Admin Life Errors, Fixes, and Encounters

27Mar/12Off

eAccelerator freebsd error shmmax

Freebsd has an issue with eAccelerator right now where when you try to start it it gives you an error "eAccelerator: shmmax should be at least 2MBPHP Warning"

To fix this we're going to remove eAccelerator then reinstall it:

# cd /usr/ports/www/eaccelerator

# make deinstall

# vi MakeFile

The "CONFIGURE_ARGS=" line needs to be changed so it looks like this
CONFIGURE_ARGS= --with-eaccelerator-shared-memory \
--with-eaccelerator-userid=80 \
--without-eaccelerator-use-inode

save the file and exit

then
# make install clean

restart apache

Filed under: Errors, FreeBSD No Comments
10Feb/12Off

Move MySQL database directory

By default mysql installs itself in /var/db in freebsd. If you have a big database then this folder will quickly get filled up.
Here are the commands to move mysql from /var/db to /usr/local/mysql

cd /var/db
mv mysql /usr/local/
ln -s /usr/local/mysql mysql

cd /usr/local
chown -R mysql mysql

Then start up mysql

done.
27Sep/11Off

Apache freebsd munin not working together

I came across an issue with Apache 2.2 on freebsd 8.2 where munin wasn't graphing the Apache data. (apache_accesses, apache_processes and apache_volume )

When I tailed the munin error log I found this error.

tail /var/log/munin/munin-node.log
munin UserAgent not found at apache_volume line 86.
With some researching on google I found this nice munin command to tell me more about how to setup munin. IE what we can install on freebsd.

/usr/local/sbin/munin-node-configure --suggest
The output gave us "LWP::UserAgent not found". which means, install Perl's libwww.

To fix this error we install p5-libwww

cd /usr/ports/www/p5-libwww/
make install clean

Restart munin and everything should now work.

# ./usr/local/etc/rc.d/munin-node restart

ref: http://articles.slicehost.com/2010/4/9/enabling-munin-node-plug-ins-on-ubuntu

27Sep/11Off

Install eAccelerator on FreeBSD – High Performance PHP

eAccelerator is a PHP caching system, it caches frequently used portions of PHP files to RAM to increase performance. This is especially great on high traffic websites such as forums. Performance gains of up to 1000% have been seen with eAccelerator. The following tutorial is how to install eAccelerator on FreeBSD using ports.

Using ports, compile and install:


cd /usr/ports/www/eaccelerator
make install clean

Make modifications to php.ini:

If you are using Zend:

vi /usr/local/Zend/etc/php.ini (this is the default location)

Add the following:

zend_extension="/usr/local/lib/php/20020429/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"

Comment out the following lines:

zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.7
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.7

If you are not using Zend optimiser the add the following to your php.ini:

extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

Create the caching directory:

mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator

look inside /tmp/eaccelerator/ to see if the cache files were created.

Filed under: Code, FreeBSD, PHP No Comments
14Dec/10Off

Rate limit e-mail providers

If you're like me and need to manage large amounts of emails, one thing that must be done is limiting the speed email providers like yahoo.com, hotmail.com, live.com, gmail.com, aol.com get your email.

I don't go into much detail here but this is the setup I've researched and currently use.

First we edit main.cf and go to line 561 (i just like to keep things together)

vi /etc/postfix/main.cf

Add the following lines into main.cf

transport_maps = hash:/etc/postfix/transport

smtpslow_destination_concurrency_limit = 2
smtpslow_destination_recipient_limit = 15
smtpslow_destination_rate_delay = 2s
smtpslow_destination_concurrency_failed_cohort_limit = 2

Edit the transport file and add the domains we'd like to slow sending with.

vi /etc/postfix/transport

yahoo.com smtpslow:
gmail.com smtpslow:
hotmail.com smtpslow:
aol.com smtpslow:
comcast.com smtpslow:
live.com smtpslow:
msn.com smtpslow:
sbcglobal.net smtpslow:
verizon.net smtpslow:
bellsouth.net smtpslow:
yahoo.ca smtpslow:
cox.net smtpslow:
ymail.com smtpslow:

