KTamas's questions

Okay so I have never seen anything like this. Here's the story.

We have four DNS servers. Let's call them server01-04. server03 is set to be the primary one by DHCP.

Scavenging is disabled everywhere.

What happens is server03 is deleting its own A record from the DNS. If I create the DNS entry, it will stay there until I reload the forward lookup zone (or reloads itself after a few minutes).

Here's the audit log of the creation:

An operation was performed on an object.

Subject :
    Security ID:                SYSTEM
    Account Name:                SERVER03$
    Account Domain:                myfancydomain
    Logon ID:                0x323d924

Object:
    Object Server:                DS
    Object Type:                dnsNode
    Object Name:                DC=server03,DC=myfancydomain.se,CN=MicrosoftDNS,CN=System,DC=myfancydomain,DC=se
    Handle ID:                0x0

Operation:
    Operation Type:                Object Access
    Accesses:                WRITE_DAC
                            WRITE_OWNER

    Access Mask:                0xc0000
    Properties:                WRITE_DAC
WRITE_OWNER
    {e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}


Additional Information:
    Parameter 1:                -
    Parameter 2:                

And here's the one for the deletion. You can see that it's server03 deleting the record:

An operation was performed on an object.

Subject :
    Security ID:                SYSTEM
    Account Name:                SERVER03$
    Account Domain:                myfancydomain
    Logon ID:                0x323d924

Object:
    Object Server:                DS
    Object Type:                dnsNode
    Object Name:                DC=server03,DC=myfancydomain.se,CN=MicrosoftDNS,CN=System,DC=myfancydomain,DC=se
    Handle ID:                0x0

Operation:
    Operation Type:                Object Access
    Accesses:                Write Property

    Access Mask:                0x20
    Properties:                Write Property
            {771727b1-31b8-4cdf-ae62-4fe39fadf89e}
                    {e0fa1e69-9b45-11d0-afdd-00c04fd930c9}
                    {d5eb2eb7-be4e-463b-a214-634a44d7392e}
    {e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}


Additional Information:
    Parameter 1:                -
    Parameter 2:                

I have no idea why is this happening. Any ideas?

So I run this server at our company. It has a Core 2 Quad CPU, 8 GB of RAM, as many hard disks as possible etc.

I run Windows Server 2008 on it that runs several virtual machines, one of it is another instance of Windows 2008 that acts as fileserver and domain controller: the domain has about 30 computers and the fileserver is used by about 15 people normally. I gave it 2 GB of RAM but I'm starting to wonder, can it run with just 1.5, or even better, just 1 GB, without a noticable performance drop?

I'd find a much better place for that extra gig of RAM...

Okay, so I'm migrating Project Open to a new server (opensource project management system built on OpenACS which uses AOLServer) and ran into a very strange issue: importing a 7.4 dump automatically adjusts "timestamp with time zone" values to GMT from GMT+1/+2 (CET), which seriously messes up things since I got a lot of 2009-01-10 00:00:00+02 which turns into 2009-01-09 22:00:00+00 essentially jumping a day back, and that messes up some features. How can I turn off this adjustment feature? Thanks in advance.

For the record the server both the old and the new server is set to CET, not GMT.

Edit: no, I can't use 8.3/8.4.

So we got a shiny new 48-port switch that supports Gigabit. Between two computers, with CAT5e cables I get 20-35 MB/s, which I guess could be improved even more with CAT6 cables. But for some reason, between a Hyper-V VM (also running W2008) and my computer, I only get 100 mbit/s speeds, even tho the Hyper-V host computer it is connected to the switch with a CAT6 cable and uses a Gigabit network card (and the VM uses the same). Any ideas why?

Edit: One thing that may be possible is that the traffic somehow gets routed thru our router which can only do 100 mbits. But why (would it)?

So... I see some very weird load issues on our e-mail server. It starts spiking around 8-9am (coincidentally that's when people start working), but it goes down around 11am or so. CPU usage remains normal, I have plenty of free memory, no swapping. Yesterday we had a really high iowait% (49.75) with a really high load (40), today we 'only' had a load of 11-12 with iowait% being between 3-4 tops.

