Tuesday 30 June 2009

SpamAssassin

On previous mail server setups, I've tried to pass all mail coming into the server through SpamAssassin (The Fight Against Spam) and it's a bit of a struggle to get it working sometimes so I've had nothing setup for a while other than some SMTP restrictions and a couple of the RBLs. So since SpamAssassin is generally geared to being run / configured per-user, I figured, what the hell, I'll try that. And it is way easier. All I did was plop this in my .procmailrc:

# SpamAssassin
:0fw: spamassassin.lock
| /usr/bin/spamassassin

:0:
* ^X-Spam-Status: Yes
Junk


So now, SA happily tags all my possibly spammy mail and then for actual spam, it dumps it in the Junk folder and it actually strips the content replacing it with all the reasons why the message was identified as spam (the original message is attached).

So far so good!

- Arch

Monday 15 June 2009

Using proc to force a reboot

So we just had this little discussion on IRC and I figured I'd save it for posterity here:
[11:37:36]  to force a 'hard' reboot (if reboot is not working) - equivalent to pulling the power cable:
[11:37:44] echo 1 > /proc/sys/kernel/sysrq; echo b > /proc/sysrq-trigger
[11:40:45] come on dom, you know you want to try it.
[11:41:21] heh
[11:42:29] what's this do? what's this do? what's it do???
[11:43:13] you tell us
[11:47:09] yeah, that's awesome
[11:47:24] it just tells BIOS to reboot
[11:47:35] (or something like that anyhow)
[11:47:58] so, immediate reboot in other words?
[11:47:58] system just goes *blip* and starts posting


So there you go. Want to reboot without waiting for all those nasty processes to finish or phyiscally pressing the power button? That's your way out.

Thanks, toddz :D

- Arch

Tuesday 9 June 2009

Apache and LDAP users

Requisites:

Apache 2.2
mod_authnz_ldap (and enabled with a2enmod authnz_ldap under Debian+Ubuntu)

In your httpd.conf or your htaccess file, add the following:
    # Access control for this directory
AuthBasicProvider ldap
AuthType Basic
AuthName "Password Required"

AuthLDAPURL "ldap://localhost:389/OU=Users,DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" NONE

AuthLDAPBindDN readonly@example.com
AuthLDAPBindPassword plaintextpassword

Require ldap-group CN=somegroup,OU=someou,OU=Groups,DC=example,DC=com


This example is for connecting to an MS Active Directory server. For an OpenLDAP server, you may find that you don't need the BindDN/Pass options and you need uid instead of sAMAccountName (or possibly just "ldap://localhost/DC=domain,DC=tld").

If you look at other sites online, you'll find that a lot of users say they have to fiddle the config to get it working. Some of the common things I saw were:

  1. Setting "AuthzLDAPAuthoritative off"

  2. Specifying at least one container under the base DN (as in my example)

  3. Tweaking the GroupAttribute and GroupIsDN options

  4. Using a DN for the AuthLDAPBindDN (UPN used in my example)

  5. Enabling SSL or TLS

  6. Multiple domain controllers (simply specify them separated by spaces in your URL)

  7. Filters with "Require ldap-filter"





... As you can see there can be a lot of tweaking for specific sites. But all-in-all, the basic configuration is quite simple. If your LDAP server allows anonymous searches, you really only need the AuthLDAPURL line and it can be as simple as "ldap://localhost/DC=example,DC=com".

- Arch

Saturday 6 June 2009

Google Apps

One of the cool services that Google offers is the hosting of various services for your domain. Basically, you can brand Google with your own domain including mail, calendar, chat, docs, sites and "mobile" (I haven't used "mobile", but it includes sync services). The service is called Google Apps.

The "standard edition" is pretty much the standard services and limits you to 50 user accounts. And 50 people is quite a few for a personal domain or even a small business. Once you need more features or more accounts, its $50 / year per account. Which, truth be told, is pretty cheap since even just paying for anti-spam/anti-virus filtering is about $30 / year for pretty basic service from Symantec of whomever.

At any rate, I found it a bit confusing at first but mostly because I was setting this up in a sub-domain (dl.thenibble.org) on GoDaddy. But once I got in, it's pretty easy. You get this dashboard which shows you which services are activated and you can just click on whichever ones you want and if DNS changes are required, it will tell you and give you pretty specific instructions. But there's a lot. You have to do one just to activate the domain, add aliases for all your services (unless you want to use google.com/apps/mydomain or whatever), and then for email, there's 5 MX records and for chat there's about 10 SRV records.

But now that it's all setup, it's pretty fancy. You can create email groups, use docs, publish calendars, etc. I tried poking around a bit and really all that Google does for stuff like "sites" when you create an alias under your domain is it just redirects the user to sites.google.com/domain/whatever ... So it won't be a replacement for having a web host. But for email, it will just accept mail at your domain so it's a full email service.

And standard edition is free. Did I mention that? Yeah, it's ad-supported, but otherwise free.

Fun!
- Arch

Popular Posts