Thread: pgsql-committers list is misconfigured
Hi, Again a message to pgsql-committers went unsent. Bruce committed changes to several README files, and I didn't get the email and it's not on the archives either: http://archives.postgresql.org/pgsql-committers/2008-03/ (I guess it's somewhere on Maia's queue.) For example see rev 1.5 here: http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/access/gin/README Also, I sent an email with a fake @pgfoundry.org address this morning, and it passed without requiring moderator approval. Also, I added a X-No-Archive header to avoid having the test message appearing on the archives, but to no effect -- the message is there all right: http://archives.postgresql.org/pgsql-committers/2008-03/msg00393.php I think the idea here is that any pgfoundry.org address passes through unmolested to allow the pgfoundry projects to publish their changes to pgsql-committers. I think this is a mistake, and others have vouched against this idea too (most notably Peter Eisentraut.) Finally, and what prompted this test message, was the fact that Heikki committed a patch this morning and his message got stuck in the moderation queue. I wonder how smart it is to be letting @pgfoundry.org mails unchecked, but have @postgresql.org addresses filtered ... ?? -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support
On Thu, Mar 20, 2008 at 7:25 PM, Alvaro Herrera <alvherre@commandprompt.com> wrote: > Also, I sent an email with a fake @pgfoundry.org address this morning, > and it passed without requiring moderator approval. Also, I added a > X-No-Archive header to avoid having the test message appearing on the > archives, but to no effect -- the message is there all right: > http://archives.postgresql.org/pgsql-committers/2008-03/msg00393.php I'm not sure that we actually honour that header. > I think the idea here is that any pgfoundry.org address passes through > unmolested to allow the pgfoundry projects to publish their changes to > pgsql-committers. I think this is a mistake, and others have vouched > against this idea too (most notably Peter Eisentraut.) No, this is entirely intentional. > Finally, and what prompted this test message, was the fact that Heikki > committed a patch this morning and his message got stuck in the > moderation queue. I wonder how smart it is to be letting @pgfoundry.org > mails unchecked, but have @postgresql.org addresses filtered ... ?? We only add postgresql.org addresses very occasionally, but pgFoundry committers may be added much more frequently and without our knowledge. -- Dave Page EnterpriseDB UK Ltd: http://www.enterprisedb.com PostgreSQL UK 2008 Conference: http://www.postgresql.org.uk
Alvaro Herrera wrote: > Hi, > > Again a message to pgsql-committers went unsent. Bruce committed > changes to several README files, and I didn't get the email and it's not > on the archives either: > http://archives.postgresql.org/pgsql-committers/2008-03/ > (I guess it's somewhere on Maia's queue.) For example see rev 1.5 here: > http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/access/gin/README It has come through here, I think. But the list server has had major issues today, so commit mails have been backing up for a *long* time on the cvs server. > Also, I sent an email with a fake @pgfoundry.org address this morning, > and it passed without requiring moderator approval.> Also, I added a > X-No-Archive header to avoid having the test message appearing on the > archives, but to no effect -- the message is there all right: > http://archives.postgresql.org/pgsql-committers/2008-03/msg00393.php Not sure if majordomo is supposed to listen to that header. Are we sure it is? > I think the idea here is that any pgfoundry.org address passes through > unmolested to allow the pgfoundry projects to publish their changes to > pgsql-committers. I think this is a mistake, and others have vouched > against this idea too (most notably Peter Eisentraut.) Yes, I believe that's the idea. > Finally, and what prompted this test message, was the fact that Heikki > committed a patch this morning and his message got stuck in the > moderation