Tag Archives: linux

Logging Email w/ Sendmail on CentOS 4

Need to archive messages on your server? Exchange can natively do this with a Journal mailbox, but if you’d like to set the same feature up in Sendmail, it will take some tweaks.

This has been adapted from some instructions found on Experts Exchange that were originally for RedHat 7.2, which is just a teensy bit out of date. As with all things, make sure you have a backup before you start in on this process.

Grab the Sendmail source package from either the CentOS source CDs or a site like RPMfind. Make sure the version of the source package matches the version of sendmail you’re running from rpm –query sendmail.

Make sure you have the rpm-build package installed (yum install rpm-build)

Start the rebuild for the source package with the command rpmbuild –recompile sendmail-8.12.x.src.rpm (replace the source filename with the name of the one you downloaded). You will see a lot of ‘missing user’ errors scroll by, these can be ignored.

Change to the specs folder in your source tree (usually this is /usr/src/redhat/SPECS) and edit the sendmail.spec file, commenting out or removing any lines starting with ‘rm -rf’. These lines would normally clean up the source files once the build is complete, but for now, we want to keep them.

After you’ve saved the spec file, run rpmbuild -bp sendmail.spec. This will apply patches to the sendmail source that come as part of CentOS. It should only take a few seconds.

Download the logall.c file to a directory of your choosing (wget http://www.freakout.de/logall.c), then change to the sendmail source folder (cd /usr/src/redhat/BUILD/sendmail-8.13.1/sendmail) and edit the conf.c file. Look for a line which says #ifdef EXAMPLE_CODE, and immediately before it, add a new line:

#include “/root/adm/mail/sendmail/logall.c”

(use the full path of wherever you downloaded logall.c). Save the file. Run make and if it doesn’t throw any errors, run make install. Now edit your /etc/mail/sendmail.mc. At the very bottom, add the following lines:

LOCAL_CONFIG
D{LogAll}/var/log/fullmail.log

You can replace the path and filename with wherever you’d like your log file saved. The LOCAL_CONFIG option specifies that everything following that directive should be passed directly to the config file for sendmail, and not parsed as normal config options. Rebuild your sendmail config with make -C /etc/mail (you will need the sendmail-devel package installed for this).

Create the file you referenced in your sendmail.mc by doing touch /var/log/fullmail.log, making sure that the sendmail process can write to it (set the file permissions to the same as your other maillog files basically). Now, restart sendmail, and send a test message to make sure everything still works. You should also find a copy of that message in the fullmail.log file as well.

The file generated by this is a standard mail file, so you can read the contents with a pager like less, or a command like mail -f fullmail.log. It stores a complete copy of every message sent and received, so it might be a good idea to keep an eye on your drive space and rotate that file every so often.

If you take a look at the logall.c file, there are many other options you can set in LOCAL_CONFIG for features such as keyword filtering, max log size, and exclusions. Keep in mind that this process did not update the currently installed sendmail package, so if an update comes down for sendmail, you will need to repeat this process to keep logging working.

Fixing ‘vmics eth0 not present’ Errors

During startup of a Linux machine under VMware, you might receive the following error:

vmnics device eth0 does not seem to be present, delaying initialization.

To fix this, you will need the VMware tools installed.  You can do this by selecting ‘Install VMware Tools’ from the Tools menu.  This will mount a virtual CD in /media/cdrom (or wherever your CD mountpoint is).  There are RPM and tarball packages, install whichever one best fits your distro.  Then run the command vmware-config-tools.pl.  This will scan your system and update some config files to point to the proper drivers for the hardware & kernel.

After the config tool has run, it will have a list of commands that you need to type in for the changes to take effect (some rmmod and depmod basically).  Run these commands, then reboot.

On rebooting, I ran into a kernel panic about a faulty APIC timer.  If you run into this, restart the guest OS, and edit the kernel command line (press A at the GRUB screen), and append noapic to the end.  Boot the system, and after it has finished rebooting, reboot once more.  This seems to have fixed it, at least for me.

Breaking RFC 2821

Someone call the internet police, SmashTech has broken RFC 2821, the RFC for SMTP. If you send an email to a non-valid address on the server, the system will accept and delete it, all without ever sending a 550 Undeliverable error message back.

As RFC 2821 says, “If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an “undeliverable mail” notification message and send it to the originator of the undeliverable mail (as indicated by the reverse-path).”, a bounce message is required.

But with all the spam these days, sending a bounce message for every single invalid email is just not practical. So far today, there have been almost 500 messages to invalid SmashTech addresses. Under RFC 2821, I am required to send a Undeliverable message back to the source. But guess what? Every single one of those bad email addresses is from spam with forged headers. If I attempt to send a bounce message back, chances are pretty good that I will get another bounce message because SmashTech would try to send to the fake address in the header. This means another mail process running, trying to send this, retrying until it gives up.

Finding out how to break RFC 2821 took a while, because every time someone brings up the topic of disabling bounce messages, they are quickly flamed into oblivion with violating the RFC and ignoring adopted standards, but Im going to tell you how to do it easily.

Add a catch all address to your virtusertable file like so (replace deleteme with a valid user on your system):

@domain.com deleteme

Then setup a cron job to delete that users email file at /var/spool/mail/deleteme, probably on an hourly basis. Make sure you do this step, or their mail file will fill up all space on the system.

