The Penguinlinux.com Blog

yesterday night I kept noticing that maildrop was giving me some error messages on the server. Saying Maildrop could not open folder.

check the log

Jun 26 07:33:30 Jefferson maildrop[4743]: Unable to open mailbox.
Jun 26 07:33:46 Jefferson maildrop[4790]: Unable to open mailbox.
Jun 26 07:33:46 Jefferson maildrop[4767]: Unable to open mailbox.
Jun 26 07:33:47 Jefferson maildrop[4812]: Unable to open mailbox.
Jun 26 07:33:48 Jefferson maildrop[4815]: Unable to open mailbox.
Jun 26 07:33:50 Jefferson maildrop[4848]: Unable to open mailbox.
Jun 26 07:34:05 Jefferson maildrop[4868]: Unable to open mailbox.
Jun 26 07:34:15 Jefferson maildrop[4896]: Unable to open mailbox.
Jun 26 07:34:19 Jefferson maildrop[4917]: Unable to open mailbox.
Jun 26 07:34:32 Jefferson maildrop[4943]: Unable to open mailbox.

I didn’t know why this was happening. This was going for a long time at the servers at work and then it occurred to me that maybe Maildrop was trying to drop the message into a folder and it could not find it.

Here is how I found out how to fix this

There is a user who gets so much spam and usually the spam is put into a folder called .SPAM.TAGGED , I went into his directory and looked for that folder and I found that he had renamed the folder to .SPAM.MESSSAGES

That was the reason why the server was having problems. What I had to do to fix the problem was to create the folder .SPAM.TAGGED inside his directory
still that did not solve the issue. The folders inside the .SPAM.TAGGED folder
were missing.

So I did cp -ax /home/marco/Maildir/.SPAM.TAGGED/* /home/dtrongs/Maildir/.SPAM.TAGGED/

this copied all my files inside that folder then i did

chown -R dtrongs:users /home/dtrongs/Maildir/.SPAM.TAGGED

then I checked the logs and I saw the message dissapear. Then I went into his .SPAM.TAGGED folder and I saw that all those messages were being copied there.

#######################################

So how do I clean the messages inside the .SPAM.TAGGED folder you may ask. After awhile the .SPAM.TAGGED folder gets full of crap and no one bothers to clean that stuff.

Since I use the Maildir format I wrote a little script that looks like this.

I called it cleanmyspam.sh

#!/bin/bash
find /home/ -path ‘*/.SPAM/new/*’ -mtime +30 -exec rm {} \;
find /home/ -path ‘*/.SPAM/cur/*’ -mtime +30 -exec rm {} \;
find /home/ -path ‘*/.SPAM.TAGGED/new/*’ -mtime +30 -exec rm {} \;
find /home/ -path ‘*/.SPAM.TAGGED/cur/*’ -mtime +30 -exec rm {} \;

then I dumped the message inside the cron.daily folder and every night the script goes inside the .SPAM folder and .SPAM.TAGGED and deletes anything that is older than 30 days.

################################################
Continua”Troubleshooting Email IMAP”

Ok, so I have been getting a little more spam than usual at my tepezcuintle@penguincares.no-ip.org account.

I like spamassassin and I think it has been great filtering garbage from my server.

Still I wanted a way to install more spamassassin roules. There is a place called the rules emporium

http://www.rulesemporium.com/

continue
Continua”Installing RulesduJour on Linux”

Well, so it had to happen again. My spam assassin needed to be updated.

I had just upgraded SpamAssassin and now I have to do it again. This gives me chicken skin since something that works fine should be left alone, but I got a warning on the email that the version that I have can be targetted by hackers and they can bring my server down using sometype of DOS attack.

So I figure that I have to find a solution so here it is for those who want to upgrade their systems.
Continua”Updating spamassassin”

Well, I had to install something to track the performance of the computers at work. Sometimes it will be good to track the performance of the CPU usage, IMAPD usage, httpd and mysql.