All signs point to imapd as the culprit (courier-imap), because when I stopped it, load suddenly started to lower, and within 2-3 minutes, it was back to normal. I did have about 40-60 of them running. We use thunderbird, which opens 5 connections each, I lowered it to 1 on most workstations, it helped a bit (load went down to 5-7), then... the whole server went back to normal around 11am.

I still have ~30 imapds running, but with perfectly normal load (between 0.2 and 0.4). So... I don't really understand why is this happening, because, by logic, it should be much higher, if that would be the cause of the issue.

It's a Linode 1080 VPS with 1gig ram.

(chkrootkit / rkhunter showed nothing unusual.)

Okay, this is creeping me out - I see about 1500-2500 of these:

root@wherever:# netstat

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:60930         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60934         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60941         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60947         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60962         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60969         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60998         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60802         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60823         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60876         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60886         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60898         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60897         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60905         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60918         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60921         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60673         localhost:sunrpc        TIME_WAIT  
tcp        0      0 localhost:60680         localhost:sunrpc        TIME_WAIT  
[etc...]

root@wherever:# netstat | grep 'TIME_WAIT' |wc -l
1942

That number is changing rapidly.

I do have a pretty tight iptables config so I have no idea what can cause this. any ideas?

Thanks,

Tamas

Edit: Output of 'netstat -anp':

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:60968         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60972         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60976         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60981         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60980         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60983         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60999         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60809         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60834         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60872         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60896         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60919         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60710         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60745         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60765         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60772         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60558         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60564         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60600         127.0.0.1:111           TIME_WAIT   -               
tcp        0      0 127.0.0.1:60624         127.0.0.1:111           TIME_WAIT   -               

So we have a mail system built on postfix-courier-saslauthd with unix users and maildirs and TONS of shared folders. Both T'bird (2.0.0.21) and Roundcube exhibits weird symptoms with subscriptions.

In Roundcube, if I go into Personal Settings -> Folders, 9 out of 10 times, it automatically subscribes me to ALL folders. Not cool.

In Thunderbird, when I open Subscribe..., then start going thru the folder structure (it loads them dynamically), it starts subscribing me to random folders, sometime an entire subfolder tree.

I'm starting to suspect that something weird is going on server-side. Anyone got any ideas? It's very, very annoying.

EDIT: ran T'bird in debug mode. I get tons of these messages: 1628149872[1e71f20]: considering playing queued url:imap://[email protected]:143/unsubscribe>.shared/a/sub/folder

-1628149872[1e71f20]: creating protocol instance to play queued url:imap://[email protected]:143/unsubscribe>.shared/a/sub/folder

-1628149872[1e71f20]: failed creating protocol instance to play queued url:imap://[email protected]:143/unsubscribe>.shared/a/sub/folder

So I have Postfix + saslauthd + Courier-IMAP deployed on a Linode 1080 VPS. We are a small company, we have around 30 accounts (I use physical *nix users for the sake of convenience + Maildirs, see later), but we make extensive use of Courier's shared folders (for several accounts) feature with a custom script I wrote in Ruby. It filters emails through Spamassassin, reads a YAML file with some rules, then performs several checks to see where to file the email in our complex structure. Maildirs and phyiscal users gives me the flexibility I need for this.

Mail gets received, then gets passed to my script which is defined in the user's .forward file in its home directory.

All in all, that script takes about 2 seconds to finish. Now, we don't have an relatively high email volume (I estimate about 30-50 emails per hour) but I am looking for ways to speed this up, also ensure if our email load gets higher (or we catch a 'spam storm'), our server doesn't get suddenly hammered out of memory etc. My questions are:

1. What is the way to filter emails thru the spamassassin daemon (instead of launching the app every every time mail is received) before it is passed to my script? Guess it is bad practice to do it the way I do now.
2. Is there a way to limit how many emails postfix passes to my script at the same time? I don't want to end up having 10 instances of my script running at the same time.
3. How could I make my script into a daemon? Would that makes things faster?

Thanks in advance.

P.S.: Emails (well, /home) are stored on a separate XFS partition mounted with noatime.