Archive for the ‘System Administration’ Category

The connection was reset – Firefox – (Error code: sec_error_invalid_key)

No Comments »

Today when I opened my self-signed secure website, it gave me following error:
The key does not support the requested operation. (Error code: sec_error_invalid_key)
connection was resetBut in the past it was like:
connection was reset-beforeWhat I did wrong? Oh yes, Firefox upgraded to 33.0 (now 33.1), something broken in 33+ and was working fine with Firefox 32.0?

Read the rest of this entry »


Playing with exim mail queue

No Comments »

Command to view the queue

To view the exim mail queue issue the following command:

mailq

OR

exim -bp

If exim is in /usr/sbin and /usr/sbin is not in your path, you’ll need to prefix the command with the full path like so:

/usr/sbin/exim -bp

Example output
The outut from the above commands will look something like so:

4d  1.2K 1Ka6u5-00032Z-Eb <from@example.com>
	          to@example.com
	62h  1.2K 1KaRH0-0007QZ-B5 <from@example.com>
	          to@example.com
	3h   22K 1KbLHr-0004ev-An <from@example.com>
	          to@example.com

In the above example “from@example.com” is the email address the email is being sent from and to@example.com is the address being sent to. Normally these would be real email addresses but I’ve changed them for the purposes of this post.

The 4d, 62h and 3h values indicate how long the email message has been in the queue: 4 days, 62 hours and 3 hours respectively.

The x.xK values are the message size.

And the 1Ka6u5-00032Z-Eb etc is the message id and is also the filename of the message on disk, which you will find in /var/spool/exim/msglog and /var/spool/exim/input (the directories may vary depending on your Linux/Unix distribution and/or compiled in settings).

Finding the files with the find command

Using the “find” command you could do this to locate all the relevent files:

find /var/spool/exim -name "1Ka6u5-00032Z-Eb*"

which would display something like this:
view sourceprint?

/var/spool/exim/msglog/1Ka6u5-00032Z-Eb
/var/spool/exim/input/1Ka6u5-00032Z-Eb-D
/var/spool/exim/input/1Ka6u5-00032Z-Eb-H

Command to flush the exim queue
There are two ways to flush the exim mail queue:

runq

or

exim -q

This will then process the mail queue. I had a look at the exim log file and the mail queue itself (I’ll be posting how to view what’s in the exim mail queue on Tuesday) after flushing the queue and the emails were still stuck there.
Additional flags to force mail send

Another quick look at the exim man page and I discovered the following options:

-qf = If one f flag is present, a delivery attempt is forced for each non-frozen message, whereas without f only those non-frozen addresses that have passed their retry times are tried.

-qff = If ff is present, a delivery attempt is forced for every message, whether frozen or not.

So I then ran this:

exim -qff

And the messages that were stuck in the queue were flushed and delivered. My customer reported back to me a few minutes later that their emails had been received.
Path to exim command

Note that the exim command is probably in /usr/sbin and you may need to use the whole path as well as the command to run it. If this is the case then do this:
view sourceprint?

/usr/sbin/exim -q
/usr/sbin/exim -qff
etc

Delete a single message from the exim mail queue

Use mailq / exim -bp to show the mail queue, e.g.:

$ mailq
0m   528 1XoIxD-0001rc-8J

And then run exim -Mrm [message id] to delete the specific message:

exim -Mrm 1XoIxD-0001rc-8J

If the message is successfully deleted, you’ll see this:

Message 1XoIxD-0001rc-8J has been removed

If exim is currently processing the message, you’ll see this and it won’t be deleted:

Message 1XoIxD-0001rc-8J is locked

You either need to wait and try again later, or get the id of the process which is currently processing the message, kill it, and then run the command again (e.g. “ps ax 1XoIxD-0001rc-8J” and then “kill -9 [process id/s]). It’s probably not recommended that you kill the process.
Delete all messages in the exim mail queue

