Practical rules for life & business by GoDaddy

August 24th, 2008 by cvladan

I just had to quote these 16 fantastic simple rules. More practical and more simple than any that I found before. This is copied from Bob Parsons blog which I don’t fancy very much.

1. Get and stay out of your comfort zone. I believe that not much happens of any significance when we’re in our comfort zone. I hear people say, “But I’m concerned about security.” My response to that is simple: “Security is for cadavers.”

2. Never give up. Almost nothing works the first time it’s attempted. Just because what you’re doing does not seem to be working, doesn’t mean it won’t work. It just means that it might not work the way you’re doing it. If it was easy, everyone would be doing it, and you wouldn’t have an opportunity.

3. When you’re ready to quit, you’re closer than you think. There’s an old Chinese saying that I just love, and I believe it is so true. It goes like this: “The temptation to quit will be greatest just before you are about to succeed.”

4. With regard to whatever worries you, not only accept the worst thing that could happen, but make it a point to quantify what the worst thing could be. Very seldom will the worst consequence be anywhere near as bad as a cloud of “undefined consequences.” My father would tell me early on, when I was struggling and losing my shirt trying to get Parsons Technology going, “Well, Robert, if it doesn’t work, they can’t eat you.”

5. Focus on what you want to have happen. Remember that old saying, “As you think, so shall you be.”

6. Take things a day at a time. No matter how difficult your situation is, you can get through it if you don’t look too far into the future, and focus on the present moment. You can get through anything one day at a time.

7. Always be moving forward. Never stop investing. Never stop improving. Never stop doing something new. The moment you stop improving your organization, it starts to die. Make it your goal to be better each and every day, in some small way. Remember the Japanese concept of Kaizen. Small daily improvements eventually result in huge advantages.

8. Be quick to decide. Remember what General George S. Patton said: “A good plan violently executed today is far and away better than a perfect plan tomorrow.”

9. Measure everything of significance. I swear this is true. Anything that is measured and watched, improves.

10. Anything that is not managed will deteriorate. If you want to uncover problems you don’t know about, take a few moments and look closely at the areas you haven’t examined for a while. I guarantee you problems will be there.

11. Pay attention to your competitors, but pay more attention to what you’re doing. When you look at your competitors, remember that everything looks perfect at a distance. Even the planet Earth, if you get far enough into space, looks like a peaceful place.

12. Never let anybody push you around. In our society, with our laws and even playing field, you have just as much right to what you’re doing as anyone else, provided that what you’re doing is legal.

13. Never expect life to be fair. Life isn’t fair. You make your own breaks. You’ll be doing good if the only meaning fair has to you, is something that you pay when you get on a bus (i.e., fare).

14. Solve your own problems. You’ll find that by coming up with your own solutions, you’ll develop a competitive edge. Masura Ibuka, the co-founder of SONY, said it best: “You never succeed in technology, business, or anything by following the others.” There’s also an old Asian saying that I remind myself of frequently. It goes like this: “A wise man keeps his own counsel.”

15. Don’t take yourself too seriously. Lighten up. Often, at least half of what we accomplish is due to luck. None of us are in control as much as we like to think we are.

16. There’s always a reason to smile. Find it. After all, you’re really lucky just to be alive. Life is short. More and more, I agree with my little brother. He always reminds me: “We’re not here for a long time; we’re here for a good time.”

Posted in Miscellaneous | No Comments »

Inline images in RoundCube Webmail

August 23rd, 2008 by cvladan

I needed to make a fancy signatures for some clients, in RoundCube Webmail. For that, I wanted an inline image in a HTML signature – something that is not possible to achieve in current Roundcube. So i made a some changes, and come up with a solution:

Every change is in

\program\steps\mail\sendmail.inc

and \program\lib\stringstream.php is needed.

I am lazy to write this… Finish whenever you want.

Posted in Miscellaneous | No Comments »

DNS Vulnerability Check for specific Name Server

August 2nd, 2008 by cvladan

You probably found a lot of online tools to check for DNS Poisoning check. For example, here and here. The second one is a site of Dan Kaminsky – the original researcher that discovered the vulnerability. But, these tools check “My DNS Server” – something that is my ISP server, and not DNS that I am hosting/running. So, after some looking around, a found this one-liner here: just find any Linux box, and type there:

dig @ns1.nameserver.com +short porttest.dns-oarc.net TXT

where ns1.nameserver.com is either IP or name of a DNS server. If the result is GOOD – it’s like that – anything else is a big problem.

