Category Archives: Technical Tidbits

Clean up /tmp

Recently I noticed that there’s a lot of temporary files in the /tmp directory on my mail server … all the files have spamassassin in the file name. I figured that in some cases, SpamAssassin (or programs it calls) isn’t cleaning up properly.

I whipped up this script that will clean up any spamassassin files & directories that are older than a set number of minutes (60 in my case)…

#!/bin/sh

AGE=60

if [ "$1" == "--test" ]
then
        CMD="-exec echo"
        echo "$0: test mode"
else
        CMD="-exec"
fi

/usr/bin/find /tmp \
        -mmin +$AGE \
        -name spamassassin.ocr* \
        $CMD /bin/rm -f '{}' \;

/usr/bin/find /tmp \
        -maxdepth 1 \
        -mmin +$AGE \
        -type d \
        -name .spamassassin\* \
        $CMD /bin/rm -rf '{}' \;

If you run the script with a parameter of ‘–test’, it will just show the commands it would have executed.

I put the script in /etc/cron.hourly directory so it gets executed every hour.

Related posts ...
Fair warning: This post is pretty darn technical and is of little interest to people
I put together a new SpamAssassin rule that will help identify spam from spoofed email
Running SpamAssassin after a Fedora Core 6 update results in "Use of uninitialized value in
A while ago I added a new anti-spam technique to my mail server setup called

Thunderbird message list out of sync

Sometimes I find that the message list in Thunderbird gets out of sync with the message bodies. When this happens, if I click on a message in the list, the message body that is brought up doesn’t match the subject.

I found a easy solution … just shut down Thunderbird, delete the corresponding .msf file from the accounts data directory, and start Thunderbird back up. Thunderbird will rebuild the .msf file and everything should be fine again.

To find accounts data directory, click on the “Server Settings” category of the effected account and look at the “Local directory” field.

[tags]thunderbird, mozilla, email[/tags]

Related posts ...
This post is as much to help me remember as it is to help other
As part of my migration to the cloud, I terminated the Comcast Business internet service
If you're like me, you probably install & uninstall software on your system on a
This video was found on YouTube by someone who subscribes to my CPF0000 mailing list.

mod_auth_pam and flatfile

The other day I found myself needing to restrict access to a web site to only users who had logins to a system … while also allowing other users, who didn’t have logins, to access.

mod_auth_pam was the solution for the users with a login … and standard ‘htpasswd’ access was the answer for the other users … but getting the two to work together was causing problems.

A bit of Googling turned up this technique that solves the problem quite nicely.

AuthPAM_Enabled on
AuthPAM_FallThrough on
AuthAuthoritative Off
AuthUserFile /path/to/htpassword
AuthType Basic
AuthName "Secure"
Require valid-user

[tags]apache, authentication, htaccess[/tags]

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had

Say NO to Backup MX’s

Word of advice … with a few exceptions, there is absolutely no need for most organizations to implement backup MX’s. In fact, if they are not setup and managed very carefully, they can cause significant harm to an organization.

In the past week I’ve had two people on my mailing lists get their subscriptions suspended because their companies backup MX’s were not configured properly.

For those who don’t know, a “Backup MX” is a mail server that can accept mail delivery if the primary mail server is not available. A domain’s DNS records have “MX” records that list the mail servers in order of priority. Sending mail servers will try to connect to the first receiving mail server on the MX list, if that connection fails, it will try the next, etc.

Why are they not needed and, more importantly, why can they cause harm?

  1. Not needed
    1. Most sending mail server will try to deliver mail for a few days (generally around 5). Even if your mail server is down for a whole weekend, the sending server will continue delivery attempts.
    2. Unless your organization is expecting a massive amount of email (and I’m talking about thousands of mail deliveries per second, the kind a major national ISP might get), most mail servers are more than capable of handling the load … and the extra work involved in maintaining the additional servers probably isn’t worth it.
  2. Why harmful
    1. If not configured properly, mail delivered to the backup MX might not be accepted … thus causing non-delivery errors. This is what happened to the subscribers to my lists. Their primary MX was accepting mail, but the backup MX wasn’t. The rejection messages were being processed by the list software and their subscriptions were suspended
    2. Backup MX’s are often not as spam & virus resistant as primary MX’s. For this reason, spammers and virus writers often target backup MX’s instead of primary MX’s.

In the end … backup MX’s do have their uses … but only if implemented where absolutely needed and managed very carefully.

