• Home
• Blog
• Downloads
• Info
• Reviews
• Virus Warnings
• Search Site

Microsoft is apparently ending the projects because it doesn't see them as revenue generating projects. Thankfully, Google, whose own efforts led Microsoft to embark on similar projects, will continue its efforts to digitize books. The Google Book Search Library Project allows one to view snippets of books still under copyright and to download the entire contents of books that are no longer under copyright.

[/network/web/search] permanent link

I looked for a pcal RPM package. I found that the perl-Calendar-Simple package contained a pcal program and decided to install it. I installed the package, which is available from http://packages.sw.be/perl-Calendar-Simple/ or RPM PBone. If you are using the RPMforge repository, you can install it with yum or another installer. To configure yum to use the RPMForge repository, see RPMForge Packages and Yum Priorites.

# yum install perl-Calendar-Simple

After I installed the package, I found it installed /usr/bin/pcal. That pcal program was a Perl script. I could use it to generate the current month's calendar by typing pcal or a specific month from the current year with pcal m, where m is a number representing a month, e.g. pcal 6 would display the month of June. Or you can use pcal mm, e.g. pcal 06 for June. That pcal can also generate a calendar for a specific month and year with pcal mm yyyy, e.g. pcal 06 2009 for the calendar for June 2009.

# pcal 06 2009

     June 2009
Su Mo Tu We Th Fr Sa
    1  2  3  4  5  6
 7  8  9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

But that pcal program didn't offer me as many options as I had with the cal program that was already installed on the system. I didn't need anything particularly fancy, but I did need the capability to generate a calendar in HTML format, which the Perl pcal script didn't provide.

References:

1. RPMForge Packages and Yum Priorites
   MoonPoint Support
2. Pcal
   MoonPoint Support
3. PCAL and LCAL: PostScript Calendar Programs
   SourceForge.net
4. pcal and lcal - pcal branch
   freshmeat.net

[/languages/perl] permanent link

I opened the .csv file in Excel and used the proper() function to perform the conversion. Excel provides 3 functions, upper, lower, and proper to change the case of text.

Example: JOHN Smith is in cell A1 of an Excel worksheet

=UPPER(A1) will change the text to all uppercase, i.e. JOHN SMITH

=LOWER(A1) will change the text to all lowercase, i.e. john smith

=PROPER(A1) will change the case to suit a proper name, i.e. John Smith

There were about 1,500 entries in the worksheet, so I didn't want to type a formula in each cell. Instead, I created another column immediately to the right of the one containing the name by clicking on Insert then Columns in Excel. The first cell containing a name was B2. In C2, I put the formula =proper(b2). Then I clicked in the C2 cell to select it. I then held the left mouse button down and extended the highligted area down to the last row containing a name. Since the last such row was row 1482, I highlighted cells C2 through C1482. When I had all of the cells highlighted, I released the mouse button. I then hit Ctrl-D to copy the formula down through all of the higlighted cells (the formula is automatically incremented as it is copied). That resulted in the following formulas in column C.

I then resaved the file in csv format and closed it. I then reopened it in Excel. Since it was saved in CSV format, column C had the names with the correct capitalization now without any formula attached to them. I then deleted column B, which had the names in all capital letters. I then resaved the file.

Note: If you have a name in the form "JOHN S SMITH III", proper will convert the name to "John S Smith Iii", so you may need to scan through the list of names for such instances.

References:

1. Properly Capitalize Text with "Proper"
   Lega Andrew - law for the rest of us
2. text case conversion in excel
   Excel Lesson (97 and 2002)
   CastleJB.com

[/os/windows/office/excel] permanent link

:set number

To turn off the dispaly of line numbers, use the command below:

:set nonumber

[/software/editors/vi] permanent link

Global Search

:g/string/command

command affects lines containing string

:v/string/command

command affects lines not containing string

To delete all lines containing "foo" you could use the following command:

:g/foo/d

To delete all lines not containing "foo" you could use the following command:

:v/foo/d

References:

1. vi Reference Card
   JILA

[/software/editors/vi] permanent link

References:

1. Cox, Comcast Accused of More BitTorrent Blocking
   By Roy Mark
   May 15, 2008
   eWeek.com

[/network/p2p] permanent link

The software can be downloaded from SourceForge.net: Xming X Server for Windows. Download and install the Xming installer and the Xming-fonts installer. You can use the /silent or /verysilent command-line parameters for an unattended installation.

[/network/x] permanent link

To permit usage of those files to control access to directories on the webserver, edit httpd.conf and replace the AllowOverride None in the <Directory /> section with AllowOverride AuthConfig.

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

You can use the .htaccess and .htpasswd method without changing the AllowOverride None line in the following section of httpd.conf.

