Backup MX with Postfix & MySQL

SysAdmin No Responses »
Apr 262010

I had to solve a problem for a customer where they need to delegate management of backup MX servers to their clients. Of course, they don’t want to give their clients root access to their server, but they can write an app that gives users access to certain entries in a database, based on their privileges. This means I can join my two favourite server apps in the world: Postfix + MySQL

First, we need to create a database and some tables. These are quick and dirty and only meant to be a proof of concept. The fields a pretty straight forward: id is just a number, domain is the domain being relayed, and destination is the primary MX or where ever you need the mail to go. The syntax is as per the Postfix transport documentation. :domain.tld will do an mx lookup on domain.tld, and smtp:host.domain.tld will deliver directly to the host specified. My database is called ‘backupmx’ 

CREATE TABLE `domains` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `domain` varchar(128) NOT NULL DEFAULT '',
  `destination` varchar(128) NOT NULL DEFAULT '',
  PRIMARY KEY (`id`),
  UNIQUE KEY `domain` (`domain`)
) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=utf8

CREATE TABLE `recipients` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `address` varchar(255) NOT NULL DEFAULT '',
  PRIMARY KEY (`id`),
  KEY `address` (`address`)
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8

Continue reading »

Posted by srg at 0:09 Tagged with: , , , ,

rpmdb: Lock table is out of available locker entries

SysAdmin, hacks No Responses »
Mar 162010

I encountered this today when trying to query a package on a Red Hat server:

rpmdb: Lock table is out of available locker entries
error: db4 error(22) from db->close: Invalid argument
error: cannot open Name index using db3 – Cannot allocate memory  (12)

This happens when an operation involving the rpm db gets interrupted and the locks not cleared.  The solution is rather simple:

1.   Make a backup of /var/lib/rpm   (because you never know)

2.   rm /var/lib/rpm/__db.00*

3.   rpm --rebuilddb

You should have a working rpm databse now.

Posted by srg at 18:44 Tagged with: , , , , , ,

ServerSignature and ServerTokens

SysAdmin No Responses »
Mar 112010

ServerSignature and ServerTokens are two variables that determine how the Apache server describes itself, which makes it useful to keep some secrets.   While obscurity is not security, it’s nevertheless a good idea not to save a potential attacker time by giving them the exact versions of everything you run on your server.

ServerTokens

ServerTokens describe how much information about itself Apache divulges, both in the HTTP headers, and in the signature on server-generated pages, such as errors and directory indexes.  Here are the possible settings and example values:

Full:  Apache/2.2.3 (Red Hat) mod_ssl/2.2.4 OpenSSL/0.9.7l DAV/2 mod_fastcgi/2.4.2 PHP/5.1.5 mod_jk/1.2.15
OS: Apache/2.2.3 (Red Hat)
Minimal: Apache/2.2.3
Minor: Apache/2.2
Major: Apache/2
ProductOnly:  Apache

ServerSignature

This describes how Apache refers to itself in server-generated pages.  Possible values are On, Off or EMail.  On will give a message like:

Apache Server at www.somerandomstuff.com Port 80

Where “Apache Server” is the result of the ServerTokens value.  Setting ServerSignature to EMail, will give something like (note the mailto link):

Apache Server at www.somerandomstuff.com Port 80

And finally, setting it to Off, will show nothing.

Posted by srg at 14:32 Tagged with: , , ,

Plesk 9 mchk failure

SysAdmin, hacks No Responses »
Jan 112010

I came across an error after upgrading a Plesk server from 8.6 to 9.2.3:

# /usr/local/psa/admin/sbin/mchk --with-spam
==> Checking for: mailsrv_conf_init... ok
==> Checking for: mail_mailbox_restore... ok
==> Checking for: mailsrv_entities_dump... ok
==> Checking for: mail_admin_aliases... ok
==> Checking for: mail_auth_dump... ok
==> Checking for: mailman_lists_dump... ok
==> Checking for: mail_responder_restore... ok
==> Checking for: mail_drweb_restore... ok
==> Checking for: mail_kav_restore... not exsists
==> Checking for: mail_spf_restore... ok
==> Checking for: mail_dk_restore... ok
==> Checking for: mail_grey_restore... ok
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "pop3d"
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "pop3d-ssl"
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "imapd"
awk: cmd. line:50: (END OF FILE)
awk: cmd. line:50: invalid char '�' in expression
unable to process "imapd-ssl"

Continue reading »

Posted by srg at 17:31 Tagged with: , , ,

qmail: disable SSLv2

SysAdmin No Responses »
Jun 202009

This is something that comes up all the time when clients are having PCI compliance scans done on their servers – qmail, by default, allows SSLv2 to be used.

To disable it is very easy.  Edit or create /var/qmail/control/tlsserverciphers and add the following line to it:

ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM

Now restart qmail, and you’re done!

