How to configure an SMTP Black Hole

Requirement:  Build a web server that will receive email for a particular domain and discard it immediately (and silently).

I started with a canned Debian 9 system at OVH, but this should work with other and older Debian versions too.

Log in as root and make sure you’re all up to date:

Set your hostname.

Install postfix

Now we can configure aliases and postfix.

Now watch the mail log and see everthing addressed to @fakemail.ca go to /dev/null

Example log entries for an email going to /dev/null:

Remove junk from a default Debian Linux install

Just some stuff to get rid of when building a basic-ish LAMP server in a VM:

 

Move swap partitions off of RAID1 array

After upgrading my new server from Lenny to Squeeze, I noticed that the iWeb default install on this machine had the swap partition on a mirror.  Not that I expect this machine to be doing much swapping, but I figured I should fix it anyways.  To destroy the array and make those partitions “plain” swap partitions, follow these steps:

I mainly wanted to do this so that if the swap space is ever actually being used, the system won’t have to mirror every write to the other drive.  I’ve also read that linux is smart enough to distribute writes to swap space between partitions if more than one are available, which makes sense to me but I’d have to confirm that rumor.  This change will potentially cut down on a bunch of CPU usage and IO at some point in the future, and a side benefit to doing this is that we have increased the amount of swap space from 2GB on this system to 4GB.

Still don’t want to ever use it though…  😉

Upgrade iWeb “SmartServer” from Debian Lenny to Squeeze

iWeb currently only offers Debian Lenny as a pre-install option on these servers, but since Lenny is dead as of February 2012 I wanted to start with Squeeze.  I tried the upgrade process from the debian.org site linked below first, but my server didn’t reboot properly after the GRUB2 install and I couldn’t even connect to the VNC console of my VM.  Since the hardware is about a bazillion miles away I don’t know if there’s anything I could have done from the console to fix grub and rescue the install; my only option was the auto re-image in the iWeb control panel.  I re-imaged the server with Lenny and while that was happening I did a bunch of reading about other people having fun with the new grub.

This is just a quick step-by-step.  Basically the standard instructions break grub-pc (GRUB2) on this Xen-based system.  Follow along until the end, then remove grub-pc and re-install grub-legacy.  Your system will then be ready to go!

All of this information is here: http://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html but this page is far less reading.

Also, if your system is not a “stock” Lenny install, i.e. with 3rd party deb sources and a bunch of custom stuff, your mileage may vary.  I did this to a fresh, new server before anything else.

*Answering “NO” here tells the installation script to just go ahead and fully install GRUB2 and not mess with the legacy grub .conf file and fart around with chainloading and stuff.  I just felt better uninstalling a “complete” GRUB2 install rather than a half-assed hodge-podge of grubbery.

Sheevaplug – 512MB is just not enough…

OK, so I still have about 200MB of free space on the on-board flash in my Sheevaplug, but there would be much less shuffling things around and cleaning of things like the apt cache if there was a bigger flash chip in there. And it would be cool to have room for X and Gnome and Apache and MySQL and a bunch of junk, just like a real computer.

You’d think I could find one (a Hynix H27UAG8T2B that is) on eBay or something… or find someone to send me a sample even. Maybe Hynix just developed the 16Gb version and didn’t actually manufacture any… who knows.

Anyways, I thought I’d post some scans of the Sheevaplug motherboard anyways, since I couldn’t seem to find any good ones anywhere and had to crack mine open to see what kind of chip I was going to need.

phpMyAdmin – Wrong permissions on configuration file, should not be world writable!

[vc_row][vc_column][vc_column_text]If you install phpMyAdmin on your web host and all you see when you access www.yoursite.com/phpmyadmin (or whatever) is “Wrong permissions on configuration file, should not be world writable!” you are supposed to just change the permissions of /phpmyadmin/config.inc.php to not be world writable (i.e. chmod 755 config.inc.php, or by using your FTP client).

Some hosts (Primus for one) do not let you change the permissions on your files, so there is no way to set this up properly.  But if you are in a hurry and need to back up a database so you can get the site migrated to a decent web host, you can still get phpMyAdmin to run.

Edit /phpmyadmin/libraries/Config.class.php (yes, there is a capital “C” on this file name for some reason), and comment out the line that checks the permissions.  (Line 390 in the source code for phpMyAdmin version 3.4.3.1-english.)

