Tuesday, February 9, 2010

Vacation Email Responder for Sendmail in CentOS 5

Category: SkyHi @ Tuesday, February 09, 2010

Vacation is the automatic mail answering program found on many Unix systems. This write up will guide you on how to install and configure the vacation email responder and setup it using the popular webmail SquirrelMail in CentOS 5. Do not use my previous write up as a guide because the SquirrelMail Vacation Local plugin contains dangerous vulnerabilities. You are advised to upgrade to the SquirrelMail Local User Autoresponder and Mail Forwarder plugin immediately.

Requirement: Vacation, Sendmail, SquirrelMail, SquirrelMail Local User Autoresponder and Mail Forwarder plugin, SquirrelMail Compatibility plugin, vsftp and CentOS 5

1. Download vacation-1.2.6.3.tar.gz from the link below: -
http://vacation.sourceforge.net

2. Extract the vacation to a temporary directory as below: -
tar xvfz vacation-1.2.6.3.tar.gz -C /tmp

3. Change directory to /tmp/vacation-1.2.6.3 as below: -
cd /tmp/vacation-1.2.6.3

4. Run the “make” command as below: -
make

5. Copy the “vacation” binary to “/usr/bin” as below: -
cp vacation /usr/bin

6. Create a softlink in the Sendmail’s restricted shell utility “smrsh” as below: -
cd /etc/smrsh
ln -s /usr/bin/vacation vacation

7. Next, lets proceed with installing and configuring SquirrelMail’s Local User Autoresponder and Mail Forwarder Plugin. Download local_autorespond_forward-3.0-1.4.0.tar.gz from the link below: -
http://www.squirrelmail.org/plugin_view.php?id=264

8. Extract the local_autoresponder_forward to SquirrelMail’s plugin directory (in CentOS 5) as below: -
tar xvfz local_autorespond_forward-3.0-1.4.0.tar.gz -C /usr/share/squirrelmail/plugins

9. Download the Compatibility plugin from the link below: -
http://www.squirrelmail.org/plugin_view.php?id=152

10. Extract the compatibility plugin to SquirrelMail’s plugin directory (in CentOS 5) as below: -
tar xvfz compatibility-2.0.8-1.0.tar.gz -C /usr/share/squirrelmail/plugins

11. Run the SquirrelMail’s config command as below: -
cd /usr/share/squirrelmail/config
./conf.pl

12. Patch your SquirrelMail according to your version as below: -
patch -p0 < patches/compatibility_patch-1.4.8.diff

13. In SquirrelMail Configuration Main Menu, key-in “8″ to enter Plugins menu. Next, key-in the number that refer to “local_autorespond_forward” to install the plugin

14. Create the local_autorespond_forward configuration file as below: -
cd /usr/share/squirrelmail/plugin/local_autorespond_forward
cp config.php.sample config.php

15. Edit the config.php file and change the following as below: -
$ftp_passive = 1;

16. Next, you need to enable the vsftp service in init level 3, 4 and 5 as below: -
chkconfig --level 345 vsftp on

17. Let’s start the vsftp service as below: -
service vsftp start

You can now begin to use the SquirrelMail’s local_autorespond_forward plugin to configure the vacation email responder for Sendmail.

Source: Vacation Email Responder


REFERENCE

http://wingloon.com/2007/09/05/vacation-email-responder-for-sendmail-in-centos-5/



Canonical Name Record (CNAME)

Category: SkyHi @ Tuesday, February 09, 2010

A CNAME record maps an alias or nickname to the real or Canonical name which may lie outside the current zone. Canonical means expected or real name.

Format

name  ttl  class   rr     canonical name
www        IN      CNAME  joe.example.com.

The following fragment shows the use of CNAME RRs to map web and ftp services to a single host.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
server1    IN      A      192.168.0.3
www        IN      CNAME  server1
ftp        IN      CNAME  server1

CNAME RRs incur performance overheads. The most common DNS query is for an A RR, or an AAAA RR if IPv6 - the end system needs an address which is only defined with these RR types. In the above example if a query for the address of www.example.com is received, two look-up operations are performed on the master or slave server. The first finds www.example.com which finds a CNAME RR. This is followed by a query for server1.example.com to obtain the IP, that is, the CNAME chain is followed to attempt to resolve the request for an IP address. On low volume DNS servers the additional resources used are not significant but on high volume servers the additional load can become non-trivial. The user must make a choice to balance what many see as the convenience of using CNAME RRs against the possible performances degradation involved.

CNAME RRs cannot have any other RRs with the same name, for example, a TXT - well that was true until DNSSEC came along and in this case RRSIG, NSEC and certain KEY RRs can now occupy the same name.

