Archive for June, 2010

« Older Entries
Newer Entries »

rewrite_subject and subject_tag has been substituted for spamassassin version 3.x to rewrite_header Subject

Monday, June 21st, 2010

While I was checking one of the spamassassin daemon that I have installed in the past for configuration errors in loca.cf and the other loaded spamassassin conf rules file, I have faced the following error:

This warnings appeared when I was checking my spamassassin configuration using the command:

debian-server:~# spamassassin --lint

Issuing the up-mentioned command returned the following warnings:

[18056] warn: config: failed to parse line, skipping, in “/etc/spamassassin/local.cf”: rewrite_subject 1[18056] warn: config: failed to parse line, skipping, in “/etc/spamassassin/local.cf”: subject_tag [SPAM found in message][18056] warn: lint: 2 issues detected, please rerun with debug enabled for more information

A quick search in google for the error opened my eyes that actually I’m using old and obsolete spamassassin directives in my /etc/mail/spamassassin/local.cf

Starting with version 3.x of spamassassin different syntax is used to tag cought spam messages and substitute them for a different custom selected header.

1. To solve the issue all I had to edit my /etc/mail/spamassassin/local.cf

2. Comment out or delete in the local.cf file:

rewrite_subject 1
subject_tag [SPAM found in message]

So after the change the two directives should be with the shebang shebang, e.g.:

#rewrite_subject 1
#subject_tag [SPAM found in message]

3. Now include the spamassassin substitute for rewrite_subject and subject_tag rewrite_header Subject

For instance put in local.cf something like:

rewrite_header Subject *****SPAM*****
Now restart your spamassassin either by invoking /etc/init.d/spamassassin restart if it’s running as a stand alone daemon or if it’s ran through daemontools my will have to restart it with svc, like for instance:

debian-server:~# svc -d /service/spamd
debian-server:~# svc -t /service/spamd
debian-server:~# svc -u /service/spamd
The warning messages:

[18056] warn: config: failed to parse line, skipping, in “/etc/spamassassin/local.cf”: rewrite_subject 1[18056] warn: config: failed to parse line, skipping, in “/etc/spamassassin/local.cf”: subject_tag [SPAM found in message][18056] warn: lint: 2 issues detected, please rerun with debug enabled for more informationshould no longer appear whilst you check your spamassassin configuration 🙂

Tags:
Posted in Linux, System Administration | 2 Comments »

How to automatically reboot (restart) Debian GNU Lenny / Squeeze Linux on kernel panic, some general CPU overload or system crash

Monday, June 21st, 2010

If you are a system administrator, you have probably wondered at least once ohw to configure your Linux server to automatically reboot itself if it crashes, is going through a mass CPU overload, e.g. the server load average “hits the sky”.
I just learned from a nice article found here that there is a kernel variable which when enabled takes care to automatically restart a crashed server with the terrible Kernel Panic message we all know.

The variable I’m taking about is kernel.panic for instance kernel.panic = 20 would instruct your GNU Linux kernel to automatically reboot if it experiences a kernel panic system crash within a time limit of 20 seconds.

To start using the auto-reboot linux capabilities on a kernel panic occurance just set the variable to /etc/sysctl.conf

debian-server:~# echo 'kernel.panic = 20' >> /etc/sysctl.conf

Now we will also have to enable the variable to start being use on the system, so execute:

debian-server:~# sysctl -p There you go automatic system reboots on kernel panics is now on.
Now to further assure yourself the linux server you’re responsible of will automatically restart itself on a emergency situation like a system overload I suggest you check Watchdog

You might consider checking out this auto reboot tutorial which explains in simple words how watchdog is installed and configured.
On Debian installing and maintaining watchdog is really simple and comes to installing and enabling the watchdog system service, right afteryou made two changes in it’s configuration file /etc/watchdog.conf

To do so execute:

debian-server:~# apt-get install watchdog
debian-server:~# echo "file = /var/log/messages" >> /etc/watchdog.conf
debian-server:~# echo "watchdog-device = /dev/watchdog" >> /etc/watchdog.conf

Well that should be it, you might also need to load some kernel module to monitor your watchdog.
On my system the kernel modules related to watchdog are located in:

/lib/modules/2.6.26-2-amd64/kernel/drivers/watchdog/
If not then you should certainly try the software watchdog linux kernel module called softdog , to do so issue:
debian-server:~# /sbin/modprobe softdog

It’s best if you load the module while the softdog daemon is disabled.
If you consider auto loadig the softdog software watchdog kernel driver you should exec:

debian-server:~# echo 'softdog' >> /etc/modules

Finally a start of the watchdog is necessery:

 


debian-server:~# /etc/init.d/watchdog start
Stopping watchdog keepalive daemon....
Starting watchdog daemon....

