06-Aug-2016

Relay attempts
in general, all is Ok in last monthly maintenance:
PMAS statistics for July
Total messages    :   6052 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   4173 =  68.9 o/o (Files: 31)
Accepted by PMAS  :   1879 =  31.0 o/o (Files: 31)
  Handled by explicit rule
         Rejected :    854 =  45.4 o/o (processed),  14.1 o/o (all)
         Accepted :    202 =  10.7 o/o (processed),   3.3 o/o (all)
  Handled by content
        Discarded :    264 =  14.0 o/o (processed),   4.3 o/o (all)
     Quarantained :    274 =  14.5 o/o (processed),   4.5 o/o (all)
        Delivered :    285 =  15.1 o/o (processed),   4.7 o/o (all)

but the number of relay attempts is very hihgh. Again, these are mainly of Chinese origin:

  • 111.202.57.39 in two days (adjacent), 878 and 390 attempts
  • 95.208.192.227 with 115 attampts (one day)
  • 157.122.147.2 with 2291 attampts in one day
  • 157.122.148.194 with 413 attampts
  • The latter two are the same network.
    I had to re-configure the router a few weeks ago and didn’t restore the objects – the last one was one of them. Well, they have again been added so the number of relay attemps from these addresses (and spam sent from them) will be blocked. ANY access, in fact.

    12-Jul-2016

    Nightly job…
    The new configuration of the router had some quirks.
    Thinking I had it all set up, it turned out that for some reason, IPTV didn’t pass: the set-up boxes had no connection to the Internet. Resetting them didn’t help – that’s what made this clear.
    Where there is one VLAN for Internet access, this is routed to ports 1, 2 and 3; over LAN1 (connected to WAN1) or LAN2 (connected to WAN2 – the fast port). IPTV is bridged directly to it’s own LAN and port, and that seemed to go wrong. (VOIP works regardless the WAN port used – the lines are both registered at the provider).
    This was in the very early hours of today, and there was no tie to figure it out. So I looked for a backup of the configuration, found a number of older ones, and restored the configuration from the latest of that set, reconnected WAN1 to the internet and set up Port WAN2 as backup. Some things still need to be done, but at the moment, everything is now in working order. So I created a backup of this installation.
    And just then I found the pretty recent backup I was looking for…
    Well, given the time I didn’t restore from that one. There is still some work to be done to swap the two lines. Unless the ISP has another idea to get the connection working at the intended speed of 100Mb – symmetrical.
    Update
    I got an answer on my question to Draytek about this issue: Is it a router setting that causes this? The answer is: No, it’s ‘built-in’.
    AS they put it (in Dutch)

    De WAN 1 is een 10/100 Mb poort. Hiervan is WAN<>LAN doorvoersnelheid ongeveer 50~60 Mb/s. De WAN 2 is een 10/100/1000Mb poort en
    hiervan is de doorvoersnelheid ongeveer 100~110 Mb/s. Onze advies om de WAN 2 te gebruiken.

    Shrt translation : WAN1 is 10/100 Mb, WAN to LAN throughput is about 50-60 Mb/s. WAN2 is a 10/100/1000Mb port where throughput is about 100-110 Mb/s.
    We recommend to use WAN2.

    So in stead of 100 Mb, that WAN1 port is actually a 50Mb port – so 50%. WAN2 is even worse: the speed (given you can run full speed (1Gb/s)) your port is actually 1/10th!
    So if I want to have full advantage, I’ll have to use WAN2. No problem, all is set up to work that way – just have to see if that works for television as well. And the max speed I got when testing it, was only(!) 70 Mb. Faster indeed though not the 90 I would expect, but it might be that router traffic interfered.
    However, if I decide to go any faster (500Mb is possible) I’ll ned to replace the router – and heavily check te actual throughput.

