Browse Category: howto

Push email on iPhone and other smartphones… without Exchange

Tonight, I found a clever open-source project entitled Z-Push. This small collection of PHP sits in a web directory and responds to ActiveSync queries — the protocol used for Exchange. It then checks and delivers email.

This is useful because of the limitations of some smartphones — such as the iPhone — wherein Exchange-hosted mail is delivered instantly, while standard POP3 or IMAP mail accounts suffer a long polling delay.

On the server side, configuration is fairly simple:

  1. wget http://download.berlios.de/z-push/z-push-1.3RC.tar.gz
  2. tar xzvf z-push-1.3RC.tar.gz
  3. mv z-push /var/www/html
  4. yum install php-imap
  5. chown apache:apache /var/www/html/z-push/state
  6. vi /var/www/html/z-push/config.php and configure the following:
  7. $BACKEND_PROVIDER = “BackendIMAP”;
    define(’IMAP_SERVER’, ‘localhost’);
    define(’IMAP_PORT’, 143);
    define(’IMAP_OPTIONS’, ‘/notls/norsh’);

  8. Add the following Alias to an Apache SSL VirtualHost:
  9. Alias /Microsoft-Server-ActiveSync /var/www/html/z-push/index.php

  10. Restart Apache

On your phone, simply create a new Exchange-type account that points to your server as if it was an Exchange server. Send a test mail and marvel at how fast it appears on your phone! Tested on iPhone and Motorola Droid with excellent success.

Rewriting URLs based on domain name

While Apache’s mod_rewrite is fairly powerful, it does have some limitations (mostly to not break the HTTP spec). While you can specify any number of esoteric conditions, it’s not possible to rewrite anything but the URI. If you want to redirect sillydomaintwo.com to two.sillydomain.com/blog, you’ll have to use an intermediary processor like PHP.

[code lang=”PHP”]
[/code]

Setting this code as the index.php for sillydomaintwo.com will suffice, as it will perform a 301 redirect to the target location.

In Apache, the simplest way to support this sort of configuration is to have the master sillydomain.com as its own VirtualHost with a ServerAlias of *.sillydomain.com. In another VirtualHost, set the ServerName as * with the above index.php in its DocumentRoot sillydomaintwo.com won’t match the first, but will match the * (catch-all) VirtualHost, run the index.php, then redirect to the first VirtualHost:

<VirtualHost *:80>
ServerName sillydomain.com
ServerAlias *.sillydomain.com
DocumentRoot /var/www/sillydomain.com
</VirtualHost>

<VirtualHost *:80>
ServerName *
DocumentRoot /var/www/sillydomain-redirect
#in this directory is the index.php with the redirection as described above
</VirtualHost>

Enable WebDAV with Plesk

Configuring WebDAV in Apache is simple, but it’s even easier to configure and manage with Plesk!

1. Create a Protected Directory
Log into Plesk and select the domain that is to receive the DAV repository. Click on “Protected Directories” and create a new one – name it as the DAV share will be named, for they are one and the same.

2. Configure WebDAV Users
Add users who should have access to this DAV repo.

3. Edit vhost.conf and Reconfigure Plesk
On the server, edit the domain’s vhost.conf and enter the following:

[code]<Directory “/var/www/vhosts/domain.com/httpdocs/DAVdir”>
DAV on
AllowOverride None
</Directory>[/code]

Regenerate Apache’s configuration and you’re golden:

[code]/usr/local/psa/admin/bin/websrvmng -av[/code]

4. Test
You can easily test DAV configuration by using a DAV client such as `cadaver’.

[code][kale@superhappykittymeow ~]$ cadaver http://www.domain.com/DAVdir
Authentication required for on server `domain.com’:
Username: kale
Password:
dav:/DAVDir/> ls
Listing collection `/DAVDir/’: collection is empty.[/code]

Success! You can manage access to the DAV share through the Plesk interface.

Apache MultiViews and RewriteRules

Don’t work together.

I think it’s a bug in mod_rewrite, to be honest, though more of a “not thinking these two modules would ever be used together” kind of oversight, rather than a full bug.

Essentially, if you are using MultiViews to make for pretty URLs (say, http://www.foo.com/bar, where ‘bar’ doesn’t exist, but instead loads the content from bar.php), and you attempt to implement RewriteRules to modify the URL, you will see erratic results.

