Nix World

blog

Archive for March, 2011

What is the Oracle voting disk used for?

March 27th, 2011

A voting disk is a backup communications mechanism that allows CSS daemons to negotiate which subcluster will survive. These voting disks keep a status of who is currently alive and counts votes in case of a cluster reconfiguration. It works as follows:

a) Ensures that you cannot join the cluster if you cannot access the voting disk(s)

b) Leave the cluster if you cannot communicate with it (to ensure we do not have abberant nodes)

c) Should multiple subclusters form, it will only allow one to continue. It prefers a greater number
of nodes, and secondly the node with the lowest incarnation number.

d) Is kept redundant by Oracle in 10gR2 (you need to access a majority of existing voting disks)
Thus always at most only one subcluster will continue and a split brain will be avoided.

View Comments »

Posted in Oracle

Tags: oracle 11g r1 oracle cluster oracle voting disk voting disk voting disk in oracle

How do I configure raw devices in order to install 10g Clusterware on RHEL5 or OEL5?

March 27th, 2011

The raw devices OS support scripts like /etc/sysconfig/rawdevices are not shipped on RHEL5 or OEL5, this is because raw devices are being deprecated on Linux. This means that in order to install 10g Clusterware you’d have to manually bind the raw devices to the block devices for the OCR and voting disks so that the 10g installer will proceed without error.
Refer to Note 465001.1 for exact details on how to do the above. 11g Clusterware doesn’t require this configuration since the installer can handle block devices directly.

Configuring the “hangcheck-timer” Kernel Module

Oracle uses the Linux kernel module hangcheck-timer to monitor the system health of the cluster and to reset a RAC node in case of failures. The hangcheck-timer module uses a kernel-based timer to periodically check the system task scheduler. This timer resets the node when the system hangs or pauses. This module uses the Time Stamp Counter (TSC) CPU register which is a counter that is incremented at each clock signal.

The hangcheck-timer module comes now with the kernel:
find /lib/modules -name “hangcheck-timer.o”

The hangcheck-timer module has the following two parameters:
hangcheck_tick

This parameter defines the period of time between checks of system health.
The default value is 60 seconds. Oracle recommends to set it to 30 seconds.
hangcheck_margin

This parameter defines the maximum hang delay that should be tolerated before
hangcheck-timer resets the RAC node. It defines the margin of error in seconds.
The default value is 180 seconds. Oracle recommends setting it to 180 seconds.

These two parameters indicate how long a RAC node must hang before the hangcheck-timer module will reset the system. A node reset will occur when the following is true:
system hang time > (hangcheck_tick + hangcheck_margin)

To load the module with the right parameter settings, make entries to the /etc/modules.conf file. To do that, add the following line to the /etc/modules.conf file:
# su – root
# echo “options hangcheck-timer hangcheck_tick=30 hangcheck_margin=180″ >> /etc/modules.conf
Now you can run modprobe to load the module with the configured parameters in /etc/modules.conf:
# su – root
# modprobe hangcheck-timer
# grep Hangcheck /var/log/messages |tail -2
Jul 5 00:46:09 rac1pub kernel: Hangcheck: starting hangcheck timer 0.8.0 (tick is 180 seconds, margin is 60 seconds).
Jul 5 00:46:09 rac1pub kernel: Hangcheck: Using TSC.
#

Note: To ensure the hangcheck-timer module is loaded after each reboot, add the modprobe command to the /etc/rc.local file.

What are the IP requirements for the private interconnect?
The install guide will tell you the following requirements private IP address must satisfy the following requirements:

1. Must be separate from the public network
2. Must be accessible on the same network interface on each node
3. Must have a unique address on each node
4. Must be specified in the /etc/hosts file on each node
The Best Pratices recommendation is to use the TCP/IP standard for non-routeable networks. Reserved address ranges for private (non-routed) use (see TCP/IP RFC 1918):
* 10.0.0.0 -> 10.255.255.255
* 172.16.0.0 -> 172.31.255.255
* 192.168.0.0 -> 192.168.255.255

View Comments »

Posted in Oracle

Tags: How do I configure raw devices in order to install 10g Clusterware on RHEL5 or OEL5? install 10g Clusterware on RHEL5 or OEL5 oracle 10g

Is the hangcheck timer still needed with Oracle RAC 10g and 11g?

