The every day things from Thalamus' life.

Thalamus' Blog

22 August, 2006

SSH rocks, quick howto portforward to eg. VNC

Filed under: ComputerStuff_en — Thalamus @ 14:50

Once again, a short blog entry. This time – how you very easily can access your VNC server securely.
This is written with a linux machine as the remote host in mind – but, following the equiv. on eg. windows should not be a problem. The general prosedure is the same.

Say that you have started your VNC server and it is listening on your gateway server at home.
Lets just say its name is ‘someserver.com’ and it is listening on the third VNC port wich is 5903.

If you don’t want to be asked for passwords all the time. The first thing you should do is to generate your own private/public key on the remote computer. Do this by ssh-keygen -t rsa -N “” this will generate two files in $HOME/.ssh – one private and one public file. Now upload the public file into the VNC server by scp. scp $HOME/.ssh/id_rsa.pub someserver.com:. – once connected supply your password. If this is the first time you connect to you server by SSH, it will ask you to accept the servers’ key. Say yes to this. Now, do a normal SSH connection to your server. ssh someserver.com, this time we generate the .ssh folder and move the uploaded id_rsa.pub file so its called $HOME/.ssh/authenticated_keys. If you already have one key there – you need to add it to the existing one. Now, log off and try once more to connect to your server by SSH. This time, since there is a authenticated_keys file already in your homefolder. You will not be asked for the password. If you still are – it is probably because the file needs to have read-only for the user itself. A chmod 400 on it, should fix the problem.

Ok, now – we can access the server without a password (not a requirement thought)

It is time to connect to the server by secured VNC. On your local machine – start SSH with the -L option. It makes a tunnel between the SSH client and the SSH server. The syntax for my example ssh -L 5900:someserver.com:5903, the SSH connection will be made without prompting for password (if you did the first part, if not – supply SSH user/password)

Now, it is all ready to connect to the external server over an encrypted channel by starting vncviewer on your local machine … pointing it to open a connection to localhost:0 wich is the equiv of 5900.

• • •
 

17 August, 2006

Tides (tidevann) where I live, a small project

Filed under: ComputerStuff_en — Thalamus @ 15:51

Hi again !

Just finished programming a dynamic generated page of the tide data where i live. I’ve made it by installing xtide on the server, then every day around midnight updated it with new data. I do believe I got it right … hehe. It should contain the nearest upcomming week – telling when it is high/low tide, some info about moon faze etc. You’ll get the idea.

Check it out by this URL

• • •
 

10 August, 2006

find, grep and filename combo

Filed under: ComputerStuff_en — Thalamus @ 10:51

I suddenly found myself in the need to grep trough some of my perl scripts for a previous code. But, I wasn’t sure how to be grep and in the same time come up with the filename where the grep hit’. So, I searched the internet and found an example wich I changed slightly to my need. I’m just posting this mostly for myself … since I’m getting old and forget things *grin*

find . -name “*.pl” -exec grep “localtime” /dev/null {} \;

the above would work on almost all Unix machines. If you have GNU grep installed, you may do it in another way.

find . -name “*.pl” -exec grep -Hn localtime {} \;

• • •
 

9 August, 2006

bcm43xx, fedora core 5, finally some progress.

Filed under: ComputerStuff_en — Thalamus @ 00:37

I have a Dell Latitude D600 that I fiddle with from time to time. The laptop itself is ok, quiet, fast enough for my purposes – but, has one big annoyance. I just hate the Broadcom wireless that is stuck inside it. Its a Broadcom BCM4309 rev 3. My AP is a Linksys WRT54GS and this card has weird behaviour trying to connect. Running windows, it can take upto maybe a minute or so before it finds the AP. I’ve now updated the drivers for it, (windows) wich I found only because of the readme file that came along with the linux drivers/fw-cutter. As of this moment idk if the problem is resolved in windows. But, well – thats not what I’m going to write about anyway.

The thing that I’m really happy about is to see that the work around the bcm43xx driver definately is on the right path. Earlier today, I descided once more to try to get it working – without ndiswrapper. And, this is what I did. Bare in mind that I did several changes, so, I’m not 100% sure yet what was the essential change. Kernel, firmware or maybe a combo of them both ?

Anyway, I downloaded the latest stable kernel release – 2.6.17.8, and compiled it with the same options as a stock Fedora FC5 release. The previous version I was running was the 2.6.17-1.2157_FC5. Since I already made my own kernel drivers for truecrypt, ndiswrapper and some other modules. I just extracted the kernel to /usr/src and soflinked it so that /usr/src/linux pointed to the kernel source. I then did the standard … make oldconfig; make; make modules_install install. I also descided that I should try out different firmwares from newer drivers. As stated above – inside the readme file that comes along with bcm43xx-fwcutter, it tells you some locations where you may find newer drivers/firmwares. I downloaded the 3 latest ones I could find and extracted those to 3 different test firmware folders … /lib/firmware_1st, /lib/firmware_2nd and /lib/firmware_3rd. The plan was to rename those again to /lib/firmware between the tests.

