Configure SMTP-Auth on exim4

Ever tried to get STMP-Auth running on your own exim4 instance?

Well it is really not much of a problem if you are running Debian and have access to the infamous internet.

This post is basically a copy-cat of the great post from debian-administration.org on HowTo Setup Basic SMTP AUTH in Exim4

The post was a great help, but afterwards my server was still not accepting my SMTP request to send an email. Some people in the comments complained that it was still not working for them, but since the post is inactive for more than a year I decided to post it on my blog.

So lets start …

We assume you have exim4 running, all mails get delivered to the correspondig home-dirs and you can access your server via STMP (PORT 25) without SSL or TLS to send an email to a non-relayed host. (Means to a local mail recipient).

I will copy now the steps from debian-administration.org in case the posts is going offline …

We need to generate a self-signed SSL-certificate by calling

 
/usr/share/doc/exim4-base/examples/exim-gencert
Be sure to add the certificate to your keychain once you connect later on.

Then go to
/etc/exim4/conf.d/auth/30_exim4-config_examples
and uncomment this whole bunch
# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif

and this whole bunch
# login_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif

These steps will enable you to login via auth plain and auth login. Depending on your eMail program you may need the one or the other. It is save to enable both, your program will choose the correct automatically.

Then the tutorials says to add the line
MAIN_TLS_ENABLE = true
to the file
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
This configuration is correct but it makes debugging HARD, since now your server does not respond with 250-AUTH plain when you do an EHLO localhost via telnet on your server. You first have to do a STARTTLS or use openssl in the first place ;).

Before we de create a new user via
/usr/share/doc/exim4-base/examples/exim-adduser
and the restart via
update-exim4.conf
/etc/init.d/exim4 restart

Now we connect through openssl by calling this command
openssl s_client -host my.server.name -port 25 -starttls smtp
 

and everything should be working fine.

If you receive the error like 435 Unable to authenticate at present” then maybe exim4 cannot read your passwd file under /etc/exim4/passwd for debugging try to set it to 777, but if it works set it to the correct value, according to the group exim4 is in.

 

A good german post on testing SMTP-Auth with telnet is on computer-tipps.info : Testing SMTP with Telnet

 

Back on WordPress Again!

Hey Folks,

after a long experience on my once favored CMS MODx I returned to WordPress.

You are curios why? Well I really loved MODx because of its flexibility and its enormous potential to quickly integrate PHP Code as a very modular plugin.

I still got some Evolution Codebases running for some of my clients, but I really never installed Revolution for any of my clients.

Maybe you have read one of my older posts, where I talked about porting my Blog to Revolution. It sure was no easy task, and the performance at the end was frustrating.

Installing plugins was now made through a totally buggy package transport system etc.

 

Then today I ported all my websites from a Shared Hosting to a vServer and also “tried” to update MODx Revolution to its newest version 2.1.3. Well the task did cost me more than an hour, some serious headaches and quite some coffees.

MODx did not finish the update correctly, by NOT altering some tables. The result was a broken installation, which could not be reverted.

After replaying my backup I tried the whole routine again, cause I read in … that it was maybe some issue with the MySQL user privileges.

Well this post did not change a thing. Same error in the log files:

 

Unknown column ‘modUser.hash_class’ in ‘field list’

Alright, now another post led me to the issue, that it could be something with wrong CHMOD prefs.

I set all the directories and files to 777 and reinstalled again. Et voilá, …. still nothing, but the error changed, hooray.

PHP Fatal error: Call to undefined method modX::getUserDocGroups()

 

Well what is this?! A fatal error in a fresh install? Luckily MODx own bugtracker had this one filed under : Bug #5451

The best part is “The solution” :

– uninstall Wayfinder (2.1.3 at the time of revo 2.0.8)
– redownload it as “new package” as package manager does not(!) recognize the newer package (says “no updates for wayfinder”)
– install Wayfinder 2.3.1

Wow super, I got a broken install here and I should change something in the OLD UNBROKEN VERSION! Seriously guys?

Not that it was impossible to revert the whole install again and then change the Wayfinder setting, but after nearly 2 hours I just had enough. I haven’t yet installed the system and the errors were not stopping. My crystal ball tells me that there are more problems coming up …

So long MODx, we had a fair time together.

