Andy Hilker
ah@cryptobank.de
Tue Jun 1 19:05:29 UTC 2004
> Consider the situation. You make a change outside the DCC code and > something stops working. Where is the best place to look for the > cause of the problem, in the DCC code or in the outside change? Outside DCC, where the change happened. But now i think it is not a jail problem, because now i have some similar behaviour on other real servers. I tried a fresh install on another (real) host, maximum of 4 servers are working. Requests for only 4 servers are sent out. And again, by placing an arbitrary server on top (or the first ... entries) in map.txt, doing # rm map; cdcc "load map.txt" i could get nearly every server working. But manually adding 12 working servers only 1, 4, 9 or 10 servers are declared as working. There seems to be a max # of servers per host. Very very strange, i know this :) I see DNS requests and response for all dcc1-5 servers. But 6277 requests only for the # of working servers. Is there a possibility to debug, to which servers cdcc tries to send out requests? And if no query, why not? I do not understand why hosts at the same switch, with nearly the same configuration all have different maximum # of servers. > A lot of stuff sold as "security" is snake oil. Many other security > mechanisms are not worthwhile. Good security does not involve doing > whatever can be done, but consists of measured responses against > coherent and specific threat models. I know this, thanks :) > What threat model requires running your MTA inside a jail? I do not running jails for security reasons (ok, for security, too, but...). Jails are not comparable with chroots. Jails are nearly virtual systems partitioning the host system. The server hosts many virtual Systems with shell accounts, web servers, ... customers are isolated from each other. Jails could be useful for administrating, too (in my opionion).
More information about the DCC
mailing list
