Page 35 of 52

Configuring fetchmail to deliver to Zimbra with custom header added

January 17, 2010 / halfgaar

I needed to fetch mail from a POP3 account and deliver it to a Zimbra account. Because I’m doing this for multiple POP3 accounts, I want to add a header which I can use in Zimbra to filter. This is what we made:

poll server user "user" pass "secret" mda "formail -A 'X-Zimbra-To: user@domain.org'| /opt/zimbra/postfix/sbin/sendmail -i -t service@sicirec.org"

The -i tells sendmail to ignore a single dot on a line, because that would normally mean end of mail. The -t is “to” (not the header “To:“).

It is a bit unclear why postfix delivers locally to Zimbra, since doing mail user@ourdomain.org routes through an external SMTP server, which is configured in Zimbra to be used as MTA for outgoing mail. It is configured as ‘webmail MTA’.

Fixing spamassassin rule in Zimbra

January 17, 2010 / halfgaar

Spamassassin has had a bug for a while, marking any mail from 2010 and later as spam because it’s from “far into the future”. This was very crudely done as this regexp: /20[1-9][0-9]/. Because of that, almost all mail from 2010 onward is marked as spam.

I Changed the regex to match for 2020 or later, but that’s not really a fix. Even the spamassassin maintainers ‘fixed’ it that way.

What I have to look out for though, is that this file may get overwritten when I upgrade zimbra. sa-update doesn’t seem to work on zimbra, so I don’t really know what the best way of getting new rules is.

Replacing the full contents of a Subversion working (sub)dir

January 14, 2010 / Rowan Rodrik

The annoyances that I suffered earlier today during the upgrade of a WordPress plugin made me turn to my favorite text-editor to create a simple script, svn-replace-dir:

#!/bin/bash
 
usage() {
    cat <<"EOF"
$0 [--dry-run] <svn_dir> <replacement_dir>
 
This script replaces the contents of <svn_dir> with the contents of <replacement_dir>,
where <replacement_dir> is not an svn directory.
 
Copyleft 2010, Rowan Rodrik van der Molen <rowan@bigsmoke.us>
EOF
}
 
fatal_error() {
    message=$1
 
    -e "\e[1;31m$message\e[0m"
    1
}
 
usage_error() {
    error="Wrong usage."
 
    [ -n "$1" ];
        error=$1
   
 
    -e "\e[1;31m$error\e[0m"
    1
}
 
run_command() {
    -e "\e[1;34m$1\e[0m"
 
    [ $dry_run == 1 ] || $1
}
 
dry_run=0 [ $1 == '--dry-run' ];
  dry_run=1
 
 
 
[ $# == 2 ] || usage_error "Wrong number of arguments."
 
svn_dir= "$1"|sed -e 's#/$##'`
replacement_dir= "$2"|sed -e 's#/$##'`
begin_path=$PWD
 
#if [ "${svn_dir:0:1}" != "/" ]; then svn_dir="$PWD/$svn_dir"; fi
#if [ "${replacement_dir:0:1}" != "/" ]; then replacement_dir="$PWD/$replacement_dir"; fi
 
[ -d "$svn_dir" ] || usage_error "$svn_dir is not a directory."
[ -d "$replacement_dir" ] || usage_error "$replacement_dir is not a directory."
 
 
# Create all subdirectories in $svn_dir that do not yet exist
$replacement_dir
find . -mindepth 1  d -print | sed -e 's#^./##' | d;
    $begin_path/$svn_dir
    # Doesn't the destination directory already exist?
    [ ! -d "$d" ];
        run_command "svn mkdir '$d'"
   
 
# Copy all files from $replacement_dir to $svn_dir
$begin_path/$replacement_dir
find .  f -print | sed -e 's#^./##' | f;
    $begin_path
    run_command "cp '$replacement_dir/$f' '$svn_dir/$f'" # FIXME: Quoting problem
 
# Remove all files that do no longer exist in $replacement dir
$begin_path/$svn_dir
find .  f -print | grep -v '.svn' | f;
    [ ! -f "$begin_path/$replacement_dir/$f" ];
        run_command "svn rm '$f'"
   
 
# Remove all subdirs that do no longer exist in $replacement dir
$begin_path/$svn_dir
find . -mindepth 1  d -print | grep -v '.svn' | d;
    [ ! -d "$begin_path/$replacement_dir/$d" ];
        run_command "svn rm '$d'"
   
 0

Using the script is simple:

svn-replace-dir simple-tags new-simple-tags|less -R

It replaces all the contents of the first directory (simple-tags in the example) with those of the second directory and it deletes everything that is no longer present in the second dir. In the process, it does all the necessary calls to svn mkdir, svn rm and (in the next version) svn add.

diff tells me that the script has done its work correctly:

diff -x .svn -ruN simple-tags new-simple-tags
# Emptiness is bliss :-)

This is another one of these occasions when Git would have made life so much easier. Luckily, at least there’s GitHub to host this script as a Gist. Check there if you want to fetch the newest version of this script.

Scanning the entire network for machines with nmap

January 13, 2010 / halfgaar

You can easily scan the entire network for machine presence with nmap:

nmap -sP -v -v 192.168.1.*

It also supports list scanning, which I have yet to investigate.

Set proper origin domain for Zimbra server

January 12, 2010 / halfgaar

(This turned out not to be how I fixed it. I just configured exim and /etc/mailname as I do always and that fixed it. However, exim does not run as the SMTP server listening on port 25, that is the postfix installed by Zimbra. I don’t know how and if this exim configuration conflicts with zimbra.)

I have a zimbra server fooled into thinking it hosts a particular domain. Part of the fooling involves setting a different SMTP server than localhost for all outgoing mail. Luckily, Zimbra can do that.

