?
19:29-!-Dreamer3_ [] has joined #linode
19:29-!-Dreamer3_ is "Josh Goebel" on #linode
19:30-!-Dreamer3 [] has quit [Remote host closed the connection]
19:41<montigny34>THE ERROR I GET IN OUTLOOK?
19:42<MrPPS>If that's the error you're seeing, yep
19:49<montigny34>we couldn't log on the incoming IMAP server.
19:51<dwfreed>Outlook can give a much more specific error message than that
19:51-!-Tulah [] has joined #linode
19:51-!-Tulah is "Tulah Lunarus" on #C #linode
19:52<montigny34>using the specified encryptkion method **
19:55<montigny34>any idea
19:56-!-aspis [] has joined #linode
19:56-!-aspis is "aspis" on #linode
19:58-!-retro|blah [] has quit [Quit: Leaving]
19:59-!-retro|blah [] has joined #linode
19:59-!-retro|blah is "retrograde inversion" on #linode
20:16-!-thekev [] has quit [Server closed connection]
20:16-!-thekev [~kevin@2600:3c01::f03c:91ff:fe93:df10] has joined #linode
20:16-!-thekev is "Kevin Blackham" on #linode
20:16<@scrane>Is it possible the password changed?
20:16<@scrane>Do you see anything in the service logs on the Linode?
20:16<montigny34>no same password
20:18<@scrane>Hmmm this might help, possibly.
20:20<montigny34>nothing in logs
20:20-!-MrRobot7 [] has quit [Server closed connection]
20:21-!-MrRobot7 [] has joined #linode
20:21-!-MrRobot7 is "MrRobot7" on #linode
20:27<rmnn>Hello, is the outgoing bandwidth of 1000Mbps on the 5$ plan guaranteed or is less to be expected?
20:42<montigny34>any other ideas
20:42<montigny34>maybe something wrong with dovecot?
21:17<MONTIGNY34>my Iphone says the smtp server blah blah is not responding...
21:36<MONTIGNY34>when trying to connect to my pop3 account where would this be logged on my linode?
22:20<montigny34>i can only telnet to port 25 and 587 for my mail server
22:20<montigny34>993, 995 and 465 don't work
22:20<montigny34>would this be why i cannot connect vis outlook?
22:21<Guest1094>25 and 587 are only SMTP(s), no actual mailbox (pop3/imap).
22:22<montigny34>993 and 995 is used by imap/pop yes?
22:22<Guest1094>Yes, in that order.
22:23<montigny34>if telnet 25 works
22:23<montigny34>but telnet 993 doesnt
22:23<montigny34>this would b the reason outlook cannot seetup an account?
22:23-!-Guest1094 is now known as wraeth
22:23<wraeth>I imagine so - it has no mailbox for the account.
22:24<montigny34>how would i opent 993 and 995 for telnet
22:25<wraeth>Do you have an IMAP/POP3 service running? Is it bound to your external interface? Does your firewall allow it through? Does your ISP block it?
22:25-!-CB [~oftc-webi@] has joined #linode
22:25-!-CB is "OFTC WebIRC Client" on #linode
22:25<montigny34>i have postifx, dovecot and mysql running for my mail server
22:25<montigny34>i can send and receive emails fine
22:25-!-CB is now known as Guest1189
22:25<montigny34>all ports should b opened
22:26-!-Guest1189 [~oftc-webi@] has quit []
22:26<wraeth>Clearly something is blocking it.
22:28<wraeth>Logs are nice and all, but without knowing what it's showing, it doesn't really mean much... :)
22:29<montigny34>what d oyou mean
22:29<wraeth>Is this dovecot log from an attempted telnet connection? Attempted Outlook configuration? Some other mail client?
22:30<montigny34>me attemtping to do telnet 993
22:30<wraeth>So telnet *does* work?
22:30<montigny34>what do u mean??
22:31<wraeth>When you say you can't telnet to 993/995/465, how does it not work?
22:32<wraeth>Does it fail to connect, or does it give you nothing and kicks you out when you try to run a command (like LOGIN)?
22:33<montigny34>[root@startable log]# telnet 995 Trying Connected to Escape character is '^]'.