Change

to

and re-upload the file.  Now you should be able to log in, assuming you have setup the proper information in your /phpmyadmin/config.inc.php file in the first place!

In order for it to work, you must also listen to this while you edit your files. Feel free to sing along![/vc_column_text][/vc_column][/vc_row]

How to change RAID1 superblock from 1.2 back to 0.9 to install grub (debian squeeze)

[vc_row][vc_column][vc_column_text]For some reason, it seems like everything I do is not like what everyone else does… or at least not what the people writing the software I use do.  I started writing this as a how-to for others in this situation, but in the end it turned out to be more of an amusing story.  Maybe someone will find it useful anyways…

The background:

I was building a new linux server for my home office and since I have been having good luck with Debian in the last couple of years, I decide to use it as the OS on this box too. Intending to keep it as simple as possible, I created a basic partitioning scheme on all of the drives (the same scheme I have been using for years now) and run into fatal errors when I get to the installation of grub.

Here’s how I partition the drives:
Partition 1: Primary, 8GB, Linux RAID – going to use RAID1 for the /boot file system
Partition 2: Primary, 20GB, Linux RAID – going to use RAID5 for the / file system
Partition 3: Primary, 1960GB, Linux RAID – going to use RAID5 for the /data file system
Partition 4: Primary, 1GB, Linux Swap
Plus a little bit of slack at the end of the drive.

All of the drives are identical 2TB Western Digital Green SATA Drives.  There are now 7 in the system.

The error:

[/vc_column_text][hcode_simple_image hcode_mobile_full_image=”1″ alignment_setting=”1″ desktop_alignment=”aligncenter” ipad_alignment=”sm-aligncenter” mobile_alignment=”xs-aligncenter” padding_setting=”1″ desktop_padding=”padding-five” ipad_padding=”sm-padding-three” mobile_padding=”xs-padding-one” hcode_image=”346″][vc_column_text]If you press ALT-F4, you will switch over to the install log console and you will see some mumbo-jumbo about grub not finding anything it can use to live on. I didn’t copy down the error message, but it’s cryptic and scary like any good linux error message should be. Read more

Beagleboard: Upgrading from Debian 5 to Debian 6

I recently wanted/needed to upgrade Debian on my Beagleboard. The original Debian install was done following the instructions over at elinux.org. when I update distributions I usually prefer doing a clean install but since 90+% of my time on the Beagleboard is done while working remotely I thought I would give the upgrade route a try.

Before beginning I backed up my system. I took a copy of /etc, /var, /root, /home. I also made backups of my webmin config. Lastly I also took copies of all the binaries I have compiled (some needed major tuning). Once I was satisfied I could rebuild should I encounter a catastrophic meltdown during the upgrade I decided to proceed.

My first stop was a Google search on the subject. This yielded an excellent x86 centric guide over at HowtoForge. The first section of the guide detailing package cleanup was helpful as aptitude identified 27 packages that could be removed. My second avenue for information, given the unsatisfactory results from my Google searches, was the Beagleboard mailing list. I posted a message requesting steps for a Debian upgrade and got some immediate feedback. The Beagleboard group is great!

So, to recap, here is what I assembled from the HowtoForge and Beagleboard group posts as my upgrade procedure.

Clean up Apt source list file /etc/apt/sources.list, mine looked like this post clean-up:

Next I cleaned up all the packages beginning with making sure the current distribution is up to date:

Now I regularly update my system so no actions were required for the above commands. (I’ve written about apt-* before as I was learning about it)

Next was package cleanup, I followed the instructions by Deninix here exactly as he wrote them.

Ensure that no packages on hold with:

dpkg –audit
dpkg –get-selections | grep hold

For the final go ahead test use:

aptitude

Press g and the list shows which packages need your attention. In my case they were 27 packages listed as needing to be removed. So I removed them and then I was clean.

Next I followed the advice from the Beagleboard group.

I upgraded to the latest 2.6.35.x kernel for lenny using:

*I had to remove the “sudo” commands from the script

and rebooted.

Then I updated my sources list for squeeze, here’s what it looks like now

Then I started the upgrade process with:

The next recommned step was:

I did run into some fairly significant issues with “aptitude safe-upgrade”. On the first pass just about all running processes on the beagleboard became defunct and nothing was working correctly. So I rebooted with an absolute minimal system running little more than kernel and sshd and ran “aptitude safe-upgrade” again. This time I let it run for 18+ hours and during that time the CPU was pegged at 100% and I was getting into some pretty serious swapping so I decided it wasn’t likely working as intended. I decided to move on with

Here, dist-upgrade wanted to remove the “sysvconfig” package. I didn’t have any issues with this so I said “Yes”. The dist-upgrade command completely successfully and took about an hour.