 

For all you guys that still want to continue I made some “shownotes” to dig further.

 

Ported the old WordPress Design

Wow ! This was pretty fast and also pretty easy to do actually, that is what I love about modx. Templates integrate so easily and they are so fast to build, cause MODx just accepts the pure HTML,

For people who come to MODx and have never seen the old EVO-Branch it will be very hard to make new templates, cause it seems to me that the official documentation for this is not yet online.

Too, the new MODx Revolution does not have the folder structure the old Evolution had, and it also does not have any Sample templates bundled.

What most developers like is to start with a working solution and then modify it step by step till it fits their current needs. MODx Revoltion offers here an even better approach than Evolution as it comes with the new Transport Package System.

Hope you enjoy the template.

 

Best,

 

Arne

Welcome to MODx Revolution

Codetactics now runs on the new MODx Revolution, for the fast-clicking people, this is where you can get it:

MODx Revolution Download – from modxcms.com

Beeing a modx developer for about a year now and having the pleasure to realize several projects on ‘ye olde’ MODx Evo 1.x, I noticed that now is the time to finally switch to the new MODx Revolution

My decision was based on the fact that the MODx-Team finally released a Release Candidate for the new Revolution, which clearly meant that there will be no major changes in the future.

At first I thought it would be very easy to switch, but some major changes are made in MODx Revolution, which requires even experienced Evolution users to start right away.

Luckily the Documentation has is not that long and you can quickstart after a short read of about 30 minutes, very acceptable for a complex PHP CMF application framework such as MODx Revolution

Hopefully my experiences will be as rewarding as they have been with the old Evolution branch, we will see …

Domains

A very good tutorial if want MODx on multiple Domains with one Core

Here you can find a really good step by step Tutorial who to set up MODx Revolution on multiple Domains / Sudomains.

All you need is one working Installation, cause all Domains will access the same core and will be manageable through one Backend.

This is pretty much the approach Wordpres-MU tries to accomplish, but as always, MODx does it better ;), check it out.

MODx Multi Domain Tutorial on Belafontecode.com

Getting Ditto to work in MODx Revolution

Ditto does not work correctly out of the box, you need to do some minor changes

If you just switched to MODx Revolution and want to reactivate your favorite Snippets, here comes a good news. Ditto has already been ported and is available through thee built-in Transport Package System.

Sadly Ditto does not really work as expected if you try to work with the tutorials that have been made for the old MODx Evolution, cause some changes in Chunk-Calls and Placeholder-Calls have been introduced in Revolution.

If your experience the date to be malformed, this is due to the fact that MODx tries to reprocess the old placeholder [+date+]. Revolution has these new functionalitys called Input / Output Filters which behave very similar to PHx modifiers from MODx Evolution.

This is how my template looks when it is finished, please note that it is HTML5 compliant, if you do not want this just replace <article> with its equivalent inn HTML 4: <div>

<article pubdate=”26.04.2010″> <h3><a href=”blog/tutorials/ditto-in-modx-reovlution.html” title=”Ditto in MODx Reovlution”>Ditto in MODx Reovlution</a></h3> <p> by Arne Tarara on <time>26.04.2010</time></p> <div> </div><!– close .entry –> </article><!– close .ditto_result –>

Some thoughts on Version Control

While coding for quite a long time now, it is very natural for me to use Version Control systems every day. I must say that I did quite catch the hype on git and wanted to try it right away. Although I do not come from the ruby world and am more a PHP guy, I gave git a go.

Making my first repository on github an commiting some changes was really easy, no hassle and really fast response times. Whend looking at the subversion timeline it takes me almost 10-15 sec before I can see any result, when using git, even cloning is faster than that.

So I decided to use git for some small projects on my own, locally on my OS X box and shared public on github. I was fascinated by the easy branching and merging, something I always missed when using subversion, cause branching in subversion is like driving a car from the 60’s.

It works, but you never know when it will break. Only one thing is for sure … it WILL break ;).

But one thing were git loses its natural strength is when it should do what it was supposed to do, Distributed Version Control. I would have never thought that it could be so hard to maintain a git repository between two persons working on one codebase. I was working with a windows guy, and we had really some big troubles with the line endings. It took us nearly 10 commits, till the line-breaks were all set to LF.

