In the functions directory of your SquirrelMail install, open the imap_general.php file.

Alter the sqimap_append PHP function by commenting out the line that starts with the fputs function and type in the replacement so it reads as:

function sqimap_append ($imap_stream, $sent_folder, $length) {
//    fputs ($imap_stream, sqimap_session_id() . " APPEND \"$sent_folder\" (\\Seen) \{$length}\r\n");
    fputs ($imap_stream, sqimap_session_id() . " APPEND \"$sent_folder\" (\\Seen) {" . $length . "}\r\n");
    $tmp = fgets ($imap_stream, 1024);
    sqimap_append_checkresponse($tmp, $sent_folder);
}

Save the changes and the problem should be solved. FYI: Upgrading to the latest version of SquirrelMail will resolve this issue as well, but applying this code change is less of a hassle.

Fix Source: XMail Forum -> dovecot imap cannot append

You can use these commands to force the upgrade.

pear upgrade --force http://pear.php.net/get/Archive_Tar http://pear.php.net/get/XML_Parser http://pear.php.net/get/Console_Getopt-1.2.2
pear upgrade --force http://pear.php.net/get/PEAR-1.3.3 (use only if your PEAR is older than v1.3.3)
pear upgrade --force http://pear.php.net/get/PEAR-1.4.3
pear upgrade PEAR

Here you can see the upgrade in action (fun fun fun).

[root@linux ~]# pear upgrade --force http://pear.php.net/get/Archive_Tar http://pear.php.net/get/XML_Parser http://pear.php.net/get/Console_Getopt-1.2.2
downloading Archive_Tar-1.3.2.tgz ...
Starting to download Archive_Tar-1.3.2.tgz (17,150 bytes)
......done: 17,150 bytes
WARNING: channel "pear.php.net" has updated its protocols, use "channel-update pear.php.net" to update
downloading XML_Parser-1.2.8.tgz ...
Starting to download XML_Parser-1.2.8.tgz (13,476 bytes)
...done: 13,476 bytes
downloading Console_Getopt-1.2.2.tgz ...
Starting to download Console_Getopt-1.2.2.tgz (4,252 bytes)
...done: 4,252 bytes
Did not download optional dependencies: pear/XML_RPC, use --alldeps to download automatically
warning: pear/PEAR dependency package "pear/Console_Getopt" downloaded version 1.2.2 is not the recommended version 1.2.3
downloading PEAR-1.7.1.tgz ...
Starting to download PEAR-1.7.1.tgz (302,377 bytes)
...done: 302,377 bytes
upgrade ok: channel://pear.php.net/PEAR-1.7.1
PEAR: Optional feature webinstaller available (PEAR's web-based installer)
PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer)
PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer)
upgrade ok: channel://pear.php.net/Console_Getopt-1.2.2
upgrade ok: channel://pear.php.net/XML_Parser-1.2.8
upgrade ok: channel://pear.php.net/Archive_Tar-1.3.2
To install use "pear install pear/PEAR#featurename"
[root@linux ~]# pear upgrade --force http://pear.php.net/get/PEAR-1.4.3
downloading PEAR-1.4.3.tgz ...
Starting to download PEAR-1.4.3.tgz (276,859 bytes)
.........................................................done: 276,859 bytes
WARNING: channel "pear.php.net" has updated its protocols, use "channel-update pear.php.net" to update
Did not download optional dependencies: pear/XML_RPC, use --alldeps to download automatically
downloading Console_Getopt-1.2.3.tgz ...
Starting to download Console_Getopt-1.2.3.tgz (4,011 bytes)
...done: 4,011 bytes
upgrade ok: channel://pear.php.net/Console_Getopt-1.2.3
upgrade ok: channel://pear.php.net/PEAR-1.4.3
PEAR: Optional feature webinstaller available (PEAR's web-based installer)
PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer)
PEAR: To install optional features use "pear install pear/PEAR#featurename"
[root@linux ~]# pear upgrade PEAR
WARNING: channel "pear.php.net" has updated its protocols, use "channel-update pear.php.net" to update
Did not download optional dependencies: pear/XML_RPC, use --alldeps to download automatically
downloading PEAR-1.7.1.tgz ...
Starting to download PEAR-1.7.1.tgz (302,377 bytes)
..............................................................done: 302,377 bytes
upgrade ok: channel://pear.php.net/PEAR-1.7.1
PEAR: Optional feature webinstaller available (PEAR's web-based installer)
PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer)
PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer)
To install use "pear install PEAR#featurename"

This article is based entirely from this PEAR Bug posting:
PEAR :: Bug #12990 :: Issues with PEAR Upgrade News Item from 1/3/08

Creating Volumes from your Data

1. Create a single TAR archive of all your data using tar to preserve permissions, directory structures, etc.

[root@linux archive]# tar -cf home.tar /home
tar: Removing leading `/' from member names
[root@linux archive]# ls -la home.tar
-rw-r--r-- 1 root root 304220160 Apr 30 13:34 home.tar

