Monday, November 19, 2007

Configuring sendmail Options

sendmail has a number of options that allow you to customize the way it performs certain tasks. There are a large number of these, so we've listed only a few of the more commonly used ones in the upcoming list.

To configure any of these options, you may either define them in the m4 configuration file, which is the preferable method, or you may insert them directly into the sendmail.cf file. For example, if we wished to have sendmail fork a new job for each mail message to be delivered, we might add the following line to our m4 configuration file:

define(‘confSEPARATE_PROC’,‘true’)

The corresponding sendmail.cf entry created is:

O ForkEachJob=true

The following list describes common sendmail m4 options (and sendmail.cf equivalents):

confMIN_FREE_BLOCKS (MinFreeBlocks)

There are occasions when a problem might prevent the immediate delivery of mail messages, causing messages to be queued in the mail spool. If your mail host processes large volumes of mail, it is possible for the mail spool to grow to such a size that it fills the filesystem supporting the spool. To prevent this, sendmail provides this option to specify the minimum number of free disk blocks that must exist before a mail message will be accepted. This allows you to ensure that sendmail never causes your spool filesystem to be filled (Default: 100).

confME_TOO (MeToo)

When a mail target such as an email alias is expanded, it is sometimes possible for the sender to appear in the recipient list. This option determines whether the originators of an email message will receive a copy if they appear in the expanded recipient list. Valid values are “true” and “false” (Default: false).

confMAX_DAEMON_CHILDREN (MaxDaemonChildren)

Whenever sendmail receives an SMTP connection from a remote host, it spawns a new copy of itself to deal with the incoming mail message. This way, it is possible for sendmail to be processing multiple incoming mail messages simulatanenously. While this is useful, each new copy of sendmail consumes memory in the host computer. If an unusually large number of incoming connections are received, by chance, because of a problem or a malicious attack, it is possible for sendmail daemons to consume all system memory. This option provides you with a means of limiting the maximum number of daemon children that will be spawned. When this number is reached, new connections are rejected until some of the existing children have terminated (Default: undefined).

confSEPARATE_PROC (ForkEachJob)

When processing the mail queue and sending mail messages, sendmail processes one mail message at a time. When this option is enabled, sendmail will fork a new copy of itself for each message to be delivered. This is particularly useful when there are some mail messages that are stuck in the queue because of a problem with the target host (Default: false).

confSMTP_LOGIN_MSG (SmtpGreetingMessage)

Whenever a connection is made to sendmail, a greeting message is sent. By default, this message contains the hostname, name of the mail transfer agent, the sendmail version number, the local version number, and the current date. RFC821 specifies that the first word of the greeting should be the fully qualified domain name of the host, but the rest of the greeting can be configured however you please. You can specify sendmail macros here and they will be expanded when used. The only people who will see this message are suffering system administrators diagnosing mail delivery problems or strongly curious people interested in discovering how your machine is configured. You can relieve some of the tedium of their task by customizing the welcome message with some witticisms; be nice. The word “EMSTP” will be inserted between the first and second words by sendmail, as this is the signal to remote hosts that we support the ESMTP protocol (Default: $j Sendmail $v/$Z; $b).

Be Smart and Prevent Virus Infections through USB Drives

One of the most common support requests we receive from our customers is for clearing their computers of viruses. Most of the infections that we see are by viruses that spread by capitalizing on the ignorance of the users. A few smart steps, if taken by the users, could easily prevent infection from some of the more common viruses that float around in the cyber-universe.

USB drives(also called Thumb Drives and Flash Drives) have long replaced floppies and cds as the preferred medium to transfer files from one computer to another. Lot of virus infections happen when using USB drives infected with viruses. One common way in which they spread is by exploiting the 'autorun' feature in Microsoft Windows XP. When a USB drive is connected to an infected computer the virus copies itself on to the USB drive and creates an autorun.inf file in the drive pointing to the copy of the virus on the USB drive. When the drive is then plugged on to a clean system with Windows XP the autorun gets triggered and the virus gets executed and the system gets infected.

You can very easily prevent this from happening by setting the "Take no Action" as the default action on inserting a USB drive. If you have the guts you could also disable autorun for all removable media by setting the key 'NoDriveTypeAutorun' at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer with the value 255. You can read more about disabling autorun at Annoyances.org

Even after disabling autorun you could trigger the virus execution if you double click on the "Removable Media" drive from "My Computer" as autorun would be the default action when autorun.inf is present in the media. The safest way to browse the contents in a USB drive is to right click on the drive icon and then using the "Explore" option.

Another common set of viruses use an innocuous setting in the Explorer to trick the user into executing the virus and infecting the system with the virus. The default settings in Windows XP sets the options "Hide extensions for known file types" and "Do not show Hidden Files and Folders". When a USB drive is connected to a PC infected with the virus, the virus hides all the folders in the USB drive, copies itself as many times to the drive as there were folders in the drive and renames the copies to the names of the original folders.

