Tag Archives: Linux

New GitHub Project: trustymail

I’ve been running private mail service @theplante.net for years.  Spam filtering has long been one of the most difficult (impossible!) issues for small-time mail operators, but I usually enjoy the challenge, and using the various white/black listing and heuristics tools makes the experience manageable.

Still, I never entirely trust that important messages will survive the spam filtering process as intended, so I will occasionally whitelist senders that I know I want to hear from.  In my setup this usually means some combination of Postgrey and SpamAssassin configuration.

I finally decided to sit down and spend a few minutes scripting the configuration process so I could maintain one whitelist instead of multiple.  The script will format each config file as needed, and I don’t have to worry about my lists getting out of sync anymore.

The results are available on GitHub:  https://github.com/ThePlante/trustymail

Upgrading Apache from 2.2 to 2.4 (Ubuntu Precise to Trusty)

There are a few significant changes between Ubuntu Precise (12.04) and Trusty (14.04) with regard to Apache2 which may cause some headaches if you aren’t prepared to troubleshoot them.

conf.d to conf-enabled

/etc/apache2/conf.d is no longer sourced by apache.2conf.  Instead, conf files are now using the *-available and *-enabled scheme that modules and sites use.  You may need to port old configs over from conf.d to conf-available/enabled if you had anything non-default in there.

site names require “.conf” at the end now

Previously, any files in sites-enabled was loaded into Apache.  Now, apache2.conf has been changed slightly to only load sites configs ending in the name “.conf”

IncludeOptional sites-enabled/*.conf

access control has changed

The access control syntax has changed between versions.  For example,

Order allow,deny
Allow from all

is now written simply as

Require all granted

The updated apache2.conf  in Trusty also contains some default permissions which may or may not alter the way your existing vhosts behave, but these are easily adjusted.

There are many more changes as well, which are documented on the apache.org website: http://httpd.apache.org/docs/2.4/upgrading.html

NUT (Network UPS Tools) on Ubuntu Precise

Installing nut (Network UPS Tools) on Ubuntu Precise with a USB connected UPS (such as the CyberPower AVR series) may produce an error similar to the following:

Can’t connect to UPS [UPS] (cyberpower-ups): No such file or directory

The problem involves the fact that Ubuntu mounts the device as owned by root, but the nut daemon drops to an unprivileged account that doesn’t have the necessary access. The simple fix is to use udev to adjust the device permissions.

Connect the device and (as root) run lsusb and locate it. Note the Bus and Device IDs as well as the Vendor:Product ID pair.

Bus 001 Device 009: ID 0764:0501 Cyber Power System, Inc. CP1500 AVR UPS

You can check the current permissions in /dev.

File: ‘/dev/bus/usb/001/009′
Size: 0 Blocks: 0 IO Block: 4096 character special file
Device: 5h/5d Inode: 28437 Links: 1 Device type: bd,8
Access: (0664/crw-rw-r–) Uid: ( 0/ root) Gid: ( 0/ root)

Now we just create a udev rule that controls the mount behavior.

/etc/udev/rules.d/90-nut-ups.rules:

ACTION==”add”, \
SUBSYSTEM==”usb”, \
ATTR{idVendor}==”0764“, ATTR{idProduct}==”0501“, \
MODE=”0660″, GROUP=”nut”

The rule watches for USB device additions with a vendor and product that match the UPS. It then sets the mode to 0660 and the group to nut instead of the default root. Reload udev, then disconnect and reconnect the device and test that the new permissions are correct. Now that the nut user group has read and write on the device, it should be able to start successfully.