Category: computers

SMTP-AUTH for Postfix via courier-authlib (authdaemond)

Published September 4, 2008

Getting SMTP authentication working with Postfix via authdaemond on FreeBSD 7.0 without occasional, useless errors in /var/log/messages has just caused me an hour of frustration. Therefore, I wish to document what I had to do to make it work right:

First off, Postfix (mail/postfix) and courier-authlib with MySQL support (security/courier-authlib with AUTH_MYSQL set in the config) must be installed. Setting up courier-authlib to talk to a MySQL db is beyond the scope of this document, but it basically involves setting the following lines:

/usr/local/etc/authlib/authdaemonrc:

authmodulelist="authmysql"

/usr/local/etc/authlib/authmysqlrc:

MYSQL_SERVER localhost
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_USERNAME mail
MYSQL_PASSWORD [OBSCURED]
MYSQL_DATABASE mail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD pobox
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD CONCAT(homedir,'/',maildir,'/')
MYSQL_QUOTA_FIELD quota
MYSQL_NAME_FIELD name

After that is set, Postfix’s main.cf must have SASL enabled with smtpd_sasl_auth_enable = yes. Next, the following smtpd.conf must be placed in /usr/local/etc/sasl2:

/usr/local/etc/sasl2/smtpd.conf

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket

auxprop_plugin: mysql
sql_select: select password from users where email = '%u@%r'

Now, here’s the stupid part. See those last two lines, auxprop_plugin: mysql and sql_select: select...? They don’t do anything, and that SELECT statement won’t even return anything useful on my db. Without them there SMTP AUTH works great. However, if you don’t have those lines there, Postfix will regularly complain loudly with errors such as these:

Sep 4 21:30:02 banstyle postfix/smtpd[47677]: sql_select option missing
Sep 4 21:30:02 banstyle postfix/smtpd[47677]: auxpropfunc error no mechanism available

Please note that with authdaemond, CRAM-MD5 and DIGEST-MD5 authentication mechanisms won’t work. (These would normally be set with mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5.) If enabled they will appear available but won’t work.

One final thing… Want to know how to be sure that the server is notifying clients that it supports authentication? Just simply telnet to port 25 on your mail server and type in EHLO domain.com. The AUTH LOGIN PLAIN and AUTH=LOGIN PLAIN lines show you that plain-text authentication is now available:

c0nsumer@banstyle:~> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banstyle.nuxx.net ESMTP Postfix
EHLO nuxx.net
250-banstyle.nuxx.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

2 Comments

Moving from Waveform

Published August 27, 2008

Tomorrow I will begin the move away from Waveform Technology to Clear Rate Communications. Within the last six months I have been having a number of weird problems (to be detailed at a later time) with Waveform, prompting the move to a new provider. At the same time I’ll be moving to a much faster box, banstyle.nuxx.net. Provided everything goes as planned I’ll be moved over to the new box by the end of next week.

This means that, during the move, all of you who I host stuff for will be down for a little while. If there are any problems, just get a hold of me and we’ll sort it out.

Leave a Comment

lighttpd on nuxx.net

Published August 21, 2008

Instead of fighting with traffic I decided to sit around for a while after work and add to the article I’ve been working on about the lighttpd configuration on nuxx.net. I’ve really begun to like lighttpd, despite it’s few quirks and limitations.

Articles covering the configuration of lighttpd are easy to come by, so I wanted to detail how I have put together lighttpd, php-cgi (as a FastCGI), cronolog, and some custom configuration to make a web server which runs PHP apps under the UID which owns each vhost, rotates logs out automatically, and generally performs quite well. With this configuration I’ve been able to withstand both individual sites being compromised and unexpectedly high loads.

So, if you want to read more about it, here you go: lighttpd

If you would like to read a bit about the server behind nuxx.net, you’ll want to look at this article. Note that the configuration detailed there will be changing as soon as I migrate from rowla.nuxx.net to the much more powerful banstyle.nuxx.net.

Leave a Comment

Car-Based Data Tank

Published August 8, 2008

I look forward to Wireless USB becoming a reality because then I can easily put some sort of large flash-based device in my car, powered from the car, and use it for backups. As my car is generally where I am I think that it would be reasonable to use such a device for backing up personal financial data and other things like that.

