Server setup: forwarding only local email

Often, when setting up email on a server, you want to receive email from local processes (cron jobs, etc) but don’t want email accounts to be abused by spammers. For example, on Ubuntu systems you might have a cron job that runs as www-data that you want to get mail from, but you don’t want spammers sending email to I just had a client ask me to fix this problem for them, so I thought I’d share the solution I came up with. Typically, the /etc/aliases file directs mail from all these extra accounts (like www-data, nobody, etc) to root and you’re expected to set up an forwarder for root (e.g. Instead of directing mail for all these accounts to root, I created a locked out account. The only purpose of this account is to verify that only locally generated email is sent on to the end recipient. No more Viagra spam for! To set up the locked out account:

$ sudo /usr/sbin/useradd localmail  $ sudo /usr/sbin/usermod -L -s /dev/null localmail  $ echo '"|exec /usr/bin/procmail"' | sudo -u localmail tee ~localmail/.forward  $ echo <<EOF | sudo -u localmail tee ~localmail/.procmailrc  # replace with whatever domain locally generated email has  :0:  * !^Return-Path: .*  /dev/null    :0:  !root  EOF

This works with postfix, but I haven’t tried other MTAs.

Google Gears for 64bit Linux Firefox

Since I run 64bit Ubuntu, I couldn’t use use Google Gears. Which was annoying. The Google Gears site says 64bit OSes are not supported. But it is open source. So I grabbed the source code, tweaked a few things here and there and I now have Google Gears up and running on my 64bit OS. It hasn’t crashed and burned yet, but I haven’t really tested it heavily yet, either (suggestions welcome). Anyway, here’s the XPI to install it. I’ll post the source soon. Or maybe just the diffs to the Google Gears list.

Switching away from Google Reader

I have this “thing” about owning my own data. I probably won’t be a real user of Tim O’Reilly’s Internet OS. I like running my own mail server — not relying on Google for Domains, not giving Google more and more data to feed into their advertising. But I’ve been using Google Reader. I’m not sure what Google is doing with that information, but, well, I can run my own feed reader on the desktop. So I switched to Liferea. Besides nice things like task-bar notifications, integration with — or, with a SMOP, my own GotNoBlog — it allows me to pull RSS feeds that require authentication so that I can read LiveJournal friends-only feeds now. I’ve managed to reclaim a little bit of my data. Hurrah!

Open Source Talk

(Took some more pics on my ride yesterday. Played with macro a bit, too.) Last night, I gave a talk at the Central PA Linux Users Group (CPLUG) that I called “Bringing Open Source to Africa”. While I could have made it more general and talked about the various Open Source projects that have grown out of or are centered around Africa — and perhaps this is a topic for another time — I focused on the projects that IntraHealth is doing and how we’ve created or used Open Source. The talk was followed by some good discussion and I got to talk about KnowledgeTree some as one of my friends there had heard of it and thought it would be useful, but was a little scared of setting it up. The biggest drawback was that, due to my poor planning, I didn’t get a set of slides done till just before the talk. I was lucky here because other people at IntraHealth have done so many talks so I was able to use their material to create my own presentation. (copy of my slides.)

(Today, I took my camera with me on my ride. 30miles at 30degrees. Click the photo for a couple more.) After flirting with Google’s Picasa for Linux for managing my photos, I’m back to using f-spot. I like the timeline and that it doesn’t ask me to give a single “folder” for all the pictures I’m importing, but, instead, creates a directory structure so that my photos are sorted by date. Interestingly enough, it is actually better than Picasa for importing. Picasa won’t automatically rotate images when importing them from the camera where f-spot will. I still use Picasa for uploading pictures to be printed out (F-spot doesn’t support uploading to Wal-Mart), and I love the online Picasa’s ability to help recognise and tag people in photographs — 7000 faces in 10,000 photos are no fun to do by themselves, but when Google picks out the faces and suggests names, it becomes a little game to see how good it gets and to see which person Google thinks looks like each of my kids. (Yeah, I’m probably helping them improve their facial recognition software and they’ll end up selling that to the TSA, but … oh well.)

Ubuntu Packages and PHP

(Hello, Planet Ubuntu Users!  I’m looking for a second MOTU on my php-xdebug package as well as someone to revu my libapache-test-perl package.  Any takers?) Emacs CVS now includes XFT (i.e. smooth fonts) in the main branch, so I’m discontinuing my old emacs-xft-snapshot build.  Still, the other emacs-snapshot package is targeted to Debian and I’m running Ubuntu Gutsy.  So I’ve uploaded a snapshot build to my PPA on Launchpad. One thing that I included is flymake support for PHPCarl asked me earlier today if I knew how to get the compilation mode in Emacs to work with PHP’s lint function to find highlight problems.  I said flymake would be better, but didn’t know how to do that right off, either. After a bit of twiddling, I figured it out and, as a bonus, got compilation mode figured out, too. If you want to enable flymake for PHP-mode (yes, I have a Debian package for that, too) in a version of Emacs you already have installed, add the following code to your .emacs file:

