Archive for the ‘Linux’ Category

Apache2 Won’t Properly Stop

July 9th, 2008 Mark No comments

Just a quick note:

Apache 2.2 with PHP 5.2.6-2 on Debian fails to shutdown properly on one of my servers

apache2ctl stop or /etc/init.d/apache2 stop or equivalents would result in “waiting…………….” until a timeout and then the new process is launched anyway which fails because the port is already in use, apache2 never finished shutting down properly

Not sure exactly what the problem is, but downgrading to PHP 5.2.6-0.dotdeb.1 via DotDeb mirrors solved the issue

Hopefully it will be fixed in the next version/patch

Categories: Linux, SysAdmin Tags: , ,

Lots of SSH dictionary attacks recently

October 23rd, 2007 Mark 1 comment

I thought I was getting a lot of DenyHosts emails recently and the statistics page on the DenyHosts website seems to agree with me!

SSH daily attacks via DenyHosts stats for Oct23 2007

I wonder what’s caused this sudden surge in attacks

*nix – deleting all files in a folder (0000′s)

May 8th, 2007 Mark No comments

When ‘rm’ says ‘too many arguments’, use the following to erase all the files in a folder:

find . -type f -print | xargs -n 20 rm
Categories: Linux, SysAdmin, Website Tags:

Fine tuning Postfix mail logs

February 23rd, 2006 Mark No comments

For some reason, by default, after installation via apt-get of Postfix on Debian, Postfix log output gets logged to /var/log/syslog, /var/log/mail.log and /var/log/ all with the same information

On one of my servers, syslog-ng takes care of the syslog.. the edits to this (syslog-ng.conf) comprised:


filter f_syslog { not facility(auth, authpriv); };


filter f_syslog { not facility(auth, authpriv,mail); };

and also comment out this:

#log { source(src); filter(f_mail); destination(mail); };

On another one of my servers, the default syslog is in use.. the edits to this (syslog.conf) comprised:


*.*;auth,authpriv.none; /var/log/syslog


*.*;auth,authpriv.none;mail.none; /var/log/syslog

and also comment out this:

#mail.*                         -/var/log/mail.log

now restart the daemons and your log files won’t have a shedload of duplicated information!

Categories: Linux, SysAdmin Tags:

Bind8 Logging problems

February 23rd, 2006 Mark No comments

On my vds (virtual dedicated server) I run Bind8 due to issues getting Bind9 to run properly

I’ve been trying to debug a problem with the zone transfer of a certain domain (turns out I had input the wrong secondary nameserver). I wanted get Bind8 to log basically everything.. so I stuck in a custom “logging {}” section in named.local.options but for some reason, the file was never created.

Unfortunately, it took me quite a while to realise that there was already a logging section in named.conf and that my section was being read but ignored (would give syntax errors if they existed in the new section but wouldn’t make my damned log file!)

I merged the two logging sections together in named.conf and it actually worked, the file being created in /var/cache/bind/

Categories: Linux, SysAdmin Tags:

Postfix XForward annoyance

February 20th, 2006 Mark No comments

I run our company’s email server – it’s Postfix on Debian.

I decided to create a script which would scan the mail logs and list clients that tried to send SPAM, so that I could add them to a blacklist.

A brief spell of messing about trying to implement this made me realise that the easiest way for me to parse the log would be for AMAVIS to output the actual client IP. However, since the source can be faked in the mail envelope, I wanted Postfix to pass the client IP onto AMAVIS, which brings me to XForward.

XForward is an SMTP extension which allows a trusted client/server to pass on the original client IP to a destination server (which could pass this on further, etc.)

I spent a while wondering why AMAVIS wasn’t getting the XForward’d IP, eventually realising that it wasn’t implemented in the version that I was running.. trying up apt-get the latest unstable/testing version yielded a nice message telling me that e2fsprogs needed to be updated (which is not something trivial).. I therefore decided to manually update amavis to a version which didn’t require the Perl library update which relied on the e2fsprogs, etc, etc being updated (see here for more details)

Eventually I got the whole thing working but then I realised a small problem – spammers often don’t care about which prority MX they use, i.e. they’ll use a backup MX sometimes, trying to bypass filters, etc.

I decided to try to get Postfix on the backup MX to XForward the original client to the primary mail server. This turned out to be a complete ball-ache.. After hours of pissing about trying to get it to work, I decided to install the very latest version of Postfix on the backup MX – even though 2.1 onward (according to all the Postfix documentation) supports XForward… lo and behold it worked! So either the documentation is wrong or there’s a bug in the version of Postfix I was using… very annoying

Thankfully, it’s all working fine now and my blacklist is growing :)

Categories: Linux, SysAdmin Tags:

PostfixAdmin, Courier, MySQL, MD5

January 4th, 2006 Mark 1 comment

I am writing this mostly for personal reference – I couldn’t figure out how Courier successfully authenticated POP3/IMAP access via MySQL as PostfixAdmin stores the passwords in the MySQL table using a custom function (or so it says – pacrypt)..

However I have discovered that although the function is custom, Courier also has a method to produce the exact same digest using an 8 character salt (md5cryptredhat)

So that’s how it works!

Categories: Linux, Opinion, SysAdmin Tags:

Postfix: How to erase deferred mails from the queue

December 12th, 2005 Mark 2 comments

I had a mail stuck in the deferred queue that was bugging me, a few google searches later resulted in the following commands in order to remove it:

postsuper -d <queueid>
Categories: Linux, SysAdmin Tags:

saslauthd on vds issues

December 12th, 2005 Mark No comments

I have a vds (virtual dedicated server) which runs postfix and uses saslauthd as the mechanism for SMTP Auth

I noticed that I couldn’t restart saslauthd via “/etc/init.d/saslauthd restart” for some reason.. the script would kill the PID of the parent saslauthd processes but the children would remain

It seemed that the children were locked in some state so reading the saslauthd –help output I noticed a -L option to disable accept() locking.. adding this to /etc/default/saslauthd did the trick.. flawless restarting of the daemon

Note to self: Markdown doesn’t support abbreviations :(

Categories: Linux, SysAdmin Tags: