Sunday, 30 March 2008

Drupal 5.2 on Ubuntu 7.10 with Postgresql backend

Installing Drupal 5.2 on Ubuntu 7.10 with Postgresql requires several steps.
  1. Install php_pgsql (the required files are not installed after selection of the database
  2. Manually create a database user and a database:
    createuser -D -A -P drupal5
    createdb -O drupal5 drupal5
    Using the automated setup scripts creates a database that is not owned by the drupal user. Later, the installation process will not be able to create the required tables. It seems that dbconfig-common has its trouble handling postgresql databases.
  3. Install drupal using
    apt-get install drupal5
    Choose to set up the database manually. The dialog is likely to frighten you away, but you have already done everything necessary.
  4. Change the ownership of the data files. The script changes /var/lib/drupal5 to www-data (with is what Apache needs to read files). However, the files are in /usr/lib/drupal5. As they are still owned by root -> Error messages.
    chown -R www-data:www-data /usr/lib/drupal5
    does the trick.
  5. In /etc/postgresql/8.x/main/pg_hba.conf add a line:
    host drupal5 drupal5 password
    allows drupal to access the local database.
  6. Restart Apache and Postgresql
  7. In a browser query the server:
    You should see the Drupal logon screen.
  8. Create an administrative user
As easy as this list of actions sounds and as clear it seem now what one has to do, it was hard to figure out from all the error messages where the problem lay.

There is a helpful link in the Ubuntu forum. It helped me understand what was going on durign the installation process.

Error in OpenOffice DicOOo wizard

The dictionary installation wizard of OpenOffice 2.3 is not working correctly. You can start it, start DicOOo macro and download language specific dictionaries, thesauruses and hyphenation module. However, after launching OpenOffice again, spellchecking is still missing.

What's wrong?

Apt-get installs OpenOffice with a set of language packs. If one wants to install more language packs, OpenOffice offers a wizard to install them. I need some extra language packs for my work:
There are two officially announced methods to install:
  1. Use the wizard as root will install additional dictionaries into the /usr/lib/openoffice branch of the file system (I didn't try this, so I don't know whether it works)
  2. Use the wizard as user to install into the local home directory (I tried this and it definately did not work)
If you use local installation, all files fo into ~/.openoffice/user/wordbook directory. All files get copied. A special file - dictionary.lst - contains a list of installed language packs. You can install spell checking, hyphenation and thesauruses seperately (or exclude them by editing dictionary.lst)

In Windows installations local dictionaries get installed into a directory ...dict/ooo in the local application tree. It turns out that OpenOffice looks in ~/.openoffice/user/dict/ooo for additional language packs.

A better solution

Installing something into a directory which is not maintained by the installation scripts of the distribution may backfire later. If you want to give a user a specific language pack, installing into ~/.openoffice/user/dict/ooo is the only working solution.

If you want to install language packs globally, there is a better solution: Install the myspell localized languages.
This will not only install spellchecking, hyphenation and thesaurus for OpenOffice but will provide the same functionality for Mozilla Firefox and Thunderbird.


Friday, 21 March 2008

Adding Spamassassin to Postfix

Adding spam protection to Postfix, I installed Spamassassin. The Postfix web documentation describes installing Amavis as this also provides virus protection. I kept it simple by just using Spamassassin as a post queue filter.

First install the package:
sudo apt-get install spamassassin spamc
(You will need the spamassassin client later).

By default, Spamassassin logs into syslog. So you do not need to modify /etc/spamassassin/ You do need to enable Spamassassin by enabling launching the spamd daemon. Modify /etc/default/spamassassin by setting:
This will do the trick.

Finally you need to modify /etc/postfix/ Edit the line:
smtp inet n - - - - smtpd
smtp inet n - - - - smtpd -o content_filter=spamassassin
and add:
spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
to the end of the file (you have to indent line 2 and 3 in order to maintain the logic of filters). You also might find these lines in different forums. They suggest creating a new user account "spamd". I was reluctant to do this as it roadens the attack surface to the server. Starting Spamassassin with user nobody works perfectly fine.

Start Spamassassin and restart Postfix and there you are.

Tuesday, 11 March 2008

SD Card not working

I remember my SD card working in 6.10. I never checked in 7.04 but as i tried to read one in 7.10 I found out that SD cards do not work on either HP notebook I have.

This seems to be a known issue. The build in Ricoh SD card reader does not work.

I found some very clever hints to work around this issue. They all seem to stem from one single source and suggest to adjust PCI settings.

One tried to load module for TI card reader (?) Excuse me. Well, I tried in vain.

