Maintenance report
When the monthly maintenance job was running, I was on holiday, so the checkup was only today.
Nothing weird, actually:
PMAS statistics for May
Total messages    :   7128 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   5164 =  72.4 o/o (Files: 31)
Accepted by PMAS  :   1964 =  27.5 o/o (Files: 31)
  Handled by explicit rule
         Rejected :    872 =  44.3 o/o (processed),  12.2 o/o (all)
         Accepted :    246 =  12.5 o/o (processed),   3.4 o/o (all)
  Handled by content
        Discarded :    265 =  13.4 o/o (processed),   3.7 o/o (all)
     Quarantained :    199 =  10.1 o/o (processed),   2.7 o/o (all)
        Delivered :    382 =  19.4 o/o (processed),   5.3 o/o (all)

just another network to exclude access from the LAN, due to massive number of relay attempts. These were from several addresses from network – based in China (no surprise).


Just the same
It’s all just the same. Mostly, that is.
PMAS statistics for April
Total messages    :   2505 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   1143 =  45.6 o/o (Files: 30)
Accepted by PMAS  :   1362 =  54.3 o/o (Files: 30)
  Handled by explicit rule
         Rejected :    540 =  39.6 o/o (processed),  21.5 o/o (all)
         Accepted :    175 =  12.8 o/o (processed),   6.9 o/o (all)
  Handled by content
        Discarded :    245 =  17.9 o/o (processed),   9.7 o/o (all)
     Quarantained :    182 =  13.3 o/o (processed),   7.2 o/o (all)
        Delivered :    220 =  16.1 o/o (processed),   8.7 o/o (all)

The number of relay attemps came from a source I thought I had blocked in the router’s firewall but I missed a bit, it seems. The bulk of the messages were done on April 1st -= about 720 during the day. And I found another address that tried to overload the webserver with over 900 concurrent requests. Or requests that weren’t finished. So this address has been denied access a swell. (The webserver doesn’t really mind, but it blocks the well-behaving visitors.

By the way: The Dutch government is planning a bill that will allow police and secret service to silently hack computers.
Well guys: GOOD LUCK with this one :)

New versions coming up
A new version of the WASD server has been released, there is some preparation to do – I could install this version out-of-the-box but some extra reading may well be worthwhile – since it incorporates HTTP 2 protocol, which means some enhancements.
Also on the shelve is that latest PHP 5 version (5.7) and an update of WordPress. But that will definitely require some work before all runs as it should. WP 4.4.2 ran into a loop somewhere (Well, Stack Overflow – which often is an indication of a recursion that doesn’t run into a finite situation…)


Actualy, nothing special in mail itself:
PMAS statistics for March
Total messages    :   8836 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   5971 =  67.5 o/o (Files: 30)
Accepted by PMAS  :   2865 =  32.4 o/o (Files: 31)
  Handled by explicit rule
         Rejected :   1687 =  58.8 o/o (processed),  19.0 o/o (all)
         Accepted :    288 =  10.0 o/o (processed),   3.2 o/o (all)
  Handled by content
        Discarded :    231 =   8.0 o/o (processed),   2.6 o/o (all)
     Quarantained :    228 =   7.9 o/o (processed),   2.5 o/o (all)
        Delivered :    431 =  15.0 o/o (processed),   4.8 o/o (all)

except that there has been quite some relay attempts (and spam) from China (mostly), throughout the whole month. faking to be a grootersnet.nl user, it will never be accepted when sent to another address since the mail server is set to be non-relay. At least, not from the outside. And grootersnet.nl mail will only be sent from the inside over DIANA, the main (OpenVMS) server.
But it does cause trouble because each message prevents the anti-spam program from receiving valid mail – so the most used networks have been excluded at the front gate (so the router) so they will have no longer access to ANY service:

  • More to follow – after I have examined all log files of mail, web , ftp and router.
    For the rest, all seems pretty well.


