I like to send mail direct from my home network for various reasons, not least being that I used to work on my current ISP’s mail servers and I know that they are in and out of blackholes these days like Hawking radiation. By sending mail directly from my dynamic block, the results are at least somewhat consistent.

Some may suggest changing ISP, but I am happy with every other aspect of their service, and there is no guarantee that any other ISP won’t run in to the same problems at any point in the future. Exim makes it easy for me to maintain a list of domains that do require me to use my ISP’s smart host, and even has the decency to read it dynamically, so it’s little hardship for me to: echo painintheass.net >> /usr/local/etc/exim/smarthost.domains for those domains that do need it.

Occasionally, however, I run into problems whereby the recipient that I am trying to mail won’t accept mail from me or the upstream smart host at the ISP. In the past, that has meant that I’ve been stuffed, which would normally be the would-be recipient’s problem, but every so often I really, really want to send them the message.

This just happened twice in the space of ten minutes, so I worked out how to get exim to relay mail via smtp.gmail.com:

• First, enable POP for your gmail account. You do that in the “Forwarding and POP” section of the settings. Strangely enough.
• Next, add a domain list to your exim configuration:

  domainlist use_gmail_domains = /usr/local/etc/exim/gmail.domains

  This domain list will hold the list of domains to send via gmail, one domain per line. If you don’t have any to add now, create the file empty with touch(1) so that you don’t forget later. Exim won’t complain either way.

• Create an authenticator. Note that although we’re using the plaintext mechanism here, we’ll force TLS in the transport so your details will not get transferred in the clear:

  gmail_login:
    driver = plaintext
    public_name = LOGIN
    client_send = : YourGmailUsername@gmail.com : YourGmailPassword

  Note that in a default exim configuration there are usually no authenticators, so don’t forget the begin authenticators statement if this is your first one.

• Add a router:

  send_via_gmail:
    driver = manualroute
    domains = +use_gmail_domains
    transport = gmail_smtp
    route_list = "* smtp.gmail.com byname"

• Add a transport, forcing it to use AUTH and TLS:

  gmail_smtp:
    driver = smtp
    hosts = smtp.gmail.com
    hosts_require_auth = smtp.gmail.com
    hosts_require_tls = smtp.gmail.com

That’s all it requires. You may now need to lock down the permissions on your configuration file to stop anyone reading your username and password from it. Advanced exim users can work out how to put this information in a separate file easily enough.

Posted by Alex | No Comments »

Due to the way Innodb tables are structured, you cannot perform a hotback up of this database without using third party tools. Therefore you must take your database offline for a small period of time while you take the backup.

Backing up MySQL

MySQL backups are performed using the common mysqldump tool. This is a command line utility that ships with MySQL and you use at as follows:

% mysqldump --user=user --password=pass --opt DBNAME > dumpfile.sql

You may also need to specify the --host= parameter to force the hostname you are connecting to. This depends largely on how you’ve setup your user security. This will produce a text file with a series of INSERT/DROP/CREATE SQL statements that will recreate the database.

(more…)

Posted by Alex | 1 Comment »

All UNIX shells cache the command paths based on the contents of PATH enviromental variable. This can cause a problem if a cached path no longer exists. For example, you have a command “foo” installed in /usr/bin and /usr/local/bin. Your PATH variable is set to “/usr/local/bin:/usr/bin“.

When you run “foo“, it is searched under each directory listed in PATH and the results are cached. In this case, the path “/usr/local/bin/foo” will be cached for “foo“.

Now suppose you delete the command file “/usr/local/bin/foo“. You still have another copy in “/usr/bin/foo“. However, the next time you type “foo“, the shell will return an error such as this:

 -bash: /usr/local/bin/foo: No such file or directory

To clear the cached path of foo command, you can run

 $ PATH=$PATH

This basically resets the PATH variable, thereby clearing the cache. * For bash shell, you might be able to do the same thing using

 $ hash -r

Although, the previous method should also work for bash.

Posted by Alex | 3 Comments »

In Linux:

The linux fuser command has a special option for port conflicts.

Use fuser -n tcp <port id> for tcp ports to see which process is using the port.

For example to see which application is already using port 80 use:

$ fuser -n tcp 80

The netstat command can also be used to determine what process is using a port.

Use netstat -nlp and you should see PID and names of programs along with the port they are using (note you can only see the PID of process you own, unless running as root)

$ netstat --nlp

In Windows:

On Windows 2003 the options are as follows: netstat -a -b -o -n

• -a: gets listening processes (similar to -l on linux)
• -b: displays the executable name that started using the port (similar to -p on linux)
• -o: displays the process id (PID) that owns the connection
• -n: (optional) gives the addresses numerically (same as -n on linux)

Posted by Alex | No Comments »

SECURING CPANEL – WHM – AND ROOT on a VPS

This will help but as mentioned in previous posts, with a VPS you do not have access to your kernal. That is good in some ways, because if you don’t have access to it, neither to hackers or spammers (which limits what they can do). Its bad in ways, because you lose control and if you secure your box as much as possible, you are still at risk because you cannot control your kernal.

(more…)

Posted by Alex | 1 Comment »