Posts Tagged ‘common’

« Older Entries
Newer Entries »

19th of August Ilindensko Preobrajenski Revolt – Bulgarian land liberation war Uprising on feast of Transfiguration

Monday, August 20th, 2012

Ilinden freedom or death flag Svoboda ili Smyrt slogan

On 19-th of August 1903 happened the Indensko Preobrajensko Vyzstanie – (Ilinden Transfiguration liberation revolt). This revolt is important moment for Bulgarian restoration modern history. At this time South Eastern part of Bulgaria was still under Ottoman Turkish Empire rule and there was huge internal tension between local population striving to liberate and unite with rest of bulgarian lands.

The revolt was planned to raise some publicity in western world and show that the lands of Strandzha mountain are belonging to the newly established Russian liberated restored Bulgaria. Ilindensko Preobrazhenski Uprising was preceded by another revolt which happened in nowdays Macedonian lands near the city of Ohrid. The revolt is named under Ilindensko Preobrajensko Vyzstanie name because actually, the 2 revolts were perceived as one common effort to liberate and unite ex-Bulgarian empire territories with mainly Bulgarian and Serbian population to the newly re-establed Bulgarian land. Ilinden is important day for Bulgarian culture in english it means (Saint Elijah’s day) as the people of the early 20th century had strong faith the 2 revolts received a common name after the two Church feasts Ilinden (st. Elijah’s day) and Preobrazhenie (The day of Christ transfiguration). The revolt was organized and planned by the even to this day existing Bulgarian organizatoin VMROVytreshno Makedonska Revolicionna Organizatia – (Internal Macedonian Revolutionary Organization).
VMRO asks on a few times the then Bulgarian army to join them in the uprising efforts, but the then Bulgarian king refuses foreseeing that this could cause another war between the newly re-established 5 centuries unexistent Bulgaria with the still large and powerful Ottoman empire.
Chetata na Yane Sandanski Ilindensko preobrazhensko revolt

Though uprising was quickly brutally extinguished by Turkish as planned the revolt was able to raise a huge dispute about the so called “Bulgarian problem” and in 1913 part of Strandzha mountain was united with Bulgarian country. The Bulgarian population of the parts of Strandja mountain which remained in territory of Turish empire was forcefully chased to central Bulgaria.

Chetata na Yane Sandanski Ilindensko Preobrazhensko revolt uprising

The total number of “guerillas” who participated in two revolts was 26 000. This 26 000 bravehearts faced enormous 350 000 people Turkish army! Of course the outcomes of this uniqeual powers were clear. Still some members of the uprising held hopes thta maybe Russia or some of the western countries would help them with provisions and people “reinforcements”. 994 “guerillas” died in the uprising.

Zname ohrid flag ohrid cheta Peter Chaulev

The turkish army demolished 201 peaceful people villages (12 440 houses!) and killed brutally 4 694 (peaceful inhabitants in this number kids and woman) by slaughtering and burning them alive. 30 000 of people from the ravaged villages escaped from their homelands and become refugees in Bulgaria. As one can guess whole Civillized Europe was in shock that in 20th century such a blood bath could happen in Europe ….

Tags: , , , , , , , , ,
Posted in Everyday Life, Various | No Comments »

How to Turn Off, Suppress PHP Notices and Warnings – PHP error handling levels via php.ini and PHP source code

Friday, April 25th, 2014

php-logo-disable-warnings-and-notices-in-php-through-htaccess-php-ini-and-php-code

PHP Notices are common to occur after PHP version upgrades or where an obsolete PHP code is moved from Old version PHP to new version. This is common error in web software using Frameworks which have been abandoned by developers.

Having PHP Notices to appear on a webpage is pretty ugly and give a lot of information which might be used by malicious crackers to try to break your site thus it is always a good idea to disable PHP Notices. There are plenty of ways to disable PHP Notices

The easiest way to disable it is globally in all Webserver PHP library via php.ini (/etc/php.ini) open it and make sure display_errors is disabled:

display_errors = 0

or

display_errors = Off

Note that that some claim in PHP 5.3 setting display_errors to Off will not work as expected. Anyways to make sure where your loaded PHP Version display_errors is ON or OFF use phpinfo();

It is also possible to disable PHP Notices and error reporting straight from PHP code you need code like:

 

<?php
// Turn off all error reporting
error_reporting(0);
?>

 

or through code:

 

ini_set('display_errors',0);


PHP has different levels of error reporting, here is complete list of possible error handling variables:

 

 

 

<?php
// Report simple running errors

error_reporting(E_ERROR | E_WARNING | E_PARSE);

// Reporting E_NOTICE can be good too (to report uninitialized
// variables or catch variable name misspellings …)

error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);

// Report all errors except E_NOTICE
// This is the default value set in php.ini

error_reporting(E_ALL ^ E_NOTICE);
// Report all PHP errors (see changelog)

error_reporting(E_ALL);
// Report all PHP errors error_reporting(-1);
// Same as error_reporting(E_ALL);

ini_set('error_reporting', E_ALL); ?>

The level of logging could be tuned on Debian Linux via /etc/php5/apache2/php.ini or if necessary to set PHP log level in PHP CLI through /etc/php5/cli/php.ini with:

error_reporting = E_ALL & ~E_NOTICE

 

If you need to remove to remove exact warning or notices from PHP without changing the way  PHPLib behaves is to set @ infront of variable or function that is causing NOTICES or WARNING:
For example:
 

@yourFunctionHere();
@var = …;


Its also possible to Disable PHP Notices and Warnings using .htaccess file (useful in shared hosting where you don't have access to global php.ini), here is how:

# PHP error handling for development servers
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
php_value error_log /home/path/public_html/domain/php_errors.log
php_value error_reporting -1
php_value log_errors_max_len 0

This way though PHP Notices and Warnings will be suppressed errors will get logged into php_error.log

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in PHP, Programming, System Administration, Web and CMS | 4 Comments »

Shutdown tomcat server node in case of memory depletion – Avoiding Tomcat Out of memory

Friday, June 6th, 2014

fix-avoid-tomcat-out-of-memory-logo

Out Of Memory Errors, or OOMEs, are one of the most common problems faced by Apache Tomcat users. Tomcat cluster behind Apache unreachable (causing customer downtimes). OOME errors occur on production servers that are experiencing an unusually high spike of traffic.

Out of memory errors are usually a problem of application and not of Tomcat server. OMEs have become such a persistent topic of discussion in the Apache Tomcat community cause its so difficult to trace to their root cause. Usually 'incorrect' web app code causing Tomcat to run out of memory is usually technically correct.

