Steam on debian stable 64bit

Carol Beer little britain says computer said no

I changed my distro from testing to debian stable [jesse] (my blog) some months later i decide to reinstall steam (my blog) and find that i cannot make the dependencies

It appears i will not be installing steam without enabling i386 architecture support.

Argh! it is installable just a pain to install although something features are yet to make it into linux.  More on steam in the future.

mailgraph and logwatch reporting curiosities with postmulti and some regex’es for fun.

The zoo’s mailgraph charts are not working and i have mentioned it before (my blog).

So after changing our /etc/postfix instance (we have more better instances) for a new feature to allow outbound internet mail to be sent to an address the charts began to show only that traffic.  Bounces too also appear to work (not shown).

Spam and viruses as defined by amavis do work but the received email from those other postfix instances is still not being recognised even with explicit syslog statements in the file.

So something is off

Reading the charts could give you the impression that despite receiving email that the chart does not graph bur we appear send out spam and viruses and blocked,  The bounces where something i induced and could have been dmarc related too as many dmarc reporters have problems clearing there gmail inbox..

It is a good reminder that badly made statistics may look interesting but do not reflect reality.

The logwatch config files /usr/share/logwatch/default.conf/services/postfix.conf are written as perl and at this point are beyond my comprehension

*OnlyService = “(?:post(?:fix|grey|fwd|fix-1|fix2|fix-0|fix-3|policyd-spf)(?:/[-\w]*)?”
$postfix_Syslog_Name = “(?:post(?:fix|grey|fwd)|policyd-spf)”
# POSTMULTI NOT WORK *OnlyService = “postfix\d?/[-a-zA-Z\d]*”
#$postfix_Syslog_Name = “postfix\d?”

My changes are in bold. That does not work.. /etc/postfix-1 etc is how postmulti expects its managed instances to be located (my blog).

A few days pass and with the help of a pcre debuger [] i find that

$postfix_Syslog_Name = “postfix/[\w]*”
*OnlyService = “(:postfix-1/|postfix-2/|postfix-3/|postfix-4/|policyd-spf|postfix/|post-grey|post-fwd)(?:[-\w]*)?”

Provides output from postmulti instances as well as the /etc/postfix daemon.  I might not need that last postfix on the third line but completist me me thought it worth specifying.

post-fwd and post-grey are not used here in the zoo we use postscreen  The spf log part of the the section is a little unwieldy but that always was and i could turn it off,

I find with postmulti reporting that “postfix/lmtp” is best stated as “lmtp” if grepping unless you want to add extra grep lines to your cron jobs.

So charts are still a bit messed up.   Not the end of the world although i have cron jobs that grep for connections and sasl abusers so between the broken things and our existing zoo cron jobs we keep on top on what postfix is having to deal with.

A work in progress mailgraph.requires that the /usr/sbin/mailgraph file be changed for postmulti.

I seemed ho have some luck and you can see the switch on since the data before was sent from a non internet postfix host denoted by green and red suddenly appearing.

I changed the line for postfix (a regex again) from

if($prog =~ /^postfix\/(.*)/) {


if($prog =~ /:postfix|postfix-1\/(.*)|postfix-2\/(.*)|postfix-3\/(.*)|postfix-4\/(.*)/) {

Which is not very maintainable and a bit of a bodge job but gets the regex working for more than one instance..  If that reflects reality or not i will have to check with logwatch reporting although with postfix dropping more bad connections earlier (my blog) feels right so the charts now ignore a large quantity of data of bad smtp clients say.

106 Reject by IP --------
 3 unknown
 3 unknown

So mailgraph and postfix seem now not count certain items compared to before the upgrade.  So that regex might see an edit.

Mailgraph was and then was not working i was unsure of my efforts – another regex to adjust

I eventually found


Appears to show green / blue and red posfix lines

Fail2ban also seems to need some help – although it seems it will not trip with rate throttling controls in my experience although the odd prober does try an extract from logwatch.

10 AUTH command rate
1 Connection rate

Perhaps fail2ban’s postfix jails are redundant with the rate limiting feature in newer postfix. Not that fail2ban tripped that often with our non postmulti config.