Oh, and by the way, if you are having problems sending mail from a different system than your primary mail server … it’s not because you need a backup MX. It’s probably because the other system needs to have a reverse IP name setup in DNS. Many mail servers are configured to reject mail sent from systems that do not have reverse IP dns entries setup.

[tags]SMTP, mail, email, Mail Servers, MX records, DNS[/tags]

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had

Disable IPV6

You can disable the ipv6 module by adding or changing /etc/modprobe.conf:

alias net-pf-10 off

After a reboot it should be gone.

Note: I only know that this works with Fedora Core 2 and higher.

[tags]Linux, IPV6, networking[/tags]

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had

Generic Listname Identification

As you might suspect, I’m subscribed to a large number of mailing lists (most of which I host myself).

One of the problems with mailing lists is that, if you use a singe email address for all your list subscriptions, there isn’t an easy way to file individual list messages based on the list name.

The other day, however, I found a rather handy procmail recipe that helps with that work…
Continue reading

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had

RSS from MHonArc

Recently a number of people have been asking me for the MRC file I use to generate the RSS feeds on the midrange.com mailing list archives … so, here it is.

[tags]rss, mhonarc[/tags]

Continue reading

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had

Wrap JLabel Text

It took a bit of experimentation, but I think this routine could be used to allow a Java JLabel component to contained wrapped text.

This routine depends on the ability for JLabel text to contain HTML.

Basically it iterates through each word in the JLabel text, appends the word to a ‘trial’ string buffer, and determines if the trial string is larger than the JLabel’s container. If the trial string is larger, then it inserts a html break in the text, resets the trial string buffer, and moves on to the next word.

private void wrapLabelText(JLabel label, String text) {
	FontMetrics fm = label.getFontMetrics(label.getFont());
	Container container = label.getParent();
	int containerWidth = container.getWidth();

	BreakIterator boundary = BreakIterator.getWordInstance();
	boundary.setText(text);

	StringBuffer trial = new StringBuffer();
	StringBuffer real = new StringBuffer("<html>");

	int start = boundary.first();
	for (int end = boundary.next(); end != BreakIterator.DONE;
		start = end, end = boundary.next()) {
		String word = text.substring(start,end);
		trial.append(word);
		int trialWidth = SwingUtilities.computeStringWidth(fm,
			trial.toString());
		if (trialWidth > containerWidth) {
			trial = new StringBuffer(word);
			real.append("<br>");
		}
		real.append(word);
	}

	real.append("</html>");

	label.setText(real.toString());
}
Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had

Correctly numbered outlines

For the longest time I was looking for a way to make nested ordered lists in HTML show up correctly.

Usually, when you do an ordered list, you get something like this …

  1. Item 1
    1. Item 1.1
    2. Item 1.2
      1. Item 1.2.1
      2. Item 1.2.2

… which really annoyed me, because you couldn’t have meaningful identifiers on the nested lists.

A few days ago I found a bit of CSS that would correct this…

<style>
<!--
OL        { list-style-type: decimal  }  /* 1 2 3 4 5 etc. */
OL OL     { list-style-type: lower-alpha}      /* a b c d e etc. */
OL OL OL  { list-style-type: lower-roman }  /* i ii iii iv v etc. */-->
-->
</style>

Now the same list will show up with the first level list using numbers, the 2nd level list using lowercase alpha, and the 3rd level lower case roman numbers.

Something like this…

  1. Item 1
    1. Item 1.1
    2. Item 1.2
      1. Item 1.2.1
      2. Item 1.2.2

Which is pretty cool, imho.

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had

SecureCRT and OpenSSH

I use Vandyke’s SecureCRT to access my linux machines. Due to the recent increase in the number of attempts to break-in to my systems via SSH, I decided it was high time I switched to using public/private key authentication instead of simply password.

I had devil of time figuring out how to get the public key generated by SecureCRT into OpenSSH’s authorized_keys2 file.

After digging through the SecureCRT help file for a bit I finally found the command (it was pretty obvious, had I read further).

cd .ssh
ssh-keygen -X -f Identity.pub >> authorized_keys2

Now I just have to figure out a way to keep my public keys with me whenever I might have need to access my systems without a system I work on normally.

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
We all agree that email is crucial to modern life. But what email should you
As part of my migration to the cloud, I terminated the Comcast Business internet service
With my recent migration of servers from my basement to Amazon cloud servers, I had