    11-Jul-2016

    Internet access issues
    Since I have a fiber internet connection, and a subscription to a 100 Mb connection (symmetrical, so either way) it wondered me when running a speed test, it would get to just 50 – download a bit less, upload a bit more. On contact with my ISP, I checked using the supplied router (Fritz!box 7390). The laptop directly connected to this router, that one directly connected to the FPU (where fiber meets Ethernet). Here, the speed ran to a speed well over 90 Mb – either way. Connected it like the Draytek router – so with another cable, as this isn’t close to the FPU because of all connections – it still was over 90Mb. Still, the Draytek kept running at “half speed”.
    The fun part is: this is a dual-WAN router. the first WAN port is 100Mb, the second can handle 1Gb. The connection was set up to use the first, so I switched to the second. It does make a difference: Speeds are now increased to about 70. A bit better, but not yet as is has to be. Of course, all other traffic may interfere, but that would have been the case with the Fritz!box as well. So there is one more test to perform: Disconnect the LAN and rerun the tests. If that closes in to 100Mb, it’s obvious that traffic to the server causes the issue. If not, it’s the router that needs another tweak. I asked Draytek what it might be, but I doubt this can be set – I didn’t see any setting that could be – except, perhaps, MTU. Set to 1442 where the max is 1496. But I cannot image that these 40 bytes make such a difference….
    But it might be.
    Server issue
    Yesterday’s issue with the server is confirmed to be a bug, not a real surprise given the massive overhaul of the code. Mark supplied a hotfix that tackles this one and a few others. It will be installed ASAP – it might be tonight but on the other hand, it can wait a few days. It’s not that important.
    Update
    Done – and the configuration has been restored. Now it works again.
    I also updated the email-program, but here I ran into a problem: It seems that the program is unable to open the language file, the server returns a 403-error but there is nothing wrong (it seems) with the file security…Looked into the code and found that the language file used (EN.TXT) seems to contain more, or less messages than is anticipated. Hence: mismatch. I re-installed (= upzipped) the files once more, and even without rebuilding and reinstalling, the site now starts. That is: there is a message popping up because a routine called within the Javscript cannot be found:
    .soymail error
    but that doesn’t stop the music. Nor do the missing header and default footer, but I had URL’s to the spamfilter. So I’d like to have them back.
    Update on these
    I found the reason for the missing header and footer. I forgot the configuration file, didn’t remember name or location (but given the author, it would be ‘soymail.conf’, or so. Checking on the logicals I found it, and adapted the header and footer lines.
    The issue with the script is just a matter of clearing the browser’s log. I could have known that…

    10-Jul-2016

    Server updated
    Updated WASD server. As usual, it’s been a piece of cake, but this time there is a twist.
    In the mapping file, I have a line:

    if (client_connect_gt:10) pass * "503 Exceeding your concurrency limit!"

    to prevent a single accessor to have more than 10 concurrent sessions – at least, this was my interpretation. But now it blocks ALL access, whether the number of sessions is higher than 10 or not, regardless the originating address. (apart from me, there seemed to be one more user, he got this message, but so did I – with ONE session… Since some parts of WASD are rewritten0, this may have slipped attention, so I reported it to Mark.

    Once disabled, the site is accessable again.

    This effects the non-secured sites only because the other ones don’t pass this mapping. However, I notices a weird thing using Firefox: The tile (“~”) used in accessing the user’s mail environment, translates to another character (‘not’ character) and therefore, Mozilla cannot be used to access the webmail-program directly – I have to get to the main page and invoke SoyMail from there.

    03-Jul-2016

    Just the ordinary
    Again, there is nothing special in the system.
    PMAS statistics for June
    Total messages  :  1893 = 100.0 o/o
    DNS Blacklisted  :   0 =  .0 o/o (Files: 0)
    Relay attempts  :  264 = 13.9 o/o (Files: 30)
    Accepted by PMAS :  1629 = 86.0 o/o (Files: 30)
    Handled by explicit rule
    Rejected :  800 = 49.1 o/o (processed), 42.2 o/o (all)
    Accepted :  212 = 13.0 o/o (processed), 11.1 o/o (all)
    Handled by content
    Discarded :  239 = 14.6 o/o (processed), 12.6 o/o (all)
    Quarantained :  195 = 11.9 o/o (processed), 10.3 o/o (all)
    Delivered :  183 = 11.2 o/o (processed),  9.6 o/o (all)

