Tips and Tricks about Servers and Applications

OpenDKIM : Configuring DKIM keys on Postfix

lijum — Fri, 17 Feb 2012 19:22:59 +0000

This is a email technology which signs each of your emails send through your SMTP. This signing process would help to identify genuinity of your emails since it was easy to verify by your receiver SMTP to have a valid DKIM check before classifying your mail either spam,phishing or impersonated one etc.

How DKIM key works

You SMTP server will attach a special header each of your email which is encrypted by a private key stored on the server and send it along with email. Once the email is reached at the other trusted/secured smtp server, they will

a. Identify the signing in the mail header.
b. Reading the domain key, domain name mentioned in the mail header

ie (DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.com;s=default; t=1329441832;) You will see the above entry in original source of DKIM singed emails.

c. Then the receiver SMTP server looking for the DNS entry associated with the signed email ( here mydomain.com)
d. Once the nslookup can found the DNS txt entry ( here default, ie default._domainkey ), they fetch the public key which can able to decrypt the keys in email header.

ie Those emails are correctly originated from the actual sender. So it’s a trusted mail and all of your domains emails get’s white listed in other’s third party SMTP servers and hence drop it in your INBOX finally

How do I install openDKIM

stevejenkins.com website has an excellent tutorials and I adopted his guild lines. But got stuck at few attempts initially and has got it worked at the end.

Here we go,

1. Install openDKIM rpm package from EPEL repositories (http://fedoraproject.org/wiki/EPEL).

choose the correct build for your OS architecture.

#wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
# rpm -ivh epel-release-5-4.noarch.rpm
#yum clean all
#yum install opendkim

2. Generate Singing Keys
create a folder storing keys for my domain

#mkdir /etc/opendkim/keys/mydomain.com
#/usr/bin/opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default

Above command wil create two files under our domain folder as default.private and default.txt

Renaming default.private to default,

#chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com
#mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default

3. Configuration files of OpenDKIM

1. /etc/opendkim.conf – OpenDKIM’s main configuration file
2. /etc/opendkim/KeyTable – a list of keys available for signing
3. /etc/opendkim/SigningTable – a list of domains and accounts allowed to sign
4. /etc/init.d/opendkim — Service start up file.

4. Update the etc/opendkim.conf file
Now you need to edit the main config. file (etc/opendkim.conf) and update/un comment the few lines.

my file should look like this. You may need to edit the “KeyFile” to set correct path

PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002
Canonicalization relaxed/simple
Selector default
KeyFile /etc/opendkim/keys/mydomain.com/default
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable

5. update the /etc/opendkim/KeyTable file

You may need to add you domain key name and private key file path of the domain in this file. My file looks like as shown below,

-sh-3.2# cat /etc/opendkim/KeyTable
# To use this file, uncomment the #KeyTable option in /etc/opendkim.conf,
# then uncomment the following line and replace example.com with your domain
# name, then restart OpenDKIM. Additional keys may be added on separate lines.
#default._domainkey.example.com example.com:default:/etc/opendkim/keys/default.private
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/nanowebtech.com/default
-sh-3.2#

you may use the same private key for multiple domain. It’s just like a domain- key mapping.

default._domainkey.mydomain1.com mydomain1.com:default:/etc/opendkim/keys/mydomain.com/default
default._domainkey.mydomain2.com mydomain2.com:default:/etc/opendkim/keys/mydomain.com/default

6. Update /etc/opendkim/SigningTable
This file is actually mapping domain names to a key file. On my setup my server is hosting 4 email domains and I want to use same signing certificate for all domains. File entry should look like this,

#cat /etc/opendkim/SigningTable
domain1.com default._domainkey.mydomain.com
domain3.com default._domainkey.mydomain.com
domain2.com default._domainkey.mydomain.com

Pls not I uses same domain key for all other domain. So that you will get an entry in email source “signed by mydomain.com”

See the mail below,

7.Check the ” /etc/opendkim/TrustedHosts” has loopback IP

-sh-3.2# cat /etc/opendkim/TrustedHosts
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should be the first entry in this file.
127.0.0.1
localhost

8. Edit postfix main configuration file
You need to open the postfix config file (/etc/postfix/main.cf) and add the following lines at the bottom of the file.