queue. I wonder how smart it is to be letting @pgfoundry.org > mails unchecked, but have @postgresql.org addresses filtered ... ?? Generally, the first mail from a new committer is approved and at that time it's whitelisted as well, IIRC. Which could certainly be applied to pgfoundry commits as well, as long as the moderators don't mind dealing with it. //Magnus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Thursday, March 20, 2008 22:33:25 +0100 Magnus Hagander <magnus@hagander.net> wrote: > It has come through here, I think. But the list server has had major issues > today, so commit mails have been backing up for a *long* time on the cvs > server. had an issue with an IP being DOS'd ... took a bit to isolate and have the upstream block it ... Does anyone know of anything that can be run on an interface that would show 'unusual traffic' to a specific IP? I was able to easily login to all the servers remotely, so running such would be a piece of cake, just need some sort of tool that I can start up to listen generate a report, similar to top maybe, on 'most busy' IP? - -- Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFH4vbn4QvfyHIvDvMRAvu7AKDlXIv9sa84JSC73vtOKJm1zYZ+/QCgkkxa ItbDMxJJVQx0OTLy6tgOJFI= =gbA2 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Mar 2008 20:44:39 -0300 "Marc G. Fournier" <scrappy@hub.org> wrote: > > Does anyone know of anything that can be run on an interface that > would show 'unusual traffic' to a specific IP? tcpdump? Joshua D. Drake - -- The PostgreSQL Company since 1997: http://www.commandprompt.com/ PostgreSQL Community Conference: http://www.postgresqlconference.org/ United States PostgreSQL Association: http://www.postgresql.us/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH4vtfATb/zqfZUUQRAiCRAJ9VYDu64dd9VQQVcVBW3bSwpxEkQwCgozj1 LTEI07HPkjbX27M52HgkXV4= =p3Ht -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Thursday, March 20, 2008 17:03:39 -0700 "Joshua D. Drake" <jd@commandprompt.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 20 Mar 2008 20:44:39 -0300 > "Marc G. Fournier" <scrappy@hub.org> wrote: > >> >> Does anyone know of anything that can be run on an interface that >> would show 'unusual traffic' to a specific IP? > > tcpdump? Is there a top-like switch for that that I haven't found? - -- Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFH4vy24QvfyHIvDvMRAh07AKDngWd2aeF+MLffi2stlxCdWUtfTACg5Fjl ObtJMQUXru9r7IcbgRq49VQ= =NPfl -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Mar 2008 21:09:26 -0300 "Marc G. Fournier" <scrappy@hub.org> wrote: > > tcpdump? > > Is there a top-like switch for that that I haven't found? Hmmm I don't think so, you would probably have to pipe and grep. Joshua D. Drake - -- The PostgreSQL Company since 1997: http://www.commandprompt.com/ PostgreSQL Community Conference: http://www.postgresqlconference.org/ United States PostgreSQL Association: http://www.postgresql.us/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH4v2VATb/zqfZUUQRAgDwAJ9S8deJvyw0+8Xgk5Q5PC3PE51P4wCfVx7d TNKdUtcM5dfat5cBxvDdfVw= =ykrG -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm using ipaudit right now, which does a reasonable job of dumping the data, but its at least a half hour out before I really know if a change I've made is having the desired effect ... would really like to find something more 'real time' for dealing with identifying a DOS recipient ... Is there anything I can do with a Cisco switch for this, maybe? Something more granular then mrtg? - --On Thursday, March 20, 2008 17:13:09 -0700 "Joshua D. Drake" <jd@commandprompt.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 20 Mar 2008 21:09:26 -0300 > "Marc G. Fournier" <scrappy@hub.org> wrote: > > >> > tcpdump? >> >> Is there a top-like switch for that that I haven't found? > > Hmmm I don't think so, you would probably have to pipe and grep. > > Joshua D. Drake > > > - -- > The PostgreSQL Company since 1997: http://www.commandprompt.com/ > PostgreSQL Community Conference: http://www.postgresqlconference.org/ > United States PostgreSQL Association: http://www.postgresql.us/ > Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFH4v2VATb/zqfZUUQRAgDwAJ9S8deJvyw0+8Xgk5Q5PC3PE51P4wCfVx7d > TNKdUtcM5dfat5cBxvDdfVw= > =ykrG > -----END PGP SIGNATURE----- - -- Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFH4v8n4QvfyHIvDvMRAs8dAKCWU+niNwqPOu/KacZhdV+8jZEyJgCg23bp fJvZCz5+oacE4IjftBRT5kc= =FBtg -----END PGP SIGNATURE-----