Go to the postfix directory and postmap(hash) the transport file

cd /etc/postfix && /usr/local/sbin/postmap transport

Now we need to change the following in master.cf.

vi /etc/postfix/master.cf

Make sure you have space or tabs before -o as it will not work if you don't.

smtpslow unix - - n - - smtp
-o smtp_helo_timeout=5
-o smtp_connect_timeout=5

Restart postfix and we're done.

/usr/local/sbin/postfix reload

19Oct/10Off

setup jails on freebsd

we'll be creating 4 jails + main host (5 machines in total)

First, lets create some folders where the jails will be stored.

mkdir /usr/jails && mkdir /usr/jails/mail1 && mkdir /usr/jails/mail2 && mkdir /usr/jails/mail3 && mkdir /usr/jails/mail4

then we add some settings to rc.conf

# vi /etc/rc.conf

Add these line right after (remember, every machine has a differnt network card reference (bge0)). Change it to your machines network card.

ifconfig_bge0="inet 192.168.1.157 netmask 255.255.255.0"

ifconfig_bge0_alias0="inet 192.168.1.211 netmask 0xfffffff8"
ifconfig_bge0_alias1="inet 192.168.1.212 netmask 0xfffffff8"
ifconfig_bge0_alias2="inet 192.168.1.213 netmask 0xfffffff8"
ifconfig_bge0_alias3="inet 192.168.1.214 netmask 0xfffffff8"

if you don't want to reboot, you'll also have to setup the alias now so you can ssh in later...
ifconfig bge0 inet alias 192.168.1.211 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.212 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.213 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.214 netmask 255.255.255.255

near the bottom of the file, add following and makre sure you change the IP's & paths if different than above.

#only have 5 IP's. 1 for the main server and 4 for the jails
#jail_list="mail1 mail2 mail3 mail4"

jail_enable="YES"
jail_list="mail1 mail2 mail3 mail4"
jail_set_hostname_allow="YES"

jail_mail1_rootdir="/usr/jails/mail1"
jail_mail1_hostname="mail1.example.com"
jail_mail1_ip="192.168.1.231"
jail_mail1_start="/bin/sh /etc/rc"
jail_mail1_devfs_enable="YES"
jail_mail1_devfs_ruleset="devfsrules_jail"

jail_mail2_rootdir="/usr/jails/mail2"
jail_mail2_hostname="mail2.example.com"
jail_mail2_ip="192.168.1.232"
jail_mail2_start="/bin/sh /etc/rc"
jail_mail2_devfs_enable="YES"
jail_mail2_devfs_ruleset="devfsrules_jail"

jail_mail3_rootdir="/usr/jails/mail3"
jail_mail3_hostname="mail3.example.com"
jail_mail3_ip="192.168.1.233"
jail_mail3_start="/bin/sh /etc/rc"
jail_mail3_devfs_enable="YES"
jail_mail3_devfs_ruleset="devfsrules_jail"

jail_mail4_rootdir="/usr/jails/mail4"
jail_mail4_hostname="mail4.example.com"
jail_mail4_ip="192.168.1.234"
jail_mail4_start="/bin/sh /etc/rc"
jail_mail4_devfs_enable="YES"
jail_mail4_devfs_ruleset="devfsrules_jail"

------------------------------------------

Make the virtual system

cd /usr/src
make world DESTDIR=/usr/jails/mail1

if you get this error "make: don't know how to make world. Stop"
it's because you don't have to source tree installed...
look at cvs-supfile blog post to know how to do it...

cd etc
make distribution DESTDIR=/usr/jails/mail1
cd /usr/jails/mail1
ln -sf /dev/null kernel

touch /usr/jails/mail1/etc/fstab
cat /etc/resolv.conf > /usr/jails/mail1/etc/resolv.conf
mount -t procfs proc /usr/jails/mail1/proc
mount -t devfs dev /usr/jails/mail1/dev
mkdir /usr/jails/mail1/usr/ports
mount_nullfs /usr/ports /usr/jails/mail1/usr/ports

Once the first jail is created, we can just copy jails and not have to redo "make world" which takes awhile.