Most common reasons for Out of Memory errors in application code are:
 

  •     the heap size being too small
  •     running out of file descriptors
  •     more open threads than the host OS allows
  •     code with high amounts of recursion
  •     code that loads a very large file into memory
  •     code that retaining references to objects or classloaders
  •     a large number of web apps and a small PermGen


The following java option -XX:OnOutOfMemoryError= could be added to any of tomcat java application servers in setenv.sh in  JAVA_OPTS= variable in case of regular Out of Memory errors occur making an application unstable.

-XX:OnOutOfMemoryError=<path_to_tomcat_shutdown_script.sh>

Where < path_to tomcat_shutdown_script.sh > is shutdown script(which performs kill <tomcat_pid> if normal shutdown fails) for the tomcat instance.

With this setup if any tomcat instance run out of memory it will be shutdown (shutdown script invoked) – as result the Apache proxy infront of Tomcats should not pass any further requests to this instance and application will visualize / work properly for end customers.

Usually a tomcat_shutdown_script.sh to invoke in case of OOM would initiate a Tomcat server restart something like:

for i in `ps -ef |grep tomcat |grep /my_path_to_my_instance | awk '{print $2}'`
do
kill -9 "$i"
#path and script to start tomcat
done

To prevent blank pages returned to customer because of shutdown_script.sh starting stopping Tomcat you can set in Reverse Apache Proxy something like:
 

<Proxy balancer://mycluster>
   BalancerMember ajp://10.16.166.48:11010/ route=delivery1 timeout=30 retry=1
   BalancerMember ajp://10.16.166.70:11010/ route=delivery2 timeout=30 retry=1
</Proxy>

Where in above example I assume, there are only two tomcat nodes, for more just add respective ones.

Note that if the deployed application along all servers is having some code making it crash all tomcat nodes can get shutdown all time and you can get in a client havoc 🙂

Tags: , , , , , , , , , , ,
Posted in Everyday Life, System Administration, Various, Web and CMS | 2 Comments »

Apache increase loglevel – Increasing Apache logged data for better statistic analysis

Tuesday, July 1st, 2014

apache-increase-loglevel-howto-increasing-apache-logged-data-for-better-statistic-analysis
In case of development (QA) systems, where developers deploy new untested code, exposing Apache or related Apache modules to unexpected bugs often it is necessery to increase Apache loglevel to log everything, this is done with:

 

LogLevel debug

LogLevel warn is common logging option for Apache production webservers.
 

Loglevel warn


in httpd.conf is the default Apache setting for Log. For some servers that produce too many logs this setting could be changed to LogLevel crit which will make the web-server log only errors of critical importance to webserver. Using LogLevel debug setting is very useful whether you have to debug issues with unworking (failing) SSL certificates. It will give you whole dump with SSL handshake and reason for it failing.

You should be careful before deciding to increasing server log level, especially on production servers.
Increased logging level puts higher load on Apache webserver, as well as produces a lot of gigabytes of mostly useless logs that could lead quickly to filling all free disk space.

If you  would like to increase logged data in access.log / error.log, because you would like to perform versatile statistical analisys on daily hits, unique visits, top landing pages etc. with Webalizer, Analog or Awstats.

Change LogFormat and CustomLog variables from common to combined.

By default Apache is logging with following LogFormat and Customlog
 

LogFormat "%h %l %u %t "%r" %>s %b" common
CustomLog logs/access_log common


Which will be logging in access.log format:

 

127.0.0.1 – jericho [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326


Change it to something like:

 

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"" combined CustomLog log/access_log combined


This would produce logs like:

127.0.0.1 – jericho [10/Oct/2000:13:55:36 -0700] “GET /apache_pb.gif HTTP/1.0” 200 2326 “http://www.example.com/start.html” “Mozilla/4.08 [en] (Win98; I ;Nav)"

 

Using Combined Log Format produces all logged information from CustomLog … common, and also logs the Referrer and User-Agent headers, which indicate where users were before visiting your Web site page and which browsers they used. You can read rore on custom Apache logging tailoring theme on Apache's website

Tags: , , , , , , , , , ,
Posted in Everyday Life, Various, Web and CMS | No Comments »

Merge (convert) multiple PDF files into one single PDF – Generate one pdf from many on Linux / Windows and Mac

Wednesday, August 6th, 2014

merge-convert-many-pdf-files-to-single-one-generate-one-pdf-from-many-pdf-files-linux-windows-mac-pdftk-logo
I was looking for English Orthodox Bible translation of the Old Testament (Septuagint Version) and found such divided in many pdf files. I wanted to create a common (single) PDF from all the separate Old Testamental Book files in order to put it online as it might be convenient for English native speakers to download and later read offline on their computers the Old Testament Orthodox version Holy Bible.

Before I explain how I did it I will make a short turn to explain few things about Septuagint, as this is probably interesting stuff, you might not know.

Septuagint (also referred as LXX or the Alexandrian Canon) – Is Translation of the Hebrew Bible and some related text in Koine Greek) by legendary 70 Jewish scholars as early as the 2nd century BC. Just for those interested in Christianity it is curious fact that the number of Old Testament books are different among Protestant, Roman Catholic and Orthodox Christians, whether the number of New Testament books are the same in Catholics, Protestant and Orthodox.

So How Many books are in Roman Catholic, Protestant and Orthodox Old Testament Holy Bible?

The Old Testament in Orthodox Holy Bible version has 50 (where Slavonic versions of the bible include also +2 More which are the  Edras books), whether protestant Holy Bible includes only 39 books in old testament and Roman Catholics has 46 old testamental books in there bibles. The reason why Protestants choose to have less books (only 39) is some of the books in the Roman Catholic and Orthodox Church are Apocryphal are referred to as the Apocryphal, or Deuterocanonical books this doesn't mean that the extra 8 Books in Orthodox Bibles are not God Inspired, this means, they don't have the historic authenticity as the early Church accepted canonicals.

The Orthodox Church accepted the Septuagint LXX as divinely inspired to be used in Church.

Now back to how I managed to merge (convert) multiple PDF files into single PDF on my Debian Linux home router.

