I run Debian Lenny, and have my bind server setup with mail.yourdomain.com. That’s my starting point, and the following is how to install and configure SMTP and IMAP, using Postfix and SASL.

On debian you need the courier-imap package, and note it runs on port 143.

apt-get install courier-imap

This is a good guide to IMAP side of things.

VIP: Support for maildir-style mailboxes needs to be added, so edit /etc/postfix/main.cf to add the following:

home_mailbox = Maildir/

SMTP

This guide rules as a starter for SMTP.

Run apt-get install postfix-tls sasl2-bin libsasl2 libsasl2-modules, and maybe apt-get install libsasl2-2 but MAKE SURE you change /etc/default/saslauthd to have the following:

START=yes
MECHANISMS=”pam”

Next file to edit is /etc/postfix/sasl/smtpd.conf (you have to create it):
pwcheck_method: saslauthd

VI: /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
NB, back in terminal do this:

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

Also, copy other pam group to smtp:

cd /etc/pam.d
cp other smtp

Restart and go:

/etc/init.d/postfix restart
/etc/init.d/saslauthd start

Test your config by telnet-ing in:
telnet localhost smtp
Trying 80.237.145.96…
Connected to jimmy.co.at.
Escape character is ‘^]’.
220 kitana.jimmy.co.at ESMTP Mailserver
ehlo reptile.g-tec.co.at
250-kitana.jimmy.co.at
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250 8BITMIME
AUTH PLAIN amltbXkAamltbXkAcmVhbC1zZWNyZXQ=
235 Authentication successful

Or maybe not successful!!!!
VIP!!!!!!!!!!! May get an error in /var/log/mail.log with “warning: SASL authentication failure: no secret in database“.

In this case you need to set up a user and pass for SASL as follows:
saslpasswd2 -f /etc/sasldb2 -u yourdomain.com paul

Another error is “warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory“.

This is solved here, READ IT!

In /etc/init.d/postfix,  around line 43 there is a list of files that are copied from their real directories into the chroot. Change the line so it looks like:
FILES=”etc/localtime etc/services etc/resolv.conf etc/hosts etc/nsswitch.conf etc/sasldb2″

The following are the best resources I could find on installing a BIND (9) server. I installed on Debian Lenny, but the principles of zone files etc are universal. I’ll also detail (somewhat) the steps to installing a BIND DNS server, and some of the common and annoying issues you may come across – damn you AppArmor!!!

For starters, here’s Zone files info. Zones and zone files is probably the most fundamental concept you need to understand when starting BIND/DNS use. Very basically, a zone in DNS terms is what you might in other conversations call a domain, sub-domain or url –  e.g. pokeroconnor.com is a zone, sub.pokeroconnor.com is a zone, poker is a zone etc. Each zone requires “definition” if you will, in named.conf, and forward and reverse zone files. A forward zone file for pokeroconnor.com defines forward name resolution, e.g. pokeroconnor.com to octal IP addresses (123.20.33.122). Reverse zone files then do the opposite (basically), providing octal -> name resolution.

In zone files you need to be aware of the following notation:

• SOA – start of authority
• IN – internet record
• MX – mail record
• NS – name server
• A – A class address (in octal) e.g. 111.2.3.44
• CNAME – really an alias for another zone e.g. if poker.me.com is a CNAME record for me.com, requests for poker.me.com resolve to me.com.

This is vital – every time you edit a zone file, you must increment (or change) the serial value. Otherwise your changes won’t get detected by BIND, and apparently its a very common source of errors. The common format of serial is e.g. 2009092201 – yes its the date, in year, month, day followed by the increment on that date, in this case 01. Of course you can have what you want here, just be sure to change it every time the file changes. More info here, and the definite work on BIND.

Then, to actually install Bind and setup your own nameservers, best links I could find are this and this basic one. Also install the dnsutils package. Important things to note are that it is a VERY good idea to setup bind/named to run in  a chroot ‘jail’. This is so that if someone hacks your bind install, they only have access to that particular app. Once you’ve followed these steps, e.g. install bind, setup chroot user, create zone files and configure named.conf etc, you can then cross your fingers and restart bind. Best place to check for errors of course is in your /var/log/syslog, so check it. I had a particularly annoying and extremely frustrating problem…I had everything installed and chrooted, zone files created, everything in its proper place, but bind would not start. I could stop it, but not start it. When I checked syslog, I saw errors similar to this:

named[22070]: zone 100.11.45.in-addr.arpa/IN: loading from master file 100.11.45.in-addr.arpa failed: file not found

Basically saying that the reverse zone files were not found…but they were there!! They were in the /var/lib/named/etc/bind directory as they should be, so how can the system be reporting them as not found??? It didn’t make ANY sense. Until that is, I eventually found this. If you run debian, I strongly suggest you check out that link. There is a package called AppArmor, which does what a chroot jail does. In other words, it restricts the access and rights of certain apps, and of course named is one of those apps it restricts!! The system couldn’t find the files that were there, because the named user was only allowed access to certain directories specified by AppArmor, and /var/lib/named/etc/bind was not one of them. So, simply doing apt-get –purge apparmor and restarting bind solved the problem. That was the hardest to solve error – I would recommend checking whether you have apparmor installed on your box, and if you do, and you don’t knowingly use it, then remove it!

