Archive for the ‘Linux Administration’ Category

EXIM4 – Remote Domains Not Supported

October 6th, 2011 AfterDarkMike

After Moving some sites to a fresh Ubuntu VPS for some testing I noticed that the contact forms were not working.

2011-10-03 03:31:43 1RAZFn-0006hC-I2 <= www-data@corp.host.com U=www-data P=local S=648
2011-10-03 03:31:43 1RAZFn-0006hC-I2 ** sales@host.com R=nonlocal: Mailing to remote domains not supported
2011-10-03 03:31:43 1RAZFn-0006hE-Ig <= <> R=1RAZFn-0006hC-I2 U=Debian-exim P=local S=1619
2011-10-03 03:31:43 1RAZFn-0006hC-I2 Completed

In my default Ubuntu VPS image, the “local mail only” feature is set.

Executing the following command and selecting the “internet site; mail is sent and received directly using SMTP” option will solve your issue. You should be able to select the default option for the rest of the questions.

admin@db:~$ dpkg-reconfigure exim4-config

Share
Posted in Linux Administration Tags: , 6 Comments »

MySQL: “Access denied for user ‘debian-sys-maint’@’localhost’”

October 3rd, 2011 AfterDarkMike

I recently migrated one of our MySQL servers (Simply by using rsync) and afterwards when restarting the MySQL server I was faced with:

admin@db:~$ sudo /etc/init.d/mysql restart
* Stopping MySQL database server mysqld <strong>[fail]</strong>
* Starting MySQL database server mysqld [ OK ]
/usr/bin/mysqladmin: connect to server at 'localhost' failed
error: '<strong>Access denied for user 'debian-sys-maint'@'localhost'</strong> (using password: YES)'

This MySQL user is created for Ubuntu to be able to start/stop the database and to preform other maintenance operations.

The issue is that with each update to MySQL, the user’s password in the database is overwritten.  Ubuntu searches the file /etc/mysql/debian.cnf in order to find this user’s password, but obviously the password was out of sync after copying the databases from the old database server.

First, check the contents of the /etc/mysql/debian.cnf file:

admin@db:~$sudo cat /etc/mysql/debian.cnf

The contents of the file should look something like the:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = debian-sys-maint
<strong>password = PASSWORD</strong>
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
user     = debian-sys-maint
<strong>password = PASSWORD</strong>
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

The PASSWORD   is what we’re looking for.

Next, you will want to issue a command to MySQL to tell it to grant the debian-sys-maint user all necessary privileges using the new password.

Login to your MySQL server using your root account and the root password:

admin@db:~$ mysql -u root -p

Issue the GRANT command now to grant those permissions:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY 'PASSWORD';

Restart MySQL, you should no longer be getting the “access denied” error message.

admin@db:~$ sudo /etc/init.d/mysql restart
* Stopping MySQL database server mysqld [ OK ]
* Starting MySQL database server mysqld [ OK ]
* Checking for corrupt, not cleanly closed and upgrade needing tables.

You may need to kill the MySQL server processes in order to get MySQL to shut down.


Share
Posted in Linux Administration Tags: , 11 Comments »

Public key authentication over SSH

February 18th, 2011 AfterDarkMike

Generate key on local machine

ssh-keygen -t rsa

Ensure that the remote server has a .ssh directory

Make sure the server your connecting to has a .ssh directory in the home directory of the user you are doing this for. If it doesn’t exist you can run the ssh-keygen command above, and it will create one with the correct permissions.

Copy your local public key to the remote server

If your remote server doesn’t have a file called ~/.ssh/authorized_keys then create it. If that file already exists, you need to append the contents of ~/.ssh/id_rsa.pub to it.

cat ~/.ssh/id_dsa.pub | ssh user@remote.server "cat - >> ~/.ssh/authorized_keys"

Now ssh to the remote server

Your should be able to ssh to the remote server without being asked for a password.

Security

All someone would need to login to the remote server, is one file on your local machine ~/.ssh/id_rsa, so keep it secure.

Getting asked for a password

If you are getting asked for a password, check the permissions.

server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys

Share
Posted in Linux Administration No Comments »

Removing “X-Authentication-Warning” headers

February 10th, 2011 AfterDarkMike

After moving some scripts to a different server I noticed a small change in email deliverability. Possibly unrelated but I did notice “X-Authentication-Warning” headers were being added to outgoing mail sent by php.

The problem

“X-Authentication-Warning” headers like the following were being added:

X-Authentication-Warning: xxx.domain.com: www-data set sender to user@example.com using -r

The solution

In order to prevent this you need to have the “trusted users” feature enabled in Sendmail (I believe it is by default in Red Hat Enterprise Linux):

Locate your submit.mc (should be in /etc/mail/submit.mc) and add:

FEATURE(use_ct_file)dnl

Open “/etc/mail/trusted-users” and add “www-data”:

root@smtp [~]# echo "www-data" > /etc/mail/trusted-users

Restart Sendmail:

root@smtp [~]# /etc/init.d/sendmail restart

**NOTE**

You have just set your web server as a trusted sender. You do not want to do this on a shared hosting server.


Share
Posted in Linux Administration Tags: , , , 5 Comments »

Converting Lighty (Lighttpd) Rewrites to Nginx

January 31st, 2011 AfterDarkMike

It was actually quite easy, once I checked the error logs and realized that I never created the rewrites :P

Lighttpd:

url.rewrite-once = (
    #open rate
    "^/images/email/([0-9]+)/([a-zA-z0-9]+)/([0-9]+)/email-logo-([a-zA-z0-9]+).gif"  => "/open.php?email_id=$1&type=$2&cid=$3&ab=$4",
    #opt out
    "^/outfast/(.*)" => "/optout.php?action=optout&a=fast &click=single&hash=$1",
    #click
    "^/go/([0-9]+)/([0-9]+)/([0-9]+)/(.*)"  => "/click.php?cid=$1&email_id=$2&link_id=$3&extra=$4"
)

Nginx:

#opt out link
    location /outfast/ {
        rewrite ^/outfast/(.*) /optout.php?action=optout&a=fast&click=single&hash=$1 last;
    }

#click through rate
    location /go/ {
        rewrite ^/go/([0-9]+)/([0-9]+)/([0-9]+)/(.*) /click.php?cid=$1&email_id=$2&link_id=$3&extra=$4 last;
    }

#open rate
    location /images/email/ {
        rewrite ^/images/email/([0-9]+)/([a-zA-z0-9]+)/([0-9]+)/email-logo-([a-zA-z0-9]+).gif /open.php?email_id=$1&type=$2&cid=$3&ab=$4 last;
    }

The biggest thing to notice is the lack of quotes and the “last” keyword at the end of each rewrite (in these cases at least)


Share
Posted in Linux Administration Tags: , , 3 Comments »
Twitter Delicious Facebook Digg Stumbleupon Favorites More