To put it short – the second newest firmware was the first I tried out, downloaded from rapidshare.de and it worked right away. As of this writing, I’m running on these drivers – with WEP enabled.

Now, the time has come to really test them out and see how stable they are and if I’m able to get even higher performance out of them.

Last but not least – thanks alot to the developers at bcm43xx-homesite, and linux kernel developers in general – for your hard work !!

• • •
 

3 August, 2006

Even more extensions

Filed under: ComputerStuff_en — Thalamus @ 12:43

Hi again !

Once again back, now with some more extentions I prefer. After the 1.5 release of firefox, some extentions didn’t work anymore and download locations for the older ones didn’t work anymore. I’ve found some new favorites as well. So, a new post …

Restart Firefox – simple, but saves me the extra clicks.
StumbleUpon – Community favorites by catergory. Nice stuff.
Fasterfox – the fox on steriods šŸ˜‰
MediaPlayerConnectivity – almost essential if you run linux and want net-radio and stuff.
Adblock – I hate webpages with TOO much ads, this makes it easy to disable them.
Tabmixplus – Just try it, I love it.
Downthemall – a nice download manager, essential in special situations.

Omg, my firefox is full of extensions šŸ˜® šŸ™‚

• • •
 

1 August, 2006

fetchmail + procmail + spamassassin + imap + maildir + muttrc

Filed under: ComputerStuff_en — Thalamus @ 13:03

So, do you still get infested with spam mails ? I don’t … anymore. The prosess the mail goes throug is more or less what it says in the topic. The prosess itself was done in several steps, since I started out with only wanting to try out spamassassin. Once I saw how awsome it all became, I was hooked and tweaked even more … ending up with what I’m going to expain to you here now.

First of all, I didn’t come up with this all on my own – I found some excellent resources out there but these where the main contributors.

Falko Timmes page that I took most of the fetchmail, procmail and spamassassin info from. Spamassassin home page was of course very useful. Dovecot.org very nice imap daemon. mb2md wich I used to convert my existing mbox’. fetchmail. And, last but not least, procmail authors Stephen R. van den Berg and Philip A. Guenther. Salute to you all who I’ve mentioned – and who I’ve forgot … Open Source is awsome !

Well, ok – enough about credits and stuff. Now for the solution.

As I said previously, I used Timmo’ guide to get me started, at first the main goal was to get rid of the spam and also in the same process teach myself how to use spamassassin. The system in question is a standard fedora core 1 install, but, it should be not much trouble installing it on newer releases or even other flavors of linux … or unix for that matter.

spamassassin
I installed or more correctly, upgraded it by method of Timmo’ site. I had spamassassin already installed on my system. But, it was an older version – so, I upgraded to the last version by using CPAN. (oh, forgot to thank those as well …)

.fetchmail

poll isp.snmpserver.com with proto pop3 and options no dns
user 'username@snmpserver.com' there with password 'XXX' is 'username' here
mda "/usr/bin/procmail -d %T"

change isp.snmpserver.com to your pop3 servers name. change ‘username@snmpserver.com’ to your email address, change XXX with your password and in the end change ‘username’ to the username you have on your local machine.

This file needs to start with a “dot” and be named fetchmailrc, make also sure it is only readable by the user it belongs to. Eg. ‘chmod 700 .fetchmailrc’.

Once you have this nailed. Just check that it works by running the fetchmail command. A “fetchmail -k” will download the pop mail to your local mailbox (at this moment, most likely /var/spool/mail/username or something like that). The “-k”, just means, keep the emails on the server, only download a copy.

procmail/.procmailrc

On almost all flavors of unix, procmail is already installed. “procmail -v” should tell you if its there or not. Once again we make a “rc” file. This time “.procmailrc”.

INCLUDERC=/home/username/.spamassassin.rc

For now, that is enough – later on we will revisit this file adding some more info.

spamassassin/.spamassassin.rc

# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# - if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0fw
* < 256000
| /usr/bin/spamassassin --prefs-file=/home/username/.spamassassin/user_prefs
 
# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "/dev/null".
:0:
* ^X-Spam-Status: Yes
/var/spool/mail/spam-mail/
 
# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "
 
  :0 fhw
  | sed -e '1s/^/F/'
}

spamassassin/(user_prefs)
As you see above, we refer to a folder – .spamassassin. Just make that folder and the file user_prefs. Make it contain the following.

required_hits                5.0
 
rewrite_subject       1
subject_tag           ***SPAM***
whitelist_from            root@trusted.com
report_safe                       1
use_bayes                         1
auto_learn                        1
skip_rbl_checks           0
use_razor2                        1
use_dcc                           1
use_pyzor                         1
ok_languages              no
score SUBJ_ILLEGAL_CHARS      0

This is the rule file for spamassassin. What I provide you with here, aint maybe the setup that will suite you the best. For details around this, please head over to the spamassassin page for info on what these parameters means. And maybe you’ll come up with something that works even better for you.