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride None

References:

1. Authentication, Authorization and Access Control
   The Apache HTTP Server Project
2. Using Apache realms to password-protect your website
   Last modified: January 09 2006
   Linux/Mac Web, Database, Email, DNS Server Administration and Security Howtos
3. USING .HTACCESS & HTPASSWD TO PROTECT YOUR FILES FROM UNAUTHORIZED ACCESS
   BigNoseBird.Com

[/network/web/server/apache] permanent link

1. Click on Tools.
2. Scroll down to Ports.
3. You can then put in a port number, e.g. 587 in the SMTP field, so that Eudora would connect to port 587 on the SMTP server rather than the default port of 25.
4. Click on the OK button.

Note: tested with Eudora 4.2.2

References:

1. Esoteric.epi / Esoteric Settings (Windows)
   Eudora
2. Changing Ports for Sending/Receiving (Win)
   Eudora

[/network/email/clients/eudora] permanent link

If you are attempting to send an email message using Eudora and you see a message similar to the one below, then the SMTP server that Eudora has been configured to use for outgoing email likely requires authentication.

Can't send to 'someone@example.com'. The server gives this reason: '550 5.7.1
<someone@example.com>... Relaying denied. Proper authentication required.'.

Version 4.2.2 of Eudora supports authentication when sending email. If you have a Windows 4.x version of Eudora, you can upgrade it to version 4.2.2 by downloading ep4xto422.exe from the updater422 folder on the Qualcomm FTP site. Version 4.2.0 doesn't support authenticating when sending email, though the help files indicate that it does, according to Eudora Pro 4.x - SMTP Auth . If you don't know which version of Eudora you are running, you can click on Help and then About in Eudora. You should see "Version 4.2.2" for that version.

To enable authentication when sending in Eudora 4.2.2, you must edit the eudora.ini file. Close Eudora, if it is open, and add the following two lines below the [Settings] line in eudora.ini file.

SMTPAuthRequired=1
SMTPAuthAllowed=1

Then, when you reopen Eudora, SMTP authorization should be enabled.

Note: there are different methods of authenticating with an email server. If you see a message similar to the following, the email server does not support the authentication method used by Eudora.

<Dominant>, Connecting to the Mail Server..., [05:24:13 PM]
Can't find a supported authentication mechanism for sending messages, and you've
specified to require authentication.

For instance, Eudora 4.2.2 doesn't support the Plain and Login methods.

You can determine which authentication methods a server supports by using telnet to connect to port 25 on the server, which is the standard SMTP port. After you issue an HELO or EHLO command and some name for the system from which you are connecting, e.g. "laptop" or "mysystem.example.com", you should see AUTH listed as one of the commands the server understands with the authentication methods it supports listed immediately after AUTH on the same line.

telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 11 May 2008 17:28:54 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP

In the example above, the email server only supports the LOGIN and PLAIN methods, which resulted in Eudora complaining that it "Can't find a supported authentication mechanism for sending messages, and you've specified to require authentication."

According to Negotiating an SMTP AUTH Authentication Mechanism, "The standard Eudora client (downloadable from www.eudora.com) tries to use CRAM-MD5 by default."

If an email server supports CRAM-MD5 and DIGEST-MD5, you would see the following, if you connected to port 25 on the server, after you issued an helo or ehlo command..

250-AUTH DIGEST-MD5 CRAM-MD5

References:

1. Eudora Pro 4.x - SMTP Auth
   jellico.com, Inc.
2. Negotiating an SMTP AUTH Authentication Mechanism
   By Weldon Whipple
   Technoids.org

[/network/email/clients/eudora] permanent link

To rectify the problem, I had to add another MIME type to the Apache webserver httpd.conf file. I edited /etc/httpd/conf/httpd.conf and added an AddType line for the .acs file extension.

#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-tar .tgz
AddType application/octet-stream .acs

I then restarted the Apache webserver with apachectl restart. Afterwards when I visited the URL again, I was prompted as to whether I wanted to download the file.

References:

1. Apache Module mod_mime
   The Apache Server Project
2. Help: Unable to serve XBAP from Apache?
   Posted: August 29, 2006
   Vista Forums

[/network/web/server/apache] permanent link

After the packages were installed, I check the ClamAV definitions with the freshclam command.

# freshclam -V
ClamAV 0.93/6688/Wed Apr  9 10:40:38 2008

I verified that the version of sendmail on the system provides milter support with sendmail -d0 < /dev/null | grep MILTER. If sendmail provides milter support, MILTER will be listed in the output. Sendmail 8.13 enables MILTER support by default. See Clam AntiVirus Milter Setup and Debugging for details on how to add MILTER support for prior versions.

# sendmail -d0 < /dev/null | grep MILTER
                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6

According to Clam AntiVirus Milter Setup and Debugging, the libmilter* library must be installed on the system to use clamav-milter, so I checked for the presence of libmilter files with locate libmilter, but none were listed. The instructions suggested that if the library is not installed, one should "go to the Sendmail source directory, change into the libmilter subdirectory and run the install script." But there was no sendmail source directory on the system, since sendmail had been installed through a package when I initially set up the system. Since the instructions also stated "Some operating systems provide MILTER support via a port or package", I thought I would just proceed to see what happened.

The next step listed was to configure clamav with --enable-milter . I presumed that was already taken care of when I installed the clamav-milter package, so I proceeded to the "configure clamd.conf" step. I checked /etc/clamd.conf, but didn't make any changes.