That should be all your automatic system reboots should be now on! 🙂

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 6 Comments »

How to disable directory listing to /icons/ directory on Debian Lenny Linux

Saturday, June 19th, 2010

I’ve recently configured a new server running Debian Lenny Linux. It really irritated methat by default an Alias existed to the /icons/ directory.
It took me a while to get through the configured Virtualhosts in /etc/apache2/sites-enabled/ , the /etc/apache2/apache2.conf and check among the enabled Apache modueles existing in /etc/apache2/mods-avaiable/

I finally got that the Alias to the directory was because of a configuration directives in /etc/apache2/mods-available/alias.conf

To disable the Alias you’ll have to:

debian-server:~# vim /etc/apache2/mods-available/alias.conf

Then Change in the /etc/apache2/mods-available/alias.conf : <Directory "/usr/share/apache2/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Allow from all to to Deny from all in order to forbid access to the /icons/ directory.
If you want to completely wipe out the Alias comment out the line:

Alias /icons/ "/usr/share/apache2/icons/"

Now restart Apache and the access to the /icons directory enabled by default on Debian would be no more 🙂
debian-server:~# /etc/init.d/apache2 restart
Cheers 🙂

Tags:
Posted in Linux, System Administration | 5 Comments »

Fix to error qmail-smtpd: error while loading shared libraries: libresolv.so.2: failed to map segment from shared object: Cannot allocate memory

Friday, June 18th, 2010

Whilst installing a new qmail installation following instructions from www.shupp.org/toaster I have faced the error:

/var/qmail/bin/qmail-smtpd: error while loading shared libraries: libresolv.so.2: failed to map segment from shared object: Cannot allocate memory

This error is caused by a softlimit memory limitation in qmail svc’s initialization respawn script,e.g. a line in /service/qmail-smtpd/run by default equals to:

exec /usr/bin/softlimit -m 8000000

To solve the issue with/var/qmail/bin/qmail-smtpd: error while loading shared libraries: libresolv.so.2: failed to map segment from shared object: Cannot allocate memory appearing in /var/log/qmail/smtpd/current it’s necessary to increase the soflimit value on a machine with 8GB of memory to:
exec /usr/bin/softlimit -m 64000000

For servers with 4GB ram the proper soft limit would be about 64000000 divided by 2, or 32000000. Following that login you can determine what kind of softlimit limitation would be most probably for your server in accordance to the server amount of ram memory.

Tags:
Posted in Linux, System Administration | No Comments »

How to solve: “LibClamAV Warning: Cannot dlopen: file not found – unrar support unavailable” error

Thursday, June 17th, 2010

Whilst installing clamav 0.96.1 stable from source I came across the errorLibClamAV Warning: Cannot dlopen: file not found – unrar support unavailable
I then realized my clamav is compiled without unrar support in it:
So afterwards I had to recompile clamav after installing:

debian-server:~# apt-get install unrar-free
debian-server:~# apt-get install libncurses5-dev
debian-server:~# apt-get install libbz2-dev

Above libncurses5-dev and libbz2-dev doesn’t have a direct relation to the missing unrarcompiled in clamav, however when I was debugging, if unrar is installed I have realized supportfor ncurses and bzip2 was disabled in the newly clamav built from the source.
Therefore I decided to install this two as well and recompile to have the aforementioned twoincluded in my clamav antivirus binaries.

But guess what this doesn’t at all solved the LibClamAV Warning: Cannot dlopen: file not found – unrar support unavailable and the errorreoccured during freshclam‘s initialization with /etc/init.d/freshclam .
To finallysolve that warning and properly start up clamav it was necessary to:
link /usr/local/lib/libclamunrar_iface.so.6 to /usr/lib and right after that to execute ldconfig

debian-server:~# ln -sf /usr/local/lib/libclamunrar_iface.so.6 /usr/lib/
debian-server:~# ldconfig

And Voila!
debian-server:~# /etc/init.d/freshclam stop
debian-server:~# /etc/init.d/freshclam start
Starting freshclam daemon ... done. !
Warning Solved!
In solving the riddle The following bug report and suggestion to solve the warning helped me a bit
So if my way doesn’t works for you you might considering checking it out.

