Racker Hacker

Some users will want to parse HTML through the PHP parser because one of their applications requires it, or because they think it’s a good idea. Parsing regular static content through PHP is not recommended as it will cause a performance hit on the server each time a static page is loaded.

Unfortunately, enabling this in conjunction with Plesk will cause problems with the Plesk web statistics. Since the PHP parsing is disabled for the /plesk-stat/ directories, Apache will mark the page as a PHP page and your browser will attempt to download it rather than display it.

To fix this issue, simply add the following LocationMatch to the bottom of your Apache configuration:

AddType application/x-httpd-php .php .html

<LocationMatch "/plesk-stat/(.*)">
AddType text/html .html
</LocationMatch>

This will force Apache to serve HTML files from /plesk-stat/ as text/html rather than application/x-http-php. Your web statistics will display in the browser rather than downloading as a PHP file.

Since AOL sends their users’ traffic through proxy servers, this can cause problems with Horde’s session handling in Plesk. The problem arises when the user’s IP changes during the middle of the session.

You may see an error message in Horde that looks like this:

Your Internet Address has changed since the beginning of your Mail session. To protect your security, you must login again.

You’ll normally have this variable in /etc/psa-horde/horde/conf.php:

# $conf['auth']['checkip'] = true;

You can disable this ip check functionality which breaks sessions for AOL users by setting it to false:

# $conf['auth']['checkip'] = false;

In the event that your system is running out of file descriptors, or you simply want to know what your users are doing, you can review their count of open files by running this command:

lsof | grep ' root ' | awk '{print $NF}' | sort | wc -l

Of course, if you want to drop the count and show the actual processes, you can run:

lsof | grep ' root '

So, you might be saying: “where the heck are the updates for RackerHacker lately?”

Don’t worry, I’m still alive! Some work and personal obligations kept me away from the blogging for a week, but I’ll be hard at work finding new things for you as soon as I can!

I’ve been hard at work on the boxcheck.com site, and there’s plenty of improvements. The new interface is quicker, easier to use, and it uses ajax for a more Web 2.0 feel (can’t believe I just said Web 2.0).

Some beta testers are already giving it a whirl, and I hope to have it released to the public later next week!

If you want to adjust how long postfix will hold a piece of undeliverable mail in its queue, just adjust bounce_queue_lifetime. This variable is normally set to five days by default, but you can adjust it to any amount that you wish. You can set the value to zero, but that will cause e-mails that cannot be immediately sent to be rejected to their senders.

Postfix Configuration Parameters: bounce_queue_lifetime

With RHEL 5 ditching up2date for yum, many Red Hat users might find themselves confused with the new command line flags. Red Hat has published a document detailing the new changes and their old counterparts.

Red Hat Knowledgebase: What are the yum equivalents of former up2date common tasks?

If you have SpamAssassin installed, but you want to make sure that it is marking or filtering your e-mails, simply send an e-mail which contains the special line provided here:

http://spamassassin.apache.org/gtube/gtube.txt

SpamAssassin will always mark e-mails that contain this special line as spam:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

When you create a CSR and private key to obtain an SSL certificate, the private key has some internal data called a modulus. This is integral to the security of your SSL encryption, but for this specific post, we will focus on one specific aspect.

If your private key and certificate do not contain the same modulus, then Apache will sometimes refuse to start or it may not respond properly to SSL requests. You can check the modulus of your private key and SSL certificate with these commands:

# openssl rsa -noout -modulus -in server.key | openssl md5
# openssl x509 -noout -modulus -in server.crt | openssl md5

If the MD5 checksums match, then the certificate and key will work together. However, if they are different, then you cannot use them together. Generally, this means that you used the wrong CSR (that corresponded to some other private key) when you obtained/created your SSL certificate.

By default, Red Hat Enterprise Linux 2.1 comes with UW-IMAP which runs from xinetd. This is fine for most users, but when mailbox sizes creep upwards of 500MB, you may notice odd performance degradations and undelivered mail.

This is because UW-IMAP only supports mbox files in RHEL 2.1. This means your e-mail ends up in one big file which has each e-mail listed one after another. This is a simple way to handle mail, but it scales in a horrible fashion.

Daniel Bernstein, the creator of qmail, created maildir, and (as much as I hate anything relating to qmail) it’s the best method for storing mail that I’ve seen so far.

Mbox files are slower because the entire file must be scanned when the POP or IMAP daemon receive a request for an e-mail held within it. That means that the daemon must scan through all of the e-mails until the one that it wants is found. If sendmail wants to drop off e-mail for the user, it has to wait since the mail spool is locked. If it can’t deliver the e-mail, it may bounce it after a period of time.

This is especially awful if a user receives a fair amount of e-mail and checks their e-mail from a mobile device. This means that their computer and the mobile device are making the mail daemons scan the mbox file repeatedly when they check in. It causes sendmail to back up, disk I/O skyrockets, and the server performance as a whole can suffer.

The solution is to move to a newer version of RHEL, hopefully RHEL 4 or 5 where Postfix and maildir support are available. The only fix on RHEL 2.1 is to ask the user to clear out their mailbox to reduce the amount of disk I/O required to pick up e-mail.