As most of our email traffic is using tls (dane – my blog) (or trying to) i somehow think mailgraphs use out of the box does not reflect reality with the rate controls, bad clients getting ignore and tls traffic not shown so i suppose this graph shows genuine email traffic rather than all port 25 attempts..

Is sogo opensource ?

I have a small interest in supporting one mobile phone via some kind of webmail and Sogo (my blog) is your horse for that. Alas in Jessie i was i386, no joy there. In Stretch (debian) things went amd64 bit and to my surprise i found a deb that could install.  It felt too easy but….

Having found most of the config files i then wondered about the database schema and found no files to create the sogo tables*.

Sisyphus is still a role model

There do exist update files for schema for crap mysql and the amazing postgres

ls so/sql*

But how can i adjust nothing to something ?  eg

echo “Step 1 – Converting c_content from VARCHAR to TEXT in table sogo_folder_info” >&2
tables=`psql -t -U $username -h $hostname $database -c “select split_part(c_location, ‘/’, 5) from $indextable;”`

for table in $tables;

So my adventure in Sogo came to an abrupt halt.

It appears to be a compile job.  Close but not useable. Its good that open source still retains mystery to it.   After all it keeps me in daily blog posts. apt remove sogo.  Maybe the third install attempt will  be the one?

*i have other databases.


mod_defensible in Debian stetch

I have reported that it does not log.(my blog) although i thought it was working.

I noticed

LogLevel alert

added to the bottom of apache.conf rather than warn  – I never changed the apache config during the upgrade as apache2 came out of the experience pretty much working apart from defenisble.

Commenting it  meant the value of warn set way up in the file worked after a restart of the process.  So it still works and now logs.

Running debian stretch thoughts

As a server (my blog not as workstation (my blog)

The improvements first.

Postfix with postmulti

I had this ‘forced’ on me by systemd (my blog) not running the simple one instance that supposedly everybody else does and is ok with.  While i am still a bit newbish with the postfix command replacement it feels a better solution especially with logging which my older extra instances did not offer – as to what instance was doing.

There is no real config change but seems a more modern config despite that not changing and already having scripts that ise multiple postfix configs.

Postfix is a lot less tolerant of clients such as

connect from unknown[]

Who don’t do much but like to test things and despite our config from before denying such activity [ddos,spammers,clueless,bot nets] it feels as if they are discarded more quickly

Tls probers (waste of time clients) have sslv3 requests redirected to something more modern tls. Milters where odd to debug.  See the mailgraph heading below for a downside.


My manual method of signing zones still works – the daemon software in jessie i could not figure out – mostly because most people never used it or compiled a better version and never used the debian package being out of date.  It is something i might look at in the future

Signing zones currently takes a minute and is something i spend twelve minutes a year doing.

Not sure of and probably blame me department

cyrus imap

I am on the fence on this upgrade and feel the config still needs looking at despite working it seems a little no there et after i did seem to lose a lot of config commands to get it to work along with those bloody sockets i had to delete..

Hard to fix and runtime issues with solutions.


Appears to work but now does not log – kind of/maybe situation – apache says it wrote 403 errors, but the confirmation from before means i take one softwares fact as a unknown.

Hairy eyeball those emails from root to to get these – you did read them right ?.


Is not updating its png images, html updates with the date and time – think this is not a systemd thing once again not /etc/default or init.d issue.- not an urgent issue and might be something due to postmulti since spam is logged in the chart and the mail.log has stuff in it.

I get

Well it recorded the one spam

Which is not an accurate representation of activity – files do update but no postfix activity in charts.   Not working.i guess due to incompatible parsing of:

postfix-instancex/smtpd[*]: disconnect from unknown[]
 helo=1 auth=0/1 quit=1 commands=2/3

My theory anyhow


I had to adjust the cron job to get the more detailed report once again for stretch to reflect as jessie. not hard.


Has had a redesign  – we only used for port 25 scanning with amavis and now does not work with the old config.   With postfix improvements i might let this fall in to non use.

X Logout leaves running processes

Don’t ask me why but it does cache cleaner, and hplip and systemd seem unhappy with something.