March 27th, 2011

YES! The hangcheck-timer module monitors the Linux kernel for extended operating system hangs that could affect the reliability of the RAC node ( I/O fencing) and cause database corruption. To verify the hangcheck-timer module is running on every node:
as root user:

/sbin/lsmod | grep hangcheck

If the hangcheck-timer module is not listed enter the following command as the root user:

9i: /sbin/insmod hangcheck-timer hangcheck_tick=30 hangcheck_margin=180 hangcheck_reboot=1

10g & 11g: /sbin/insmod hangcheck-timer hangcheck_tick=1 hangcheck_margin=10 hangcheck_reboot=1
To ensure the module is loaded every time the system reboots, verify that the local system startup file (/etc/rc.d/rc.local) contains the command above.

insmod – install loadable kernel module ( Redhat Linux)

View Comments »

Posted in Oracle

Tags: Is the hangcheck timer still needed with Oracle RAC 10g and 11g? oracle 10g Oracle 11g Oracle RAC 10g and 11g

Disk i/o & Performance Tuning Benchmarking Tool

March 25th, 2011

Disk i/o & Performance Tuning Benchmarking Tool

Dstat is a flexible replacement for vmstat, iostat, netstat and ifstat. Dstat overcomes some of their limitations and adds some extra features. Dstat is handy for monitoring systems during performance tuning tests, disk i/o, benchmarks or troubleshooting.

Dstat allows you to view all of your system resources in real-time, you can eg. compare disk utilization in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval).

Dstat gives you detailed selective information in columns and clearly indicates in what degree and unit the output is displayed. And most importantly, it makes it very easy to write plugins to collect your own counters and extend in ways you never expected.

Features

* Combines vmstat, iostat, ifstat, netstat information and more
* Shows stats in exactly the same timeframe
* Enable/order counters as they make most sense during analysis/troubleshooting
* Modular design
* Written in python so easily extendable for the task at hand
* Easy to extend, add your own counters (please contribute those)
* Includes many external plugins to show how easy it is to add counters
* Can summarize grouped block/network devices and give total numbers
* Can show interrupts per device
* Very accurate timeframes, no timeshifts when system is stressed
* Shows exact units and limits conversion mistakes
* Indicate different units with different colors
* Show intermediate results when delay > 1
* Allows to export CSV output, which can be imported in Gnumeric and Excel to make graphs

Here are the existing plugins

[server@manoj ~]# dstat –list
internal:
aio, cpu, cpu24, disk, disk24, disk24old, epoch, fs, int, int24, io, ipc, load, lock,
mem, net, page, page24, proc, raw, socket, swap, swapold, sys, tcp, time, udp, unix,
vm
/usr/share/dstat:
battery, battery-remain, cpufreq, dbus, disk-recsize, disk-tps, disk-util, dstat,
dstat-cpu, dstat-ctxt, dstat-mem, fan, freespace, gpfs, gpfs-ops, helloworld,
innodb-buffer, innodb-io, innodb-ops, lustre, mem-adv, memcache-hits, mysql-io,
mysql-keys, mysql5-cmds, mysql5-conn, mysql5-io, mysql5-keys, net-packets, nfs3,
nfs3-ops, nfsd3, nfsd3-ops, ntp, pcap-ssh, postfix, power, proc-count, proc-count2,
proc-count3, qmail, rpc, rpcd, sendmail, snooze, squid, test, thermal, top-bio,
top-bio-adv, top-childwait, top-cpu, top-cpu-adv, top-cpu2, top-cpu3, top-cputime,
top-cputime-avg, top-int, top-io, top-io-adv, top-latency, top-latency-avg, top-mem,
top-oom, top-tcp-ports, utmp, vm-memctl, vmk-hba, vmk-int, vmk-nic, vz-cpu, vz-io,
vz-ubc, wifi