The installation of the clamav-milter package placed two files in /etc/init.d.

# ls -l /etc/init.d/clam*
-rwxr-xr-x 1 root root 1258 Mar  7  2007 /etc/init.d/clamav-milter
-rwxr-xr-x 1 root root 1130 Nov  1  2006 /etc/init.d/clamd

It also installed and turned on two system services.

# chkconfig --list clamd
clamd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
# chkconfig --list clamav-milter
clamav-milter   0:off   1:off   2:on    3:on    4:on    5:on    6:off

I started the Clam AntiVirus daemon with /etc/init.d/clamd

# vi /etc/init.d/clamd
# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon:                            [  OK  ]

You then need to configure sendmail for clamav-milter support. If you try launching clamav-milter first, you will get the error shown below:

# /etc/init.d/clamav-milter start
Starting Clamav Milter Daemon: clamav-milter: socket-addr (local:/var/clamav/clm
ilter.socket) doesn't agree with sendmail.cf
                                                           [FAILED]

So I put the following line as the last line in /etc/mail/sendmail.mc

INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter.sock, F=T, T=S:4m;R:4m')

I then rebuilt the sendmail.cf file from sendmail.mc with the following command:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

When I tried restarting sendmail, though, I received a warning message:

# /etc/init.d/sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail: WARNING: Xclmilter: local socket name /var/run/clamav/clmilte
r.sock missing
                                                           [  OK  ]
Starting sm-client:                                        [  OK  ]

I then looked in /etc/sysconfig/clamav-milter and saw the following:

### Simple config file for clamav-milter, you should
### read the documentation and tweak it as you wish.

CLAMAV_FLAGS="
    --config-file=/etc/clamd.conf
    --force-scan
    --local
    --max-children=10
    --noreject
    --outgoing
    --quiet
"
SOCKET_ADDRESS="local:/var/clamav/clmilter.socket"

Since according to the SOCKET_ADDRESS in that file, clmilter.socket was expected in /var/clamav, I modified the line I added to the end of /etc/mail/sendmail.mc to be as shown below:

INPUT_MAIL_FILTER(`clmilter', `S=local:/var/clamav/clmilter.socket, F=T, T=S:4m;R:4m')

I then rebuilt the sendmail.cf file from sendmail.mc, restarted clamav-milter, and restarted sendmail.

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /etc/init.d/clamav-milter restart
Stopping Clamav Milter Daemon:                             [FAILED]
Starting Clamav Milter Daemon: Your LANG environment variable is set to 'en_US.U
TF-8'
This is known to cause problems for some clamav-milter installations.
If you get failures with temporary files, please try again with LANG unset.
LibClamAV Error: cl_cvdhead: Can't open file /var/clamav/daily.inc/daily.info
Loaded ClamAV version 0.93, clamav-milter version 0.93
ClamAV: Protecting against 280776 viruses
                                                           [  OK  ]
# /etc/init.d/sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

The "failed" for the restart of clamav-milter was probably because it wasn't started at the time; so I could have used clamav-milter start. I also saw an error message regarding "LibClamAV Error: cl_cvdhead: Can't open file /var/clamav/daily.inc/daily.info", but when I sent a test message to an account on another system, I saw "X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93" in the message's headers. I saw the same header in a message I sent from the account on the other system to the one running ClamAV. I also saw the header "X-Virus-Status: Clean". So ClamAV appeared to be scanning incoming and outgoing email.

References:

1. Clam AntiVirus Milter Setup and Debugging
   Jeremy Mates's Domain
2. Installing clamav-milter on FreeBSD
   Ring of Saturn Internetworking

[/network/email/sendmail] permanent link

1. On the View menu, click Scheduler. All scheduled tasks will appear.
2. On the Task menu, click New Task.
3. Expand the Tasks folder.
4. Select the task that you want to schedule, then click on the OK button.
5. On the Schedule tab, set the date, time, and frequency with which to execute the task.

   

6. On the Task tab, in the Run as field, type the user name of the person who is running the task. The default is the logged on user.
7. Click on the Set Password button.
8. In the Password field, type your password. You must type a password to run the task. The password is confirmed when the task runs.
9. In the Confirm field, type your password again to confirm that it is entered correctly.
10. Click on the OK button.

[/os/windows/utilities/backup/ghost] permanent link

Check MX Records for Email Tool - Live2Support.com
MX Lookup - MXToolbox.com

[/network/dns] permanent link

In checking on the problem, I found her account was not a member of the "Remote Web Workplace Users" group. The procedure for adding an account to that group is listed below.

1. Click on Start.
2. Select Administrative Tools.
3. Select Activer Directory Users and Computers.
4. Under the domain name, select My Business, Users, SBSUsers, and then the user's account or, under the domain name, select Users and the user's account, if it is located there instead.
5. Right-click on the user's account and select Properties.
6. Click on the Member Of tab.
7. The user should already be a member of Domain Users. You need to click on the Add button.
8. In the "Enter the ojbect names to select" field, type Remote Web Workplace.
9. Click on the Check Names button. You should then see "Remote Web Workplace Users" appear in the field underlined.
10. Click on OK.
11. Click on OK again to close the "Properties" window for the user's account.