Hacking the Fiery X3e and X2

The Fiery is a standalone print server to which you can connect any printer and turn it into a network printer, kind of like a souped-up version of a JetDirect box. There are several different Fiery units, some MIPS based, some on a PCI card, and some x86 based. We got a couple of these from work, and now Justice and I are working on them and trying to hack them into MP3 servers or something. Read on for more details.

Updated 7/16/04: Pictures, details on the hard drives…
Updated 7/19/04: Partial file listing from the X2 drive!

Fiery X3e
CPU: 366MHz Celeron
RAM: 64MB (3 slots, max 512MB)
Interfaces: 2x 3.3v PCI, 1x NuBus(?)
Network: EtherExpress 100Mbit (using a 3C509 because of driver issues)
External: Parallel/Serial/USB
Disk Controller: 40-pin IDE, 44-pin IDE
HDD: 8GB ext3 (stock is 10GB ext2)
LCD: /dev/ix1284
OS: Fedora Core 1 (stock is a custom Debian)

We removed the hard drive and mounted it in another Linux system. First thing we did was reset the root password. The partition table was as follows:

Disk /dev/hdb: 10.2 GB, 10262568960 bytes
255 heads, 63 sectors/track, 1247 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
/dev/hdb1 Linux (128MB, /boot)
/dev/hdb2 Linux (512MB, /)
/dev/hdb3 Linux swap (256MB)
/dev/hdb4 Linux (9+ GB, /scsi0, spool?)

The bootloader was LILO, and loaded the default image of diablo. Diablo stands for Diagnostics, Install and Boot LOader. The default console is the serial port, so we used HyperTerm to boot. The system boots to a Debian login. It is a very barebones install, however apt-get is installed. There is no DNS support, everything is in /etc/hosts. The only apt sources were for the EFI servers. No GCC, no wget, nothing of any real use. There is an efisys process running which appears to control the LCD. There were well over 150 processes started.

A person by the name of Fumiaki Okushi seems to be involved with the X3e development. fumiaki appears in several log files, and there is a fumiaki who works at EFI and has posted in Linux dev lists (Google for it).

To replace this, we did a clean install of FC1 on an 8GB drive. After installing, we removed GRUB (the X3e didnt like it at all) and replaced it with LILO. /etc/lilo.conf and /etc/inittab were updated to run a console on the serial port and everything went fine from there. The system finds an EtherExpress Pro 100 network card, but fails to initialize it, complaining about an invalid EEPROM. Were using a 3C509 for the time being.

The LCD is controlled by the ixSerial driver, and is an IX232. It is available at /dev/ix1284 with maj 254 min 0. Software for the LCD appears to be available in LCD.dpkg file on /boot or lcd_1.02.tar.gz in /packages. The command to control the LCD is /bin/dialog, but I havent tested this in a non-Debian system.

Now we need to find an audio card for it.

Fiery X2
CPU: 200MHz MIPS
RAM: 64MB (4 slots, max ???)
Interfaces: 1x 5v PCI, 1x 64-bit PCI(?)
Network: Unknown (100Mbit, has ethernet & token ring)
External: Parallel/Serial/USB, and what appears to be either SCSI or a custom Epson interface
Disk Controller: 40-pin IDE, 68(?)-pin SCSI, 34-pin floppy
HDD: 4GB HDD (unknown partition type)
LCD: Same as X3e but on non-standard connector
OS: Unknown, proprietary, possibly BSD based

The hard drive has no partition table that I can find. I dumped the drive to an image on my linux machine. Running strings on the image turns up quite a few tidbits, some CSH scripts, and what looks like assembly or some Adobe scripting code, complete with comments. Heres one of the many copyright notices in there:

“(c) Copyright 1998 Electronics for Imaging, Inc. (EFI). All Rights Reserved EFI products contain certain trade secrets and confidential and proprietary information of EFI. Use, reproduction, disclosure, distribution by any means are prohibited, except pursuant to a written license from EFI. Modification, translation, reverse engineering, decompiling, disassembling, and creating derivative works based on this software are prohibited, except pursuant to a written license from EFI. Use of copyright notice does not imply publication or disclosure.”

I managed to get the drive image mounted, but its not working quite right yet. All files are unreadable and show up as 538,976,288 bytes. Mount lists the filesystem as vfat, but Im guessing thats not correct.

[root@localhost temp]# ls
adobe drivers lcdstr pspages startup..o
boot feature_.not libs queuedic.t sysdict
boot.st fonts65 mx_insta.ll rebooton system
calib halftone net release..ver system.d.ict
color httpd nvram res.dict tmp
config.l.ist hwdecomp..of passdict spool videodic.t
dev0 initdict product..ver start
disable..pcl l10n project_.mxw start.no.tel

User-Level Crash Exploit

(from Slashdot)

An exploit has been discovered which can completely freeze up a linux box. The code does not require root level access to run, just a shell and access to a compiler. The problem appears to be that if you trigger a floating point exception inside a signal handler (specifically SIGALRM), the kernel doesnt handle it correctly, hanging the system. Several kernels are immune to this, mostly from Gentoo, ie 2.4.26-rc3-gentoo: ” I have no idea why this kernel version is safe from this exploit. It just is.” Get the code and patches. This will require a recompile of your kernel to fix.

Who Created Linux?

(from CNet)

Several sites are running stories about how a DC think tank, the Alexis de Tocqueville Institution, is raising questions of whether Linus can really be considered the father of the OS.

AdTI claims that more credit should go to Andrew Tanenbaum, who was at the same university as Linus, and developed Minix, which Linus admits (in his first usenet post about linux) is supposed to be a free Minix clone for PCs.

The main question is: Does anyone care?