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

9. Restart the opendkim and postfix service.

-sh-3.2# service opendkim restart
Stopping OpenDKIM Milter: [ OK ]
Starting OpenDKIM Milter: [ OK ]
-sh-3.2# service postfix restart
stopping the Postfix mail system [ OK ]
starting the Postfix mail system [ OK ]
#chkconfig postfix on

Ensure that OpenDKIM logs has written on mail log file. This is the only file where you ca see any issue with the opendkim errors.

# tail -f /var/log/maillog
Feb 17 13:39:47 host opendkim[970]: OpenDKIM Filter v2.4.2 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)

10. Update the DNS records

This is the final part. You need to add a text entry “default._domainkey”. You will get the text value from the file “/etc/opendkim/keys/mydomain.com/default.txt”

-sh-3.2# cat /etc/opendkim/keys/mydomain.com/default.txt
default._domainkey IN TXT "v=DKIM1; r=postmaster; g=*; k=rsa; p=MIGfMA0GCSqGSIb3 EBAQUAA4GNADWw1fqTtobJHsQsJ/49XRJ7eK49MUAkhLB9zcwusSfvrWutvqWT4iWM979 YOAt/d4ZVtFn7Dio6rUiLp103TfJh3g0694jJAOQU0sb4VM/NHgCIknQ/cvLG/snGL/aI7YIkSH1bI0YTYayewIDAQAB" ; ----- DKIM default for mydomain.com

Copy all the value in between double quotes (starts from after TXT”). My Godaddy domain manager look likes as below after adding,

You should also add another TXT Record to your zone file
_adsp._domainkey.mydomain.com IN TXT “dkim=unknown”

There is not standardization to use the name “default” domain key. We can change it whatever we wish to use.
Don’t forget to add SPF record for your domain

imp : Don’t forget to set SPF record that may boost the email delivery.

Verifying whether Postfix sending signed emails,

I uses a test mail send from command line.

#echo " This is a test mail " | mail -s "OpenDKIM test mail" liju@serveridol.com

If everything goes well you see a messages “DKIM-Singnature header added” in mail log.

#tail -f /var/log/messages
Feb 17 14:12:52 host postfix/pickup[32549]: A5B56F717AC: uid=0 from=
Feb 17 14:12:52 host postfix/cleanup[4092]: A5B56F717AC: message-id=<20120217191252.A5B56F717AC@mail.mydomain.com>
Feb 17 14:12:52 host opendkim[970]: A5B56F717AC: DKIM-Signature header added (s=default, d=mydomain.com)

It’s shows you have a trusted smtp server in place which may helpful to send bulk mails ..

For better trouble shooting restart opendkim service first then postfix and also check the mail server log to get detailed report.

CodeIgniter – No input file specified error

lijum — Wed, 15 Feb 2012 14:26:14 +0000

Sometimes you may get this error when you switch the web server API module to CGI/FastCGI. I got this error during the site migration time.

Quick fix for this error is, add a “?” append to index.php which written in .htaccess file.

The new .htaccess file part will looks like,

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

A simple fix

How do I install SSL on Glassfish server

lijum — Sun, 12 Feb 2012 18:22:32 +0000

The following steps will help you to install SSL certificate on Glassfish web server which is a free community edition web sever from Sun Microsystems.

a. Generating private key using keytool

This step will create a private key pair stored in a file named “keystore.jks” encrypted using a password. Private key associate with certain information about the ssl issued for.

#keytool -keysize 2048 -genkey -alias s1as -keyalg RSA -dname "CN=*.mydomain.com,O=Myorganization,L=city,S=state,C=country" -keypass changeit -storepass changeit -keystore keystore.jks

NB : Do not change the keystore passoword to anything other than “changeit”. Glassfish sever won’t take it if it changed.

-dname : Is the collection of data required to fill out.
CN : Obeviously it should be “www.mydomain.com” Here I uses a wild card ssl certiificate which require a prefix “*.” infont of domain name.
O: You company name
L : locality
S : State
C: Country
keypass: password to de-crypt the private key file
storepass : This password requires to make any operations inside the key stored in the private key files
keystore : Path of keystore file to be saved.

