Many php-based web application are using php's smtp function. Unfortunately, Ubuntu's php default setup disregards the installation of packages necessary for using smtp. The following command line takes care of their installation:
aptitude install php-net-smtpHere comes an update to the old article on how to configure Squid. The new Squid 3.x which is available in Ubuntu 16.04 requires some different configuration.
Installation is easy. Just fire the following line:
apt install squidThe configuation file to edit is still located at /etc/squid/squid.conf. Make a backup of the original file and have to new one contain the following lines:
http_port 31280
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 1
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off
acl auth proxy_auth REQUIRED
acl localhost src 127.0.0.0/8
http_access allow auth
http_access allow localhost
http_access deny all
cache deny all
forwarded_for off
request_header_access Via deny all In order to have users show some identification a password file with according hashes has to be set:
htpasswd -c /etc/squid/passwd USERNAME
chmod 400 /etc/squid/passwd && chown proxy /etc/squid/passwdThat should do it. Squid 3 will ask users for ID and password and proxy your requests.
This article describes how to forward phone calls that are incoming on a Sipgate VoIP-based number to any given mobile or landline in an affordable way by using FreeVoipDeal. Prerequisites are accounts at Sipgate, FreeVoipDeal and of course your own PBX based on Asterisk.
Configuring an Asterisk PBX is rocket science in itself. To keep this article focused on the main issue I therefore assume you already have a running setup.
In order to forward calls you'll have to use the Windows client of FreeVoipDeal. There you can configure a general forward number which can be a landline or mobile number. Also, you'll have to allow access to the SIP-server of FreeVoipDeal - that is deactivated by default. Now you can use you FreeVoipDeal-account to receive incoming SIP-based calls on youraccountname@sip.freevoipdeal.com.
The tricky part is how to keep the caller's number intact while forwarding. In your extensions.conf you'll therefore have to add the following lines:
exten => s,1,Set(CALLERID(name)=${IF($[${CALLERID(number)} = anonymous] ? anonymous : 49${CALLERID(number):1} )})
exten => s,n,Set(CALLERID(number)=${IF($[${CALLERID(number)} = anonymous] ? anonymous : 49${CALLERID(number):1} )})
exten => s,n,Dial(SIP/youraccountname@sip.freevoipdeal.com,,tkw)Now all your incoming calls are going to be forwarded to your designated number.
Faulty temperature control in a datacenter can cause terrible damage. In case you can't influence air con's reliability, you have to set up some protection on your end - that is: your server.
Most modern hard drives provide temperature sensors which can be used to trigger actions when reaching a threshold. I'll describe how to do this with a too called hddtemp and cron in Ubuntu 16.04.
We need to intall the tool's package:
apt install hddtempNow we create a little shell script which later we will trigger by cron on a regular basis. In this scenario we save the script in /usr/local/bin and name it harddrive-watcher.sh:
#!/bin/bash
HOSTNAME=yourHostname
MAILTARGET=root
HDDS="/dev/sda /dev/sdb"
HDT=/usr/sbin/hddtemp
LOG=/usr/bin/logger
DOWN=/sbin/shutdown
ALERT_LEVEL_MAIL=35
ALERT_LEVEL_SHUTDOWN=50
for disk in $HDDS
do
if [ -b $disk ]; then
HDDTEMP=$($HDT $disk | awk '{ print $4}' | awk -F '°' '{ print $1}')
if [ $HDDTEMP -ge $ALERT_LEVEL_MAIL ]; then
$LOG "Warning: hard disk $disk temperature reached its warning limit of $HDDTEMP°C"
echo "Warning: hard disk $disk temperature reached its warning limit of $HDDTEMP°C" | mail -s $HOSTNAME $MAILTARGET
fi
if [ $HDDTEMP -ge $ALERT_LEVEL_SHUTDOWN ]; then
$LOG "Emergency shutown: system going down as hard disk $disk temperature reached its final limit of $HDDTEMP°C"
sync;sync
$DOWN -h 0
fi
fi
doneLastly, we add the following line to root's cron file:
*/5 * * * * /usr/local/harddrive-watcher.shNow there will be a temperature check every 5 minutes with two thresholds: If the first one is reached you'll receive a mail. At the second threshold the system will shutdown to protect its data from thermal damage.