Sure, I’ll have to incorporate some manner of both encrypting the communication and the data on the disk, but that shouldn’t be too difficult.

It’d be interesting to try it now via Bluetooth, but it’d make the availability as a disk volume (for easy backups) a bit more complicated.

Leave a Comment

Postgrey Is Disabled on nuxx.net

Published July 28, 2008

I’ve just disabled Postgrey on nuxx.net to see how things go without it. I’d like to work on more aggressively filtering spam, particularly after conversations with some other individuals about how greylisting isn’t a proper / scalable solution.

Worst case I’ll just turn it back on, but ideally I’d like to simply get filtering working even better.

Leave a Comment

How To Make an iPhone 3G Fail

Published July 20, 2008

A iPhone 3G at the Apple Store rebooting after I managed to crash it by viewing a 7MB JPEG.

As I’ve mentioned before, I’ve been contemplating an iPhone 3G as a replacement for my aging (and failing) Nokia 6600. Today I went by the Apple store at the local outdoor mall^†, Partridge Creek to spend some time playing with one. Unfortunately, I crashed it hard once and made the UI slow horribly another time. I also ran into one other potentially show stopping bug.

First, 3G was a lot slower than local wireless. When using 802.11 things zipped along nicely, but 3G was still wholly acceptable on both web pages and maps. I think it’d be just fine for mobile use.

I then wanted to try to see how it renders my personal site, including my photo gallery, so I loaded up a few things. Everything worked great, except for when I’d try and visit a full size image in the gallery, then the image wouldn’t display. For example, take this page. It worked great, except that large image of the P3 case just simply wouldn’t display.

Thinking that maybe the iPhone had problems with large images I then browsed to https://nuxx.net/images and tried to view this image. While downloading and rendering it (via 802.11) the phone got really slow, the volume buttons and ringer switch stopped responding, and then phone laggedly noticed that I’d turned it sideways. The whole phone was very slow, and after four or five minutes of being nearly unresponsive it gave up. The phone was displaying partially downloaded image and half-heartedly rotated screen (it must have noticed that I’d been moving the phone around) when it went blank and rebooted, displaying the screen shown above.

After the phone rebooted I made a point of disabling 3G, thinking that maybe the phone was somehow failing over to it and just let it go with 802.11. (This is done by turning on airplane mode, then turning WiFi on.)

The image was then able to load and display, although it took quite a bit of time. I can’t help but think that the iPhone just isn’t set up to deal with / display images of this size. With how popular digital photography and things like Flickr in particular are, I’d hope that Apple would have found a way to deal with it. Wanting to break things further I loaded up this 9.7MB JPEG panorama of a part of the USAF Museum at Wright-Patterson. This too caused the iPhone 3G to lag horribly and the UI to become unresponsive, but eventually (after maybe four minutes) it acquired the image and displayed it. This time the phone didn’t crash.

While I can understand that a mobile device might not be able to handle images of this size, I think there should be something in place to ensure that the end user experience doesn’t turn to crap. Also, I really don’t like how the image in my gallery silently failed to display.

^† Speaking of outdoor malls in Michigan, check out the map of Twelve Mile Crossing at Fountain Walk, aka The Fountain walk, in Novi. See all the empty space? I don’t know what developer could possibly think that an outdoor mall in a state with Michigan’s drawn out, harsh winter and frequently rainy summers is a good idea.

Leave a Comment

PSA: Wipe Your Computers

Published July 14, 2008

Censored screenshot of bank info found on a computer I found.

This is just a friendly reminder that before throwing out a computer you should wipe the hard drive, lest people find things like this. Yes, I added the black blocks.

I acquired a computer today, and when checking it over found this. There were also some credit card transaction screens (I think maybe the owner had been saving these or something) and family photos, but not much else obvious. I think the owner had attempted to clean it with some antispyware tools and by uninstalling things, but there still were plenty of traces left. I didn’t dig too deep before beginning to wipe it.

So, what should you do when disposing of a computer and/or hard drive? Use a (relatively) simple utility like Darik’s Boot and Nuke to give the hard drive a few wipes before putting it to the curb or giving it away. Or just do what I did last time I had to dispose of some tapes and hard drives.