[/os/windows/server2003] permanent link

The sendmail.mc already had the line FEATURE(`blacklist_recipients')dnl. The blacklist_recipients feature turns on the ability to block incoming mail for certain recipient usernames, hostnames, or addresses. For example, you can block incoming mail to user nobody, host foo.mydomain.com, or guest@bar.mydomain.com. These specifications are put in the /etc/mail/access file.

Immediately below that line, I added the following lines to use the McFadden Associates E-Mail Blacklist, the Spamhaus Block List, and the Passive Spam Block List.

FEATURE(`dnsbl', `bl.csma.biz', `550 Spam Block: mail from $&{client_addr} refused - See http://bl.csma.biz/')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `550 Spam Block: mail from $&{client_addr} refused - See http://www.spamhaus.org/sbl/')dnl
FEATURE(`dnsbl', `psbl.surriel.com', `550 Spam Block: mail from $&{client_addr} refused - see http://psbl.surriel.com/')dnl

I removed the "dnl" from the beginning of the following line, which "uncomments" the directive, to allow the system to accept email from users who have authenticated by a trusted mechanism defined by TRUST_AUTH_MECH (see Sendmail Authorization for Outgoing Email).

dnl FEATURE(delay_checks)dnl

I didn't want a user's email to be rejected because the user's system received a dynamically assigned IP address previously assigned to a system sending out spam, which I've seen happen previously. By using the delay_checks feature, you can have sendmail skip the check_mail and check_relay rulesets, if the sender has been authenticated by a "trusted" mechanism, such as by sending the user's userid and password to the server when sending email.

I then regenerated the sendmail.cf file from the sendmail.mc file and restarted sendmail with the commands below.

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

References:

1. Sendmail cf/README - Features
   sendmail.org
2. Sendmail cf/README - Anti-Spam Configuration Control sendmail.org
3. Passive Spam Block List (PSBL) Added
   MoonPoint Support
4. Sendmail Authorization for Outgoing Email
   MoonPoint Support
5. McFadden Associates E-Mail Blacklist
6. Spamhaus Block List
7. Passive Spam Block List

[/network/email/sendmail] permanent link

1. Click on Tools.
2. Select Options.
3. Click on the Other tab.
4. Click on the Advanced Options button.
5. Click on the Add-in Manager button.
6. Uncheck "Google Desktop Search Outlook Addin".
7. Click on OK.
8. Click on Com Add-ins.
9. Uncheck "Google Desktop Outlook Toolbar.
10. Click on OK.
11. Click on OK again.
12. Click on OK to close the Options window.

[/network/email/clients/outlook] permanent link

The server was running sendmail, which supports SMTP AUTH as defined in RFC 2554 which is based on SASL.

The Cyrus SASL package should be installed to enable sendmail to support the AUTH command for authorization. I checked on whether it was installed with rpm -qi cyrus-sasl. I saw it was installed. I then tried sendmail -d0.1 -bv root | grep SASL and saw NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS. The "SASLv2" in the output confirmed that support for SASL was present.

But when I connected to the SMTP port by telnet, I didn't see the AUTH command listed when I issued an ehlo command. And I received messages that the "plain", "login", "cram-md5", and "digest-md5" authorization methods weren't supported when I issued auth commands for those authentication methods.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 6 May 2008 10:34:34 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
AUTH LOGIN
504 5.3.3 AUTH mechanism LOGIN not available
AUTH PLAIN
504 5.3.3 AUTH mechanism PLAIN not available
AUTH CRAM-MD5
504 5.3.3 AUTH mechanism CRAM-MD5 not available
AUTH DIGEST-MD5
504 5.3.3 AUTH mechanism DIGEST-MD5 not available
quit

When I used the testsaslauthd command to check that the saslauthd daemon was installed and running properly, I saw that it was working properly.

# testsaslauthd -s smtp -u jdoe -p HerPassword
0: OK "Success."

You can test SASL support with the testsaslauthd command by specifying a username and its associated password on the system with -u username -p password. The -s service option specifies a particular service. Common service names are "imap", "sieve", and "smtp".

I then looked at /etc/mail/sendmail.mc. I saw define(`confAUTH_OPTIONS', `A')dnl, which provides a list of options for SMTP AUTH was not commented out, so I left it as is. I left the "dnl" at the beginning of the following line, which appeared later in the file. The p option in it would result in sendmail not accepting the PLAIN and LOGIN AUTH methos unless they were protected by a security latyer, such as is provided by STARTTLS.

dnl define(`confAUTH_OPTIONS', `A p')dnl

      AuthOptions
                [no short name] List  of  options  for  SMTP
                AUTH  consisting  of  single characters with
                intervening white space or commas.