The downside of that is that when you send mail to “root”, the other SMTP server qualifies it with its domain and the mail appears to be coming from the wrong server.

To fix it, specify this in the /opt/zimbra/postfix/conf/main.cf:

myorigin = example.com

This seems to work without caveats. However, I don’t know if zimbra overwrites this config file at some point.

As always, pick a domain that exists, otherwise a lot of mailservers won’t accept it. You don’t even need an MX record, A or CNAME if enough.

Changing lost MySQL root password

January 11, 2010 / halfgaar

When you don’t know the current mysql root password and you want to change it, do this:

/etc/init.d/mysql stop
mysqld --skip-grant-tables &
mysql -p
use mysql;
update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
flush privileges;
quit;
killall mysqld
/etc/init.d/mysql start

Source.

Convenient iptables rules

January 4, 2010 / halfgaar

Here are some convenient iptables rules.

This first list is for not allowing anything in, accept packets that come back from outgoing connections, complicated related traffic like FTP, everything from the localhost, ICMP (ping and stuff) and SSH. It also sets the default policy to DROP. This you would use on a machine connected directly to the internet.

iptables -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT --match comment --comment "Accept traffic from outgoing connections and stuff like FTP."
iptables -A INPUT -p icmp -j ACCEPT --match comment --comment "Allow ICMP"
iptables -A INPUT -p tcp --dport 22 -j ACCEPT --match comment --comment "Allow SSH"
iptables -A INPUT --in-interface lo -j ACCEPT --match comment --comment "Allow everything on the localhost"
iptables -P INPUT DROP

Here are some rules to allow certain MAC addresses to access everything. Simplifies things on a LAN (even though it’s not attacker-proof, it keeps unwanted people out of my SMB and stuff):

iptables -A INPUT --match mac --mac-source xx:xx:xx:xx:xx:xx --match comment --comment "Allow everything from [computer]" -j ACCEPT

Besides computers you want to grant full access to a machine, don’t forget to include the MACs of the router and the machine’s own ethernet interface.

When the machine acts as a masquerading SNAT server, use this to forward ports to LAN hosts (be sure to have the –to after the -j):

iptables -t nat -A PREROUTING --in-interface eth0 -p tcp --dport 80 -j DNAT --to 10.0.0.1:22 --match comment --comment "forwards incoming port 80 to port 22 on 10.0.0.1"

To allow everything for a samba server:

iptables -A INPUT -p tcp --dport 139 -m comment --comment "Allow Netbios-ssn" -j ACCEPT 
iptables -A INPUT -p tcp --dport 445 -m comment --comment "Allow microsoft-ds" -j ACCEPT 
iptables -A INPUT -p udp --dport 137 -m comment --comment "Allow netbios-ns" -j ACCEPT 
iptables -A INPUT -p udp --dport 138 -m comment --comment "Allow netbios-dgm" -j ACCEPT

My custom Linux environment

January 4, 2010 / halfgaar

On every machine that I install, I need a custom environment. At the very basic, I need screen and bash customizations. I will attempt to keep this blog post up-to-date with my most recent config.

/etc/bash.bashrc_halfgaar (naming scheme depends on distro):

prompt_command {
  XTERM_TITLE="\e]2;\u@\H:\w\a"
 
  BGJOBS_COLOR="\[\e[1;30m\]"
  BGJOBS=""
  [ "$(jobs | head -c1)" ]; BGJOBS=" $BGJOBS_COLOR(bg:\j)";
 
  DOLLAR_COLOR="\[\e[1;32m\]"
  [[ ${EUID} == 0 ]] ; DOLLAR_COLOR="\[\e[1;31m\]";
  DOLLAR="$DOLLAR_COLOR\\\$"
 
  USER_COLOR="\[\e[1;32m\]"
  [[ ${EUID} == 0 ]]; USER_COLOR="\[\e[41;1;32m\]";
 
  PS1="$XTERM_TITLE$USER_COLOR\u\[\e[1;32m\]@\H:\[\e[m\] \[\e[1;34m\]\w\[\e[m\]\n\
$DOLLAR$BGJOBS \[\e[m\]"
} PROMPT_COMMAND=prompt_command
 EDITOR=vim
 ls='ls --color=auto' ll='ls -l' lh='ls -lh' grep='grep --color=auto'

Don’t forget to source the file in ~/.bashrc

~/.screenrc:

caption always "%{= kB}%-Lw%{=s kB}%50>%n%f* %t %{-}%+Lw%<"
vbell off
startup_message off
term linux

Pasting in Vim

January 3, 2010 / halfgaar

When you want to paste in Vim, you want vim to not use indenting, because that messes up your code. I used to use :insert, but on some machines, it would still indent. I discovered the :set paste command, which works quite well.

Create DVDs from any random movie format on Windows

December 30, 2009 / Rowan Rodrik

Ewald wanted to be able to create DVDs from the Quicktime movies exported by his digital camera. As a result of being away from my familiar Linux tools, I had to find something that´d work on Windows XP.

First, I tried MediaCoder, a Windows front-end (done in XUL) for mencoder, ffmpeg and more of these familiar tools. It was flexible enough, but quite awkward from an end-user perspective and also frustrating if you’re used to calling the supporting commands directly from the CLI.

Luckily, I stumbled upon ConvertXtoDVD, a commercial Windows-only program which proved to be very user-friendly and intuitive without requiring the user to understand the ins and outs of each an every supported media format.

At 40 euro it’s a bit expensive if, like me, you’re used to staying at the free software side of things, but I’d daresay it’s actually worth the money if you’re not an obsessive geek with obscene amounts of free time on his hands.

BigSmoke