You may verify the private key contents

#keytool -list -v -alias s1as -keystore keystore.jks

[root@ ssl]# keytool -list -v -alias s1as -keystore keystore.jks -storepass changeit
Alias name: s1as
Creation date: Feb 12, 2012
Entry type: keyEntry
Certificate chain length: 4
Certificate[1]:
Owner: CN=*.mydomain.com, OU=Domain Control Validated, O=*.mydomain.com
Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Serial number: 4b7ced4e2689be
Valid from: Sun Feb 12 03:24:00 EST 2012 until: Tue Mar 03 01:58:49 EST 2015
Certificate fingerprints:
MD5: A1:78:A0:17:E8:89:2E:3E:81:3A:25:EE
SHA1: B0:65:99:15:53:4A:D0:49:D4:F2:6B:93:D4:E3:DC:75:CA
Certificate[2]:
Owner: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Serial number: 301

Now we have a private key and next we need to generate CSR (Certificate Signing Request) to be send to CA authority.

Here is the step to create CSR

#keytool -certreq -alias s1as -keystore keystore.jks -storepass changeit -keypass changeit -file mydomain.com.csr

Now you have a new file “mydomain.com.csr and open it in vi, copy and paste it in to Godaddy CSR fill out form. You will get new SSL issued once after the domain owner verification process has completed.

Then download the SSL certificate for Tomcat web server from the Godaddy cert download manager.

Download and extract it the same folder where CSR generated. My file structure is as shown below.

[root@fc-web01LA ssl]# ls -lt
total 72
-rw-r--r-- 1 root root 8640 Feb 12 03:36 keystore.jks
-rw-r--r-- 1 root root 1935 Feb 12 03:30 mydomain.com.crt
-rw-r--r-- 1 root root 4604 Feb 12 03:30 gd_bundle.crt
-rw-r--r-- 1 root root 1789 Feb 12 03:30 gd_cross_intermediate.crt
-rw-r--r-- 1 root root 1749 Feb 12 03:30 gd_intermediate.crt
drwxr-xr-x 2 root root 4096 Feb 12 03:27 mydomain.com
-rw-r--r-- 1 root root 1011 Feb 12 03:21 mydomain.com.csr
[root@fc-web01LA ssl]#

Now you have all files to install the SSL. I would recommend to copy your private key jks file before importing certificate in to it.

#cp keystore.jks keystore.jks_backup

First you need to download “valicert_class2″ root certificate from Godaddy repository

https://certs.godaddy.com/repository/

a. Import the root certificate into the glassfish key

#keytool -import -alias root -keystore keystore.jks -trustcacerts -file valicert_class2_root.crt

If you getting error messages something say like ” certificate is already exists in system wide CA” then you do not need to install this.

b. Installing secondary CA certificates

#keytool -import -alias cross -keystore keystore.jks -trustcacerts -file gd_cross_intermediate.crt
keytool -import -alias intermed -keystore keystore.jks -trustcacerts -file gd_intermediate.crt

C. Installing domain certificate to keystore.

Pls note that server certificate could be installed only after the support ssl installed to the keystore file.

keytool -import -alias s1as -keystore keystore.jks -trustcacerts -file mydomain.com.crt

NB: keep the same alias s1as to install SSL since it is hard coded glassfish in domain.xml file. It can be changed anyway if you wish to make another.

How do I view all the certificate imported to the keystore

#[root@fc-web01LA ssl]# keytool -list -v -keystore keystore.jks -storepass changeit

Check that domain certificate entry type is set as “keyEntry” on the above screen.

Exporting private key from a keystore file

I have a need of installing this SSL on Apache server as well. So I need to get back the private key from the keystore file. I found there is a third party site provides a tool to felicitate this requirement.

Download that tool from here http://coreygilmore.com/uploads/2009/06/exportprivatekey.zip

Generate the private key from keystore

java -jar exportprivatekey.zip keystore.jks JKS changeit s1as mydomain.com.key

Wallah !! now you have all the files required for Basic SSL install.

Copy this keystore.jks file under your “config” inside the respective domains.Then restart the glassfish.

Mysqlcheck : Quick guide to Sys-admins

lijum — Fri, 03 Feb 2012 19:17:58 +0000

mysqldump: Error 1194: Table ” is marked as crashed and should be repaired when dumping table `db_table` at row :

Most of us are getting this type of errors when we used “MyISM” storage engine for huge tables. Inodb tables also were affect sometimes. We can skip this errors, if we have uses high I/O operation supported drives like RAID 10. Most of the disk related/write related issues can be solved by empowering more stable drive mechanism.

