Ubuntu

Filtering Spam before Forwarding Email with Postfix/SpamAssassin

One feature many cPanel/Shared Webhosts has is an option to forward your email to a different address. Very useful if you want to have multiple email addresses but check it all in one place (Gmail) like I do. But if you’re like me, you’ve likely migrated onto your own dedicated server you manage yourself, and its likely your making mistakes with email forwarding and filtering spam!

The problem is that that when you receive spam, you are also forwarding spam to your email provider, which makes them upset with you and tarnishes your servers IP address. I did this for years! I always thought that Gmail would be smart enough to see the path in the headers to realize it was forwarded – but then thinking about it – why would Gmail trust me that those servers actually sent the email and that I didn’t just spoof those Received: lines to blame someone else?

When I recently migrated my host, I put in a lot more effort into filtering the spam before it even hits Gmail, and learned quite a few things.

Filtering Spam with Postfix

First Off: Initial Connection Client Checks – These stop a majority of the spammers, and its so simple!
Add this line to your /etc/postfix/main.cf:

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client cbl.abuseat.org reject_unknown_client permit

This will enforce a lot of restrictions on the client, namely the Zen Spamhaus check, which knocks out so many spammer connections!

Filtering Spam with SpamAssassin

If you haven’t already installed SpamAssassin, do so now. There is a bit to this than I want to put into this post, so follow this sites guide: http://plecko.com.hr/?p=389

His instructions look spot on to me. Key thing I did not do on my setup and I just realized I needed to do: enable CRON=1! I’ve been running with stale SA Rules… But his guide covers it!

Next up is this page: http://wiki.apache.org/spamassassin/ImproveAccuracy

One thing it mentions is missing Perl Modules that SpamAssassin can try to use. For me, I had to run these commands to get them all installed.

sudo apt-get install libgeoip-dev
sudo cpan Geo::IP Mail::DKIM Encode::Detect DBI IO::Socket::IP Digest::SHA1 Net::Patricia

I don’t know what some of them are for, but SpamAssassin is obviously trying to use them, so give them to it!

Passing SPF Checks

Then there is SRS Rewriting. One problem with forwarding email is that it makes every one of your emails now fail SPF checks, because it looks like your server is sending mail for InsertBigNameDomain.com which does not authorize you to send mail on their behalf.

SPF is considered a “broken” implementation, and it is preferred that system admins use DKIM instead as a way to verify authenticity of an email, so ideally you need to rewrite the return path to be your own server name instead.

I used this guide: https://www.mind-it.info/forward-postfix-spf-srs/
Which summarizes down to

sudo apt-get install cmake sysv-rc-conf
cd /usr/local/src/
wget https://github.com/roehling/postsrsd/archive/master.zip
unzip master
cd postsrsd-master/
make
sudo make install
sudo postconf -e "sender_canonical_maps = tcp:127.0.0.1:10001"
sudo postconf -e "sender_canonical_classes = envelope_sender"
sudo postconf -e "recipient_canonical_maps = tcp:127.0.0.1:10002"
sudo postconf -e "recipient_canonical_classes = envelope_recipient"
sudo sysv-rc-conf postsrsd on
sudo service postsrsd restart
sudo service postfix reload

Now when you inspect a received emails header, you will see that the ReturnPath is now something like  <SRS0+9CLa=52=paypal.com=service@starlis.com>
And your SPF will now pass (You do have SPF records set right for your domain?)

Dropping the Spam

Now the final part… getting rid of that spam before it goes to Gmail!

In /etc/postfix/header_checks (you likely will need to create this file), add this simple line:

/^X-Spam-Level: \*{5,}.*/ DISCARD spam

then in /etc/postfix/main.cf:

header_checks = regexp:/etc/postfix/header_checks

This will drop the spam, but you may want to only drop higher level spam, so instead you could change the 5 to a 7, and then add to your /etc/spamassassin/local.cf (might already be there commented out):

rewrite_header Subject *****SPAM*****

This makes it so that any spam that doesn’t get dropped, has SPAM prepended to the header, which Gmail suggests you do if you do end up forwarding spam to Gmail.

With this approach, low score (5-6) spam will be forwarded but makes Gmail happy that you told them its spam ahead of time, and 7+ spam won’t even bother forwarding.

Taking these steps will help you maintain a good mail sending reputation (Hopefully I don’t have to repair mine too much…). Good luck 🙂

Final note for Gmail users

And one final step if you are using Gmail, ensure EVERY email address that you receive mail from that is forwarded to Gmail is added as a “Send Mail As” account. Gmail uses this list to know it is a forwarded address, and will be more lenient in spam rules. I don’t know if other ESP’s do this, but Gmail has requested you do this if you forward mail to them.

0

Ubuntu Live Streaming to Twitch.tv!

