Member
IonutVanPanache and Peril with Plesk (Spamassassin instalation)
This is a copy of the original article, see it here
With this new dedicated server, I chose Plesk as a control panel solely because I hated it less than Ensim or cPanel. Normally I’d do all the installation, configuration, and tweaking of a server myself, but I just don’t have time for that anymore. The biggest problem I have with control panels is that they make it very hard to do manual configs the normal Linux way: changes either get overwritten or ignored. Plesk is a little easier to live with in this regard; what follows are my last mile tweaks.
While Plesk allows you to create a chrooted FTP user for a domain, it doesn’t have a front end for adding another, much less one constrained a particular subdirectory of that domain. Plesk’s configuration of ProFTPD chroots any user with a group of psacln. Via the shell, just useradd a new user with the desired home directory, use /bin/false for the shell so they can’t SSH in, and add them to group psacln. You’ll also need to make sure that the httpdocs directory is 751, not the default 750.
Plesk charges \$49.00 to provide a GUI for SpamAssassin configuration. While I didn’t save any money doing this myself, maybe you will: here’s how to get SpamAssassin going with Plesk’s qmail implementation. If you have the Plesk SpamAssassin RPM installed (usually available in /root/swsoft), it provides a spammng command line utility for tweaking the SpamAssassin configuration. This utility appears to work without checking your license information: you can run /etc/init.d/spamassassin stop than spammng -c -C start. This restarts the spamd daemon with the proper command line flags for Plesk’s qmail install.
Going a bit further, try spammng -c -C -e –mailname “user@domain.com” start: this will enable SpamAssassin for the specified mailbox by editing the .qmail file in the relevant directory. For my install, this was /var/qmail/mailnames/domain.com/user. With these two bits of information, we can combine Plesk’s qmail with the default SpamAssassin installation without spending any cash. I have not yet figured out how to do this server wide (every incoming piece of mail is processed) or domain wide (every mail for a specific domain is processed). You?
In the .qmail file, Plesk writes the following:
| /usr/local/psa/bin/psa-spamc accept
| true
./Maildir/
psa-spamc is a shell wrapper around the SpamAssassin spamc utility and allows one argument: whether to “accept”/deliver mail that is flagged as spam based on the /etc/mail/spamassassin/ configuration, or whether to “reject” it. It’d be nice to have some granularity to say “reject everything over score 10”, but eh, not a biggie.
The last thing is to reteach the /etc/init.d/spamassassin startup script. Since we haven’t paid Plesk to fiddle with SpamAssassin, we have to teach our default install how to interact with Plesk’s qmail without their help. If you’ve started the spamd daemon from Plesk’s spammng, run the following to capture the startup configuration: ps auwx | grep spamd. You’ll get something along the lines of:
/usr/bin/spamd --username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail --max-children 5 --create-prefs --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
Open up /etc/sysconfig/spamassassin and make it look like:
SPAMDOPTIONS="-d -c -m5 -H /var/qmail --username=popuser --nouser-config
--virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --socketpath=/tmp/spamd_full.sock"
SPAMD_PID=/var/run/spamd/spamd_full.pid
SPAMDOPTIONS is one line. Restart spamd with /etc/init.d/spamassassin restart and check Plesk’s qmail log at /usr/local/psa/var/log/maillog. If everything goes right, you should be able to send yourself a piece of mail and notice two things: spamd will process each incoming message and report the results and a .spamassassin directory will show up in the right domain and user directory under /var/qmail/mailnames/. Done.
Plesk’s licensing is annoying in other ways: I can only use 30 domains within my current install. Thankfully, domain aliases don’t count against this limitation and, with Drupal’s multisite capabilities, I can run any amount of domains on one code base with multiple databases. Unfortunately, this is a problem when it comes to logfiles and analysis: I’m not entirely sure if Apache’s ServerAlias is considered %v for split-logfile. Needs more testing before I can fully implement domain aliases.