A feature of the virus is that the file icon for the virus is exactly identical to the default folder icon in windows. So if you view the contents of the USB drive with the above options set, you will see icons of as many 'folders' as you would have expected. However each of these folder icons represents a file and not a folder and this file would be the virus file. The first of the above options ensures that you will not see the ".exe" part in the name and the second of the options ensures that you will not see the original folders that are now hidden. Additionally some of the strains of these viruses does the same processes in the subfolders in the drive too.

When an unsuspecting user connects this infected Thumb Drive to his system and opens the drive he would see the folder icon he was looking for and once double clicked he would inadvertently infect his system with the virus.

You can unset the above options by going to My Computer >> Tools >> Folder options >> View >> Advanced settings and then selecting the appropriate radio buttons. Once that is done you will be able to identify infected Thumb Drives and prevent infection very easily. Also if you are using the explore option while opening the Thumb Drive you will very easily see that, though the folder icons are listed as icons in the explorer, they will not come up as folders in the folder bar.

So Important things to remember are

  • Never autorun from a Thumb Drive
  • Always use the explore option when opening Thumb Drives
  • Unset the option "Hide extensions for known file types"
  • Set the option "Show Hidden files and folders"
  • Keep your antivirus software updated and running all the time

Finally, as a closing word, we urge you to take a look at the virus free world of Linux. Instead of trying to plug all loopholes in Windows and living under a constant threat of ever-evolving viruses, you could take a break and relax under the safe canopy of a secure Linux installation.

Tuesday, November 13, 2007

The Beauty of Math

The Beauty of Mathematics with lesson for life.

1 x 8 + 1 = 9
12 x 8 + 2 = 98
123 x 8 + 3 = 987
1234 x 8 + 4 = 9876
12345 x 8 + 5 = 98765
123456 x 8 + 6 = 987654
1234567 x 8 + 7 = 9876543
12345678 x 8 + 8 = 98765432
123456789 x 8 + 9 = 987654321

1 x 9 + 2 = 11
12 x 9 + 3 = 111
123 x 9 + 4 = 1111
1234 x 9 + 5 = 11111
12345 x 9 + 6 = 111111
123456 x 9 + 7 = 1111111
1234567 x 9 + 8 = 11111111
12345678 x 9 + 9 = 111111111
123456789 x 9 +10= 1111111111

9 x 9 + 7 = 88
98 x 9 + 6 = 888
987 x 9 + 5 = 8888
9876 x 9 + 4 = 88888
98765 x 9 + 3 = 888888
987654 x 9 + 2 = 8888888
9876543 x 9 + 1 = 88888888
98765432 x 9 + 0 = 888888888

Brilliant, isn't it?

And look at this symmetry:

1 x 1 = 1
11 x 11 = 121
111 x 111 = 12321
1111 x 1111 = 1234321
11111 x 11111 = 123454321
111111 x 111111 = 12345654321
1111111 x 1111111 = 1234567654321
11111111 x 11111111 = 123456787654321
111111111 x 111111111=12345678987654321

Now, take a look at this...

101%

>From a strictly mathematical
viewpoint:

What Equals 100%? What does it mean to
give MORE than 100%?
Ever wonder about those people who say
they are giving more than 100%?

We have all been in situations where
someone wants you to GIVE OVER 100%.

How about ACHIEVING 101%?
What equals 100% in life?
Here's a little mathematical formula
that might help answer these questions:
If:
A B C D E F G H I J K L M N O P Q R S T
U V W X Y Z
Is represented as:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
17 18 19 20 21 22 23 24 25 26
If:
H-A-R-D-W-O-R- K
8+1+18+4+23+15+18+11 = 98%
And:
K-N-O-W-L-E-D-G-E
11+14+15+23+12+5+4+7+5 = 96%
But:
A-T-T-I-T-U-D-E
1+20+20+9+20+21+4+5 = 100%
THEN, look how far the love of God will
take you:
L-O-V-E -O-F-G-O-D
12+15+22+5+15+6+7+15+4 = 101%


Therefore, one can conclude with
mathematical certainty that:
While Hard Work and Knowledge will get
you close, and Attitude will get you
there, it's the Love of God that will
put you over the top!

Character Types in postgresql

NameDescription
character varying(n), varchar(n)variable-length with limit
character(n), char(n)fixed-length, blank padded
textvariable unlimited length

shows the general-purpose character types available in PostgreSQL.

SQL defines two primary character types: character varying(n) and character(n), where n is a positive integer. Both of these types can store strings up to n characters in length. An attempt to store a longer string into a column of these types will result in an error, unless the excess characters are all spaces, in which case the string will be truncated to the maximum length. (This somewhat bizarre exception is required by the SQL standard.) If the string to be stored is shorter than the declared length, values of type character will be space-padded; values of type character varying will simply store the shorter string.

If one explicitly casts a value to character varying(n) or character(n), then an over-length value will be truncated to n characters without raising an error. (This too is required by the SQL standard.)

Note: Prior to PostgreSQL 7.2, strings that were too long were always truncated without raising an error, in either explicit or implicit casting contexts.

The notations varchar(n) and char(n) are aliases for character varying(n) and character(n), respectively. character without length specifier is equivalent to character(1); if character varying is used without length specifier, the type accepts strings of any size. The latter is a PostgreSQL extension.

