![]() |
![]() |
(sha512
) OpenOffice (.odt)
(sha512
) - Murex Mx.3, Java, UNIX/Linux.
18:11:34 02-Jul-2009 PDT
Embed Plugin#
15:26:00 01-Jul-2009 PDT
LazyGallery Update#
LazyGallery a simple but powerful photo gallery generator has been updated. A major performance problem which slowed down rendering of the gallery via the JSPWiki plugin has been resolved. Also multithreading is now used to speed up the generation of the gallery on multi-core/cpu shared memory systems.
20:00:10 20-Jun-2009 PDT
RealTek 8169 and CentOS#
Linux
sometimes surprises with crappy device drivers. I just hit a case in point, the r8169 module. I put a Netgear
GA311
in a CentOS
5.3 server. The TX throughput is horrible, and RX is only so so.
sometimes surprises with crappy device drivers. I just hit a case in point, the r8169 module. I put a Netgear
GA311
in a CentOS
5.3 server. The TX throughput is horrible, and RX is only so so.
I searched and found the following references:
- ElRepo
- kmod-r8169, latest driver from RealTek packaged.
- CentOS Forum 1
- CentOS Forum 2
- CentOS Forum 3
- RedHat bug
- RHEL Errata
- kernel-2.6.18-128.1.10
- Kernel bug 1
- LKML 1
- LKML 2
No amount of ethtool
tweaks or using alternate drivers has been able to improve the result of this simple test:
iperf -c internal1 -t 20 -r ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ ------------------------------------------------------------ Client connecting to internal1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 5] local 192.168.0.5 port 47586 connected with 192.168.0.4 port 5001 [ ID] Interval Transfer Bandwidth [ 5] 0.0-20.0 sec 1.09 GBytes 468 Mbits/sec [ 4] local 192.168.0.5 port 5001 connected with 192.168.0.4 port 41845 [ ID] Interval Transfer Bandwidth [ 4] 0.0-20.1 sec 463 MBytes 193 Mbits/sec
19:39:33 20-Jun-2009 PDT
Sed One-liner#
Today in #centos, somebody asked for help coming up with a sed
one-liner
that would append to their kernel lines in grub.conf. This could be done handily thanks to sed's regex back references
:
one-liner
that would append to their kernel lines in grub.conf. This could be done handily thanks to sed's regex back references
:
echo "kernel rhgb" | sed 's/\(.*kernel.*\)/\1 console/'
21:27:28 13-Jun-2009 PDT
Truth Is Stranger#
A few weeks ago in Toronto I snapped this picture. Working in IT, I found this humorous.
![]() |
05:10:30 11-Jun-2009 PDT
Prevent SMTP Back Scatter With Sendmail, MIMEDefang and LDAP#
Yesterday I implemented a filter_recipient function for MIMEDefang
to prevent back scatter
. As my mail system relies on LMTP
to deliver mail to an IMAP
server
, it is not able to verify that the recipient mailbox exists before the message is accepted by the SMTP
MTA. A filter_recipient function in the MIMEDefang milter
allows for verifying recipients before accepting the message from the sender. The implementation is a bit tricky, because it must be able to verify the recipient is valid using the same lookups as the MTA
uses. For my system, that includes virtual users and aliases stored in an LDAP
directory.
to prevent back scatter
. As my mail system relies on LMTP
to deliver mail to an IMAP
server
, it is not able to verify that the recipient mailbox exists before the message is accepted by the SMTP
MTA. A filter_recipient function in the MIMEDefang milter
allows for verifying recipients before accepting the message from the sender. The implementation is a bit tricky, because it must be able to verify the recipient is valid using the same lookups as the MTA
uses. For my system, that includes virtual users and aliases stored in an LDAP
directory.
Here is the code:
########################## begin filter_recipient ##############################
# In order to prevent "back scatter" resulting from forged "MAIL FROM:" values
# lookup the user in the LDAP directory after SMTP "RCPT TO:" command.
#
# http://www.backscatterer.org/?target=backscatter
# http://ldap.perl.org/
# > yum install -y perl-LDAP perl-Email-Address
# Note, using the EPEL repository with CentOS for these...
sub filter_recipient {
# for SMTP AUTHenticated connections, skip it!
if (is_authenticated()) {
return ('CONTINUE',"OK");
}
use Net::LDAP;
use Email::Address;
my $ldap_host = "localhost";
my $ldap_port = 389;
my $ldap_base_dn = "dc=example,dc=com";
my $ldap_bind_dn = "uid=frankenstein,ou=Robots," . $ldap_base_dn;
my $ldap_bind_pw = "bagels";
# FIXME: setup LDAP connection pool and get connection from pool
my $ldap = new Net::LDAP($ldap_host, port=> $ldap_port);
$ldap->bind($ldap_bind_dn, password=> $ldap_bind_pw);
# the 9 arguments provided by mimedefang:
my ($recipient, $sender, $ip, $hostname, $first, $helo,
$rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;
# Normalize the e-mail address of the recipient to just
# user@domain.tld.
my @emailaddress = Email::Address->parse($recipient);
md_syslog('info', "checking recipient: @emailaddress[0]");
my $default_domain="example.com";
my @address = split('\@', @emailaddress[0]);
my $plususername = @address[0];
# FIXME: Strip out any "+" address for now.
my @plusaddress = split('\+', $plususername);
my $username = @plusaddress[0];
my $domain = @address[1];
# If recipients domain is the default_domain, lookup up by UID first, then
# check aliases.
my $is_valid = 1;
if ($default_domain eq $domain) {
my @attrs = ["uid"];
my $mesg = $ldap->search(
base => "ou=People," . $ldap_base_dn,
filter => "(&(objectClass=inetOrgPerson)(uid=$username))",
attrs => @attrs,
scope => "one"
);
if ($mesg->count() == 0) {
my @attrs = ["sendmailMTAAliasValue"];
my $mesg = $ldap->search(
base => "sendmailMTAAliasGrouping=aliases,sendmailMTACluster=Servers,ou=Sendmail," . $ldap_base_dn,
filter => "(&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=$username))",
attrs => @attrs,
scope => "one"
);
if ($mesg->count() == 0) {
$is_valid=0;
}
}
} else {
# If the domain is not the default domain, check the virtuser table.
my @attrs = ["sendmailMTAMapValue"];
my $mesg = $ldap->search(
base => "sendmailMTAMapName=virtuser,sendmailMTACluster=Servers,ou=Sendmail," . $ldap_base_dn,
filter => "(&(sendmailMTAKey=$username\@$domain)(objectClass=sendmailMTAMapObject))",
attrs => @attrs,
scope => "one"
);
if ($mesg->count() == 0) {
$is_valid=0;
}
}
$ldap->unbind();
# Default action
my $action = 'CONTINUE';
my $message = "OK";
# If the address/user is not found, REJECT
if ($is_valid == 0) {
$action = 'REJECT';
$message= "Be gone foul odors!";
}
return ($action, $message);
}
########################### end filter_recipient ##############################
Changes Today#
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
pdf |
ebondtrade.pdf | 42.2 kB | 1 | 16:27:18 06-Mar-2006 PST | scott | |
png |
tinylock.png | 0.2 kB | 1 | 22:47:50 22-Sep-2006 PDT | scott |