22:34<montigny34>[root@startable log]# telnet 25 Trying Connected to Escape character is '^]'. 220 ESMTP Postfix (Ubuntu)
22:34<montigny34>when i do telnet 993
22:34<montigny34>220 ESMTP Postfix (Ubuntu) doesnt appear
22:36<wraeth>So that suggests the issue is with Outlook talking to your mailserver - you should check the logs for a time when you've attempted to configure Outlook.
22:36<montigny34>no logs appear
22:36<montigny34>when i try to connect via outlook
22:36<wraeth>Are you using autoconfigure, or manually specifying details?
22:37<montigny34>i tried both
22:38<wraeth>When you manually configure, do you also manually select the port type, or leave it on auto and do a detection? I've found I need to specify the ports (143 or 993, 25 or 587) and let it autodetect whether it's plain, SSL or STARTTLS.
22:39<montigny34>i do it all manually
22:40<wraeth>Try as I suggested - specify the ports, auto-detect the port type.
22:40<montigny34>outlook doesnt work like that anymore
22:40<dwfreed>is dovecot running?
22:40<wraeth>It did last time I set it up.
22:40<dwfreed>because I get connection refused
22:40<montigny34>what did u run dwfreed
22:40<dwfreed>2018/09/24 02:39:42 socat[31511] E connect(5, AF=2, 16): Connection refused
22:41<montigny34>when i try to auto connect via outlook
22:41<montigny34>it says the server you are connected to is using a certifixate that cant b verified
22:42<wraeth>It wouldn't get that if it couldn't connect...
22:43<montigny34>the connection to the incoming imap server was dropped
22:43<wraeth>But I also get connection refused the same as dwfreed - either it's not running, or you've restricted what IP's can connect.
22:43<montigny34>what command are you both running
22:44<wraeth>dwfreed used socat, I used something else that just performs a basic socket connection.
22:45<montigny34>sSep 23 20:35:00 startable systemd[1]: Started Dovecot IMAP/POP3 email server.
22:46<montigny34>whats my next thing to check?
22:46<wraeth>Does `netstat -lntp | grep -e '(143|993)'` show dovecot listening on either or your external IP?
22:47<montigny34>i ran netstat -lntp | grep -e '(143|993)'
22:47<montigny34>returns nothing
22:47<wraeth>Sorry, escape the brackets and pipe.
22:48<wraeth>netstat -lntp | grep -e '\(143\|993\)'
22:48<montigny34>tcp 0 0* LISTEN 2700/dovecot tcp6 0 0 :::993 :::* LISTEN 2700/dovecot
22:49<wraeth>trying (imaps) ... failed
22:50<montigny34>what logs should i check to see why it didnt work
22:50<wraeth>Probably check your firewall, I guess - we're not even getting to dovecot, the connection is outright refused.
22:51<montigny34>so my iptables log?
22:51<montigny34>i cant seem to find it
22:53<wraeth>Then presumably you don't have a LOG target set up. Maybe just check what you have configured in iptables - whether you're allowing connections, restricting them, or what.
22:53<wraeth>And also maybe.
22:53<wraeth>iptables log targets go into syslog, so it's handled your your logger.
22:54<wraeth>s:your your:by your:
22:55<wraeth>That would be me, yes.
22:55<montigny34>what was your IP when trying to connect'
22:56<montigny34>what was your IP when trying to connect'
22:56<montigny34>i think the logs go to /secure?
22:57<wraeth>It depends on your logger configuration (I don't know Ubuntu's default logging configuration).