You can see the detailed dstat – Linux man page http://dag.wieers.com/home-made/dstat/dstat.1.html and http://linux.die.net/man/1/dstat

[server@manoj ~]# dstat

—-total-cpu-usage—- -dsk/total- -net/total- —paging– —system–

usr sys idl wai hiq siq| read writ| recv send| in out | int csw

5 0 93 0 0 0| 154k 84k| 0 0 | 0 0 |1081 1116

13 0 87 0 0 0| 0 0 | 0 0 | 0 0 |1036 696

8 0 92 0 1 0| 0 8192B| 0 0 | 0 0 |1073 936

0 0 99 0 0 1| 0 0 | 0 0 | 0 0 |1072 940

1 1 97 0 2 0| 0 0 | 0 0 | 0 0 |1252 1727

1 1 98 0 1 0| 0 0 | 0 0 | 0 0 |1126 1191

1 0 99 0 0 0| 0 0 | 0 0 | 0 0 |1045 908

0 0 99 0 0 0| 0 44k| 0 0 | 0 0 |1051 904

1 1 99 0 0 0| 0 0 | 0 0 | 0 0 |1036 850

1 0 100 0 0 0| 0 0 | 0 0 | 0 0 |1029 757

View Comments »

Posted in CentOS, FileSystem, Linux

Tags: benchmarks or troubleshooting. disk i/o Disk i/o & Performance Tuning Disk i/o & Performance Tuning Benchmarking Tool iostat netstat and ifstat. Dstat vmstat

Domain Catchall in postfix

March 23rd, 2011

Hi,

If you want to set up an account “user@abc.org” to catch all any mail not delivered to existing users in the domain “abc.org”, you can configure the account as a domain catchall.

If the users “admin@abc.org”, “webmaster@abc.org”, and “nobody@abc.org” don’t exist, and mail arrives for them, it will be delivered to the catchall account “user@abc.org”. This will increase the amount of spam delivered, and can lead to being blacklisted.

[root@map007]# su – zimbra
[zimbra@map007]$ zmprov modifyAccount user@abc.org zimbraMailCatchAllAddress @abc.org

To remove the catchall from an email account, unset the catchall address:

[root@map007]# su – zimbra

[zimbra@map007]$ zmprov modifyAccount user@abc.org zimbraMailCatchallAddress “”

View Comments »

Posted in Linux

Tags: Domain Catchall in postfix postfix

Monitoring Incoming & outgoing mails

March 23rd, 2011

Postfix V2.1 supports a “sender_bcc_maps” and “recipient_bcc_maps” functions.
If you are using postfix then use following steps :-

[root@map007]# vi /etc/postfix/main.cf

Add following line to get a bcc copy to your email id when some one send a mail :-

sender_bcc_maps = hash:/etc/sender_bcc

Add following line to get a bcc copy to your email id when some one receive a mail :-

recipient_bcc_maps = hash:/etc/recipient_bcc

Now create these two files under etc/ directory.

[root@map007]# touch /etc/sender_bcc

[root@map007]# touch /etc/recipient_bcc

Edit these files and add entry like this :-

support@linuxsurgeon.org admin@linuxsurgeon.org

After this I will get in/out mail’s copy of support email account to admin email id.

Now run following commands :-

[root@map007]# postmap /etc/sender_bcc

[root@map007]# postmap /etc/recipient_bcc

[root@map007]# /etc/init.d/postfix restart

=========================================================================

If you are using Zimbra then use following steps :-

[root@map007]# vi /opt/zimbra/postfix/conf/main.cf

Add following line to get a bcc copy to your email id when some one send a mail :-

sender_bcc_maps = hash:/etc/sender_bcc

Add following line to get a bcc copy to your email id when some one receive a mail :-

recipient_bcc_maps = hash:/etc/recipient_bcc

Now create these two files under etc/ directory.

