August 2013 – Tikejhya: Ashish Nepal

getent hosts vs hosts

On 28th August 2013

There may be some occasion that you want to bypass hostfile to resolve public IP, how it works?

here is small example, host command works exactly as dig. (ie. doesnot do byhostname lookup)

host www.ashishnepal.com -> will look directly to DNS (not looking host file same as dig)
getent hosts www.ashishnepal.com -> will look into /etc/hosts file first and go to DNS.

+39

0

Monitoring Varnish Healthcheck

By admin

On 28th August 2013

In Varnish

Monitoring Varnish Healthcheck

varnishadm debug.health | awk /Backend/'{print $2,$4}’
web1 Healthy
web2 Healthy

This will throw ugly logs on syslog, so to Disable logging on varnishadm
Note: This is not disabling varnishadm logging but only cli traffic
(i.e. those which runs on Bash CLI, Those you run from varnishadm will still be visible).

syslog_cli_traffic

+46

0

Fatal error: Can’t open and lock privilege tables: Table ‘mysql.host’ doesn’t exist

By admin

On 28th August 2013

In Mysql

Fatal error: Can’t open and lock privilege tables: Table ‘mysql.host’ doesn’t exist

Solution:

mysql_install_db

+31

0

[ERROR]: spawning fcgi failed.

By admin

On 28th August 2013

In Lighttpd

(mod_fastcgi.c.1397) [ERROR]: spawning fcgi failed.
(server.c.964) Configuration of plugins failed. Going down.
(log.c.166) server started
(mod_fastcgi.c.1103) the fastcgi-backend /usr/local/php5/bin/php-cgi failed to start:
(mod_fastcgi.c.1107) child exited with status 2 /usr/local/php5/bin/php-cgi
(mod_fastcgi.c.1110) If you’re trying to run your app as a FastCGI backend, make sure you’re using the FastCGI-enabled version.
If this is PHP on Gentoo, add ‘fastcgi’ to the USE flags.
(mod_fastcgi.c.1397) [ERROR]: spawning fcgi failed.
(server.c.964) Configuration of plugins failed. Going down.

bin-path location and ensure php-cgi exists

+47

-1

You have already voted.

nginx redirect loop

By admin

On 28th August 2013

In Lighttpd, nginx, Web Server's

The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

I have noticed that this could happen in many diff reasons.

1) Nginx Configuration
e.g. http://stackoverflow.com/questions/4616521/nginx-configuration-leads-to-endless-redirect-loop

2) can be when you dont have extforward trusted on backend server which is used from nginx(as reverse proxy).

e.g.
extforward.headers = (“X-Forwarded-For”, “Forwarded-For”)

extforward.forwarder = (
“192.168.1.2” => “trust”
)

+42

0

Using diff IP to send email POSTFIX

By admin

On 18th August 2013

In postfix

This can be specified in the main.cf file for all SMTP clients, or it can be specified in the master.cf file for a specific client, for example:

Edit /etc/postfix/main.cf and make sure that the following line is present
inet_interfaces = 11.22.33.44, localhost

However, using smtp_bind_address will force to listen inbound mail only on new ip so if we want both ip to be there for listening for incomming mail you want to do.

Change this part:

smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay=
to this:

smtp unix - - - - - smtp -o smtp_bind_address=11.22.33.44 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_bind_address=11.22.33.44 -o smtp_fallback_relay=

+55

0

Postfix DKIM

By admin

On 17th August 2013

In postfix, sendmail

What is DKIM?

For funtional overview visit:
http://www.sendmail.co.uk/sm/open_source/dkim/functional_overview/

DKIM or DomainKeys Identified Mail is an electronic signature that is inserted into the full header of your email to identify the origin of where the message was sent.

Howto?

# Install opendkim, which is fork of dkim-milter.
yum install opendkim

# Create directory for you domain, generate key, change ownership.
mkdir /etc/opendkim/keys/mydomain.com opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default

# If you have multiple domain, do same for each domain.

# Configuration File
/etc/opendkim.conf â€“ OpenDKIMâ€™s main configuration file /etc/opendkim/KeyTable â€“ a list of keys available for signing /etc/opendkim/SigningTable - a list of domains and accounts allowed to sign /etc/opendkim/TrustedHosts â€“ a list of servers to â€œtrustâ€ when signing or verifying

# vi /etc/opendkim.conf
PidFile /var/run/opendkim/opendkim.pid Mode sv Syslog yes SyslogSuccess yes LogWhy yes UserID opendkim:opendkim Socket inet:8891@localhost Umask 002

Canonicalization relaxed/simple Selector default MinimumKeyBits 1024 KeyFile /etc/opendkim/keys/default.private KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts

# vi /etc/opendkim/KeyTable
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default

# If you have multiple domain add similar line with each domain

# vi /etc/opendkim/SigningTable
*@mydomain.com default._domainkey.mydomain.com

vi /etc/opendkim/TrustedHosts
127.0.0.1

# If you want to add simillar trusted domain or ip add in Trusted host file.

# Now Make postfix aware where to go for smtpd milter
smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept
# If youâ€™re running a version of Postfix prior to 2.6, you may need to add:
milter_protocol = 2

Service opendkim start
service postfix reload

Add DNS entry with the key you created for each domain which can be found under.
/etc/opendkim/keys/mydomain.com/default.txt

Test:
By sending a blank email to the following address : sa-test@sendmail.net or check-auth@verifier.port25.com or autorespond+dkim@dk.elandsys.com and check the respon.

Or, check header of email message.

Checking Mail server reputation:
https://www.senderscore.org/
http://mxtoolbox.com/SuperTool.aspx

Openrelay Test:
http://www.mailradar.com/openrelay/

Test Openrelay Telnet:

telnet: > telnet mx1.example.com smtp
telnet: Trying 192.0.2.2…
telnet: Connected to mx1.example.com.
telnet: Escape character is ‘^]’.
server: 220 mx1.example.com ESMTP server ready Tue, 20 Jan 2004 22:33:36 +0200
client: HELO client.example.com
server: 250 mx1.example.com
client: MAIL from:
server: 250 Sender Ok
client: RCPT to:
server: 250 Recipient Ok
client: DATA
server: 354 Ok Send data ending with .
client: From: sender@example.com
client: To: recipient@example.com
client: Subject: Test message
client:
client: This is a test message.
client: .
server: 250 Message received: 20040120203404.CCCC18555.mx1.example.com@client.example.com
client: QUIT
server: 221 mx1.example.com ESMTP server closing connection

+59

0

Printing parsed config-file.

By admin

On 11th August 2013

In Lighttpd, Web Server's

Lighttpd

Printing parsed config-file.

lighttpd -pf /data/etc/lighttpd/lighttpd.conf

-p print the parsed config-file in internal form, and exit
-t test the config-file, and exit
-f filename of the config-file

+47

0

/etc/httpd/modules/mod_ssl.so: cannot open shared object file:

By admin

On 11th August 2013

In Web Server's

root@host conf.d]# service httpd configtest
httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 12 of /etc/httpd/conf.d/ssl.conf: Cannot load /etc/httpd/modules/mod_ssl.so into server: /etc/httpd/modules/mod_ssl.so: cannot open shared object file: No such file or directory

Installing mod_ssl for Apache on CentOS:
yum install mod_ssl
service httpd configtest
service httpd reload

+47

0