    Planned power outage
    Planned to start around 8:30 and extended to 12:30 (CET) I expected to do a normal shutdown of the server around 8:30. At this moment it is 9:30 and power is still on. Nevertheless, the system will be shut down normally – though I could well leave it running until power fails – and return to normal service as soon as I get back – I didn’t have time to install a laptop (with it’s own power source for a few hours) to start it up remotely when power is restored.
    So the system will be taken down within the next few minutes.

    Power hasn’t been down, it seems the works for which it was required, was done yesterday. Without notice. Everyone in the neighbourhood is not amused. But for the rest:one
    >>>b dkb100
    got everything in running order.


    Unexpected power outage 
    Scheduled for tomorrow between 8:30 and 12:00, there has been a power break at about 11:30 UCT. I noticed it when I could not access my mail site, nor the public homepage this afternoon. Restart of the server when I got home at 19:00 CET, without a problem.
    Next shutdown  – planned because the next power outage has been announced  – will be tomorrow at 8:30 CET, lasting the rest of the day: There has been no time to install a access point to start the server remotely.

    (send from WordPress for Android, from my HTC – and edited later on)


    Maintenance triggers investigations
    Although the montly processing didn’t reveal a lot of (potential) trouble:

    PMAS statistics for February
    Total messages    :   2338 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :    218 =   9.3 o/o (Files: 29)
    Accepted by PMAS  :   2120 =  90.6 o/o (Files: 29)
      Handled by explicit rule
             Rejected :   1057 =  49.8 o/o (processed),  45.2 o/o (all)
             Accepted :    202 =   9.5 o/o (processed),   8.6 o/o (all)
      Handled by content
            Discarded :    227 =  10.7 o/o (processed),   9.7 o/o (all)
         Quarantained :    347 =  16.3 o/o (processed),  14.8 o/o (all)
            Delivered :    287 =  13.5 o/o (processed),  12.2 o/o (all)

    and the number of relay attempts were not that much (less than 100 spread out over a few days), there was some concern over mail: Quite a lot of messages appeared in the last weeks that carried a ‘grootersnet.nl’ sender, but all of them faked: I don’t have accounts like ‘webmaster’, ‘test’, ‘info’, ‘admin’ of ‘contact’. Nor are addresses, or connected to my domain. According whois, the owners are webfusion.com (UK based), OVH (Germany) and Steadfast networks (US).

    ANY email from the grootersnet.nl domain will be sent from Diana.intra.grootersnet.nl, address ANY other sender IP address that appears to be sent from this domain, but without this signature, is FAKE.

    To those that still want to try relayiung mail: FORGET IT. Both the SMTP frontend and the SMTP server will not accept other destinations than my own, unless the mail originates from within the local network.

    For the record, under the newEU ruling, I may have to report break-in attempts, even on d non-commercial system. I will.
    WP update – continued
    I checked the files of the container (WordPress.zip) and the result on the VMS box, and I found a few nasty
    VMS (in my standard setup) will translate dots in a filename to underscores. Reversing that action would take a lot of work: Scanning all files and rename the ones that need to be re-versed. Luckily, WordPress has no underscores in the names, throughout the whole package so I could develop a command procedure to do the job. It served me well: Installing WordPress the usual way, rename the directory the unzip creates, set a logical and run the procedure; No extra work except changing the logicals of each blog referring to the right WP version.
    But version 4.4.2 proved to have a trick. mainly in code included from other parties: directories that contain underscore in the name. It may, of may not have caused the problems I ran into, but this should be handled. There were just a few, but in one case, the directory contains some files with underscores by origin, and some that where underscore was the result of the replacement.
    But in the end, it was not a big change in the procedure to handle these differences: Just check if a particular string occurs in the file specification and if so, skip processing. I ran it against the latest WP version (still 4.4.2) and that seems to be fine now. Next, check if this will do the trick and allow 4.4.2 to run. For that, both regular blogs need to be offline to prevent interference (of I have to set up a separate environment – whatever is easiest).