Need –pkgmgr DPKG in cron.daily as extra parameters


I need

export TMPDIR
/usr/sbin/logrotate /etc/logrotate.conf
export TMPDIR

Or i get mail errors


Can now be ‘easily’ installed without’breaking’ i might be adding to the virus scanner which gets little cause for use with our mail config refusing bad content before it gets to a scanner.


reporting (my blog) command appears to now send reports from more than just the first reporting host who got on with it and did not complain.  I guess the atps and other dns lines might be deemed redundant.


The package maanager does ttry o do more than it should trying to restart things – an easy example yesterday apt upgraded apache2 documents and tried to add the module and failed when the conf file it tried to read did not exist where debian assumed it was.

So i had to restart apache.manually.

Overall not a disaster.   Something i might think as a good idea at some point but then again it as a server does a lot of jobs.I guess upgrading one server with one task would be less stressful.


I have decided to disable it since this shit software has done absolutely nothing for years except produce a weekly stack trace.

Traceback (most recent call last):
File “/usr/sbin/update-apt-xapian-index”, line 97, in <module>
if not indexer.setupIndexing(force=opts.force, system=opts.pkgfile is None):
File “/usr/lib/python2.7/dist-packages/axi/”, line 518, in setupIndexing
addon.obj.init(dict(values=self.values), self.progress)
File “/usr/share/apt-xapian-index/plugins/”, line 105, in init
self.indexers.append(Indexer(lang, file))
File “/usr/share/apt-xapian-index/plugins/”, line 41, in __init__
for pkg in deb822.Deb822.iter_paragraphs(open(file)):
File “/usr/lib/python2.7/dist-packages/debian/”, line 388, in iter_paragraphs
x = cls(iterable, fields, encoding=encoding)
File “/usr/lib/python2.7/dist-packages/debian/”, line 336, in __init__
self._internal_parser(sequence, fields)
File “/usr/lib/python2.7/dist-packages/debian/”, line 441, in _internal_parser
line = self._detect_encoding(line)
File “/usr/lib/python2.7/dist-packages/debian/”, line 217, in _detect_encoding
return value.decode(result[‘encoding’])
TypeError: decode() argument 1 must be string, not None
run-parts: /etc/cron.weekly/apt-xapian-index exited with return code 1

I may have mentioned it before once or maybe twice (my blog)

Anyhow that’s one piece of software that will not be bothering the zoo in debain stretch .

Debian Postfix v2 to v3 notes – including postmulti setup

Upgrading postfix configurations from Jessie to Stretch was ‘challenging‘  (my blog) it works but required manual startup rather than auto start on boot. Systemd being an annoyance and with the zoos config deemed bad or not as trendy as some newer configs i had to setup postmulti and learn systems syntax to auto start it

postfix upgrade-configuration resulted in these changes to already working postfix configurations (one per directory)

Upgrading Postfix

Editing /etc/postfix/, adding missing entry for postscreen TCP service
Editing /etc/postfix/, adding missing entry for smtpd unix-domain service
Editing /etc/postfix/, adding missing entry for dnsblog unix-domain service
Editing /etc/postfix/, adding missing entry for tlsproxy unix-domain service

Note: the following files or directories still exist but are no
longer part of Postfix:

/etc/postfix/postfix-script /etc/postfix/post-install

COMPATIBILITY: editing /etc/postfix/, setting
inet_protocols=ipv4. Specify inet_protocols explicitly if you want
to enable IPv6. In a future release

Version 2 issues

chroot issues your be doing a lot of as – does not mean n

submission inet n – – – – smtpd


submission inet n – n – – smtpd

I left my unrooted as i did not want to fight battles with sasl sockets and milters.

New features for v3

Quick Mail Queueing Protocol is i think something to do with 628 setting in that has been commented for years.  Quite what it does is still a mystery.


Meant copying directories and moving them as postmulti likes /etc/postfix-1 /etc/postfix-2  rather than /etc/postfix/1.  As an obliging ape did that inited the settings in /etc/postfix (different to postfix-1 etc) and imported with postmulti -I postfox1 -G mta

postmult works to start postmulti -p start|stop|reload|status

the systemd config changed on debian stretch to do it via group rather than the broken example in postfix@.service

i used a variant of

postmutli -g mta -p start

Rather than postmutli  -i %i -p eatbanana

I got friendly with postmulti first rather than wonder why the fuck systemd was doing what it was doing.