While use of CNAME RRs with NS and MX records is widely implemented and generates a working configuration it is theoretically not permitted (RFC 1034 section 3.6.2) since it can result in lost names. The fragment below illustrates a widely used but technically invalid configuration.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
          IN      MX  10  mail.example.com.
mail       IN      CNAME   server1
server1    IN      A      192.168.0.3

In the above configuration when a query is issued for the A RR of mail.example.com the result will return both the mail.example.com CNAME RR and the server1.example.com A RR. When the A RR is used the name associated with the CNAME can be lost, that is, there is a valid MX record referencing the host mail.example.com and an A RR referencing server1.example.com but nothing joins the two records. The fragment below, by re-ordering the RRs, will achieve the same result and allow a valid mapping of the MX name to the A RR name.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
          IN      MX  10  mail.example.com.
server1    IN      CNAME   mail
mail       IN      A      192.168.0.3

For many users the above feels uncomfortable because the real host name is server1.example.com not mail.example.com. Bear in mind that the DNS system simply maps a name used externally to an IP address - irrespective of the host's name in its local configuration file.

You can map other CNAME records to a CNAME record but this is considered bad practice since queries will follow the CNAME chain and look for the A record which uses more DNS resources. CNAME loops can also inadvertently result from such a procedure.

You can redefine a single IP to have multiple names using standard A records which is functionally the same as a CNAME for entries within a zone.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
server1    IN      A      192.168.0.3
www        IN      CNAME  server1

; following is functionally identical
; but incurs no CNAME lookup overhead
server1    IN      A      192.168.0.3
www        IN      A      192.168.0.3

In our view the only time that a CNAME is required (there is no alternative) is when you want to alias a host in the current domain to an external domain as shown below:

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
; www service internal to domain
www        IN      A      192.168.0.3
; CNAME used to map ftp service to an external host
ftp        IN      CNAME  ftp.example.net.

Examples & Variations

; zone file fragment for example.com
joe        IN      A      192.168.254.3  
www        IN      CNAME  joe ;canonical name is joe.example.com.
www        IN      CNAME  joe.example.com. ; exactly the same as above
ftp        IN      CNAME  www.example.com. ; bad practice
; better practice to achieve same result as ftp CNAME above
; by re-defining the same physical host with 2 A records
ftp        IN      A      192.168.254.3

; next line redirects bill.example.com to fred.another.com
bill       IN      CNAME  fred.another.com.

; this is theoretically invalid - but widely implemented
          IN      MX 10 mail.example.com.
...
mail       IN      CNAME  joe.example.com.

; classic www.example.com and example.com access
; resolves example.com to an IP
          IN      A      192.168.254.8
www        IN      CNAME  example.com.
; could also be defined as
          IN      A      192.168.254.8
www        IN      A      192.168.254.8

If you are concerned about when to use the dot and when not at the end of a line.


REFERENCE

http://www.zytrax.com/books/dns/ch8/cname.html

How I updated PHP & MySQL on RedHat Enterprise Linux (RHEL) 5.3

Category: , , SkyHi @ Tuesday, February 09, 2010

This is my post about the steps which I used to update the versions of PHP and MySQL on RHEL 5.3. As of this writing the latest versions of PHP is 5.2.9 and that of MySQL server is 5.1.32-1. The installation of RHEL5 (after making updates) had versions of PHP/MySQL which were  as much as 2.5 years old. You obviously don’t want so old versions of the software for security reasons. So I decided to upgrade versions of PHP/MySQL on the system. Obviously the default repository of RHEL does not have the updated versions of PHP and MySQL (and many other softwares I believe).

I searched online for making the upgrades and after a long search, I came across links on the web which helped me perform the upgrades. So, I decided to write a detailed post about my upgrade process so it could be helpful to others.

The packet management tool which I’m using is yum. So its a good idea to know few basic yum commands:

yum list available

yum list installed

yum list updates

yum install [package]

yum remove [package]

I guess all of above commands are self explanatory.
Since the repositories which are used by RHEL are not up to date, so we need to use and setup some other repository. One of the most popular and the one which I used is Remi’s repository which has latest packages for most of the software:

http://rpms.famillecollet.com/index.html

This repository is not there in the repository directory

/etc/yum.repos.d

yet so we need to enable it in order to use it. To do that we need to download some additional RPMs and install them first. The 2 RPMs which we need are:
epel-release and remi-release
My architecture is i386 so if yours is x86_64 then get the RPMs for it accordingly.

We can get the first one from here:
http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

using:

wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

rpm -Uvh epel-release-5-3.noarch.rpm

Download the 2nd one from Remi’s site:
http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

using:

wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

rpm -Uvh remi-release-5.rpm

2nd package is dependent on first one so we need to install 1st before the 2nd.