22:59<montigny34>Sep 23 22:58:39 startable kernel: BAD_OUTPUT: IN= OUT=eth0 SRC= DST= LEN=2960 TOS=0x10 PREC=0x00 TTL=64 ID=44856 DF PROTO=TCP SPT=22 DPT=59423 WINDOW=940 RES=0x00 ACK URGP=0 Sep 23 22:58:39 startable kernel: BAD_OUTPUT: IN= OUT=eth0 SRC= DST= LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=44858 DF PROTO=TCP SPT=22 DPT=59423 WINDOW=940 RES=0x00 ACK URGP=0
22:59<montigny34>i enabled some loggin and it gave me this
23:02<montigny34>Sep 23 23:00:36 startable kernel: BAD_OUTPUT: IN= OUT=eth0 SRC= DST= LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=23401 DF PROTO=UDP SPT=54267 DPT=123 LEN=56
23:02<montigny34>is this your ip wreath
23:03<wraeth>[12:56:09] <wraeth> Probably
23:04<dwfreed>that's UDP
23:04<dwfreed>it's also NTP
23:04<dwfreed>PROTO=UDP SPT=54267 DPT=123
23:04<dwfreed>DPT=123 means NTP
23:05<dwfreed>you generally shouldn't be filtering output
23:05<montigny34>idk what u mean
23:05<dwfreed>you should be filtering the input, not the output
23:05<wraeth>Filtering output is much more advanced, since you need to account for hosted services that need to respond to clients.
23:06<montigny34>theresno errors for input
23:10<wraeth>If you have any rules beyond LOG in your OUTPUT chain (or any chains it passes things on to), or if it's default policy is set to either DROP or REJECT, I'd suggest resetting it so OUTPUT allows all outgoing packages and try again.
23:10<wraeth>I'd also recommend a lot of googling.
23:12<montigny34>ill keep digging thnaks guyys
23:12-!-montigny34 [~oftc-webi@] has quit [Quit: Page closed]
23:27<LouWestin>I have a question about SSL on Apache. Do you still have to add in the Rewrite Rules to force it to use HTTPS or can you just put in the port 443 rule and the browser will figure out that's a secured site?
23:35<millisa>LouWestin: you would need a vhost on 80 to redirect traffic there. less important - you don't have to use rewrite for it if you aren't doing anything complex.
23:35<millisa>something like RedirectMatch 301 (.*)$1
23:36<LouWestin>Ok that's kind of how I did it before. There's a few others lines, but it's RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
23:36<LouWestin>under port 80
23:38<LouWestin>Thanks, I was just wondering if things had changed since then.
23:39<dwfreed>you can make that simpler
23:40<dwfreed>Even while keeping it a RewriteRule
23:40<dwfreed>RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]
23:41<dwfreed>(there will always be a leading / in the request, though)
23:41<dwfreed>but I imagine RedirectMatch is lighter than rewrite
23:42<LouWestin>Do I need the following lines as well? RewriteEngine On RewriteCond %{HTTPS} !=on
23:42<millisa>if the rewrite rules are only in your port 80 section, there should be a place where that rewritecond should be true
23:42<millisa>er, there should *not*
23:43-!-montigny34 [~oftc-webi@] has joined #linode
23:43-!-montigny34 is "OFTC WebIRC Client" on #linode
23:43<montigny34>i ran openssl s_client -connect -crlf
23:43<montigny34>from my linode
23:44<montigny34>and it worked then i logged in using a login user pass
23:44<montigny34>and that worked
23:44<montigny34>does that mean I'm blocking external connections for port 993 and 995
23:44<montigny34>since it worked from my linode
23:47<millisa>we won't know until you paste your iptables-save output
23:48<montigny34>iptables-save output Unknown arguments found on commandline
23:48<rsdehart>just type iptables-save
23:48<rsdehart>not iptables-save output
23:48<montigny34># Generated by iptables-save v1.4.21 on Sun Sep 23 23:48:33 2018 *security :INPUT ACCEPT [325023:104284201] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [340080:196993969] COMMIT # Completed on Sun Sep 23 23:48:33 2018 # Generated by iptables-save v1.4.21 on Sun Sep 23 23:48:33 2018 *raw :PREROUTING ACCEPT [341193:105156430] :OUTPUT ACCEPT [340080:196993969] COMMIT # Completed on Sun Sep 23 23:48:33 2018 # Generated by iptables-save v1.4.21 on Sun Sep 23 23:4
23:48<dwfreed>pastebin it
23:48<linbot><command> | curl -F 'sprunge=<-'
23:50<montigny34>-A INPUT -j REJECT --reject-with icmp-port-unreachable
23:51<montigny34>and line 63
23:51<millisa>your imap/pop port openings are after that reject line
23:55<millisa>meaning, put them before the reject line like your ftp/web/mysql/ssh rules?
23:56<montigny34>how does this look
23:56<montigny34>i deleted it then re added ut
