sa-learn, dovecot virtual users and virtual user configs 2

Well, I wanted independent SpamAssassin Bayes databases per user (different users, different preferences). For that, RoundCube already set up the Junk folder. However, I wanted the ability (for myself, as well for my other users) to individually mark messages as either Spam or Ham.

RoundCube: Inbox view

RoundCube: Inbox view

 

 

Now, as I said before I wanted a trivial way to mark messages as Spam or Ham (without using the command line each time).

RoundCube: Adjusted Inbox View

RoundCube: Adjusted Inbox View

Now, that was the mailbox setup part. Now we do have to do some command line foo (yeah, it’s still necessary) to actually learn the mails as spam or ham. First we need a script, which scans the Maildir for each domain/user separately, and then creates the bayes database.

This script is based on work from nesono and workaround.org. Anyhow, the script will scan each user folder (you might need to adjust the MAIL_DIR and SPAMASS_DIR variable, depending on where your MAIL_DIR is located.

Next, we need to adjust the SPAMD options to use the virtual-config-dir (that’s the SPAMD name for this).

As you can see, I basically appended the following to the OPTIONS variable: –virtual-config-dir=/var/lib/spamassassin/%d/%l -x -u mail

Now, here’s a couple of pointers:

–virtual-config-dir=pattern
This option specifies where per-user preferences can be found for virtual users, for the -x switch. The pattern is used as a base pattern for the directory name. Any of the
following escapes can be used:

%u — replaced with the full name of the current user, as sent by spamc.
%l — replaced with the ‘local part’ of the current username. In other words, if the username is an email address, this is the part before the “@” sign.
%d — replaced with the ‘domain’ of the current username. In other words, if the username is an email address, this is the part after the “@” sign.
%% — replaced with a single percent sign (%).

-u username, –username=username
Run as the named user. If this option is not set, the default behaviour is to setuid() to the user running “spamc”, if “spamd” is running as root.

Note: “–username=root” is not a valid option. If specified, “spamd” will exit with a fatal error on startup.

Now, only a small adjustment is still needed. In order for the inbound mails to be scanned with the per-user db’s, you need to adjust postfix’s master.cf file, to run spamc with the per-user db.

After that’s done (and a restart of postfix, spamassassin and dovecot) you should be the proud owner of a per-user dovecot/postfix/spamassassin implementation.

Postfix, soft_bounce=yes and redelivering mails

Well, I’m setting up spam/virus filter at the moment. Somewhere I found, that when doing so one should enable soft_bounce=yes in your /etc/postfix/main.cf. Now, once I finished setting up my mailing setup, I wanted to manually force the delivery.

Now, if you fixed the mail delivery, you just need to enter the following:

However if you want to delete the mail from the postfix queue:

Tiny Tiny RSS init-script for multiple instances on Debian Wheezy 1

Well, I have a bunch of Tiny Tiny RSS instances running on my webhost, and I wanted a init-script that starts the update-daemons for all instances.

Now, there’s already a bunch of init scripts for Debian around (1, 2) however none of them were to my liking or did what I wanted it to do. So I ended up (yeah, I know *again*) rewriting them.

Debian: dmesg output contains “Error: Driver ‘pcspkr’ is already registered, aborting…”

Well, I recently prepared a bunch of Debian KVM guests, and today I got annoyed (basically because logwatch complains about it …) by this pesky error message on each startup. What causes this is error is really simple.

Udev loads the PC speaker driver (pcspkr) and then (for whatever reason) tries to load the alsa-module for the PC speaker (snd_pcsp). And the second one, basically fails. All we need to do, is create a blacklist.conf and add the latter one to it.

virt-viewer: qemu+ssh to a KVM host running SSH on a different port

Well, I’ve been tinkering with KVM the last few days and I’ve been stuck accessing the KVM guests (as the guests are running on a host I don’t have my Xorg server running on). After a bit of searching, I actually found what I was looking for.

Piecing together from both sources, to connect to a KVM host, that has SSH running on a different port:

5 year flashback

Today I looked at my ADSL router and had a flashback about five years ago. Back then I was working for the university and used a dual line ISDN link for internet which had about the same bandwidth as my ADSL currently has …Synchronous DSL speed

After that experience I know how people must feel in some areas where internet isn’t as advanced as my normal 2MBit ADSL line … Loading YouTube or even a simple forum is a real waiting game (took me about two minutes to load up a hit out of Google), and I even attest myself a dependency on even normal ADSL (not one of that superfast 32MBit lines – just 2MBit).

