You are here

sysadmin

Outlook for Android reports "Your mail certificate is invalid. Would you like to login anyway?"

After doing some maintenance on my mail server, Outlook for Android started bitching about my certificate. My certificate was fine. 

The problem is that my IMAP server, Dovecot, has discontinued support for the shitty SSLv2 protocol, which is a good thing.

In the Dovecot config, I set ssl_min_protocol to TLSv1. Unfortunately the Android app does not support TLS, so it was unable to negotiate a secure transport. 

To resolve this issue, I changed the minimum to SSLv3, which is bad, but it works for now.

Roundcube not logging in users: "Storage server failed" "Empty Startup Greeting"

After a recent update to Roundcube, users became unable to log in. When they would try they would get an error that the Storage Server failed.

The cause of the issue is not clear, but is related to how the default host name is parsed. In order to restore functionality to my system I had to make two changes to config/config.inc.php

$config['imap_conn_options'] = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false
    )
);
and the host name needed to be prefixed with ssl://
$config['default_host'] = 'ssl://smtp.redcell.ca';

Install 64-bit Operating System as a VirtualBox Guest

You have installed VirtualBox, you have an ISO ready to install 64-bit Ubunto, FreeBSD, or your favourite OS, but when you try to create a new VM, 32-bits is the only option.

You may have searched, only to find that everyone says you need to turn virtualization on in your BIOS, but you checked, and you know it's turned on.

Try this: reboot.

Yes, a single reboot, and VirtualBox will offer to create 64-bit VMs.

Lenovo ideacentre Horizon 27 Windows 10 network WiFi driver

After updating my Horizon 27 to Windows 10, it was unable to detect my WiFi adapter.

Lenovo does not have Windows 10 drivers for the (original) Horizon 27. The site identifies the adapter as a Qualcomm Atheros device.

I tried installing the Windows 8.1 driver from Lenovo's site, but it didn't work.

Just for fun, I tried downloading and installing the Windows 10 driver for the Horizon 27 2, the next generation model. It is identified as a Realtek RTL8188CE driver, so I didn't get my hopes up.

After a reboot, it worked! In device manager it is a Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC.

From what I can tell, the Realtek drivers are written by Atheros, and it wouldn't be a stretch to say that they use the same chipset.

"No active remote repositories configured." running pkg in jail

Copy /etc/pkg/FreeBSD.conf from the host to the jails

freebsd-update will not upgrade from 9.0-RELEASE

When attempting to update from a fully-patched 9.0-RELEASE, you may encounter results like these:

Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 9.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.

WARNING: This system is running a "venus" kernel, which is not a
kernel configuration distributed as part of FreeBSD 9.0-RELEASE.
This kernel will not be updated: you MUST update the kernel manually
before running "/usr/sbin/freebsd-update install".

The following components of FreeBSD seem to be installed:
src/src world/base world/doc

The following components of FreeBSD do not seem to be installed:
kernel/generic world/games world/lib32

Does this look reasonable (y/n)? y

Fetching metadata signature for 10.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.

You will find lots of people telling you to run this command

sed -i '' -e 's/=_/=%@_/' /usr/sbin/freebsd-update

It won't work. Instead you need to apply this patch:

Index: freebsd-update.sh =================================================================== --- freebsd-update.sh (revision 265210) +++ freebsd-update.sh (working copy) @@ -1110,7 +1110,7 @@ fetch_metadata_sanity () { # Some aliases to save space later: ${P} is a character which can # appear in a path; ${M} is the four numeric metadata fields; and # ${H} is a sha256 hash. - P="[-+./:=%@_[[:alnum:]]" + P="[-+./:=%@_~[[:alnum:]]" M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+" H="[0-9a-f]{64}"

Server error: '501 5.1.3 Bad recipient address syntax'

A user of my mail server recently had some recipients of a message returned. He received this message from my server.

The following recipient(s) cannot be reached:

       'redacted@civ.utoronto.ca' on 8/20/2014 10:35 AM
             Server error: '501 5.1.3 Bad recipient address syntax'

       'redacted@wlu.ca' on 8/20/2014 10:35 AM
Server error: '501 5.1.3 Bad recipient address syntax' 'redacted@uoguelph.ca' on 8/20/2014 10:35 AM
Server error: '501 5.1.3 Bad recipient address syntax' 'redacted@uoguelph.ca' on 8/20/2014 10:35 AM
Server error: '501 5.1.3 Bad recipient address syntax' 'redacted@eng.uwo.ca' on 8/20/2014 10:35 AM
Server error: '501 5.1.3 Bad recipient address syntax'

The other recipients were delivered successfully. On the server-side, Postfix logged:

Aug 20 14:35:17 darwin postfix/smtpd[63431]: warning: Illegal address syntax from 
or087.uwaterloo.ca[129.97.9.53] in RCPT command: <'redacted@uwo.ca'>
Aug 20 14:35:17 darwin postfix/smtpd[63431]: warning: Illegal address syntax from
or087.uwaterloo.ca[129.97.9.53] in RCPT command: <'
redacted@wlu.ca'>
Aug 20 14:35:17 darwin postfix/smtpd[63431]: warning: Illegal address syntax from
or087.uwaterloo.ca[129.97.9.53] in RCPT command: <'
redacted@eng.uwo.ca'>
Aug 20 14:35:17 darwin postfix/smtpd[63431]: warning: Illegal address syntax from
or087.uwaterloo.ca[129.97.9.53] in RCPT command: <'
redacted@grandriver.ca'>

The problem is that these particular addresses were literally enclosed by apostrophes. I don't know why the user's client (Outlook) misformatted these addresses. He confirmed that he did not copy them from another application or change anything at his end.

To fix the problem I configured Postfix to filter and rewrite the address when it is sending commands to other MTAs.

I added to main.cf:

# Strange filtering
smtpd_command_filter = pcre:/usr/local/etc/postfix/command_filter
and created the file command_filter:
# Fix malformed emails that are surrounded in single quotes.
/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/     RCPT TO:<$1>$2

This fixed this oddity in which RCPT TO commands were not RFC 821-compliant.

postgrey won't start after FreeBSD upgrade

echo 'postgrey_flags="--inet=127.0.0.1:10023"' >> /etc/rc.conf
chown postgrey:postgrey /var/db/postgrey
/usr/local/etc/rc.d/postgrey start

"You don't currently have permission to access this folder" on symbolic link

You will face this error when creating a symbolic link (using mklink for example) to a network path.

I encountered this when trying to workaround Visual Studio's insistance that projects not be opened from network drives.

Symbolic links can only be created on local drives.

So you broke Drupal's tables...

If you have missing tables, you know there isn't an easy way to tell drupal or a module to recreate those tables. For example, this site was missing the field_data_comment table, or something like that.

To fix it, create a new Drupal installation and install all of the modules that have tables that need repairing.

Now, dump all of the table definitions from the fresh installation:

mysqldump <freshdb> --no-data --skip-add-drop-table > fix-mysql.sql

and apply the script to your broken installation:

mysql --database=<brokendb> < fix-mysql.sql --force

Ignore all the error messages. Those that the existing tables that we don't want recreated.

Tags: 

Pages

Simple Copyright Policy: If you want to reproduce anything on this site, get my permission first.