Recently, the server hosting my Asterisk setup started to get laggy and eventually it even died a few times on me. Checking the logs it turned out that unknown IPs tried to initialize calls through my contexts. The log file carried gigabytes of stuff like this:
NOTICE[1110] chan_sip.c: Call from '' (IP_ADDRESS_REMOVED:5070) to extension '000972597103443' \\rejected because extension not found in context 'maincontext'.It was pretty obvious that some hijacked clients tried to initialize calls trough my system. Luckily, my setup does not accept calls from unknown parties. Yet, the massive amount of connections filled up my logs entirely and opened that many connections that the system collapsed at the end.
In order to secure other systems in my environments, I'm using fail2ban, e.g. for securing ssh logins. Therefore I will do the same for the sake of my Asterisk health.
aptitude install fail2bancd /etc/fail2ban && cp jail.conf jail.local/etc/fail2ban/filter.d/asterisk.conf:
[Definition]
_daemon = asterisk
failregex = NOTICE.* .*: Call from \'\' \(<HOST>:.*\) to extension \'.*\' rejected because extension not found in context \'incoming\'.*
NOTICE.* .*: Registration from \'\".*\" \<sip:.*\>\' failed for \'<HOST>:.*\' - No matching peer found
ignoreregex =/etc/fail2ban/jail.local. Assuming there is a default Asterisk setup on your system, the follwing lines have to be added at the end of that file:
[asterisk]
enabled = true
filter = asterisk
action = iptables-allports[name=asterisk, protocol=all]
logpath = /var/log/asterisk/messages
maxretry = 1
findtime = 600service fail2ban restart It's a very decent feature in Syology's DSM 4.1 having Logitech Media Server at the tip of your finger as an official 3rd party package. It offers the possibility to stream your own music library to any Logitech Squeezebox around your house. In addition, it is controllable by different IR-remotes as well as by very handy Android and iPhone apps.
Yet, Logitech decided to discontinue the whole Squeezebox lineup. That's quite unfortunate, as those devices offered nice build quality together with an amazing centralized setup. But that's not a complete showstopper.
As the whole Squeezebox project is open source, there is a sweet comandline tool called squeezeslave that acts as a software client. It can be run as a daemon on Windows, OS X, Linux, OpenWRT-based routers and several other devices - among them NAS devices. As my Synology NAS sits just next to my stereo, I had the idea of using it as the Squeezebox server as well as a softclient.
To be able to output sound from the Synology NAS, an external USB sound card is needed. I'm using a Terratec Aureon Dual USB. It features a digital s/pdif output which I was looking for. Any other USB sound card should do just fine, too. When looking for different hardware, it can be helpful to check for OS X-support, as the necessary sound modules for OS X usually derive from Linux - and we need those modules for Linux.
In order to be able to stream actual sounds to the USB sound card, some modules and libraries are needed. To install those the Synology box needs bootstraping. This is explained in the earlier article Bootstraping an Intel Atom-based Synology NAS.
After the bootstrapping process is done, the necessary packages can be installed by using the following line:
ipkg install alsa-lib alsa-utils libusb usbutilsThose modules won't load themselves unless you're using Synology's Audio Station package. If so, you need to execute the following lines once:
modules="soundcore.ko snd.ko snd-hwdep.ko snd-page-alloc.ko snd-seq-device.ko snd-timer.ko snd-pcm.ko snd-rawmidi.ko snd-usbmidi-lib.ko snd-usb-audio.ko snd-mixer-oss.ko snd-pcm-oss.ko"
for i in $modules;
do
insmod /lib/modules/$i
done;The correct setup can be tested by running lsusb which should list your USB sound card. Another good indication for a proper setup is to run alsamixer. It's supposed to show a commandline volume mixer.
