Archive for August, 2007

Postfix: 554 Relay access denied

Let’s say you have a user who can’t receive e-mail. Each time they send a message to the server, this pops up in the mail logs:
postfix/smtpd[23897]: NOQUEUE: reject: RCPT from remotemailserver.com[10.0.0.2]: 554 <user@domain.com>: Relay access denied; from=<user@otherdomain.com> to=<user@domain.com> proto=ESMTP helo=<remotemailserver.com>
This is happening because Postfix is receiving e-mail for a domain for which it doesn’t [...]

Apache: Disable TRACE and TRACK methods

Lots of PCI Compliance and vulnerability scan vendors will complain about TRACE and TRACK methods being enabled on your server. Since most providers run Nessus, you’ll see this fairly often. Here’s the rewrite rules to add:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F]

These directives will need to be added to each VirtualHost.
Further reading:
Apache Debugging [...]

Use a different IP for sending mail

If you find yourself in a pinch and you need a temporary fix when your primary IP is blacklisted, use the following iptables rule:
/sbin/iptables -t nat -A POSTROUTING -p tcp –dport 25 -j SNAT –to-source [desired outgoing ip]
Keep in mind, however, that you will need to adjust any applicable SPF records for your domains since [...]

DB function failed with error number 1033

One of these errors might appear on your website without warning:
Warning: DB function failed with error number 1033
Incorrect information in file: ‘./database_name/table_name.frm’ SQL=SELECT col1, col2 FROM table_name WHERE col3 = ’some_value’ ORDER BY col1 ASC
MySQL is telling you that the table structure it has within data files doesn’t match the structure in the .frm [...]

Apache: No space left on device: Couldn’t create accept lock

This error completely stumped me a couple of weeks ago. Apparently someone was adjusting the Apache configuration, then they checked their syntax and attempted to restart Apache. It went down without a problem, but it refused to start properly, and didn’t bind to any ports.
Within the Apache error logs, this message appeared over [...]