Kembara Jalanan…

There is a bind9 vulnerability so I’m in the process of updating our DNS servers. Though we don’t use the features that can trigger the DoS attack but I think it’s better to be safe.

Also the creation of webmail jails is on hold due to jails can’t be NFS clients. I can mount NFS using the system host but it’s going to be messy to maintain. Hence I’m going to try jails on the FreeBSD 8 where each jail has its own network stack by using vimage. I’m gonna start doing it after the FreeBSD team starts producing 8 branch without the debug codes turned on.

Also created a whitelist file for Postfix to cater with complaints about other SMTP servers not able to send email to MMU due to their SMTP servers not configured properly (doesn’t have FQDN). MMU by default deny any SMTP connection from unknown hosts and clients.

I’ve been administering jails on FreeBSD servers using jailctl port. I notice that a lot of people are recommending ezjail-admin but since I’m familiar with jailctl, I just continue on with it.

Today (yesterday…) I was configuring a new server to host several jails and I thought to try ezjail-admin. I find that it is d’ best jail administration port for FreeBSD. What I find amazing is the ability to simply update one tree of jail directory and all the jails will be updated. That’s pretty kewl.

I’m still learning and is hoping to try FreeBSD 8.0 soon. Can’t wait to fiddle with Vimage! Using vimage and jails will be awesome!

I’m in the process of building another webmail server for staff and student of MMU (both going to be in the same host using FreeBSD jails). I was going to use a machine that was free after we replace it with a brand new dedicated packet shaper. In the attempt to patch the cable from our WAN switch to our data center’s core switch without turning off bridge on both interface :O I think the spanning tree in the core switch goes haywire. ROFL! But in the end we managed to solve the problem.

That was really stupid of me. I’ve already configured both interfaces in the new server and turned off bridge in the /etc/rc.conf file but I haven’t restarted the machine or even do the changes manually… lalalala.

I updated the packages in the student webmail server and there were some hiccups with authentication. A simple recompile of nss_ldap and pam_ldap solves the issue. php_cgi wasn’t running also and the problem was with php_curl not being able to load. A recompile of php_curl solves the problem.

The biggest issue was with Squirrelmail authentication which stopped working. My first thought was that pam_ldap and nss_ldap weren’t running alright so I recompiled them again but it was a no go. I enabled authentication debug in dovecot and checked the log, looks like the imap connection die immediately after the authentication was successful. The log in the ldap server shows that everything was working fine.

I was tired so I recompiled the WHOLE packages in the student server hoping that the problem will magically disappear. After several hours, I tried to log in again but… *sigh*. So, after testing that authentication works with POP3, I was convinced that the issue was with Squirrelmail itself.

I checked the Squirrelmail’s plugin first by disabling all and enable them one by one. Lo and behold! secure_login plugin was the culprit!!! Disabling it solves the Squirrelmail authentication problem. I wasted a whole work day just to solve this. And you know what? I think I’ve encountered this before when I first install that plugin hence I disabled it and left the codes in the plugins directory. It was a loooonnngg time ago though so it was completely off of my mind at the time.

Perhaps the plugin was enabled accidentally while I did the updates… Who knows . I SHOULD have removed that damn plugin from the system. Lesson learnt! THE HARD WAY! Again… hahahahahah.

Just wanna populate the main page. I’m getting ready to go <coding> mode. Python + Django ftw!