Tuesday, September 12, 2006

Panic: Temporary File Seek

Administrating users emails is a bore. Some are packrats and just keep their emails forever. A quick look at the /var/spool/mail/ directory will show just how much emails are stored.

Yesterday there was a user who sent out an email with a large 17MB power point file to EVERYONE. Three times. This caused uptimes to soar and made people frustrated that their emails were delivered slow if at all. So we had to clean them up.

# mail -u lewser.
fseek: Invalid argument
panic: temporary file seek
Aborted
# |

What? we started panicking. File system corruption? Our RAID failed? Need a reboot? Mailbox dead? We tried it on other users with large mailboxes with the same error!

***panic*panic*panic***

We decided to take a breather and do some research before we rip apart our mailserver.
Googling gave us a hint: use mutt.

#mutt -f lewser

and I was pleasantly surprised with a console app that looked like this:

spam riddled email user.

It successfully opened the mail, allowed me to navigate to the bottom really quickly (PgDn), and interactively delete the email (d), feedbacked to me whenever it was opening or closing a file. No silly fseek problems. What a life-saver.

So why doesnt mail support large mailboxes? I have no idea.
Why doesnt it provide a more 'soothing' error message instead of sending us into panic mode? I dont know.
Will I use 'mail -u' ever again? Not if I can help it.

The Mutt is truly Man's Best Friend.


yk.

Sunday, September 10, 2006

PopTop - PPTP Windows VPN on a Linux Server

Our old PPTP server finally died last week.

It was an old Windows NT (!!!) server, and we were just wondering how long it would take before it got taken down. Well, it finally got found, and was subsequently infected with numerous viruses by the script kiddies out there. Comparitively, it lasted long enough, a good 8 years plus, so it had a good run!

We got rid of the viruses, and put it back on, and within a day, it got infected again.

Fortunately we dont have anything important running on it, most of our VPN requirements have been converted to IPSec. However is a small number of users who do want to connect from home, via the very convenient PPTP connections on their Windows machines. Very easy to set up and run. Not a crucial requirement, but nice to have...

So we decided to try PopTop.
"Using Poptop, Linux servers can now function seamlessly in a PPTP VPN environment. This enables administrators to leverage the considerable benefits of both Microsoft and Linux operating systems."
Setting this up was relatively easy. I followed the online instructions as described here: Redhat-howto. However there were problems.

At first the WinXP client would not connect to the server. Upon checking, I found out that the firewall was enabled on the server. So we opened up port 1723 for PPTP.

Then the WinXP client connected, but complained about the server not supporting certificates; either 40bit or 128bit encryption. My fault, didnt set the options.pptp file correctly with require-mschap-v2 and require-mppe-128 as options.

I used the webmin-PPTP-Server to do the administration (comes standard with webmin), and it was pretty much full featured except that it didnt have a section to define the MS-DNS and MS-WINS options as in the options.pptp file. Not a major problem; vi helped.

Its hard to debug the connection. Somehow I never got to ping the PPTP server when connected. So for a good 3 hours I was trying to find out what was wrong, and making sure that the routes are correct. Its annoying because a 'route print' nor a 'ipconfig' on the WinXP doesnt provide any useful information regarding the VPN setup.

And then finally I found this nugget of information: 'deselect "Use default gateway on remote network"' I tried it, and mysteriously it worked.

It took me longer that I anticipated to set up the server, however it was not because of the server setup, rather it was an obscure setting on the client to get it to work.

So now we have completely replaced the unsupported, defunct, aging, crackable Windows NT with a shiny new Fedora Core 5 server running PopTop. Users just have to make a small adjustment to their client setting to reconnect. I have since brought up the firewall to only allow certain traffic to flow through this connection to prevent future cracks.

Its amazing what FOSS can do for you.

yk.