                    A   Use the AUTH= parameter for the MAIL FROM
                        command only when authentication succeeded.
                        This can be used as a workaround for broken
                        MTAs that do not implement RFC 2554 correctly.
                    a   protection from active (non-dictionary) attacks
                        during authentication exchange.
                    c   require mechanisms which pass client credentials,
                        and allow mechanisms which can pass credentials
                        to do so.
                    d   don't permit mechanisms susceptible to passive
                        dictionary attack.
                    f   require forward secrecy between sessions
                        (breaking one won't help break next).
                    p   don't permit mechanisms susceptible to simple
                        passive attack (e.g., PLAIN, LOGIN), unless a
                        security layer is active.
                    y   don't permit mechanisms that allow anonymous login.

                The first option applies to  sendmail  as  a
                client, the others to a server.  Example:

                    O AuthOptions=p,y

                would  disallow  ANONYMOUS as AUTH mechanism
                and would allow PLAIN and LOGIN  only  if  a
                security  layer (e.g., provided by STARTTLS)
                is already active.  The  options  'a',  'c',
                'd',  'f',  'p', and 'y' refer to properties
                of the selected SASL  mechanisms.   Explana-
                tions  of  these  properties can be found in
                the Cyrus SASL documentation.

I removed "dnl" from beginning of the following 2 lines to uncomment them:

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

The relevant lines were then as follows:

define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

I then rebuilt the sendmail.cf file from the sendmail.mc file using m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf. I then restarted sendmail with /etc/init.d/sendmail restart.

When I then used telnet to connect to the SMTP port, port 25, on the server, I saw AUTH listed when I issued the ehlo command.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 6 May 2008 13:44:58 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP

Testing with SimpleCheck, I was then able to send a message with it configured to use the PLAIN or the LOGIN authorization mechanism.

References:

1. SMTP AUTH in sendmail 8.10-8.13
   sendmail.org
2. Cyrus SASL for System Administrators
   SEPP Application Catalog
3. sendmail AUTH_OPTIONS
   lists.freebsd.org Mailing Lists
4. Using SMTP AUTH and STARTTLS with sendmail
   A quick start guide for Red Hat/Fedora Linux
   joreybump.com

[/network/email/sendmail] permanent link

# chkconfig --list dovecot
dovecot         0:off   1:off   2:off   3:off   4:off   5:off   6:off

I turned it on so that it would be operational after the next reboot with chkconfig dovecot on.

# chkconfig dovecot on
[root@frostdragon ~]# chkconfig --list dovecot
dovecot         0:off   1:off   2:on    3:on    4:on    5:on    6:off

I then started the service with service dovecot start.

# service dovecot start
Starting Dovecot Imap:                                     [  OK  ]

I could then see that the system was listening on the imap, imaps, pop3, and pop3s ports.

# netstat -a | grep imap
tcp        0      0 *:imaps                     *:*                         LISTEN
tcp        0      0 *:imap                      *:*                         LISTEN
[root@frostdragon archive]# netstat -a | grep pop3
tcp        0      0 *:pop3s                     *:*                         LISTEN
tcp        0      0 *:pop3                      *:*                         LISTEN

Dovecot can be configured to handle mailboxes for system users, i.e. for accounts on the system or for virtual users. Since the majority of people who would be using the server for email would have no need to log into the system and since I wanted to be able to have john@example.com and john@anotherexample.com, I chose to configure Dovecot for virtual users.

The Dovecot Wiki has this to say about usernames and domains:

Usernames and domains

Dovecot doesn't care much about domains in usernames. IMAP and POP3 protocols currently have no concept of "domain", so the username is just something that shows up in your logs and maybe in some configuration, but they have no direct functionality.

So although Dovecot makes it easier to handle "user@domain" style usernames (eg. %n and %d variables), nothing breaks if you use for example "domain%user" style usernames instead. However some authentication mechanisms do have an explicit support for realms (pretty much the same as domains). If those mechanisms are used, the username is changed to be "user@realm".

And of course there's no need to have domains at all in the usernames.

I followed the instructions in Simple Virtual User Installation. I didn't need to create a dovecot user, since one already existed in /etc/passwd. I did need to create a vmail user account and group, which is used to access the mail for all users.

# grep dovecot /etc/passwd
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
# useradd -u 103 -c Dovecot vmail

The above useradd command created the vmail user and group and automatically created a /home/vmail directory owned by vmail:vmail, under which the email for all users is stored. [Note: you may want to use a UID greater than 500 rather than 103 as in the example above to avoid the problem noted below where the dovecot configuration file by default only permits a UID greater than 500]

I created /var/log/dovecot.log and /var/log/dovecot-info.log and changed the owner and group for those files to vmail.

# touch /var/log/dovecot.log /var/log/dovecot-info.log
# chown vmail /var/log/dove*; chgrp vmail /var/log/dove*;

I then edited /etc/dovecot.conf and changed the settings for the log files.

Original

# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
#log_path =

# For informational messages, use this logfile instead of the default
#info_log_path =

Modified

# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
log_path =  /var/log/dovecot.log

# For informational messages, use this logfile 
info_log_path = /var/log/dovecot-info.log

The default line in /etc/dovecot.conf for plaintext authentication is as follows:

#disable_plaintext_auth = no

Since disable_plaintext_auth has a default value of "no", I didn't have to uncomment that line.

