The Life of a Sysadmin

So update time on the not-so-new-anymore mail server.

SpamAssassin has been working out just ducky. I had the threshold set to 14, then 10, and I just lowered it to 9 yesterday. I'm keeping an eye on it as I go, because there are legitimate messages (mainly newsletters from Real Companies[tm]) that piss off SA -- "click here to unsubscribe", "you're getting this because", etc. -- and we need to whitelist 'em as we find 'em. Only, w/tens of thousands of messages being caught every day, that's a lot to look through...so it's taking a while.

As far as stats go, at threshold 10 we caught ~ 28k messages in 24 hours. In the 14 hours since I lowered it to 9, we've caught ~ 35k. Fuck me...

We've had one weird hardware problem. At 4am on Saturday morning I got a page (ugh) saying that the server was down. Tried pinging it, and yup, no response. I put our backup mail server on the front end and went back to sleep.

In the morning I went to check it out, and it seemed to be just frozen. Last log message sez:

xl0: watchdog timeout

WTF? Rebooted, saw a lot of "Stray IRQ" messages, and it seemed happy. Put it back on the front end, but let the backup server stay there too.

Dave the SysAdmin found this message on the FreeBSD mailing lists. It suggested that the problem might be because of a couple PCI slots sharing an IRQ; when the guy moved his network card to a slot that didn't share an IRQ, the problem went away. I checked the manual for the mobo (Gigabyte VR7XP), and it looks like the slot the card was in didn't share an IRQ. However, I took a few minutes, shut down the machine, and moved the card (3Com fill-in-the-blank-here) over a slot anyway.

While I was there, I checked out the BIOS and found something moderately interesting: APM was turned off, but in the options it had different IRQs it could wake upon. One of the four that were turned on was IRQ 7, which was the stray one that the box had been complaining about. I turned 'em all off. Bad me for not turning off all that in the first place.

It's held up fine after that last reboot, and now it's the only one on the front-end again. (Good thing, too; the backup mail server doesn't have SA installed, as it's also a webmail + web server.)

Original entry.

Just for fun, a couple days ago I added a link to the index page of my website to a hidden page. On that page was a mailto: link with a throwaway address for my domain. I wanted to see how quickly it would get picked up, and how quickly I would get spam for it.

Well, the first bit has happened. I created the page at 6.41am local time on November 19; at 2.07pm that same day, it was spidered, then again at 2.40am this morning (Nov. 21).

The first spidering appears to have been done by [Thunderstone|http://www.thunderstone.com/], so I don't think there's too much to worry about there. I'll have to set up a robots.txt file to keep the nice spiders out. The second, however, is from a NY ISP, so I'm guessing something will come of that.

It would be interesting to figure out the average time-to-live of a published email address: how long it can be on a webpage before it gets spammed (and will therefore be spammed unto the end of time, yea, and beyond). This would be like Lance Spitzer's research into the TTL of an unpatched Win98 system on the Internet (Dammit -- all I could find was [this link|http://amsterdam.nettime.org/Lists-Archives/nettime-l-0106/msg00126.html], but I know I've seen the original paper somewhere...), or the idea of mailpings mentioned in this excellent book (track email delivery time to a given address to monitor performance/health).

Original entry

Writing this on RH8.0. And oh, the difference.

I started using Unix five years ago with Slackware when I bought my first computer (486, oh yeah) over the Internet (I had been thinking about Win9x but was worried about viruses); moved to Debian after reading CmdrTaco's raves; moved to FreeBSD after getting a job at an ISP that used (uses) FreeBSD pretty much exclusively; and now I've downloaded all five ISOs of RedHat 8.0, and I'm going to do my best to use it exclusively, at least at home.

I'm doing this because I'd like to take the RHCE exam. I've read about it, and it seems like a really good qualification -- I'm particularly taken w/the hands-on exam. As far as job qualifications go, I've got a fair amount of experience (enough to get me a junior position, if I had to look), but no certification; as I want a job as a sysadmin, this seems a bit of a lack. Becoming an RHCE seems the best way to fill that gap.

I must admit, I've forgotten what it's like not to have the packaging system do the thinking for you. One of the big reasons I moved to Debian was for the ease of installing new programs; I was sick to death of downloading a cool program, only to find that it depended on six separate libraries, each of which had four separate dependencies. It's such a thrill to just apt-get install foo or cd /usr/ports/devel/foo && make install distclean and then walk away. Trying to do that sort of thinking again is like...I don't know, forgetting how to walk and having to do the math by hand.

For example, I tried to install IceWM over the last couple of nights, and I couldn't get it to work. It depended on libdb3-1, but using RPMFind and FreshRPMs.net I was only able to find 3.3. Maybe not a show-stopper -- I didn't try forcing the installion and seeing -- but I didn't want to risk it; the current install is about the fourth in as many weeks (don't install Linux after !}fmt FreeBSD after Linux, kids!), and I didn't want to bother w/YARI. I gave up in the end, compiled from source (which, while surely part of The Linux Way doesn't seem to be part of The Reddat Way. Got it installed no problem, but then came the problem of how to start it up.

I went through a fairly default install of RH8.0, including selecting Gnome for a default environment (though installing KDE as well). That meant the default runlevel was 5, and so GDM started up. I found /etc/sysconfig/desktop, but setting DESKTOP to icewm or /usr/local/bin/icewm just didn't work. I gave up -- I was getting sick and tired of a) GNOME not working w/a home directory mounted over NFS (grr) and b) KDE trying to grab URLS whenever I highlighted something and c) both environments slowness (I've got a 450MHz celeron, 384MB ram, and d) both steal too many cycles for my liking) and lack of a terminal screen in easy and close and prominent proximity -- and set runlevel to 3. I rebooted, changed .xinitrc, typed startx and breathed a sign of relief. Cheating, sure, but I'd really like to have a working desktop before the year is out.

So now I get to learn about rpm. And hopefully I can put RHCE after my name (no, not really) within a year or so. That'd be nice.

Original entry.