I can’t even use VPN/Citrix over those 164 KBit (yeah, it’s too slow). So guess I’m rooting for the Telekom technician today. *shrug*

UCS Manager 2.0.2r KVM bug

Well, we’ve been battling with a KVM bug in our UCS installation, that’s been driving me (and apparently the Cisco L3 support and development) nuts. But lets back up a bit. If you’ve worked with UCS before, once you open up the KVM console you’ll see the KVM and a shortcut commands (Shutdown, Reset) and another tab that allows you to mount virtual media.

Once you open it up, it should look like this:

UCS Manager: KVM console working fine

UCS Manager: KVM console working fine

Now, when we re-installed some of our servers (mostly the XenServer’s) and out of a sudden the KVM virtual media didn’t work for some reason. The UCS KVM would suddenly reject us from switching to the virtual media tab, saying that either the Login timed out or we’d have the wrong user and/or password, even if we tried with the most powerful user the UCS has, the local admin account.

UCS Manager - KVM virtual media tab rejecting authentification

UCS Manager – KVM virtual media tab rejecting authentification

 

So I opened a TAC, and Cisco got to work on it immediately. After poking around in the depths of the fabric interconnect with a dplug extension from Cisco with a Cisco L3 guy, and after about two months of development I just got a call back from the Cisco support guy. Apparently development figured out why we’d get the above error message.

Once you put a hash tag (#) in the Service Profiles User Label you’d get the error message.

UCS Manager - User Label

UCS Manager – User Label

Once I removed the hash tag, the KVM started working like it’s supposed to do. So if anyone ever comes across this, that’s your solution. Apparently Cisco is going to fix this in an upcoming release, but just removing the hash tag and everything is fine.

VMware ESXi – Free memory limits corrected

Well, a coworker of mine asked me about this. Since I didn’t know (yeah, I don’t know everything) I went to my trusted friend – Google – and searched for it. There seems to be a lot of confusion about this, so I thought I’d clarify this.

I ended up putting a license to one of my hosts in vCenter.

VMware ESXi Free Edition  Memory Limit

 

Yeah well, the host has a bit more memory than the allowed 32GB vRAM per Socket (the host has two sockets) – thus you’re allowed to have 64GB RAM if your host has two sockets.

Dealing with SnapVault replication issues

Well, for the past two months I had a case open with NetApp to figure out this SnapVault replication issue we were seeing. The initial transfer of the SnapVault relation would complete with a hick up, manual snapshot transfers also work – just the scheduled, auto-created Snapshots won’t replicate.

At first I (and the NetApp support) thought this was an issue with SnapVault itself, however after being away for the last four weeks I looked at the issue with fresh eyes. After a short peek into the logs, I found what I had found back when I first looked into this.

SnapVault would create the daily snapshot on the SnapVault Primary and start the replication. However something (or someone, wasn’t clear at this point) then created a FlexClone of a volume … And as, back when we first encountered this, I was kinda puzzled.

But then I decided (please don’t ask me what made me look there) to look at the logs of the NetApp Filer on our logserver. As it turns out, back when I enabled syslogging to an external logserver I seem to have enabled debug logging … and it was great to have that! Below you’ll find the log I found – and as you can see there’s at least a clue as to from where that ghost snapshot is coming from.

Now, with knowing from which corner this issue originated it dawned on me, we have had a similar issue before. A quick peek into TSM Manager and I knew I was on the right track. The daily system backup starts around 21:15. Now our TSM backup includes the System State backup (which in turn utilizes VSS – which triggers the NetApp Snapshot!).

After excluding the System State from the Daily Backup the SnapVault stuff worked without a hickup. I ended up removing SnapDrive from the Server in question, since we don’t really need it there. Snapshots created from SnapDrive of the boot lun are gonna be inconsistent anyhow (doesn’t matter if I do ‘em from SnapDrive or the NetApp CLI).

That restored the default VSS handler, which enables TSM to backup the System State again.

Synology: New openvpn init script

My VPN provider isn’t being supported by the Synology VPN client (because they aren’t using the standard port 1194, instead 1195). After tinkering with the ovpn files the Synology VPN client uses to store the connection settings (and failing), I just installed openvpn with ipkg.

However after tinkering around with the init-script provided by the openvpn ipkg from the NSLU2 feed, I got tired and just rewrote the damn thing:

Place the file in /opt/etc/init.d/S20openvpn, and the client daemon will start on boot.