2. Compress your TAR archive using gzip (or any other compressing program of your choice).

[root@linux archive]# gzip home.tar
[root@linux archive]# ls -la home.tar.gz
-rw-r--r-- 1 root root 284859091 Apr 30 13:34 home.tar.gz

3. Use the split command to chop the compressed archive into smaller segments (I’ll be using 100MB pieces).

[root@linux archive]# split -d -b100m home.tar.gz home.tar.gz.
[root@linux archive]# ls -la
total 556940
drwxr-xr-x 2 root root      4096 Apr 30 13:56 .
drwxr-x--- 6 root root      4096 Apr 30 13:31 ..
-rw-r--r-- 1 root root 284859091 Apr 30 13:34 home.tar.gz
-rw-r--r-- 1 root root 104857600 Apr 30 13:56 home.tar.gz.00
-rw-r--r-- 1 root root 104857600 Apr 30 13:56 home.tar.gz.01
-rw-r--r-- 1 root root  75143891 Apr 30 13:57 home.tar.gz.02

4. Create a MD5 checksum (or a SHA1 checksum).

[root@linux archive]# md5sum home.tar.gz* > MD5SUM
[root@linux archive]# cat MD5SUM
cb16175f4acad02f977f74d5c142879b  home.tar.gz
33c745ca49ab6e63b727658ec148cf67  home.tar.gz.00
14e6952b632fbb7f4c0731067afdb46c  home.tar.gz.01
386655357f8553c7730fd792c22fde2a  home.tar.gz.02

Same thing but creating a SHA1 checksum instead (you don’t need two checksums, I just illustrate to use both types — pick one).

[root@linux archive]# sha1sum home.tar.gz* > SHA1SUM
[root@linux archive]# cat SHA1SUM
3858b51622dc9135c192a7c98dec24ccd35c63d6  home.tar.gz
6bc12b26dc1388d70d1a7cc0290dc6c9e8e0f97e  home.tar.gz.00
0683a44538ac65330fe103440e4f2a4a3a652be5  home.tar.gz.01
eb0f65fd0f4b3d98221e3ae8600f1691b536ad1d  home.tar.gz.02

Restoring your Data from the Volumes

You’ve burned or transferred your volumes and now want to restore them to the original. Here are the steps.

1. Verify the checksum against the volumes (ignore the error on the original file).

[root@linux resurrection]# md5sum --check MD5SUM
md5sum: home.tar.gz: No such file or directory
home.tar.gz: FAILED open or read
home.tar.gz.00: OK
home.tar.gz.01: OK
home.tar.gz.02: OK
md5sum: WARNING: 1 of 4 listed files could not be read

Once again, same deal but with the SHA1SUM file.

[root@linux resurrection]# sha1sum --check SHA1SUM
sha1sum: home.tar.gz: No such file or directory
home.tar.gz: FAILED open or read
home.tar.gz.00: OK
home.tar.gz.01: OK
home.tar.gz.02: OK
sha1sum: WARNING: 1 of 4 listed files could not be read

2. Join the volume pieces together using cat (after you finish you can validate the checksum *again* to see if the original file passes an integrity check).

[root@node2 resurrection]# cat home.tar.gz.* > home.tar.gz
[root@node2 resurrection]# ls -la home.tar.gz
-rw-r--r-- 1 root root 284859091 Apr 30 15:23 home.tar.gz

3. Decompress and extract the tar.gz file contents and you’re done.

[root@linux resurrection]# tar zxvf home.tar.gz
… verbose file list …
[root@linux resurrection]# ls -la
total 556952
drwxr-xr-x 3 root root      4096 Apr 30 15:33 .
drwxr-x— 7 root root      4096 Apr 30 15:02 ..
drwxr-xr-x 4 root root      4096 Apr 30 13:06 home
-rw-r–r– 1 root root 284859091 Apr 30 15:23 home.tar.gz
-rw-r–r– 1 root root 104857600 Apr 30 15:04 home.tar.gz.00
-rw-r–r– 1 root root 104857600 Apr 30 15:04 home.tar.gz.01
-rw-r–r– 1 root root  75143891 Apr 30 15:04 home.tar.gz.02
-rw-r–r– 1 root root       193 Apr 30 15:05 MD5SUM
-rw-r–r– 1 root root       225 Apr 30 15:05 SHA1SUM

Contents extracted and there is the home directory. The End.

I got the idea of using the split command from this post on the Ubuntu Forum (how to create multi zip files) because I couldn’t get tar or gzip to create multi-volume archives.

I don’t happen to know what versions of Sendmail started to include DNSBL as a feature, but if you have anything from version 8.12 or higher then you shouldn’t have any problems enabling DNSBL in the sendmail.mc file. For those of you using an older version of Sendmail, the dnsbl-milter project may be of interest to you.

To start using DNSBL, open your sendmail.mc file in a text editor.

[root@linux ~]# cd /etc/mail
[root@linux mail]# nano sendmail.mc

You’ll need to acquire your list of DNSBL servers you want to use, but here is an example of a few that I use. You can add these files to the end of your sendmail.mc file.