In addition, PostgreSQL provides the text type, which stores strings of any length. Although the type text is not in the SQL standard, several other SQL database management systems have it as well.

The storage requirement for data of these types is 4 bytes plus the actual string, and in case of character plus the padding. Long strings are compressed by the system automatically, so the physical requirement on disk may be less. Long values are also stored in background tables so they do not interfere with rapid access to the shorter column values. In any case, the longest possible character string that can be stored is about 1 GB. (The maximum value that will be allowed for n in the data type declaration is less than that. It wouldn't be very useful to change this because with multibyte character encodings the number of characters and bytes can be quite different anyway. If you desire to store long strings with no specific upper limit, use text or character varying without a length specifier, rather than making up an arbitrary length limit.)

Tip: There are no performance differences between these three types, apart from the increased storage size when using the blank-padded type.

Refer to Section 4.1.2.1 for information about the syntax of string literals, and to Chapter 9 for information about available operators and functions.

Example 8-1. Using the character types

CREATE TABLE test1 (a character(4));
INSERT INTO test1 VALUES ('ok');
SELECT a, char_length(a) FROM test1; -- (1)
a | char_length
------+-------------
ok | 4


CREATE TABLE test2 (b varchar(5));
INSERT INTO test2 VALUES ('ok');
INSERT INTO test2 VALUES ('good ');
INSERT INTO test2 VALUES ('too long');
ERROR: value too long for type character varying(5)
INSERT INTO test2 VALUES ('too long'::varchar(5)); -- explicit truncation
SELECT b, char_length(b) FROM test2;
b | char_length
-------+-------------
ok | 2
good | 5
too l | 5
(1)
The char_length function is discussed in Section 9.4.

There are two other fixed-length character types in PostgreSQL, shown in Table 8-5. The name type exists only for storage of identifiers in the internal system catalogs and is not intended for use by the general user. Its length is currently defined as 64 bytes (63 usable characters plus terminator) but should be referenced using the constant NAMEDATALEN. The length is set at compile time (and is therefore adjustable for special uses); the default maximum length may change in a future release. The type "char" (note the quotes) is different from char(1) in that it only uses one byte of storage. It is internally used in the system catalogs as a poor-man's enumeration type.

Table 8-5. Special Character Types

NameStorage SizeDescription
"char"1 bytesingle-character internal type
name64 bytesinternal type for object names

Installing sendmail

The sendmail mail transport agent is included in prepackaged form in most Linux distributions. Installation in this case is relatively simple. Despite this fact, there are some good reasons to install sendmail from source, especially if you are security conscious. The sendmail program is very complex and has earned a reputation over the years for containing bugs that allow security breaches. One of the best known examples is the RTM Internet worm that exploited a buffer overflow problem in early versions of sendmail. We touched on this briefly in Chapter 9. Most security exploits involving buffer overflows rely on all copies of sendmail on different machines being identical, as the exploits rely on data being stored in specific locations. This, of course, is precisely what happens with sendmail installed from Linux distributions. Compiling sendmail from source yourself can help reduce this risk. Modern versions of sendmail are less vulnerable because they have come under exceedingly close scrutiny as security has become a more widespread concern throughout the Internet community.

The sendmail source code is available via anonymous FTP from ftp.sendmail.org.

Compilation is very simple bceause the sendmail source package directly supports Linux. The steps involved in compiling sendmail are:

# cd /usr/local/src
# tar xvfz sendmail.8.9.3.tar.gz
# cd src
# ./Build
You need root permissions to complete the installation of the resulting binary files using:
# cd obj.Linux.2.0.36.i586
# make install
You have now installed the sendmail binary into the /usr/sbin directory. Several symbolic links to the sendmail binary will be installed into the /usr/bin/ directory. We'll talk about those links when we discuss common tasks in running sendmail.

sendmail

It's been said that you aren't a real Unix system administrator until you've edited a sendmail.cf file. It's also been said that you're crazy if you've attempted to do so twice.

sendmail is an incredibly powerful mail program. It's also incredibly difficult to learn and understand. Any program whose definitive reference (sendmail, by Bryan Costales and Eric Allman, published by O'Reilly) is 1,050 pages long scares most people off. Information on the sendmail reference is contained in the bibliography at the end of this book.

Fortunately, new versions of sendmail are different. You no longer need to directly edit the cryptic sendmail.cf file; the new version provides a configuration utility that will create the sendmail.cf file for you based on much simpler macro files. You do not need to understand the complex syntax of the sendmail.cf file; the macro files don't require you to. Instead, you need only list items, such as the name of features you wish to include in your configuration, and specify some of the parameters that determine how that feature operates. A traditional Unix utility called m4 then takes your macro configuration data and mixes it with the data it reads from template files containing the actual sendmail.cf syntax, to produce your sendmail.cf file.

In this chapter we introduce sendmail and describe how to install, configure and test it, using the Virtual Brewery as an example. If the information presented here helps make the task of configuring sendmail less daunting for you, we hope you'll gain the confidence to tackle more complex configurations on your own.