Squirrelmail_logger behind reverse proxy

Squirrelmail_logger behind reverse proxy

Strange, I was not able to find existing solutions for logging HTTP_X_FORWARDED_FOR in it's logs.

It's easy:

diff --git a/files/squirrel_logger/functions.php b/files/squirrel_logger/functions.php index 5dfa8a1..6cef8dc 100644 --- a/files/squirrel_logger/functions.php +++ b/files/squirrel_logger/functions.php @@ -503,6 +503,8 @@ function sl_logit($event, $message='', $user='') if (!sqgetGlobalVar('REMOTE_ADDR', $user_address, SQ_SERVER)) $user_address = ''; + if (sqgetGlobalVar('HTTP_X_FORWARDED_FOR', $HTTP_X_FORWARDED_FOR, SQ_SERVER)) + $user_address = $HTTP_X_FORWARDED_FOR.' (x-forwarded via '.$user_address. ')'; if ($sl_namelookups) $user_address .= ' (' . gethostbyaddr($user_address) . ')'; 

Autofonix

I heard human ear can get information from frequency modulated ultrasound. If audio signal from the speech is used to modulate the ultrasound frequency, then the information from this speech will get into brain without consciousness filtering. That is, I will know something without understanding from where I get this informattion.


Loud sounds are harmful for human ears. But this is not true about powerful sounds at the high end of frequencies we can perceive. These high frequencies acts as a healing agent, they are used in ultrasonic scanning and ultrasonic therapy and usually improve hearing.


I was not able to find time to implement frequency modulation in some convenient application on my computer.


Hardware is not a problem, I can use high sound frequencies instead of real ultrasound. It's better I can't hear it even as a whistling, but not required. Common earphones reproduce frequencies up to 20khz, and I can't hear anything higher than 15khz. So this defines the band for the experiment, 15-20 khz.


Then finally I've made this application. I have found Audacity has nyquist plugins, and frequency modulation is one of embedded functions in nyquist language.


Are you willing to test it yourself? See http://www.wuala.com/seriv/Documents/autofonix


If you can discern words of original signal in FM signal - lower the volume, make it softer. Usually it is the case of non-linear effects resulting in demodulation.



Thanks in advance for your questions and/or comments.

7 things

I am flattered to be chained by Theo Schlossnagle by "7 things" tag. I hope these things will be interesting to know about me

1. I used to be winter swimmer, ("морж" ,literally walrus in Russian). It was almost accident I started, - I had a skies walk with my friend in the winter forest. I did not know he was a winter swimmer until we get to the lake and he invited me to join him into the water, opened for swimmers in the ice.
   
2. I liked to learn chemistry and had a lab in my home. Some of accidents I remember - once one of our neighbors was sitting and talking with my mother too long. I did not like her and decided to smoke her out. I quickly produced hydrogen sulphide. She run away quickly, but then we faced these awful smell in our home. I tried to precipitate it by releasing into the air a good portion of ammonia. I did not know these two chemicals precipitate each other only in solution.
3. Another accident was thermit firework I did for my mothers birthday. Luckily it burned out only one hard wood stool. All other things were in reparable condition after this firework.
4. I liked winter ski camping trips in the northern mountains, to the North from the forest boundaries. The most comfortable camp there is the caves in the snow hills, it takes about an hour for 3 men to dig a spacious cave for them to live in. Once we did such a cave about 5 meters up to the hill from the bottom of narrow valley, and during the night there was 8 meters of snow accumulation there. I realized something is going wrong because our primus stove consumed almost all oxygen from the air in the cave and the air became sour when primus went out. My friend Alexander Telpov saved our lives, he pierced the hole to the surface by ice-axe.
5. I used to fast for the health since being a student at the college. Fasting was so popular hobby among the students, even dean office issued the warning to prohibit it. My longest period of fasting with just water was 31 days in the raw.
6. I have studied and received official permit as a shoichet, - to kill chickens according to Jewish rules of kashrut. This means the bird should not feel pain or fear until it's last moment. I can't do it now, because I did not practiced many years, while Jewish law required to practice to sharpen the knife daily. And I think shoichet can't be vegetarian as I am.
   