I just recently did a fresh install of Debian Lenny, but when I tried to locate something, I got the following error:

-bash: locate: command not found

This is because you need to separately install locate, or even better, mlocate which is much faster apparently.

Doing this is simple, you just need to do 2 things…

Firstly, apt-get install mlocate to grab and install the mlocate stuff. Finally, you must run the updatedb command.

Viola, that’s it, short and sweet, now you can locate away!

Also worth mentioning is the purge option with apt-get, e.g. apt-get remove app_name –purge, which completely removes an application and all its configuration files. Or if you want to cleanup after removing an application, run apt-get clean.

Something I needed to do recently was get the contents of a certain url of a certain domain name, for each of the IP addresses associated with that domain name. In other words, there was a domain we shall call www.test-domain.com, which was hosted on 5 different servers, with IPs 1.2.3.100 through 1.2.3.104. I wanted to automate the getting of the contents of www.test-domain.com/file-name.php on each of these servers. I could set my hosts file of course, and point at each server, blah blah blah, but this had to be automated, for sanity.

The php curl library is fully awesome, but personally I find this page to be the most useful. There are surprisingly few examples of this anywhere on the web…just try googling this topic and you get nothing at all relevant!

The solution is simple enough, but believe me it won’t be easy to find on the web – thanks to a certain work colleague for the expert advice on this! Basically you need to inject a header using CURLOPT_HTTPHEADER, and then use CURLOPT_URL with the actual IP address.

For example:

$ch = curl_init();
$headers = array("Host: www.test-domain.com");

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_URL, "http://1.2.3.100/file-name.php");

curl_exec($ch);


That’s the engine of it, a very neat little solution!

Here’s a few tidbits on tarballs that are quite useful. In case you’re wondering how to create a tarball in the first place, do this:

tar -zcvf my_first_tarball.tar.gz /home/my_code

where my_first_tarball.tar.gz is the name of the tarball that will be created, and /home/my_code the dir that is being compressed.

But you really need to know how to exclude files and/or directories when creating tarballs. For example, say you want to backup your codebase, but exclude all the SVN crap, then this is essential.

So you simply add –exclude options, like so:

tar -zcvf /my_first_tarball.tar.gz –exclude=’svn’ –exclude=’*.svn’ /home/my_code

This blog has a great example too of how you can list all your exclude types in a file, and use the -X switch to exclude them all – very neat.

One of the most common uses of tarballs is of course backing stuff up. So here’s a really useful script, running on a cron, to backup your stuff. I won’t reproduce it here, just check out the link.

Good information on htaccess (mod_rewrite and mod_alias) can be tough to come by – one web “guru” I know has a theory that mod_rewrite is one of the black arts of web design. So in order to try and shine a light on the darkness of htaccess, here’s some of the useful and very practical tidbits I’ve come across. 

To start with, here’s some of the better resources, with a brief description of what each link has to offer.

• Stupid htaccess tricks is probably the most comprehensive guide to htaccess, and deserves to be first in the list. The examples aren’t very detailed, but if you work with mod_rewrite you will likely need to check something here
• fun with htaccess is a more descriptive piece, nowhere near as comprehensive as Stupid Tricks, with just a few samples, but nicely written

Actually, the above two are the main ones worth reading, even if you aren’t looking for  anything specific. To be more specific, let’s look at some sample use cases.

Let’s jump right in – to use htaccess effectively you will be using regular expressions, for example say you want to match a certain string, and redirect that plus everything that follows. E.g. you have many many urls such as my.domain.com/book123 my.domain.com/book456 my.domain.com/book789 and you want to redirect them all to the uri /new-books, but keep the numbers, e.g. my.domain.com/book123 is to go to my.domain.com/new-books123 etc. So you would use a regexp, which is defined on the left hand side of the rule, and “used” on the right hand side. $1 represents the first match of a pattern (which has previously matched in that particular rule), $2 the second and so forth. So, that gives us:

RewriteRule ^book(.*)$ /new-books$1 [L,NC,R=301]

The ^ symbol signifies beginning of the match, $ the end. .* matches everything. Using parentheses around the .* identifies this as a matched pattern, for use on the right hand side with $1. [L,NC,R=301] is a sample of many possibilities, L meaning this is a terminating rule for that match, NC ignore case, 301 is a permanent redirect. Stupid htaccess tricks has a full list of all these options. The regexp’s you can use are endless of course!

