always backup

a client pinged… he has lost his database for a site which he had spent close to 6 months on… he interpreted a mail from a script provider differently and ended up deleting the db…. the backup is from when he had first set it all up. I had setup his server and used to help him off and on with any tuneups or security issues.

What can I say backups are never a waste… ever…. if nothing atleast you’ll get some of it all back…. he seems to have lost 500 odd client details…. I’ve referred him to the host to try and see if they have something tucked away somewhere but then thats a bleak one…

We offer backup planning and automation. When people are starting off they feel it’d be a waste of time but when something like this happens thats when you realise how important a simple automated backup system is…. and it doesnt cost the earth either…. ask for the backup service

Pray for Al I hope it works out for him…

opcode caching with eaccelerator — on shared hosts

Opcode caching helps!

From the eaccelerator home
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.

This one’s for Dreamhost accounts. It will work for some other shared hosts as well. In case you need it setup on your server let us know through the Contact Form

  • Make sure you have your own custom php-fcgi (notice the ‘f’ it cost me two hours to figure that out) compiled and running the site where you want to enable eaccelerator. Detailed instructions rolling your own custom php are available elsewhere on this site.
  • get eaccelerator latest version and compile it
  • add the settings to the relevant php.ini
  • all set roll

For eaccelerator
The exports are for making sure you work with the right php. Again you will need autoconf, automake and php-devel(phpize) for the compile to work. 

wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
export TMPDIR=$HOME/executable/tmp
export PATH=$HOME/executable/bin:$PATH
export LD_LIBRARY_PATH=$HOME/executable/lib:/usr/local/lib:$LD_LIBRARY_PATH
export CPATH=$HOME/executable/include:/usr/local/include:$CPATH
export LIBRARY_PATH=$HOME/executable/lib:/usr/local/lib:$LIBRARY_PATH
tar -jxf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3
phpize
./configure --prefix=$HOME/executable/
make
make install

For the php.ini
These lines are for loading and configuring ea in the custom php you use. So add them to the php.ini that pops up on your phpinfo page.

extension="eaccelerator.so"
eaccelerator.shm_size = "20"
eaccelerator.cache_dir = "/home/user/tmp/eaccelerator"
eaccelerator.enable = "1"
eaccelerator.optimizer = "1"
eaccelerator.debug = 1
eaccelerator.log_file = "/home/user/log/httpd/eaccelerator_log"
eaccelerator.name_space = ""
eaccelerator.check_mtime = "1"
eaccelerator.filter = ""
eaccelerator.shm_max = "0"
eaccelerator.shm_ttl = "0"
eaccelerator.shm_prune_period = "0"
eaccelerator.shm_only = "0"
eaccelerator.compress = "1"
eaccelerator.compress_level = "9"
eaccelerator.allowed_admin_path = ""

This is what your .htaccess should look like (assuming you got the precompiled php bit right)

well if you got your custom php working right then this is not going to change any

[koolaid]$ cat .htaccess
AddHandler phpFive .php
Action phpFive /cgi-bin/php.cgi

And here’s your php with eaccelerator in there

[koolaid]$ php -v
PHP 5.2.3 (cli) (built: May  8 2009 09:08:36)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
    with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
    with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
    with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
    with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies
[koolaid]$

Make sure that eaccelerator is also enabled in php by checking a phpinfo page like so:
phpinfo snip

Log should show hits also phpinfo page will show you the number of cached scripts.

Might want to benchmark it using something like phpspeed before and after the eaccelerator is plugged in….

Well this should ideally speed things up by around 60% so you’ll know when that happens 😀

Enjoy!

Challenge-Response — to fight email SPAM

You’ve probably already tried spamassassin and a host of other tools, which are good mind you, and still there’s spam bothering you! So whats next? How do you manage the spam situation?

Well how about a challenge-response mechanism. How about asking the sender to ensure that they sent you the message before letting the message reach your mailbox.

This is implemented beautifully by TMDA (short for Tagged Message Delivery Agent)! TMDA combines whitelists, blacklists, a challenge/response system, and special-purpose e-mail addresses called “tagged addresses” to thwart spam.

This howto is for setting up TMDA on a per user basis (not everyone would probably appreciate the interception and so better to give it only to those on your server who ask for it)! It assumes Postfix is the MTA.

