Switching…

I’m posting to let you know that I’ve updated the installation page of Postfix to include support for perl regular expressions in the use of tables also know as PCRE. This enables you to filter table entries you might use, if you’d want to. You can read more on PCRE and Postfix here and here.

I found out I needed it when I wanted to do some fancy stuff in my DSPAM setup. I’m almost there in releasing the documentation, still looking for more volunteers to beta test for me. The DSPAM filter is running as a content filter in Postfix and I’ve got a shell script running daily that empties my Junk folder and trains DSPAM to learn to be a better filter. More about this subject later…

Just installed MySQL 5.0.26 on my new Intel Mac mini after I just installed version 5.0.24a on it to create a new Intel based test environment. It was a good exercise to see if the update of the packages works as advertised. The binary installation package, which I installed first, creates a new symlinked directory and leaves the previous version intact. After that I still needed to compile from source as the shared library issue isn’t solved and I think it won’t be solved for some time as I found some info that the error is still there in the beta of version 5.1.

As you might notice MySQL skipped another release version, again, version 5.0.25 was only released to paying customers. Go figure… The announcement solved so many bugs they used two emails on the announcement mailinglist ! Here is the first and the second.

I must say the Intel mini is a dream to use, compilation is much, much faster. I also found out that I really need the memory upgrade as I can’t run to many applications at the same time as the memory swapping onto the slow hard-drive is really killing all performance benefits. The GUI sometimes responds much slower than on a G4 with 1Gb of memory.

Some of the users of my mailserver setup noticed a problem with postfix, they where unable to receive mail. When investigating the problem I found out that MySQL dictionary type was not supported by postfix. You can find this out by running 'postconf -m', mysql should be in the list.

It looks like the software update replaces our postfix binary with the original one. This is not listed in the knowledge base article so I didn’t know beforehand. I can’t confirm this problem is caused by the update, I need to research this or get more confirmations about it.

The problem is likely to only affect Intel macs, I haven’t installed everything on my Intel mac yet so I hadn’t noticed the problem yet but I didn’t have any problem on my G4 mac minis.

To solve the problem you need to reinstall postfix. If you still have the source tree intact on your harddrive you can do it quickly with just running a 'sudo make install'. If it’s no longer there then you need to recompile the source again from scratch.

Your existing configuration files won’t be touched so no worries there. Sorry I had not noticed this problem earlier. I’ll install my Intel mac mini asap to better understand what’s happening here and prevent any further problems with software updates.

This morning I had some issues again, this time not my fault. It looks like the take over of my DSL network provider is causing some problems while they migrate the infrastructure. A lot of customers had a problem getting a new ip-address via DHCP on the network. Even though I’ve got a fixed ip-address the lifetime is set less then an hour and the computer needs to refresh. I was out for about 6 hours. From 04:50 CET till 11:10 CET. Sorry if you had any problems due to the outage, this is one of the things I don’t have any control over…

The biggest issue for me was that for the first time I found out that I could not reach the help-desk of my provider (Demon). It normally was one of the best providers with a tech-savvy help-desk. But that’s history now with the takeover by our national telco KPN. There is currently a shortage on good quality ADSL broadband providers due to the consolidation that is going on in the consumer market. I still can’t afford a business DSL line, that is very expensive. It’s cheaper to co-locate a mini and get a cheap, unreliable broadband connection at home. I wonder how many mac-mini’s, external disks, routers and power-supplies I can fit in a 1U 19″ rack.

Finally the moment was there, I’ve made the decision. I raided the donations pot and picked up my first Intel Core Duo Mac mini. The last update to the mini series, making all models Dual Core and increasing the processor speed made the Dual Core wish I had even more affordable. I had estimated to need a budget of over 800 euro, but the update made the price for a Core Duo drop to 620 euro.

I would like to thank everyone once again for all their donations, without your help this wasn’t possible. You really make all the effort I’ve put in it worthwhile and I hope that I can keep giving you what you are looking for.
(more…)

Having learned the hard way what it means to have a security leak in your system I went out to find tips on how to secure my SSH access a bit better. I had some good tips from readers, thank you who did, and found some good ones on the internet.

Securing SSH, I found out, is actually not that hard. There is a configuration file /etc/sshd_config which when tweaked can help a lot ! (more…)

Finally got a spare moment to sit behind my dear Mac to write to you about the last security update. I’ve installed it right after I noticed the bouncing software update icon on the server and all is still running as expected. The updates are mostly for possible attacks on your Airport cards. I use Airport extensively and therefore needed the update. Read more about the update here.