My first attempt was with ImageMagick's convert (in the same manner as I used to generate PDF files from pictures earlier), e.g.:
 

convert intro.pdf genesis.pdf exodus.pdf leviticus.pdf numbers.pdf deuteronomy.pdf … SINGLE-FILE.PDF

I waited for convertion to complete quite long but it seemed looping so finally after 7 minutes I stopped it and decided to try with something else and, after quick search I found pdftk.

pdftk has plenty of functions and is great for anyone who needs to do Merge / Split Update / Encrypt / Repair corrupted PDFs on Linux:

 apt-cache show pdftk |grep -i desc -A 17
Description: tool for manipulating PDF documents
 If PDF is electronic paper, then pdftk is an electronic stapler-remover,
 hole-punch, binder, secret-decoder-ring, and X-Ray-glasses. Pdftk is a
 simple tool for doing everyday things with PDF documents. Keep one in the
 top drawer of your desktop and use it to:
  – Merge PDF documents
  – Split PDF pages into a new document
  – Decrypt input as necessary (password required)
  – Encrypt output as desired
  – Fill PDF Forms with FDF Data and/or Flatten Forms
  – Apply a Background Watermark
  – Report PDF on metrics, including metadata and bookmarks
  – Update PDF Metadata
  – Attach Files to PDF Pages or the PDF Document
  – Unpack PDF Attachments
  – Burst a PDF document into single pages
  – Uncompress and re-compress page streams
  – Repair corrupted PDF (where possible)

To install pdftk on Debian Linux Lenny / Wheezy:

apt-get install –yes pdftk

After installed to convert a number of separate PDF files into single (merged) PDF file:
 

pdftk file1.pdf file2.pdf file3.pdf cat output single-merged-pdf-file.pdf

 

 

pdftk intro.pdf genesis.pdf exodus.pdf leviticus.pdf numbers.pdf deuteronomy.pdf joshua.pdf judges.pdf ruth.pdf kingdoms_1.pdf kingdoms_2.pdf kingdoms_3.pdf kingdoms_4.pdf paraleipomenon_1.pdf paraleipomenon_2.pdf esdras_1.pdf esdras_2.pdf nehemiah.pdf tobit.pdf judith.pdf esther.pdf maccabees_1.pdf maccabees_2.pdf maccabees_3.pdf psalms.pdf job.pdf proverbs_of_solomon.pdf ecclesiastes.pdf song_of_songs.pdf wisdom_of_solomon.pdf wisdom_of_sirach.pdf hosea.pdf amos.pdf micah.pdf joel.pdf obadiah.pdf jonah.pdf nahum.pdf habbakuk.pdf zephaniah.pdf malachi.pdf isaiah.pdf jeremiah.pdf baruch.pdf lamentations_of_jeremiah.pdf an_epistle_of_jeremiah.pdf ezekiel.pdf daniel.pdf maccabees_4.pdf slavonic_appendix.pdf cat output Orthodox-English-translation-of-Old-Testament-Septuagint.pdf

And Hooray! It worked The resulting share Old Testament (Orthodox) English translation from Septuagint PDF is here

pdftk is also ported for Fedora / CentOS / RHEL etc. (RPM distros), so you to install it there:

yum -y install pdftk

Or if missing in repositories grab the respective pdf and

rpm -ivh pdftk-*yourarch.pdf

PDFtk has also Windows and Mac OS version just in case if you need to script Merging of multiple PDFs to single ones for more check out PDftk Server page homepage here

Tags: , , , , , , , , , , , , ,
Posted in Christianity, Curious Facts, Everyday Life, Linux, Linux and FreeBSD Desktop | 3 Comments »

Fixing Shellshock new critical remote bash shell exploitable vulnerability on Debian / Ubuntu / CentOS / RHEL / Fedora / OpenSuSE and Slackware

Friday, October 10th, 2014

Bash-ShellShock-remote-exploitable-Vulnerability-affecting-Linux-Mac-OSX-and-BSD-fixing-shellshock-bash-vulnerability-debian-redhat-fedora-centos-ubuntu-slackware-and-opensuse
If you still haven’t heard about the ShellShock Bash (Bourne Again) shell remote exploit vulnerability and you admin some Linux server, you will definitely have to read seriously about it. ShellShock Bash Vulnerabily has become public on Sept 24 and is described in details here.

The vulnerability allows remote malicious attacker to execute arbitrary code under certain conditions, by passing strings of code following environment variable assignments. Affected are most of bash versions starting with bash 1.14 to bash 4.3.
Even if you have patched there are some reports, there are other bash shell flaws in the way bash handles shell variables, so probably in the coming month there will be even more patches to follow.

Affected bash flaw OS-es are Linux, Mac OS and BSDs;

• Some DHCP clients

• OpenSSL servers that use ForceCommand capability in (Webserver config)

• Apache Webservers that use CGi Scripts through mod_cgi and mod_cgid as well as cgis written in bash or launching bash subshells

• Network exposed services that use bash somehow

Even though there is patch there are futher reports claiming patch ineffective from both Google developers and RedHat devs, they say there are other flaws in how batch handles variables which lead to same remote code execution.

There are a couple of online testing tools already to test whether your website or certain script from a website is vulnerable to bash remote code executions, one of the few online remote bash vulnerability scanner is here and here. Also a good usable resource to test whether your webserver is vulnerable to ShellShock remote attack is found on ShellShocker.Net.

As there are plenty of non-standard custom written scripts probably online and there is not too much publicity about the problem and most admins are lazy the vulnerability will stay unpatched for a really long time and we’re about to see more and more exploit tools circulating in the script kiddies irc botnets.

Fixing bash Shellcode remote vulnerability on Debian 5.0 Lenny.

Follow the article suggesting how to fix the remote exploitable bash following few steps on older unsupported Debian 4.0 / 3.0 (Potato) etc. – here.

Fixing the bash shellcode vulnerability on Debian 6.0 Squeeze. For those who never heard since April 2014, there is a A Debian LTS (Long Term Support) repository. To fix in Debian 6.0 use the LTS package repository, like described in following article.