FEATURE(`dnsbl', `bl.spamcop.net', `"Rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `zen.spamhaus.org', `Rejected - see http://www.spamhaus.org/')dnl
FEATURE(`dnsbl', `dnsbl.sorbs.net', `Rejected - see http://www.sorbs.net/')dnl

I use SpamCop, Spamhaus, and SORBS to block most of the junk mail hitting my server. After you’ve added your changes, save your sendmail.mc file and rebuild it.

[root@linux mail]# make -C /etc/mail
make: Entering directory `/etc/mail'
make: Leaving directory `/etc/mail'
[root@linux mail]#

Sendmail should automatically read in the changes therefore you won’t need to restart it. To verify that Sendmail DNSBL is working, check your maillog and look for lines like these.

[root@linux mail]# tail -n 100 /var/log/maillog
...
Mar 30 22:59:04 linux sendmail[7702]: ruleset=check_relay, arg1=72-249-20-190.adsl.terra.cl, arg2=127.0.0.11, relay=72-249-20-190.adsl.terra.cl [190.20.249.72], reject=553 5.3.0 Rejected - see http://www.spamhaus.org/
Mar 30 23:02:20 linux sendmail[7781]: ruleset=check_relay, arg1=[58.87.60.104], arg2=127.0.0.2, relay=nat1.hyundai.net [58.87.60.104] (may be forged), reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?58.87.60.104
Mar 30 23:04:33 linux sendmail[7808]: ruleset=check_relay, arg1=[200.78.212.70], arg2=127.0.0.2, relay=na-200-78-212-70.na.avantel.net.mx [200.78.212.70] (may be forged), reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?200.78.212.70
Mar 30 23:04:40 linux sendmail[7809]: ruleset=check_relay, arg1=[61.108.132.122], arg2=127.0.0.2, relay=[61.108.132.122], reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?61.108.132.122

For a list of DNSBL servers you can use this site as a reference: http://spamlinks.net/filter-dnsbl-lists.htm

Other Sources for DNSBL in Sendmail:
Sendmail Configuration (8.11.6 specific)
DNSBL: Configuring Sendmail for DNS-Based Blacklisting

DNSBL for Other MTA’s:
HOWTO - Using DNS Block Lists (DNSBLs) (Exim)
How To Block Spam Before It Enters The Server (Postfix)
Protecting Qmail from known spam sources

[root@linux ~]# yum update
fedora                    100% |=========================| 2.1 kB    00:00
primary.sqlite.bz2        100% |=========================| 3.8 MB    00:03
updates                   100% |=========================| 2.3 kB    00:00
primary.sqlite.bz2        100% |=========================| 2.4 MB    00:02
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package perl.i386 4:5.8.8-28.fc7 set to be updated
---> Package perl-libs.i386 4:5.8.8-28.fc7 set to be updated
---> Package perl-ExtUtils-MakeMaker.i386 0:6.30-28.fc7 set to be updated
---> Package perl-CPAN.i386 0:1.76_02-28.fc7 set to be updated
---> Package perl-ExtUtils-Embed.i386 0:1.26-28.fc7 set to be updated
---> Package perl-Test-Simple.i386 0:0.62-28.fc7 set to be updated
---> Package perl-devel.i386 4:5.8.8-28.fc7 set to be updated
---> Package perl-Test-Harness.i386 0:2.56-28.fc7 set to be updated
filelists.sqlite.bz2      100% |=========================| 6.4 MB    00:05
filelists.sqlite.bz2      100% |=========================| 5.3 MB    00:04
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 perl                    i386       4:5.8.8-28.fc7   updates            10 M
 perl-CPAN               i386       1.76_02-28.fc7   updates           127 k
 perl-ExtUtils-Embed     i386       1.26-28.fc7      updates            34 k
 perl-ExtUtils-MakeMaker  i386       6.30-28.fc7      updates           288 k
 perl-Test-Harness       i386       2.56-28.fc7      updates            78 k
 perl-Test-Simple        i386       0.62-28.fc7      updates           109 k
 perl-devel              i386       4:5.8.8-28.fc7   updates           384 k
 perl-libs               i386       4:5.8.8-28.fc7   updates           567 k

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       8 Package(s)
Remove       0 Package(s)

Total download size: 12 M
Is this ok [y/N]: y
Downloading Packages:
(1/8): perl-Test-Harness- 100% |=========================|  78 kB    00:00
(2/8): perl-devel-5.8.8-2 100% |=========================| 384 kB    00:00
(3/8): perl-Test-Simple-0 100% |=========================| 109 kB    00:00
(4/8): perl-ExtUtils-Embe 100% |=========================|  34 kB    00:00
(5/8): perl-CPAN-1.76_02- 100% |=========================| 127 kB    00:00
(6/8): perl-ExtUtils-Make 100% |=========================| 288 kB    00:00
(7/8): perl-libs-5.8.8-28 100% |=========================| 567 kB    00:00
(8/8): perl-5.8.8-28.fc7. 100% |=========================|  10 MB    00:09
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test

