Remote Desktop Assistance

     If you are connected to the Internet but having difficulty configuring your mail settings or other issues, Eskimo now has the ability to connect to your machine, assuming you enable remote desktop and provide a user name and password, and then we can assist you by directly configuring or otherwise assist you in resolving issues with your machine.

     To enable remote desktop, first go into control panel or settings, and then into users and groups, and create a user for us to access, like ‘eskimo’, and assign it a password.

     Then go into control panel or settings and into System, from there click on the remote tab and add the user you just created to the remote desktop box on top.  If you are using XP or 2003 server, also check the “enable remote desktop” button below.

Remote Desktop Add Users

Type the name of the account you created into this window and then click “Add”.

Timestamp

     I added the timestamps to posts here so when something goes down / up, you can get a better idea of when and how long than just a date would provide.

Scientific 3.3.8 Preemptive

     Got scientific updated and running on 3.3.8 pre-emptive, although it’s bloated at present like the stock kernel.  The kernels I had built for CentOS were missing things needed by scientific, well at least it thinks it needs them, start up scripts try to load modules we really have no need for in our environment.  So running a 3.3.8 kernel that is pretty much configured like the stock 2.2.26 kernel for now which is inefficient but better than the original.  I’ll lean it out as time allows but for now bigger fish to fry.

Shellx Linux 3.3.8 Pre-emptive

     Shellx is now upgraded to a 3.3.8 Pre-emptive kernel.  The only EL6 based server not updated is scientific.  For reasons I don’t understand, it requires a different configuration, some modules are required by the SL that aren’t required by CentOS.  Not really sure why since it involves hardware I don’t have.

Mail, Web, FTP, Mx1, Mx2 Updated

     The web and ftp server, client e-mail server, mx1 and mx2 incoming and list expansion servers, have all been updated to Linux kernel 3.3.8 pre-emptive which has been optimized for use in a KVM guest environment.  This results in lower latency for these machines and faster responses.

Mail Server Is Restored

     The mail server is restored to service.  The virtual machine disk image has been restored from backup.  This will not affect your mail as the spool directory is independent of the mail servers and backed up separately so it is not affected by a server restore.

Mail Server Down

     When I attempted to restart the mail server and it corrupted the virtual machine image on disk and will not boot.  I am in the process of restoring from backups.  Estimated downtime is approximately 30 minutes.

 

Linux-3.3.8 / Linux-3.4

Tired     I am tired now.

     After much experimentation, I was able to determine that the NFS version 4 behaviour changed between Linux kernel 3.3.8 and 3.4 so I’ve been able to get a pre-emptive 3.3.8 kernel working on the web server.  It does cut latency somewhat.

3.x Pre-emptive Kernel

Tux
I succeeded in compile a 3.0 pre-emptive kernel that actually functions properly with NFSv4 and rpc.idmapd.

Moreover, I’ve come to understand the compatibility issues.  The problem is that newer NFSv4 went to using nfsidmap which uses upcalls within the kernel rather than an daemon to handle mapping.

What I haven’t determined yet, is exactly at what kernel version this change was made and if it is at all possible to build a kernel with kernel nfsd support that will work with both.  That would be the easiest, else I’ll have to change all the machines over at once which would be challenging.

Imapd / Pop3

     Further research suggests that this isn’t going to fix it.  I’m going to update Dovecot anyway just to get it current but will probably do this later this evening instead of at 5pm.

     It appears that this problem is because of the POODLE exploit that came out which RedHat “solved” by disabling SSLv3.

     The only fix at this end would be compiling OpenSSL from source, and then recompiling a whole bunch of stuff not to use the system version because RedHat isn’t going to fix it properly, or build a new server based on a non-broken operating system, and that is problematic because Red Hat’s EL6, upon which CentOS 6 is based, has a broken implementation of NFS version 4, which is really needed for mail to work properly owing to the lack of mandatory locking on earlier versions of NFS.

     In the long term I am going to work towards moving our infrastructure away from Red Hat and towards Ubuntu.  Although the Ubuntu people occasionally screw things up, they almost always fix them quickly.  Red Hat is becoming impossible to maintain and have properly interact with other operating systems, kind of like Microsoft twenty years ago.

     Since there is no good short term fix on this end, those affected will either need to upgrade their software to something capable of TLS or use a mailer that doesn’t override their encryption selections, such as Thunderbird.