If you have issues patching your Debian Wheezy 6.0 Linux bash, it might be because you already have a newer installed version of bash and apt-get is refusing to overwrite it with an older version which is provided by Debian LTS repos. The quickest and surest way to fix it is to do literally the following:


vim /etc/apt/sources.list

Paste inside to use the following LTS repositories:

deb http://http.debian.net/debian/ squeeze main contrib non-free
deb-src http://http.debian.net/debian/ squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free
deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

Further on to check the available installable deb package versions with apt-get, issue:



apt-cache showpkg bash
...
...
Provides:
4.1-3+deb6u2 -
4.1-3 -
Reverse Provides:

As you see there are two installable versions of bash one from default Debian 6.0 repos 4.1-3 and the second one 4.1-3+deb6u2, another way to check the possible alternative installable versions when more than one version of a package is available is with:



apt-cache policy bash
...
*** 4.1-3+deb6u2 0
500 http://http.debian.net/debian/ squeeze-lts/main amd64 Packages
100 /var/lib/dpkg/status
4.1-3 0
500 http://http.debian.net/debian/ squeeze/main amd64 Packages

Then to install the LTS bash version on Debian 6.0 run:



apt-get install bash=4.1-3+deb6u2

Patching Ubuntu Linux supported version against shellcode bash vulnerability:
A security notice addressing Bash vulnerability in Ubuntus is in Ubuntu Security Notice (USN) here
USNs are a way Ubuntu discloses packages affected by a security issues, thus Ubuntu users should try to keep frequently an eye on Ubuntu Security Notices

apt-get update
apt-get install bash

Patching Bash Shellcode vulnerability on EOL (End of Life) versions of Ubuntu:

mkdir -p /usr/local/src/dist && cd /usr/local/src/dist
wget http://ftpmirror.gnu.org/bash/bash-4.3.tar.gz.sig
wget http://ftpmirror.gnu.org/bash/bash-4.3.tar.gz
wget http://tiswww.case.edu/php/chet/gpgkey.asc
gpg --import gpgkey.asc
gpg --verify bash-4.3.tar.gz.sig
cd ..
tar xzvf dist/bash-4.3.tar.gz
cd bash-4.3
mkdir patches && cd patches
wget -r --no-parent --accept "bash43-*" -nH -nd
ftp.heanet.ie/mirrors/gnu/bash/bash-4.3-patches/ # Use a local mirror
echo *sig | xargs -n 1 gpg --verify --quiet # see note 2

cd ..
echo patches/bash43-0?? | xargs -n 1 patch -p0 -i # see note 3 below

./configure --prefix=/usr --bindir=/bin
--docdir=/usr/share/doc/bash-4.3
--without-bash-malloc
--with-installed-readline

make
make test && make install

To solve bash vuln in recent Slackware Linux:

slackpkg update
slackpkg upgrade bash

For old Slacks, either download a patched version of bash or download the source for current installed package and apply the respective patch for the shellcode vulnerability.
There is also a GitHub project “ShellShock” Proof of Concept code demonstrating – https://github.com/mubix/shellshocker-pocs
There are also non-confirmed speculations for bash vulnerability bug to impact also:

Speculations:(Non-confirmed possibly vulnerable common server services):

• XMPP(ejabberd)

• Mailman

• MySQL

• NFS

• Bind9

• Procmail

• Exim

• Juniper Google Search

• Cisco Gear

• CUPS

• Postfix

• Qmail

Fixing ShellShock bash vulnerability on supported versions of CentOS, Redhat, Fedora

In supported versions of CentOS where EOL has not reached:

yum –y install bash

In Redhat, Fedoras recent releases to patch:

yum update bash

To upgrade the bash vulnerability in OpenSUSE:

zipper patch –cve=CVE-2014-7187

Shellcode is worser vulnerability than recent SSL severe vulnerability Hearbleed. According to Redhat and other sources this new bash vulnerability is already actively exploited in the wild and probably even worms are crawling the net stealing passwords, data and building IRC botnets for remote control and UDP flooding.

Tags: , , , , , , , , , , ,
Posted in Computer Security, Everyday Life, FreeBSD, Linux, System Administration, Various | 1 Comment »

Manually deleting spam comments from WordPress blogs and websites to free disk space and optimize MySQL

Monday, November 24th, 2014

WordPress-delete_spam_comments_manually_with_sql_query_to-optimize_mysql-and-free-disk-space
If you're a web-hosting company or a web-development using WordPress to build multitudes of customer blogs or just an independent blogger or sys-admin with a task to optimize a server's MySQL allocated storage  / performance on triads of WordPress-es a a good tip that would help is to removing wp_comments marked as spam.

Even though sites might be protected of thousands of spam message daily caught by WP anti-spam plugin Akismet, spam caught messages aer forwarder by Akismet to WP's Spam filter and kept wp_comments table with comments_approved column  record 'spam'.

Therefore you will certainly gain of freeing disk space uselessly allocated by spam messages into current MySQL server storage dir (/var/lib/mysql   /usr/local/mysql/data – the directory where my.cnf tells the server to keep its binary data .MYI, .MYD, .frm files) as well as save a lot of disk space by excluding the useless spam messages from SQL daily backup archives.

Here is how to remove manually spam comments from a WordPress blog under database (wp_blog1);

mysql> use wp_blog1;
mysql> describe wp_comments;
+———————-+———————+——+—–+———————+—————-+
| Field | Type | Null | Key | Default | Extra |
+———————-+———————+——+—–+———————+—————-+
| comment_ID | bigint(20) unsigned | NO | PRI | NULL | auto_increment |
| comment_post_ID | bigint(20) unsigned | NO | MUL | 0 | |
| comment_author | tinytext | NO | | NULL | |
| comment_author_email | varchar(100) | NO | | | |
| comment_author_url | varchar(200) | NO | | | |
| comment_author_IP | varchar(100) | NO | | | |
| comment_date | datetime | NO | | 0000-00-00 00:00:00 | |
| comment_date_gmt | datetime | NO | MUL | 0000-00-00 00:00:00 | |
| comment_content | text | NO | | NULL | |
| comment_karma | int(11) | NO | | 0 | |
| comment_approved | varchar(20) | NO | MUL | 1 | |
| comment_agent | varchar(255) | NO | | | |
| comment_type | varchar(20) | NO | | | |
| comment_parent | bigint(20) unsigned | NO | MUL | 0 | |
| user_id | bigint(20) unsigned | NO | | 0 | |
+———————-+———————+——+—–+———————+—————-+


The most common and quick way useful for scripting (whether you have to do it for multiple blogs with separate dbs) is to delete all comments being filled as 'Spam'.

