The Linux Page

Made to Order Software

Made to Order Software is my company. m2osw for short. We offer many different types of software including some for Drupal (the CMS used for this very site.)

How to find fail2ban errors when logs/errors don't make it anywhere?

Today I noticed that my fail2ban wasn't running.

Looking into it, I could see that an error was happening on startup. This pretty much always mean that something's wrong in the configuration files.

sudo systemctl start fail2ban
Job for fail2ban.service failed because the control process exited with error code.
See "systemctl status fail2ban.service" and "journalctl -xe" for details.

However, somehow, systemd would not show me the error with the status or checking the journal and it would not write anything to the /var/log/fail2ban.log file which stayed ...

Why are hotmail.com emails blocked by postgrey even though it is whitelisted?

Lately, I received emails from a customer something like 12 hours later...

So I checked closer and could see that the email was from hotmail.com.

Great.

On the server, I edited my whitelist to see what was going on:

vim /etc/postgrey/whitelist_clients.local

Searching the list I could see hotmail.com, so why is it that it gets bounced with a 450 by Postgrey if it is whitelisted?

Looking closer at the logs left behind by Postgrey, I found this line:

Apr 23 06:33:34 m2osw postgrey[1742]: action=greylist,
      reason=new,
      client_name=<secret>.outlook.com,
      ...

List ciphers currently used by Apache2

If you are using Apache and e-Commerce, you probably want to know all the details of the ciphers used by the Apache SSL module.

So listing Apache supported ciphers is done using nmap as follow:

nmap --script ssl-cert,ssl-enum-ciphers -p 443 secure.m2osw.com

This call gives you a complete list of all the ciphers currently accepted by your running version of Apache. For example, the list may look like this:

| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       ...

Why would Redirect and RedirectMatch in Apache2 not work?

As we are working on a new website, we had a problem where a redirect would not work. I tried both: a simple Redirect and a RedirectMatch as follow:

Redirect / http://finball.m2osw.com/
RedirectMatch permanent ^(.*)$ http://finball.m2osw.com$1

Both of these entries would not work at all.

I verified, to make sure, that the alias module was turned on. It was.

ls -l /var/apache2/mods-enabled

This did list the alias.conf and alias.load entries as expected.

So? What else?

Well... This was installed on a new server and we left the default entry in there:

ls -l ...

Apache log says: client denied by server configuration

I work with Apache a lot. It is a really good web server that has many options and features. Unfortunately, maybe it has too many of them!

I ran in a problem where a notification from one server to another would fail with the following error:

[Fri Oct 11 19:43:50 2013] [error] [client 162.226.130.121] client denied by server configuration: <path to file>

Looking at the error, I was first thinking that my script was generating the error. The fact is that my script does not generate error 403. It has a 400 and 500 but not 403.

So looking at the error I thought, maybe that's an ...

Sep 27 00:58:42 halk postfix/error[16751]: 628254C02F0: to=<mo_fax@m2osw.com>, relay=none, delay=1.8, delays=0.06/1.6/0/0.14, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.m2osw.com[69.55.231.156]:25: Connection timed out)

My syslog was filled up with errors such as this one:

    Sep 27 00:58:42 halk postfix/error[16751]: 628254C02F0: to=<mo_fax@m2osw.com>,
    relay=none, delay=1.8, delays=0.06/1.6/0/0.14, dsn=4.4.1, status=deferred
    (delivery temporarily suspended: connect to mail.m2osw.com[69.55.231.156]:25:
    Connection timed out)

I've been wordering for a while, since I can use Thunderbird with a direct connection to my server, I was not too concerned, but tonight I really needed to support those emails because I have work to do that requires it.

Got NVG510 to setup?
Hacking my ...

Postfix says it does not allow relaying?!

As we are upgrading our server to jump from version 12.04 to 13.04, we encounter a few problems.

Two with Postfix, first the Postgrey port has changed. It was 60000 before, now it is 10023. Don't ask me... Anyway, that was the easy one.

The other problem was a relay error. I could send emails all I wanted, but not my partner who does not show his server as part of our Made to Order Software Corp. network. Relay is why a computer allows emails from server X to be sent to server Y through server Z. You are server Z, that's the relay.

The fact is that if you can log in your account on ...

WordPress user "nicename" and spaces

Today I noticed that I had quite a few 404 errors on one of my websites. That one uses Wordpress that I got from someone else. Because I wanted to include a blog, I had to change the login name and Wordpress does not allow you to do that by default.

So to change the login and password, I directly edited the database makeing user 1 me, essentially.

I replaced the user_login and user_nicename with my own name. This worked just fine. At least at first it looked like everything was working right. Then I noticed that the author link had my name in it. The one with the space. Something like ...

Comment spam attack from 109.230.213.100

Network connections

This morning I was attacked by a robot. I quickly noticed that my websites were slow and saw a pretty large amount of traffic on port 80: 208 connections!

tcp        0      0 192.168.1.1:80          109.230.213.100:65413   ESTABLISHED
tcp      441      0 192.168.1.1:80          109.230.213.100:65445   ESTABLISHED
tcp        0      0 192.168.1.1:80          109.230.213.100:65071   TIME_WAIT 
tcp        0      0 192.168.1.1:80          109.230.213.100:65279   TIME_WAIT 
tcp      497      0 192.168.1.1:80          109.230.213.100:49326   ESTABLISHED
tcp ...

The certificate is not trusted because it is self signed.

Connection problem with Shredder

Today I got a little surprised by Shredder (the base used to build Thunderbird.)

Somehow, the certificates for my mail server had reached maturation (i.e. it was showing an end date as of today.)

On each connection to the server I would get the following error:

<name>: uses an invalid security certificate
The certificate is not trusted because it is self signed.
(Error code: sec_error_ca_cert_invalid)

Interestingly enough, I search on this error and mainly found things about FireFox and SeaMonkey instead of Thunderbird (and nothing about

Syndicate content Syndicate content

SMS From Me Logo

SMS From Me

To automatically start one on one conversations with your online leads.

     

   

Terms of Site Index

Find the page/content you are looking for with our index.

  • Apache
    Apache is the most well known Open Source Web Server.
  • FIFO
    First In, First Out--This is another way to speak of a pipe or ring buffer. On one side, there is a generator that pushes data in and on the other side you have another program that reads the data sent by the generator. The data comes out in the same order it was pushed in. Usually the data are bytes, but it should be a short, long or even a complete event or object.
  • Javascript
  • install
  • syntax