;; Flymake PHP Extension (require 'flymake) (unless (fboundp 'flymake-php-init)   (defun flymake-php-init ()     (let* ((temp-file (flymake-init-create-temp-buffer-copy                        'flymake-create-temp-inplace))            (local-file (file-relative-name                         temp-file                         (file-name-directory buffer-file-name))))       (list "php" (list "-f" local-file "-l"))))) (let ((php-ext-re "\\.php[345]?\\'")       (php-error-re        "\\(?:Parse\\|Fatal\\) error: \\(.*\\) in \\(.*\\) on line \\([0-9]+\\)"))   (unless (assoc php-ext-re flymake-allowed-file-name-masks)     (add-to-list 'flymake-allowed-file-name-masks                  (list php-ext-re                    'flymake-php-init                    'flymake-simple-cleanup                    'flymake-get-real-file-name))     (add-to-list 'compilation-error-regexp-alist-alist                  (list 'compilation-php                    php-error-re  2 3 nil nil))     (add-to-list 'compilation-error-regexp-alist 'compilation-php)     (add-to-list 'flymake-err-line-patterns                  (list php-error-re 2 3 nil 1))))

Now, whether you’re using the emacs you started with or the latest emacs-snapshot, you need to tell emacs to use flymake on PHP files.  Add:

(add-hook 'php-mode-hook (lambda () (flymake-mode t)))

to your .emacs file and you’re good to go.

Ubuntu hates XFS

I was a little worried that the hard drive in my laptop was dying (though, looking at the Load_Cycle_Count, I don’t think it is Ubuntu’s fault, at least not because of cycle time) and since I was on-site, I was able to get a loaner laptop.  I decided to use XFS (/boot would be ext3). Big Mistake. Everything worked great on the installation, but as soon as I installed all the updates and rebooted, gnome-terminal wouldn’t start. Took a little doing, but I discovered that my XFS partition had become corrupted.  Ran xfs_repair and it dumped a few files in /lost+found. But now things work. Take heed.

Linux on the desktop is definitely here

In talking to some people about my mother’s experience with Ubuntu, I decided that the one thing Canonical could do to make it all easier would be to build a Windows- or C#-based downloader-and-cd-burner. (C# so that it would work on a Mac or Linux as well as Windows.) Using this hypothetical app, people like my mother could download an ISO, fetch and verify a GPG-signed MD5 checksum, and burn a cd using a single application. No more fumbling with multiple unfamiliar applications to accomplish a single task. Still, with prominent mention of Dell computers on Ubuntu’s front page, with the advent of $200 computers loaded with Linux, with nerdy sons like me, even the streamlined ISO burner may not be as urgent to get Ubuntu on Grandma’s desktop. But it would really help.

The Freetard gives his Mama a bit of Ubuntu

How is it that some fancy-pants framework is always the right tool for an abstract job and PHP is the right tool for a real job? (The right tool for the slob) Exactly. Though I would say “Why do all these freetards talk about freedom, but then give their Mama a Mac?” So it is good that an idealist, freetard like myself actual tests his ideals in the real world. In this case, the test subject was an important one: my mother. A couple of weeks ago, Mark Pilgram’s post about switching his father to Ubuntu reminded me that I had told my mother she should try Ubuntu since her Windows laptop was slowing down. That weekend, I mentioned it to her again in email. Her response was “Ubuntu is what? … oh I see something about printing. That would be GREAT if I could communicate from my computer to the printer.” (You can read our whole email exchange, if you like.) Given her limited knowlege of Linux, I asked her to try it out. In fact, I made it more challenging. I pointed her to the Ubuntu download page and asked her to download the ISO and burn it … and I wouldn’t help her. She managed to get a Dapper installation CD burned (I didn’t tell her which version to try) but ended up thinking she had failed because the MD5 checksum process didn’t work. Or maybe it did and the download was bad. Still, I was able to use the CD when we met up a week later. In the end, that part of the experiment showed part of the failures of Ubuntu’s efforts. At least when it come to 56 year-old grandmothers, Ubuntu’s download page is too filled with jargon to be really useful. And I don’t know where to report this bug. Even though we live a thousand or so miles apart, we happened to be getting together the next weekend. So I got a Gutsy CD ready so that I could walk her through the Ubuntu installation and finish it up. Even then, my faith in Ubuntu was shattered. When I asked her to boot off the CD, she did, but she started it in safe mode (which probably created other problems). Still, there were a few bright spots. Perhaps the biggest thing Ubuntu got right was converting her existing Windows user, including bookmarks and IM account, over to the equivilent programs in Linux. That feat, in and of itself, makes me almost forgive all else. Still, there were a number of things that the installation didn’t get right:

  1. When it is converting the only existing Windows user, it asks for a username and password. And then it asks for the “default” username and password on the next screen. Why?
  2. Resizing the disk when you want to preserve the existing Windows installation is too confusing. Still.
  3. The Live CD installation tells you to “remove the CD and reboot”, but you can’t remove it when the Live CD environment is still running.
  4. The boot splash screen was a blank screen and you would have thought the installation failed if you hadn’t seen this before and watched the drive activity light
  5. She has a widescreen laptop, but it defaulted to 1024×768 and a VESA driver instead of 1280×768 and an ATI driver
  6. Suspend on her Compaq Pressario V2000 doesn’t work.
  7. Her broadcom wireless meant I had to download drivers on my laptop and transfer them to hers.

(Yes, I still need to report these bugs.) But even after all this, I was still encouraged when I explained that we wanted to preserve her Windows partition and she asked “Why? I won’t be needing it any more!” In the end, she went home with Ubuntu running on her laptop and seemed pretty happy with it. Hopefully, in a few weeks I can write more about any snags she has run into.