John F. Morse inn at
Sat Aug 4 21:24:08 UTC 2012

I emailed this to Sameh but have not heard back from him yet.

Recently I have noticed a change in the format of the daily inpaths e-mail 
messages from all of my servers.

These are the copies that are mailed to myself, and I have no reason to 
believe the copies that are e-mailed to anthologeek are any different.

Prior to July 17, the first half of the messages used a FQDN for the news 
server as shown in these few example lines from July 16:

10 tor
21 f14.n5026
97 f111.n5000
29 f94.n463

Starting with the July 17th inpaths e-mail reports, the news servers now have 
what appears to be an encrypted name, like the following:

1 4no10958447pbo.1
1 u3no2499556qai.0
1 r1no7166850qas.0
1 r1no1993256qas.0
1 u3no4601951qai.0
1 p10ni85011709pbh.1
1 p10ni4855325pbh.1
1 b9ni62456434pbl.0
1 a15ni29416995qag.0
1 u3no791074qai.0
1 x2no1441328qaj.0
1 r1no5792874qas.0
1 r1no3774915qas.0
2 c6ni126837qas.0
1 q4no6402800pbi.0
1 u3no5665331qai.0
1 r1no2031460qas.0
1 u3no714174qai.0
1 r1no2650122qas.0
3 a15ni5821362qag.0
1 u3no281510qai.0
1 g9ni16391601pbo.0

I have changed nothing on any of my INN servers that would have added 
encryption -- nor anything else -- for several weeks. The last system update 
was back on June 18, when 23-30 packages were upgraded, and Debian went from 
6.0.4 to 6.0.5.

Additionally, I notice that the inpaths e-mail messages were running around 
85k to 90k in size each day for each server.

Since the trouble started on July 17, the message size is growing each day.

Yesterday the messages were 456k-467k, and today they are up to 564k-567k.

However the file sizes are nowhere that large, and all servers show similar 
sizes like these:

news at news2:/var/log/news/path$ ls -al
total 1857
drwxrwxr-x 2 news news    808 Aug  4 04:38 .
drwxr-xr-x 4 news news    456 Aug  4 00:05 ..
-rw-rw-r-- 1 news news  65350 Jul 21 04:36 inpaths.1342863361
-rw-rw-r-- 1 news news  63558 Jul 22 04:36 inpaths.1342949761
-rw-rw-r-- 1 news news  61785 Jul 23 04:36 inpaths.1343036161
-rw-rw-r-- 1 news news  76913 Jul 24 04:36 inpaths.1343122561
-rw-rw-r-- 1 news news  83772 Jul 25 04:36 inpaths.1343208962
-rw-rw-r-- 1 news news  86356 Jul 26 04:36 inpaths.1343295361
-rw-rw-r-- 1 news news  82999 Jul 27 04:36 inpaths.1343381762
-rw-rw-r-- 1 news news  80340 Jul 28 04:36 inpaths.1343468161
-rw-rw-r-- 1 news news  81774 Jul 29 04:36 inpaths.1343554561
-rw-rw-r-- 1 news news  83695 Jul 30 04:36 inpaths.1343640962
-rw-rw-r-- 1 news news  96950 Jul 31 04:36 inpaths.1343727361
-rw-rw-r-- 1 news news  71277 Jul 31 16:56 inpaths.1343771806
-rw-rw-r-- 1 news news   1799 Jul 31 16:57 inpaths.1343771823
-rw-rw-r-- 1 news news  77516 Aug  1 04:36 inpaths.1343813761
-rw-rw-r-- 1 news news  28152 Aug  1 05:44 inpaths.1343817858
-rw-rw-r-- 1 news news 196811 Aug  2 04:36 inpaths.1343900161
-rw-rw-r-- 1 news news 340771 Aug  3 04:36 inpaths.1343986561
-rw-rw-r-- 1 news news 134521 Aug  3 12:41 inpaths.1344015699
-rw-rw-r-- 1 news news 149533 Aug  4 04:36 inpaths.1344072961

I rebooted one server yesterday (rebooted the complete computer), but there is 
no change in the inpaths data format nor size that was e-mailed this morning.

The only oddity involved is on July 17 I did have a hardware failure on a 
BIND9 DNS server that had an uptime of six years (Debian Sarge). I've narrowed 
it down to either the CPU or the system board, possibly the southbridge.

I changed /etc/resolv.conf in all INN servers (Debian Squeeze) to point to a 
newer BIND9 box and everything seemed to be working fine (e.g. I'm getting the 
inpaths e-mail fine, and peers are showing normal feeds from me).

There is no stuck or queued mail for news, root, nor my UID on the news 
servers, nor on my MTA, and the MTA log shows the messages were sent out to 
anthologeek. I see nothing abnormal in the INN logging.

This same Squeeze DNS server has been the primary for all other computers in 
this installation for about a year and has never had a problem.

I later moved the old Sarge hard drive from the dead computer into another 
spare computer, and BIND9 seems to be working on it without problems.

Shooting in the dark, a very long pot shot, maybe I'll change resolv.conf back 
for one server, to the Sarge box, and see what happens tomorrow.

Any other ideas?