Posted in Linux | No Comments »

Installing Postfwd on CentOS/Fedora/Redhat

July 26th, 2008 by cvladan

Download and unpack Postfwd archive to /usr/local/postfwd:

cd /usr/local/
wget http://postfwd.org/postfwd-1.10pre7c.tar.gz
tar -xf postfwd-1.10pre7c.tar.gz
mv postfwd-1.10pre7c postfwd

Copy the configuration file at its place, and copy the startup script to its place

cp /usr/local/postfwd/etc/postfwd.cf /etc/postfix/
cp /usr/local/postfwd/bin/postfwd-script.sh /etc/init.d/postfwd

Then, if I try to set a daemon to be startet at boot time, with:

chkconfig --add postfwd

But I got an error saying: “service postfwd does not support chkconfig”? Ok. There is a statement in a init script that tells the chkconfig command how to add or delete this daemon to the boot process. This statement looks like this:

# chkconfig: 2345 78 32
# description: Postfwd Policy Server

This means that a script should be started in levels 2,3,4,5 and that its start priority should be 78, and stop pririty 32. Priorities present the order / sequence in which the services are either started and stopped. So if you for instance have Postfix starting and a postfwd application, it is essential that the postfwd is started before Postfix. Having Postfix start value of 80 you need a lower value for the Postfwd (78 for example).

After we added this line to /etc/init.d/postfwd file, lets repeat:

chkconfig –add postfwd

Ok. This worked. But, I had a lot of problems in a supplied default init script of policyfwd. I had to change a startup script a lot. After faunding out that init script is somehow strange, I had to rewrite a script based on postgrey’s init script. Here it is ready to download. So copy this one to /etc/init.d.

Now, start it with:

service postfwd start

It should work. Now to make Postfix aware of it. Open your postfix /etc/postfix/main.cf and insert or edit the following.

127.0.0.1:10040_time_limit	= 3600
smtpd_recipient_restrictions	= ...
				  ...
				  check_policy_service inet:127.0.0.1:10040,
				  permit

smtpd_end_of_data_restrictions =
				  check_policy_service inet:127.0.0.1:10040

The last one is needed because you have to call postfwd at end_of_data state for reliable size checks.

Testing it up

If you want to list the rules, just type:

/usr/local/postfwd/sbin/postfwd -f /etc/postfix/postfwd.cf -C

Finally, if you are satisfied, start postfwd and reload postfix. Then, monitor the log file for lines mentioning postfwd with:

tail -f /var/log/maillog | grep postfwd

There is an example policy request distributed with postfwd, called ‘request.sample’. Simply change it to meet your requirements:

nano /usr/local/postfwd/tools/request.sample
/usr/local/postfwd/sbin/postfwd -f /etc/postfix/postfwd.cf </usr/local/postfwd/tools/request.sample

Thats it.

No – it is not!

Really a bug not counted as one

I spent at least an hour just to find out the bug. No! It is not a bug. I just need to read very, very carefully:

From the Doc’s: “Multiple use of the same item is allowed and will compared as logical OR ”

So macro with this content:

&&LIMITEDS { sender=.*@onedomain.com ; sender~=user@seconddomain.com; };

will work, and the following one will not (only first rule will be accounted):

&&LIMITEDS { sender_domain=onedomain.com ; sender~=user@seconddomain.com; };

Posted in Linux | No Comments »

List of domains (web sites) on the same IP address

July 24th, 2008 by cvladan

Reverse IP tools, in order of quality:

http://whois.webhosting.info/

http://www.yougetsignal.com/tools/web-sites-on-web-server/

http://www.myipneighbors.com/

And, not free ones:

http://www.domaintools.com/reverse-ip/

http://www.securityspace.com/bizintel/reverse-ip.html

Posted in Miscellaneous | No Comments »

Resume upload functionality in ProFTPD

July 24th, 2008 by cvladan

If you are using ProFTPD, the uploads can not be resumed, by default. Change this by editing the configuration file (/etc/proftpd.conf) and changing-adding following values:

AllowOverwrite on
AllowStoreRestart on

The first one is probably already enabled in config file. Resumed upload is considered the same as a file overwrite (in ProFTPD). Therefore the file overwriting must be enabled.