I rebooted to make sure everything was sane. Next I decided to upgrade to the latest stable squeeze kernel with:

*I had to remove the “sudo” commands from the script

I rebooted to make sure everything was sane. Next I tested a few of my applications:

Apache : ok
Webmin : Requested I re-detect the OS, after that it was OK
Anyterm : ok
munin : ok
Various scripts : ok

All and all it was a fairly painless process and was able to complete it without needing the console.

Ubuntu from the command line: Package Management

My Linux background centers around RedHat and Centos. I have been using yum for a long time and I am very comfortable with it. One of the greatest frustrations I have with ubuntu is having difficulty finding the packages I need easily from the command line.

I realize there are a bunch of “apt-*” how to articles/blog posts out there but all of the ones I have read did not provide me with the required golden nugget which is, “I need file X, what package contains this file?” Specifically I needed mkimage to complete my boot image for a 1BeagleBoard and I did not know what package I needed to install to get it. The required command is apt-file, which is not installed by default on 10.04, so let’s go through some more basic commands first.

It’s probably a good idea to always start package management by running ‘apt-get update’ which fetches latest software list and version numbers

apt-get install –> installs packages and resolves dependencies
apt-get remove –> remove a package, leaves configuration files intact
apt-get purge –> remove package and configuration files

OK, so now we can install apt-file (sudo apt-get apt-file), once the package is installed, apt-file update must be run.

apt-file update –> updates file cache, takes a while

When the update has completed, we can search using apt-file search . Let’s look at my example above, what package do I need to install to get mkimage

The output is quite verbose and some interpretation is required. In my case the required package is uboot-mkimage. This was fairly easy to identify since uboot is the grub equivalent on the 1BeageBoard.

In my personal quest to learn about apt-* I came across a a few more useful commands which I will summarize here:

apt-get upgrade -u –> get a list of what can be upgraded (run apt-get update first)
apt-get upgrade –> install available upgraded packages
dpkg-query -l “search_string” –> query package database (of installed packages)
dpkg-query -l –> list all installed packages
dpkg -i <*.deb> –> manually install a package, use this with care and make sure the package is trusted
deborphan –> with no arguements lists orphaned packages, must be installed, apt-get remove can then be used to remove orphans manually, use care with this!

Ii can now say that I can do all my required package management with apt-* as well as i can with yum which make using ubuntu somewhat less irritating.

————————
1 The Beagleboard is an embedded ARM platform that can run many flavours of Linux, I run Debian Lenny on mine (http://beagleboard.org/)

BIND9 on Debian Squeeze and problems with zone transfers.

That title might be longer than this post, but if you’re running into problems with zone transfers that don’t appear to happen, check to make sure you are putting your zone files in /var/cache/bind.

Read more

Examining the Western Digital Raptor WD360GD

It is not a mystery to performance enthusiasts that hard drives are typically the slowest part of any computer.  I’ve always been curious about the Western Digital Raptor series of hard drives.  The original series was released in 2003 which makes this technology six years old.  Being “old” technology one can now purchase WD Raptor hard drives on eBay for a very reasonable sum, which I recently did.  These drives being “old” technology I was curious if they still hold up against the current crop of 7200 RPM hard drives.

I was using two test beds for this particular round of tests.  A 2006 Mac Mini running Snow Leopard and an Intel D945GCLF2 Atom 330 board running CentOS 5.4.

The hard drives tested were the aforementioned Western Ditigal Raptor, Western Ditigal Caviar Blue, Western Ditigal Green and an OEM Toshiba 2.5″ 5400 RPM drive.

The tests carried out were very simple, I used dd to write out a 4 GB file and then used dd to read it back.  Each test was carried out 3 times after a clean boot once the system had settled down.  The three passes were averaged to produce the final results.  Here are the dd commands I used:

Throughput was calculated using base 2 (i.e.:  divide by 1024)

I also decided to add a couple of tests using mdadm raid 0 sets on the Linux test host.  raid was created with mdadm and formatted ext3 – I didn’t bother aligning the partitions.