Depending on how many persons will work on your repo, you will never fully get rid of em, and the worst of all are the ‘diffs’ you see in your

git log

Cause it is the whole file twice, really annoying.

But nevertheless, once you finally got it working it always produced trouble, when doing a push or a pull, cause the merges always ended in a disaster, as git’s merge strategy sometimes just had overwritten some fresh changes, or just aborted and then refused to continue.

Since this did not work out, but I wouldn’t wanna lose the really good merge feature, I tried git-svn. But just the first start was just a shot in the knee, here is what I did:

I cloned the SVN repo from remote, and git automatically fetched all SVN branches correctly and pulled them to local lightweight branches, so easy switching was possible.

Directly after cloning the repository, git complained, that there were some CRLF errors. Ok no worrries, just one:

git commit -a -m "Fixes the CRLF to LF" And you’re good. Then my buddy commited some stuff, and I wanted to pull the changes, so I typed:

git svn rebase
First, rewinding head to replay your work on top of it...

Ahh thank you git, you recognized I had changes (the LF stuff) in my file that had not been in the remote-master

Falling back to patching base and 3-way merge... error: Your local changes to 'public/js/form/jquery.validationEngine.1.6.2.js' would be overwritten by merge. Aborting. Please, commit your changes or stash them before you can merge. Failed to merge in the changes. Hooo, quite an error here, ok he aborted the merge, what to do now?

Actually I do not even understand why this problem occurs, cause my repo was rewinded, but anyway, lets have look on the file, cause there are supposingly some merge markers in it and I will just resolve the conflict …

mate public/js/form/jquery.validationEngine.1.6.2.jsHmm, no merge markers here, so I will follow git’s advice

Please, commit your changes or stash them before you can merge. When you have resolved this problem run "git rebase --continue". If you would prefer to skip this patch, instead run "git rebase --skip". To restore the original branch and stop rebasing run "git rebase --abort". So what I do is:

git commit -a -m "Added the merge" git rebase --continueAnd what I get is:

No changes - did you forget to use 'git add'?What? Ok, I give it a go

git add .And what I get is just a newline

\nOk, I tried some more commands but didn’t get the solution, so I recloned the repo and made:

git svn dcommitdirectly after fixing the LF thing, but then other errors occured when maing my next commit. Believe this could on for ages … I tried it back and forth, and I am 100% sure there is a solution to all of these problems, but what is the price I have to pay for this? Some git commands are so abnormal, I just can’t quite remember and end up in beeing a man-page reader instead of a coder.

Working with git makes me very unproductive and gives me headaches, so I finally surrendered and switched back to SVN. Just one note here, do not even think of using git-svn, it is even worse than git alone when you are working with more than one person.

When I heard the talk of Linus Torvalds on Google, he always stated that you should use the best tool for the job. And quite frankly Torvalds, this cant seriously be the best tool for the job.

Change user password on linux

Just a simple problem, you are running a vServer and have multiple users and some of the users wants to change his password.

They type in the typical UNIX command passwd <your_passwd> or you type in as root passwd <user_name> and you get prompted for the password.

But although you got the proper permissions it just keeps saying:

passwd: Authentication information cannot be recovered
passwd: password unchanged
The german error for this is:

passwd: Authentifizierungsinformationen können nicht wiederhergestellt werden
passwd: password unchanged
Usually the problem is very easy, you just do not meet the password spcifications, but you get no detailed error on it. So just do cat /etc/pam.d/common-password

The Output should look something like this:


# # /etc/pam.d/common-password - password-related modules common to all services
# # This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix.
# Explanation of pam_unix options:
# # The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
# # The "md5" option enables MD5 passwords. Without this option, the
# default is Unix crypt.
# # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
# # You can also use the "min" option to enforce the length of the new
# password.
# # See the pam_unix manpage for other options. password required pam_unix.so nullok obscure md5

So you just have to fit you password to the current restrictions, in my case, the “obscure” directive caused trouble, because the password was not complicated enough. Just mix many numbers and lower/upper case letters with a minimum length in it.
“use_authtok” seems to be a troublemaker sometimes too.