Solution :

Use “repair table table name ;” This will repair the table automatically.

a. How to find corrupted tables for a database
# mysqlcheck -uroot -p –databases database name

[root@u15382543 ~]# mysqlcheck --databases adserver;
adserver.jos_ad_agency_advertis OK
adserver.jos_ad_agency_banners OK
adserver.jos_ad_agency_campaign OK
adserver.jos_ad_agency_campaign_banner OK
adserver.jos_ad_agency_channel_set OK

b. Checking whole the database for any damage/corruption
#mysqlcheck –all-databases

c. Analyzing and repairing corrupted database/s Recommended

[root@u15382543 ~]# mysqlcheck --auto-repair --check --optimize --all-databases --extended

For a particular table,

# mysqlcheck –auto-repair –check –optimize database name table name

[root@rc-025 vmachines-img]# mysqlcheck --auto-repair --check --optimize wetcenter jos_menu
wetcenter.jos_menu OK

If you want to see the verbose
#mysqlcheck -uroot -p –databases database_name –tables table_name –extended –verbose

[root@rc-025 vmachines-img]# mysqlcheck --databases wetcenter --tables jos_messages --auto-repair --check --optimize --extended --verbose
# Connecting to localhost...
wetcenter.jos_messages OK
# Disconnecting from localhost...

5. Repairing MyISM tables in offline mode for huge GB tables

myisamchk –key_buffer_size=512M –sort_buffer_size=512M –read_buffer_size=8M –write_buffer_size=8M path/to/table/file/.MYI

-read_buffer_size/–write_buffer_size : Used to read and write data from the table and to the temporary file.
–sort_buffer_size : When the keys are repaired by sorting keys and this option would useful when you use “–recover”
–key_buffer_size : When you check the table with –extend-check option.

[root@u15382543 ~]# myisamchk --key_buffer_size=512M --sort_buffer_size=512M --read_buffer_size=256M --write_buffer_size=256M /var/lib/mysql/lists/phplist_usermessage.MYI
Checking MyISAM file: /var/lib/mysql/lists/phplist_usermessage.MYI
Data records: 1872964 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
- check data record references index: 3
- check data record references index: 4
- check record links
[root@u15382543 ~]#

6. How to optimize tables

to all databases
# mysqlcheck -o –all-databases;

For a particular table

mysqlcheck -o database_name table-name

[root@rc-025/]# mysqlcheck -o selfcare customers
selfcare.customers OK

7. How to check all the maintenance operations at a time

#mysqlcheck -uroot -p --auto-repair -c -o --all-databases

Useful params in mysqlcheck

1. -r : Repair the table
2. -o : optimize the table
3. –auto-repair : Repair the table automatically
4. -c : Check table errors
5. -C : Check only the table changed since from the last check.
6. –fix-db-names/–fix-table-names : Check database name/table name if corrupted.
7. -e : Extended operations even check or repairing.
8. -q : Quick checking
9. -o : optimize the table
10. -B : This option keeping a a file copy before repairing it.

Sometime you got the following errors when try to repair a myISAM table where index file is missing. So you need to use the extra parms “USE_FRM” to solve this.

ERROR : Can’t find file: ‘table’ (errno: 2) Corrupt

Java virtual hosting with multiple FTP users

lijum — Thu, 19 Jan 2012 18:56:51 +0000

As we all are familiar with virtual hosting in Apache and we can isolate each users to publish their sites to a folder under thier home directory. So there is no any issue with operating the files copied on the hosting root.

Earlier I had started tomcat from the root account and created Virtual hosting in tomcat and isolate the hosting root according to the users. The issue I had faced is none of the FTP users to modify/delete the files in their hosting root since all the files are owned by the root account because of root user is operating tomcat service.

So I have to gave ssh access to the server and gave sudo command to deploy users newly uploaded files. So it’s a security threat to allow users to have ssh access and permit to operate sudo commands.