Transaction Check Error:
  file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/MIME/Base64/Base64.so from install of perl-5.8.8-28.fc7 conflicts with file from package perl-MIME-Base64-3.07-1
  file /usr/share/man/man3/MIME::Base64.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-MIME-Base64-3.07-1
  file /usr/share/man/man3/MIME::QuotedPrint.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-MIME-Base64-3.07-1
  file /usr/lib/perl5/5.8.8/Getopt/Long.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Getopt-Long-2.36-1
  file /usr/lib/perl5/5.8.8/newgetopt.pl from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Getopt-Long-2.36-1
  file /usr/share/man/man3/Getopt::Long.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Getopt-Long-2.36-1
  file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigInt.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigRat-0.19-1
  file /usr/share/man/man3/Math::BigRat.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigRat-0.19-1
  file /usr/lib/perl5/5.8.8/bigint.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/lib/perl5/5.8.8/bignum.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/lib/perl5/5.8.8/bigrat.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/share/man/man3/bigint.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/share/man/man3/bignum.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/share/man/man3/bigrat.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Sys/Syslog.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Sys-Syslog-0.18-1
  file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.so from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Sys-Syslog-0.18-1

Error Summary
-------------

[root@linux ~]#

I ran a yum update and a bunch of perl updates crapped out. MailScanner is the only application I installed that loaded a series of perl RPM dependencies, so it’s safe to assume that MailScanner is the culprit. With that said, I’ll get to the point of this post. If you have a similar problem with yum updates failing, you can exclude those updates.

For RedHat based systems (Fedora & CentOS), you’ll want to edit the updates repository file.

[root@linux ~]# cd /etc/yum.repos.d/
[root@linux yum.repos.d]# ls
fedora-development.repo  fedora.repo  fedora-updates.repo  fedora-updates-testing.repo
[root@linux yum.repos.d]# nano fedora-updates.repo

On my Fedora 7 system, the file I want to edit is fedora-updates.repo (your file name may be different depending on the distro and release you’re using).

In the updates section, add an exclude line like in the example below. I’m excluding all updates that begin with the word perl (note the wildcard *). To exclude more than one set, enter each package name on the same line and separate them with a space.

[updates]
name=Fedora $releasever - $basearch - Updates
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/updates/$releasever/$basearch/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
exclude=perl*

Now if I run the yum update, all packages beginning with “perl” should be excluded.

[root@linux yum.repos.d]# yum update
updates                   100% |=========================| 2.3 kB    00:00
Excluding Packages from Fedora 7 - i386 - Updates
Finished
Setting up Update Process
No Packages marked for Update
[root@linux yum.repos.d]#

Now we’re cool. If you didn’t know how to exclude packages from yum updates, well now you know.

This is the code to create the image. It returns an image resource identifier. Note the use of a custom TrueType font — you’ll need to change that line to the path of a font on your system.

<?php
// generate captcha image - returns image handle
function captcha_image($code_string, $img_width=150, $img_height=40) {
  // seed srand
  srand((double)microtime()*1000000);

  // create image
  $im = @imagecreate($img_width, $img_height) or die("Cannot Initialize new GD image stream");

  // security code
  $security_code = $code_string;

  // define font
  $font = "/usr/fonts/ttf/Georgia.ttf";

  // create some colors
  $black = imagecolorallocate($im, 0, 0, 0);
  $white = imagecolorallocate($im, 255, 255, 255);
  $grey = imagecolorallocate($im, 128, 128, 128);

  // randomness, we need lots of randomness 
  // background color -> 1=black, 2=white, 3=grey (more colors can be added)
  // lines -> black bg (1=white or 2=grey), white bg (1=black or 2=grey), grey bg (black only)
  $randval = rand(1, 3);
  if ($randval == 1) {
    $bgcolor = $black;
    $fontcolor = $white;
    $linecolor = ((rand(0, 1) == 0) ? $black : $white);
  } elseif ($randval == 2) {
    $bgcolor = $white;
    $fontcolor = $black;
    $linecolor = ((rand(0, 1) == 0) ? $black : $white);
  } else {
    $bgcolor = $grey;
    $fontcolor = $black;
    $linecolor = ((rand(0, 1) == 0) ? $black : $grey);
  }

  // line positioning and increment
  $x_start = rand(0, 10);
  $x_size = rand(5, 10);
  $y_start = rand(0, 10);
  $y_size = rand(5, 10);

  // fill with background color
  imagefill($im, 0, 0, $bgcolor);

  // initial x position
  $font_x = 10;

  // write text
  for ($i = 0; $i < strlen($security_code); $i++) {
    // font size -> 20 to 35
    $font_size = rand(25, 35);
    // font angle -> -20 to +20
    $font_angle = rand(0, 20);
    if ($font_angle != 0) { if (rand(0, 1) == 0) { $font_angle = -$fone_angle; } }
    // font y position -> if font_size <= 27 then 30 to 35, if font_size > 27 then 30 to 35
    if ($font_size <= 27) { $font_y = rand(25, 30); } else { $font_y = rand(30, 35); }
    // write the text
    imagettftext($im, $font_size, $font_angle, $font_x, $font_y, $fontcolor, $font, $security_code{$i});
    // one more time to make it bolder
    imagettftext($im, $font_size, $font_angle, $font_x+1, $font_y+1, $fontcolor, $font, $security_code{$i});
    // next font x position
    $font_x += ($font_size + 5);
  }