To delete all messages which were filled by Akismet's spam filter with high probabily being a spam issue from mysql cli interface:

DELETE FROM wp_comments WHERE comment_approved = 'spam';


For Unread (Unapproved) messages the value of comment_approved field are 0 or 1, 0 if the comment is Red and Approved and 1 if still it is to be marked as read (and not spam).
If a wordpress gets heavily hammered with mainly spam and the probability that unapproved message is different from spam is low and you want to delete any message waiting for approvel as not being spam from wordpress use following SQL query:

DELETE FROM wp_comments WHERE comment_approved = 0;

Another not very common you might want to do is delete only all apprved comments:

DELETE FROM wp_comments WHERE comment_approved = 1;

For old installed long time unmaintained blogs (with garbish content), it is very likely that 99% of the messages might be spam and in case if there are already >= 100 000 spam messages and you don't have the time to inspect 100 000 spam comments to get only some 1000 legitimate and you want to delete completely all wordpress comments for a blog in one SQL query use:

TRUNCATE wp_comments;

Another scenario if you know a blog has been maintained until certain date and comments were inspected and then it was left unmaintained for few years without any spam detect and clear plugin like Akismet, its worthy to delete all comments starting from the date wordpress site stopped to be maintained:

DELETE FROM wp_comments WHERE comment_date > '2008-11-20 05:00:10' AND comment_date <= '2014-11-24 00:30:00'

Tags: , , , , , , , , , , , , , ,
Posted in MySQL, System Administration, Various, Web and CMS, Wordpress | No Comments »

Disable Bluetooth on CentOS / RHEL (Redhat) / Fedora Linux servers – Disable hidd bluetooth devices

Thursday, January 29th, 2015

Disable_Bluetooth_on_CentOS_RHEL_Redhat_Fedora_Linux_servers_-_Disable_hidd_bluetooth_devices-logo

Bluetooth protocol on Linux is nice to have (supported) on Linux Desktop systems to allow easy communication wth PDAs, Tablets, Mobiles, Digital Cameras etc, However many newly purchased dedicated servers comes with Bluetooth support enabled which is a service rarely used, thus it is a good strong server security / sysadmin practice to remove the service supporting Blueetooth (Input Devices) on Linux hosts this is the hidd (daemon) service, besides that there are few Linux kernel modules to enable bluetooth support and removing it is also a very recommended practice while configuring new Production servers. 

Leaving Blueetooth enabled on Linux just takes up memory space and  potentially is a exposing server to possible security risk (might be hacked) remotely. 
Thus eearlier I've blogged on how bluetooth is disabled on Debian / Ubuntu Linux servers an optimization tuning (check) I do on every new server I have to configure, since administrating both RPM and Deb Linux distributions I usually also remove bluetooth hidd service support on every CentOS / RHEL / Fedora Linux – redhat  (where it is installed), here is how :

 

1. Disable Bluetooth in CentOS / RHEL Linux


a) First check whether hidd service is running on server:
 

[root@centos ~]# ps aux |grep -i hid
… 


b) Disable bluetooth services
 

[root@centos ~]# /etc/init.d/hidd stop
[root@centos ~]# chkconfig hidd off
[root@centos ~]# chkconfig bluetooth off
[root@centos ~]# /etc/init.d/bluetooth off


c) Disable any left Bluetooth kernel module (drivers), not to load on next server boot
 

[root@centos ~]# echo 'alias net-pf-31 off' >> /etc/modprobe.conf


If you don't need or intend to use in future server USBs it is also a good idea to disable USBs as well:
 

[root@centos ~]# lsmod|grep -i hid
usbhid                 33292  0
hid                    63257  1 usbhid
usbcore               123122  4 usb_storage,usbhid,ehci_hcd


[root@centos ~]# echo 'usbhid' >> /etc/modprobe.d/blacklist.conf
[root@centos ~]# echo 'hid' >> /etc/modprobe.d/blacklist.conf
[root@centos ~]# echo 'usbcore' >> /etc/modprobe.d/blacklist.conf

 

2. Disable Bluetooth on Fedora Linux

Execute following:
 

[hipo@fedora ~]# /usr/bin/sudo systemctl stop bluetooth.service
[hipo@fedora ~]# /usr/bin/sudo systemctl disable bluetooth.service

 
3. Disable Bluetooth on Gentoo / Slackware and other Linuces

An alternative way to disable bluetooth that should work across all Linux distributions / versions is:
 

[root@fedora ~]# su -c 'yum install rfkill'
[root@fedora ~]# su -c 'vi /etc/rc.d/rc.local'


Place inside, something like (be careful not to overwrite something, already execution on boot):
 

#!/bin/sh
rfkill block bluetooth
exit 0


4. Disable any other unnecessery loaded service on boot time

It is a good idea to also a good idea to check out your server running daemons, as thoroughfully as possible and remove any other daemons / kernel modules not being used by server.

To disable all unrequired services, It is useful to get a list of all enabled services, on RedHat based server issue:

 

[root@cento ~]#  chkconfig –list |grep "3:on" |awk '{print $1}'


 A common list of services you might want to disable if you're configuring (Linux, Apache, MySQL, PHP = LAMP) like server is:
 

chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off


In most cases you can just run script like this – centos-disable_non-required_essential_services_for_lamp_server.sh.
 

Another useful check the amount of services each of the running server daemons is using, here is how:
 

ps aux | awk '{print $4"t"$11}' | sort | uniq -c | awk '{print $2" "$1" "$3}' | sort -nr


Output of memory consumption check command is here

Tags: , , , , , , , , , , , ,
Posted in Bluetooth, Computer Security, Linux, Linux and FreeBSD Desktop, Remote System Administration, System Administration, Various | No Comments »

MySQL SSL Configure Howto – How to Make MySQL communication secured

Wednesday, January 15th, 2014

mysql-over-ssl-how-to-configure-logo how to configure ssl on mysql server

Recently I've been asked How to make communication to MySQL database encrypted. The question was raised by a fellow developer who works on developing a Desktop standalone application in Delphi Programming Language with DevArt an (SQL Connection Component capable to connect Delphi applications to multiple databases like MySQL, Oracle, PostgreSQL, Interbase, Firebird etc.

Communicating in Secured form to MySQL database is not common task to do, as MySQL usually communicates to applications hosted on same server or applications to communicate to MySQL are in secured DMZ or administrated via phpMyAdmin web interface.