I found a link to a program called HotSanic. I found a guide online that showed how to install it. It needs the rrdtool package. I had installed rrdtool for cacti so it was not problem to install HotSanic on my penguincares server. However, on the servers at work I had to install ImageMagick and installing the updated version of rrdtool did not work as expected. I had to install the rrdtool version that I use on penguincares.

After I installed that version and went through the configuration of HotSanic on the servers it worked.

Pay attention to the setup of mod_apps so you can choose which applications you want setup. I also copied the init script to rrdgraph to /etc/init.d/ so I could start it in the future using the init script at boot.

Then after moving the file i typed chkconfig rrdgraph on

I created the index file and followed the rest of the instructions and I had my stats working.

check the url at

http://penguincares.no-ip.org:9090/mynewstats/

below you can find the instructions I found on the net. I am just keeping them here for future reference should I forget how to do this.
Continua”Installing HotSanic”

I had to setup a quick sftp account for a client at work.

An ssh account is needed for someone to be able to sftp into your serve. The problem with that is that they have access to the unix shell and they can run commands, view files and I am sure no one wants a stranger snooping around their system.

I created a semi secure shell that will allow only sftp by editing their /etc/passwd
profile

It would alot easier if you forced the users off of ftp and provided
them sftp only access. To allow them sftp only access you simply need
to replace their shell in /etc/passwd with the path to the sftp daemon.

i.e. testuser:x:1000:99::/home/testuser:/bin/bash would be replaced
with testuser:x:1000:99::/home/testuser:/usr/libexec/openssh/sftp-server

What I did was to user usermod -s /usr/libexec/openssh/sftp-server

and added that to their shell. When I used the account to connect to the server I was not able to have access to bash. This is a little more secure than allowing full access to the shell and sftp.

Still it is not as secure as I wanted, once logged in with an sftp account

they can use a unix system to run

sftp user@hostname.com

once they are logged in they can run commands such as cd , ls , and can have access to files on the network and can get them using get which is not great.

They might be able to get the files but not execute programs or compile anything on the server, yet this is not secure but is a little better than giving someone full shell access. There is a guide on this server about using CHROOT to secure SFTP , I should’ve followed the guide but I had to setup the SFTP server in 5 minutes and that was the best I could do for security.

Well kids, until later.

The Penguin

Many months ago, the organization I work for placed a request with our development department for a secure file transfer system. The file transfer system needed to be far more secure than FTP and more reliable than creating an HTTP uploading system. After a few weeks of research and testing, I suggested that we create an SFTP Server to handle the file uploads.
Continua”How to create SFTP with Chroot”

I was browsing the web today and I found a website that mentioned a free SSL VPN software for Linux. I followed the instructions on their manual and although now difficult to understand the instructions left things on the air.

Here are my instructions that will remind myself on how I installed SSLExplorer on redhat 7.3

SSL Explorer URL
Continua”Setting up a VPN with SSLExplorer”

If you have a very busy server and large username/password lists stored in text files, using the MYSQL relational database can greatly increase your server’s performance and simplify tasks such as adding users and looking up lost passwords.
Continua”Using MYSQL for User Authentication on Apache with MOD_AUTH_MYSQL”

I had a recent problem at work with a laptop running Windows XP home edition. The user would get an error saying

Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

I had never encountered this error mysel but a little googling found a description identical to what the end user was experiencing. What I found out is that the registry got corrupted.

I tried using the last known good configuration and it still failed, then tried to boot into safe mood and still had no luck. I decided to follow the instructions below to fix the computer.

By the way the instructions worked fine and I was able to boot the computer and have access to the system.

Here is the URL
Continua”Windows XP Corrupted Registry Fix”

Tuning Apache and PHP for Speed on Unix Here is my compilation of tips on how to optimise Apache on Linux for PHP and CGI programs. These tips can also apply to Perl and Python. Links will open in a new window.
Also read my essay Optimizing PHP for a more in depth coverage of these issues with case studies.

Original website
Continua”Tuning Apache and PHP for Speed on Unix”