I created a directory for the dovecot password file with mkdir /etc/dovecot and then set up a password file in /etc/dovecot/passwd. I changed the protection on the file with chmod 600 /etc/dovecot/passwd, so that only root would have access, since I don't want others with accounts on the system to be able to read the contents of the file. I created entries in the passwd file with entries like the following:

jdoe@example.com:{PLAIN}HerPassword

I then modified the checkpassword section of /etc/dovecot.conf

Original

  # checkpassword executable authentication
  # NOTE: You will probably want to use "userdb prefetch" with this.
  # http://wiki.dovecot.org/PasswordDatabase/CheckPassword
  #passdb checkpassword {
    # Path for checkpassword binary
    #args =
  #}

Modified

  # passwd-like file with specified location
  # http://wiki.dovecot.org/AuthDatabase/PasswdFile
  passdb passwd-file {
    # Path for passwd-file
    args = /etc/dovecot/passwd
  }

I then restarted dovecot with service dovecot restart. I then tested dovecot by using telnet to connect to port 110, the pop3 port, on the system. I could connect to port 110, but didn't get any response to the user and pass commands. I looked in /var/log/dovecot and saw the following errors recorded:

dovecot: May 04 13:35:26 Error: Temporary failure in creating login processes, slowing down for now
dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: child 30454 (login) returned error 127
dovecot: May 04 13:35:26 Error: child 30455 (login) returned error 127

At Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory, I found a suggestion to edit /etc/dovecot.conf and modify the login_processes_size line so that it is login_process_size = 64. The writer states on that webpage that "This error is not related to shared libraries. You need to set maximum process size in megabytes. If you don't use login_process_per_connection you might need to grow this."

When I looked in /etc/dovecot.conf, I saw the following line:

#login_process_size = 32

I removed the "#" and changed the line to login_process_size = 64 . I then restarted dovecot with service dovecot restart. I no longer saw the error messages in the /var/log/dovecot.log file.

When I again checked email for accounts by using telnet 127.0.0.1 110, I was able to check an account, jsmith, listed in /etc/passwd, but not the jdoe@example.com account listed in the /etc/dovecot/passwd file I created.

# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jdoe@example.com
+OK
pass HerPassword
-ERR [IN-USE] Internal login failure. Refer to server log for more information.
Connection closed by foreign host.
[root@frostdragon log]# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jsmith
+OK
pass HisPassword
+OK Logged in.
stat
+OK 0 0
quit
+OK Logging out.
Connection closed by foreign host.

When I looked in /etc/dovecot.conf, I saw dovecot: May 04 14:03:20 Error: auth(default): userdb(jdoe@example.com,::ffff:127.0.0.1): user not found from userdb.

I then realized I also needed to modify the "userdb static" section of /etc/dovecot.conf. I made the following changes:

Original

  # static settings generated from template
  # http://wiki.dovecot.org/UserDatabase/Static
  #userdb static {
    # Template for the fields. Can return anything a userdb could normally
    # return. For example:
    #
    #  args = uid=500 gid=500 home=/var/mail/%u
    #
    #args =
  #}

Modified

  # static settings generated from template
  # http://wiki.dovecot.org/UserDatabase/Static
  userdb static {
    # Template for the fields. Can return anything a userdb could normally
    # return. For example:
    #
    #  args = uid=500 gid=500 home=/var/mail/%u
    #
    args = uid=vmail gid=vmail home=/home/vmail/%u
  }

I then restarted dovecot with service dovecot restart. But I still couldn't check email for the virtual user account jdoe@example.com. In the /var/log/dovecot.log file, I saw dovecot: May 04 14:34:19 Error: Logins with UID 103 (user jdoe@example.com) not permitted (see first_valid_uid in config file)

When I checkd the /etc/dovecot.conf, I found the following:

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0

I then realized, since I created the vmail account with a UID of 103, that the dovecot configuration file was preventing a login for it, because it was less than 500. I could have changed the first_valid_uid value in dovecot.conf, but I decided to delete the vmail account and its associated home directory and then recreate it with a UID greater than 500. I then restarted dovecot

# userdel vmail
# rm -rf /home/vmail
# useradd -u 502 -c "Dovecot Virtual Users" vmail 
# service dovecot restart

I was then able to check email for both user accounts on the system and virtual user accounts. I saw that dovecot created a /home/vmail/jdoe@example.com directory under /home/vmail.

At this point, though I could login to the POP3 port, port 110, and get dovecot to accept the userid and password for a virtual user, sendmail would return a "user unknow" message, if I tried to send email to a virtual user, because sendmail knew nothing about the dovecot virtual users. So using the instructions in Dovecot LDA with Sendmail as a starting point, I took the steps below.