7. From age 12 to 15 I have spent 2 evenings each week trying to learn to play chess in boyscout chess section (in Kharkov center for youth and children creativity). I learned rules, notation, chess literature, but was not able to learn to win. And after 3 years I've got a very important lesson from this: there are things I'm not gifted to master.
   

I am supposed to tag seven people with blogs, but instead I'm tagging people without blogs, in hope they will start blogging. They are:

• Alexander Telpov, who saved my life more than once;
• Avraham Sonenthal as the best candidate to be an Israeli prime minister I can imagine;
• Igor Borovikov, scientist and artist;
  
• Gordey Lesovik, having deep knowledge about mysteries of the world;
  
• Peter Milov, with my reverence;
  
• Georgy Matusovsky, who was my friend and host in my difficult times;
• Igor Nazarov, with whom I am glad to share my problems and thoughts.

And the rules:

• Link your original tagger(s), and list these rules on your blog.
• Share seven facts about yourself in the post - some random, some weird.
• Tag seven people at the end of your post by leaving their names and the links to their blogs.
• Let them know they've been tagged by leaving a comment on their blogs and/or Twitter.

Zimbra Tips

How to move mail messages from one user's mail folder to another user
(or to send them to external delivery)

1. First you need to identify zimbra store folder of this user, like
   

   
      mysql -e "select * from zimbra.mailbox where comment like 'user@domain.com'"
   

   
   
2. Then you need to prepare file with a lot of lines, like 1/25+1 of number of messages in his folder needed to copy. If, for example, the messages from folder /test need to be moved, then this file should have the first line: "search -t message 'in:test'" and all other lines: "search -n" (means "give next page of the search results"), like:
   

   
   
      search -t message 'in:test'
      search -n
      search -n
      ....
      search -n
   
   

   
   
3. Then you feed this file to zmmailbox to get message IDs:
   

   
      zmmailbox -z -m user@impulse.net  messagelist.txt
   

   
   
4. And then we ready to get all the messages in the format ready to feed them to sendmail:
   

   
   
      for i in `grep '^[0-9]' messagelist.txt | awk '{print $2}' | sed 's/-//'`; do
        find /opt/zimbra/store/0//msg/ -name $i\* >> filelist.txt
      done
      for i in `cat filelist.txt`; do
        zmmailbox -z -m  am  $i;
      done
   
   

   
   (if there are a lot of messages, it's better to create a file with lines "am $i" and to feed them to zmmailbox because it starts slowly.
   
   
5. If the messages should be sended to external domain, then the last step may be something like this:
   

   
   
   for i in `grep '^[0-9]' messagelist.txt | awk '{print $2}' | sed 's/-//'`; do
    find /opt/zimbra/store/0//msg/ -name $i\* >> filelist.txt;
   done
   for i in `cat filelist.txt`; do
    sendmail -i  <$i;  done 
   
   

   
   

How to "fix" system's sendmail (/usr/sbin/sendmail) for zimbra

(supposing system has alternatives, like debian, centos, ...)

• First check what's there now:
  

  [root@zimbra ~]# ls -l /usr/sbin/sendmail
  lrwxrwxrwx 1 root root 21 Jun 23 12:21 /usr/sbin/sendmail -> /etc/alternatives/mta
  
  [root@zimbra ~]# update-alternatives --display mta
  mta - status is auto.                             
   link currently points to /usr/sbin/sendmail.sendmail
  /usr/sbin/sendmail.sendmail - priority 90            
   slave mta-mailq: /usr/bin/mailq.sendmail            
   slave mta-newaliases: /usr/bin/newaliases.sendmail  
   slave mta-rmail: /usr/bin/rmail.sendmail            
   slave mta-sendmail: /usr/lib/sendmail.sendmail      
   slave mta-pam: /etc/pam.d/smtp.sendmail             
   slave mta-sendmailman: /usr/share/man/man8/sendmail.sendmail.8.gz
   slave mta-mailqman: /usr/share/man/man1/mailq.sendmail.1.gz      
   slave mta-newaliasesman: /usr/share/man/man1/newaliases.sendmail.1.gz
   slave mta-aliasesman: /usr/share/man/man5/aliases.sendmail.5.gz      
  Current `best' version is /usr/sbin/sendmail.sendmail.                
  
