15-Sep-2010

Less Spam to control
A week ago, I added a number of rules in the spamfilter, to reject connection if the sender or subject contained particular words that were very frequent in the quarantained and , to a lesser extent, in discarded messages: Wolrds like “Gaming”, “casino”, “Viagra” – normally filtered by PMAS< now won't get that far: the connection is now silently dropped and these messages will not even reach the scanner. Since then, the number of messages in quarantaine has dropped significantly: I have now less than half the number of quarantained messages - each day. Not bad. There is still something to check on the system - will do so next friday.

03-sep-2010

More testing
I’ve done some more testing on the new installation, which was a bit of a problem since all licenses had expired…But at some point, the system was started properly.
There are still a few issues, one of them that stylesheets are not loaded properly – or delayed. Sometimes, pages didn;t show up at all, or just partly. Adding images to pages was troublesome as well, the page in which the image was to be added didn’t show up at all. But WATCH didn’t give a hint on the problem, it all looked nice. So there is still some way to go before I’m satisfied….
Anyway, I downloaded the files for an update: both WASD and PHP, but I didn’t install them yet.

Another product I need to test in MySQL – I downloaded the latest version and installed it according instructions. And it all went smoothly (except for some minor error), the database was created, but after that, it was impossible to start the daemon: it expects some table to exist – the first has to do with locking and this table can be added once the database is started. But alas – the second error requesting a table to exist fails – and by that, the process aborts.

I have asked support of the forum.

It may have to do with SLL 1.4 – but that would lead to other errors…
It might also be a matter of the C-RTL, but it doesn’t explain the non-existence of required tables.

VMS 8.3 updates
The last updates date back to 18-Apr-2010 is it is time to get the latest ones. Including SSL 1.4 and two that are related to this: ENCRYPT and ACMELDAP, both are influenced by this update. Installing it would require a rebuild of the web server, and possibly MySQL, so it’s one to be postponed.
But before installing them, I have to make a backup of the system disk – and find opportunity to do the actual installation. And that hasn’t arrived, yet…. And for the rest of the weekend, I won’t be near the machine-room…
One update has been done, though. As I found that older quarantined and discarded messages weren’t visible after the update, Hunter Goatley of Process Software hopped in to state an error in a new feature which caused these old messages to become invisible. He supplied new images that do not contain the error – and after installing them as he instructed (and setting protection to W:RE to allow them to be run by the web server) the problem was gone. Great support to a non-paying customer. That’s what I like!
Something else was wrong as well, but that was not reproducible. But the workaround was running a rule-compiler, and the problem should have gone. We’ll see.

02-sep-2010

Updates
The first of a number of updates and upgrades: PMAS is now at 3.2, fairly new (released in July 2010), there is just one change that I have to take care of: the action taken on the message, which is stored in the log file, can now be two characters: The first states what action was performed on the message, the second states the source: by a user rule or a system rule and so on. The changes won’t be a big: just that the first (and probably only) character of the action taken, the rest of the code is not effected. Or perhaps I could note the difference in the statistics but that’s hardly significant in my case.
Second – and just in time, the license has been renewed. That is: the new license that I had around already, has been applied before the old one expired – today. So I’m protected for another year.
Another “upgrade” has to do with storage.
The logical device where I store most of the web-content, had been set up to be 8 Gb, but it filled up to well over 85%. I extended the file to twice it’s size ($ LD/EXTEND/SIZE=33600000) but the actual size reported remained the previous 16800000 blocks and still over 85% full). I couldn’t find a way to get around it and so I asked on ITRC when I was elsewhere. I got the answer, the only one without taking everything down for a prolonged period, as was proposed by Jon Pinkley and Hein van den Heuvel: Simply using this sequence:

$ DISMOUNT LDA1 ! I had to add /ABORT since some process kept a file open.
$ MOUNT/OVER = ID LDA1
$ SET VOLUME/LIMIT=33600000
$ SET VOLUME/SIZE=33600000
$ DISMOUNT LDA1
$ MOUNT/SYSTEM LDA1

gave me the full 16Gb containerfile available. Lots of storage to publish tracking data and photographs.

More to come soon:
VMS updates – perhaps an upgrade to 8.4, when I get hold of media….(and patches!)
Webserver update (WASD 10.0.2)
PHP (the Mark Berryman 5.2.13 version)
WP (3.0.1)
MySQL (5.1.49)
PhpMyAdmin (3.whatever)

It also means a somewhat new configuration of the web server….But that is under construction.

01-Sep-2010

Cleanup

The cleaning job has run last night, and I ran into a timing problem: The operator log has been copied, a new index page was created — after which the logfiles must have been archived. So yesterdays log that could show something on the connection issue, was no longer available on-line.

Update< ./font>:I checked the operlog, and the event shows up:

%%%%%%%%%%% OPCOM 30-AUG-2010 20:20:49.75 %%%%%%%%%%%
Message from user SYSTEM on DIANA
Message from syslogd@Unknown at Aug 30 19:28:50 ...
Vigor: WAN 1 is down.

%%%%%%%%%%% OPCOM 30-AUG-2010 20:20:50.20 %%%%%%%%%%%
Message from user SYSTEM on DIANA
Message from syslogd@Unknown at Aug 30 19:28:50 ...
Vigor: WAN 1 is UP.

%%%%%%%%%%% OPCOM 30-AUG-2010 20:30:23.42 %%%%%%%%%%%
Message from user SYSTEM on DIANA
Message from syslogd@Unknown at Aug 30 19:38:20 ...
Vigor: --SendMailAlert--

The alert didn’t arrive so that is still to be settled in the router.

I would have expected a mail of last month’s mail statistics but that didn’t arrive either, so there is still something wrong.
Update< ./font>: No it’s Ok. It will show up in the log, it isn’t mailed.

Password reset requested?
I got a mail this morning from Twitter, that a new password was requested. Must have been someone else, so I accessed Twitter.com directly and changed my password. All others as well, whereever I could access the pages. But this was my intention anyway.

Update< ./font>: ALL passwords have been changed. The Bootcamp2008 blog seems to have been compromise3d, so it has been disabled – it will now render a 404 error.

Mail statistics
PMAS statistics for August
Total messages    : 9140 = 100.0 o/o
DNS Blacklisted   : 1875 =  20.5 o/o (Files: 31)
Relay attempts    : 5940 =  64.9 o/o (Files: 31)
Processed by PMAS : 1325 =  14.4 o/o (Files: 31)
       Discarded :  139 =  10.4 o/o (processed),   1.5 o/o (all)
    Quarantained :  350 =  26.4 o/o (processed),   3.8 o/o (all)
       Delivered :  836 =  63.0 o/o (processed),   9.1 o/o (all)

More important: on 25-August, there have been – again – a massive amount of relay attempts; the file is 564 blocks in size – 2300 lines alltogether. Second are attempts 10 days earlier, about 2100 times. These files need to be more closely examined, but on first glance, the sender’s address is known. Reason enough to block 126.com and sina.com.

By the way: the license needs to be renewed, it will expire tomorrow.