I created the file /usr/share/sendmail-cf/mailer/dovecot.m4 and put the lines below in it:

######################*****##############
###   DOVECOT Mailer specification                              ###
##################*****##################
Mdovecot,   P=/usr/local/libexec/dovecot/deliver, F=DFMPhnu9,
                 S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
                 T=DNS/RFC822/X-Unix,
                 A=deliver -d $u

In /etc/mail/sendmail.mc, I had the following two lines:

MAILER(smtp)dnl
MAILER(procmail)dnl

I added MAILER(dovecot)dnl after those two lines. I then regenerated the sendmail.cf file using the m4 command.

# m4 /etc/mail/sendmail.mc > /etc/mailsendmail.cf

Unfortunately, that did not resolve the issue with virtual users. I still haven't been able to get that working.

References:

1. Chapter 23. Email
   CentOS
2. Basic Configuration
   Dovecot Wiki
3. Virtual Users
   Dovecot Wiki
4. Simple Virtual User Installation
   Dovecot Wiki
5. Passwd-file
   Dovecot Wiki
6. Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
   nixCraft Insight Into Linux Admin Work
7. Dovecot LDA with Sendmail
   Dovecot Wiki

[/network/email/dovecot] permanent link

1. Login into the firewall using a web browser.
2. Click on Network.
3. Click on Interfaces.
4. For the Untrust interface, click on Edit.
5. In the Properties line at the top of the webpage, you will see VIP. Click on VIP.
6. If you see an Add/Modify VIP Entry field with no VIP services listed beneath it, select "Same as the untrusted interface IP address" and click on Add, otherwise proceed to the next step.
7. Click on the New VIP Service button
8. The Virtual IP field should show the IP address for the Untrust interface. Put the appropriate value in the Virtual Port field, e.g. 110 for POP3. Select the appropriate service for the Map to Service field, e.g "POP3(110)" for POP3. For the Map to IP value, put in the IP address for the internal server for which you want to provide access to this service, e.g. 192.168.10.24, if that was the IP address for the POP3 server behind the firewall.
9. Click on the OK button.

Once the VIP service is configured, you need to set up a new firewall rule, aka policy, to permit traffic from the outside of the firewall through to the inside for this new service.

To do so, take the following steps:

1. Click on Policies at the left side of the webpage.
2. For the From field, select "Untrust" and select "Trust" for the To field.
3. Click on the New button.
4. On the next webpage, put a name of your choosing in the Name field, e.g. POP3 for a POP3 service. You don't need to change the Source Address, but for the Destination Address, select "VIP(untrust)" from Address Book Entry for the Desinstion Address. For Service, you can select "POP3" for this example.
5. If you want logging turned on for this policy, check Logging.
6. If you want "counting" turned on for this policy, click on the Advanced button and then check the Counting checkbox then click on the OK button.

[/security/firewalls/netscreen] permanent link

# local-host-names - include all aliases for your machine here.
example.com

Then create the local-host-names.db file with makemap hash /etc/mail/local-host-names < /etc/mail/local-host-names . When you restart sendmail, which you can do with /etc/init.d/sendmail restart, sendmail will then accept email for example.com addresses.

Be aware that if you have an account jsmith which previously would receive email addressed to jsmith@someexample.com, that email addressed to jsmith@example.com will now go there as well.

[/network/email/sendmail] permanent link

The steps below can be taken on a Linux system running sendmail to have it send email via a "smart host" server. In essence, instead of the sendmail server sending email directly to other email servers, it transmits all email to another server, the "smart host", which handles the task of transmitting the received email to the recipients' servers.

In /etc/mail/sendmail.mc, look for the following section:

dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #

Remove the dnl from the beginning of the dnl define(`SMART_HOST', `smtp.your.provider')dnl line and replace smtp.your.provider with the smart host you will be using, e.g. mail.example.com.

define(`SMART_HOST', `mail.example.com')dnl

In /etc/mail/access add the following line, substituting the actual SMTP server you will need to use for mail.example.com and your actual username and password on the smart host server for myloginname and mypasswd:

Authinfo:mail.example.com "U:myloginname" "P:mypasswd" "M:Plain"

Then regenerate the /etc/mail/access.db file with makemap hash /etc/mail/access </etc/mail/access. Regenerate /etc/mail/sendmail.cf with m4 /etc/mail/sendmail.mc > /etc/mailsendmail.cf. Then restart sendmail with service sendmail restart or /etc/init.d/sendmail restart.

Once you have taken the above steps, you can send a test message from the system. Sending one to a test email address on another system that will allow you to view the message headers is ideal. At the destination, look at the message headers for the email you sent. You should see it passing through the smart host.

When I sent out a test message after making the changes above, the message didn't reach the destination. I checked the mail queue with mailq and saw the message had not gone out because of an "AUTH failure".

# mailq
                /var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
m43M1HT8032701       31 Sat May  3 18:01 <johnsmith@myserver.com>
                 (Deferred: Temporary AUTH failure)
                                         <melvin@example.com>

I had sendmail attempt to send the queued message immediately and display information on its progress with sendmail -q 0 -v (the -v provides "verbose" information).