  

• Then install alternative and check it:
  

  [root@zimbra ~]# update-alternatives --install /usr/sbin/sendmail mta-sendmail /opt/zimbra/postfix/sbin/sendmail 25
  [root@zimbra ~]# update-alternatives --display mta-sendmail
  mta-sendmail - status is auto.
   link currently points to /opt/zimbra/postfix/sbin/sendmail
  /opt/zimbra/postfix/sbin/sendmail - priority 25
  Current `best' version is /opt/zimbra/postfix/sbin/sendmail.
  

2 veth with 2 bridges on OpenVZ at ALTLinux

Bridged Networks for OpenVZ in ALTLinux

Let's asume we have a computer with 2 network cards, one connected to internet router, has IP address 5.88.52.189/27 and it's default route should gateway via 5.88.52.161. And secord network connected to local area network 10.61.0.0/24. We want to create multiple OpenVZ Virtual Environments there with 2 virtual cards each, one with public IP from 5.88.52.0/27 range and other connected to local network.

OpenVZ has different network implementations for Virtual Environments. Default is venet, which is fastest, easiest and most secure.
Another option is veth, and that grants to VE right to have it's own routing table, and assign ip addresses to these interfaces.
And third option is granting access to hardware NIC (or virtual device, like VLAN, tun or tap) to VE, in that case it will be exclusively visible and manageable by this VE.

Creating bridges in HE

To use bridged networks in ALTLinux you should do the following:

1. In ALTLinux interfaces with names eth0, eth1... are deprecated. There is no way to ensure their names and order are preserved on reboots and on kernel upgrades. So they should be renames using /etc/iftab to logical names, like wan, lan... To use bridges we must ensure that this table defines interfaces not by macaddresses, but by businfo or combination of businfo and other characteristics, which can be obtained by running ethtool -i:
   

   # ethtool -i eth0
   driver: forcedeth
   version: 0.60
   firmware-version:
   bus-info: 0000:00:08.0
   # ethtool -i msgs
   driver: forcedeth
   version: 0.60
   firmware-version:
   bus-info: 0000:00:09.0
   # cat <<EOF > /etc/iftab
   wan    driver forcedeth businfo 0000:00:08.0 mac 00:30:48:7a:70:fe
   lan    driver forcedeth businfo 0000:00:09.0 mac 00:30:48:7a:70:ff
   EOF
   

2. Network in ALTLiunx is managed by etcnet package. Let's look at it's configuration:
   

   # cd /etc/net/ifaces
   # ls
   default  lo  lan  wan  unknown  venet0
   
   

   directories lan and wan are created to store configurations for these 2 NICs. They can be just copies of directories eth0 and eth1 created for these NICs by installer, but with line
   

   TYPE=eth
   

   added to their {lan,wan}/options files.
   
3. Now we create 2 directiries for bridges brwan and brlan:
   

   # mkdir brwan brlan
   # echo 'stp AUTO off' > brwan/brctl
   # echo '5.88.52.189/27 broadcast 5.88.52.255 dev brwan' > brwan/ipv4address
   # echo 'default via 5.88.52.161' > brwan/ipv4route
   # cat <<EOF >brwan/options
   BOOTPROTO=static
   TYPE=bri
   HOST='wan'
   ONBOOT=yes
   EOF
   
   # echo 'stp AUTO off' > brlan/brctl
   # echo '10.61.0.15 broadcast 10.61.0.255 dev brlan' > brlan/ipv4address
   # echo '10.8.0.0/24 dev brlan' > brlan/ipv4route
   # cat <<EOF >brlan/options
   BOOTPROTO=static
   TYPE=bri
   HOST='wan'
   ONBOOT=yes
   EOF
   
   

4. Now we should remove ip addresses and routes from lan/wan interfaces:
   

   # echo '0.0.0.0/0' > lan/ipv4address
   # echo '0.0.0.0/0' > wan/ipv4address
   # rm -f wan/ipv4route
   # rm -f lan/ipv4route
   

5. Now it should be safe to /sbin/service network restart, but if you connected by ssh, better restart first networking for interface other then you connected by. Assume I'm connected by eth1:
   

   # ifconfig eth0 0 down;
   # ifrename -i eth0
   wan
   # ifup wan
   # ifup brwan
   

   If everything goes O.K. ifconfig will show interface eth0 renamed to wan, up but without ip address, and brwan interface holding it's previous address. Check availability of this address by ping from another host.
   