After few R&D I decided to run the tomcat service from a normal user who does not have shell access

Solution :

1. create new user and group for tomcat user

#group add tomcat
#useradd -g tomcat tomcat

2. Permitting tomcat users to access the Tomcat installation files

# chown -R tomcat.tomcat /usr/local/apache-tomcat-6.0.29/

3. Start the tomcat daemon within the user account.

[root@rc-040 public_html]# su - tomcat
[tomcat@rc-040 ~]$ cd /usr/local/apache-tomcat-6.0.29/bin/
[tomcat@rc-040 bin]$ sh startup.sh
Using CATALINA_BASE: /usr/local/apache-tomcat-6.0.29
Using CATALINA_HOME: /usr/local/apache-tomcat-6.0.29
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-6.0.29/temp
Using JRE_HOME: /usr/java/jdk1.6.0_14
Using CLASSPATH: /usr/local/apache-tomcat-6.0.29/bin/bootstrap.jar
[tomcat@rc-040 bin]$ netstat -nlp | grep "java"
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 :::8080 :::* LISTEN 1837/java
[tomcat@rc-040 bin]$

You almost done !!!

Creating FTP users and Virtual hosting

a. An example of Virtualhost entry is showing below,

[root@rc-040 public_html]# vi /usr/local/apache-tomcat-6.0.29/conf/server.xml

b. FTP user creation
1. create new user and set their primary group as tomcat.

#useradd -g tomcat ftpuser1
[root@rc-040 public_html]# chown -R ftpuser.tomcat /home/ftpuser/public_html

Setting sticky bit on the web directory where both users would have the same access

[root@rc-040 public_html]# chmod -R 2777 /home/ftpuser/public_html

That’s it !!!!! Everything set..

Now upload your war file named as “ROOT.war” under the public_html folder and see the application running … There is not need to restart the tomcat to deploy new application, Just like we do with Apache

You will get the sample war file from here “http://tomcat.apache.org/tomcat-5.5-doc/appdev/sample/sample.war” for the initial testing.

Here are the some useful file locations/path if you plan to run the Tomcat as a backend server over the AJP connector in Apache ( Recommended by me )

1. /etc/httpd/modules/mod_jk.so
2. /etc/httpd/conf.d/jk.conf
3. /etc/httpd/conf.d/workers.properties
4. /etc/httpd/conf.d/javasite1.conf

[root@rc-040 public_html]# ls /etc/httpd/modules/mod_jk.so
/etc/httpd/modules/mod_jk.so
[root@rc-040 public_html]# cat /etc/httpd/conf.d/jk.conf
LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
JkWorkersFile /etc/httpd/conf.d/workers.properties
JkShmFile /var/log/httpd/mod_jk.shm
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
[root@rc-040 public_html]# cat /etc/httpd/conf.d/workers.properties
# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
[root@rc-040 public_html]#

A sample Apache virtualhost entry

[root@rc-040 public_html]# cat /etc/httpd/conf.d/javasite1.conf

ServerName mydomain.com
ServerAlias wwww.mydomain.com
DocumentRoot /home/ftpuser/public_html
DirectoryIndex index.html dplpool/
Alias / /home/ftpuser/public_html
ErrorLog logs/selfcare-javahost.log
JkMount /*.jsp worker1
#JkMount / worker1
JkMount /* worker1

Glasshfish error : EMBEDDED Broker start failure:code

lijum — Mon, 02 Jan 2012 16:25:56 +0000

You may got the following errors when you start the glasshfish server where files are copied it from some other servers. The error exact look likes as follows.

Solution

Just delete the “lock” file from the glassfish directory. The location of this file is “imq/instances/imqbroker/lock” under glassfish.

[root@fc-web04 domain1]# rm imq/instances/imqbroker/lock
rm: remove regular file `imq/instances/imqbroker/lock'? y
[root@fc-web04 domain1]# /var/glassfish/bin/asadmin start-domain domain1

Then try to restart the web server.