MySQL supports encrypted connections to itself using Secure Socket Layer (SSL) encryption. Setting up MySQL db to be communicated encrypted is a must for standalone Desktop applications which has to extract / insert data via remote SQL.
Configuring SQL to support communicated queries encrpytion is supported by default and easily configured on most standard Linux version distributions (Debian, RHEL, Fedora) with no need to recompile it.
1. Generate SSL Certificates

$ mkdir /etc/mysql-ssl && cd mysql-ssl

# Create CA certificate
$ openssl genrsa 2048 > ca-key.pem
$ openssl req -new -x509 -nodes -days 3600 \
         -key ca-key.pem -out ca-cert.pem

Create server certificate, remove passphrase, and sign it
server-cert.pem is public key, server-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout server-key.pem -out server-req.pem
$ openssl rsa -in server-key.pem -out server-key.pem
$ openssl x509 -req -in server-req.pem -days 3600 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

Create client certificate, remove passphrase, and sign it
client-cert.pem is public key and client-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout client-key.pem -out client-req.pem
$ openssl rsa -in client-key.pem -out client-key.pem
$ openssl x509 -req -in client-req.pem -days 3600 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
After generating the certificates, verify them:

$ openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
 

2. Add SSL support variables to my.cnf

Once SSL key pair files are generated in order to active SSL encryption support in MySQL server, add to (/etc/my.cnf,  /etc/mysql/my.cnf, /usr/local/etc/my.cnf … ) or wherever config is depending on distro

# SSL
ssl-ca=/etc/mysql-ssl/ca-cert.pem
ssl-cert=/etc/mysql-ssl/server-cert.pem
ssl-key=/etc/mysql-ssl/server-key.pem
3. Restart MySQL server

/etc/init.d/mysqld restart
...

4. Create SQL user to require SSL login

Create new user with access to database;

GRANT ALL ON Sql_User_DB.* TO Sql_User@localhost;
FLUSH PRIVILEGES;
To create administrator privileges user:

GRANT ALL PRIVILEGES ON *.* TO ‘ssluser’@'%’ IDENTIFIED BY ‘pass’ REQUIRE SSL;
FLUSH PRIVILEGES;
5. Test SSL Connection with MySQL CLI client or with few lines of PHP

To use mysql cli for testing whether SSL connection works:

$ mysql -u ssluser -p'pass' –ssl-ca /etc/mysql-ssl/client-cert.pem –ssl-cert /etc/mysql-ssl/client-key.pem

Once connected to MySQL to verify SSL connection works fine:

mysql> SHOW STATUS LIKE 'Ssl_Cipher';
 +---------------+--------------------+
| Variable_name | Value              |
 +---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+

If you get this output this means MySQL SSL Connection is working as should.

Alternative way is to use test-mysqli-ssl.php script to test availability to mysql over SSL.

$conn=mysqli_init();
mysqli_ssl_set($conn, '/etc/mysql-ssl/client-key.pem', '/etc/mysql-ssl/client-cert.pem', NULL, NULL, NULL);
if (!mysqli_real_connect($conn, '127.0.0.1', 'ssluser', 'pass')) { die(); }
$res = mysqli_query($conn, 'SHOW STATUS like "Ssl_cipher"');
print_r(mysqli_fetch_row($res));
mysqli_close($conn);
Note: Change username password according to your user / pass before using the script

That's all now you have mysql communicating queries data over SSL

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in MySQL, System Administration, Web and CMS | No Comments »

Testing Qmail installation for problems: Common reasons for unworking qmail / How to debug Qmail mail server failing to delivery or send emails

Friday, November 9th, 2012

Testing qmail installation for problemes finding qmail common component failures

Through my 10 years of experience  in managing and "life with qmail", I've at many times had to deal with suddenly broken or misconducting, qmail installs. With some of them the problems started during new Qmail install configuration time, with others QMAIL worked perfectly for years and then suddenly it stopped working. Nomatter what the situation was, there was a kind of "scenario" and common things to check to debug and find out what is causing the respective qmail installation to not work. In this little, article I will try to share my knowledge in hope that others which configure new QMAIL based mail servers or are in situation to need to recover – "resurrect" a one that suddenly stopped working qmail to its normal operations.

Here are few cases , there are many more, probably hundreds of reasons which might be causing Qmail + Vpopmail  to stop properly delivering e-amails but  as this ones ones are really most likely ones just checking them gives a good clue What is going wrong with  Qmail?.:

  • Something broke up with scheduled daemontools processes;
  • There is no hard disk (the disk is full) and Qmai is unable to writeinside its mail Queue directories (/var/qmail/queue) or Spamassassin or AntiVirus programs fails to write on disk
  • qmail-scanner-queue.pl ( /var/qmail/bin/qmail-scanner-queue.pl ) perl script is messed up or if using simscan to do antivirus check-ups instead simscan is failing somewhere
  • something messed up with /var/qmail/control/rcpthosts
  • something messed up with /var/qmail/control/validrcptto.txt or /var/qmail/control/validrcptto.cdb
  •  incorrect main server host in /var/qmail/control/me or /var/qmail/control/plusdomain
  • Messed up vpopmail (virtual domain) records in /var/qmail/control/virtualdomains file
  • problems with insufficient memory (whether there is a softlimit memory limit for /service/qmail-smtpd/run (qmail daemontools start up and monitoring script) – /usr/local/bin/softlimit is no longer proposed used by newer qmail guides but in older ones it was common to appear in /../qmail-smtpd/run
  • Something is wrong with clamd (/usr/sbin/clamd – for example crashed due to bug) or something is wrong with clamav database ( /var/lib/clamav or wherever set to be stored; on some installs /usr/local/lib/clamav) – there most commonly main.cvd and daily.cld break up during freshclam clamav database update.
  • As freshclam takes care for AntiVirus database updates it is good to check it is properly running, either as a service or via a cronjob
  • Assure there are no mistakes or wrong (unexistent) variables in /etc/tcp.smtp file or / and /etc/tcp.smtp.cdb is not broken
  • Permission issues with; qmail main binaries in /var/qmail/bin/ , queue files – /var/qmail/queue or qmail log files /var/log/qmail/…

As I said there are plenty of other possible, reasons but I listed this here, since they're the most common reasons for problems with sent or receive of messages with Qmail mail server.

Checking all of the above and making sure they're okay, I've checked daemontools readprodctitle process as it often signalize for problems with any part of qmail install, there all seemed normal no warnings and errors, e.g.:

qmail:~# ps ax|grep -i -E 'clam|freshclam|spam|vpopmail'
2241 ? Ssl 3:49 /usr/sbin/clamd
2408 ? Ss 11:54 /usr/bin/freshclam -d --quiet
2853 ? S 0:00 tcpserver -H -R -v -c100 0 110 qmail-popup mail.www.pc-freak.net /home/vpopmail/bin/vchkpw qmail-pop3d Maildir
2856 ? S 0:01 tcpserver -vR -l /var/qmail/control/me -c 30 -u 89 -g 89 -x /etc/tcp.smtp.cdb 0 25 rblsmtpd -t0 -r zen.spamhaus.org -r dnsbl.njabl.org -r dnsbl.sorbs.net -r bl.spamcop.net qmail-smtpd /var/qmail/control/me /home/vpopmail/bin/vchkpw /bin/true
2857 ? S 0:00 sslserver -e -vR -l mail.www.pc-freak.net -c 30 -u 89 -g 89 -x /etc/tcp.smtp.cdb 0 465 qmail-smtpd mail.www.pc-freak.net /home/vpopmail/bin/vchkpw /bin/true