So it kind of works – i really should recreate my postfix config of over ten years but it is a lot of work and is spammer proof and a lot of other features that a new instance of postmutli mostly have.

The systemd file for changing is in bold – talk about hiding shit in systemd

systemctl status postfix
● postfix.service – Postfix Mail Transport Agent (instance )
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset:
Active: active (running) since x BST; x ago
Docs: man:postfix(1)
Process: 15310 ExecStop=/usr/sbin/postmulti -g mta -p stop (code=exited, status=0/SUCCESS)
Process: 15669 ExecStart=/usr/sbin/postmulti -g mta -p start (code=exited, status=0/SUCCESS)
Process: 15609 ExecStartPre=/usr/lib/postfix/ (code=exited, status=0/SUCCESS)
Main PID: 2255 (code=exited, status=0/SUCCESS)
Tasks: 14 (limit: 4915)
CGroup: /system.slice/postfix.service
├─15753 /usr/lib/postfix/sbin/master -w
├─15755 pickup -l -t fifo -u
├─15756 qmgr -l -t fifo -u
├─15836 /usr/lib/postfix/sbin/master -w
├─15837 pickup -l -t fifo -u
├─15838 qmgr -l -t fifo -u
├─15916 /usr/lib/postfix/sbin/master -w
├─15917 pickup -l -t fifo -u
├─15918 qmgr -l -t fifo -u
├─15996 /usr/lib/postfix/sbin/master -w
├─15997 pickup -l -t fifo -u
├─15998 qmgr -l -t fifo -u
├─16151 tlsmgr -l -t unix -u
└─16307 tlsmgr -l -t unix -u

Jul 11 11:03:01 mail2 postfix-x/smtpd[*]:

I managed to send mail to gmail and the existing config plus upgrades appears to sign and validate n dkim and spf.

Being bananas in the falklands some wit from systemd will probably overwrite my systemd posfix service file in the future just to make my life enjoyable as i am no expert with this limiting software and put it in the wrong place.

On a plus note i have a backup of my older postfix configs – who says systemd has good points*#

*this is called sarcasm

Further Debian Stretch as a server notes

rounding up the fairies

Following on from this (my blog) i continue my bug upgrade hunt.  Its not over.

I have mentioned many of these items before in this blog, it is not my job to tell you what they are.


Rkhunter say:

Warning: The command ‘/usr/bin/lwp-request’ has been replaced by a script: /usr/bin/lwp-request:
Perl script text executable

Might explain why perl did not exec via my ‘old’ cgi scripts as Jessie

Opendkim /Postfix

I ‘needed’ an extra line (also in /etc/default/opendkim)

PidFile /var/run/opendkim/

in opendkim.conf – mail was being sent without dkim

I appear to not have dkim signatures in outbound email., opendkim-testkey thinks its config is good  i think it might be easier to reconfigure postfix from scratch.  It is not milter_protocol= 6 and 2 does not work.  Um no idea.   Opendkim seems up but not connected.

Opendkim was not working. Eventually this clued (not here) me in that the openkim config files where fine but the systemd script was buggered

So if your config files are right but the daemon refuses to follow orders try this

edit /lib/systemd/system/opendkim.service

from this

Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey

ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/ -p local:/var/run/opendkim/opendkim.sock
ExecReload=/bin/kill -USR1 $MAINPID



Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey[Service]
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/ -p local:/var/run/opendkim/opendkim.sock -p inet:8891:localhost
ExecReload=/bin/kill -USR1 $MAINPID


run (as root)

  • systemctl daemon-reload
  • /etc/init.d/opendkim restart

I hate systemd – that caused me six days of bug hunting it is limiting

Postfix needs a blog post on its own.