    Work on the power grid ahead
    We got a notice from the company maintaining the power grid that on 24-Mar-2016, there will be a power interruption between 8:30 and 12:00. It will mean power will be cut off for some time.
    So I’ll have to do some preparations.
    One possibility is to enable the serial console on a laptop (with sufficient power when fully loaded) and hook that up on the COM port; Add some external control on that system so when power is restored, I can reboot Diana. Otherwise, the system will be down all day….


    Too busy to add the result of the monthly maintenance job – there were no issues except (of course) quite a number of relay attempts from China…

    PMAS statistics for January
    Total messages    :   3263 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :   1841 =  56.4 o/o (Files: 31)
    Accepted by PMAS  :   1422 =  43.5 o/o (Files: 31)
      Handled by explicit rule
             Rejected :    527 =  37.0 o/o (processed),  16.1 o/o (all)
             Accepted :    231 =  16.2 o/o (processed),   7.0 o/o (all)
      Handled by content
            Discarded :    224 =  15.7 o/o (processed),   6.8 o/o (all)
         Quarantained :    179 =  12.5 o/o (processed),   5.4 o/o (all)
            Delivered :    261 =  18.3 o/o (processed),   7.9 o/o (all)

    Most relay attempts were on three days:

    02-JAN-2016 04:58:48.40 - 05:36:50.75 : (363)
    12-JAN-2016 16:56:59.42 - 18:14:59.84 : (720)
    14-JAN-2016 19:54:54.38 - 21:10:08.53 : (720)

    In addition, there were a few from another address – but far less:
    21-JAN-2016 07:23:38.68 - 07:24:23.62 : (11)
    so less harmful – I don’t bother too much on that one.

    (Would I need to pass these indications to law enforcement? For businesses it is an obligation today)

    Update of WordPress failed
    I downloaded the latest version (4.4.2) and installed it, but upgrading the blogs failed. I still have to some more investigation, but I found one issue: Where underscores weren’t used in the names up to 4.3.1, but in 4.4.2 (and probably 4.4 as well) there is one directory that contains an underscore in the name (.wp-includes.random_compat). This causes problems with the script to revert translation of multiple dots in a filename to underscores; VMS translates the these to underscore and the script reveres this: it becomes (.wp-includes.random^.compat).
    So here I have a problem in the script; If this the only one, it is easy to prevent. I could ask to change this to hyphen instead but I doubt it will even happen (I will aslk but won’t rely o the change).
    Another – far more nasty issue, is a stack overflow just before I get the PHP warnings: WATCH spits out the details – I removed the extra data, so this is basically what happens:

    |19:20:02.16 ERROR    0434 **** NOTICED    CGI:2107, not a strict CGI response|
    |19:20:02.17 ERROR    1121 0002 RESPONSE   DCL:5220 (basic-only) 502(502)

     "Script did not provide an acceptable response."|
    |19:20:02.17 DCL      4967 0002 DCL        READ SYS$OUTPUT %X00000001 47 bytes|

    %TRACE-F-TRACEBACK, symbolic stack dump follows
      image    module    routine             line      rel PC           abs PC      
    %SYSTEM-F-STKOVF, stack overflow, PC=FFFFFFFF8083B42C, PS=0000001B
      Improperly handled condition, image exit forced.
        Signal arguments:   Number = 0000000000000003
                            Name   = 0000000000000554
        Register dump:   
         R0  = 0000000000000207  R1  = 0000000000000008  R2  = 000000007B64D550
         R3  = 000000007B68A010  R4  = 000000007B68A018  R5  = 0000000000000090
         R6  = 0000000000000090  R7  = 0000000000000041  R8  = 0000000000000000
         R9  = 000000007CAF9820  R10 = 0000000000000020  R11 = 0000000002055088
         R12 = 000000007ADBA4A6  R13 = FFFFFFFF81951C10  R14 = 0000000000000001
         R15 = 0000000000000007  R16 = 000000007B68A064  R17 = 000000007B68A8A8
         R18 = 0000000064616F6C  R19 = 0000017964616F6C  R20 = 0000000064616F6C
         R21 = 0000000000000000  R22 = 000000000000017A  R23 = 000000007BF9A660
         R24 = 0000000000010001  R25 = 0000000000000001  R26 = 000000007B68A018
         R27 = 0000000000000001  R28 = FFFFFFFF802E373C  R29 = 000000007ADB94E0
         SP  = 000000007ADB94E0  PC  = FFFFFFFF8083B42C  PS  = 200000000000001B

