ServerSignature and ServerTokens are two variables that determine how the Apache server describes itself, which makes it useful to keep some secrets.   While obscurity is not security, it’s nevertheless a good idea not to save a potential attacker time by giving them the exact versions of everything you run on your server.

ServerTokens

ServerTokens describe how much information about itself Apache divulges, both in the HTTP headers, and in the signature on server-generated pages, such as errors and directory indexes.  Here are the possible settings and example values:

Full:  Apache/2.2.3 (Red Hat) mod_ssl/2.2.4 OpenSSL/0.9.7l DAV/2 mod_fastcgi/2.4.2 PHP/5.1.5 mod_jk/1.2.15
OS: Apache/2.2.3 (Red Hat)
Minimal: Apache/2.2.3
Minor: Apache/2.2
Major: Apache/2
ProductOnly:  Apache

ServerSignature

This describes how Apache refers to itself in server-generated pages.  Possible values are On, Off or EMail.  On will give a message like:

Apache Server at www.somerandomstuff.com Port 80

Where “Apache Server” is the result of the ServerTokens value.  Setting ServerSignature to EMail, will give something like (note the mailto link):

Apache Server at www.somerandomstuff.com Port 80

And finally, setting it to Off, will show nothing.

I came across an error after upgrading a Plesk server from 8.6 to 9.2.3:

# /usr/local/psa/admin/sbin/mchk –with-spam
==> Checking for: mailsrv_conf_init… ok
==> Checking for: mail_mailbox_restore… ok
==> Checking for: mailsrv_entities_dump… ok
==> Checking for: mail_admin_aliases… ok
==> Checking for: mail_auth_dump… ok
==> Checking for: mailman_lists_dump… ok
==> Checking for: mail_responder_restore… ok
==> Checking for: mail_drweb_restore… ok
==> Checking for: mail_kav_restore… not exsists
Continue reading »

Have you ever been frustrated when trying to find a hidden file, or a file in a hidden directory, from an application’s open dialog? I’ve run into this a few times when trying to open disc images from disc utility. There’s an easy solution: browse to the directory where the hidden file/directory is, and hit:

Command-Shift-. [period]

This will show the hidden files. Hitting the same combination again hides them again. This might not work, depending on your region settings or key bindings. Try Command-Shift-, [comma] instead.

I have been searching high and low for the perfect camera bag. I need two, really. One is for my daily commute. This is the kind of bag that can accommodate my notebook computer and associated accessories, maybe a book or two, my lunch, and so on. It’s the kind of bag that can also accommodate my camera, and provide easy access to it. It doesn’t have to be able to fit all my camera gear – just the essentials: Body, one or two lenses, flash, extra battery maybe. This bag, I have found. It’s the Lowepro Fastpack 250. This bag does all the above, and can take for more photo gear than I expected. It’s compact, fairly discreet, goes through airport security without any problems, and after six months of daily use, show no signs of wear.
Continue reading »

I recently needed to do some testing with sending mail, and needed a host that would accept mails without asking questions, and just discard it. This turned out to be pretty easy with Postfix.   Starting with a fresh installation on Debian Lenny, add the following to /etc/postfix/main.cf:

And before I even got to send a test mail, someone had beat me to it:

Yes, I probably should have firewalled out port 25…

This is something that comes up all the time when clients are having PCI compliance scans done on their servers – qmail, by default, allowes SSLv2 to be used.

To disable it is very easy.  Edit/create /var/qmail/control/tlsserverciphers and add the following line to it:

Now restart qmail, and you’re done!

Hours spent in front of the TV are essentially a waste of life for me.  But once in a while, something happens and my brain actually works for a few seconds.  On this particular occasion I was on the couch, TV blaring some insignificant noise at me, browsing on my laptop for my daily information overload.

I remembered that I wanted to check if TED has an rss feed.  Sure they do, so I subscribed using my rss reader.   Of course, this gave me 200+ updates, and while browsing through them, I noticed that they contained direct links to mp4 files.  Hey!  Wait a minute!  iTunes should be able to make sense of this feed!  So I tried it, and what do you know – I’m now subscribed to the TED’s videos.