Now, I removed the older packages first (not sure if this was needed though) by using:

yum list installed

and looking for those packages which started with php or mysql. That also included php packages dependent on mysql and vice-versa. Remove them using:

yum remove [package]

IMPORTANT: I didn’t mention it here but if you have any data present (especially MySQL database) then please make sure that you back them up  first before removing packages as that may result in loss of data also. I didn’t have any data when I started so I didn’t mention it before.

The steps will now create corresponding information for Remi’s repository in:

/etc/yum.repos.d/

So, now we have the older packages removed and need to install the new ones. Before that we need to enable Remi’s repository. For that goto file called remi.repo in the repo directory and under the section [remi] there, change enabled = 0 to enabled = 1.

After doing this, run the following command:

yum install php

Now, run:

php -v

and you should get something like this:

PHP 5.2.9 (cli) (built: Feb 27 2009 14:42:58)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

as the output.

Now, run the following commands:

yum install mysql-server
yum install php-mysql

yum install mysql-devel

and it should install MySQL server and PHP-MySQL module along with necessary dependencies.
Now, you can check your working of PHP and MySQL server by starting httpd and mysql services and may be writing a phpinfo() file:

/sbin/service httpd start
/sbin/service mysqld start

So the PHP and MySQL should be working now. I have not yet done any configuration of any of those and its likely that I’ll run into some problems there and so may be I’ll make another post about it.
Some of the links which were useful to me and from where I used information for the installation process:

https://forums.misdivision.com/showthread.php?t=1285
http://timt881.wordpress.com/2009/02/17/installing-phpmyadmin-and-php-52-on-a-centos-52-server/
http://forum.parallels.com/showthread.php?t=86086

Since this thing worked for me for RHEL 5.3 so I believe it should work for CentOS as well.


REFERENCE

http://binit933x.wordpress.com/2009/03/05/how-i-updated-php-mysql-on-redhat-enterprise-linux-rhel-53/



PHP 5.3 upgrade in Centos 5.3

Category: , , SkyHi @ Tuesday, February 09, 2010

I’ve finally figured out a way to install PHP 5.2.x instead of PHP 5.1 which installs on CentOS 5.3 by default. I’ve wanted to use phpMyAdmin 3.x but could not because of this. Now I can, and if you keep reading you will too. Note if you follow this how-to and do everything correctly you won’t even loose your current database. But I highly recommend you backup your database before you proceed.

 

## First lets download this following repositories:
<code>

 

wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
wget http://rpms.famillecollet.com/el5.i386/remi-release-5-6.el5.remi.noarch.rpm

 

</code>

 

## Lets remove old MySQL 5, will install newer version later.
yum remove mysql

 

## Now lets install them:
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

 

## OK, Now you should be able to install PHP 5.2.9 without a problem =)
yum –enablerepo=remi update php-cli
OR
yum –enablerepo=remi update php*

 

## Now install MySQL
yum –enablerepo=remi install mysql mysql-server
chkconfig -levels 235 mysqld on
service mysqld start

 

If you get the following error when you try starting newly installed MySQL;
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

 

## Now install PHP-MySQL module
yum –enablerepo=remi install php-mysql


REFERENCE

http://anilkonsal.wordpress.com/2009/10/15/php-5-3-upgrade-in-centos-5-3/



Installing phpmyadmin and PHP 5.2.* on a Centos 5.2 Server (updated)

Category: , SkyHi @ Tuesday, February 09, 2010

So I spent the better part of last night (12-3:30am) trying to figure out just exactly how to get phpmyadmin installed on my Centos 5.2 Server. Now, I’m no dummy when it comes to linux, package management etc… But this was a task which apparently many other people have had trouble with. I finally gave up on it and went to bed, woke up this morning and went back to it… At which point I actually figured everything out and now have PHP 5.2.8 installed working with phpmyadmin 3.1.2 (which to day, all the most recent stuff) using mysql-server 5.1.31.

So here’s how I did it: Apparently the repositories that Centos 5.2 uses by default still have php 5.1.* so you can just do a yum update or yum install php. The first step here is to set up the Remi repository. He maintains a repository that has the most up to date version oh php and all of its extensions. You can set this up by doing the following:

$ wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

$ wget http://rpms.famillecollet.com/el5.i386/remi-release-5-7.el5.remi.noarch.rpm

$ rpm -Uvh remi-release-5-7.el5.remi.noarch.rpm epel-release-5.3.noarch.rpm

This will set up the Remi repository for yum. By default it is disabled so you’ll have to use the –enablerepo option with yum when you are using it to install or update anything. So in order to update to php 5.2.* you just say:

$ yum –enablerepo=remi install php

To verify that you have php 5.2.8 installed issue a

$ php -v

And you’ll get a response like:

PHP 5.2.8 (cli) (built: Dec  9 2008 14:11:33)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

At this point I assume you already have mysql and mysql-server installed and configured. If not just issue:

$ yum –enablerepo=remi install mysql-server

It will install all of the necessary dependencies including mysql. Configuring mysql server using mysqladmin is actually out of the scope of this but there are plenty of tutorials online for that. Make sure you set up your   and passwords for accessing it otherwise you’ll have issues later.

