Posted on

07-May-2017

Maintenance report
There isn’t much to mention on maintenance.

PMAS statistics for April
Total messages    :   2796 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :    209 =   7.4 o/o (Files: 30)
Accepted by PMAS  :   2587 =  92.5 o/o (Files: 30)
  Handled by explicit rule
         Rejected :   1793 =  69.3 o/o (processed),  64.1 o/o (all)
         Accepted :    164 =   6.3 o/o (processed),   5.8 o/o (all)
  Handled by content
        Discarded :    339 =  13.1 o/o (processed),  12.1 o/o (all)
     Quarantained :    274 =  10.5 o/o (processed),   9.7 o/o (all)
        Delivered :     17 =    .6 o/o (processed),    .6 o/o (all)

The number of relay attempts is not that high: the most (100) have been on April 26th, the rest (just a few days) were far less.

New router
I purchased the follow-up mof my Vigor 2920 router: a 2925Vac one. It has bot 2.4 Ghz and 5 GHz wireless, and supports 8.11ac protocol for LAN traffic. I could prepare it yesterday evening using the 2920 as a example (I could have restored the backup of that one) and installed it this evening. Apart from one thing I forgot: specifying which phone is what number, and setting up opened ports – I set them up but probably forgot to save the configuration – changing wnet without a hitch (Of course I had to apply these changes….) and the result in access, especially Wireless, is eminent. And I run the speed test: Up- and download went up to about 85 MB/s – matching the current speed of 100Mb/sec: This router’s firewall has a throughput of 200Mb/s, 4 times the bandwidth of the 2920….

Next month, my Internet speed will increase to 160 Mb/s (with no extra cost) and this router is fit for that (I got the announcement AFTER I received the router 🙂 ) so I’m ready 🙂

PHP 5.4 retest ahead
I planned a test of PHP 5.4 (dnd MariaDB 5.5) tomorrow evening, hopefully I don’t run into problems now, since I changed the system parameters. I may also need to reboot the server to include latest changes, based on AutoGen reporting.
So far the results of the performance look nice. Memory usage goes up to 75%, as before, bot slowly, and sometimes it seems to be eset. Something to investigate.

New version of WASD (and alamode)
New version of the webserver has been downloaded, and the accompanying monitor program. To be installed tomorrow (as well)

Posted on

04-Feb-2017

Maintenance
It’s been a quiet month:

PMAS statistics for January
Total messages    :   1910 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :     94 =   4.9 o/o (Files: 31)
Accepted by PMAS  :   1816 =  95.0 o/o (Files: 31)
  Handled by explicit rule
         Rejected :    971 =  53.4 o/o (processed),  50.8 o/o (all)
         Accepted :    150 =   8.2 o/o (processed),   7.8 o/o (all)
  Handled by content
        Discarded :    342 =  18.8 o/o (processed),  17.9 o/o (all)
     Quarantained :    329 =  18.1 o/o (processed),  17.2 o/o (all)
        Delivered :     24 =   1.3 o/o (processed),   1.2 o/o (all)

Most days there has been some attempts to abuse the server for relay each day, but far less than is usual. Most files are well below the rated limit (4 blocks, or 2Kb in size), jus on 09-Jan-2017 and 29-Jan-2017 were larger: 8 blocks (4KB), and 4 blocks (2KB – more than on the others days).

If would be nice if it stays that low, but I guess I’ll see higher levels later this year.

Network outage
Yesterday, when trying to read mail from the server at work, I noted there was no access AT ALL to the site – even VPN into the router failed. Turned out to be a problem with the Internet provider, that lasted until approximately 16:00 – after which all mail that was blocked for that reason, got in again. Not juts Internet. Because TV and telephone use the same connection, these were down too.
Well, it all worked again even since.

New hardware, new software
This year. I intend to add an Itanium server to the data center, so I can get somewhat acquainted to that hardware. Apart from the usual WordPress updates (one coming this weekend) I plan to upgrade the database (from MySQL 5.1 to MariaDb 5.5) and PHP (a big leap to 7.0). This involves all blogs to I need to take care that I don’t break anything, severely (It may required some PHP code changes as I already found out when trying to run 5.4….)
And, if I can get hold of it, newer versions of OpenVMS.

Apart from that, there will be new content in Trips, Tracks and Travels.