Good news for Linux users, the popular application for live streaming on Windows “Open Broadcasting Software” commonly known as OBS has been rewritten and now supports Linux. Ubuntu Live Streaming is now a thing with OBS.

First off, you will need a more up to date ffmpeg, found at the very common ppa:jon-severinsson/ffmpeg PPA.

sudo apt-add-repository ppa:jon-severinsson/ffmpeg
sudo apt-get update
sudo apt-get install ffmpeg

Then you will need the PPA provided by the OBS developer for almost daily updates:

sudo apt-add-repository ppa:btbn/obs-studio
sudo apt-get update
sudo apt-get install obs-studio

You will now have OBS installed.  Newest builds should have an Application Icon added for you, so find it under Audio/Video.

If your new to using this app – a quick run down of the terminology:

  • Scene: Configuration of multiple video/image sources to be output. You can have multiple scenes, such as 1 for left monitor, 1 for right monitor, 1 for ONLY a game, 1 for only a webcam, etc. You can switch between these while streaming to change what you are broadcasting.
  • Sources: Actual video and imagery sources. You add sources to a Scene such as your entire desktop or a single app, or your webcam, or a static image.

Play around with sources, each one should be obvious as to what it does, and build you a setup. When you add a source, you can resize and move it around the screen.

One issue I am having is that it does not work for my Webcam. Webcam works fine for other apps, so this has to be an issue with OBS, and another user also reports the problem.

To put my webcam into my stream, I opened up the Cheese application, then added a new Source that targets only that window, and crops off window parts and other non camera feed parts. I did have to invert Red/Blue.

Since its targeting a window and not the full desktop, you can safely minimize it and it works fine.

Now to stream to Twitch, you need to simply go to settings, go to the Streaming section, and put in your Stream key and select which server is closest to you.

Oh and one final detail (hopefully it hasn’t gotten you yet) The app likes to crash a lot when changing settings, so be sure to close the app after making a few changes to make it save them incase it crashes. I haven’t had any mid-stream crash issues though.

Good luck!

2

NVIDIA SLI + Triple Display on Ubuntu 14.04!

For many months I’ve had a 3rd monitor on my desk, but could not use it as I could not get it to work. Any time I enabled the monitor using Xinerama, the desktop would freeze on login.

I’ve now learned about how the whole XOrg and Nvidia Settings system works.

The trick is that many of the display settings for the nvidia driver are no longer relevant to Xorg.conf, and are now actually in a file in your home directory called .nvidia-settings-rc.

If you are having problems try wiping this file out, and also wipe out your /etc/X11/xorg.conf

Then, if you have SLI cards, issue sudo nvidia-config –sli=on

If you have a single card but MultiGPU, issue sudo nvidia-config –multigpu=on

If you have a SLI MultiGPU card (4+ GPU) then you only need sli, as Xorg.conf told me that multigpu was not necessary at that point.

I’m using the latest Ubuntu 14.04 nvidia-331-updates-uvm driver, which is running more stable than the nvidia-343-uvm from xorg-edgers ppa, so I do not recommend updating to 343.

Once you reboot, run the nvidia settings and ensure Base Mosaic is enabled, and enable all of your monitors in the order you want, and click the Save to X Config button.

But one detail I did not know that caused me so many issues in the past – that all of the OTHER nvidia settings has to be saved separately to that nvidia-settings-rc file.

This file should be saved automatically on close of the settings app, but to be sure go to the nvidia-settings Configuration panel and hit the save button, and simply select your home folder that it opens up to.

Now one important note, when you hit the Save to X button, its going to wipe out your SLI/MultiGPU option! So you need to go back and re-run sudo nvidia-config –sli=on or –multigpu=on to reset that setting.

Now you should be good to restart and have your working setup! I was able to get over 400 FPS in Minecraft (which given its simplicity of graphics, it is a Java game and not the best for performance).

I now have 2 more monitors on the way for Wednesday so I can be close to that “Geek Dream” of a 6+ monitor setup (I’ll be at 5 for now), but hoping to not have any issues with them.

Good luck 🙂

2

Apache 2.4, PHP 5.5 with php-fpm and mod_rewrite

This guide was updated on April 28, 2016 with some missed details!
– Added timeout and flush params to the External Server command, and added missing -socket
– Added missing apache modules actions and alias

So recently I’ve had trouble with the host I had been using for years (bad support, billing broke, DDOS Attacks on their other customers constantly affecting me), so I decided to move my web infrastructure to the same datacenter I run all of our game servers out of, HiVelocity. I decided to fully build this server out fresh instead of trying to clone the old one, and do things better this time around.

First I had recently done research into the performance impact of using Apache MPM-Prefork with mod_php, in that every Apache process has PHP loaded, so even static requests have PHP loaded – eating lots of resources!