Hard Drive Performance Chart

Hard Drive Performance in MB/Sec

The results are really quite surprising.  First and foremost it is quite refreshing to see six year old technology still holding its own.  Though the WD Raptors are no longer setting speed records they are certainly fast enough to be usable.  We can also see that 7200 RPM hard drives have come a long way as far as performance goes.  Secondly we can see that the results varry quite a bit between the Mac Mini and the Intel D945GCLF2 motherboard.  Now it is impossible to compare the two directly due to OS and file system differences but we can certainly put come credibility in the results since both platforms are based on the Intel 945 chipset.

All in all the Raptors are impressive considering their age and will be used.

Upgrade Samba 3.0.28a to 3.4.3 on Ubuntu 8.04 LTS

Download the source and unpack…

Some people have tried the latest Samba 3.4.4 and report that it works with the rest of these instructions as well. If you want 3.4.4, do this instead:

I needed some development headers for the compile, so

You may need more than these – if so, your configure will fail and it will tell you that something.h wasn’t found. apt-cache search something will usually give you the package you are looking for, or a quick Google will tell you what to get.  For example, I was told uuid.h was missing, so:
Read more

Installing an OEM Intel 2200bg Mini-PCI card into a BIOS-Locked HP/Compaq nc8000

Thought this was worth a try, so I grabbed a $7 mini-pci card off ebay, and after waiting about a month for shipping from China, installed it into the laptop.  Only then was I hit with the dreaded:

104 unsupported wireless network device detected, system halted, remove device and restart

Ack.  OK, so a quick search brought up this thread from 2004 with many, many angry people trying to figure out how to make this cheap card work without having to buy the HP “version”.  Turns out it’s pretty easy.  A little bit risky, but easy.

Take the keyboard off the laptop, but don’t unplug it – you’ll need it.

Take the cover off the mini-pci slot.

Boot the computer off of a knoppix or whatever live CD.  I used knoppix 3.8.2 (2005-05-05) as suggested.  At the boot screen, HOT-PLUG THE MINI-PCI CARD before pressing <ENTER>.  That is the risky part, although it seems to work OK.  Now press <ENTER> and the system will boot into the default knoppix environment.  Also, don’t forget to plug the regular network adapter into something, since you’ll need internet access.

Open a root terminal session.

Check to see that the wireless card was detected using

# iwconfig

It’ll say that lo and eth1 have no wireless capabilities, and show you some mumbo-jumbo about eth0.  It’s not important, just remember that eth0 is your wireless card.  Or eth1 if that’s what it tells you.  Either way, just remember.

You can also use “ethtool -e eth0” to dump the existing EEPROM configuration to the screen so you can write it down and revert back to it when the FCC comes knocking on your door.  You may want to practice this entire procedure a few times in order to make sure you have enough time to finish before they break the door down and confiscate your laptop.

Now all we have to do is download a mystery driver that looks like it might have originally come from sony, and is still (as of April 2008) available here: http://www.geocities.com/sonyirclib/ipw2200.tar.gz. now available from this site, until I get a complaint. I’ll keep a copy of it somewhere in case it disappears, so if you’re polite and have good acceptable grammar, I might make it available to you.

So, in your terminal session, do this:

You have just downloaded and extracted a new wireless driver, unloaded the default knoppix one, loaded the downloaded one, and re-programmed the EEPROM with values that the HP laptop will accept.  At this point, you should be able to shut down the laptop, make sure the little antenna connectors are plugged into the mini-pci card, re-assemble everything, and boot normally.  The new EEPROM values will fool the laptop into thinking that this is a real HP wireless card, so only you will know that it was only $7 and not $200!

mount: wrong fs type, bad option, bad superblock

When you try this:

mount -t smbfs -o username=jeremy,password=secret //server/share /mnt/directory

and your computer tells you this:

mount: wrong fs type, bad option, bad superblock on //server/share, or too many mounted file systems

  1. You are probably running something like Fedora Core 3, and
  2. You should try this:

mount -t cifs -o username=jeremy,password=secret //server/share /mnt/directory

Installing VMWare Server on CentOS 5 64-bit

This is basically the same as a regular install, with the addition of step 3.  The extra libraries are for vmware-config.pl, and xinetd is required anyways.

Step 1: Download VMWare Server

Step 2: Install vmware server

Step 3: Install required files / libraries

Step #4: Configure VMWARE server

RoundCube Personal Settings Do Not Save Properly

The issue in webmail where your Identities and personal settings are not being saved has been fixed.  (On my server, anyways.)