[root@map007]# touch /etc/sender_bcc

[root@map007]# touch /etc/recipient_bcc

Edit these files and add entry like this :-

support@linuxsurgeon.org admin@linuxsurgeon.org

After this I will get in/out mail’s copy of support email account to admin email id.

Now run following commands :-

[root@map007]# cd /opt/zimbra/postfix/sbin

[root@map007]# ./postmap /etc/sender_bcc

[root@map007]# ./postmap /etc/recipient_bcc

[root@map007]# ./postfix reload

=========================================================================

View Comments »

Posted in Mail Servers

Tags: Monitoring Incoming & outgoing mails postfix

Zero-Downtime Restarts of backend servers with HAProxy

March 20th, 2011

Zero-Downtime with HAProxy

Putting up a maintenance page while you are doing an update and restarting your application servers is good practice, but it definitely hurts the user experience. setup a html page and check url – e.g. /haproxy_check.html. It will check the haproxy_check.html every 2 seconds and check the string OK inside the the htmp page if found which mean web server and if not it means web server is not responding so it mark it down and start sending the traffic of that node to another active node. Once the down server up it will start sending the new traffic to this node.

Another way of doing the same thing: Zero-Downtime Restarts with HAProxy

Example of Backends

backend web_servers
balance hdr(host)
option httpchk GET /haproxy_check.html
http-check expect rstring OK
stats enable
server WEB1 127.0.0.1:80 maxconn 2 check inter 2000
server WEB2 127.0.0.1:8080 maxconn 2 check inter 2000

Balance with hdr

We use this option because we want to send all same type of request to one server or backend and will do the load balancing only when the that server or backend is not responding.

About balance hdr algorithm

The HTTP header <name> will be looked up in each HTTP request.Just as with the equivalent ACL ‘hdr()’ function, the header name in parenthesis is not case sensitive. If the header is absent or if it does not contain any value, the roundrobin algorithm is applied instead.

An optional ‘use_domain_only’ parameter is available, for reducing the hash algorithm to the main domain part with some specific headers such as ‘Host’. For instance, in the Host value “haproxy.manoj.com”, only “WEB1″ will be considered.

This algorithm is static by default, which means that changing a server’s weight on the fly will have no effect, but this can be changed using “hash-type”.

View Comments »

Posted in Haproxy

Tags: Haproxy Zero-Downtime HAProxy Zero-Downtime in haproxy Zero-Downtime Restarts of backend servers with HAProxy

Using pipe in Varnish

March 15th, 2011

Using pipe

In most cases, the pipe action is not used for anything. However, if you want to stream objects, particularly large ones like videos, big zip files, you can use pipe. Using pipe means Varnish stops inspecting each request and just shuffles bytes to the backend. This can lead to multiple failure modes, from sending requests to the wrong backend to exposing your backend directly to clients. It also means only the first request gets the X-Forwarded-For header added.

To work around this, you should make sure we close the backend connection after the first request.

sub vcl_pipe {
set bereq.http.connection = “close”;
}

View Comments »

Posted in Varnish

Tags: handle large objects in varnish handling large files using varnish pipe in varnish use of pipe in varnish Using pipe in Varnish

Some examples of using LINUX/UNIX find command

March 13th, 2011

Introduction

The find command allows the Linux/Unix users to process a set of files and/or directories in a file subtree.

You can specify the following:

* where to search (pathname)
* what type of file to search for (-type: directories, data files, links)
* how to process the files (-exec: run a process against a selected file)
* the name of the file(s) (-name)
* perform logical operations on selections (-o and -a)

Search for file with a specific name in a set of files (-name)

find . -name “manoj.conf” -print

This command will search in the current directory and all sub directories for a file named manoj.conf.

Note: The -print option will print out the path of any file that is found with that name. In general -print wil print out the path of any file that meets the find criteria.

