Chronophage.net Blog

Postfix is surprisingly flexible. When I initially set it up two years ago, I set it up to reference a database, but I had a flaw in my logic. Basically, Postfix had no idea if a domain was marked active or inactive in the database. All it knew was whether a domain was in the database or not. Postfix has a default query, that looks for key information. However, you can supercede it in your config files. So I simply commented out the old variables that it passed to the default query, and wrote a new one:

user = DB_USER
password = supersecretpassword
hosts = 127.0.0.1
dbname = DB_NAME
table = domain
#select_field = domain < -- old version, commented out
#where_field = domain <-- old version, commented out
#New Query:
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = false and active = true

Yes, I have backupmx enabled, even though that’s a titanically bad idea, and I would never use it. Why is it a bad idea to fuction as a Backup MX server? Because spammers don’t play by the RFCs and often send spam to lower weighted MX records in an attempt to bypass spam protection.

But I never know what people may ask for in the future.

This is a live and learn moment. When I did my last update, I had a lot of old libraries hanging around. I thought that portupgrade would recompile all of my ports, but it didn’t. Most had been recompiled in the interim as I had been upgrading, but Apache, well, Apache upgrades are hardly for the weak. So, when I deleted a bunch of crud laying around. I broke SUEXEC. SUEXEC is what allows scripts to be executed under my various users’ home directories. Well, a recompile and reinstall, and things are working much much faster. Always fix your architecture kids.

I’m trying to figure out how syslogd works. Just when you think you have things figured out…

Say what you want about Kaminsky. I mean, the man is crazy. However, being on call when your employer, a regional ISP, reboots both the primary and secondary DNS servers, makes you appreciate how important DNS is in the grand scheme of internet things. Granted, his attack is fairly novel, but yeah… I’m glad ISC makes updating BIND nice and easy.

So, I discovered that .org is signed. Unfortunately, I discovered this the hard way. I think there’s a DNSSEC bug in the version of BIND that I’m running. So time to update world on Calypso. Wee!

*UPDATE*

I upgraded to BIND 9.6.0 and all appears to be well.
I followed these instructions: http://closedsrc.org/_static/dn-articles/bind9.html
and overwrote the base install. I like to live dangerously…after testing it on one or two test machines.

Jabber is…touchy. There is no margin for error.

It makes sense, as jabber seems to be a consortium of various modules that communicate via streams. It is, in a sense, a true UNIX application; each module does one thing, and passes the data on. However, since it’s such multifaceted app, it handles errors in a very simple way: One error tears down the whole system.

I set up Jabberd2 with three goals:

1) Database Backend.

2) Multi-domain support.

3) Conferencing.

Goal 1 was rather easy, just follow the config file. Goal 2 was considerably more challenging, XML is not a friendly format to the unfamiliar eye, and I had a few typos. Goal 3 was the most challenging, as getting yet another module working increased the failure chance exponentially.

I have not gotten Jabberd to log proplerly. It just seems to ignore whatever log method I set up. So, while troubleshooting, I had manually run the daemon (as the jabber user, hurray sudo -u) and try to deciphy the cryptic XML messages as the scrolled rapidly by. I think I have it sorted out, aside from logging.

I wish I had seen http://www.jms1.net/jabberd2/ when I first started. That guide has proven invaluable.

So I needed a quick script to query a billing database for DSL users. The user names, of course where horribly inconsistent. I had to use a program that executed a query of the database, as I didn’t have access to the actual database. Oh, and I didn’t know any Perl at the time.

Now, I have a bad habit when writing code for myself, to use ambiguous variable names, and strange loop structures, and no comments. See if you can figure out what’s going on.

Oh, I vow never to write code like this again.

#!/bin/bash

echo Audit run on $( date )
echo Audit run on $( date ) > notinbilldb.txt
echo
echo

for i in $( cat radiusdump.txt | awk '{print $1}' ); do
 	t2=""
	t2=$( echo $i | sed -e 's/\@.*$//;' | cut -f1 -d . )
	t1=$( billdb -s $t2 | grep DSL | awk '{print $3}' | sed -e 's/\.dsl//; s/^dsl//;s/\@.*$//;' )
  	t3="0"
	t4="0"
	t5="0"
	t6=""

	if [ "$t1" = "" ]; then
		t1=$( billdb -s $i | grep Email | awk '{print $3}' | sed -e 's/\@.*$//;' )
		t5="1"
	fi

	if [ "$t1" = "" ]; then
		echo $i is not in billdb.
		echo $i is not in billdb. >> notinbilldb.txt
		t4="1"
	fi
	p=$( echo $i | sed -e 's/\.dsl//; s/^dsl//;s/\@.*$//;' )
	k=""

	for k in $( echo $t1 ); do
		if [ "$p" = "$k" ]; then
			if [ "$t5" = "1" ]; then
				t6=", but only in email"
			fi
			echo $i matched $k in billdb$t6.

			t3="1"
	 	fi
	done
	if [ "$t4" = "$t3" ]; then
		echo $i is really not in billdb but was close to $t1.
        	echo $i is really not in billdb but was close to $t1. >> notinbilldb.txt
	fi
	echo --------------------------------
	echo
done
echo
echo Audit completed $( date )
echo

From