----------------------------------------------

Configuration of the jail
Start the jail for the first time

# /etc/rc.d/jail start mail1

If you try to SSH into the jail, you will end up in the main machine and not in the jail.
To fix this add the following line to /etc/rc.conf

rpcbind_enable="NO"

vi /etc/ssh/sshd_config

Port 22
Protocol 2
ListenAddress 192.168.1.157

Now we jump into the jail for some 1st step configurations

# jail /usr/jails/mail1 mail1.example.com 192.168.1.231 /bin/sh

now you are inside the jail:

change the root password
# passwd

add a new user and invite the user to the wheel group (so you can su to root)
# adduser

So we can ssh into the jail

# echo 'sshd_enable="YES"' >> /etc/rc.conf

install bash, change the users shell to bash
if you are in a jail and ports doesn't exit you have to remount the ports Filesystem
# cd /usr/ports/shells/bash
# make clean; make install clean
# chsh
change the shell to: /usr/local/bin/bash

Host environment syslogd
This entry in /etc/rc.conf tells syslogd to not listen on any IP address.

syslogd_flags="-ss"

That allows syslogd to run in both the host and the jail environments.

Host environment inetd

This entry in /etc/rc.conf tells inetd to listen on a specific IP address. This address is that of the host environment:

inetd_flags="-wW -C 60 -a 192.168.0.100"

You should note that the first part of the above flags is from /etc/defaults/rc.conf:

inetd_flags="-wW -C 60" # Optional flags to inetd

jail_enable="YES"
jail_list="mail_1"
jail_set_hostname_allow="YES"

jail_mail_1_rootdir="/usr/jails/mail_1"
jail_mail_1_hostname="mail_1.example.com"
jail_mail_1_ip="192.168.1.202" jail_mail_1_start="/bin/sh /etc/rc"
jail_mail_1_devfs_enable="YES"
jail_mail_1_devfs_ruleset="devfsrules_jail"

if you forget root password
jail /dumpdrive500/jails/devbox2 devbox2 192.168.1.152 /usr/bin/passwd root

------------------------------------------------

Clone the Jails

mkdir /usr/jails/mail2
cd /usr/jails/mail1
tar -cpf - . | tar -C /usr/jails/mail2 -xpf -

Mount all the needed directories for the cloned jails

mount -t procfs proc /usr/jails/mail1/proc
mount -t devfs dev //usr/jails/mail1/dev
mount_nullfs /usr/ports /usr/jails/mail1/usr/ports

vi /etc/rc.conf
added in -------------
jail_devbox5_rootdir="/usr/jails/mail1"
jail_devbox5_hostname="devbox5.example.com"
jail_devbox5_ip="192.168.1.155"
jail_devbox5_start="/bin/sh /etc/rc"
jail_devbox5_devfs_enable="YES"
jail_devbox5_devfs_ruleset="devfsrules_jail"

/etc/rc.d/jail start devbox5
ref: http://www.freebsd.org/doc/en/books/handbook/jails-build.html [[BR]]
ref: http://www.freebsddiary.org/jail-6.php

19Oct/10Off

freebsd cyrus sasl2 saslauthd

Here is a step by step setup of what I did to get cyrus sasl2 saslauthd working on Freebsd

You'll notice that i reinstall postfix due to the fact that I needed it compiled with sasl2 which I didn't have.