I had heard about FastCGI as I had it when I used shared hosting back in the days with SuExec, but now I found something better: PHP-FPM – A special FastCGI based pool that is designed for PHP itself.

Win! so I set up Ubuntu 14.04.1 LTS, Apache 2.4 and went with the newer MPM Event module, which appears to do even better with Keep Alive requests.

So lets get Apache 2.4 with MPM-Event, PHP5 FPM and some PHP5 Modules going:

sudo apt-get install apache2-mpm-event libapache2-mod-fastcgi php5-fpm php5-cli php5-apcu php5-sqlite php5-gd php5-json php5-curl php5-mcrypt php5-mysqlnd php5-redis

By default it should be configured to use sockets, but if not, check in /etc/php5/fpm/pool.d/www.conf for:

listen = /var/run/php5-fpm.sock

And change it if its using a TCP port instead. Unix Sockets are faster as it avoids the TCP protocol.

Next up add /etc/apache2/conf-available/php5-fpm.conf and paste this in:

<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization -idle-timeout 900 -flush
<Directory /usr/lib/cgi-bin>
Require all granted
Require env REDIRECT_STATUS
</Directory>
</IfModule>

Now to enable these things! You need Actions, Alias, FastCgI and Rewrite modules for Apache.

sudo a2enconf php5-fpm
sudo a2enmod actions alias fastcgi rewrite

now here is the part that caused me so much trouble for an entire week! If you want to have mod_rewrite work, you need to edit /etc/apache2/apache2.conf and find the <Directory /var/www/> stanza

By default this has AllowOverride None, and you need to change that to AllowOverride FileInfo

Without this, rewrite rules will not work.

Following this, you should pretty much be set up with a working PHP5-FPM, with mod_rewrite on Apache MPM Event, and have Apache use a lot less resources in general.

I’m sorry if anything in this is off – I went through so many things trying to get everything working, but this is to the best of my knowledge what the final results were.

Please submit any corrections!

0

Ubuntu System Freeze on X58 Motherboard – Solved!

I wrote in another article on how I was having some system instability issues, where the CPU would stall, and everything stopped, no SSH, no TTY, no REISUB, dead!

BIOS updates did not help, changing hardware settings did not help, and I was about ready to sell this PC…

But I found the problem finally!

In the X58 Motherboard, at least this Classified 3, Intel Turbo is on and CxE function is off by default.

Turning Turbo off and CxE to C6 has solved my issue. It appears Turbo is trying to overclock the CPU, and the voltage shortage is freezing things up. Why a default setting can result in such a level of instability is beyond me… but these 2 settings has 100% been the solution to my issue. No more hard shutdowns!

I hope this helps someone else!

0

The quest for triple head on Ubuntu with SLI GPU

I recently purchased a system from my friend to upgrade my old system, as I really wanted 3 monitors…

So, I might of bought a “Gibson” (No, not the guitar, if your on my blog you should get the reference!), but sadly I had tons of trouble getting the 3rd monitor to work under Ubuntu 13.10!

Enabling Xinerama in older nvidia drivers caused the system to hard freeze immediately on login.
Installing nvidia-331 from a third party PPA gave an option for “Base Mosaic”, but same issue….

However, I have been having extremely annoying problems with the system CPU freezing every so often having to hard restart… Ruled out hardware issue, works fine in Windows, but over 2 different 13.10 installs (one was a constant upgrade from 10.04, other was fresh to resolve many other issues I had), the problem was very consistent.

So, it was obviously an ubuntu specific problem. Well, one idea was to try installing 12.04, so I did that last night. Went to install nvidia driver (as I couldn’t even properly boot into the system with these SLI 590 GPU’s) and noticed a new driver on the list… nvidia-331-uvm.

Apparently this is some newer tech from nvidia for improving performance, but either it being uvm or 12.04, Base Mosiac now works.

So, if you are having problems with multi GPU (I have 4 GPU’s with these SLI cards), try 12.04 (or 14.04 when it is out) with nvidia-331-uvm or higher!

Now… here’s hoping 12.04 also fixes my lockup issue!

3

Ubuntu – Could not calculate upgrade 13.10

Just wanted to share some information I found. Many may face this daunting error “Could not calculate upgrade”, and will find post telling them to type

 

“grep Broken /var/log/dist-upgrade/apt.log”

 

Well, I had a ton of broken packages, but I noticed all of them mentioned ~ricotz0

 