[root@domain1]# /var/glassfish/bin/asadmin start-domain domain1
Starting Domain domain1, please wait.
Log redirected to /var/glassfish/domains/domain1/logs/server.log.
Redirecting output to /var/glassfish/domains/domain1/logs/server.log
Killed
[root@ domain1]# /var/glassfish/bin/asadmin start-domain domain1
Starting Domain domain1, please wait.
Log redirected to /var/glassfish/domains/domain1/logs/server.log.
Redirecting output to /var/glassfish/domains/domain1/logs/server.log
Domain domain1 is ready to receive client requests. Additional services are being started in background.
Domain [domain1] is running [Sun Java System Application Server 9.1_01 (build b09d-fcs)] with its configuration and logs at: [/var/glassfish/domains].
Admin Console is available at [http://localhost:4848].
Use the same port [4848] for "asadmin" commands.
User web applications are available at these URLs:
[https://localhost:80 https://localhost:443 ].
Following web-contexts are available:
[/web1 /__wstx-services myapp ].
Standard JMX Clients (like JConsole) can connect to JMXServiceURL:
[service:jmx:rmi:///jndi/rmi://web:8686/jmxrmi] for domain management purposes.
Domain listens on at least following ports for connections:
[80 443 4848 3700 3820 3920 8686 ].
Domain does not support application server clusters and other standalone instances.

Automating sFTP download and email alert upon file changes

lijum — Mon, 26 Dec 2011 01:03:04 +0000

Here I got a requirement to automate the download which using sftp account with custom ports. This account doesn’t not have any ssh access enabled.

This script can have the following features,

1. Synchronize the remote sftp location to local path
2. Can configure sftp custom port
3. An email alert will send to the specified users when a new file placed in the ftp location.

#!/bin/bash
lftp -e "mirror --delete --only-newer --verbose /FROM/ /var/RKFeeds/;quit" -u username,mypass sftp://secureftp.domain.com:10022

cat /dev/null > /tmp/maildata.log
MAIL_BODY=/tmp/maildata.log
FILES=/var/RKFeeds/FROM/*
for f in $FILES
do

### Searching new file presence
if grep -Fxq "$f" file_list.log
then
touch /tmp/asd.log
else
echo "New file" $f " has arrived " >> $MAIL_BODY
fi
done

## Rebuilding file list
FILES=/var/RKFeeds/FROM/*
cat /dev/null > file_list.log
for f in $FILES
do
# take action on each file. $f store current file name
echo $f >> file_list.log
done

##### sending mail if mail data file having content
if [[ -s $MAIL_BODY ]] ; then
echo "$MAIL_BODY has data.and mail sending"
sendEmail -f bkp-admins@mydomain.com -t user2@mydomain.com,lijumathewliju@gmail.com -cc support@mydomain.com, user@mydomain.com -u "New Feeds has arrived on" $(date +%d-%m-%Y) -l /var/log/sendEmail -o message-content-type=auto message-file=$MAIL_BODY -s smtpout.mydomain.net:25 -xu info@mydomain.com -xp mysmtppass
else
touch /tmp/asd.log
fi ;

Pls note that the location “/var/RKFeeds/FROM” is the local path where lftp sync the remote folder ” FROM” folder.
sendEmail : Is another smtp email sending program that help you to send email from the command line which using smtp account. So that these emails are not been marked as spam anywhere.

Mysql on Windows : Can’t get hostname for your address

lijum — Mon, 05 Dec 2011 14:58:59 +0000

I’m getting this error message while I’m accessing remote mysql database which was running on WAMP.

Simple fix is to add “skip-name-resolve” in my.cnf file which will be shown in MySQL installation directory.

Since the MySQL server is using WAMP environment, You need to put the same line inside [wampmysqld].

The my.cnf file location will be the “C:\wamp\bin\mysql\mysql5.5.8\my.cnf”

Eg:

[wampmysqld]
port = 3306
socket = /tmp/mysql.sock
key_buffer = 16M
max_allowed_packet = 1M
table_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
basedir=c:/wamp/bin/mysql/mysql5.5.8
log-error=c:/wamp/logs/mysql.log
datadir=c:/wamp/bin/mysql/mysql5.5.8/data
skip-name-resolve

IIS: Renewing SSL certificate from .crt and private key file

lijum — Fri, 25 Nov 2011 14:57:02 +0000

One of the client migrated a domain to Windows server to Linux which was using a Godaddy UCC certificate.This certificate expired and i have renewed the SSL as most the other domains listed in it hosting on Linux server without using new CSR request. I have download the certificate suitable for IIS from Godaddy account. The download containing “gd_iis_intermediates.p7b” Godaddy intermediate certificate suit for IIS and a “domain.cert” file.