How to apply a unix command to a set of file (-exec).

find . -name “manoj.conf” -exec chmod o+r ‘{}’ \;

This command will search in the current directory and all sub directories. All files named manoj.conf will be processed by the chmod -o+r command. The argument ‘{}’ inserts each found file into the chmod command line. The \; argument indicates the exec command line has ended.

The end results of this command is all manoj.conf files have the other permissions set to read access (if the operator is the owner of the file).

How to apply a complex selection of files (-o and -a).

find /usr/src -not $ -name “*,v” -o -name “.*,v” $ ‘{}’ \; -print

This command will search in the /usr/src directory and all sub directories. All files that are of the form ‘*,v’ and ‘.*,v’ are excluded. Important arguments to note are:

* -not means the negation of the expression that follows
* $ means the start of a complex expression.
* $ means the end of a complex expression.
* -o means a logical or of a complex expression.
In this case the complex expression is all files like ‘*,v’ or ‘.*,v’

The above example is shows how to select all file that are not part of the RCS system. This is important when you want go through a source tree and modify all the source files.

How to search for a string in a selection of files (-exec grep …).

find . -exec grep “www.athabasca” ‘{}’ \; -print

This command will search in the current directory and all sub directories. All files that contain the string will have their path printed to standard output.

If you want to just find each file then pass it on for processing use the -q grep option. This finds the first occurrence of the search string. It then signals success to find and find continues searching for more files.

find . -exec grep -q “www.manoj” ‘{}’ \; -print

This command is very important for process a series of files that contain a specific string. You can then process each file appropriately. An example is find all html files with the string “www.manoj.com”. You can then process the files with a sed script to change those occurrances of “www.manoj.com” with “manoj.manoj.com”.

View Comments »

Posted in CentOS, Linux

Tags: find command find command examples How to find string in side file linux find command Some examples of using LINUX/UNIX find command

Backend Declarations in Varnish

March 12th, 2011

A backend declaration creates and initializes a named backend object:
backend www {
.host = “www.manoj.com”;
.port = “http”;
}

The backend object can later be used to select a backend at request time:

if (req.http.host ~ “^(www.)?manoj.com$”) {
set req.backend = www;
}

The timeout parameters can be overridden in the backend declaration. The timeout parameters are .connect_timeout for the time to wait for a backend connection, .first_byte_timeout for the time to wait for the first byte from the backend and .between_bytes_timeout for time to wait between each received byte.

These can be set in the declaration like this:

backend www {
.host = “www.manoj.com”;
.port = “http”;
.connect_timeout = 1s;
.first_byte_timeout = 5s;
.between_bytes_timeout = 2s;
}

You can limit the amount of connections varnish will send to a backend like this, it help only when you want to limit the number of backend connections

backend www {
.host = “www.manoj.com”;
.port = “http”;
.max_connections = 200;
}

View Comments »

Posted in Caching Technologies, Varnish

Tags: A backend declaration creates and initializes a named backend objec Backend Declarations in Varnish The backend object can later be used to select a backend at request time timeout parameters in varnish Varnish

SMTP authentication using Mysql

March 10th, 2011

There are times when you need to have users authenticate their SMTP sessions. Perhaps you have roaming users and you don’t want to be an open relay, but you cannot predict where these users are. You need a way for them to say to your SMTP server “hey I belong here, let me send email”.

One way to do is is using SMTP Authentication. The user’s username and password are sent to the SMTP server. The server then checks the pair is correct and lets the user then send mail (or not if they are incorrect). SMTP Authentication is defined in RFC 2554.

Postfix has a method of authentication, but it is tied up with SASL. For file-based authentication you just create a special password database. However for other types you cannot simply make a LDAP or MySQL table and be done with it. You can either use SASL natively or do it the way I have implemented it here where Postfix uses SASL which uses PAM which uses MySQL; around-about way but it does work. There is some sporadic documentation about this around The Internet, but I wrote this up in the hope you find it useful and so I don’t have to remember it or relearn it all over again.