Posted on

05-Jun-2015

Latest news on PHP
Got two messages from Mark:
1. PHPWASD.EXE in the kit is no good.
2. He reviewed all kits and rebuilt them when needed – there should be no more mismatches any more.
To be tested tonight, or during the weekend.

Evening update
I downloaded the updated kit from Mark’s site and installed it. First, it didn’t work since PHPWASD: couldn’t access PHPSHR, and later, it seemed that the MySQL extension was missing. The reason was just a matter of file protections’, I had to change the n all, and edit php.ini to enable the extensions (PHP_MysQL.EXE in particular -PHP_MySQLI.EXE alone wasn’t enough for this version of WordPress) but now it works, though it looks to be a bit slower. However, I should NOW be able to update to WP 4.2.2. Fingers crossed 🙂
Evening update 2
Updating WP means: revert to default theme and disable plugins – after creating a backup (so if it fails, it’s easy to revert to the stae before the update)/ No it should be a matter of changing the logical (the second location should be where the new version of WordPress is stored, in my case WP42:), than restart the webserver (to remove any running PHPWASD images), and start the blog. It does start with the mentioning that WP version has been changed and that the database needs an update, It starts – and stops without a notice, somewhere in step one of the process.
So I had to revert to the state prior to the update, by simply restoring the database, change the logical back to the original version and restart WASD.
Now it’s a matter of finding out what is going on….
It may be related to the resource limits in PHP.INI:

;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

max_execution_time = 30 ; Maximum execution time of each script, in seconds
max_input_time = 60 ; Maximum amount of time each script may spend parsing request data
;max_input_nesting_level = 64 ; Maximum input variable nesting level
memory_limit = 128M ; Maximum amount of memory a script may consume (128MB)

that may be too low, keeping in mind that this system is limited in resources…

Maintenance
It has been a few days ago that the maintenance jib has run. No surprises:
PMAS statistics for May
Total messages    :   1026 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :     88 =   8.5 o/o (Files: 31)
Accepted by PMAS  :    938 =  91.4 o/o (Files: 31)
  Handled by explicit rule
         Rejected :    387 =  41.2 o/o (processed),  37.7 o/o (all)
         Accepted :    197 =  21.0 o/o (processed),  19.2 o/o (all)
  Handled by content
        Discarded :    152 =  16.2 o/o (processed),  14.8 o/o (all)
     Quarantained :    185 =  19.7 o/o (processed),  18.0 o/o (all)
        Delivered :     17 =   1.8 o/o (processed),   1.6 o/o (all)

The number of relay attempts has been minimal this month: No file exceeded 10 blocks; there have been some, of course, but only three files were large enough (over 2K in size) to be examined: mail was sent from addresses 173.254.223.72 , |185.60.229.89 and 5.79.68.231; faked senders, no doubt, since From: was either empty, a (non-existing) user from grootersnet.nl (and I do know my users, and my address :)) of admin from a site that is not related to the address it is sent from.

Posted on

05-May-2015

Maintenance
Nothing weird – of course.
But since the Vigor router has been replaced by the ‘official’ router supplied by my ISP, it may cause extra spam and extra ‘bad traffic’. So extra attention to be paid to all logfiles.
PMAS statistics for April
Total messages    :   2311 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   1540 =  66.6 o/o (Files: 30)
Accepted by PMAS  :    771 =  33.3 o/o (Files: 30)
  Handled by explicit rule
         Rejected :    190 =  24.6 o/o (processed),   8.2 o/o (all)
         Accepted :    211 =  27.3 o/o (processed),   9.1 o/o (all)
  Handled by content
        Discarded :    128 =  16.6 o/o (processed),   5.5 o/o (all)
     Quarantained :    206 =  26.7 o/o (processed),   8.9 o/o (all)
        Delivered :     36 =   4.6 o/o (processed),   1.5 o/o (all)
Not bad indeed – except for the number of relay attempts; and these come from a (Chinese) site that I locked out for accessing the network. There were just a few others’, but the rest was of one user, most from domain sina.com but from different addresses, on one day from 163.com”. The next lines show the first and last of that day – and the number of entries from this user:
13-APR-2015 12:07:58.91|R|122.13.2.195|losw@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@s♦
...
13-APR-2015 12:52:20.59|R|122.13.2.195|cgruh@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@♦
205