Marc G. Fournier wrote: > Does anyone know of anything that can be run on an interface that would show > 'unusual traffic' to a specific IP? I was able to easily login to all the > servers remotely, so running such would be a piece of cake, just need some sort > of tool that I can start up to listen generate a report, similar to top maybe, > on 'most busy' IP? ntop perhaps? -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Mar 2008 21:19:51 -0300 "Marc G. Fournier" <scrappy@hub.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I'm using ipaudit right now, which does a reasonable job of dumping > the data, but its at least a half hour out before I really know if a > change I've made is having the desired effect ... would really like > to find something more 'real time' for dealing with identifying a DOS > recipient ... > > Is there anything I can do with a Cisco switch for this, maybe? > Something more granular then mrtg? Hmmm Cisco is a long time from my memory. I know with Linux you can tell iptables to say, "If X IP initiates Y packets within Z time, block!" Which is essentially what a DOS is. I am sure Cisco can do the same thing but it would be out of my expertise to tell you how. Sincerely, Joshua D. Drake - -- The PostgreSQL Company since 1997: http://www.commandprompt.com/ PostgreSQL Community Conference: http://www.postgresqlconference.org/ United States PostgreSQL Association: http://www.postgresql.us/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH42TKATb/zqfZUUQRAisaAJ455RTWEC2E6MpcEvlIJwHujmUvtQCfS+Yo 4JgZXiRF4IBeOzduPLAPfwM= =Hgat -----END PGP SIGNATURE-----
Marc G. Fournier wrote: > > I'm using ipaudit right now, which does a reasonable job of dumping the data, > but its at least a half hour out before I really know if a change I've made is > having the desired effect ... would really like to find something more 'real > time' for dealing with identifying a DOS recipient ... > > Is there anything I can do with a Cisco switch for this, maybe? Something more > granular then mrtg? If you have a "decent size" cisco switch, you can use netflow. But you still need a piece of software to analyze it. There are a lot of other trafic control "appliances" out there, but they're pretty expensive... It's not all unusual that this service is provided datacenter-wide by the ISP - but I assume you've checked with them? //Magnus
On Thu, Mar 20, 2008 at 08:44:39PM -0300, Marc G. Fournier wrote: > Does anyone know of anything that can be run on an interface that would show > 'unusual traffic' to a specific IP? I was able to easily login to all the > servers remotely, so running such would be a piece of cake, just need some sort > of tool that I can start up to listen generate a report, similar to top maybe, > on 'most busy' IP? iptraf. depesz -- quicksil1er: "postgres is excellent, but like any DB it requires a highly paid DBA. here's my CV!" :) http://www.depesz.com/ - blog dla ciebie (i moje CV)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Friday, March 21, 2008 09:52:31 +0100 Magnus Hagander <magnus@hagander.net> wrote: > There are a lot of other trafic control "appliances" out there, but they're > pretty expensive... It's not all unusual that this service is provided > datacenter-wide by the ISP - but I assume you've checked with them? I have a good relationship with the VP of Tech, but he's on holidays until April 1st ... will broach this with him when he gets back ... I don't know near enough about Cisco, but assuming they have a Cisco router, is there software like iptables (that JD referred to) that can be run on / beside it to do the auto-blockage as he described? URLs / pointers appreciated ... - -- Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFH47L94QvfyHIvDvMRAqzlAKCXwEpfJ7GXcDMK02DXvah9QwlkwgCdFbYx osrA5r+h8HG8MLSL5WUv6Bw= =oJzC -----END PGP SIGNATURE-----