You might also be able to adapt this method to use other sorts of PAM authentication. For example I’m pretty sure this method with a little adaption would also work for LDAP authentication. Obviously you could use other databases other than MySQL, its just what I was using here.
Required Packages

The following Debian packages are required to get this all working. I’m using debian Sarge here but for the most part it should work for other versions and dists with some small changes. Some other packages will be needed, but will be pulled in as dependencies.

postfix-tls 2.1.5-9
The main postfix server with TLS and SASL support.
libsasl2-modules 2.1.19-1.5
Modules that provide the LOGIN,PLAIN, ANONYMOUS, OTP, CRAM-MD5, and DIGEST-MD5 (with DES support) authentication methods.
libpam-mysql 0.4.7-1
PAM module to query a MySQL database – only for MySQL authentication.
metamail
Useful for base64 encoding and decoding using mimencode.

You have to make sure that either one or both of the authentication modules packages are installed. If you don’t and you setup Postfix to use SASL (see below) then the stupid process will be throttled. For older distributions you may need the libsasl (no 2) packages.
Postfix and MySQL socket problem

Postfix runs the smtpd daemon in a chrooted environment, usually something like /var/spool/postfix. That means that as far as the smtpd process is concerned you have nothing above that point. MySQL has a socket sitting in another directory, something like /var/run/mysql/mysqld.sock. The problem is that the socket sits in an area that smtpd believes doesn’t exist and cannot get to anyway because of the chroot.

To get around this problem, you have 3 options: 1. Stop smtpd from running into a chroot. 2. Move the mysql socket into the chroot. 3. Don’t use the mysql socket, use a TCP socket instead.

The last two are reasonably simple, possibly the third is the best option (you can make mysqld listen only to the loopback interface). Look at the MySQL documentation about how to move sockets or make it listen on its TCP port.
Stopping smtpd from being in a chroot

This had me going for a long, long time. To change this, edit /etc/postfix/master.cf and change the following line:

smtp inet n – n – – smtpd

The second ‘n’ means it is not chrooted. There may be a way of running smtpd in a chroot with the SASL and MySQL authentication but I’m not sure how.
Postfix Changes

The following lines are added to /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = myserver
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject

SASL Files Setup

So far the postfix server knows it has to use SASL if it gets an authentication request. The default way for SASL to work out if you are authenticated is for it to examine a Berkley DB file called /etc/sasldb2. You can add and change users using the saslpasswd2 program.

The problem here is if you run smtpd in a chroot environment then it will not find the sasldb file. If you try to authenticate postfix will give an error “warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory”. The problem here is that you have a /etc/sasldb2 file, but postfix is looking for a /var/spool/postfix/etc/sasldb2 file.

The two solutions for this problem are to either not run postfix in a chroot environment (see a previous section on how to stop it) or get that sasldb2 file into the correct directory. You can put it right by copying it. You will also need to make sure the user that smtpd runs as can read the file.

Debian users can automatically get this file updated by editing /etc/init.d/postfix. Around line 43 there is a list of files that are copied from their real directories into the chroot. Change the line so it looks like:

FILES=”etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/nsswitch.conf etc/sasldb2″

Now when postfix is restarted you have the new sasldb2 ready to go.

If you are doing file-based authentication then you are done, drop down to the Testing section.
MySQL SASL Setup

For MySQL authentication, the next step is to get SASL to ask PAM to authenticate the user. There’s some confusion because the location of this file has moved around. On my system with the versions of the packages given above, it is found at /etc/postfix/sasl/smtpd.conf but it also has been found in /usr/local/lib/sasl/smtpd.conf and /usr/lib/sasl/smtp.conf. The file is real simple one-liner:

pwcheck_method: pam

That’s it for SASL, it will then use standard PAM as we all know and love for authenticating.
PAM Setup

The PAM setup is pretty standard. All you need to know is the PAM service is called smtp, so you need to create a file /etc/pam.d/smtp. SASL only uses the authentication management group.