6. At that point you can restart network by service network restart knowing that it will be back at least to wan network.
   

Using bridges in VE

1. Now will work with bridges for VE. First we should totally disable venet by adding line DISABLED=yes to it's options file:
   

   # echo 'DISABLED=yes' >> /etc/net/ifaces/venet0
   

2. Let's assume Virtual ID to be 610015. Ensure /etc/vz/conf/116211.conf does not contain lines starting with IP_ADDRESS
   
3. To create 2 VETH interfaces, eth0 and eth1, for our VE, do the following commands:
   

   # vzctl set 160015 --netif_add eth0 --save
   # vzctl set 160015 --netif_add eth1 --save
   

   These 2 commands created in /etc/vz/conf/160015.conf the following line (wrapped here for easy reading):
   

   NETIF="ifname=eth0,mac=00:18:51:92:67:32,\
   host_ifname=veth610013.0,host_mac=00:18:51:3C:41:74;\
   ifname=eth1,mac=00:18:51:01:68:5E,\
   host_ifname=veth610013.1,\
   host_mac=00:18:51:3D:E2:1B"
   
   

4. Add the following lines to this file:
   

   cat <<EOF >>/etc/vz/conf/610013.conf
   CONFIG_CUSTOMIZED="yes"
   VETH_IP_ADDRESS="10.61.0.13/24;5.88.52.183/27"
   BRIDGEDEV="brlan;brwan"
   VE_DEFAULT_GATEWAY="5.88.52.161"
   

   Here I've assigned IP addresses for my interfaces eth0 and eth1 of VEID and defined corresponding HE's interfaces veth610013.{0,1}.
   
5. Now let's create file for OpenVZ bridge configuration:
   

   #echo <<EOF >/usr/sbin/vznetcfg.custom
   #!/bin/bash
   # /usr/sbin/vznetcfg.custom
   # a script to bring up bridged network interfaces (veth's) in a VE
   
   GLOBALCONFIGFILE=/etc/vz/vz.conf
   VECONFIGFILE=/etc/vz/conf/$VEID.conf
   vzctl=/usr/sbin/vzctl
   brctl=/sbin/brctl
   ip=/sbin/ip
   ifconfig=/sbin/ifconfig
   . $GLOBALCONFIGFILE
   . $VECONFIGFILE
   
   NETIFS=`echo $NETIF | sed 's/;/\n/g'`
   for NETIFX in $NETIFS
   do
   
     NETIF_OPTIONS=`echo $NETIFX | sed 's/,/\n/g'`
     for str in $NETIF_OPTIONS; do \
             # getting 'ifname' parameter value
             if [[ "$str" =~ "^ifname=" ]]; then
                     # remove the parameter name from the string (along with '=')
                     VEIFNAME=${str#*=};
             fi
             # getting 'host_ifname' parameter value
             if [[ "$str" =~ "^host_ifname=" ]]; then
                     # remove the parameter name from the string (along with '=')
                     VZHOSTIF=${str#*=};
             fi
     done
   
     BRIDGEX=${BRIDGEDEV%%;*}
     BRIDGEL=${BRIDGEDEV#*;}
     BRIDGEDEV=$BRIDGEL;
   
     VETH_IP_ADDRX=${VETH_IP_ADDRESS%%;*}
     VETH_IP_ADDRL=${VETH_IP_ADDRESS#*;}
     VETH_IP_ADDRESS=$VETH_IP_ADDRL;
   
     if [ ! -n "$VETH_IP_ADDRX" ]; then
        echo "According to $CONFIGFILE VE$VEID has no veth IPs configured."
        exit 1
     fi
   
   
     if [ ! -n "$VZHOSTIF" ]; then
        echo "According to $CONFIGFILE VE$VEID has no veth interface configured."
        exit 1
     fi
   
     if [ ! -n "$VEIFNAME" ]; then
        echo "Corrupted $CONFIGFILE: no 'ifname' defined for host_ifname $VZHOSTIF."
        exit 1
     fi
   
     echo "Initializing interface $VZHOSTIF for VE$VEID."
     $ifconfig $VZHOSTIF 0
   
     VEROUTEDEV=$VZHOSTIF
   
     if [ -n "$BRIDGEX" ]; then
        echo "Adding interface $VZHOSTIF to the bridge $BRIDGEX."
        VEROUTEDEV=$BRIDGEX
        $brctl addif $BRIDGEX $VZHOSTIF
     fi
   