My apologies if you encountered any problems because the site was off-line. It’s because I was stupid enough not to use a more secretive password with characters, digits and use upper- and lowercase, I just had an easy common word which was easy to remember for me. I noticed for some time now someone trying to use SSH to gain access to my computer but never thought it to be harmful. I seen it at other sites as well. Until yesterday, they had guessed correctly ! Someone got access to my computer via SSH using my root account and installed a simple PHP script that started to send out a massive mailing (I haven’t counted them) with the postcard virus.

I was very lucky to discover it very quickly because I was fiddling with my new spam filter when I noticed that my logfile was filling up rather quickly with strange messages to email addresses I never used before. First I thought some of my others users was doing this but it kept on going so I stopped Postfix and started investigating.

I quickly found out what was going on. Cleaned the postfix queues, which where huge, and restarted Postfix. Scanned the drive for all files changed after 17:00 and located the script and removed it. Now I’ve changed all passwords, checked all user accounts and closed down SSH access until I can find a better, more secure way, of accessing this machine remotely from the outside.

Because of the spam being send out, my ISP got notified about it and blocked my internet access today without me knowing it. Which is a good case if you are on the receiving end of spam, but I solved the problem and didn’t know about it. Next time, I hope never, I will email my ISP that I solved the issue so they don’t need to block me again. I do wish that other providers would block their users if they send out spam, there would be a lot less spam.

Again my apologies for being off-line and even more if you received any of the spam being send out from my computer.

I dropped the test setup of Spammassassin on my production server to accommodate a setup of DSPAM. There is no scientific proof that either one is better, at least I couldn’t find it.

One of the major reasons to switch for me was the web interface that comes with DSPAM. With that you can enable users to train their spam filter, check the quarantined messages, identify the false positives (messages tagged spam and that aren’t) and correct them. One other, not so important, reason is that I found. When researching spam filters I read that spammers adapt their strategies to the counter measures spam filters develop. But they adapt only to the most used spam filters. It’s like virus-writers targeting Windows users. At least that is the theory.

I’ve got DSPAM running for two days now, with some hurdles, it’s not running in it’s complete and proper form but it is working. I’ve started with a blank corpus and started training from the beginning and I’m already getting good results. I even opened up my Postfix configuration to be less strict so I receive more spam then normal. What I was unable to achieve with my Spamassassin setup, filter the image spam, is working now with DSPAM. After training DSPAM with three image spam messages it currently blocks them, which is a sign of more promising results in the future.

I will write proper documentation on how to set it up, but before I do that I need to get a proper bullet proof working setup with the web-based administration (which I haven’t looked at yet). If you want to know what I’ve done to get my current setup please read my entries in the forum. Please be careful and only try to do this if you know what you are doing. I don’t understand all the finer details yet, but I’m learning as we go along. I’ll keep you posted on any progress.

I used yesterday to recompile Postfix, Courier-Auth, Apache and PHP with the 5.0.24a MySQL libraries. I just used my own instructions to compile everything.

I first did Postfix and Courier-auth as they would cause the least problems when it would go wrong. My backup mailserver would still receuve all mail and forward it to me when the mailserver is back online. It all went without a hitch, just did a restart of the programs and all was running as expected.

Apache posed an issue, how to compile and install, followed by compiling PHP without disturbing all the people looking at my sites. In the end it was simple. Compile and install Apache2, don’t restart Apache so the old version keeps running but the new software is available on disk. Then compile and install PHP using the new Apache installation files and when that is done restart Apache and all would be fine. Well that’s what I thought…

There was a small error in the modules that I included in the httpd.conf. Some of them, all concerning authentication, where rewritten and given different names. I was still trying to load the old ones as I didn’t update my httpd.conf to reflect these changes. So Apache2 wouldn’t start. I just commented out the old modules and added the new ones in my httpd.conf and presto, Apache 2.2.3 and PHP 5.1.6 are now running on my server, together with Postfix 2.2.3.

They’ve been running for almost a day now and I haven’t gotten any complaints yet.

If you are still running “ISP in a box” version 1 and want to upgrade but are still a bit afraid on how to do this let me know and I’ll help out.

Update:
Just found out there was an error, got a call on the phone from some of my friends that they couldn’t email anymore. When checking the logfiles I foud out I forgot a step after compiling and installing Courier auth:

sudo chmod o+x /usr/local/var/spool/authdaemon

In the logfile there was the error:

SASL authentication failure: cannot connect to Courier
      authdaemond: Permission denied

Which means I didn’t follow my own instructions !