Chris Searle

For more info on the debian security announcement see:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

Server keys for this host have been updated - any ssh users may well need to remove the old ones from their .known_hosts file (or equivalent). Just to let them know that the keys are changed and intentionally so.

Technorati Tags: debian ssh ssl English

I was having the issue that if clamav died (usually due to freshclam update taking too long) that exim4 would start temporary rejecting ALL mail.

Here's a suggestion from Mike Cardwell on the exim users mailing list. It adds a check on the file existing and adds a header if not instead of rejecting.

warn !condition = ${if exists{/var/run/clamav/clamd.ctl}}
     add_header = X-Virus-Checked: False
deny condition  = ${if exists{/var/run/clamav/clamd.ctl}}
     malware    = *

Technorati Tags: clamav debian exim4 English

I currently have an OpenBSD firewall running on an ancient 586. I have a mini-itx board, CF/IDE converter and a CF card and have been intending to upgrade.

However - rather than OpenBSD I'm going to try for debian (since I know that much better).

This post will end up being a "how I did it" - but at the minute is just a collection of the notes I'm grabbing for now.

Technorati Tags: bind bind9 debian dhcp dns firewall iptables linux English

My exim4 process is configured based on this post and other points noted here.

Today it started failing - clamav failed to read its db (locked) possibly due to freshclam runs.

Debian bug 454587 gave the hint - the packages in volatile have this fixed (a non-security update that fixes this issue in stable).

So - added to my apt-config:

deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

Technorati Tags: clamav debian exim4 English

When you create a new user - it helps to remember to create their Maildir (if you are using Maildir).

maildirmake ~/Maildir/

Technorati Tags: debian maildir English

After upgrading sarge to etch - spamassassin was installed - but sa-exim wasn't running (the headers in mail showed it to be to do with the setting of SAEximRunCond stating that it should not run).

After a lot of looking at the default line in /etc/exim4/sa-exim.conf I found lower down the line:

SAEximRunCond: 0

Comment this out if you want sa-exim to run spamassassin on the mail!

Technorati Tags: debian exim4 sa-exim spamassassin English

LDAP authentication started giving:

(9)Bad file descriptor: Could not open password file: (null)

Technorati Tags: apache2 debian ldap English

The following problems:

Technorati Tags: debian upgrade English

I use the java-package make-jpkg to install java JVM's. I have mostly used sun's JVM's up to now.

I wanted to easily switch between them (which the alternatives mechanism handles well) but also to keep the relevant JAVA_HOME in sync (for things that still need this in the environment).

Technorati Tags: alternatives debian java English

I have two servers running debian sarge (stable). Etch is nearly ready to go stable (in hard freeze) so I decided to test the upgrade on the least important box.

Technorati Tags: debian English