# cd /usr/ports/security/cyrus-sasl2-saslauthd
# make install clean
# cd /usr/ports/mail/postfix
# make config (make sure you check on cyrus-sasl2-saslauthd)
# make
# make FORCE_PKG_REGISTER=yes install clean

now you edit /etc/rc.conf and add the following lines near the top of the file.

postfix_enable="YES"
saslauthd_enable="YES"

#If you not need sendmail anymore, please add in your rc.conf:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# And you can disable some sendmail specific daily maintenance routines in your system
# If /etc/periodic.conf does not exist please create it and add those values.

/etc/periodic.conf file:

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

After installing saslauthd

/usr/local/etc/rc.d/saslauthd start
vi /etc/postfix/main.cf

Add this to the end...

# sasl config
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =

smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

/usr/local/sbin/postfix stop && /usr/local/sbin/postfix start

/usr/local/sbin/saslpasswd2 -c -u domain.com -a smtpauth usernameeee

/usr/local/etc/rc.d/saslauthd restart

Filed under: FreeBSD, Unix No Comments
7Jun/10Off

setup domainkeys with postfix and freebsd on a jail

How to setup domainkeys for yahoo on freebsd 7.3 (I'm sure it works with older versions of freebsd) on postfix 2.7. This may seem long but it works! It's not that long of a process...

Fist, Install postfix and configure. This is a very basic setup, I'll have a more advanced postfix install in the near future.

cd /usr/ports/mail/postfix
make install clean
cd /etc
ln -s /usr/local/etc/postfix postfix
cd /etc/postfix
vi main.cf

// change the following
/////////////////////////////////////
myhostname = mail1.domain.com
mydomain = mail1.domain.com
myorigin = $mydomain
inet_interfaces = 56.56.56.56
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks = 56.56.56.56,127.0.0.1

install dkfilters

cd /usr/ports/mail/dkfilter
make install clean

//Setting up the outbound filter
/////////////////////////////

Generate a private/public key pair using OpenSSL:

cd /usr/local/etc/
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

start up dkfilters, don't forget to change IP 56.56.56.56 to your own IP

/usr/local/bin/dkfilter.out --keyfile=/usr/local/etc/private.key --selector=selector1 --domain=mail1.domain.com --method=nofws 56.56.56.56:10027 56.56.56.56:10028 &

add to master.cf, 2nd line if a jail server

############################################
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
#-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[56.56.56.56]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime
56.56.56.56:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=67.213.69.0/24
-o smtpd_authorized_xforward_hosts=56.56.56.0/24

I got this error in the /var/log/maillog
postfix/local[11933]: fatal: open database /etc/aliases.db: No such file or directory
// to fix it...

cd /etc
newaliases

# change resolv.conf if you haven't done so yet...
# update hosts with correct IPs of machine

// restart postfix

/usr/local/sbin/postfix stop
/usr/local/sbin/postfix start

May 31 22:00:22 mail1 postfix/postfix-script[12148]: stopping the Postfix mail system
May 31 22:00:22 mail1 postfix/master[12023]: terminating on signal 15
May 31 22:00:25 mail1 postfix/postfix-script[12224]: starting the Postfix mail system
May 31 22:00:25 mail1 postfix/master[12225]: daemon started -- version 2.7.0, configuration /usr/local/etc/postfix

didn't work with yahoo, i got this error
domainkeys=permerror (no key);
FIX: in my dns i added (in godaddy)

host: selector1._domainkey.mail1
TXT value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIshG7shxiCH280IycLOzF3cSTBE27rGypfK3SWiE37A9Z9OR7GDApCFBFfLWyQKaDPA+e4+mPvAVizOfn6Zj8FnuOL+BrOYUJJG/PbCT4t+V5Aagi/l7Z6VXfoKbzYcESNVPntROEzUZLyWXWYzI2qbgjWi2RxQVoRxl3uWXihQIDAQAB; t=y

error after installing postfix and trying to start it up...