If, for example, you have a RewriteRule as follows:

[code]RewriteCond %{HTTP_HOST} !^www\.foo\.com
RewriteRule (.*) http://www.foo.com/$1 [R=301,L][/code]

which, essentially, takes all non-WWW requests and makes them www.foo.com, you will find that MultiView URLs will be redirected to their real resources if the URL matches a rule. For example,

http://foo.com/bar

will become

http://www.foo.com/bar.php

after going through the MultiView filter and the RewriteRules. This is due to the way the rules work — essentially, the request will be parsed through mod_rewrite to find a match. If no match against the URL, the MultiView is processed to get the real resource which is then presented to the end user. If a match is made, however, mod_rewrite has mod_negotiation process the MultiView to find the real resource so it can properly do the rewrite — it is never changed back, however, to the pretty MultiView URL. If your goal is pretty URLs without any effort expended, relying on MultiView, you will find that RewriteRules are your nemesis.

There are a few routes available to get around this odd behavior, but my favorite (and easiest to implement) is to move the RewriteRule logic to the site code. It’s much harder to implement MultiView-esque functionality than it is to re-implement RewriteRules.

To implement the above RewriteRule, redirecting non-www to www, simply add an auto_prepend_file to your .htaccess in lieu of the RewriteRule as such:

[code]php_value auto_prepend_file “/var/www/html/prepend.php” [/code]

This file contains simply:

[code lang=”php”][/code]

With this code prepended to every PHP script (assuming your site is written in PHP, of course), all non-www requests will be redirected to www — *after* the MultiView is processed and not interfering with its inner workings.

Email alerts on new virus with Sophos

Sophos’s Linux antivirus product is an interesting beast, but I’ll reserve opinion. We offer a web interface wherein the end-user may review alerts, though some also wish an email alert. This can be configured through savwebd, the web GUI provided with the Sophos antivirus client, or configured on the command line:

[code lang=”bash”]cd /opt/sophos-av/bin
./savconfig -v # review current configuration settings
./savconfig set Email email@address.com # recipient
./savconfig set EmailNotifier true
./savconfig set EmailDemandSummaryIfThreat true
./savconfig set EmailServer localhost
./savconfig set SendThreatEmail true
./savconfig set ThreatMessage “A virus has been detected and blocked. Please contact your support team for more information.”
[/code]

Enable core dumps with apache, RHEL5

From this post on Jared’s tech blog:

[code lang=”bash”]echo “ulimit -c unlimited >/dev/null 2>&1” >> /etc/profile
echo “DAEMON_COREFILE_LIMIT=’unlimited'” >> /etc/sysconfig/init
echo 1 > /proc/sys/fs/suid_dumpable
echo “core.%p” > /proc/sys/kernel/core_pattern
echo “CoreDumpDirectory /var/apache-core-dumps” > \
/etc/httpd/conf.d/core_dumps.conf
mkdir /var/apache-core-dumps
chown apache: /var/apache-core-dumps
source /etc/profile
/etc/init.d/httpd restart[/code]

Now you can test it by sending a SIGSEGV to a random apache child process:

[code lang=”bash”]tail -f /var/log/httpd/error_log | grep -i seg &
ps auxwww |grep httpd (pick a random pid not owned by root)
kill -11 2014
[Mon Jul 06 21:05:39 2009] [notice] child pid 2014 exit signal
Segmentation fault (11), possible coredump in /var/apache-core-dumps
cd /var/apache-core-dumps
ls
core.2014[/code]

You can then get a backtrace using gdb:

[code lang=”bash”]gdb /usr/sbin/httpd core.2014
(gdb) > bt full[/code]

Brilliant – thanks Jared, I fought Apache for an hour to enable CoreDumps before putting my fist through the monitor!

Mount NTFS drive in RHEL5

Grab fuse, fuse-ntfs-3g and dkms-fuse from Dag’s repo:

[code lang=”bash”]wget http://www.mirrorservice.org/sites/apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/fuse-2.7.3-1.el5.rf.x86_64.rpm
wget http://www.mirrorservice.org/sites/apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/fuse-ntfs-3g-1.2310-1.el5.rf.x86_64.rpm
wget http://www.mirrorservice.org/sites/apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/dkms-fuse-2.7.2-1.nodist.rf.noarch.rpm[/code]

Install:

[code lang=”bash”]rpm -Uvh fuse-2.7.3-1.el5.rf.x86_64.rpm fuse-ntfs-3g-1.2310-1.el5.rf.x86_64.rpm dkms-fuse-2.7.2-1.nodist.rf.noarch.rpm[/code]

Mount:

[code lang=”bash”]mount.ntfs-3g /dev/sdc1 /mnt/usb/ -o force[/code]

Add a new hotswap SCSI drive

If you’ve got a SCSI card, SCA backplane, and a chassis that supports hotswappable drives, you can easily add a new drive without a reboot. Simply insert the drive and

[code lang=”bash”]cat /proc/scsi/scsi[/code]

Note the host, bus (channel), ID and LUN of the existing drive(s).