I read the Godaddy support documentation and did everything as it is described. Also getting same error “CertEnroll::CX509Enrollment::p_Install Response: ASN1 bad tag value met. 0x8009310b (ASN: 267)” So that I can’t install the certificate over the IIS MMC console. It’s still showing older expiry date.

See the pasted image here

Then I confirmed that it was not something related to IIS but with the certificate format which Godaddy had provided.After few hours of Googling, it’s found that we can create .pfx file by converting existing certificate provided by the Godaddy. Openssl have very good tool for doing that.

a. How convert a PEM certificate file and a private key to PKCS#12, Format of IIS .pfx
Download both Cert (mydomain.crt) file, CA bundle file (gd_iis_intermediates.p7b) and private key in a linux box. Then execute it from the terminal.

#openssl pkcs12 -export -out mydomain.pfx -inkey privateKey.key -in mydomain.crt -certfile gd_iis_intermediates.p7b

This will generate the a new file (mydomain.pfx) on the same location which could be understandable to IIS. Now you need it to copy to the IIS server and choose the import option

Choose the import certificate option

Browse the .pfx SSL renewal certificate

Bind the new certificate with respective website

Exim :- Useful administrative commands

lijum — Mon, 21 Nov 2011 17:43:26 +0000

Most of the Whm/Cpanel based servers are using exim as MTA which has flexible spam filter and support virtual domain and users.

1. Print a count of the messages in the queue:
#exim -bpc

root@web-012 [~]# exim -bpc
1

2. Print a listing of the messages in the queue
#exim -bp

root@web-012 [~]# exim -bp
carlineshirly@power.alstom.com
9h 2.0K 1RSHdk-0003zj-07 <> *** frozen ***
alyssa.campbell@lightwave.com

3. Print a summary of messages in the queue
#exim -bp | exiqsumm

root@web-012 [~]# exim -bp | exiqsumm
Count Volume Oldest Newest Domain
----- ------ ------ ------ ------
1 2048 29h 29h interstaterelocation.net
1 2048 9h 9h lightwave.com
1 2457 42h 42h news.cqi.com
1 1945 22h 22h power.alstom.com
---------------------------------------------------------------
4 8499 42h 9h TOTAL

4. Print what Exim is doing right now:
#exiwhat

root@web-012 [~]# exiwhat
4123 daemon: -q1h, listening for SMTP on port 25 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)

5. Display all of Exim’s configuration settings:
# exim -bP
6. Use -f to search the queue for messages from a specific sender:
#exiqgrep -f user@domain.com
7. Use -r to search the queue for messages for a specific recipient/domain:
#exiqgrep -r user@domain.com
8. Start a queue run:
#exim -q -v
9. Start a queue run for just local deliveries:
exim -ql -v
10. Remove a message from the queue:
#exim -Mrm

root@web-012 [~]# exim -Mrm 1RSHdk-0003zj-07
Message 1RSHdk-0003zj-07 has been removed

11. Deliver a message, whether it’s frozen or not, whether the retry time has been reached or not
#exim -M
12. Remove all frozen messages:
#exiqgrep -z -i | xargs exim -Mrm

root@web-012 [~]# exiqgrep -z -i | xargs exim -Mrm
Message 1RRyxQ-0003FJ-Aq has been removed
Message 1RS60i-00079d-NF has been removed

13. Remove all messages older than 1 days (86400 * 1 = 86400 seconds):
#exiqgrep -o 432000 -i | xargs exim -Mrm
14. Freeze all queued mail from a given sender:
#exiqgrep -i -f luser@example.tld | xargs exim -Mf
15. View a message’s headers
#exim -Mvh
16. View a message’s body:
#exim -Mvb
17. View a message’s logs:
#exim -Mvl

root@server-012[~]# exim -Mvl 1RRn0a-0006pW-LV
2011-11-19 15:39:12 Received from <> R=1RRn0V-0006pI-Vl U=mailnull P=local S=2447
2011-11-19 15:42:21 wdncom.uslec.read.readnews.com [198.186.192.186] Connection timed out
2011-11-19 15:42:21 elian.dancey@wdn.com.client.newsread.com R=dk_lookuphost T=dk_remote_smtp defer (110): Connection timed out
2011-11-19 16:05:26 wdncom.uslec.read.readnews.com [198.186.192.186] Connection timed out