Thanks once again to HowToForge and the people there with way too much free time.

Codename: Chicago

Things I hate:
– Googling “hp 1020 vista drivers” and coming across 1,000,000 posts from people who want to let me know they hate Microsoft but have no useful information to share.
– Being told by HP that Microsoft’s new operating system does not support my laser printer (but don’t worry, we’re working on it), and by the way, your scanner is too old to ever be supported – please buy a new one.
– Deciding to use my printer and scanner on my XP machine after all, only to find out the driver downloads are 50MB each.

Things I love:
– Googling “linux hp 1020” and coming across foo2jzs; then being able to print in less than 5 minutes. 8 minutes including downloading foo2jzs; on dial-up (1.4 MB) thanks to SLMODEMD.gcc4.1.tar.gz, but that’s another story.
– CentOS 5 already knowing everything it needs to know about my ancient scanner (HP ScanJet 2200c) and just working.

OK, so Gnome/OpenOffice is not nearly as pretty as Vista/Office 2007 to use, and I have to start my modem using a shell script for now, but at least I can make simple photocopies using the equipment I already own… I can’t wait to plug in my digital camera to see what happens.

ISPConfig and SSL Certificates (CentOS 4.4)

Goal:
To use the same SSL certificate for your ISPConfig control panel on port 81, and on your web site running on port 80. (I’m writing this from memory, so if I’ve missed something, let me know.)

1. Do yourself a favor and perform a perfect setup of CentOS 4.4 and ISPConfig. When you’re running the ISPConfig install script, enter the proper information at step 2 for the certificates. This is so that your certificate request will already have the information you really want to send off to the CA.

2. When the installation is complete, you will have already generated a self-signed certificate for the control panel to use on port 81. These files are:

3. Send the file

off to your certificate authority and give them $20 and they will send you back your signed certificate. I use GoDaddy because they are cheap. Normally you can just copy and paste the contents of this file into a form on their web site somewhere.

4. Put your new certificate in place and restart ISPConfig. Put any intermediate certificates (chains) in there too.

5. You should now be able to log in to your control panel using https://www.yourdomain.com:81 and your browser shouldn’t complain.

6. In the ISPConfig control panel, create your web site www.yourdomain.com, enable the SSL checkbox, go over to the SSL tab and create a certificate. This will generate another self-signed certificate and install it in /var/www/www.yourdomain.com/ssl, and restart apache for you. You should now be able to go to https:www.yourdomain.com and get an SSL error (but continue anyways to make sure apache is working properly.)

7. Now you can copy your server’s private key and matching certificate which are already installed for the control panel into /var/www/www.yourdomain.com/ssl.

8. If you require an intermediate certificate, copy the intermediate certificate your CA sent you into your ssl directory:

and add this line to the apache directives for your web site in the ISPConfig control panel:

9. Log in to ISPConfig and restart the Web Server service if it hasn’t already been restarted from step 8.

Creating a Slave DNS Server (BIND9) in 6 easy steps*

* aaa.bbb.ccc.ddd is the IP address of ns1.yourdomain.com.
* named on ns1.yourdomain.com is already working, and has NS records for ns1.yourdomain.com and ns2.yourdomain.com.

1. In the global options block in /var/named.conf on ns1.yourdomain.com:
Make sure

is present. This will tell BIND to notify the other name servers listed for each zone when there is a change.

2. In the global options block in /var/named.conf on ns2.yourdomain.com:
Make sure

is present. This will tell BIND NOT to notify anybody if there are changes made on this server. (The whole point of this is so that we only have to make changes on ns1, right?)

3. Edit

on ns2.yourdomain.com:
In the global options block:

append zones for each domain these servers are authoritative for:

4. On ns2.yourdomain.com, restart named -> it should ask ns1 for some updates…

5. On ns1.yourdomain.com, restart named -> it should fire off some updates…

6. If it’s working, on ns2.yourdomain.com, you will see in

Adding a new RAID1 array using mdadm

Goals:
Add 2 new physical hard drives: /dev/hdc and /dev/hdd
Create RAID1 mirror /dev/md6
Automatically mount new partition in /raid

1. fdisk one of the newly added hard drives:

2. dump new partition table to the other disk:

3. create new RAID1 set/device:

4. format the newly created array:

5. create mount point for new array:

6. append new mount point to /etc/fstab:

7. mount:

8. reboot if you’re paranoid.