     # Up the interface $VEIFNAME link in VE$VEID
     $vzctl exec $VEID $ip link set $VEIFNAME up
   
     for IP in $VETH_IP_ADDRX; do
        echo "Adding an IP $IP to the $VEIFNAME for VE$VEID."
        $vzctl exec $VEID $ip address add $IP dev $VEIFNAME
   
        # removing the netmask
        IP_STRIP=${IP%%/*};
   
        echo "Adding a route from VE0 to VE$VEID."
        $ip route add $IP_STRIP dev $VEROUTEDEV
     done
   
     if [ -n "$VE0_IP" ]; then
        echo "Adding a route from VE$VEID to VE0."
        $vzctl exec $VEID $ip route add $VE0_IP dev $VEIFNAME
     fi
   
     if [ -n "$VE_DEFAULT_GATEWAY" ]; then
        echo "Setting $VE_DEFAULT_GATEWAY as a default gateway for VE$VEID."
        $vzctl exec $VEID \
             $ip route add default via $VE_DEFAULT_GATEWAY dev $VEIFNAME
     fi
   
   done
   exit 0
   EOF
   

   It's based on This script from the Wiki on OpenVZ site, but modified to serve multiple bridges, networks and interfaces.
   
6. Now let's configure OpenVZ to use this script:
   

   # chmod +x /usr/sbin/vznetcfg.custom
   # echo 'EXTERNAL_SCRIPT="/usr/sbin/vznetcfg.custom"' >/etc/vz/vznet.conf
   

   At this point VE is ready to be started/restarted and should appear after start/restart in these networks.
   

Installing Centos5 on Solaris-Xen

How to install Centos-5 into domu on Solaris "SunOS solx 5.11 xen-nv66-2007-06-24"

As I can find in Google, the usual way to install Centos in domu uses qemu. They suggest installing Centos in quemu, then convert qemu image into xen image. But there is easier way to do this with Centos-5 and Solaris.

How to boot into installation DVD

The first of the problems in this installation is the following:

• Xen support booting linux machines if you have vmlinuz and initrd files
• Xen also support booting from the media with grub installed on it
• No other boot methods of Linux domu I have found in Xen.
• Centos5 DVD (I think CD also) boots not by grub.

To solve this problem, lofiadm and mount Centos dvd image. Then take from this image files images/xen/vmlinuz and images/xen/initrd.img and place there, for example, in /boot. And add lines

kernel = "/boot/vmlinuz"
ramdisk = "/boot/initrd.img"

to domu configuration file.

Storage Drivers not working problem

The next problem you can run into - this anaconda can not see nor DVD, nor hard drive, although they are declared in domu configuration file like

disk = [ 'file:/storage/CentOS-5.0-x86_64-bin-DVD/CentOS-5.0-x86_64-bin-DVD.iso,6,cdrom,r', \
'phy:/dev/zvol/dsk/storage/zim5,0,w' ]

If your eyes are quick you may catch the lines "device without driver" among the lines running at the boot time of this domu.

This problem may be solved the following way:

• Export NFS your Centos DVD lofi-mounted filesystem, and point installer to use media on NFS instead of CD/DVD
• Export iscsi your zfs virtual volume so that it can be used in installation process instead of local hard drive.
• When anaconda can't get cd, give her nfs share of this DVD.
• When it can't see any disk, it gives you a button to add iscsi target to disks anaconda may use to install on. Add iscsi exported zfs volume at metal host and install Centos there.

The boot into installed system

The only one thing which may prevent you from booting into installed Centos system is vmlinuz and initrd of DVD, which will start installation process and will not allow you to do anything else. But this installed Centos zvol has grub on it if installation succeeded. So, just remove lines for kernel and ramdisk added to domu configuration file and you can start your centos.