Now that the general conditions are met, squeezeslave itself needs to be set up. The appropriate package can be found on Sourceforge. It is advised to use the lnx24-package of the most recent version (at the time of writing it is v1.2-311). The following lines help doing so. Beware to adjust the respective links and file names to the ones you downloaded.
cd /tmp ; wget "http://downloads.sourceforge.net/project/softsqueeze/squeezeslave/squeezeslave-1.2.311/squeezeslave-1.2-311-lnx24.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fsoftsqueeze%2Ffiles%2Fsqueezeslave%2Fsqueezeslave-1.2.311%2F&ts=1356280037&use_mirror=freefr"
cd /opt/bin; tar xzf /tmp/squeezeslave-1.2-311-lnx24.tar.gzIn order to start squeezeslave on boot, a new start script is necessary. It has to be placed in /opt/etc/init.d/. I named the script S70squeezeslave.
#!/bin/sh
# load sound modules for squeezeslave to work
modules="soundcore.ko snd.ko snd-hwdep.ko snd-page-alloc.ko snd-seq-device.ko snd-timer.ko snd-pcm.ko snd-rawmidi.ko snd-usbmidi-lib.ko snd-usb-audio.ko snd-mixer-oss.ko snd-pcm-oss.ko"
for i in $modules;
do
insmod /lib/modules/$i
done;
# wait a few seconds before starting the squeezeslave daemon
sleep 10
/opt/bin/squeezeslave -N -o0 -R -M/var/log/squeezeslave.logTo make the script executable, run the following:
chmod u+x /opt/etc/init.d/S70squeezeslaveNow, the setup should survive a reboot just fine. If everything worked out a new device called "squeezeslave" should appear in you Logitech Media Server. On your other squeeze devices you should be able to control the output now as if it were any other squeezer.
A SoHo-NAS is a handy device that can store loads of data and acts a central home server all at once. Just recently I had the chance to play around with one of those toys in order to learn about their capabilities.
To be able to install some useful and common Linux commandline tools on a Synology NAS, it needs to get bootstraped. This article assumes that a remote shell SSH access is already established. The rest of the process is fairly simple.
First, change to a directory for temporary data:
cd /volume1/@tmpNow, the relevant data is supposed to be retrieved - in this case for an Intel Atom-based NAS:
wget http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/syno-i686-bootstrap_1.2-7_i686.xshThis file is a self extracting container that contains the relevant packages and at the same time creates the necessary file and directory structure. It gets executed like this:
ash syno-i686-bootstrap_1.2-7_i686.xsh && rm syno-i686-bootstrap_1.2-7_i686.xshTo get the most recent package list and also the latest packages themselves, the following command has to be run:
ipkg update && ipkg upgradeThe install script modifies the current PATH variable so that ipkg can be found. However, to make the change permanent, the PATH variable in root's .profile needs to look like this:
PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/binRecently, I gained some insight on the intended nature and its implications of the interaction of DNS with mail services.
It seamed that rather suddenly, my mail server was no longer able to receive mails from certain mail service providers like web.de. Those sending mail servers were only little verbose about what the source of the problem was:
domain has no mail exchangersThat was rather strange to me as I had some good experiences so far regarding the reliability of the DNS servers I was using. The original configuration I used was the following:
$ dig mx grosseosterhues.com
[...]
;; ANSWER SECTION:
grosseosterhues.com. 120 IN MX 10 mx.grosseosterhues.com.and
$ dig mx.grosseosterhues.com
[...]