Posted by srg at 11:04 Tagged with: , ,

DBmail configuration gotcha

SysAdmin No Responses »
Mar 092009

I recently decided to move my enormous mail archive from my trusty Courier-imap/Maildir setup to DBmail. The reason is simple.  I have several mail folders with 100,000+ mails in.  That means several directories with upwards of 100,000 files in.   And that means bad performance.    There is another reason:  I can execute far more powerful searches with an SQL query, than any mail client can allow me to do.

DBmail is a POP3/IMAP server that uses a regular database server (currently MySQL, PostgreSQL or SQLite) for its mail store.  Given the obvious advantages, I’m surprised this isn’t more popular.

There is one gotcha to the setup.  MySQL, being Swedish, has a default collation setting of ‘latin1_swedish_ci’ while DBmail assumes ‘utf8_general_ci’ will be set.  But the DBmail docs, and even the MySQL notes page, does not mention this* at all, and the included create_tables.mysql script does not set the correct collation either.   This results in the following error showing up in the logs:

Sep 14 03:00:01 hermes dbmail/maintenance[16708]: Error:[sql] dbmysql.c,db_mysql_check_collations(+138): collation mismatch, your MySQL configuration specifies a different charset than the data currently in your DBMail database.

This is easily fixed.  Assuming your database is called ‘dbmail’ do:

mysql> use information_schema;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select * from SCHEMATA where SCHEMA_NAME = ‘dbmail’;

The ‘DEFAULT_COLLATION_NAME’ column will most likely show ‘latin1_swedish_ci’ – this is the problem.  Run the following:
mysql> alter database `dbmail` collate `utf8_general_ci`;
Query OK, 1 row affected (0.02 sec)

Run the select query again and check if the right collation is showing.  After doing this, dbmail should connect to MySQL without any problems.

Posted by srg at 17:10 Tagged with: , , , , , , ,

Plesk and Squirrelmail - the elegant way.

SysAdmin, hacks No Responses »
Feb 222009

From time to time,  Squirrelmail gives this error on a Plesk machine:

Error opening /var/lib/squirrelmail/prefs/default_pref
Could not create initial preference file!
/var/lib/squirrelmail/prefs/ should be writable by user apache
Please contact your system administrator and report this error.

Squirrelmail depends on safe_mode being off.  Let’s see if this is the case:

# grep ^safe_mode /etc/php.ini
safe_mode = On

Since this is a multi-domain system, we want to make changes only to the effected subdomain, in this case the webmail.* subdomain.  But changing the Plesk config won’t help, since Plesk will just overwrite it.   So we create a second file, that will load after, and thus override the Plesk file:

# vi /etc/httpd/conf.d/zz011_squirrelmail_safemode_fix.conf

And add the following:

<Directory “/usr/share/squirrelmail”>
php_admin_flag safe_mode off
</Directory>

Now check your apache config and restart gracefully:

# httpd -t

OK

# apachectl graceful

Reload Squirrelmail in your browser – it should work now

Posted by srg at 22:58

Konsole and the console font

SysAdmin, hacks No Responses »
Dec 142008

After doing some updates on my Debian Lenny workstation, I noticed that KDE’s Konsole is no longer able to find the “Console” font, and upon trying to install it, I’m greeted with an error saying:

Could not install console8x16.pcf.gz into fonts:/Personal/
Fortunately, this is easily fixable. As root, run the following:

# dpkg-reconfigure fontconfig-config

Choose the default option to all but the question about bitmap fonts – choose YES here. This will enable support for bitmap fonts. Then do:

# dpkg-reconfigure fontconfig

This will update the font cache. Now restart your Konsole, and your fonts should be back to normal.

Update 2009/03/07:   I had this happen to me again today (did a dist-upgrade to Squeeze) and after running the above fix, only one of the two missing fonts returned.   I found that removing the contents of ~/.fontconfig/ does the trick.

Update 2009/07/25:   I got a new PC at work, and this time did a clean install of Squeeze, which meant getting dumped into KDE4.  Again, the font was missing, and the font installer wouldn’t see the pcf file.  I had to do the above, and then, using the font installer, had to type *.pcf  in the filter field – this installed the font.  I also had to set font anti-aliasing to “enabled” instead of “system settings” in the System Settings panel –> Appearance –> Fonts.

Posted by srg at 13:58 Tagged with: , , , ,

SMTP status codes

SysAdmin No Responses »
Jun 072008

Have you ever wondered what all those SMTP status codes mean? It’s not that hard to read. Each code consists of three numbers. The format for this is class.subject.detail, for example 2.5.0 (also written as 250).

Here is a list of the classes:

2.x.x – Succes
4.x.x – Temporary failure
5.x.x – Permanent failure

Here are the subjects:

x.0.x – Other or undefined
x.1.x – Addressing related

Continue reading »

Posted by srg at 15:48 Tagged with: , , , , , ,
Geo Visitors Map © 2010 Some Random Stuff Suffusion WordPress theme by Sayontan Sinha