Sometimes you need to build compound, conditional rules, such as if a certain domain, then redirect a certain uri. E.g. say you have 3 domains, www.domain.com www.domain.net and www.domain.org, and you want requests to domain.com/net/org to redirect to www.domain.com/net/org.

RewriteCond %{HTTP_HOST} ^domain\.(com|net|org) [NC]

RewriteRule ^(.*)$ http://www.domain.%1/$1 [R=301,L]

In this case the first pattern is com|net|org, which is represented by %1 in the rule. $1 again matches (.*) which means for example that domain.org/blah gets redirected to www.domain.org/blah. You can chain as many conditions as you need. 

htaccess ignores query strings, so if you needed to match www.domain.com/index?key=blahblah and redirect it to www.domain.com/index you would be out of luck! Unless of course you do this:

RewriteCond %{REQUEST_URI}  ^/index$

RewriteCond %{QUERY_STRING} ^key=blahblah$

RewriteRule ^index/?(.*)$ http://www. domain.com/index/? [R=301,L,NC]

Note the ‘?’ at the end of the rule, in http://www. domain.com/index/? This is vital and signifies that you want to drop the query string. 

Say you want to block some bozo’s IP from accessing your site. Simply add this:

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all

Just make sure you use that order above to deny…

That’s it for now, there is so much to add, and so little time to add it!

Thanks to the Captain for the handiest Unix time -to- date converter, and vice versa! 

And in case you ever need to create a Unix time format, you can use php’s date and mktime functions to do so:

$hour= date(”H”);

$minute= date(”i”);

$second= date(”s”);

$day = date(”j”);

$month = date(”n”);

$year = date(”Y”);

$unix_time = mktime($hour,$minute,$second, $month, $day, $year);

You can override your server’s timezone setting using date_default_timezone_set.

If you’re tired of the usual terminal color schemes and font style, try this great theme. Something that deserves a mention is Ciaran O’Leary’s blog entry on customizing color schemes in Leapord. This is an essential pre-requisite to any color themes you wish to use. You must install SIMBL first, and then extract the theme file to ~/Library/Application Support/SIMBL/Plugins on your machine. In other words, just place the theme.bundle file in your ~/Library/Application Support/SIMBL/Plugins directory, that is all you need to do, then restart terminal and viola.

However, there are some bash changes needed, some of them essential, before these changes will work. For example, you need to create a .bash_profile file (in your ~ directory) if one did not exist before. There are 2 things you need in that file in order to really make use of these themes. A basic .bash_profile would look like so:

if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
export CLICOLOR=1;
export GREP_OPTIONS='--color=auto' GREP_COLOR='1;32'

The if statement just ensures that the contents of your .bashrc file are read. The export CLICOLOR=1; line is essential for the themes to work correctly, for example if you do not include this, doing an ls will not result in any color schemes being rendered. 

The export GREP_OPTIONS line is optional, but one I find very useful, as your grep’s now have the search patterns differentiated in the output, very readable.

This leads on to the .bashrc file, which you should also need to create of none exists. Your aliases should go in this file. Bash aliases are a great way to speed up your work in terminal, from simple stuff like ls shorthands such as alias l=’ls -la’ or alias h=’history’ to more complex ones corresponding to scripts. There’s a tonne of pages about aliases out there of course, here’s just a small taste. I especially like customizing your prompt via PS1, e.g. adding export PS1=”[\u][\h][\#][\w]# “ to your bash_profile file. This would give you a terminal prompt of [user][host][command number][current directory], very useful.

Verify SHA1 checksums

Handy little checker on the above page:
#! /bin/bash

hash=$(openssl sha1 $1)
if [ "SHA1(${1})= $2" = "${hash}" ]; then echo "Key is valid."; else echo "Key is _not_ valid!!!"; fi

Great resource for awk examples, and at the bottom of this page some useful greps.

And the classic SSH public keys. Handy starter for crontabs here.

To create a tarball use this syntax: tar -cf [name of tarball].tar [list of files or directories] To gzip it, do:  gzip -9 [file].tar.

Then to unpack the tarball, do: gzip -d file.gz for zip files, and tar -xvf file.tar for .tar files. If you’ve got a .tgz file, just do tar -xvzf file.tgz.