Maintenance
No suprises.
PMAS statistics for January
Total messages : 4578 = 100.0 o/o
DNS Blacklisted : 677 = 14.7 o/o (Files: 31)
Relay attempts : 155 = 3.3 o/o (Files: 31)
Accepted by PMAS : 3746 = 81.8 o/o (Files: 31)
Handled by explicit rule
Rejected : 3101 = 82.7 o/o (processed), 67.7 o/o (all)
Accepted : 304 = 8.1 o/o (processed), 6.6 o/o (all)
Handled by content
Discarded : 87 = 2.3 o/o (processed), 1.9 o/o (all)
Quarantained : 203 = 5.4 o/o (processed), 4.4 o/o (all)
Delivered : 51 = 1.3 o/o (processed), 1.1 o/o (all)
Just that on 01-Jan-2013, there have been 146 relay attempts where From: and To: were al the same, but the sender address was different. I guess the sender and recipient addresses have been forged; “test@live.com” would reside on one domain, not a bunch of seemingly random addresses :), every 5 – 6 minutes all day long…
Since it is a new year, all 2012 data have been consolidated.
New ISP connection works, but…
I started with a Fritz!Box 3790 that was delivered by the ISP, but that does not have facilities to block addresses or networks, nor does it log the connections made, both incoming and outgoing.
But it does set up both an IPv4 and IPv6 connection.
The disadvantages however outweigh the advantages, so I bought a Draytek Vigor 2920Vn – the successor of the previously used Vigor 2910VGi – which doesn’t support IPv6.
Connecting the box to the ISP was no problem at all, as far as IPv4 is involved, but the IPv6 connection is not created, though I have set up the router according the requirements: DHCPv6_PD. But where the Fritz!box doen’t need anything special, the Draytek requests a IAID – Identity Authentication ID. Like the standard puts it: “A number, specified by the client, that must be consistent for this connection”.
Interpreted as : I can set up that number, and it can be any, as long as it is used each time the connection should be set up”. That raises a question: What number – if any – has been specified by the Fritz!Box and where does it come from? I did save the configuration, and it is a readable file; however, it doesn’t mention anything like such an ID.
I have contacted Draytek support, the only thing still to try: change the MAC address the the one of the Fritz!Box – but I doubt that would be the solution since, IFAIK, IPv6 doesn’t use these hardware addresses for assigning IP addresses (what use would an IAID have). But it’s worth a try….
Another possibility is to switch down the connection – including the modem- for at least one hour, preferably longer. Who knows it would trigger the DCHPv6 server to allow a new IAID.
I could also try to figure out what the Fritz!Box is generating, it could well be it uses it’s MAC address to create an IAID. Since this address cannot be changed in that router (at least, I didn’t see a possibility to do that) it could well be that this is the base fro the ID to request an IPv6 prefix. I’ll have to ask the manufacturer…
Apart from this: the telephone connection works, the explanation of the ISP site on this matter is very clear and easy to follow – better than the IPv6 figures – which is VERY BASIC indeed. After I followed the instructions, the phones worked. For the moment only outgoing, because the numbers are not yeat assigned since they have been de-activated by the previous ISP when the connection was dropped – by mistake. Next Monday, all should work as intended, incoming as well.
Two more weeks (!) before IPTV is present.
Don’t ask me why these two actions cannot be done in parallel. It’s the administration at the ISP that can handle one request at a time.
WASD + PHP + WordPress
On the testbed, there is a problem with WordPress under WASD. On the main system (Diana), this parameter is 4 times as high, and I’m still using an older version that doesn’t redirect as much as the newer one. So I never ran into the problem. Nor does UMA – the biggest WASD user in the world, where a lot of PHP code is handled by a few permanent worker processes – including WordPress. Why don’t they have this problem ???
It’s not a matter of mapping, I got that right with some advise from Mark Daniel, but for some reason, the workerprocess that runs PHPWASD (the wrapper around PHPSHR) stops because of an IO error on a file – that has been opened several times before. I already found out that system parameter CHANNELCNT may play a role here, because at that moment, the process has 512 channels open – the default value – and channel 513 will fail. SWS however doesn’t have this problem, and I think I know why: WordPress replies with status 301 several times (Redirected) and the worker process, running MOD_PHP (SWS’s wrapper around PHPSHR), will either end, or clear it’s environment, freeing all channels; de redirection is then passed to either the same, or another process (and that is what I have observed), so there will never be an accumulation of open channels. WASD on the other hand, will pass the REDIRECT to the worker process that returned the 301-status – with all channels still open (since the process wasn’t stopped) – and the new request will not re-initiate (closing all open channels), nor re-use channels already open. Instead, it will start from scratch, leaving open channels as they are – which in the end will lead to exhaustion of CHANNELCNT.
This is however, still more speculation that proven. I still have to prove it, the problem however is that these processes will die after some time, so there is too little time to dig into the process…I did have a course on crash dump analysis a few years ago, so that shouldn’t be too much of a problem. But 6 years – without regular exercise – requires a refreshment of knowledge, and I knew I had the documentation somewhere….But I found it, and know I’m able to look into the process – hopefully.
UMA would look on their systems why it doesn’t happen there – but I didn’t hear from them since they had other, urgent matters on their hands….
What goes on behind the doors of the (private) data center