I needed to re-enable it to start on boot oh the joys of systemd where init.d is thought as an unreliable forgetful moron and systemd knows best when clearly it is as fucked up (my blog)

It still did connect so it is a journey in systemd to fix (see opendkim magic above)

dmarc reports does not like interval and day together which appeared ok in Jessie

It is still a bit broken so nobody is being sent reports – not that many dmarc enabled domains who ‘specailise’ in just that really care about (my blog).  HistoryFile does not record data – why – no idea

-rw-rw-r– 1 opendmarc opendmarc 0 Jul 10 10:08 opendmarc.log

So a headscratcher. – and not something i can fix.

Postgres 9.4

I chowned a snakeoiil key – tested more cosmetic this than a issue which continues from Jessie..


Is a use full thing in my opinion although a little lacking in places moves from 7am to midnight for timing


Stops telling you if you do not have a specific spf record even though i have text records containing spf for the benefit of all the mostly retarded who run microsoft windows servers who have issues


Jury is out on if this is broken or the dns is bad. Or alternatively no rbl listed ip’s visited.

To fix

opendmarc loging, postfix startup, mod_defensible

Would i recommend the upgrade – at this point no.

Newer hp officejet printers weird setup on Linux

a printer image

The zoo’s hp officejet printer dating from 2007 died when it decided not to print 75% of the things it was asked to do of recent it made some cool grinding sounds indicating something or other. Unwillingly i opted for a newer model (under a hundred in incremental model versiion number) as a quick replacement of which several hours later i am still setting up.

Oddly though the setup was geared up for windows and mac users – no dont work, us linux folk had to use cups to setup basic printing. The printer does not come with a brick to power it just a cable from a plug which from a firm that love there power bricks is different hp power bricks can be a horrible quality.

When the printer is off it is ‘sealed’ inside whether that preserves the ink is a interesting question and an interesting view of a possible design defect solution from hp

The rest of the features like instant ink connecting to its wifi and andriod i gave up on as not important to start with after all printing from our linux pc’s is more important than that.I will come back to that

Hplip (the official linux driver from hp) does not support the printer (and does not show) despite cups getting the printer to do stuff. – is hplip err legacy ? no so i had to compile a newer version from source, ignore qt4 or it will never compile. Then hplip shows the printer that cups can see and scan things.

Perhaps as linux users do not want any more money from us special types ? and I have no idea how you change its default wifi password or join it to our wifi network until i figured out the touch screen with abc as one key and you have to touch the key twice to get a b – not explained in the paper manual but something i eventually figured out wth guessing.

The printer prints in duplex and adds yet another unopened rj11 cable to the zoo’s collection of unused rj11 cables and adaptors for the phone socket since nobody faxes any more.

The paper documentation is thoroughly shit but as long it lasts a long time i guess the zoo will remain happy.

Android printing does work although the eprint app seems very ‘cloudy’* and desiring of optional things not essential if in local range.

Instant ink is another guessing game from hp for us linux folk to figure out and a google link to another link told me that hplip has sod all to do instant ink and is handled by a website that never decide to mention  (i would love to be a mind reader) however within thirty minutes provided you cloud enabled your printer beforehand i had ink setup.  See how that goes in a future post.

hp printer with shit tls

The ink is not as exotic this time and easier to buy outright too.

I suppose i need to find a real manual.  Ho hum it is not to be found on the cdrom disk for macs and windows users.  Sigh. What are hp thinking ?

Despite not being on the disk it is a pdf very much for windows and mac users.  If your me then most of it is useless.

Something also to guess is setting a password for the printers ip address done via a browser with the user name ‘admin’ this feels ripe for to scan and abuse as is there way.

The tls needs an browser exception or no password set.

Five hours later and i think its setup, but not for google print cloud. Oh well.

*not in the sky but internet clouds

Debian jessie to stretch server upgrade notes

I did basic workstations here (my blog) and there (my blog) note the networking issues which is also pertinent to servers Some workstation issues of help discovered early on where

virtual box

Needs help form the incompetent fools at oracle (see wiki) as the kernel modules are now outside the remit of debian support – speaks volumes of oracle.whom generally turn most things into a disaster like java (my blog).- can you wean me off virtualbox with some other manager suggestions welcome in comments.


needs a grub config line and a TTYVTDisallocat=no in otherwise you have no idea if it works or not.when loading you get some messages but without systemd config you will know about a few things see the wiki to set up [not hard]

The server entailed lots of backups and copies of old data all over the place just in case thing go wrong.

