CentOS8 has been out for approximately a half year and in that time no Desktop interface has been completely ported.  And at this time the current release is 8.1, however, Centos folks seem bent on abandoning Centos 8 and replacing it with a rolling release called Centos Stream similar to Fedora and that seems to be where all the development effort is going these days.  So I am planning on deleting the Centos8 server and replacing it with a Centos Stream server in the near future.

     Good news for those of you who liked the old Gnome environment on Centos6, Gnome is now available on Centos7 and Scientific Linux 7.  It has been, up to this point, unavailable because of the unavailability of gnome-flashback, necessary for remote Gnome Desktop access, but I found an “unofficial repository” that contained it so it is now installed.

     Also newly installed is the “KDE Plasma Workspaces” desktop.  Part of KDE was previously available but now there is a group and the full group is installed.  There is also a group for Mate now which makes it a more complete install than it previously was.

     And one more Desktop, LXQT, a fairly light Desktop similar to LXDE except using the QT graphical interface, is now also installed.

     Have fun!

     When I ‘fixed’ some DKIM issues a couple of days ago, I used the same file name for two different functions accidentally and this broke the configuration in ways that affected mail lists.  That has been corrected.

     In addition, I misconfigured the client mail server in a way that permitted open relaying and that got abused this afternoon about the same time a customers account had been compromised and also abused.  And so around 1:30PM today Pacific Time I had to stop the client outgoing server for a short while in order to fix the configuration error and delete 40,000+ spam messages from queue.  Fortunately I caught the majority of them before they were sent.

     I found and fixed two issues with spam filtering that closed a couple of holes, hopefully didn’t break anything in the process, but if so please use Support->Tickets to report the issue.

     First thing I found broken was opendkim checking was not working owing to key retrieval.  It appears that opendkim does not use the system resolver by default, it is necessary to define name servers in it’s conf file.  I had not done this, key retrieval was failing, so opendkim was not rejecting sites forging as it should have been though most still would have been caught by spf.  But this together with spf will also make opendmarc work so should further reduce spam.

     The second thing was I had not configured recipient_checks in mail.eskimo.com’s postfix main.cf file and as a result the recipients_check file was completely ignored.  This server is intended for outgoing mail, but by addressing to user@mail.eskimo.com AND ignoring MX records and directly attaching to this server spam could be sent.  I was able to catch this because I happen to be perusing the logs for errors and happened to see one such spam come through which lead me to investigate the configuration to find out why it was not rejecting it.

     The server with the mail spool spontaneously rebooted around 19:05 PM.  Because NFS re-binding after a crash is less than reliable, some shell servers may not have properly remounted their file systems.  It may take me several hours to check these.  If you run into a server that hangs when you login, hit ‘df’, or try to retrieve e-mail please generate a support ticket: https://www.eskimo.com/support/osTicket/

     CentOS8 made the decision NOT to include KDE however, it has been available via the EPEL repository.  Today they started upgrading the version on the EPEL respository but it is in a half updated broken state, so for now until they complete this project, KDE is not available on Centos8.

     I had bad feelings when Centos was taken over by Redhat, so far my instincts have proven to be right on, this was a very bad thing for the community.  All they’ve done is discontinue things and walk away from established standards, and support for non-paying non-Redhat customers is non-existent.

     Opensuse is presently unavailable owing to a problem in a library that breaks NIS authentication.  It has been reported, they are aware of it but at this point there is no indication of if/when it will be fixed.

     Mail is repaired.  It unfortunately required rebooting pretty much everything because after I recreated the file system and exported it, all the other servers which had it mounted gave “Stale File Handle”, and would not let me unmount it without a reboot.

     But that is all done now, everything is good until it’s not.

     There is a problem with the mail spool file system.  It is not a hardware problem but a file system corruption problem that fsck does not detect.

     I am going to have to copy and rebuild the file system.  At the rate files are copying this will take approximately 45 minutes to complete.

     I am having a problem with the mail spool file server.  There is something wrong with the file system that fsck -f -y does not find or correct.  I am in the process of troubleshooting but it may be necessary to copy and rebuild in which case it may be down for several hours.