Ramblings of a Linux Administrator

New Article: Linux Mail Server Software- A Comparison of Popular Mail Transfer Agents

cpace — Mon, 08 Mar 2010 17:00:41 +0000

This weekend, I wrote yet another article, Linux Mail Server Software- A Comparison of Popular Mail Transfer Agents. I wrote this article, since many of my clients often ask me what the best Mail Transfer Agent, or MTA would fit their needs best. Although the article brings up some good points, it doesn’t get into a great amount of detail (as articles rarely do) about the different features of the many available MTAs. Here are some additional points:

Qmail’s license is not an open source license, but instead is licensed under the public domain. As such, it does not come with a copyright license, which may restrict the ability to distribute Qmail.
Postfix is easier to extend, with support for Sendmail’s milters. For instance, enabling DKIM support for Postfix is trivial.
Although Postfix is faster at sending large volumes of email than Exim (“out of the box” configuration), You can easily improve Exim server performance.
I’m still trying to figure out why Sendmail is still used on Red Hat Enterprise Linux (and why it is still the most popular MTA)- Sendmail is definitely going the way of the dinosaurs- with it’s cryptic configuration, and security nightmares.
Zimbra, while not a fair comparison against the others, excels in group collaboration. I’ve never had a client disappointed with it’s feature set, or performance. While not the best solution for a high volume mail server, Zimbra is very good at making email easier to use, and more powerful (without that dreaded Exchange).

I’ll stop short of recommending a “one size fits all” solution- in the end, it all matters on YOUR needs, not the software itself. There is no true winners or losers- just different solutions. As always, feel free to contact me if you have any questions about which solution meets your needs better.

Here is the article:
http://linuxconsultant.info/tutorials/linux-mail-server-software.html

Cool Web-based Software- OpenEMM

cpace — Mon, 01 Mar 2010 17:34:47 +0000

One cool web-based software solution that I’ve stumbled upon lately is OpenEMM. OpenEMM is a mass mailing software solution for email marketing, sending newsletters, and mass mailing. Although I’ll admit that my experience with this particular niche of software is limited (I’ve installed and used SugarCRM, and PHPlist in the past), I’m really in love with OpenEMM’s layout and organization. Where OpenEMM really shines is the ability to quickly setup a campaign or single mailing event, and start to get emails flowing. OpenEMM contains it’s own email system (more on that later), so it’s basically self contained.

To get started with sending emails through OpenEMM, you first must create a “mailing”, which can either be a part of a campaign, or by itself (a cool feature when testing this software). After you complete a short wizard, you can fine tune the mailing very easily:

Creating a mailing in OpenEMM

Once you get the Mailing setup in OpenEMM, you can then add email addresses, or recipients, into OpenEMM (maybe it’s best to add those first, but it’s more fun to create the mailing first- it doesn’t really matter which order you do them in). One really nice feature, as you can see, is that it’s short and to the point- if you just want to add email addresses and get on with your life, OpenEMM does a very nice job of that!

Adding an email address in OpenEMM

Moving on, we also have the ability to create a template in OpenEMM to use for our mailings. This is nice, since the templates look professional, clean, and can be configured using variables for database variables (such as first and last names). I hate the impersonal feeling of mass mailing, and the inclusion of this feature is nice.

OpenEMM email template

Speaking of editing templates, OpenEMM allows you to preview how your template will look at different resolutions. This feature is really nice, since I use static table sizes in my designs, and I’m always curious as to how the border regions of tables look at higher/lower resolutions.

Template preview feature in OpenEMM

Now that I’ve talked up OpenEMM enough to sound like a commissioned salesman, let’s talk about some of the disadvantages:

OpenEMM doesn’t appear to support an external mail server- you can either use the mail server built into the server that OpenEMM is installed on, or you can use the bundled mail server.
OpenEMM’s mail server doesn’t always work 100% out of the box. If you want to switch mail servers, there isn’t a graphical way to do this. It would really be nice to have an “email server configuration” page built into OpenEMM. That way, I could use a mail server that is located on another server.
OpenEMM requires the installation of Java from Sun, and also a user account created. OpenEMM isn’t the easiest mass email marketing software to install.

However, none of these disadvantages are particularly crippling. Time wise, I would say that it took me about an hour or so to install. Although I’m just playing with mass email marketing software at the moment, if I ever do decide to take the plunge and get started, OpenEMM will definitely be the software that I will use.

New Article: Web Application Protection- Ways to Protect a Web Application from Hackers

cpace — Sat, 20 Feb 2010 23:10:15 +0000

I wrote a new article this weekend, titled Web Application Protection- Ways to Protect a Web Application from Hackers. I wrote this article to help some of my clients, who have asked about the different methods available to prevent an attacker from successfully compromising a web application. The methods recommended include setting up SSL to encrypt traffic, using mod_security, and using iptables to block netblocks or domains that would never use the web application (for instance .cn, .af, .lt, .ru, etc). However, there are a few methods that I didn’t talk about:

Use .htaccess to further restrict requests to web directories

Using .htaccess files can be a great way to restrict access to a web application, or add a password authentication feature where such a feature does not exist (for instance, to protect a private wiki). A nice benefit that .htaccess authentication gives us is the ability to authenticate against a MySQL or LDAP database. Combined with SSLv3 encryption, .htaccess authentication can be very secure.