  // draw horizontal lines
  for ($y = $y_start; $y < $img_height; $y += $y_size) {
    imageline($im, 0, $y, $img_width, $y, $linecolor);
  }
  // draw vertical lines
  for ($x = $x_start; $x < $img_width; $x += $x_size) {
    imageline($im, $x, 0, $x, $img_height, $linecolor);
  }

  // return captcha image handle
  return $im;
}
?>

We need a method for generating random four character strings when the captcha is created and displayed to the user. This function will do the trick.

<?php
function secret_key($length=4) {
  $salt = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
  srand((double)microtime()*1000000);
  $i = 0;
  $skey = "";
  while ($i < $length) {
    $num = rand() % strlen($salt);
    $tmp = substr($salt, $num, 1);
    $skey .= $tmp;
    $i++;
  }
  return $skey;
}
?>

With everything in place, we can generate the secret key, create the captcha, and finally display it to the user using this code.

<?php
// set headers
header("Content-type: image/png");
header("Cache-Control: no-cache");
header("Pragma: no-cache");

// generate secret
$skey = secret_key();

// create captcha and output to browser as PNG image
$im = captcha_image($skey);
@imagepng($im);
@imagedestroy($im);
?>

Here is an example of the code in action. The style looks very similar to the images used on Yahoo’s Overture.

Captcha Demo »

Now you know how to create a captcha, so what about verifying the input against the captcha value? This can be accomplished a variety of ways and everyone tends to have their preference.

• One method is to save the secret key in a session variable. As the image is created, store the key in a session variable and once the form is submitted, check the user’s value against the one stored in the session. If they match, proceed but if they fail, return an error and don’t process the form data.
• If you don’t want to use sessions, you could try using temp files. Store the key in a temp file and pass some value as a query string identifying to the script that the key is in that file. Read in the key and MD5 or SHA1 crypt the key and save it in a hidden form field. When the form is submitted, compare the hashed key against the user input (which you will also hash). Process the form data if the keys match.

You can download the provided source file. Use the PHP file as an image source in your HTML IMG tag.

<img src="http://www.yourdomain.com/captcha.php“>

Don’t forget to edit the path to the TrueType font you want to use in the captcha_image function. Failure to do so will lead to missing image characters.

Source Files: captcha.zip

If you want to achieve the same effect, here is how I did it (to see it in action, click on the first three XenoCafe links above). All you need is Apache, mod_rewrite, and htaccess. I’m going to skip the step-by-step configuration stuff to cut down the length of this article. If you need help, you can register for an account and post a question to the comments section for this post.

In this mock setup, I’ll use 10.10.100.34 as the IP address of my web server, example.com as the primary domain I want to redirect to, and ourexamples.com as the domain I want to redirect from (to example.com). This is a three step process that involves creating the zone file(s), adding the redirect domains to your Apache httpd.conf VirtualHost configuration, and finally creating the htaccess mod_rewrite rules to redirect all requests for the new domains to your desired domain.

Create a New Zone File for each Domain you Acquired

The primary domain example.com already has a zone file and is a functioning web site, but for ourexamples.com to work we need to create a zone file for it. Here is an example (we only need the minimum - SOA, NS, and the host for web).

$TTL   21600
$ORIGIN ourexamples.com.
@       IN      SOA     ns1.example.com. hostmaster.example.com. (
                        2008012601      ; serial
                        3600            ; refresh
                        600             ; retry
                        86400           ; expiry
                        21600 )         ; minimum

        IN      NS      ns1.example.com.
        IN      NS      ns2.example.com.

        IN      A       10.10.100.34
www     IN      A       10.10.100.34

Now reload the zone(s) for changes to take effect.

Add the Redirect Domains to the Primary Domain’s VirtualHost Definition (using the ServerAlias directive)

Edit your primary domain’s virtual host entry and add the new domain(s) using the ServerAlias directive. Below is an example of editing the example.com virtual host and adding the new redirection domain ourexamples.com (highlighted line).

<VirtualHost *:80>
    ServerAdmin hostmaster@example.com
    ServerName example.com
    ServerAlias www.example.com
    ServerAlias ourexamples.com www.ourexamples.com
    DocumentRoot /web/example/html
    ScriptAlias /cgi-bin/ /web/example/html/cgi-bin/
    ErrorLog /web/example/logs/error_log
    CustomLog /web/example/logs/access_log combined
    <Directory “/web/example/html”>
        AllowOverride All
    </Directory>
</VirtualHost>

Restart Apache to reload the virtual host changes. Next we’ll need to create the htaccess file to configure domain redirection.