It might be useful to test how things are going so far. To do this, and only for testing, you can use the pam_permit module. This module permits anything you send, so its useful for testing or for some strange circumstances, but shouldn’t be used in a production environment. The file /etc/pam.d/smtp would then look like:

auth required pam_permit.so

If you are going to run it with MySQL, use a configuration similar to that shown below. The configuration is similar to a user doing the following:

server$ mysql -u postfix -psecret postfixdb
mysql> SELECT id FROM users WHERE id=’givenusername’ AND password=’givenpassword’;

auth required pam_mysql.so user=postfix passwd=secret db=postfixdb table=users usercolumn=id passwdcolumn=password crypt=0

The table users has two columns. The first is called id and has the username, the second is password it has the unencrypted password in it. A select is made checking both username and password. If there is a single row returned, authentication is successful.
Testing

I use the plain authentication method for testing. To do this you need to convert the username and password into a base64 encoded string. For example, if you have username user and password pass, you would type:

server$ printf ‘useruserpass’ | mimencode
dXNlcgB1c2VyAHBhc3M=

So the string is the username and password joined together with between them. The username is needed twice. To test it, telnet to the SMTP port of your server and type the auth commands.

server$ telnet mail.my.server 25
Trying 10.1.2.3
Connected to 10.1.2.3.
Escape character is ‘^]’.
220 mail.my.server ESMTP Postfix
EHLO blah
250-mail.my.server
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5 DIGEST-MD5
250-XVERP
250 8BITMIME
auth plain dXNlcgB1c2VyAHBhc3M=
235 Authentication successful

I’ve used a EHLO instead of the normal HELO as this is an extended hello, so the server gives you a list of things it can do. Notice that there are two AUTH lines, this is due to the broken_sasl_auth_clients line in /etc/postfix/main.cf.

You may have different authentication modules, it depends on what packages you have installed.

The important thing is the server’s response to your commands is 235 Authentication successful. This means that it recognizes the username and password. If it doesn’t, it returns a 535 Error: authentication failed. If you get a failed message, check the mail logs. The logs should tell you why the authentication failed.

Instead of using the plain authentication, you might want to use the LOGIN method. Once again mimencode is used to get the base64 encoding:

server$ printf ‘user’ | mimencode
dXNlcg==
server$ printf ‘pass’ | mimencode
cGFzcw==

You now have the two base64 encoded strings, to test this method is very similar to the PLAIN method.

server$ telnet 10.1.2.3 25
Trying 10.1.2.3…
Connected to 10.1.2.3.
Escape character is ‘^]’.
220 my.mail.server ESMTP Postfix
EHLO blah
250-my.mail.server
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5
250-AUTH=LOGIN PLAIN CRAM-MD5 DIGEST-MD5
250-XVERP
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dXNlcg==
334 UGFzc3dvcmQ6
cGFzcw==
235 Authentication successful

You might wonder what that strange text is after the 334 numbers. Once again mimencode can help. It’s a base64 encoding of the response from the mail server.

server$ printf ‘VXNlcm5hbWU6′ | mimencode -u ; echo
Username:
server$ printf ‘UGFzc3dvcmQ6′ | mimencode -u ; echo
Password:

So the mail server is asking for a username and password, in base64. I don’t know why they bother to do this as it doesn’t make it that much more secure but at least you now know what it is.
Client Configuration

OK, so you have you server setup that can do authentication, but now you want your laptop that is running Postfix to relay all email through your server. This section describes the client setup.
Postfix Setup

Setting up Postfix is pretty simple. Tell Postfix to send all email to your mail server and enable SASL. The file /etc/postfix/main.cf requires the following lines:

relayhost = mail.example.net
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options =

The configuration is telling postfix to send all email to mail.example.net, use SASL authentication and that the passwords are found in a particular file. Remember for outgoing mail Postfix uses smtp while incoming uses smtpd. As the client sends email the configuration lines have the “d less” smtp_ keywords.
Client Password file

The format of the client password file is simple, especially if you have written hash tables for Postfix before. The key is the remote server and the value is the username and password to use for that server separated by a colon.