Running “exiqgrep -i” returns all the message ids for queued emails; pipe that through “exim -Mrm” and all the messages will be deleted, with the same caveat as above: if exim is currently processing a message, that one will not be deleted so you need to try again later.

exiqgrep -i | xargs exim -Mrm

And the result, if one could be removed and another one couldn’t:

Message 1XoJ1U-0001sC-ME has been removed
Message 1XoJ1i-0001sQ-UJ is locked

Users receive a “The page cannot be displayed” error message, and “Connections_refused” entries are logged in the Httperr.log file on a server that is running Windows Server 2003, Exchange 2003, and IIS 6.0

No Comments »
To work around this issue, add the EnableAggressiveMemoryUsage registry entry to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

Then, set the EnableAggressiveMemoryUsage registry entry to 1.

To do this, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type EnableAggressiveMemoryUsage, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. On the File menu, click Exit to exit Registry Editor.
  8. Restart the HTTP service. To do this, follow these steps:
    1. Click Start, click Run, type cmd in the Open box, and then click OK.
    2. At the command prompt, type net stop http /y, and then press ENTER.
    3. At the command prompt, type iisreset /restart, and then press ENTER.

 


FTP clean-up script – PHP (delete old files on server)

2 Comments »

One of my blog user “Chris” asked for FTP clean up script, so here it is:


//CONFIG SECTION
//*******************************************************
// Credentials for FTP Server
$source_server_ip = "your_domain_or_IP"; // Server IP or domain name eg: 212.122.3.77 or ftp.domain.tld
// Credentials for FTP account
$ftphost = "ip_or_hostname_of_ftp"; // FTP host IP or domain name
$ftpacct = "userid"; // FTP account
$ftppass = "password"; // FTP password
$logs_dir = "/"; //FTP Remote Folder
$email_notify = 'your_email@domain.com'; // Email address for backup notification
$backupexpireindays=21; //3 weeks expire time in days, 21 days = 7*24*60
//END OF CONFIG SECTION
//*******************************************************


//Do not edit below this line
$backupexpireindays=($backupexpireindays*24)*3600; //convert it to seconds, 24 hours * 60 minutes * 60 seconds

// Delete any other backup with filetime greater than expire time, before create new backup
$conn_id = ftp_connect($ftphost);
$login_result = ftp_login($conn_id, $ftpacct, $ftppass);

ftp_chdir($conn_id, $logs_dir);
$files = ftp_nlist($conn_id, ".");
foreach ($files as $filename) {
        $fileCreationTime = ftp_mdtm($conn_id, $filename);
        //$date = date("F j, Y, g:i a", ftp_mdtm($conn_id, $filename));
        //print "
Timestamp of '$filename': $date"; $fileAge=time(); $fileAge=$fileAge-$fileCreationTime; if ($fileAge > $backupexpireindays) { // Is the file older than the given time span? //echo "
The file $filename is older than Expire time :$expiretime ...Deleting\n"; ftp_delete($conn_id, $filename); //echo "
Deleted

"; } } ftp_close($conn_id); print "Remote FTP clean up Finish deleted files older than $backupexpireindays days"; ?>

Enjoy !


Verify SSL certificate using OpenSSL

No Comments »

Use this command to verify the SSL certificate for the domain www.somedomain.com

openssl s_client -showcerts -connect www.somedomain.com:443

If the certificate is correctly installed the result should contain at the end:

Verify return code: 0 (ok)

That’s it


Password encrypted files in Linux

No Comments »

 

I am found of keeping password protected backups and most of the time I lost my super secret password thus unable to open my super important backups 🙂 just kidding.

Like in windows we can simple right click and zip folders/files with passwords in text based terminals of linux I always want the same.

So here is the trick I normally use.

For encrypting a file:

openssl enc -aes-256-cbc -e > out.file

It will ask for password like:

enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

If you want to encrypt a folder with compression (tar.gz)

tar -cz foldername | openssl enc -aes-256-cbc -e > out.tar.gz

Now the important part, decrypting your encrypted files….

openssl enc -aes-256-cbc -d -in out.file > new.file