Anyone want a few year old Duron system? It seems to work…

1 Comment

Smart UPS 1400

Published June 27, 2008

This post is being brought to you by a bit of energy supplied by new batteries which were just installed in the old Smart UPS 1400 in my office.

On Wednesday evening I ordered two new batteries from Rage Battery, part number SLA-17-12, which are direct replacements for the cells in the OEM Smart UPS 1400 battery. They were delivered today, so I used the parts from the old pack (bus, fuse, screws, nuts, harness) to build them into a replacement pack which I then stuffed that back into the UPS housing. After a brief test it’s now all sitting back on the rack, charging, smoothing power, and waiting to protect things at the next power glitch.

Thankfully the replacement TiVo HD was delivered today as well, so I think I’ll go put that into place while Danielle cooks dinner.

Leave a Comment

Clean, Clean Feet

Published June 26, 2008

There is something surprisingly satisfying about washing one’s feet (and thus hands) after working a bunch.

After another very sleepy class today I stopped at Sears and picked up a small scale (inch pounds) torque wrench (the same as borrowed earlier) along with some bits. I then cleaned up parts from my bike a bit, confirmed the torque on parts like the cranks, hand grips, and a few other things. Come Monday (I believe) I’ll be able to reassemble it with the new wheels and brakes, and the torque wrench should make it lots easier.

Sweeping, cleaning, and lots of wandering around had turned the bottoms of my feet deep gray, so it was into the bath tub to wash them off. They feel really nice now.

I think now I’ll run out to Sears and return the bits, as is going to facilitate my acquisition of an adapter which will make them useless. Then I’ll grab some food, come back here, and probably start reading the Official (ISC)²® Guide to the CISSP® CBK® which I received in class today. I strongly suspect it’ll be more useful than the training materials I’ve been given thus far.

For what it’s worth, I’m taking the New Horizons Training for CISSP Certification. It isn’t a formal CISSP class and I’m finding it a bit strange. The instructor seems okay, but he’s living up to the stereotypes of someone who would teach an “ethical hacking” class, which he does. It’s a bit bothersome, particularly in the way which he’s made some direct, but inaccurate statements about technical issues. For example: no matter what it’s always possible to hack into a service listening on a port, DSL uses the unused phone wires coming into your house, an SMTP packet won’t contain a TCP header, and a few other things which I’ve forgotten.

The class is very pointedly designed to teach only the things known to be on the test. I would prefer a much faster paced class, but I think it’ll be useful as I’m now feeling reasonably confidant that I can pass the CISSP exam. I guess it’s a good thing I’ve worked doing what I do at EDS for so long; it means I have the paper / job qualifications to get the cert too.

Leave a Comment

How To Use Consolas with cmd.exe

Published June 19, 2008

Back in January I mentioned that I have switched to Consolas as my preferred monospaced font for on-screen work. As part of this I switched cmd.exe to using it as well, but doing so was not a trivial matter. If you wish to do so, here’s how in a couple of nice, easy steps:

1) Get a copy of Consolas. You can either get it here direct from Microsoft, or I also have a copy of just the .ttf files here.
2) Add the fonts to the machine by dragging and dropping them into %WINDIR%\Fonts (eg: c:\windows\fonts) or add them using the Fonts applet in Control Panel.
3) Add a string value called 00 with a value of Consolas to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont. Importing this .reg file will do this for you.
4) Start up cmd.exe and you’ll now be able to change the font to Consolas. I suggest saving the changed properties for future use.
5) Note that despite changing the selected font at this time, it does not actually change in the window. You must now reboot the computer (not just log out, but actually reboot) and then log back in.
6) Fire up cmd.exe and you’ll see that the font being used is now Consolas, as shown above.

Note that the window shown above has the font size set to 14 point. For what it’s worth, I run the console on my laptop (with a 1400×1050 display) at 14 point, with a window width of 150 characters and height of 70 characters, as can be seen here.

I also use Consolas in PuTTY running at 11 point, 80 columns and 50 rows and in Notepad++, also at 11 point.

One last thing to remember is that this font was designed to be used with ClearType, Microsoft’s implementation of subpixel rendering. Without this it’ll look like poop.

1 Comment