[code lang=”bash”]echo “scsi add-single-device h b i l” > /proc/scsi/scsi[/code]

where “h b i l” is the host, bus, id and lun of the new drive. If it’s going on the same adapter as the rest of the drive(s) listed already, use the same host, bus and lun — the id will be incremented by one:

[code lang=”bash”]echo “scsi add-single-device 1 0 1 0” > /proc/scsi/scsi[/code]

cat /proc/scsi/scsi and you should see the new device:

[code][root@foo scsi]# cat /proc/scsi/scsi
Attached devices:
Host: scsi1 Channel: 00 Id: 00 Lun: 00
Vendor: HITACHI Model: HUS103073FL3800 Rev: SA1B
Type: Direct-Access ANSI SCSI revision: 03
Host: scsi1 Channel: 00 Id: 01 Lun: 00
Vendor: SEAGATE Model: ST3146707LC Rev: 0005
Type: Direct-Access ANSI SCSI revision: 03[/code]

fdisk and make a filesystem as usual!

Red5 Installation and Usage

Red5 is an open source streaming flash media server. It’s a java-based application that is surprisingly easy to install and well-documented as such, though the documentation fails when it comes to usage — such as streaming live video.

Install:

Download from the Red5 page: http://osflash.org/red5/080rc1 . Caveat: I’ve never really gotten this page to work. I’ve mirrored it on my slice:

Java 1.5: http://slice.superhappykittymeow.com/~kale/red5-0.8.0-java5.tar.gz
Java 1.6: http://slice.superhappykittymeow.com/~kale/red5-0.8.0.tar.gz

Untar:

[code lang=”bash”]tar xzvf red5-0.8.0-java5.tar.gz[/code]

Run:

[code lang=”bash”]./red5.sh[/code]

That’s it for the install. Congratulations! Red5 is running and accessible at http://your-ip:5080 .

Go there and follow the instructions. Namely, click on where it states clearly to “Click here to install demos”. Red5 ships with a number of demos that are inappropriately named but you should probably install anyway if you want to do cool things like stream live video.

“oflaDemo” is the key mis-named application that need be installed. Select and click “install”.

Thereafter, visit the Publisher utility: http://your-ip:5080/demos/publisher.html

You may need to change the server settings to point to your server (hint: 127.0.0.1 won’t work — use the public IP). Create a stream with your input source (webcam, screencast, etc) and assign a stream name, and hit publish. Hurray, now that video is being broadcast over rtmp!

You can connect to this RTMP source using a Flash viewer like Flowplayer, setting the RTMP source as rtmp://your.ip/oflaDemo, with the clip URL as the name you assigned as the name in the publisher app.

Simple!

Adding IP aliases in FreeBSD

Edit /etc/rc.conf:

[code lang=”bash”]ifconfig_fxp0=”inet 1.2.3.4 netmask 255.255.255.192″
ifconfig_fxp0_alias0=”1.2.3.5 netmask 255.255.255.255″
ifconfig_fxp0_alias1=”1.2.3.6 netmask 255.255.255.255″
ifconfig_fxp0_alias2=”1.2.3.7 netmask 255.255.255.255″[/code]

Restart networking:

[code lang=”bash”]/etc/rc.d/netif restart && /etc/rc.d/routing restart[/code]

Better way to scan for – and clean up – virus activity

**NOTE** The following only works with FTP daemons that log full paths in xferlog — ie, not vsftpd with its default configuration. Works like a charm on Plesk, fails terribly on non-Plesk. For non-Plesk, please scroll to the bottom of this post.

I made an earlier post about this subject, but there are too many holes in the script provided. Rather, I’ve found this simple awk recipe to do the trick quite well.

[code lang=”bash”]awk ‘$12 != prev {print $9; prev=$12}’ xferlog | egrep “\.php|\.htm|\.shtm|\.js” | sort |uniq > ftp_modified.out[/code]

Note that the output it prints is not definitive, but it certainly gives you something to start with. Now, roll a grep:

[code lang=”bash”]cat ftp_modified.out |while read line; do grep -H iframe $line >> iframe.out ; done[/code]

**You will need to review this output to find the actual string and distinguish between legitimate iframes and the baddies.** The following sed will usually take care of about 80% of them:

[code lang=”bash”]cat iframe.out | awk -F\: ‘{print $1}’ | while read line ; do sed -i ‘s/