Tags:
Posted in Linux, System Administration | No Comments »

How to install djbdns local caching DNS server on Debian Lenny Linux

Wednesday, June 16th, 2010

You might wonder why somebody would choose to install http://cr.yp.to/djbdns.html djbdns in favour of the much more popular and established bind name server.
Well I personally have the following major concernes, when I do the conscious choice to install djbdns.

– DjbDNS is fast caching DNS, according to some online tests it is sometimes at least twice faster in resolving addresses compared to bind.
– Djbdns caching server is easy to set up
– DjbDNS is Secure. It’s notable that Dan Bernstein the author of djbdns is one of the most honoured security specialists and hackers out there. Dan Bernstein is also the author of the qmail email server which is currently considered the most secure MTA in the world.
– DjbDNS is small in size compared to bind, takes less system resources (though this is not a crucial difference).
– DjbDNS occupies less system memory than bind

1. Install DjbDNS via apt-get

debian-server:~# apt-get install djbdns

This will also install daemontools – which will instlal daemontools and the daemontools-run package which will add necessery entries to /etc/inittab in order to enable service supervision through daemontools.

2. Add Necessery users for the djbdns local caching server to be ready to launchg:


debian-server:~# groupadd dnscache
debian-server:~# useradd -g dnscache dnscache
debian-server:~# useradd -g dnscache dnslog
debian-server:~# dnscache-conf dnscache dnslog /var/dnscache

3. Configure and install djbdns local caching server files instance

debian-server:~# dnscache-conf dnscache dnslog /var/dnscache

4. Last but not least it’s necessery to setup dnscache to start up automatically via daemontools’s svscanboot program

debian-server:~# ln -s /var/dnscache /etc/service

If you want to further dig into the nice djbdns caching linux/bsd server then be sure to checkout djbdnksrocks’s website
Now to start using the newly configured DNS caching server on localhost add to your /etc/resolv.conf


echo 'nameserver 127.0.0.1' >> /etc/resolv.conf

Tags:
Posted in Linux, System Administration | 1 Comment »

vsftp 421 Service not available, remote server has closed connection with vsftp and its solution

Tuesday, June 15th, 2010

I’ve spend almost an hour trying to isolate a problem that persisted with slow ftp transfers .
First I thought the slowness is because of some kind of firewall rules, anyways I’ve tested disabling the iptablesfirewall rules and the effect was absolutely the same.
I was able to login normally to the newly configured vsftp server on Debian installed through:

debian-server:~# apt-get install vsftpd The vsftp is configured to run as a stand alone service and not via inetd. A copy from the non-working vsftpd.conf can be obtained from here
I couldn’t find any fault or misconfigured variable in the above mentioned ftp configuration file.
The file doesn’t contain neither a syntax nor logical errors. The Vsftpd service was running as a daemon perfectly fine.
I read online about some suggestions that something could be wrong with my /etc/hosts.allow or /etc/hosts.deny files but neither of them doesn’t contained any deny rules.
Though I tried entering the following line to /etc/hosts.allow:

vsftpd: ALL: ALLOW

Guess what nothing changed, the uploading slowness and the error message:

421 Service not available, remote server timed out. Connection closed

was at hand.

I tried even transffering data files on localhost whilest the firewall was disabled using:

debian-server:~# ftp 0
Connected to 0 (0.0.0.0).
user: hipo
pass: *********
ftp>put file.tar.gz
229 Entering Extended Passive Mode
150 Ok to send data.

421 Service not available, remote server timed out. Connection closed

I also tried raising up the data_connection_timeout which by default was equal to 120 secs to data_connection_timeout=720

This doesn’t help as well. Lest that I tried also to fix the issue through changes in the following vsftp variables:
connect_from_port_20=NO
xferlog_enable=NO
local_max_rate=50max_per_ip=40
max_clients=50

Nomatter what I tried the shitty transfer timeout error was determined to reappear:
421 Service not available, remote server timed out. Connection closed

Pretty much like problems passing through an arcade game super-boss ! ghh ..
Following some forum suggestions that might help resolving the error I tried also the vsftpd conf variables:

pasv_enable=YES
pasv_min_port=11000
pasv_max_port=11010

Again the 421 Service not available, remote server timed out. Connection closed during a file transfer occured!

That completely pissed me off, so I did a radical decision. Just wipe out vsftpdand exchange it for the easier to implement and less problematic good old PROFTPD
My experience with proftpd as a server ftp daemon was most of times positive. It was luckily like this also this time!

