I had to solve a problem for a customer where they need to delegate management of backup MX servers to their clients. Of course, they don’t want to give their clients root access to their server, but they can write an app that gives users access to certain entries in a database, based on their privileges. This means I can join my two favourite server apps in the world: Postfix + MySQL
First, we need to create a database and some tables. These are quick and dirty and only meant to be a proof of concept. The fields a pretty straight forward: id is just a number, domain is the domain being relayed, and destination is the primary MX or where ever you need the mail to go. The syntax is as per the Postfix transport documentation. :domain.tld will do an mx lookup on domain.tld, and smtp:host.domain.tld will deliver directly to the host specified. My database is called ‘backupmx’
CREATE TABLE `domains` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`domain` varchar(128) NOT NULL DEFAULT '',
`destination` varchar(128) NOT NULL DEFAULT '',
PRIMARY KEY (`id`),
UNIQUE KEY `domain` (`domain`)
) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=utf8
CREATE TABLE `recipients` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`address` varchar(255) NOT NULL DEFAULT '',
PRIMARY KEY (`id`),
KEY `address` (`address`)
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8
Continue reading »
I encountered this today when trying to query a package on a Red Hat server:
rpmdb: Lock table is out of available locker entries
error: db4 error(22) from db->close: Invalid argument
error: cannot open Name index using db3 – Cannot allocate memory (12)
This happens when an operation involving the rpm db gets interrupted and the locks not cleared. The solution is rather simple:
1. Make a backup of /var/lib/rpm (because you never know)
2. rm /var/lib/rpm/__db.00*
3. rpm --rebuilddb
You should have a working rpm databse now.
ServerSignature and ServerTokens are two variables that determine how the Apache server describes itself, which makes it useful to keep some secrets. While obscurity is not security, it’s nevertheless a good idea not to save a potential attacker time by giving them the exact versions of everything you run on your server.
ServerTokens
ServerTokens describe how much information about itself Apache divulges, both in the HTTP headers, and in the signature on server-generated pages, such as errors and directory indexes. Here are the possible settings and example values:
Full: Apache/2.2.3 (Red Hat) mod_ssl/2.2.4 OpenSSL/0.9.7l DAV/2 mod_fastcgi/2.4.2 PHP/5.1.5 mod_jk/1.2.15
OS: Apache/2.2.3 (Red Hat)
Minimal: Apache/2.2.3
Minor: Apache/2.2
Major: Apache/2
ProductOnly: Apache
ServerSignature
This describes how Apache refers to itself in server-generated pages. Possible values are On, Off or EMail. On will give a message like:
Apache Server at www.somerandomstuff.com Port 80
Where “Apache Server” is the result of the ServerTokens value. Setting ServerSignature to EMail, will give something like (note the mailto link):
Apache Server at www.somerandomstuff.com Port 80
And finally, setting it to Off, will show nothing.
I came across an error after upgrading a Plesk server from 8.6 to 9.2.3:
# /usr/local/psa/admin/sbin/mchk --with-spam
==> Checking for: mailsrv_conf_init... ok
==> Checking for: mail_mailbox_restore... ok
==> Checking for: mailsrv_entities_dump... ok
==> Checking for: mail_admin_aliases... ok
==> Checking for: mail_auth_dump... ok
==> Checking for: mailman_lists_dump... ok
==> Checking for: mail_responder_restore... ok
==> Checking for: mail_drweb_restore... ok
==> Checking for: mail_kav_restore... not exsists
==> Checking for: mail_spf_restore... ok
==> Checking for: mail_dk_restore... ok
==> Checking for: mail_grey_restore... ok
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "pop3d"
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "pop3d-ssl"
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "imapd"
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "imapd-ssl"
Continue reading »
Have you ever been frustrated when trying to find a hidden file, or a file in a hidden directory, from an application’s open dialog? I’ve run into this a few times when trying to open disc images from disc utility. There’s an easy solution: browse to the directory where the hidden file/directory is, and hit:
Command-Shift-. [period]
This will show the hidden files. Hitting the same combination again hides them again. This might not work, depending on your region settings or key bindings. Try Command-Shift-, [comma] instead.
I have been searching high and low for the perfect camera bag. I need two, really. One is for my daily commute. This is the kind of bag that can accommodate my notebook computer and associated accessories, maybe a book or two, my lunch, and so on. It’s the kind of bag that can also accommodate my camera, and provide easy access to it. It doesn’t have to be able to fit all my camera gear – just the essentials: Body, one or two lenses, flash, extra battery maybe. This bag, I have found. It’s the Lowepro Fastpack 250. This bag does all the above, and can take for more photo gear than I expected. It’s compact, fairly discreet, goes through airport security without any problems, and after six months of daily use, show no signs of wear.
Continue reading »
I recently needed to do some testing with sending mail, and needed a host that would accept mails without asking questions, and just discard it. This turned out to be pretty easy with Postfix. Starting with a fresh installation on Debian Lenny, add the following to /etc/postfix/main.cf:
# accept all mail
relay_domains = static:ALL
# then get rid of it
smtpd_end_of_data_restrictions = check_client_access static:discard
And before I even got to send a test mail, someone had beat me to it:
Jul 9 03:43:58 mx02 postfix/smtpd[13940]: 6BC681740FC: discard: END-OF-MESSAGE from 114-45-59-8.dynamic.hinet.net[114.45.59.8]: <114-45-59-8.dynamic.hinet.net[114.45.59.8]>: Client host triggers DISCARD action; from=<z2007tw@yahoo.com.tw> to=<tv9977ccv@yahoo.com.tw> proto=SMTP helo=<98.129.169.123>
Yes, I probably should have firewalled out port 25…
This is something that comes up all the time when clients are having PCI compliance scans done on their servers – qmail, by default, allows SSLv2 to be used.
To disable it is very easy. Edit or create /var/qmail/control/tlsserverciphers and add the following line to it:
ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
Now restart qmail, and you’re done!
Today I got tasked with removing duplicate mails from a mail folder with over 100,000 mails in it. Doing this from a mail client is so impractical, it’s not even worth giving any thought at all. Fortunately, the mailbox is on a mail server using Maildir style mailboxes, so I knew this could be done with minimum effort.
I discovered the ‘reformail’ utility, part of courier-imap, and after a few trial runs, I settled on the following:
# cd /path/to/mailbox/Maildir/cur
# for i in `find . -type f`; do reformail -D 10000000 /tmp/duplicates <$i && rm $i; done
-D looks for, and deletes duplicates.
10000000 is the length of the temporary file where a list of message IDs will be written
/tmp/duplicates is the aforementioned temporary file.
The temporary file needs to be big enough to accommodate the message ID of each mail. In this particular case, I have found the average length to be 54 characters, but I would suggest using around double that to be safe. So adjust to your needs.
In a big mail folder, and especially on ext3, this will take a long time to complete.
