BigSmoke

Smokes your problems, coughs fresh air.

Month: January 2010 (Page 3 of 3)

Set proper origin domain for Zimbra server

January 12, 2010 /

(This turned out not to be how I fixed it. I just configured exim and /etc/mailname as I do always and that fixed it. However, exim does not run as the SMTP server listening on port 25, that is the postfix installed by Zimbra. I don’t know how and if this exim configuration conflicts with zimbra.)

I have a zimbra server fooled into thinking it hosts a particular domain. Part of the fooling involves setting a different SMTP server than localhost for all outgoing mail. Luckily, Zimbra can do that.

The downside of that is that when you send mail to “root”, the other SMTP server qualifies it with its domain and the mail appears to be coming from the wrong server.

To fix it, specify this in the /opt/zimbra/postfix/conf/main.cf: 

myorigin = example.com

This seems to work without caveats. However, I don’t know if zimbra overwrites this config file at some point.

As always, pick a domain that exists, otherwise a lot of mailservers won’t accept it. You don’t even need an MX record, A or CNAME if enough.

Changing lost MySQL root password

January 11, 2010 /

When you don’t know the current mysql root password and you want to change it, do this: 

/etc/init.d/mysql stop
mysqld --skip-grant-tables &
mysql -p
use mysql;
update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
flush privileges;
quit;
killall mysqld
/etc/init.d/mysql start

Source.

Convenient iptables rules

January 4, 2010 /

Here are some convenient iptables rules.

This first list is for not allowing anything in, accept packets that come back from outgoing connections, complicated related traffic like FTP, everything from the localhost, ICMP (ping and stuff) and SSH. It also sets the default policy to DROP. This you would use on a machine connected directly to the internet. 

iptables -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT --match comment --comment "Accept traffic from outgoing connections and stuff like FTP."
iptables -A INPUT -p icmp -j ACCEPT --match comment --comment "Allow ICMP"
iptables -A INPUT -p tcp --dport 22 -j ACCEPT --match comment --comment "Allow SSH"
iptables -A INPUT --in-interface lo -j ACCEPT --match comment --comment "Allow everything on the localhost"
iptables -P INPUT DROP
Here are some rules to allow certain MAC addresses to access everything. Simplifies things on a LAN (even though it’s not attacker-proof, it keeps unwanted people out of my SMB and stuff): 
iptables -A INPUT --match mac --mac-source xx:xx:xx:xx:xx:xx --match comment --comment "Allow everything from [computer]" -j ACCEPT

Besides computers you want to grant full access to a machine, don’t forget to include the MACs of the router and the machine’s own ethernet interface.

When the machine acts as a masquerading SNAT server, use this to forward ports to LAN hosts (be sure to have the –to after the -j): 

iptables -t nat -A PREROUTING --in-interface eth0 -p tcp --dport 80 -j DNAT --to 10.0.0.1:22 --match comment --comment "forwards incoming port 80 to port 22 on 10.0.0.1"

To allow everything for a samba server: 

iptables -A INPUT -p tcp --dport 139 -m comment --comment "Allow Netbios-ssn" -j ACCEPT 
iptables -A INPUT -p tcp --dport 445 -m comment --comment "Allow microsoft-ds" -j ACCEPT 
iptables -A INPUT -p udp --dport 137 -m comment --comment "Allow netbios-ns" -j ACCEPT 
iptables -A INPUT -p udp --dport 138 -m comment --comment "Allow netbios-dgm" -j ACCEPT

My custom Linux environment

January 4, 2010 /

On every machine that I install, I need a custom environment. At the very basic, I need screen and bash customizations. I will attempt to keep this blog post up-to-date with my most recent config.

/etc/bash.bashrc_halfgaar (naming scheme depends on distro): 

prompt_command {
  XTERM_TITLE="\e]2;\u@\H:\w\a"
 
  BGJOBS_COLOR="\[\e[1;30m\]"
  BGJOBS=""
  [ "$(jobs | head -c1)" ]; BGJOBS=" $BGJOBS_COLOR(bg:\j)";
 
  DOLLAR_COLOR="\[\e[1;32m\]"
  [[ ${EUID} == 0 ]] ; DOLLAR_COLOR="\[\e[1;31m\]";
  DOLLAR="$DOLLAR_COLOR\\\$"
 
  USER_COLOR="\[\e[1;32m\]"
  [[ ${EUID} == 0 ]]; USER_COLOR="\[\e[41;1;32m\]";
 
  PS1="$XTERM_TITLE$USER_COLOR\u\[\e[1;32m\]@\H:\[\e[m\] \[\e[1;34m\]\w\[\e[m\]\n\
$DOLLAR$BGJOBS \[\e[m\]"
} PROMPT_COMMAND=prompt_command
 EDITOR=vim
 ls='ls --color=auto' ll='ls -l' lh='ls -lh' grep='grep --color=auto'

Don’t forget to source the file in ~/.bashrc

~/.screenrc: 

caption always "%{= kB}%-Lw%{=s kB}%50>%n%f* %t %{-}%+Lw%<"
vbell off
startup_message off
term linux

Pasting in Vim

January 3, 2010 /

When you want to paste in Vim, you want vim to not use indenting, because that messes up your code. I used to use :insert, but on some machines, it would still indent. I discovered the :set paste command, which works quite well.

Newer posts »

© 2026 BigSmoke

Theme by Anders NorenUp ↑