So here’s the quick&dirty.  Navigate to http://www.ted.com.  Scroll down to the rss feed link.  Right-click on it and copy the URL.  Now open iTunes, click on “Advanced” –> “Subscribe to podcast” and paste the URL into the box.  And that’s it!  Sit back and let the videos come to you!   As a bonus, the videos are the right format for the iPhone.  My daily commute just improved a whole lot!

Update (2009/05/05): Of course, the next morning, with a fresh mind, I realised that the TED talks were available as a podcast on the iTunes store.

Today I got tasked with removing duplicate mails from a mail folder with over 100,000 mails in it.  Doing this from a mail client is so impractical, it’s not even worth giving any thought at all.  Fortunately, the mailbox is on a mail server using Maildir style mailboxes, so I knew this could be done with minimum effort.

I discovered the ‘reformail’ utility, part of courier-imap, and after a few trial runs, I settled on the following:

# cd /path/to/mailbox/Maildir/cur

# for i in `find . -type f`; do reformail -D 10000000 /tmp/duplicates <$i && rm $i; done

-D looks for, and deletes duplicates.

10000000 is the length of the temporary file where a list of message IDs will be written

/tmp/duplicates is the aforementioned temporary file.

The temporary file needs to be big enough to accommodate the message ID of each mail.  In this particular case, I have found the average length to be 54 characters, but I would suggest using around double that to be safe.  So adjust to your needs.

In a big mail folder, and especially on ext3, this will take a long time to complete.

I recently decided to move my enormous mail archive from my trusty Courier-imap/Maildir setup to DBmail. The reason is simple.  I have several mail folders with 100,000+ mails in.  That means several directories with upwards of 100,000 files in.   And that means bad performance.    There is another reason:  I can execute far more powerful searches with an SQL query, than any mail client can allow me to do.

DBmail is a POP3/IMAP server that uses a regular database server (currently MySQL, PostgreSQL or SQLite) for its mail store.  Given the obvious advantages, I’m surprised this isn’t more popular.

There is one gotcha to the setup.  MySQL, being Swedish, has a default collation setting of ‘latin1_swedish_ci’ while DBmail assumes ‘utf8_general_ci’ will be set.  But the DBmail docs, and even the MySQL notes page, does not mention this* at all, and the included create_tables.mysql script does not set the correct collation either.   This results in the following error showing up in the logs:

Sep 14 03:00:01 hermes dbmail/maintenance[16708]: Error:[sql] dbmysql.c,db_mysql_check_collations(+138): collation mismatch, your MySQL configuration specifies a different charset than the data currently in your DBMail database.

This is easily fixed.  Assuming your database is called ‘dbmail’ do:

mysql> use information_schema;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select * from SCHEMATA where SCHEMA_NAME = ‘dbmail’;

The ‘DEFAULT_COLLATION_NAME’ column will most likely show ‘latin1_swedish_ci’ – this is the problem.  Run the following:
mysql> alter database `dbmail` collate `utf8_general_ci`;
Query OK, 1 row affected (0.02 sec)

Run the select query again and check if the right collation is showing.  After doing this, dbmail should connect to MySQL without any problems.

From time to time,  Squirrelmail gives this error on a Plesk machine:

Error opening /var/lib/squirrelmail/prefs/default_pref
Could not create initial preference file!
/var/lib/squirrelmail/prefs/ should be writable by user apache
Please contact your system administrator and report this error.

Squirrelmail depends on safe_mode being off.  Let’s see if this is the case:

# grep ^safe_mode /etc/php.ini
safe_mode = On

Since this is a multi-domain system, we want to make changes only to the effected subdomain, in this case the webmail.* subdomain.  But changing the Plesk config won’t help, since Plesk will just overwrite it.   So we create a second file, that will load after, and thus override the Plesk file:

# vi /etc/httpd/conf.d/zz011_squirrelmail_safemode_fix.conf

And add the following:

<Directory “/usr/share/squirrelmail”>
php_admin_flag safe_mode off
</Directory>

Now check your apache config and restart gracefully:

# httpd -t

OK

# apachectl graceful

Reload Squirrelmail in your browser – it should work now