Broken brasero:amd64 Depends on libgtk-3-0 [ amd64 ] < 3.8.1+git20130422.0ce7854a-0ubuntu1~12.10~ricotz0 -> 3.8.6-0ubuntu2 > ( libs ) (>= 3.0.0)
Broken brasero:amd64 Depends on libnautilus-extension1a [ amd64 ] < 1:3.6.3-0ubuntu16 -> 1:3.8.2-0ubuntu2 > ( libs ) (>= 1:2.91)
Broken brasero:amd64 Depends on gnome-icon-theme [ amd64 ] < 3.7.3+git20121224.2af6b37d-0ubuntu1~12.10~ricotz0 -> 3.8.3-0ubuntu3 > ( gnome )
Broken libgtk-3-0:amd64 Depends on libgtk-3-common [ amd64 ] < 3.8.1+git20130422.0ce7854a-0ubuntu1~12.10~ricotz0 -> 3.8.6-0ubuntu2 > ( misc ) (= 3.8.1+git20130422.0ce7854a-0ubuntu1~12.10~ricotz0)
Broken libgtk-3-0:amd64 Depends on libwayland0 [ amd64 ] < 1.0.5-0ubuntu1 > ( libs ) (>= 1.0.2)

 

I recognized that to be a PPA I once had, the gnome testing… but I don’t have it right now! So I had no ppa to purge.

However, simply adding it then ppa-purging it removed the PPA and downgraded all of the packages.

This will help resolve the issue for most people exeriencing this problem (I happened to still have problems, but eventually something got it to work).

Hope this helps.

0

Minimal Gnome – My Ubuntu Theme / Layout

I’ve tweaked my OS layout quite a bit lately to highly customize it to give me alot of screen real estate. I’m pretty satisfied with it and decided to share.

Minimal Gnome (monitor 1)

Minimal Gnome (monitor 2)

 

Minimal Gnome 3 (apps)

I will give you instructions on how to setup your Ubuntu 10.10 to be like this, however note this guide will expect you to be moderately technically experienced with the Linux OS… not going to hand feed things here.

First, download my theme: http://aikar.co/dropbox/MinimalGnome.zip
And the background: http://aikar.co/dropbox/GNOME-AlphaGnome_1024x768.png

This theme is based off the Clearlooks theme, which was very white. I based off this because alot of apps are not friendly to dark backgrounds for input boxes and web pages, messing up websites without full CSS rules, and apps like Evolution having dark backgrounds and people setting black fonts made it impossible to read. So we want to keep some aspects white still while making the overall OS dark.
I’ve modified the colors of Clearlooks to do this. With a very nice blend of dark greys.

Unzip the MinimalGnome theme into your ~/.themes/ folder. Then go to System > Preferences > Appearence and choose it.
Go to backgrounds tab and choose this background, and select a background color thats dark. This background is transparent and will blend to what ever background color you choose!

You should now be dark!

Next steps is to rearrange Gnome panels to be like mine to get a nice minimal theme.

First, delete the Menubar on the top panel, then add a “Main Menu” to the panel (Not Menu Bar!) This gives you the same things as the Menu bar but all in 1 Ubuntu button.
Then beside that button add a Drawer.

Put all your apps inside the Drawer. Simply click it to open, open app, it closes.

Next move your Window List off the bottom panel and drag it to the top (there is a little handle to the left of the Window List, right beside show desktop if you still have that on panel, look closely)
If you cant drag it, simply delete it and readd it to your top panel flush to the left of the Ubuntu menu and Drawer icons. (Add to Panel > Window List)

Note you can right click on any panel and click move to move the panel easily and get each one tightly flushed to each other. Get that Ubuntu menu, Drawer and Window list flush left!
Then delete the bottom panel to get rid of it. (Move workspace/trash/showdesktop to top if you really want those)

Repeat the same on other monitors, and that will cover your base OS layout.
Simply drag apps into Drawer or right click on Drawer and Add to Drawer to add things.

Next up is the Firefox slim down.

You need a few addons for Firefox 3.6. I have not done this for 4.0 yet so this guide is for 3.6!

Get the following:
Theme: https://addons.mozilla.org/en-US/firefox/addon/ace-foxdie-graphite/
Tree Style Tabs: https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/
Hide Caption Titlebar Smart: https://addons.mozilla.org/en-US/firefox/addon/hide-caption-titlebar-plus-sma/
Compact Menu 2: https://addons.mozilla.org/en-us/firefox/addon/compact-menu-2/

Now from a base line installing these addons and maximizing firefox should get you to nearly where I am.
You don’t need to mirror my settings exactly and I dont know how to get you to exactly where I am, but you should be close now. So go tweak your setup to YOUR liking from here.

Tabs setup is in Tree Style Tabs addon, the hidden title bar is in Hide Caption Titlebar addon, and the theme itself is Foxdie in your tools menu and the fox icon in status bar, and it auto popups the configuring page on first start.

Tweak things to how you want them. Good luck!

0

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

I am Senior Software Engineer and Entrepeneur. I am an enthusiast and love creating things. I operate my own side company in my free time called Starlis LLC, working in Minecraft.

I enjoy doing things right and learning modern technologies.