  • cd /usr/src
  • wget http://tmda.sourceforge.net/ftp/releases/tmda-1.1.1.tgz
  • tar -zxf tmda-1.1.1.tgz
  • cd tmda-1.1.1
  • ./compileall
  • su – imtiaz
  • mkdir .tmda
  • cd .tmda/
  • /usr/src/tmda-1.1.1/bin/tmda-keygen —> dont forget to chmod 600 your crypt_key after pasting output of this command into ~/.tmda/crypt_key)
  • mkdir logs
  • touch logs/debug
  • touch logs/
  • touch lists/confirmed
  • mkdir filters
  • cat > .forward

|/usr/src/tmda-1.1.1/bin/tmda-filter

  • echo “from-file ~/.tmda/lists/confirmed accept” > filters/incoming
  • cat > config

MAIL_TRANSFER_AGENT = "postfix"
RECIPIENT_DELIMITER = "+"
DELIVERY = "/var/spool/mail/imtiaz"
CONFIRM_APPEND = os.path.expanduser("~/.tmda/lists/confirmed")
LOGFILE_DEBUG = "~/.tmda/logs/debug"
LOGFILE_INCOMING = "~/.tmda/logs/incoming"
LOGFILE_OUTGOING = "~/.tmda/logs/outgoing"
FILTER_INCOMING = os.path.expanduser("~/.tmda/filters/incoming")
FILTER_OUTGOING = os.path.expanduser("~/.tmda/filters/outgoing")
ACTIONOUTGOING = "bare=append"
BARE_APPEND = os.path.expanduser("~/.tmda/lists/confirmed")

Once this is done send a test mail to imtiaz@domain. It should result in a automatic reply being generated asking for a confirmation from our end. Once you confirm the address becomes whitelisted and you can send without a confirmation until the user, Imtiaz, removes your id from the confirmed list.

Send a mail to imtiaz@branches.ca to see how this works

Please use this form to contact us to request a qoute for this implementation on your server. We can also do this server wide if required.

Extract audio from video + mp3 from video + audio stream extraction

Ever wanted to extract the audio stream from a music video to make it easier to carry on your mp3 player? Well we have developed an application that allows you to do just that!

Not only can you extract the audio from the video you can also extract the optimized flv from the video and download both streams separately. Now how cool is that.

Try it out here

Let us know what you think of the application also if you’d like us to set it up for you.

Secure SMTP + pop-before-smtp + road warriors

This writeup illustrates how you can enable secure roaming access to an smtp server while simultaneously adding a further layer of security to your postfix mail server. Not 100% guaranteed to keep thieves at bay but very effective.

It works on the principle that if you have an account on the server you are authorized to relay from that server. So if you can authenticate your self to the pop daemon you’re allowed to send mails using the smtp server running on the same server. Otherwise not!

Assumes you’re using Dovecot for pop3/imap access and Postfix for the MTA

    Download the source for pop-before-smtp

cd /home/imtiaz/src/
wget http://nchc.dl.sourceforge.net/sourceforge/popbsmtp/pop-before-smtp-1.41.tar.gz
tar -zxf pop-before-smtp-1.41.tar.gz

    setup some required Perl modules

perl -MCPAN -e shell;
install Bundle::CPAN
install Time::HiRes File::Tail Net::Netmask Date::Parse DB_File

    Move around the files

cd /home/imtiaz/src/pop-before-smtp-1.41
cp pop-before-smtp.init /etc/rc.d/init.d/pop-before-smtp
cp pop-before-smtp /usr/sbin/
cp pop-before-smtp-conf.pl /etc

Edit the /etc/pop-before-smtp-conf.pl file to customize it for your system.
# Set the log file we will watch for pop3d/imapd records.
$file_tail{‘name’} = ‘/var/log/maillog’;

set the pattern to what you have on your system (HINT: setup dovecot to log to /var/log/maillog and then enable it)

/usr/sbin/pop-before-smtp –dumpconfig
/usr/sbin/pop-before-smtp –debug –nowrite –reprocess
chkconfig pop-before-smtp on
/etc/init.d/pop-before-smtp start

ls -l /etc/postfix/pop* —>this will show you the db being created

    Add these two lines to your postfix config

check_client_access=hash:/etc/postfix/pop-before-smtp
smtpd_recipient_restrictions = permit_mynetworks,reject_non_fqdn_recipient, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination

restart postfix by running postfix reload

N’joi

    If you need help setting up pop-before-smtp on your server to allow remote SMTP in a secure manner to road warriors and hosting clients please contact us.