I am exploring ways to use Facebook.

To go along with my first video posted to YouTube I created the Embed plugin for JSPWiki.

LazyGallery a simple but powerful photo gallery generator has been updated. A major performance problem which slowed down rendering of the gallery via the JSPWiki plugin has been resolved. Also multithreading is now used to speed up the generation of the gallery on multi-core/cpu shared memory systems.

Linux sometimes surprises with crappy device drivers. I just hit a case in point, the r8169 module. I put a Netgear GA311 in a CentOS 5.3 server. The TX throughput is horrible, and RX is only so so.

I searched and found the following references:

• ElRepo - kmod-r8169, latest driver from RealTek packaged.
• CentOS Forum 1
• CentOS Forum 2
• CentOS Forum 3
• RedHat bug
• RHEL Errata - kernel-2.6.18-128.1.10
• Kernel bug 1
• LKML 1
• LKML 2

No amount of ethtool tweaks or using alternate drivers has been able to improve the result of this simple test:

iperf -c internal1  -t 20 -r
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Client connecting to internal1, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  5] local 192.168.0.5 port 47586 connected with 192.168.0.4 port 5001
[ ID] Interval       Transfer     Bandwidth
[  5]  0.0-20.0 sec  1.09 GBytes    468 Mbits/sec
[  4] local 192.168.0.5 port 5001 connected with 192.168.0.4 port 41845
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-20.1 sec    463 MBytes    193 Mbits/sec

Today in #centos, somebody asked for help coming up with a sed one-liner that would append to their kernel lines in grub.conf. This could be done handily thanks to sed's regex back references:

echo "kernel rhgb" | sed 's/\(.*kernel.*\)/\1 console/'

A few weeks ago in Toronto I snapped this picture. Working in IT, I found this humorous.

Yesterday I implemented a filter_recipient function for MIMEDefang to prevent back scatter. As my mail system relies on LMTP to deliver mail to an IMAP server, it is not able to verify that the recipient mailbox exists before the message is accepted by the SMTP MTA. A filter_recipient function in the MIMEDefang milter allows for verifying recipients before accepting the message from the sender. The implementation is a bit tricky, because it must be able to verify the recipient is valid using the same lookups as the MTA uses. For my system, that includes virtual users and aliases stored in an LDAP directory.

Here is the code:

########################## begin filter_recipient ##############################
# In order to prevent "back scatter" resulting from forged "MAIL FROM:" values
# lookup the user in the LDAP directory after SMTP "RCPT TO:" command.
#
# http://www.backscatterer.org/?target=backscatter
# http://ldap.perl.org/
# > yum install -y perl-LDAP perl-Email-Address
# Note, using the EPEL repository with CentOS for these...

sub filter_recipient {
  # for SMTP AUTHenticated connections, skip it!
  if (is_authenticated()) {
    return ('CONTINUE',"OK");
  }

  use Net::LDAP;
  use Email::Address;
  my $ldap_host = "localhost";
  my $ldap_port = 389;
  my $ldap_base_dn = "dc=example,dc=com";
  my $ldap_bind_dn = "uid=frankenstein,ou=Robots," . $ldap_base_dn;
  my $ldap_bind_pw = "bagels";
  
  # FIXME: setup LDAP connection pool and get connection from pool
  my $ldap = new Net::LDAP($ldap_host, port=> $ldap_port);
  $ldap->bind($ldap_bind_dn, password=> $ldap_bind_pw);

  # the 9 arguments provided by mimedefang:
  my ($recipient, $sender, $ip, $hostname, $first, $helo,
      $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;
  # Normalize the e-mail address of the recipient to just
  # user@domain.tld.
  my @emailaddress = Email::Address->parse($recipient);
  md_syslog('info', "checking recipient: @emailaddress[0]");

  my $default_domain="example.com";
  my @address = split('\@', @emailaddress[0]);
  my $plususername = @address[0];
  # FIXME: Strip out any "+" address for now.
  my @plusaddress = split('\+', $plususername); 
  my $username = @plusaddress[0];
  my $domain = @address[1];

  # If recipients domain is the default_domain, lookup up by UID first, then
  # check aliases.
  my $is_valid = 1;
  if ($default_domain eq $domain) {
    my @attrs = ["uid"];
    my $mesg = $ldap->search(
      base   => "ou=People," . $ldap_base_dn,
      filter => "(&(objectClass=inetOrgPerson)(uid=$username))",
      attrs  => @attrs,
      scope  => "one"
      );
    if ($mesg->count() == 0) {
      my @attrs = ["sendmailMTAAliasValue"];
      my $mesg = $ldap->search(
        base   => "sendmailMTAAliasGrouping=aliases,sendmailMTACluster=Servers,ou=Sendmail," . $ldap_base_dn,
        filter => "(&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=$username))",
        attrs  => @attrs,
        scope  => "one"
        );
      if ($mesg->count() == 0) {
        $is_valid=0;
      }
    } 
  } else {
    # If the domain is not the default domain, check the virtuser table.
    my @attrs = ["sendmailMTAMapValue"];
    my $mesg = $ldap->search(
      base   => "sendmailMTAMapName=virtuser,sendmailMTACluster=Servers,ou=Sendmail," . $ldap_base_dn,
      filter => "(&(sendmailMTAKey=$username\@$domain)(objectClass=sendmailMTAMapObject))",
      attrs  => @attrs,
      scope  => "one"
      );
    if ($mesg->count() == 0) { 
      $is_valid=0;
    }
  }

  $ldap->unbind();

  # Default action
  my $action = 'CONTINUE';
  my $message = "OK";

  # If the address/user is not found, REJECT
  if ($is_valid == 0) {
    $action = 'REJECT';
    $message= "Be gone foul odors!";
  }

  return ($action, $message);
}
########################### end filter_recipient ##############################

Hope this isn't true...