mail.example.net myuser:secpasswd

View Comments »

Posted in Mail Servers, Mysql

Tags: SMTP SMTP authentication using Mysql

How to Export A MySQL Multiples Databases Structures Only

March 10th, 2011

If you no longer need the data inside the database’s tables (unlikely), simply add –no-data switch to export only the tables’ structures.
mysqldump –no-data -u root -p –databases db1 db2 db3 db3 db4 > /tmp/mysql_backup.txt

View Comments »

Posted in Mysql

Tags: Export A MySQL Multiples Databases Structures Only How to Export A MySQL Multiples Databases Structures Only

Install MySQL 5.5 on Ubuntu

March 8th, 2011

I followed the steps on this page to install MySQL 5.5 on Ubuntu.
To install and use a MySQL binary distribution, the basic command sequence looks like this:

shell> groupadd mysql
shell> useradd -r -g mysql mysql
shell> cd /usr/local
shell> tar zxvf /path/to/mysql-VERSION-OS.tar.gz
shell> ln -s full-path-to-mysql-VERSION-OS mysql
shell> cd mysql
shell> chown -R mysql .
shell> chgrp -R mysql .
shell> scripts/mysql_install_db –user=mysql
shell> chown -R root .
shell> chown -R mysql data
# Next command is optional
shell> cp support-files/my-medium.cnf /etc/my.cnf
shell> bin/mysqld_safe –user=mysql &
# Next command is optional
shell> cp support-files/mysql.server /etc/init.d/mysql.server

Here are some problems I had during the installation.

1. mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory
I Fixed after installing libaio1: sudo apt-get install libaio1

2. When I was trying to run /usr/local/mysql/scripts/mysql_install_db –user=mysql to reate the data dictionary

This command gives the following error:
FATAL ERROR: Could not find mysqld

The following directories were searched:

/usr/libexec
/usr/sbin
/usr/bin

Fix: Find and remove the old my.cnf file.
sudo rm /etc/mysql/my.cnf, because it was getting the details from the /etc/my.cnf

Don’t forget to set your root password.
./bin/mysqladmin -u root password ‘new-password’

View Comments »

Posted in Mysql

Tags: FATAL ERROR: Could not find mysqld Install MySQL 5.5 on Ubuntu mysqld: error while loading shared libraries: libaio.so.1

Mail Archival with zimbra

March 7th, 2011

Archiving email using Zimbra Desktop

A good solution to store messages offline are localfolders

Use the Local Folders feature in Zimbra Desktop to archive individual messages (or entire folders) to local storage. This new feature takes select email out of your online mailbox, providing a convenient way to reduce the size of your online mailbox and stay under a given quota, if any.

Note that by moving messages to Local Folders, messages are removed from your Zimbra account online and stored locally on your computer in the Zimbra Desktop program. This means that if your computer hard drive crashes your locally archived messages could be lost forever as the messages will not sync back to your Zimbra account online once they are moved to local folders.createanewfolderhere

How to Archive your email messages using Zimbra Desktop:

To archive messages in Zimbra Desktop, open the Zimbra Desktop program and navigate to “Local Folders” on the left hand side of your mailbox folder list:

To archive individual messages to local storage, click on ‘Create a new folder here’ in the right hand pane of Local Folders, enter a folder name and click ‘OK’:

Once the new folder has been created, it will be visible in the ‘Local Folders’ folder list:

From here, messages can be dragged individually to the new Local Folder:

Or entire folders may be dragged over from another location in your mailbox to Local Folders:

This action removes the entire folder from your Zimbra account (online) and places it in Zimbra Desktop Local Folders:

That’s all it takes to store messages locally in Zimbra Desktop. Archiving mail in Zimbra Desktop is an easy and quick solution to moving mail messages from your online Zimbra account to local storage on your computer, reducing the size used by your online Zimbra account in the process.

View Comments »

Posted in Mail Servers

Tags: Mail Archival