qmail:~# ps ax|grep -i qmail
2840 ? S 0:00 supervise qmail-send
2844 ? S 0:00 supervise qmail-smtpd
2846 ? S 0:00 supervise qmail-pop3d
2848 ? S 0:00 supervise qmail-smtpdssl
2850 ? S 0:05 qmail-send
2852 ? S 0:00 multilog t n1024 s1048576 n20 /var/log/qmail/qmail-smtpdssl
2853 ? S 0:00 tcpserver -H -R -v -c100 0 110 qmail-popup mail.www.pc-freak.net /home/vpopmail/bin/vchkpw qmail-pop3d Maildir
2854 ? S 0:00 multilog t s100000 n20 /var/log/qmail/qmail-pop3d
2855 ? S 0:01 multilog t n1024 s1048576 n20 /var/log/qmail/qmail-smtpd
2856 ? S 0:01 tcpserver -vR -l /var/qmail/control/me -c 30 -u 89 -g 89 -x /etc/tcp.smtp.cdb 0 25 rblsmtpd -t0 -r zen.spamhaus.org -r dnsbl.njabl.org -r dnsbl.sorbs.net -r bl.spamcop.net qmail-smtpd /var/qmail/control/me /home/vpopmail/bin/vchkpw /bin/true
2857 ? S 0:00 sslserver -e -vR -l mail.www.pc-freak.net -c 30 -u 89 -g 89 -x /etc/tcp.smtp.cdb 0 465 qmail-smtpd mail.www.pc-freak.net /home/vpopmail/bin/vchkpw /bin/true
2858 ? S 0:01 multilog t n1024 s1048576 n20 /var/log/qmail/qmail-send
2868 ? S 0:01 qmail-lspawn ./Maildir
2869 ? S 0:00 qmail-rspawn
2870 ? S 0:00 qmail-clean
2871 ? S 0:04 qmail-todo
2872 ? S 0:01 qmail-clean
27742 pts/6 S+ 0:00 grep -i qmail

qmail:~# ps ax |grep -i readproc|grep -v grep
48060 ?        S      0:00 readproctitle service errors: ................................................................................................................................................................................................................................................................................................................................................................................................................
 

As you see  "….." signalize, all is fine with processes scheduled to run over daemontools process. If you instead get warnings or error messages usually the error will point you what is wrong with the qmail install. Common error, I've got over the years here especially on long time functionining qmail installs is insufficient disk space to write in qmail queue and log files.

Also above ps ax|grep -i -E 'clam|freshclam|spam|vpopmail'
shows all 3 clamd, freshclam and vpopmail are up and running so this most likely means all is good with them. Of course sometimes some of those 3 is working and there are problems with the services properly processing emails so it is always a good idea to read qmail log files, in most qmail installations qmail logs are located in /var/log/qmail .

Quickest way is to check all of the qmail related logs in a loop with something like:

qmail:~# for i in $(ls -d /var/log/qmail/*qmail*/); do tail -n 10 $i/current|tai64nlocal; sleep 5; done

Also it is always a good idea to check last 10 lines of clamav, freshclam, qmail-scanner and spamd logs:

qmail:~# tail -n 10 /var/log/qmail/clamav/clamav.log;
Fri Nov 9 06:52:28 2012 -> SelfCheck: Database status OK.
Fri Nov 9 07:52:28 2012 -> SelfCheck: Database status OK.
Fri Nov 9 08:52:28 2012 -> SelfCheck: Database status OK.
Fri Nov 9 09:52:28 2012 -> SelfCheck: Database status OK.
Fri Nov 9 10:52:29 2012 -> SelfCheck: Database status OK.
Fri Nov 9 11:57:29 2012 -> SelfCheck: Database status OK.
Fri Nov 9 12:57:29 2012 -> SelfCheck: Database status OK.
Fri Nov 9 14:14:35 2012 -> SelfCheck: Database status OK.
Fri Nov 9 15:33:46 2012 -> SelfCheck: Database status OK.
Fri Nov 9 16:33:46 2012 -> SelfCheck: Database status OK.

qmail:~# tail -n 10 /var/log/qmail/clamav/freshclam.log
Fri Nov 9 16:20:44 2012 -> --------------------------------------
Fri Nov 9 17:20:44 2012 -> Received signal: wake up
Fri Nov 9 17:20:44 2012 -> ClamAV update process started at Fri Nov 9 17:20:44 2012
Fri Nov 9 17:20:44 2012 -> WARNING: Your ClamAV installation is OUTDATED!
Fri Nov 9 17:20:44 2012 -> WARNING: Local version: 0.97.5 Recommended version: 0.97.6
Fri Nov 9 17:20:44 2012 -> DON'T PANIC! Read http://www.clamav.net/support/faq
Fri Nov 9 17:20:44 2012 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Fri Nov 9 17:20:44 2012 -> daily.cld is up to date (version: 15557, sigs: 284869, f-level: 63, builder: jesler)
Fri Nov 9 17:20:44 2012 -> bytecode.cld is up to date (version: 191, sigs: 37, f-level: 63, builder: neo)
Fri Nov 9 17:20:46 2012 ->
--------------------------------------

qmail:~# tail -n 10 /var/log/qmail/qscan/qmail-queue.log
Fri, 09 Nov 2012 13:14:35 EET:14705:
from='noreply@theitjobboard.eu', subj='Network Developer', via SMTP from oy-ip-034.smwebhost.com
Fri, 09 Nov 2012 13:14:44 EET:14705: ------ Process 14705 finished. Total of 8.846395 secs
Fri, 09 Nov 2012 15:04:27 EET:21979: +++ starting debugging for process 21979 (ppid=21969) by uid=89
Fri, 09 Nov 2012 15:04:27 EET:21979: g_e_h: return-path='hipo@www.pc-freak.net', recips='sandy.richardson@hyperionrecruitment.com'
Fri, 09 Nov 2012 15:04:27 EET:21979: from='"G. Georgiev" ', subj='Re: Network Developer', via SMTP from ip156-108-174-82.adsl2.static.versatel.nl using auth (hipo@www.pc-freak.net@ip156-108-174-82.adsl2.static.versatel.nl)
Fri, 09 Nov 2012 15:04:34 EET:21979: ------ Process 21979 finished. Total of 6.626484 secs
Fri, 09 Nov 2012 15:33:46 EET:23891: +++ starting debugging for process 23891 (ppid=23884) by uid=89
Fri, 09 Nov 2012 15:33:46 EET:23891: g_e_h: return-path='sdy.richardson@hyperionrecruitment.com', recips='hipo@www.pc-freak.net'
Fri, 09 Nov 2012 15:33:46 EET:23891: from='"Sandy Richardson" ', subj='RE: Network Developer', via SMTP from
ostrich.dnsmaster.net