    So I reverted to the version that works – have to find out first what’s going on…


    How not to update
    Ok. This is not about VMS but Windows. Windows 10. “Professsional” (you’ll understand the quotes after the story).

    To start with the history of this machine.
    I built it from (at the time) up-class components, installed Windows 7 Professional (of course I paid for it; OEM version as it was a brand new system…).
    Some time later, 8.0 came out and I could update freely – with the option to reverse the installation But I was satisfied with it so I removed that ability. Update to 8.1 went smoothly, without a glitch. So was the update to Windows 10; No surprises, everything went fine. However, there are a few ‘ glitches’: Automatic update is enabled by default, not a real problem, normally. With Windows 7 and 8, System restore was enabled and each update created a restore point so you could easily reverse. NAd if updates were to be installed, you would see it in the menu because there was a notion that updates were to be installed on shutdown – and the progress would be shown on the shutdown-screen.
    Windows10 changed that. There is NO warning on updates, nor are you informed that updates are being installed. Shutdown just takes longer. Much longer, eventually. It is after you start the machine that you are informed that updates have been installed.
    If yhings go wrong, it’s too late.
    As I found out in December. There has been a major update to Windows, installed silently the same way. But from that moment on, things had changed: Some things didn’t work at all anymore, including the new browser (Edge – it really is an improvement though not all functionality of Internet Explorer or other browsers in available), the new Search facility (Cortina), and some important system management tools like the notifier (Action center) and numerous other things: opening a second File Explorer window from the shortcut on the menu didn’t react, for instance. Very annoying if that is what you normally use most.
    I posted a complaint on a technical Forum at Microsoft, where I learned that were more installation that have the same problem. Suggestions that I found elsewhere to re-install Edge didn’t work either (and on one occasion I learned that this update had indeed caused a lot of trouble) but time by time, some functionality was rstored – or I found a way around it. But some programs and site-accesses rely on Edge so these don’t work either.

    Today I contacted Microsoft supprt via chat. Very helpful. It was tried to set things right again which required a reboot. That is when trouble really started.
    First, I could no longer login into my normal account. I usually login with a PIN code, but that was now reversed to password login. But entering the right password (and I am absolutely sure I made no mistakes) failed: Either name or password incorrect. I noted that there was no internet connection, required for login (I think) since the account is coupled to my LIVE.COM account. Luckiliy, I also have a local (administrator) account that I could use. Done some investigations: There was no way I could enable internet connectivity – and the chat session tried to connect – which of course failed.
    Using a second PC (Still on Windows 7 and to be kept as such – since some games are not compatible with Windows 10 and will not run) I contacted Microsoft support on this issue. Where I found out (using msconfig) that all services but a few had been disabled. The suggestion was either to revert to a previous version (and re-install Windows 10 – and everything I installed after upgrading from Windows 8.1) – or do a full re-install. Neitehr option was acceptable; the other solution was to reboot normally – which worked.

    After that, the connection that was stopped on reboot, was revived and I could get on with the chat. It still didn’t work as before. And the problem resides with all current users on the machine – even the local admin account had the same problem.
    One thing I could try was to create a new user and see if that would solve the problem. and behold: THAT WORKED.

    So is was suggested that moved all files to that new user and work with that account from now on.

    It would mean I would have to copy EVERYTHING on the system to that account. Or change file ownership and protections from one user to another. BY HAND.
    Or leave it as it is, hoping that Microsoft will come up with a real solution: one that will repair the system where it broke.

