Fix ldap_route `null’ in sendmail 8.14.4

I’ve got a sendmail setup with ldap_routing, it’s very convenient if you’ve got a distributed sendmail environment, in my case I’ve just got ldap_routing for mail hosts and not for addresses, so it’s expressed in the following form in sendmail.mc:

When upgrading my sendmail platform to the new Ubuntu 12.04 LTS (Precise Pangolin) I’ve found the following error:

This is due to a change in behaviour in ldap_routing.m4 in 8.14.4, it’ll try to automatically add  -T<TMPF> which breaks the special `null’ behaviour.

The way recommended to fix this is to replace ldap_routing.m4 with the version from 8.14.3 which is available here.

In my case (Ubuntu) I just had to replace the file located at /usr/share/sendmail/cf/feature/ldap_routing.m4, then process sendmail.mc again and everything went back to normal :)

MySQL upgrade to Ubuntu 12.04

Ubuntu 12.04 LTS (Precise Pangolin) has updated MySQL to version 5.5, the update is not as straight forward as in other releases so some caution must be always taken.

Updating from MySQL 5.x

This is a fairly easy case, if you have any extra config in /etc/mysql/conf.d there’s a high chance that the new package will actually uninstall your old packages without replacing them, be extremely careful with that, also check that all your parameters are in line with MySQL 5.5 syntax.

First of all once the upgrade to 12.04 is finished, check which packages for mysql-server are installed:

If you see all the 5.5 packages installed congratulations, your upgrade was flawless, but in any other case you’ll only see the mysql-server-5.1 package, so you’ll need to install manually the packages.

This should in all cases suffice to get MySQL server running again if there’s no errors in your my.cnf.

Updating from MySQL 4.x

In this case the binary structure changes slightly so you’ll need to dump all your data and upload it to a fresh new MySQL 5.5 instance, there’s not much way around this unfortunately and not following this can result in corrupt data.

Precise Pangolin (12.04 LTS) released!

Today Ubuntu 12.04 LTS (Precise Pangolin) has been released, this is a LTS release and as such the preferred choice for lots of sysadmin/devops folks like me.

In this release I’ve been involved in Cloudfoundry, but also in packaging puppet, mcollective, mcollective-plugins, rabbitmq-server, and ipxe. All of which I’m quite happy about, if you feel like yelling at someone you know where to find me.

This release also makes the official debut of juju as a stable technology, the slogan says its Devops Distilled but I see it more as a giant application deployer with amazing orchestration skills, all of them make it a great solution, which you can also mix up with your usual puppet and mcollective of course :)

Go ahead and take the tour, and start playing with it in the Cloud or on your computer.

The Oneiric Ocelot is here!

Finally Ubuntu 11.10 has just been released, this is the last version before our next LTS (12.04) so it’s a big technological preview.

You can take an online tour here http://www.ubuntu.com/tour/

In this version I’ve contributed packages in mcollective, puppet and rabbitmq, but most of all I’ve been working in Openstack, Juju and Orchestra, have a look and enjoy! The next LTS will be very exciting.

mcollective 1.0 plugins in natty

We’ve been working very intensively these last three months with mcollective on Ubuntu, and it’ll be finally be available in natty, another great addition for this release alongside with cobbler.

Unfortunately, our plugins package didn’t make it on time for the natty release freeze, which makes mcollective on natty’s release on Apr 28th a bit limited, but we have the package available for your enjoyment \o/.

In order to be able to install mcollective-plugins into your system you should add this PPA by executing:

Once you added the new repo you can see all the plugins available by running apt-cache search mcollective-plugins and install them based on your mcollective needs.

IBM xServer 305 on CentOS 4 – Kernel incompatibilities

After a horrible week fighting against CentOS 4 and our firewalls deployment. I’ve found several incompatibilities (albeit already documented) with this machines and CentOS 4.

There were 2 different problems affecting this machines.

Keyboard not working after kernel boot, non responsive.

This happens even when installing the machine, I had to install this machine in graphical mode (it works when booting in graphical mode) but it didn’t work at all on a forced text installation.

This bug can be solved disconnecting the USB subsystem in the BIOS, after that the keyboard is operative again.

Machine freezes with a kernel panic after approx 24h. of operation, no logs or traces left.

This one was a hard bone to catch! Did a memory test, updates both BIOS and network cards firmware to the last version and did several extended checks on the hardware, there was not a single error.

After roaming around the RedHat and CentOS forums for a while looking for an answer, I saw a similar error in RedHat RHEL4 (the one CentOS is based on) about an xServer that had the same problem. It seems the problem is realted with the old version of ACPI this motherboard has, and it only happens with 2.6.9-42.x.EL versions of the kernel, just adding the noapic option in /etc/grub.conf to the kernel boot solved the issue.

SpamAssassin : Tweaks for new Spam methods

There have been lately a huge increase in spam due mainly to botnets, spammers also have shifted their spam methods, using embedded images and obfuscating techniques to avoid OCRs.

This two factors together mean that I’ve got a lot more work maintaining my spamassassin installation :) and also that the standard config or some deviations on the scoring is not good enough, even with score tweaking I still got lots of Stocks and embedded gif spam, after some checking around I found some solutions in Rules Emporium. Also updating is a must so try always to keep up to date, right now I’m running Spam Assassin 3.1.7.
Finally after some tweaking and more tweaking I arrived to this config:

  • Auto White-list and Bayes using MySQL DB Engine
  • user_pref integrated into our user control panel
  • Razor2 integration
  • SPF Integration
  • Score tweaking
  • New rules added using Rules Emporium ImageInfo and Stock Rules

With this method the false positives have gone down and the stock and image spam is being stopped (finally!).

The Rules Emporium ImageInfo plugin consumes a lot less CPU than using an OCR plug-in and even if it’s based on broader rules it catches even the hardest embedded image spam, you can get the plugin here. Also the stock ruleset got rid of most of the stock spam that I was receiving, this spam is quite hard to guess indeed! You can get the ruleset here.
Here is the final tweaked local.cf config in SpamAssassin

Also it’s important to have this modules loaded in your v310.pre file:

The way to install the additional config and plugins should be as follows:

Copy the new .cf (configuration) files into the directory where SpamAssassin keeps the configuration in your install. In Red Hat machines this directory is /usr/share/spamassassin.

Copy the new .pm (modules) into the SpamAssassin PlugIn module which is by default /usr/lib/perl5/vendor_perl/5.8.3/Mail/SpamAssassin/Plugin/ (this directory of course, is for Perl version 5.8.3, change the version to the one you have installed).

Don’t forget to restart SpamAssassin after adding the new files!

It’s always a good idea to start spamd with -D after activating modules, since most of the times you’re missing a perl module which one of your modules have a dependency with.

This configuration is not really CPU hungry so it’s great for people who are running on a tight server budget.