qmail:~# tail -n 10 /var/log/spamd/current |tai64nlocal 2012-11-09 16:25:43.091680500 Nov 9 15:04:27.858 [22049] info: spamd: connection from localhost [127.0.0.1] at port 54494
2012-11-09 16:25:43.091683500 Nov 9 15:04:27.948 [22049] info: spamd: checking message <509CFF4F.9030601@www.pc-freak.net> for qscand:89
2012-11-09 16:25:43.091684500 Nov 9 15:04:33.837 [22049] info: spamd: clean message (0.0/5.0) for qscand:89 in 6.0 seconds, 1104 bytes.
2012-11-09 16:25:43.091690500 Nov 9 15:04:33.838 [22049] info: spamd: result: . 0 - scantime=6.0,size=1104,user=qscand,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=54494,mid=<509CFF4F.9030601@www.pc-freak.net>,autolearn=ham
2012-11-09 16:25:43.091692500 Nov 9 15:04:34.077 [22043] info: prefork: child states: II
2012-11-09 16:25:43.091692500 Nov 9 15:33:53.626 [22049] info: spamd: connection from localhost [127.0.0.1] at port 54681
2012-11-09 16:25:43.091696500 Nov 9 15:33:53.656 [22049] info: spamd: checking message <05e201cdbe7e$d1c83c90$7558b5b0$@hyperionrecruitment.com> for qscand:89
2012-11-09 16:25:43.091697500 Nov 9 15:33:59.467 [22049] info: spamd: clean message (0.0/5.0) for qscand:89 in 5.8 seconds, 33845 bytes.
2012-11-09 16:25:43.091698500 Nov 9 15:33:59.467 [22049] info: spamd: result: . 0 - scantime=5.8,size=33845,user=qscand,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=54681,mid=<05e201cdbe7e$d1c83c90$7558b5b0$@hyperionrecruitment.com>,autolearn=ham
2012-11-09 16:25:43.091702500 Nov 9 15:33:59.506 [22043] info: prefork: child states: II

Whether observing, some of above logs reveals problems to delivery e-mail messages because e-mail boxes are not existing in  /var/qmail/control/validrcptto.cdb – this often happens whether new e-mail boxes are created and the new mail somehow did not enter validrcptto.txt / validrcptto.cdb , you will have to re-build validrcptto.cdb. Rebuilding validrcptto.cdb manually is done with cmd:
br />  

qmail:~# /usr/local/bin/mkvalidrcptto > /var/qmail/control/validrcptto.txt qmail:~# cdbmake-12 /var/qmail/control/validrcptto.cdb /var/qmail/control/validrcptto.tmp < /var/qmail/control/validrcptto.txt

Of course, if the qmail was already properly installed with validrcptto support, this should be done automatically with some cron job set to invoke above commands every 5 minutes or so. In Thibs QmailRocks followed install the script is called /usr/sbin/update-validrcptto and is set to exec every 5 mins.
 

If spamassassin is configured to automatically update its set of anti-spam rules, via some cron job or smth. it is always a good idea to check if spamassassin, properly loads up does not fail due to some antispam rule:

qmail:~# spamassassin --lint -D ...
....

You will have to examine carefully, the long returned content for "warning" and "error" keywords. If you don't won't to bother with details you can do, spamassassin –lint

Another good idea whether problems with qmail is of course to rebuild tcpserver cdb file for smtp – this usually solves problems caused by broken /etc/tcp.smtp.cdb.cdb files.

Re-building manually tcp.smtp.cdb is done with:
qmail:~# tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
qmail:~# chmod 644 /etc/tcp.smtp.cdb

However, most qmail installation guides recommend or set a qmailctl bash script file, to start / stop / reload / flush qmail queue or simply get status of the qmail installation, so it much easier to rebuild tcp.smtp.cdb through it:
qmail:~# qmailctl cdb
Reloaded /etc/tcp.smtp.

Checking the status of the Qmail Queue state and fixing issues with it can be done using little external tool qmHandle – check my previous article ( Cleaning Qmail filled queue with Spam messages )

To check the basic qmail compontents (qmail-send, qmail-smtpd , qmail-smtpdssl)do:

qmail:~# qmailctl stat
/service/qmail-send: up (pid 2850) 1886193 seconds
/service/qmail-send/log: up (pid 2858) 1886193 seconds
/service/qmail-smtpd: up (pid 2856) 1886193 seconds
/service/qmail-smtpd/log: up (pid 2855) 1886193 seconds
/service/qmail-smtpdssl: up (pid 2857) 1886193 seconds
/service/qmail-smtpdssl/log: up (pid 2852) 1886193 seconds
messages in queue: 2
messages in queue but not yet preprocessed: 0

Another good practice if you have doubts that something is messed with qmail-queue is to check what is waiting to be send in queue:

qmail:~# qmail-qstat
messages in queue: 2
messages in queue but not yet preprocessed: 0

In above paste, from my mail server I have just 2 mails, if you however notice here some large numbers like 5000 or 10000, this might be the cause for asetbacks. If you have plenty of undelivered mails waiting in mail server queue, examine the queue:

qmail:~# qmail-qread ....
.....
Of course it is sometimes, possible to be in situation, where more than one components are creating mail server's sent / receive delivery issues. Anyhow doing a close examination of all possible components usually should (if not reveal what causes the issue) at least give you some pointer to where to search for the problem.

Also for qmail installations based on QmailRocks or Thibs QmailRocks guide, there is a tiny shell script provided, that does evaluation on standard qmail files permissions and binary locations and reports, whether it finds problems with some of them. You can fetch a copy of the qmr_inst_check from here . Although the script is created to check a newly install qmail for problems, it also often helps in determining issues with qmails who mysteriously stopped working.

If you suspect, there are::

Well that's it. Hope this little walk through give you idea where to check on troublesome Qmail install. Please leave a comment if it help you (somehow) solve your issue. Also will be glad to hear if I'm missing somethingi'm sure I am.

Tags: , , , , ,
Posted in Qmail, System Administration, Various | 2 Comments »

« Older Entries
Newer Entries »