Finally Rebooted

February 20th, 2010
2 comments

As time marches on I am in the process of upgrading my Vmware ESXi installations and the systems I keep running had some excellent uptime statistics… Here they are :)

Server 1: 11:22:25 up 442 days, 11:41,  1 user,  load average: 2.05, 1.43, 1.80
Server 2: 11:24:30 up 442 days,  9:41,  1 user,  load average: 1.02, 1.50, 1.33

Just some fun statistics.

Server Software

Firebox x700 LCDproc driver

March 11th, 2009
14 comments

Wrote some code a while back; figured i’d get some other eyes on it.  I’ve been informed that there is a possability a charmap can be created for the hd44780 driver which would add the benifit of working buttons!

My source code is here

Hardware LCD spec is here

Server Software , , ,

OpenLDAP compiled with Kerberos fails to start

February 19th, 2009
6 comments

After compiling openldap with kerberos support, you get the following error message when starting it

bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/openldap-data: (2)
Expect poor performance for suffix dc=****,dc=****.
smbk5pwd: unable to initialize krb5 admin context: unable to find realm of host ****** (-1765328167).
backend_startup_one: bi_db_open failed! (-1)
slapd stopped.
connections_destroy: nothing to destroy.

This is because you have not created a configuration for kerberos yet.

To Fix:

cp /etc/krb5.conf.sample /etc/krb5.conf

Server Software ,

Postfix + DSpam

January 24th, 2009
8 comments

My objective was to configure postfix to filter ONLY incoming email by DSpam while also allowing specific email addresses to be used as honeypot (inoculation) input to dspam. This does not include general DSpam setup such as mysql settings. This focuses on how I’ve configured DSpam to interface with postfix. I’ve also not outlined the configuration in postfixes master.cf on the port/code that clients would connect and authenticate on. This would not include the -o content_filter=dspam:dspam filter option.

  1. Compile DSpam with daemon option and other flags which fit your environment. This allows us to pipe email back to postfix using smtp.
  2. Setup the postfix master.cf configuration file to include dspam standard filter, a honeypot, spam and ham dspam entries as well enabling users to forward missed spam back to the system. While were at it we will also include a instance of postfix which will receive the filtered email back from the DSpam agent.

Postfix: master.cf

0.0.0.0:25 inet n - n - - smtpd
-o content_filter=dspam:dspam

<sending client port> inet n - n - - smtpd
-o smtpd_use_tls=yes -o smtpd_sasl_auth_enable=yes

127.0.0.1:<incoming port from dspam> inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

dspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent --user $recipient -i -f $sender -- $recipient

hspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=spam --source=inoculation --user honeypot --deliver=innocent

spam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=spam --source=error --user dspam

notspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=innocent --source=error --user dspam

  1. Now we need to setup postfix to route specific addresses to the spam/notspam and hspam (inoculation) interfaces.

In postfix main.cf

hash:/etc/postfix/transport_maps_spams

In transport_maps_spams

<missed spam addr>@ktechs.net spam:nothing
<missed ham addr>@ktechs.net notspam:nothing
<a honeypot candidates addr>@ktechs.net hspam:nothing

  1. We issue a postmap /etc/postfix/transport_maps_spams to create our postfix hash db file.
  2. Add a setting for the honeypot email address in DSpam (likely by MySQL settings table for DSpam) to optout this user. We do this because the email when we first receive it will be filtered though DSpam then looked up in this transport map which will invoke the hspam hop.
  3. Now we tell DSpam how to deliver back to postfix.

delivery portion of dspam.conf

DeliveryHost 127.0.0.1
DeliveryPort <Your delivery port in master.cf>
DeliveryIdent localhost
DeliveryProto SMTP

Server Software , ,