Saturday, January 12, 2013

How to debug qmail with simscan, clamav and spamassassin

How to debug qmail with simscan, clamav and spamassassin?

Qmail sends this error "451 mail server temporarily rejected message (#4.3.0)" and all messages are rejected but in logs there is nothing suspicious. How can this be debugged?

You need to edit your /etc/tcp.smtp and add some debug variables. Normally the file looks like this:

127.0.0.1:allow,RELAYCLIENT="",QMAILQUEUE="/usr/sbin/simscan"
:allow,QMAILQUEUE="/usr/sbin/simscan"

Modify your settings like this:

127.0.0.1:allow,RELAYCLIENT="",QMAILQUEUE="/usr/sbin/simscan"
:allow,SIMSCAN_DEBUG="2",NOP0FCHECK="1",QMAILQUEUE="/usr/sbin/simscan"

Make sure that QMAILQUEUE points to the right path of simscan.
Recompile your /etc/tcp.smtp

# tcprules /etc/tcp.smtp.cdb /tmp/t.tmp < /etc/tcp.smtp

Now logs are filled with needed information and you can debug your problem. Remember to remove debugging after the problem.

Example debug output:
# tail -f /var/log/qmail/smtpd/current
@4000000050f019b9351afa74 simscan: cdb looking up
@4000000050f019b9351c2f0c simscan: cdb for  found clam=yes,spam=yes,spam_hits=4.9
@4000000050f019b93521b51c simscan: pelookup clam = yes
@4000000050f019b93521b904 simscan: pelookup spam = yes
@4000000050f019b93521c0d4 simscan: pelookup spam_hits = 4.9
@4000000050f019b93521c8a4 simscan: starting: work dir: /var/qmail/simscan/1357912495.891056.16277
@4000000050f019bb13bc6804 simscan: pelookup: called with xxxasd@safds.com
@4000000050f019bb13bc9acc simscan: pelookup: domain is safds.com
@4000000050f019bb13bc9eb4 simscan: cdb looking up safds.com
@4000000050f019bb13bcae54 simscan: pelookup: local part is gxxxx
@4000000050f019bb13bccd94 simscan: cdb looking up xxxasd@safds.com
@4000000050f019bb13bce8ec simscan: pelookup: called with gxxxx@stemo.bg
@4000000050f019bb13bcfc74 simscan: pelookup: domain is stemo.bg
@4000000050f019bb13bd005c simscan: cdb looking up stemo.bg
@4000000050f019bb13bd1bb4 simscan: cdb for stemo.bg found clam=yes,spam=yes,spam_hits=5.7
@4000000050f019bb13bd2f3c simscan: pelookup clam = yes
@4000000050f019bb13bd2f3c simscan: pelookup spam = yes
@4000000050f019bb13bd3324 simscan: pelookup spam_hits = 5.7
@4000000050f019bb13bd46ac simscan: pelookup: local part is gxxxx
@4000000050f019bb13bd46ac simscan: cdb looking up gxxxx@stemo.bg
@4000000050f019bb13c65ecc simscan: calling clamdscan
@4000000050f019c110b86b1c simscan: fatal error executing clamdscan
@4000000050f019c110ba6304 simscan: exit error code: 71

Wednesday, January 9, 2013

Joomla FTP Layer - permissions and solution

When using commercial hosting with CPanel interface with Joomla you can be stuck by problem with file permissions. Errors like these are common:
Warning: Failed to move file!
The problem occurs  when uploading and installing modules/templates in Joomla admin interface. There are a lot of advises out there that suggest you to do "chmod 777 somedir" to resolve this problem. This is BAD solution and should never be used. Here is explanation why is this happening and how can you fix it without changing permissions.

When you buy hosting you get username/password for CPanel and ftp account which are identical. Installing Joomla on such hosting is not a problem but when trying to install template/module in Joomla admin panel you can see the above error message.

When uploading and installing files from Joomla admin panel, uploaded file is set to different owner than your username for the hosting. Uploaded file is owned by user started the apache web server. On most linux distributions it is www, www-data, http and so on. So when uploaded with different user the file can't even be deleted by your account and you need to contact hosting administrator to delete it for you. What you need to do is to make Joomla upload file with your hosting username/password. This is done by enabling FTP layer in Joomla global configuration tab and filling it with the right data (user/pass/ftp root). This can be done on installation process of Joomla but it is disabled by default. If you don't do this the final process of writing configuration.php will fail and you need to save and upload it manually.

How to enable it manually. Lets assume that your Joomla installation at address http://yousite.com/joomla. If you login in CPanel you will see that your home directory is something like "/home/username/". Document root of the web server is /home/username/public_html and Joomla is installed in /home/username/public_html/joomla. Here is configuration.php for ftp layer:

public $ftp_host = '127.0.0.1'; // change ftp ip address here
public $ftp_port = '21';
public $ftp_user = 'username';
public $ftp_pass = 'password';
public $ftp_root = 'public_html/joomla/';
public $ftp_enable = '1';

This should solve the problem with user mismatch when uploading modules/templates.
Other is hosting provider to support suPHP which is better solution to this problem.

Thursday, January 3, 2013

Windows 8 настройки

Новото чудо Windows 8 идва на пазара с гръм и трясък с интерфейс достоен за най-готиния телефон, но с много малка функционалност за десктоп машина.

За разлика от бета версията, при финалната са премахнали registry ключа който позволяваше да се върне стария облик със старт менюто и всичките му там функционалности на windows 7 (примерно).

За целта хора са си поиграли да направят програмка която връща тези фунционалности. Програмката е безплатна и може да бъде свалена от страницата на проекта Classic Shell.

Другото което ме подразни са новите themes, които са старите преработени така, че да изглеждат ужасно. След достатъчно ровене из google успях да намеря един theme pack който съдържа старите windows classic themes от win 7/vista/xp. Изтеглете ги от тук: http://windows8themes.ms/classic-themes-for-windows-8-classic-theme-brick-spruce-and-so-on-total-17-themes/.

Това е архив с файлове които се разархивират в директория: C:\Windows\Resources\Ease of Access Themes\. Вече са достъпни чрез right click -> personalize. Аз използвам Windows XP Classic.

В общи линии Windows 8 е голямо дърво. Предполагам че ще трябва поне service pack 2 да излезе за да стане използваем за всекидневна работа.