The swith to proftpd on the server was a piece of a sweety cake:

debian-server:~# apt-get install proftpd

There you go now transfer works and the 421 Service not available, remote server timed out. Connection closed is solved in a radical and very easy manner!

Yet if you continue experiencing some kind of data transfer errors or ftp login errors I recommend you load the nf_conntrack_ftp if you’re running linux kernel > 2.19, if you’re using an older kernel version then you should load the ip_conntrack_ftp kernel module.
To make kernel loadable during system boot time do execute:
debian-server:~# echo nf_conntrack_ftp >> /etc/modules

To prevent FTP data transactions caused by iptables firewall rules I suggest you also check my article Iptables Open FTP Port 21 and 20 to enable your Linux firewall in and out FTP server data transfer to flow

Tags: ,
Posted in Linux, System Administration | 2 Comments »

Iptables Open FTP Port 21 and 20 to enable your Linux firewall in and out FTP server data transfer to flow

Monday, June 14th, 2010

I’ve recently build a firewall on a Linux server and I have encountered some issues with the FTP traffic motion whenever,an authenticated user to the FTP server tries to launch a data file transfer.
This issue is quite normal since, my Iptables firewall is restrictive and is of the type: deny everything by default except the allowed
It’s pretty normal that this kind of restrictive firewall does create problems for transfers intiated to the FTP server configured, since it drops out traffic to a cetrain ports requested by the FTP client to be spawned on therefore get opened on the server.
The FTP protocol is historically famous for this kind of problems since quite a long, most of the people who had already some experience with FTP know that FTP clients and servers support two general types of FTP data transfers: Active and Passive .
It’s less likely that an user has problems whilst transferring data in Passive FTP mode, however it’s a common problem that Active FTP transfers gives problems with transfers.
For more information on the exact way an FTP transfer works and passive and active mode please read here .
In order to prevent problems with your FTP server Active transfer it’s recommendable that a few iptables firewall rules as well as kernel modules are present amongst your firewall definitions.

So whenever you intend to include an FTP server with your newly configured server for the end customers be sure to have the following kernel modules loaded:

linux-server:~# modprobe ip_conntrack
linux-server:~# modprobe ip_conntrack_ftp

Next we have to add the proper iptables rules to properly manage incoming requests on port 21 to your firewall script file:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 1.2.3.4 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 1.2.3.4 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 1.2.3.4 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -s 1.2.3.4 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 1.2.3.4 --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 1.2.3.4 --dport 20 -m state --state ESTABLISHED -j ACCEPT

In the above firewall rules it’s necessery to change the 1.2.3.4 ip address with your FTP server public accessible ipv4 address.
In preparing this article I used as a basis iptables open FTP port 21 article which is a nice reading and sheds some good light on how to fix the FTP transfer issues discussed above.
That should be enough now reload your firewall rules flushing off the old firewall rules and loading the new ones and hopefully all should be done, your FTP transfers should start flowing fine.

Tags:
Posted in Linux, System Administration | 1 Comment »

Orhotox Christian notable Elders of our times (Elder Paisios & St. Nectarios)

Saturday, June 12th, 2010

If you’re a Christian and you are not well familiar with Orthodox Christian. You most probably wonder what is eldership (elders) in orthodoxy.
That’s okay and is quite normal. I remember the first time I heard about the so-called elders, it was completely incomprehensible term.
Laters when I was more and more getting to know orthodox christianity I started understanding the term, so I’ll try to explain it to you in a few words.
Elders are an old monks or old holy man, who stife after a really holy and ascetic life. The Church Elders used to be present even in the ancient Church as they were the ones who does annoyinted the sick as it’s written in the New Testament in The Holy Bible.
Later centuries elders used to be usually the spiritual guides of monasteries or other ascetic christian communities. Many elders used to be Hesychasts .
Many of the Elders has been blessed by God with many spiritual extraordinary gifts like clairvoyance, strong prayers that could work out miracles, peaceful spirit, phrophetic gifts etc.
In the middle centuries like the 16-nth to the 19-th century. Eldership and it’s number started to decline. There was even a times in Russia Eldership almost ceased.
However in the Holy Mount Athos, elders tradition has continued until this very day.
Since we’re living in a really mixed age, in which true christian spirituality has so largely declined, it’s a real blessing that yet we have some elders that could almost be called contemporary.
One really important and very blessed elder who lived in the 20-th century is elder Paisios

While looking for some Orthodox Songs and Chants I found a really interesting video that presented some of Elder Paisios and St. Nectarios who is also one of the notable saints of our times.
There is an innumerous number of Elders that lived and tough the true way of salvation, anyways since I’m not educated enough to talk about them I’ll just stop here and present you with a video showing some pictures and teachings of Elder Paisios and St. Nactarios.