Time to test things again

On a standard install of Fedora – normal users aint allowed to write directly to /var/spool/mail. This setup – parsing the spam to a spam-folder in /var/spool/mail requires that the user are allowed to do this. This can be solved by changing the /var/spool/mail with chmod 1777 as root. Another solution of course, is to parse the spam folder to another location. But, of course, you have to change the files I refer to accordingly.

Once again – lets test and see that it still works. Do a “fetchmail -k”, (maybe you have to send some emails to yourself in order to test this. Or, you may delete the .fetchids file that was created last time you ran fetchmail with the -k option last time. This will download all email once again.

After you have done this. Most likely you’ll have new mail in /var/spool/mail/username, and maybe even a new file /var/spool/mail/spam-mail. This is the mails that spamassassin have marked as spam. I prefer to keep them, for quick revision before deleting completely.

To summon up, by now – we have fetchmail downloading our email from the pop3 server, forwarding it through procmail into spamassassin wich marks and moves spam mail to one folder, while also keeping the mails we want into our local accounts email.

If this is all you want, then stop here. If however you want to convert the exsisting emails you have and maybe start using Maildir, then read on.

dovecot/imapd

Dovecot is a imap server. The difference between pop3 and imap is mainly one thing. The mail stays on the server while with pop3, you download them, leaving the server empty. So, what is the advantage then ? Well, I tend to like the idea that you can install eg. Thunderbird on multiple machines and still have your mail available from anywhere.

If for some reason the dovecot server is running already, stop it.

I installed the latest version of dovecot by source, and used the template file that comes with it. The code I’m refering to here then is merly the changes, instead of the whole file.

default_mail_env = maildir:%h/Maildir

procmail/procmailrc

Now, its time to make the server itself by default starting to deliver mail into Maildir instead of the default mbox. This is easiest done by making a new file /etc/procmailrc (this one don’t start with a “dot”). In this file, add this line.

DEFAULT=$HOME/Maildir/

mb2md

This script by default converts your /var/spool/mail/username mbox file into a Maildir folder. Be sure to be the user that you are trying to convert. Then issue the following command.

./mb2md-3.20.pl -m

Of course, if you downloaded another version of it, (newer maybe) the command might need to be slightly changed. You get the idea ! šŸ™‚ If you want more folders converted, please read inside the perl file, the documentation is inside the file itself.

You should also convert your spam-mail folder to Maildir, this since we soon will make Maildir the default delievery method.

procmail/.procmailrc (revisited)
Now, we are very close to complete. I prefer to keep a log of what is going on, so, as the user edit .procmailrc once more. This time we add a logging command to it.

LOGFILE=$HOME/procmail.log
INCLUDERC=/home/username/.spamassassin.rc

Now, when new mails are downloaded, it is logged in procmail.log who sent it, the subject and what procmail (spamassassin) did with it. Of course, after awhile you may not want this file anymore. But, I bet you want it enabled in the start at least to be able to watch your beautiful setup … hehe.

Cleaning up, automating stuff

Become root, make sure that dovecot restarts automaticly. On a fedora with RPM installed version, that should be something like this

chkconfig --level 35 dovecot on

and start it with

/etc/init.d/dovecot restart

.

If it aint a rpm, then I guess your clever enough already to fix this yourself.

Make fetchmail run automaticly, I prefer by normal crontab. Become the user in question. Then issue

crontab -e

add the following

*/10 * * * * /usr/bin/fetchmail >/dev/null 2>&1

By default, cron sends an email to the users running the cron for each crontab job is run – if there is any output from the command itself. We make here sure that there aint any such output, so we don’t get a new email from the crontab telling us that it has run a new job.

Now if I haven’t forgotten anything, you should be able to connect yourself to your dovecot spamassassin enabled imap server without much hassle. You might want to make your own certificates if you use ssl, but well thats not the scope of this article.

Oh yes. Maybe you want to check that spam-mail folder from time to time locally ?

.muttrc

I’ve stolen.muttrc I use from this location. The only thing I changed was

set spoolfile="~/Maildir/"

wich I changed into

set spoolfile="/var/spool/mail/spam-mail"

allowing me to go to the spam-mail folder by default.

• • •