19-APR-2015 16:27:30.33|R|58.251.146.197|xwu@grootersnet.nl|xiaonanzi11162@163.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@1♦
...
19-APR-2015 16:49:39.85|R|58.251.146.197|mrva@grootersnet.nl|xiaonanzi11162@163.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@♦
216

23-APR-2015 00:42:01.74|R|114.112.190.22|test@82.161.236.244|mtyndallo@yahoo.com.tw|550 5.7.1 Relaying not allowed: mtyndallo@yahoo♦
23-APR-2015 15:15:52.57|R|91.236.75.224|smtp2001soho@yahoo.com|rk85r@freemailhost.ru|550 5.7.1 Relaying not allowed: rk85r@freemail♦
23-APR-2015 22:34:53.54|R|157.255.16.36|wadfil@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi1116♦
...
23-APR-2015 23:58:35.65|R|157.255.16.36|wacehl@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi1116♦
806

24-APR-2015 00:04:02.21|R|157.255.16.36|ior@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@s♦
...
24-APR-2015 00:36:58.43|R|157.255.16.36|twycf@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162♦
271

13-APR-2015 and 14-APR-2015 are adjacent|, so the session started 13-Apr-2015 just after 22:34 and continued to 00:36 the next day. Over a 1000 attempts that failed…
DNS trouble?
There was another thing that was different with the router: From the start, I had port 53 opened – I cannot recall why – and I never had any problem, accept that occasionally. the DNS server, or the resolver, tries to send out a 20-byte UDP-package to some other system. This is blocked by the router as a [teardrop] DDos attempt so it won’t get out.
After the router had been installed for a day or so, this started again and more often than before. Now I got a message from my ISP that something was wrong: It could cause my DNS server to act like an open DNS server that could get involved in an DDOS attack.
This is weird. Since my DNS server will only handle internal addresses, and the resolver doesn’t get onto the Internet, instead requests the router to handle the request – and that will forward the request to the DNS servers of my ISP – as is setup in the handshake between the access points.
Apparently, my DNS server could receive requests from anywhere and loop back. So now port 53 has been closed – and from that moment on, I don’t get these messages any more. I’ll scrutinize the logs for some time, and add all requestors on the blacklist.
PHP and WP update
WAY overdue, I know. but updating this version won’t work. probably. So I’ll take another approach: Start a new blog, with the latest software versions of PHP and WP, probably database as well (MariaDB, a branch from MySQL that seems to be more stable and more reliable). If possible, this content will be imported directly, or I will have to do some work to get it into the new database. Well, if the structures are compatible, I may use the current database as well…

Posted on

01-Apr-2015

No surprises
No jokes either: The monthly maintenancejob revealed nothing special. Mail is fine as it is for months now:
PMAS statistics for March
Total messages    :   5091 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   3933 =  77.2 o/o (Files: 31)
Accepted by PMAS  :   1158 =  22.7 o/o (Files: 31)
  Handled by explicit rule
         Rejected :    363 =  31.3 o/o (processed),   7.1 o/o (all)
         Accepted :    226 =  19.5 o/o processed),   4.4 o/o (all)
  Handled by content
        Discarded :    177 =  15.2 o/o (processed),   3.4 o/o (all)
     Quarantained :    193 =  16.6 o/o (processed),   3.7 o/o (all)
        Delivered :    199 =  17.1 o/o (processed),   3.9 o/o (all)

though Chinamen keep trying to relay when it is not allowed:

ANTIRELAY.-2015-03-05 1450 between 21:25-23:59 (from sina.com)
ANTIRELAY.-2015-03-06  335 between 00:00-00:36 (from sina.com)
ANTIRELAY.-2015-03-15 1680 between 04:54-07:55 (from 163.com)
ANTIRELAY.-2015-03-17  115 between 09:00-10:44 (from 126.com)

Just one “user” nllxiaonanzi111620 from these domains. Probably all forged, sent by a script or program on a server in this domain. I blocked 163.com already but they may use other ranges as well that are not blocked…

To be investigated – if time permitted, but my jobs takes far too much time, even in evenings and weekends (if anyone has another job (preferably in the VMS arena, drop me a line. I’m willing to move)

I have some testing to do for eCube: their Eclipse plugin for programming on OpenVMS from a Intel system (Windows or Linux) but there hardly is any possibility, timewise…