Using mod_rewrite to Redirect the Domain Requests

If we were to stop here, the new domain would work, however there is no redirection to your primary domain name. It will simply use the same document root and serve the files without any changes to the URL in the browser address bar. If this is what you desire, then stop here, otherwise continue on to bounce all requests from ourexamples.com to example.com.

In the document root of where your HTML files are stored (where DocumentRoot points to in your Apache VirtualHost definition), create a .htaccess with a text editor. Here is the example.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule (.*) http://www.example.com/$1 [L,R=301]
</IfModule>

In short, what this code does is turn on mod_rewrite’s engine, check the HTTP host to see if it matches www.example.com and also checks for empty references; if either case is a yes it rewrites the URL to http://www.example.com using a permanent redirect (HTTP 301 Redirection header). The $1 appends any portion trailing the domain name from the original (directories and/or pages being accessed). This code also forces the ‘www’ prefix on all requests — http://example.com => http://www.example.com and http://ourexamples.com => http://www.example.com and so on

Before we get started…

There are two preliminary steps to complete before we install Openfire. They aren’t essential to its functionality (you can skip them if you’d like), but they’ll make things easier when it comes to managing the administration for you and your users. Those two steps are setting up a DNS alias for the server host name and creating a MySQL database for the backend instead of using the included embedded database.

» Create a DNS Host Name for your Jabber Server

For this guide I’ll use the host name ‘jabber’ for my Openfire server. I run my own DNS server so I’ll be editing my zone file to add the new alias. If you use a third party service for DNS on your domain then you should know how to add new aliases. If you don’t then you should consult their Support documentation for more information.

Open your zone file in a text editor and add your new alias. Yours may look something like this example when you’re done. The highlighted line is what I added.

$TTL    21600
$ORIGIN mydomain.com.

@       IN      SOA     ns1.my-name-server.com. admin.my-name-server.com. (
                        2007122301      ; serial
                        3600            ; refresh
                        600             ; retry
                        86400           ; expiry
                        21600 )         ; minimum

                IN      NS      ns1.my-name-server.com.
                IN      NS      ns2.my-name-server.com.

                IN      MX      10      mx1.my-mail-server.com.
                IN      MX      20      mx2.my-mail-server.com.

                IN      A       10.0.0.100

www             IN      A       10.0.0.100
ftp             IN      A       10.0.0.100
jabber          IN      A       10.0.0.100

Save your changes, flush the cache and reload the zone.

[root@node1 ~]# rndc flush
[root@node1 ~]# rndc reload

» Create the MySQL Database for Openfire Data

Sometimes a tool like phpMyAdmin comes in handy for managing MySQL databases, however I don’t have it installed on this server. Instead I’ll be adding my Openfire database from the MySQL console. All we need to do is create the database, add an user account that has full control over that database, and reload (flush) the privileges.

[root@node1 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 3 to server version: 5.0.22

Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

mysql> CREATE DATABASE `openfire`;
Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'openfire'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.01 sec)

mysql> GRANT USAGE ON *.* TO 'openfire'@'localhost' IDENTIFIED BY 'password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON `openfire`.* TO 'openfire'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.02 sec)

mysql> quit
Bye
[root@node1 ~]#

Now that all the preliminaries are out of the way, we can move onto installing Openfire.

Download and Install the Openfire Software

Openfire can be downloaded from the Ignite Realtime web site. As of this writing, the latest version available for download is Openfire 3.4.2 for Linux.

We’ll start by downloading the Openfire RPM via wget.

[root@node1 ~]# wget -O openfire-3.4.2-1.i386.rpm http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm
--12:18:13-- http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm
Resolving www.igniterealtime.org... 63.246.20.125
Connecting to www.igniterealtime.org|63.246.20.125|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40451331 (39M) [application/x-rpm]
Saving to: `openfire-3.4.2-1.i386.rpm'

100%[=====================================================================>] 40,451,331   368K/s   in 1m 52s

12:20:05 (354 KB/s) - `openfire-3.4.2-1.i386.rpm' saved [40451331/40451331]

[root@node1 ~]#

Now install the RPM, start the Openfire service, verify it is actively running, and set it to auto-start whenever your server is rebooted.

[root@node1 ~]# rpm -ivh openfire-3.4.2-1.i386.rpm
Preparing...                ########################################### [100%]
   1:openfire               ########################################### [100%]
[root@node1 ~]# /etc/init.d/openfire start
Starting openfire:
[root@node1 ~]# ps -ef | grep -i openfire
root      2508     1  0 07:35 pts/0    00:00:00 su -s /bin/sh -c /opt/openfire/jre/bin/java -server  -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath "/opt/openfire/lib/startup.jar" -jar "/opt/openfire/lib/startup.jar" daemon
daemon    2511  2508 37 07:35 ?        00:00:07 /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath /opt/openfire/lib/startup.jar -jar /opt/openfire/lib/startup.jar
root      2526  2414  1 07:35 pts/0    00:00:00 grep -i openfire
[root@node1 ~]# chkconfig --level 235 openfire on
[root@node1 ~]#

Open Ports in your Firewall

If you have a firewall in place you’ll need to open some ports before we can start configuring Openfire through its web interface. Openfire uses ports 5222, 7777, 9090, 9091 for client connections, file transfer proxy, http web administration and the secured administration respectively. If you use iptables tables like I do, add these lines to your /etc/sysconfig/iptables rules file and reload. See my RedHat IPTables Tutorial on XenoCafe for more information on configuring iptables from the ground up.