Now, you’ll want to install php-mysql. Again use the remi repository for this, otherwise you’ll end up with tons and tons of dependency issues. Trust me, I learned this the hard way…

$ yum –enablerepo=remi install php-mysql

This will install the mysql.so module for you and add it to php.ini so you don’t need to add the extension=mysql.so. It does the same for mysqli.

So now you’ve got everything you need set up properly, so install phpmyadmin. Get the tar ball from the server, extract it somewhere in your htdocs folder, create a system link called phpmyadmin.  Go into the phpmyadmin and create a folder called config. Issue:

$ chmod o+rw config

Now because you’ve already set everything else up, you won’t receive the errors that I got on my first attempts. Now go to http:/www.yoursite.com/phpmyadmin/setup and follow the steps there. It’s a very nice little graphical interface that helps you set the configuration file. After this is done, move the config.inc.php file in the config directory to the head of the phpmyadmin directory. Then remove the permissions you set before:

$ chmod o-rw config

That’s it. Now you can go to http://www.yoursite.com/phpmyadmin and log in using your credentials for mysql-server.

Hope this saves everyone from running into all of the issues I had.

REFERENCE
http://timt881.wordpress.com/2009/02/17/installing-phpmyadmin-and-php-52-on-a-centos-52-server/


Monday, February 8, 2010

Joomla default directory Permission

Category: SkyHi @ Monday, February 08, 2010

Sunday, February 7, 2010

Deactivating service ftp due to excessive incoming connections

Category: SkyHi @ Sunday, February 07, 2010
ERROR:
Feb  7 12:44:18 web xinetd[28330]: Deactivating service ftp due to excessive incoming connections.  Restarting in 30 seconds.
Feb  7 12:44:18 web proftpd[21228]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb  7 12:44:18 web proftpd[21232]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb  7 12:44:18 web proftpd[21230]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb  7 12:44:18 web proftpd[21231]: web.example.com(23.4.3.5[23.4.3.5]) - FTP session closed.
Feb  7 12:44:28 web proftpd[21229]: logs.example.com (23.4.3.5[23.4.3.5]) - FTP session opened.
Feb  7 12:44:28 web proftpd[21229]: logs.example.com(23.4.3.5[23.4.3.5]) - FTP session closed.
Feb  7 12:44:48 web xinetd[28330]: Activating service ftp

Answer:
Exact Error Message
xinetd[1225]: Deactivating service bpcd due to excessive incoming connections. Restarting in 30 seconds.

Details:
Overview:
By default, RedHat servers are configured to accept 25 incoming connections per second.   If the number of incoming connections exceed 25 per second, the service will be temporarily disabled.  The cps directive in the /etc/xinetd.conf file dictates how many connections per second are allowed and the number of seconds to elapse before re-enabling the service.

Troubleshooting:
Check the /var/log/messages for any error messages and check the cps setting in the /etc/xinetd.conf file.

Log Files:
The /var/log/messages file will show the error:
xinetd[1225]: Deactivating service bpcd due to excessive incoming connections. Restarting in 30 seconds.

Resolution:
Increase the number of connections per second allowed by xinetd.  

To increase the number of connections per second allowed by xinetd, edit the /etc/xinetd.conf file.  In the following example, the number of incoming connections per second has been increased from the default of 25 to 35.  (bold added for clarity)

#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
       instances       = 60
       log_type        = SYSLOG authpriv
       log_on_success  = HOST PID
       log_on_failure  = HOST
       cps             = 35 30
}

includedir /etc/xinetd.d

It will be necessary to restart xinetd for the changes to take effect.
# /etc/rc.d/init.d/xinetd restart


=====================================================================
=====================================================================

cps
This sets yet a third limitation on the connection rate: if xinetd receives too many connections from one source within a one-second period, it considers something wrong (such as an attack) and will disable the service for a short period with a message in the logfile:

Jan 9 14:20:15 evolinux xinetd[2622]: Deactivating service gds_db due to excessive incoming connections. Restarting in 30 seconds.
We set the value 200 5, which disabled the service for 5 seconds if 200 connections arrive per second.

REFERENCE
http://seer.entsupport.symantec.com/docs/275357.htm
http://unixwiz.net/evo/evo-linuxdb-setup.html

Subscribe to: Comments (Atom)