Another tried to set the PCI slot to readable.
sudo setpci -s 03:01.2 0xCA=0x57
sudo setpci -s 03:01.1 0xCB=0x02
sudo setpci -s 03:01.1 0xCA=0x00
Well it did not run (i did change the slot to the correct number). Here is a script that finds the slot automatically:
modprobe -r sdhci
setpci -s `lspci | grep "SD\/SDIO\/MMC\/MS\/MSPro" | awk '{print $1}'` 0xCA=0x57
setpci -s `lspci | grep "SD\/SDIO\/MMC\/MS\/MSPro" | awk '{print $1}'` 0xCB=0x02
# setpci -s `lspci | grep "SD\/SDIO\/MMC\/MS\/MSPro" | awk '{print $1}'` 0xCA=0x00
modprobe sdhci
This one does not work either.


It seems that there are some kiddies fiddling around with code they do not understand. Worse, they introduce regression errors and refuse to fix them. Continuing development like this will not build up a decent reputation for Ubuntu :-(

Installing Postfix SMTP server

Actually I installed Postfix before installing Dovecot. However, it took some tweaking to get dovecot running.

By default, postfix installs inboxes into /var/mail in a flat file format. This disallows creation of folder structures in the INBOX. I also run several domains on one server. It is simple to tell postfix to accept any combination of username@domain_x. In operation, this will lead to combinations that are certainly not desirable.

To fix this, I had to set up some domains as virtual domains in /etc/postfix/
virtual_alias_domains = my.domain
virtual_alias_maps = hash:/etc/postfix/virtual
I also want to allow for certain type errors. If someone does not know the correct email address, I consider it convenient to give some support. So I set up aliases in /etc/aliases like:
first.last@my.domain user
f.last@my.domain user
first_last@my.domain user
flast@my.domain user
This usually provides a reasonable catch for misspelled email addresses. The same procedure applies to mail aliases for the virtual domaines. However the translation table goes into /etc/postfix/virtual.

I used domain masquerading to conceal mail sent from client computers. They are sent with my main domain:
masquerade_domains = my.domain
Did I already mention I am aware about security? Well, I am. I adjusted which client is allowed to connect:
smptd_client_restriction = permit_mynetworks, reject_unknown_client, permit

smtpd_helo_restrictions = permit_mynetworks, reject_unknown_client, reject_invalid_hostname, reject_unknown_hostname, permit_naked_ip_address, reject_non_fqdn_hostname, permit

smtpd_sender_restrictions = permit_mynetworks, reject_unknown_client, reject_invalid_hostname, reject_unknown_hostname, permit_naked_ip_address, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_non_fqdn_sender, permit

smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_client, reject_invalid_hostname, reject_unknown_hostname, permit_naked_ip_address, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_recipient_domain, permit
These restrictions are set in order of Postfix processing. I kept all restrictions in each line in order to catch Windows client behaviour.

Finally, in order to allow dovecot to connect and manipulate my folder structure without limitations, I had to set the mailbox directory:
home_mailbox = Maildir/
I experimented here and it did work. But it never was right. Some mistakes were:

home_mailbox = ~/Maildir/ ... created a directory ~/~/Maildir/ that is hard to cd into.
home_mailbox = /home/%u/Maildir/ ... created a %u directory in /home. As all mailboxes are stored into this directory, this leads to collisions. Not so good.

I am happy with the current setting. A symlink from /var/mail/user to /home/user allows for easy administration.

Finally postfix works as intended, domains are separated correctly, users can store folders in their INBOX and dovecot connects beautifully ;-)

Thursday, 6 March 2008

Installing Dovecot IMAP server

It's time to replace my good old Exchange server with something more open source. Dovecot seemed a pretty stable and secure IMAP server.

Dovecot requires some tweaking. First, the logs are placed into syslog. If you don't like it (like myself) you have to change the location of the logfile. In the configuration file /etc/dovecot/dovecot.conf enter (or change if set):
log_path = /var/log/dovecot.log
This will produce a log file that grows in size without any restriction. I didn't like this so I added a script that rotates the log files on a daily basis:
# dovecot SIGUSR1: Re-opens the log files.
/var/log/dovecot*.log {
/bin/kill -USR1 `cat /var/run/dovecot/
2>/dev/null` 2> /dev/null || true
Name this file /etc/logrotate.d/dovecot and place it into the correct directory.

I also changed the greeting string in /etc/dovecot/dovecot.conf to:
login_greeting = *
as I do not want Dovecot to notify every weired spammer about who it is.

There is a caveat in dovecot. If your server adjusts the system time regularly and your system clock runs slightly faster than the NTP server, dovecot will terminate itself with an error message:
dovecot: 2008-03-06 23:59:54 Fatal: Time just moved backwards by 9 seconds. This might cause a lot of problems, so I'll just kill myself now.

As the wiki states, there is no easy way around this. I created a cron job to restart dovecot each day at 0:02. If the server terminated, the script will start the daemon. If the server is running, restarting it will not harm the system.

This is a dirty workaround. I shall have to get through to installing ntpd later.