Tags:
Posted in Christianity | No Comments »

How to properly control your Lenovo Thinkpad R61 fan rotation cycles on Linux with ThinkFan

Friday, June 11th, 2010

Since quite a long I’m issuing issues with my fan rotation controlling software on Linux.
That is really annoying since every now and then I experience problems with overheats when my systemis under heavy loads.
That would interrupt my proper work with my notebook every now and then and had became a real pain in the asswith time.
I spend a lot time looking for a solution in the meantime trying all kind of scripts which mentioned on thinkwiki.org
I’ve had an unpleasent experiences with tpfand , tp-fancontrol as well as with the automated process to control fan through some kernel module options like:

options thinkpad_acpi fan_control=1

To solve my overheating issues when the temperature shown by lm-sensors was reaching 60 degrees andabove I had to manually change the fan rotation level with the command :

# increase thinkpad fan speed to max
root@noah:~# echo level 7 > /proc/acpi/ibm/fan

The manual way to increase fan rotation when my CPU was under a high load caused by the automated thinkpad_acpi kernel module wrongly controlling the fan speed was really irritating, therefore I looked for something online to manage the fan rotation to cool my cpu in a proper way, after the many failed attems to use some of the forementioned softwares as well as other techniques I found to be explained as a workarounds to tune the automated fan rotation speed.
I finally found Thinkfan . The wonderful guys from Debian has even prepared a packaged deb package of thinkfan, so as a debian user the whole thinkfan installation was as easy as:

root@noah:~# apt-get install thinkfan

Though thinkfan worked just fine most of the time and was able to control my fan speed automatically quite properly most of the time, it failed to do so every now and then.
Since failures to adjust properly the fan rotation speed on my Debian Linux when the system was under a stress was rare, I was quite happy with thinkfan as a fan manager for my desktop linux system most of the time.
The most often cases in which thinkfan failed to properly adjust my fan speed to cool my cpu properly was after system sleeps or hibernate
To work around this issue I have created a crontab which would periodically restart the thinkfan daemon, the crontab I used is as follows:

# restart thinkfan on every 30 minutes to prevent issues with thinkfan after hibernate and sleep on Debian Linux
0,30 * * * * /etc/init.d/thinkfan restart >/dev/null 2>&1

This kind of solution worked until recently when I have used apt-get to upgrade my system software to the latest versions, ever since then thinkfan misbehaving unabling to properly control my notebook lenovo thinkpad r61 fan speed.

The failure to control properly the fan speed was accompanied by the following thinkfan warning messages in /var/log/messages :

Jun 7 15:30:02 noah thinkfan: WARNING: Using default temperature inputs in /proc/acpi/ibm/thermal.
Jun 7 15:30:02 noah thinkfan: WARNING: You have not provided any correction values for any sensor, and your fan will only start at 55 °C. This can be dangerous for your hard drive.

I spend almost two hours Googling for the error and possible articles on how to configure my thinkfan /etc/thinkfan.conf to match my thinkpad r61 fan control but I couldn’t find anything meaningful in Google.

Thus I started experimenting changing values in my /etc/thinkfan.conf until I reached a moment the fan is properly controlled by thinkfan.

I thought this values could be of a great benefit to other Thinkpad R61 Linux users I decided to blog about my issues and my solution to fan control issues.
So if you are also in the same struggles with properly configuring the fan speed for thinkfan to match Thinkpad model R61, you will have to download my thinkpad r61 Correction values thinkfan.conf file
Our you can either just copy paste the following in your /etc/thinkfan.conf configuration file on your system:

(0, 38, 40)
(1, 42, 44)
(2, 46, 48)
(3, 50, 52)
(4, 54, 56)
(5, 58, 60)
(6, 62, 64)
(7, 66, 32767)

For other Lenovo / IBM Thinkpad model types the correction values might be close or even it’s possible that the same configuration to control your fan with thinkfan might be compatible with other Thinkpads.
If you test it on another thinkpad and you find it working or some tweakenings to the up-mentioned correction values help in tuning thinkfan on other Thinkpads, please post here!
Thanks God, now after simply restarting my thinkfan, my notebook fan is automatically properly set to rotate!

Tags:
Posted in Linux, Linux and FreeBSD Desktop | 18 Comments »

« Older Entries
Newer Entries »