====
- in order to process spammassassin the email we need a .qmail file like this:
bijoux# cat /var/qmail/mailnames/domain.com/user/.qmail
| /usr/local/psa/bin/psa-spamc accept
| true
./Maildir/
for every user.
to obtain this you can edit the file or you can try next command, to update .qmail file for specific user.
bijoux# /usr/local/psa/admin/bin/spammng -c -C -e --mailname user@domain.com start
- if you want to start SpamAssassin correctly at boot, put next lines in /etc/init.d/rc_local:
/etc/init.d/psa-spamassassin stop
/etc/init.d/spamd stop
/usr/local/psa/admin/bin/spammng -c -C start
Metadata as a Service
Problem statement
Software distribution in the internet age goes away from large piles of disks, CDs or DVD and moves towards online distribution servers providing software from a package repository. The next version of OpenSUSE, 10.3, will be distributed as a 1-CD installation with online access to more packages.
Accessing a specific package means the client needs to know whats available and if a package has dependencies to other packages. This information is kept in a table of contents of the repository, usually referred to as metadata.
First time access to a repository requires download of all metadata by the client. If the repository changes, i.e. packages get version upgrades, large portions of the metadata have to be downloaded again - refreshed.
The EDOS project proposes peer-to-peer networks for distributing repository data.
But how much of this metadata is actually needed ? How much bandwidth is wasted by downloading metadata that gets outdated before first use ?
And technology moves on. Network speeds raise, available bandwidth explodes, internet access is as common as TV and telephone in more and more households. Internet flatrates and always on will be as normal as electrical power coming from the wall socket in a couple of years. At the same time CPUs get more powerful and memory prices are on a constant decrease.
But the client systems can't keep up since customers don't buy a new computer every year. The improvements in computing power, memory, and bandwidth are mostly on the server side.
And this brings me to Metadata as a Service.
Instead of wasting bandwidth for downloading and client computing power for processing the metadata, the repository server can provide a WebService, handling most of the load. Clients only download what they actually need and cache as they feel appropriate.
Client tools for software management are just frontends for the web service. Searching and browsing is handled on the server where load balancing and scaling are well understood and easily handled.
This could even be driven further by doing all the repository management server-side. Clients always talk to the same server which knows the repositories the client wants to access and also tracks software installed on the client. Then upgrade requests can be handled purely by the server, making client profile uploads obsolete. Certainly the way to go for mobile and embedded devices.
Google might offer such a service - knowing all the software installed on a client is certainly valuable data for them.
Just a thought ...
Create your Simpson avatar
Yesterday a colleague pointed me to the Simpson the movie website. One of the coolest things of it is the possibility to create your own Simpson avatar.
How to resist?! :)
After some clicks I made this beautiful avatar:
{% img /images/avatar_simpson.jpg %}
Isn’t it amazing? :D
Hackweek aftermath
Earlier this year, I already added XML output to yast2-core which came in very handy for this project. Using the REXML stream listener to code the translator was the fun part of a couple of late night hacks.
The result is a complete syntax translator for all YaST client and module code. The generated Ruby code is nicely indented and passes the Ruby syntax checker.
Combined with Duncans Ruby-YCP bindings, translating ycp to Ruby should be quite useful as we try to provide support for more widespread scripting languages.
The translator is available at svn.opensuse.org and requires a recent version of yast2-core, which supports XML output and the '-x' parameter of ycpc.
Then run
ycpc -c -x file.ycp -o file.xmlto convert YCP code to XML.