;; ANSWER SECTION:
mx.grosseosterhues.com. 119 IN CNAME mail.grosseosterhues.com.
mail.grosseosterhues.com. 120 IN A 46.4.78.23So my MX record was a CNAME pointing to an A resource record. No problem with that -- I thought. Doing some web research I learned from RFC 2181, Section 10.3 that there is a certain regulation prohibiting an MX resource record from being an alias (CNAME):
10.3. MX and NS records:
The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. Not only is the specification clear on this point, but using an alias in either of these positions neither works as well as might be hoped, nor well fulfills the ambition that may have led to this approach. This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR.
I don't know if some providers just adjusted their MTA to use more restrictive policies on sending mails to foreign mail servers of if I just never realized a problem. Anyway: after changing the MX record over to an A resource record everything works flawless (again).
*[IMAP IDLE]: The IDLE feature allows IMAP e-mail users to immediately receive any mailbox changes.
Regular desktop mail clients support push notifications when communicating with IMAP servers. In order to achieve this, IMAP IDLE is being using. Unfortunately though, the current generations of smart phones such as Apple's iPhone or Android-based phones do not support the IMAP IDLE feature but prefer ActiveSync to achieve Push services.
One way to make use of IMAP IDLE e.g. on Android is to use a different mail client like K9 Mail. Yet, that may not be an option to everyone due to software installation policies.
In case modifying the phone's software setup is not an option, it is possible to insert an emulation layer from IMAP to ActiveSync on the mail server. This layer is provided by Z-Push, an open source implementation of the ActiveSync protocol, developed by the Zarafa team.
Z-Push is run by an Apache webserver using PHP and the php-imap module in order to provide the bridge between mobile device and IMAP server. This article documents how to set up a running ActiveSync emulation using Ubuntu Linux, Apache webserver, and Cyrus IMAP-daemon. A running Apache with working PHP and SSL configuration on an Ubuntu Linux is presumed.
This article assumes all Z-Push files to be places in /var/www/z-push. First, the according sources are to be downloaded. They can be found either here http://z-push.sourceforge.net/ or here http://zarafa-deutschland.de/z-push-download/final/.
In the file /var/www/z-push/config.php the BACKEND_PROVIDER has to be changed:
define('BACKEND_PROVIDER', "BackendIMAP");For syncing problems in previous versions of Z-Push, it helps to increase the value of MAX_EMBEDDED_SIZE as follows:
// define('MAX_EMBEDDED_SIZE', 1048576);
define('MAX_EMBEDDED_SIZE', 10485760);By default Z-Push expects the directories /var/log/z-push and /var/lib/z-push to exist. In Ubuntu, this is not the case. Therefore, they have to be created and the according ownership needs to be set:
mkdir /var/log/z-push /var/lib-z-push
chown -R www-data:www-data /var/log/z-push /var/lib/z-pushIf not already present, the proper php5-imap module needs to be installed:
aptitude install php5-imapNow in Apache config, the file /etc/apache2/sites-enabled/default-ssl gets some addition:
Alias /Microsoft-Server-ActiveSync /var/www/z-push/index.php
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
php_flag magic_quotes_gpc off
php_flag register_globals off
php_flag magic_quotes_runtime off
php_flag short_open_tag on
If the Suhosin patch for PHP is used, the following setting has to be changed to off in /etc/php5/conf.d/suhosin.ini:
suhosin.executor.disable_emodifier = offThe mobile device should address the emulated ActiveSync server just by it's hostname. It is not neccessary to add the Apache alias into the address.
On Android phones, the user might have to accept certain security policy warnings before the actual sync starts.
Useful debugging information can be found in Apache's logs in /var/log/apache2 and in Z-Push's logs in /var/log/z-push. Cyrus IMAP logs its information into the mail system's log in /var/log/mail.log.
In order to mix different sound channels, the Asterisk MeetMe-extension relies on the dahdi-Module that take care of the necessary timing. This module is not a stock module in Ubuntu, so it has to be build from stock. Fortunately, Ubuntu delivers packages that take care of the framework used to build that module from source. The following line will install all those packages:
aptitude install asterisk-dahdiNow, the dahdi module needs compilation. :
aptitude install linux-headers-3.0.0-12-virtual