    There were just a few reay attempts causing the logfile to grow over the limit:

    • 5.135.219.26 (38 attempts). The only information I could find on this address is that is seems to be located in France. It tries (bogus) addresses of my domain (the only real one is www.grootersnet.nl) and the attempt was made to connect to a gmail mail server.
    • 208.100.26.230 (16 attemps) but given the sender and addressee used, I think this is a test to see if the mail server is an open array. (It isn’t). The address refers to a hosting company in the USA (Chicago area), and the company that is hosted there, seems to work on QR-codes (ScanMe.org doesn’t own a website, ScanMe.com does)
    • 4.222.41.220 (101 attempts) seems to be a dial-up connection to a server near Wichita (Kansas), so there is no further information.

    Since these are simply ‘just a try’ – the number of attempts is relatively low and do not reoccur – I leave it. For now.

    Funny: On Windows 10, the Edge browser will highlight the first two as links – and offers Chrome to open them :). Show in Internet Explorer shows the data as it is intended.)

    Pending Updates
    I have to update WordPress, but for the lastest version PHP 5.6 (that I downloaded and installed) is recommended, as well as MySQL 5.6 or MariaDB 10.0. It should word with PHP 5.0.4 (I curently run 5.2.13) and MySQL 5.5: that I’m using for several years now,
    For mySQL, I will have to stick to MySQL 5.5 (or MariaDb 5.5) since there is no recent update of MySQL on VMS (HP won’t fund any attempt) nor has Mark Berryman updated his port of mariaDB.
    The previous update (to WordPress 4.3) failed, so I wonder what will happen with this one. I’ll do WP first, than PHP; is has no implications on the blog itself (I hope).

    Another update is the webserver (WASD) to 11.0.1 – and that will be a piece of cake. As usual.

    Router problem?
    The Vigor router has a problem, I think. Although I have disabled any limit (there is no need to limit access), the router complains about exceeding the maximum number of allowed connections. At times not just from the LAN, outside connections get the same error as well. It seems the router doesn’t free disconnected channels, the server has not that much open connectons.. The only solution is a reboot of the router.
    This time, I needed anyway, because I updated the servre firmware. But probably I’ll have to reboot the router regularly; it has a schedule option but I need to dig into the manuals first. If possible, this will of course be scheduled at a quit time.

    12-Jun-2016

    Maintenance report
    When the monthly maintenance job was running, I was on holiday, so the checkup was only today.
    Nothing weird, actually:
    PMAS statistics for May
    Total messages    :   7128 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :   5164 =  72.4 o/o (Files: 31)
    Accepted by PMAS  :   1964 =  27.5 o/o (Files: 31)
      Handled by explicit rule
             Rejected :    872 =  44.3 o/o (processed),  12.2 o/o (all)
             Accepted :    246 =  12.5 o/o (processed),   3.4 o/o (all)
      Handled by content
            Discarded :    265 =  13.4 o/o (processed),   3.7 o/o (all)
         Quarantained :    199 =  10.1 o/o (processed),   2.7 o/o (all)
            Delivered :    382 =  19.4 o/o (processed),   5.3 o/o (all)

    just another network to exclude access from the LAN, due to massive number of relay attempts. These were from several addresses from network 59.23.0.0/13 – based in China (no surprise).