Posted in Linux | No Comments »

Greylisting – The best way to fight spam and have a fast mail server

July 23rd, 2008 by cvladan

And, it can be done on Fedora / CentOS in an easy manner.

The best tutorial is this, and a good ones are these and these.

Greylisting is very effective in reducing spam – almost 90% of servers contacting our mail system are illegitimate, and greylisting reduces the noise from them. Some of the best products is milter-greylist (it is still not aware that postfix is milter compatible). For postfix, there is a similar solution called postgrey.

Postgrey – this one I choose.  Best tutorial I found for installing on my CentOS was here.

Milter Greylisting solutions: milter-greylist, milter-gris, Scam-grey milter.

Posted in Miscellaneous | No Comments »

Postfix messages limits

July 23rd, 2008 by cvladan

These are only basic limits, that are valid for entire host-domain. These can be set fairly high, if you really need that. Later on, you can impose other limits with some milter filters.

Current values can be seen with:

postconf  | grep 'mailbox_size_limit\|message_size_limit\|virtual_mailbox_limit'

Default values are:

postconf -d | grep 'mailbox_size_limit\|message_size_limit\|virtual_mailbox_limit'

Edit values with:

postconf -e 'message_size_limit = 104857600'

This changes /etc/postfix/main.cf confguration file. Mine values are:

# 100 Mb
message_size_limit = 104857600

# 1 Gb
mailbox_size_limit = 1073741824
virtual_mailbox_limit = 1073741824
Milters I’ve found while looking for mail throttling

Best milters that I found, excluding the ones that provide graylisting functionality, were:

  • j-chkmail: Multipurpose mail filtering software.
  • Milter-regex: Reject mail matching regular expressions. Simple and can be usefull.
  • Mailfromd: General-purpose mail filtering daemon. It looked too complicated for me.
  • milter-limit: Limit number of mails, per sender. Looks like it has not enough documentation.
  • milter-length: Limiting mails by message size.

But, milters are native for Sendmail, not Postfix (but they work in latest Postfix). Analog solution for Postfix is to use some Policy Daemon:

  • postfix_policy: It has a web interface as a plus. This looks logical to me, because it allows a administrator to configure in an easy way.
  • postfwd: The configuration looked the simplest to me. S I decided to go with this one.
  • ACL Policy Daemon: Apolicyd (Python) does have message size limiting, but does not have message count (rate-limiting or throttling) control. And, according to this post, it is very heavy on the server load. So, it’s out.

These are actively maintained, and Policyd-weight is not active anymore. Finally, I decided to go for Postfwd.

Posted in Miscellaneous | No Comments »

Postfix Mail Archival Solutions

July 23rd, 2008 by cvladan

I am surprised that there are so little open-source solution for this very common need in corporate environment.

The first that slips mind are Postfix’s bcc_maps directives (or similar). Alternative mechanism should be pretty straightforward – thru milter system. If someone reading this post finds some other useful utility (open source only), please post a comment about it.

And, my list f sound open-source solutions is:

Posted in Linux | No Comments »

Sudden huge Logwatch mails…

July 23rd, 2008 by cvladan

Suddently, on my CentOS the Logwatch mails are very big, with huge Postfix “**Unmatched Entries**” section, mostly about messages dropped because they were in RBLs, similar to this:

Service unavailable; Client host [x.x.x.x] blocked using zen.spamhaus.org; ...

My logwatch package is up to date. Problem is – the service and configuration for postfix in that package are not.

You need to update postfix filter portion of logwatch.
It can be updated either from: http://www.mikecappella.com/logwatch or from latest version of logwatch at: www.logwatch.org

For me, the first link was better because it had a fresher scripts. I downloaded the package, and only two files are needed for me (do not install or anything).

Just rename (remove -logwatch part of filename) files

postfix-logwatch
postfix-logwatch.conf

to

postfix
postfix.conf

and copy them to

       /etc/logwatch/scripts/services/postfix (The Logwatch postfix filter)
       /etc/logwatch/conf/services/postfix.conf (The Logwatch postfix filter configuration file)

Files at this location will override default values. And this should fix the problem.

But, there was a problem with  file services/postfix where I had to remove the first line for logwatch to work. Now, when I execute /etc/cron.daily/0logwatch, I do get an reasonable sized email with email statistics.

Posted in Linux | 1 Comment »

« Older Entries
Newer Entries »