# sendmail -q 0 -v

Running /var/spool/mqueue/m43M1HT8032701 (sequence 1 of 1)
... Connecting to smtp.atlanticbb.net. via relay...
220 ECHO Labs SMTP Service - MX01
>>> EHLO myserver.com
250-BL-106 says EHLO to 72.45.13.244:1097
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-AUTH=LOGIN
250 AUTH LOGIN
>>> QUIT
221 BL-106 closing connection
... Deferred: Temporary AUTH failure
Closing connection to smtp.atlanticbb.net.

In this case I was using smtp.atlanticbb.net as the smart host. I could see it supports an AUTH type of "LOGIN", but I didn't see "PLAIN" listed. I edited /etc/mail/access, replacing "M:Plain" with "M:Login".

Authinfo:smtp.atlanticbb.net "U:myloginname" "P:mypasswd" "M:Login"

I then ran makemap hash /etc/mail/access < /etc/mail/access again. Then when I had sendmail process the mail queue immediately again, the message was successfully transmitted.

# sendmail -q 0 -v

Running /var/spool/mqueue/m43M1HT8032701 (sequence 1 of 1)
... Connecting to smtp.atlanticbb.net. via relay...
220 ECHO Labs SMTP Service - MX02
>>> EHLO myserver.com
250-BL-206 says EHLO to 72.45.13.244:2430
250-8BITMIME
250-PIPELINING
250-AUTH=LOGIN
250-AUTH LOGIN
250 ENHANCEDSTATUSCODES
>>> AUTH LOGIN
334 VXNlcm4hcWU6
>>> bW9vbnBvbW40
334 UGFzc2dvdmQ6
>>> MVN0b2A1Njd=
235 Authed. Go on.
>>> MAIL From:
250 MAIL FROM accepted
>>> RCPT To:
>>> DATA
250 Recipient Accepted - Will relay per rbIP
354 continue.  finished with "\r\n.\r\n"
>>> .
250 OK D4/2C-23466-1B9EC184
... Sent (OK D4/2C-23466-1B9EC184)
Closing connection to smtp.atlanticbb.net.
>>> QUIT
221 BL-206 closing connection

[/network/email/sendmail] permanent link

Alpine is available through RPMForge, a repository for Linux packages in the RPM format. To install Alpine, I downloaded the rpmforge-release package from RPMforge/Using and then installed it with rpm.

# rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

That placed two new files, mirrors-rpmforge and rpmforge.repo in /etc/yum.repos.d. I installed the yum-priorities plugin as described in RPMForge Packages and Yum Priorites and set the RPMForge repository to a lower priority than the default CentOS repository.

I installed Alpine with yum install alpine.

1. Alpine E-Mail Client Released -- Don't Call it a Comeback
   By Michael Calore
   December 21, 2007
   Wired Blogs
2. Alpine Messaging System
   University of Washington
3. RPMForge

[/network/email/clients/alpine] permanent link

First, install the yum-priorities package with yum install yum-priorities. This plugin allows repositories to have different priorities. Packages in a repository with a lower priority can't be overridden by packages from a repository with a higher priority even if the repository with the higher priority has a later version of the package. As the Installing RPMForge webpage states you should "Beware that some packages are newer than the official CentOS version and you should not blindly install those packages. Before you replace a CentOS package you should make sure that will not break anything important. In most cases you can revert any mistakes but it is best to avoid the mess." By usng the yum-priorities plugin, you help avoid that problem.

Next verify that yum-priorities is enabled by ensuring that the following lines are present in /etc/yum/pluginconf.d/priorities.conf :

[main]
enabled = 1

The yum repository information is stored in /etc/yum.repos.d.

cd /etc/yum.repos.d
# ls -l
total 16
-rw-r--r-- 1 root root 2049 Nov 22 20:32 CentOS-Base.repo
-rw-r--r-- 1 root root  622 Nov 22 20:32 CentOS-Media.repo

I added priority=1 as the last line in the following sections of CentOS-Base.repo:

[base]
[updates]
[extras]

I added priority=2 as the last line in the [centosplus] section, which now contains the following lines:

[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
priority=2

I installed the rpmforge-release package with rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm, which created two new files mirrors-rpmforge and rpmforge.repo in /etc/yum.repos.d. I edited rpmforge.repo and added priority = 11 at the end of the file.

Repositories with lower priority numbers are considered to have a higher priority than than those with higher numbers. E.g. if repository A has priority=4 associated with it while repository B has priority=5 associated with it, repository A has a higher priority than repository B.

References:

1. Installing RPMForge
   CentOS Wiki
2. yum-plugin-priorities
   CentOS Wiki

[/os/unix/linux/centos] permanent link

1. Inside the document, hit the Ctrl and A keys simultaneously to highlight all of the existing text.
2. Click on "Format" at the top of the Word window.
3. Select "Paragraph".
4. Change the line spacing to "single".
5. Change the "before" and "after" values to "0 pt".
6. Click on "OK".

^*Written for Word 2003

[/os/windows/office/word] permanent link

[/network/cabling] permanent link

[/security/botnets] permanent link