    08-May-2016

    Just the same
    It’s all just the same. Mostly, that is.
    PMAS statistics for April
    Total messages    :   2505 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :   1143 =  45.6 o/o (Files: 30)
    Accepted by PMAS  :   1362 =  54.3 o/o (Files: 30)
      Handled by explicit rule
             Rejected :    540 =  39.6 o/o (processed),  21.5 o/o (all)
             Accepted :    175 =  12.8 o/o (processed),   6.9 o/o (all)
      Handled by content
            Discarded :    245 =  17.9 o/o (processed),   9.7 o/o (all)
         Quarantained :    182 =  13.3 o/o (processed),   7.2 o/o (all)
            Delivered :    220 =  16.1 o/o (processed),   8.7 o/o (all)

    The number of relay attemps came from a source I thought I had blocked in the router’s firewall but I missed a bit, it seems. The bulk of the messages were done on April 1st -= about 720 during the day. And I found another address that tried to overload the webserver with over 900 concurrent requests. Or requests that weren’t finished. So this address has been denied access a swell. (The webserver doesn’t really mind, but it blocks the well-behaving visitors.

    By the way: The Dutch government is planning a bill that will allow police and secret service to silently hack computers.
    Well guys: GOOD LUCK with this one :)

    New versions coming up
    A new version of the WASD server has been released, there is some preparation to do – I could install this version out-of-the-box but some extra reading may well be worthwhile – since it incorporates HTTP 2 protocol, which means some enhancements.
    Also on the shelve is that latest PHP 5 version (5.7) and an update of WordPress. But that will definitely require some work before all runs as it should. WP 4.4.2 ran into a loop somewhere (Well, Stack Overflow – which often is an indication of a recursion that doesn’t run into a finite situation…)

    02-Apr-2016

    Maintenance
    Actualy, nothing special in mail itself:
    PMAS statistics for March
    Total messages    :   8836 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :   5971 =  67.5 o/o (Files: 30)
    Accepted by PMAS  :   2865 =  32.4 o/o (Files: 31)
      Handled by explicit rule
             Rejected :   1687 =  58.8 o/o (processed),  19.0 o/o (all)
             Accepted :    288 =  10.0 o/o (processed),   3.2 o/o (all)
      Handled by content
            Discarded :    231 =   8.0 o/o (processed),   2.6 o/o (all)
         Quarantained :    228 =   7.9 o/o (processed),   2.5 o/o (all)
            Delivered :    431 =  15.0 o/o (processed),   4.8 o/o (all)

    except that there has been quite some relay attempts (and spam) from China (mostly), throughout the whole month. faking to be a grootersnet.nl user, it will never be accepted when sent to another address since the mail server is set to be non-relay. At least, not from the outside. And grootersnet.nl mail will only be sent from the inside over DIANA, the main (OpenVMS) server.
    But it does cause trouble because each message prevents the anti-spam program from receiving valid mail – so the most used networks have been excluded at the front gate (so the router) so they will have no longer access to ANY service:

  • 112.88.0.0/13
  • 157.122.0.0/16
  • 5.196.0.0/16
  • 125.21.122.0/24
  • More to follow – after I have examined all log files of mail, web , ftp and router.
    For the rest, all seems pretty well.

    24-Mar-2016

    Planned power outage
    Planned to start around 8:30 and extended to 12:30 (CET) I expected to do a normal shutdown of the server around 8:30. At this moment it is 9:30 and power is still on. Nevertheless, the system will be shut down normally – though I could well leave it running until power fails – and return to normal service as soon as I get back – I didn’t have time to install a laptop (with it’s own power source for a few hours) to start it up remotely when power is restored.
    So the system will be taken down within the next few minutes.

    update
    Power hasn’t been down, it seems the works for which it was required, was done yesterday. Without notice. Everyone in the neighbourhood is not amused. But for the rest:one
    >>>b dkb100
    got everything in running order.

    23-Mar-2016

    Unexpected power outage 
    Scheduled for tomorrow between 8:30 and 12:00, there has been a power break at about 11:30 UCT. I noticed it when I could not access my mail site, nor the public homepage this afternoon. Restart of the server when I got home at 19:00 CET, without a problem.
    Next shutdown  – planned because the next power outage has been announced  – will be tomorrow at 8:30 CET, lasting the rest of the day: There has been no time to install a access point to start the server remotely.

    (send from WordPress for Android, from my HTC – and edited later on)