Day 1:

After backups change your sources file to stretch, update and apt -f full-update..2784 packages later (3 hours) i had a debian stretch os installed, cannot really call it a server though as fail2ban, postfix, imap and apache barely work.

dns,postgresql and ssh kind of worked though

Sisyphus is still a role model

I think upgrading from i386 to i686 caused the zoo a lot of issues, apt autoremove did not help and i had to remove over a two hundred remains of jessie packages.via aptitude.

Apache2 – cant do cgi and my cgi files did work in jessie

Fail2ban – honestly no idea what is happening here, deinstalled it

Postfix – missing loading four other postfix instances

Opendmarc – is mia

Cyrus – the jump from 2.4 to 2.5 means foo becomes foo_bar – your config files need massive changes, need to reconstuct databases too.   if you know what a DBERROR db5 is then your doing better than i am

Good news printing (cups) works and networking [see above link] survived.  I considered that a win

Day 2

With a fresh pair of eyes, i ‘fix’ crappy virtual box and discover to my delight that the zoo’s cron jobs still work.   I need to remove that trash for something better that does a virtual memory space when i test things.

Cyrus Imap

Gets weirder and werieder

  • it listens on http port 8008.(REALLY)
  • mboxlist and deliver commands seem to be not used
  • sasl logins are from the twilight  zone

I got a paired down (brand new config) that kind of works although three zoo domains cannot open the mail.



goes to version three expect to use one of these (not here)  If like the zoo you have more than more postfix instance then your need systemd to start it as the init.d scipt is dancing with the faeries and now only loads /etc/postfix.


defaultseedonly becomes testonly – spf has to have some kind of issue and alert you about with debian upgrades or you never know your doing one.

Day 2 was kind of a success.  Even if the mail was flowing in via my actions rather than a systemd startup action and postfix and cyrus kind of work i think.

I began to feel that debain might work rather than simply tell me that estortic_command_lines may have changed.

Day 3:


Issues are caused by old sockets in cyrus.  Go to your imap mail store directory and the sockets directory and delere.  I did not have to delete *.db’s but even after a reconstruction its not explictly something advertised.   – I appear to be able to receive and process inbound mail

postfix systemd

With the magic of a console i started other instances of postfix and it appears to work my additional systemd scripts dont work one shows a bash shell and the others no bash shell – i hate systemd.- i might need postfix-multi but do not like the idea of it with my existing config,

Day 4

Good news first – amavis seems to work no issues, and now back to problems

apache cgi/mailgraph

I have weird apache error codes but not a meaning as to what they mean i think

  • ah000128 start
  • ah000169 restart
  • ah001909  ssl mismatch (warn)
  • ah002811 script alias issue ?
  • ah000094 ?

google searching for those is a miss they like 404 error codes  – cgi is well broken but that seems down to perl -i had to get rid of perl -wT and run perl -w so getting there.

Moving mailgraph.cgi to cgi-bin fixes the issue (we just need the images which are called via javascript url method).  I gave up /usr/lib/cgi-bin and did cgi-bin my own way.


appears to work unhindered like Jessie not a fuckup


Apparently does work – just reconfigure from scratch


version 9.10 apparently means it now do caa records without encoding, it has a geoip feature that it loves to advertise.


worst thing: cyrus imap

less worst thing perl ‘changes’ (cgi)

stuff to still fix

  • clean out etc old entries
  • postfix start up ‘issues’
  • remove on disk backups
  • opendmarc reporting is not working
  • check email sending with dkim (works locally)
  • postgresql 9.4 refuses to load but the 9,6 version means i do not have load it twice – a bit botched but progress

notable mentions to spf – good to see that i still had to change something.

Hope that has not put you off but that was my rather fraught upgrade experience.  Perhaps i should have gone from Jessie i386 to 686 and then to Stretch.

I can work on the issues at a more leisurely pace now

The pingbacks to this site below update on this post and resolve issues i had.