-A INPUT -p tcp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9091 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9091 -j ACCEPT

Then reload iptables to accept the new directives.

[root@node1 ~]# iptables-restore < /etc/sysconfig/iptables

Configure Openfire through its Web Interface

1. Launch your favorite browser and go to http://your_jabber_server_ip_address:9090 or if you set up a DNS alias http://jabber.mydomain.com:9090 to go to the Openfire web interface. You’ll be greeted by Openfire’s setup tool. In the first step, select your language. Here we choose English.

2. The next step is to set the server domain. If you opted for an IP address name, enter your server’s IP. If you opted to create a DNS alias, enter the DNS server domain. Here we created jabber.mydomain.com so we’ll enter that. By default the Openfire web interface console ports are 9090 and 9091 for standard and secure respectively. You can use other ports if you wish (NOTE: you’ll have to change your firewall settings if you use different ports), but for this guide we’re sticking with the default values.

3. You have two choices regarding which database to use for Openfire to store its data: an external database like MySQL, MSSQL, PostgreSQL, etc… or to use the bundled embedded database. If you setup a MySQL database like we did in this guide then select the Standard Database Connection option. If you didn’t, the only choice is to use the Embedded Database.

4. To set up your database connection, select the appropriate driver from the Database Driver Presets list (we set up a MySQL database so we’ll select MySQL). The page will refresh and you need to fill in the necessary information (the database host, name, username, and password). You should have this information from when you setup your MySQL database. Per this guide, MySQL is on the same server as my Openfire installation (localhost) and I created a database called ‘openfire’ with a username of ‘openfire’ and set a password.

5. The profile step has to do with the users and groups of chat members and where Openfire will store that information (new users, user groups, etc…). We won’t opt for LDAP to store this information. It is much more convenient to save it in our in our database.

6. We’re almost done. Enter the administrator email address (your email address) and set a password for your Openfire server.

7. Now you’re done! Pat yourself on the back. Click the Login to admin console button.

8. Type in the Openfire admin password you entered in Step 6 and click the Login button.

Welcome to the Openfire Administration Console. Take a look around and get familiar with the layout.

Time to Make Some Openfire Configuration Changes

Your Openfire installation will work out of the box and you can skip this section if you want, but for this tutorial I wanted to make some changes. Namely, I want my server to follow some rules so there is no chaos.

1. I don’t want any other servers to be able to communicate with mine (it’s private and self sufficient)
2. I define the member base so anonymous users cannot create accounts (ideal for an office environment)
3. Finally, all communication between clients and the server is encrypted (force jabber clients to use SSL)

Follow along if you want to use any of these features or jump ahead to the Creating Users and Groups for Jabber Clients section.

1. On the left under Server Settings, click the Server to Server link. In the top panel Service Enabled, choose the Disabled option and click Save Settings.

2. Click the Registration & Login link in the left side menu. Disable both options under Inband Account Registration and Anonymous Login. We’ll leave the Change Password option alone to let users update their passwords as they see fit. Click the Save Settings button at the bottom of the page.

3. Click the Security Settings link on the left. Under Client Connection Security, choose the Required option to force jabber clients to use SSL (NOTE: If the client doesn’t support SSL and this option is enabled, the client will not be able to connect to the server). Click the Save Settings button.

Openfire SSL Certificates

Openfire creates self-signed SSL Certificates by default. Remember the port 9091 from before? If you ever want to access this administration console from a Secure Connection, then you’ll need to restart the Openfire HTTP Server.

Click the Server Certificates link on the left menu.

Click the link in the highlight section.

Openfire will restart the HTTP Web Server and kick you back to the login screen. Log back in and the SSL Certificate should now be in use and you can access the console from SSL.

Creating Users and Groups for Jabber Clients

Since we’re creating a jabber server for a mock office environment, we prohibit anonymous users from creating accounts. Because of this, we will manage all users and groups on a global scale through our Openfire server. This means, all groups and users will be pushed to the clients that log in so they don’t have to add every single user account or group to their client. Also, any changes happen in real-time on the client (new users or groups added, removed, etc…). Kind of cool, huh? This is accomplished through Contact Group List Sharing.

We’ll be creating a mock Developer “Devel” group and add some users to it. Click on the Users/Groups tab on the top.

1. Go to Create New User under the Users section on the left. Fill in the Username, Password, and Confirm Password fields and click the Create User button.

Repeat this process to add all the users you want on your server.

2. Go to Create New Group under the Groups section on the left. Fill in the Group Name and an optional Description. Click the Create Group button.

3. The group has been added. Now we’ll share the contact list so it’s global to all jabber clients that connect to our server. Under the Contact List (Roster) Sharing section, click the Enable contact list group sharing option. In the name field, type in the same name as set for the group. Click the Save Contact List Settings button.

