Monday, November 04, 2013

Local only postfix

I often need to configure postfix to accept email but never forward it anywhere.  E.g., when configuring a backup or test instance of alfresco and I want to see email notifications being sent but I don't want that email to go to real email addresses (a common issue when restoring a production alfresco backup onto a test or dev machine).

A simple way to do all this is:

# if it's already installed.  remove it.  make sure you mean to do this. or back up your configuration

sudo apt-get purge postfix
sudo apt-get install postfix

(and tell it it's an internet server)

 edit /etc/postfix/ and set

virtual_alias_maps = hash:/etc/postfix/virtual
default_transport = error:outside mail is not deliverable
unknown_local_recipient_reject_code = 450

and edit /etc/postfix/virtual, entering any necessary aliases there, e.g., tiger bopolissimus gerald

generate the hash:

   postmap /etc/postfix/virtual

and restart postfix:
   sudo service postfix restart

and postfix will now accept email from localhost and forward them to the locally aliased users or to root (if no aliases match)

Because I'm paranoid, I also do the following:

   iptables -A OUTPUT -p tcp --dport 25 -d -j ACCEPT
   iptables -A OUTPUT -p tcp --dport 25 -j DROP
   iptables -A OUTPUT -p tcp --dport 587 -j DROP
   iptables -A OUTPUT -p tcp --dport 465 -j DROP

Wednesday, October 23, 2013


I often work with kannel logs and always get a severe headache when working with bearerbox logs.

I'll need this project in future, when I need to work with bearerbox logs again.

It reads a bearerbox log file, organizes the entries by the third field in the log file (I should read the kannel source so I'll know what that field is called, I just call it the key :-).  It then finds the PDUs in the per_key array (untangled already), and writes out the PDUs in order.

PDUs are written out with newlines before and after so they're much easier to read.

I'll also add a filter program later that will remove PDU types we don't need (generally enquire_link/enquire_link_resp, but possibly also bind_receiver* and bind_transmitter* PDUs, maybe some others).

Thursday, August 01, 2013

Find and restore a single document from alfresco backup

I haven't tested this, but it looks good. Must test soon. Preferably before I need to do it against someone's production setup :-) Find and restore a single document from alfresco backup Highlights: Given the filename ${fname}
  1. load the database dump into a scratch db
  2. sql selects to identify which file on disk corresponds to the file you want (including which version)
  3. grab the file from the backup

Saturday, June 08, 2013

bandwidth limiting apt-get

I'm doing dist-upgrades to Mint Olivia from Mint-Nadia at home on a weekend. That's not such a great time since on the weekend Timmy likes to view youtube videos. And I think my sister-in-law streams tagalog movies. I could do it at night (and I did, for my first guinea pig laptop last night) but I'd rather get some of that done in the daytime too. Fortunately it's google and to the rescue. The magic command line arguments to apt-get are:
-o Acquire::http::Dl-Limit=20 -o Acquire::https::Dl-Limit=20
I could set the limit to 100 or 150 and there wouldn't be much complaint, but I'm setting it to 75 since I don't mind if it takes a while. I do have squid in front, so some of the packages will be in the cache. I'm only going to save about half the bandwidth though since two laptops are i386 and the other two are x64. Ah, but for now, I think even better is rsyncing /var/cache/apt from the other i386 machine to this one.

Thursday, June 06, 2013

Ubuntu self-signed SSL cert

cd /etc/ssl/private # or wherever the certs go sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf [hostname].crt

Monday, May 13, 2013

Creating a quantal lxc instance

For a while I tried to create a quantal lxc instance by first installing precise and then doing a distribution upgrade. After some documentation reading and reading of the lxc-ubuntu template, it turns out that's not necessary :-).

Instead, I should just:

lxc-create -t ubuntu -n quantal -- --release quantal

Next, to create a wheezy instance :-)

Thursday, May 09, 2013

alfresco 4.2.x solr OverlappingFileLockException

In Alfresco 4.2.c (likely also in 4.2.b and 4.2.a), solr comes with


 In the default setup I get:

    14:02:31,502 ERROR [org.alfresco.solr.tracker.CoreTracker] Tracking failed java.nio.channels.OverlappingFileLockException at at at at java.nio.channels.FileChannel.tryLock( ... 

Stopping solr and setting that false for both archive and workspace (archive|workspace)-SpacesStore/conf/ isn't sufficient. There will be other problems with the solr indexes.

So I just blow away the indexes and have them rebuild.

1. stop solr (and/or alfresco)
2. rm -rf archive/SpacesStore/* workspace/SpacesStore/*
3. rm -rf archive-SpacesStore/alfrescoModels workspace/SpacesStore/alfrescoModels
4. start solr (and/or alfresco).

Blowing away the models like that can lead to solr trying to index items for which the models haven't been indexed yet (leading to more solr related log entries). After everything is indexed though, those error logs should not appear anymore and solr will be stable moving forward.

Thursday, April 11, 2013

Alfresco 4.2.c manager/html fix

I've had problems with Alfresco 4.2.c (bundle) because I couldn't get to the tomcat manager.

After editing tomcat-users.conf to add the manager-gui role and a user with the manager-gui role, I still couldn't get to the manager. The browser would jump straight to the Unauthorized page instead of first showing a dialog box for basic auth.

 Thanks to sujaypillai's fix it turns out that the default tomcat configuration in the bundle is broken. Sujay Pillai pointed out the solution. In tomcat/conf/context.xml, comment out the whole securePagesWithPragma valve block.
I thought setting securePagesWithPragma="true" would do the same thing, but it doesn't. Just comment it out then. Then restart, of course.

Tuesday, April 09, 2013

Quick fix for debian locales error

Thanks for the fix Below is as given in the link except changed country for easy copy-paste when I need this again :-).
export LANGUAGE=en_NZ.UTF-8
export LANG=en_NZ.UTF-8
export LC_ALL=en_NZ.UTF-8

locale-gen en_NZ.UTF-8
dpkg-reconfigure locales

Tuesday, March 12, 2013

Alfresco 4.2.c, OpenLDAP modifyTimestamp format and timezone

I had a problem with alfresco 4.2.c correctly syncing LDAP users if modifyTimestamp was of the form 20130220195623Z but not syncing them if the format was 20130221233702.687769 It turns out that a large part of the issue was just that the new format (from openLDAP in Lenny, previous was openLDAP in etch) didn't specify Zulu, so it was being interpreted as the local timezone. That's always a problem when you're 12 or 13 hours ahead of GMT (as we are in NZ). And it seems there was a separate bug so that if the timezones didn't match the modifyTimestamp code that alfresco was using was just consistently failing to compare correctly. Even if the modifyTimestamp was weeks before it didn't think it needed to do an LDAP sync. Solution was to specify the timezone offset (although numeric offsets suck since I'll still need to switch them around and restart alfresco twice a year). ldap.synchronization.personDifferentialQuery&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0}+1300)))