Jun 1 14:32:14 mail1 postfix/postfix-script[60663]: starting the Postfix mail system
// Jun 1 14:32:14 mail1 postfix/master[60664]: fatal: bind 56.56.56.56 port 25: Address already in use

vi /etc/rc.conf
add sendmail_enable="NO"

restart jail or machine

error with SPF
check to see if it can find a value for your spf

nslookup -type=TXT domain.com

For a sub domain

nslookup -type=TXT mail1.domain.com

Stay tuned for a more up-to-date version in the next week or two.

2Jun/10Off

how to add a new munin node with freebsd

Here is what I did to add a new munin node in freebsd to an existing munin server.

cd /usr/ports/sysutils/munin-node/
make install clean

When asked about the logs, answer yes. We want munin to rotate the logs.

Would you like me to set up log rotation [y]?

After the munin install this is what we see and need to do.

********************************************************************
Unless this file already existed, a sample configuration file
has been placed in /usr/local/etc/munin/munin-node.conf.

Please edit it according to your needs.

********************************************************************

The Munin client will *not* be started automatically. To allow it
to start, put this line in /etc/rc.conf:

munin_node_enable="YES"

Then, it will be started on the next boot. If this line is already
present, the client will be started now. Otherwise, edit
/etc/rc.conf and execute this command:

/usr/local/etc/rc.d/munin-node start
********************************************************************

Lets do the easy stuff first for munin.

vi /etc/rc.conf

add munin_node_enable="YES" somewhere in the file. I like to keep all the enable options together

munin_node_enable="YES"

The plugins directory in freebsd is empty, so for munin node to work we need to add symbolic links.

cd /usr/local/etc/munin/plugins

ln -s /usr/local/share/munin/plugins/cpu cpu
ln -s /usr/local/share/munin/plugins/df df
ln -s /usr/local/share/munin/plugins/df_inode df_inode
ln -s /usr/local/share/munin/plugins/if_errcoll_ if_errcoll_fxp0
ln -s /usr/local/share/munin/plugins/if_ if_fxp0
ln -s /usr/local/share/munin/plugins/load load
ln -s /usr/local/share/munin/plugins/memory memory
ln -s /usr/local/share/munin/plugins/netstat netstat
ln -s /usr/local/share/munin/plugins/ntp_offset ntp_offset
ln -s /usr/local/share/munin/plugins/open_files open_files
ln -s /usr/local/share/munin/plugins/processes processes
ln -s /usr/local/share/munin/plugins/sendmail_mailqueue sendmail_mailqueue
ln -s /usr/local/share/munin/plugins/sendmail_mailstats sendmail_mailstats
ln -s /usr/local/share/munin/plugins/sendmail_mailtraffic sendmail_mailtraffic
ln -s /usr/local/share/munin/plugins/swap swap
ln -s /usr/local/share/munin/plugins/vmstat vmstat

Next, lets look at the conf file

vi /usr/local/etc/munin/munin-node.conf

update the allow line to the IP address of the munin server

allow ^192\.168\.1\.105$

everything else is good, save and exit

for the munin server
add the IP address of that machine

vi /usr/local/etc/munin/munin.conf

Add this to the end of munin.conf

[server1.domain.com]
address 192.168.1.203
use_node_name yes
notify_alias server1

load.notify_alias load

df.notify_alias df

# /
df._dev_mirror_gm0s1a.warning :85
df._dev_mirror_gm0s1a.critical :90

# /tmp
df._dev_mirror_gm0s1e.warning :80
df._dev_mirror_gm0s1e.critical :90

# /usr
df._dev_mirror_gm0s1f.warning :80
df._dev_mirror_gm0s1f.critical :90

# /var
df._dev_mirror_gm0s1d.warning :80
df._dev_mirror_gm0s1d.critical :90

If you haven't done so you can start munin-node from

cd /usr/local/etc/rc.d/
./munin-node start

If munin node doesn't update after 5..10 minutes look at the munin main log to find any errors that you may have.

cd /var/log/munin-main
vi munin-update.log