Questions[rhel4](server)

PayPal is making upgrades to the SSL certificates on all web and API endpoints. Due to security concerns over advances in computing power, the industry is phasing out 1024-bit SSL certificates (G2) in favor of 2048-bit certificates (G5), and is moving towards a higher strength data encryption algorithm to secure data transmission, SHA-2 (256) over the older SHA-1 algorithm standard.

However, we're still using systems that are not compatible with the upgrades and updating our servers is not an option. So, what we think is to proxy(nginx) the paypal endpoint so that paypal thinks that the nginx server(which supports the update) is hitting that endpoint instead of our old servers. Is this possible? if not, what are the possible options to bypass this upgrade?

Here is a sample config of the nginx proxy

 server {
    listen 80;
    server_name api.sandbox.paypal.com;

    access_log  /var/log/nginx/api.sandbox.paypal.com.access.log;
    error_log   /var/log/nginx/api.sandbox.paypal.com.error.log;

    location /nvp {
        proxy_pass  https://api.sandbox.paypal.com/nvp;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        Host $http_host;
    }
} 

I have one user account on a server with about 400 accounts that is filling up automatically. The dead.letter file in the users home directory automatically grows until the account is full (about 10 - 40 Mb per day). The user is using Microsoft Outlook to send and receive mail.

What can be causing this and how can I avoid it from happening?

Right now I have an emergency cron-job to delete the file but I would like "real" solution.

Edit: The server version is Red Hat Enterprise Linux ES release 4 (Nahant Update 4)

Edit 2: It seems mainly spam and I see different mailer headings (from php to Outlook Express) and a frequent appearing header is [email protected]

Update: I have asked the hosting provider where I use that dedicated server to look into the problem as well, as it's their Control Panel that could be a cause of the problem.

Apache (Linux Red Hat 4.1.x) fails to start with message: "Address already in use: make_sock: could not bind to address".

# /etc/init.d/httpd start
Starting httpd: (98)Address already in use: 
make_sock: could not bind to address 0.0.0.0:8000
no listening sockets available, shutting down
Unable to open logs
                                                       [FAILED]

Already tried to do:

killall -9 httpd

It looks like Apache is not running. The port 8000 if free so nothing prevents Apache to occupy it. (nginx is on :80 as reverse proxy)

 # netstat -tulpn| grep :80
 tcp  0   0 0.0.0.0:8001    0.0.0.0:*   LISTEN 17181/DarwinStreami
 tcp  0   0 0.0.0.0:80      0.0.0.0:*   LISTEN 7962/nginx.conf

Possibly someone will have any thoughts on how to fix this?

UPD1: Apache config options are:

ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5

<IfModule prefork.c>
StartServers       1
MinSpareServers   5
MaxSpareServers   20
ServerLimit     200
MaxClients  200
MaxRequestsPerChild 2000

User apache
Group apache

DocumentRoot "/var/www/html"

NameVirtualHost *:8000

UPD2: Pid is not found:

# ls /etc/httpd/run/*.pid
/etc/httpd/run/crond.pid          /etc/httpd/run/sshd.pid
/etc/httpd/run/dhclient-eth0.pid  /etc/httpd/run/streamingadminserver.pid
/etc/httpd/run/haldaemon.pid      /etc/httpd/run/syslogd.pid
/etc/httpd/run/messagebus.pid     /etc/httpd/run/syslog-ng.pid
/etc/httpd/run/nginx.pid          /etc/httpd/run/xfs.pid

UPD3: server reboot doesn't helps ;)

UPD4: nc -l 8000 works OK, so the problem is not with a 8000 port but with Apache itself.

UPD5: "# /usr/sbin/lsof -i :8000" - outputs nothing

I am interested in deploying several RHEL 4 Update 8 virtual machines for creation of a test environment.

Here are the steps I am taking:

• In off hours, P2V/V2V the production machines and convert them to templates
• Deploy the virtual machines with a customization specification that changes hostname, IP address

I am interested in how these processes are done and if there are any options for further customization.

• Are the machines brought on the network when they are powered on, before they are reconfigured? Is there a potential IP address conflict?

• Is there an option to run additional scripts which reside on the guest as a part of the reconfiguration? For example, restoring an Oracle Database. This is an option with Windows guests and sysprep, but I have been unable to locate anything showing a RHEL equivalent.

I am dealing with a multi tier application. The main issue I am attempting to mitigate is that the application servers reference database servers by hostname and in tnsnames files. I am interested in scripting the reconfiguration of the application in the deployment so that the app/db servers are pointing to the test environment.

I am OK with placing the 'cleanup' script on the source and executing it after the machine has been brought up. I am interested in the automation of the script's execution post clone/boot, as well as if there could be an IP address conflict.

(cross posted to VMTN's ESX 4 community)

I have two machine, an NFS server (RHEL) and a client (Debian). The server has NFS set up, exporting a particular directory:

server:~$ sudo /usr/sbin/rpcinfo -p localhost
program vers proto   port
100000    2   tcp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp    910  status
100024    1   tcp    913  status
100021    1   udp  53391  nlockmgr
100021    3   udp  53391  nlockmgr
100021    4   udp  53391  nlockmgr
100021    1   tcp  32774  nlockmgr
100021    3   tcp  32774  nlockmgr
100021    4   tcp  32774  nlockmgr
100007    2   udp    830  ypbind
100007    1   udp    830  ypbind
100007    2   tcp    833  ypbind
100007    1   tcp    833  ypbind
100011    1   udp    999  rquotad
100011    2   udp    999  rquotad
100011    1   tcp   1002  rquotad
100011    2   tcp   1002  rquotad
100003    2   udp   2049  nfs
100003    3   udp   2049  nfs
100003    4   udp   2049  nfs
100003    2   tcp   2049  nfs
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100005    1   udp   1013  mountd
100005    1   tcp   1016  mountd
100005    2   udp   1013  mountd
100005    2   tcp   1016  mountd
100005    3   udp   1013  mountd
100005    3   tcp   1016  mountd

server$ cat /etc/exports
/dir      *.my.domain.com(ro) 

client$ grep dir /etc/fstab
server.my.domain.com:/dir   /dir      nfs tcp,soft,bg,noauto,ro 0 0

All seems well, but when I try to mount, I see the following:

client$ sudo mount /dir
mount.nfs: access denied by server while mounting server.my.domain.com:/dir

And on the server I see:

server$ tail /var/log/messages
Mar 15 13:46:23 server mountd[413]: authenticated mount request from client.my.domain.com:723 for /dir (/dir)

What am I missing here? How should I be debugging this?