4. Scroll down the page and type in an user name to the Add User field and click the Add button.

Now we have one member in our group. Repeat this for each user you want assigned to this group.

Setting up a Jabber Client (Spark 2.5.8 for Windows)

Our Openfire Jabber Server is useless unless we have clients connect to it and communicate through it. We’ll use Spark from Ignite Realtime. If that doesn’t suit you then you are open to use another jabber client since there are many of them out there (see the client from jabber.org).

1. Download Spark, install it, and launch it.

2. Type in your Openfire user credentials (Username and Password). In the Server field, type in the Openfire Servers IP address or DNS alias. Click the Login button.

3. The contact list will appear once you have successfully logged in. The shared group(s) will be visible (NOTE: groups with no online users will be hidden unless you select the Show empty groups option from the Contacts menu) along with the users of those groups. My contacts are not online as you can see from the picture below.

You’re done. You now have the essentials of configuring your own Jabber server and clients.

This is my last tutorial, guide, howto, whatever you want to call it for 2007. Happy New Year!

1. Start by downloading the small 7.3MB CentOS-5.1-i386-netinstall.iso image and burn it to a disc. There’s also an x86_64 architecture image available that you can download if that’s the type of hardware you’re using.

2. Boot up the designated CentOS PC with your netinstall disc and wait for it to get to boot screen.

Press Enter for the GUI install or type linux text and press Enter for text mode installation.

3. Choose your language. The default selection is English.

Is English your primary language? It is for me.

4. Choose your keyboard type. The default is a US keyboard layout.

My keyboard is as basic as they come. So I’m choosing US.

5. Choose the installation method. For this guide I perform a HTTP install and get the packages from kernel.org.

6. Now it’s time to configure the TCP/IP settings. If you want to acquire an IP from a DHCP server or have no idea what your network settings are, then leave everything on the defaults. However, if you want to use a static IP and save yourself the trouble of editing /etc/sysconfig/network-scripts/ifcfg-eth0 or running setup later, then choose Manual configuration. I don’t have an IPv6 network, so I’ll be using IPv4.

7. Skip this step if you chose DHCP. On this screen enter your network settings (IP address, subnet mask, default gateway, and a dns name server).

8. Enter the web server and directory path to the CentOS packages to get this installation started. I’ll be using the server mirrors.kernel.org. The directory path is centos/5.1/os/i386.

9. Go get something to drink. Retrieving the image may take a while.

10. Follow the rest of the prompts to install CentOS. It’s the same as if you’re doing it from DVD or CD’s, just takes longer because all packages are downloaded. So select your packages, set the root password, etc… The installation time will depend on how many packages you select.

The one thing I hate about moving is having to transfer gigs of data and reconfigure things. To cut it short, the old server was Fedora Core 4 and the new server is Fedora 7. Changes have been made between the three versions difference. One of these changes explains the title of this post. What happened to named.conf?

I checked the typical locations like /etc and /var/named/chroot/etc but it was nowhere to be found. I ran a locate and it didn’t exist. Thinking it was somewhat possible that maybe it was in a RPM I hadn’t installed, I checked the RPM list on a Fedora mirror site and compared those to the RPM’s I did have installed. No luck, everything was there.

I searched the net and didn’t find any reason for named.conf’s disappearance. I also discovered I wasn’t the only one seeking an explanation to its vanishing act. I came across a post on a forum mentioning the use of system-config-bind to create named.conf. A marvel idea, however it’s a GUI based tool and that leaves us text based users out in the cold — well sort of…

If you’re like me and want to set up a DNS Server on Fedora 7 to handle your zones, then follow these steps while as root.

1. Even though it’s a GUI dependent tool, install system-config-bind using yum. It contains template files you can use to get named up and running.

yum install system-config-bind

2. The templates used by system-config-bind for generate named.conf and other essential files have been installed in /usr/share/system-config-bind/profiles/default. We need to copy these files to where named would be expecting them (the assumption being that you’re running named in a chroot jail.

cd /usr/share/system-config-bind/profiles/default
cp -p named.conf /var/named/chroot/etc/
cp ./named/* /var/named/chroot/var/named/

3. Now that named.conf is copied over we’ll need to make a change to the root hints file name. Right now our named.conf is looking for the file named.root instead of named.ca as in prior releases of bind. If you don’t make this change, named will fail to start and you’ll get an error like this in syslog named[20622]: could not configure root hints from ‘named.root’: file not found. Open named.conf in a text editor and look for this section (it should be right below options).

zone "." IN {
        type hint;
        file "named.root“;
};

Change named.root to named.ca and save your changes.

4. Create a symlink to named.conf in /etc (optional but suggested).

ln -s /var/named/chroot/etc/named.conf /etc/named.conf

5. Start the named service and you’re good to go.

service named start

Now go ahead and create your zone files and add their references to named.conf. See my RedHat Bind Tutorial on XenoCafe for more information on DNS and Zones.