    There are still a few things to figure out because I think that there is more that went severely wrong in this update: I doubt very much that there has been made a restore point, for instance. And if so, I doubt it is complete. Since I did look for such a point when I found out of the problems but couldn’t find one

    Anyway, I disabled automatic updates. Download is OK but I decide if, and when, they are installed, so I can be sure I have a rstore point if I need to go back.

    Just looked at the local admin account.
    Where it failed to start Edge and Search this afternoon, IT NOW WORKS THERE….(For now? Well, it does.. But why doesn’t it in my normal account? This must be a registry thing….)
    The oldest restore point I can find is beginning og this year. All earlier ones seem to be gone. Latest has been today.


    New year – new chances
    At least, last maintenance job showed something remarkable:

    PMAS statistics for December
    Total messages    :  12733 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :  11118 =  87.3 o/o (Files: 31)
    Accepted by PMAS  :   1615 =  12.6 o/o (Files: 31)
      Handled by explicit rule
             Rejected :    784 =  48.5 o/o (processed),   6.1 o/o (all)
             Accepted :    215 =  13.3 o/o (processed),   1.6 o/o (all)
      Handled by content
            Discarded :    255 =  15.7 o/o (processed),   2.0 o/o (all)
         Quarantained :    221 =  13.6 o/o (processed),   1.7 o/o (all)
            Delivered :    140 =   8.6 o/o (processed),   1.0 o/o (all)

    Almost the same amount of messages as two years ago, but the reason is different: it’s not spam but trying to abuse the server.
    Over half of the relay attempts were on two days, from one network. On Dec 1st, a sender at address tried 3960 times to pass a message from a faked grootersne.nl sender to one recipient on vip.163.com; on December 6th, a sender at address tried it again 3400 times. On December 24th, 26th, 289th and 30th, the sender was on address and tried to pass a message to someone (faked, probably) at 163.com again, each day about 720 times. Just two days earlier, on December 22nd, the same has been attempted from address, but this stopped after 227 messages.

    The rest was on different days, different addresses but far less.

    All logs of 2015 have now been moved to the year archive to be stored in a safe place, to be investigated.

    I’ll continue checking the system this year. I even may have time to (finally) create the log-analyzer.

    Of course, there is content to be finished (Trips, Tracks and Travels), and some updates (WordPress and related) are pending.


    Nothing unusual
    The maintenancejob didn’t show anything weird. Just that there were two operator logs extra to the number of days, but with two restarts this is to be expected.
    Mail has no funny thingsL
    PMAS statistics for November
    Total messages    :   8431 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :   6454 =  76.5 o/o (Files: 30)
    Accepted by PMAS  :   1977 =  23.4 o/o (Files: 30)
      Handled by explicit rule
             Rejected :    820 =  41.4 o/o (processed),   9.7 o/o (all)
             Accepted :    246 =  12.4 o/o (processed),   2.9 o/o (all)
      Handled by content
            Discarded :    360 =  18.2 o/o (processed),   4.2 o/o (all)
         Quarantained :    509 =  25.7 o/o (processed),   6.0 o/o (all)
            Delivered :     42 =   2.1 o/o (processed),    .4 o/o (all)
    except the number of relay attempts: 2500 between 7-NOV-2015 15:58:58.60 and 7-NOV-2015 20:51:36.53, from address attemting toreach some addressee at 163.com

    You would expect it a long running job but it isn’t: just 8 minutes elapsed, using less than 1 minute of CPU time:

      SYSTEM       job terminated at  1-DEC-2015 01:08:02.31

      Accounting information:
      Buffered I/O count:               9082      Peak working set size:       3888
      Direct I/O count:                57891      Peak virtual size:         183008
      Page faults:                     13301      Mounted volumes:                0
      Charged CPU time:        0 00:00:45.13      Elapsed time:       0 00:08:02.29