Now use the xml-ruby translator as
cd yxmlconv ruby src/converter.rb file.xml > file.rb
Translating e.g /usr/share/YaST2/modules/Arch.ycp
{
module "Arch";
// local variables
string _architecture = nil;
string _board_compatible = nil;
string _checkgeneration = "";
boolean _has_pcmcia = nil;
boolean _is_laptop = nil;
boolean _is_uml = nil;
boolean _has_smp = nil;
// Xen domain (dom0 or domU)
boolean _is_xen = nil;
// Xen dom0
boolean _is_xen0 = nil;
/* ************************************************************ */
/* system architecture */
/**
* General architecture type
*/
global string architecture () {
if (_architecture == nil)
_architecture = (string)SCR::Read(.probe.architecture);
return _architecture;
}
...
outputs the following Ruby code
module Arch
require 'ycp/SCR'
_architecture = nil
_board_compatible = nil
_checkgeneration = ""
_has_pcmcia = nil
_is_laptop = nil
_is_uml = nil
_has_smp = nil
_is_xen = nil
_is_xen0 = nil
def architecture( )
if ( _architecture == nil ) then
_architecture = Ycp::Builtin::Read( ".probe.architecture" )
end
return _architecture
end
...
Preserving the comments from the ycp code would be nice -- for next Hackweek.
Btw, it's fairly straightforward to change the translator to output e.g. Python or Java or C# or ...
Guestbook and spam
In the last days I got an exponential grow of spam messages into the guestbook. Since drupal’s guestbook module has some problems with spam- prevention components, I’ve disabled anonymous posting.
I’ll enable it again as soon as possible.
BTW: I don’t know who will care about this limitation ;)
Field enhancement proof-of-concept finished.
I've been working on field enhancement for OpenOffice.org Writer for quite a while and today I finished my proof-of-concept hacking:
OpenOffice.org Writer has a lot of shortcommings wrt. to fields which I tried to address:
- Allow for in-place editing of input field (turn off pop-up)
- allow use of different fonts within one field
-
Nested Fields support on Write and allow nested conditions when using conditional fields
- ...
In my proof-of-concept I was able to enhance the Writer core such that these issues are addressed. (That's the good news!)
Unfortionately my proof-of-concept still needs a lot of love. First thing is to clean up the prototype and generate patches for ooo-build.
However I'm happy since this is my first major work on the OpenOffice.org Writer layout and the field support is an issue in OpenOffice.org Writer for quite a while...
New house opening
Last friday evening I made a party in my new house. We celebrated my birthday and also the “opening” of the new house.
Many thanks to Roberto for the photos (made with his mobile phone!).
Smolt - Gathering hardware information
They currently have data from approx. 80000 systems, mostly x86, which hopefully will grow in the future. The device and system statistics are quite interesting to browse. Besides hardware, smolt also tracks the system language, kernel version, swap size etc. It also tries to make an educated guess on desktop vs. server vs. laptop - typically a blurred area for Linux systems.
Once they offer an online API for direct access to the smolt server database, this really will be quite useful.
EDOS Project
Michael Schröders hackweek project is based on using well-known mathematical models for describing and solving package dependencies: Satisfiability - SAT
Apparently, some research on this topic was done before. The oldest mentioning of SAT for packaging dependencies I found is a paper from Daniel Burrows dating ca. mid-2005. Daniel is the author of the aptitude package manager and certainly knows the topic of dependency hell inside out.
However, the most interesting link Google revealed, was the one to the EDOS project.
EDOS is short for Environment for the development and Distribution of Open Source software and is funded by the European Commission with 2.2 million euros.
The project aims to study and solve problems associated with the production, management and distribution of open source software packages.
Its four main topics of research are:
- Dependencies With a formal approach to management of software dependencies, it should be possible to manage the complexity of large free and open source package-based software distributions. The project already produced a couple of publications and tools, but I couldn't find links to source code yet.
- Downloading The problem of huge and frequently changing software repositories might be solvable with P2P distribution of code and binaries.
-
Quality assurance
All software projects face the dilemma between release often - release early and system quality. One can either
- reduce system quality
- or reduce the number of packages
- or accept long delays before final release of high quality system
- Metrics and Evaluation The decision between old, less features, more stable vs. new, more features, more bugs should be better reasoned by defining parameters to characterize distributions, distribution edition and distribution customization.
"The first casualty of War is Truth"
Reading some blogs about the ODF/OOXML file format war the famous quote "The first casualty of War is Truth" (from Rudyard Kipling --- I guess) comes into my mind.