Snort-Inline

Although I did mention mod_security can be used to firewall the web application (if you are running Apache), another solution is to use Snort-Inline to secure your web application. Although not for the faint of heart (it’s fairly easy to make a mistake when installing Snort-Inline, and lock yourself out of the server), Snort-Inline goes above and beyond what mod_security offers. Acting as a Network Intrusion Prevention system, Snort-Inline doesn’t stop at just filtering web application attacks, but can also be extended to monitor practically every major server software solution.

Hopefully, these tips will have helped out both clients and readers alike- in today’s world of automated bot scans and worms, it is far too common that web applications are exploited. Some of these measures will mean the difference between a successful compromise, and a harmless attempt.

Here is the article:
http://linuxconsultant.info/tutorials/web-application-protection-protect-a-web-application-from-hackers.html

Linuxconsultant.info is Fully W3C Compliant

cpace — Tue, 26 Jan 2010 05:18:02 +0000

It’s amazing all of the small stuff that you overlook when you develop and build a website. You think of functionality, cross browser compatibility (my websites are unique in that Firefox is the dominant browser), but rarely does it cross anyone’s mind to check for W3C compliance. Well, you can now rest assured-http://linuxconsultant.info is now fully W3C compliant.

Why not take the plunge, and check for W3C compliance on your site, using the W3C Validator? You might be surprised at it’s results (as I was on my site).

Eventually, I might enforce W3C compliance on all of my sites. A good thing about checking for W3C compliance is that you also learn how to write proper XHTML. A common mistake that I’ve made on about 90% of my web pages has been with using capital letters for tags (A, BR, P, etc), which is apparently against XHTML standards. I’ll be the first to say that I’m not a great web designer- but tools like this can help anyone be better at making their own webpages (or more importantly, making them cross browser compatible, and standards compliant).

So, enjoy your browsing experience at http://linuxconsultant.into, as it’s now fully W3C compliant!

The Importance of Linux Server Maintenance

cpace — Sun, 20 Dec 2009 19:52:00 +0000

We have all heard the saying, “an ounce of prevention is worth a pound of cure”. This is especially true when the topic of server maintenance comes up.

All too often, I have worked on Linux servers that were woefully out of date, or that didn’t have a backup plan in place. Sometimes a client’s initial problem could have been fixed easier and cheaper just by following some routine maintenance tasks. At a minimum, here is a list of things that should be done monthly to maintain a Linux server:

Installation of Operating System updates

Examine all available system and daemon logs for irregularities

Confirm backup integrity

Check available system resources (and make plans to upgrade resources, when necessary)

These simple maintenance tasks can help prevent ugly surprises (no one likes those), and increase server uptime. In addition, the installation of Operating System updates helps keep your server secure (the second most common compromise method is through insecure software). Most of us know the security impacts of not installing security updates on our workstations- why not carry over that mentality to your server?

Also, it wouldn’t hurt to occasionally check for updates on software which might not come from your Linux distributor (such as Wordpress, PhpBB, etc). Too often, my clients will think that their site is secure, only to be surprised when an old exploit is used against their blogging or forum software.

The best part about regular server maintenance is that is isn’t really expensive when compared to the cost of fixing an out of date server. My own Linux server maintenance services start at just $25. The nice thing about the way that I have organized this offering, is that it gives my clients choices as to the level of maintenance that is performed on their server monthly. Some of my clients prefer little more than Operating System updates, while others sleep better at night knowing that their server’s security has not been compromised. In addition, I also email my clients monthly reports, which let my clients know exactly what is going on with their servers. I have example reports available for the Basic, Advanced, and Premium maintenance plans.

Which plan you decide is best for your server is entirely your choice- but I’m a big fan of the advanced maintenance plan. It combines the most common (and important) maintenance tasks together, in a package price that’s easy to afford. The important thing to remember is that no matter who works on your server, it is maintained in a sensible and responsible manner. Nothing is worse than a disaster that could have been avoided with routine maintenance!

When Not to Outsource

cpace — Tue, 13 Oct 2009 13:35:18 +0000

This weekend, I spent all day Saturday posting articles to websites, and getting backlinks for a client. The client wanted a fairly easy goal- 100 backlinks. However, the client didn’t want to pay an arm and a leg for these backlinks (honestly, who would). I admit that I briefly thought about outsourcing the work, and saving myself the time and effort of getting backlinks for this client’s website. After all, who wants to spend their Saturday in front of a computer, posting content to a website?

When I came up with this SEO plan for this client, I realized that it would be less effort and stress NOT to outsource the work. Yes, I would essentially be working for less than what I normally charge (I didn’t even want to think about what this paid per hour). Yes, this work is less than glamorous (really, who enjoys building backlinks?). However, if I would have outsourced this particular task, I would have spent many days going back and forth with the freelancer building backlinks (differences in time zones, and all of that). Plus, the client would have paid more money in the end (the amount that I quoted the client was the average outsourced price, I could have cut maybe 20% off of that by haggling, and then add in the costs for me to supervise and double-check the work of the freelancer).

Don’t get me wrong here, I’m not against outsourcing. Heck, a part of my business depends on it. When your budget isn’t too tight (here, the amount that I quoted the client was quite low), you can find freelancers that will be able to follow the specifications on work without much supervision. However, link building campaigns are horrible campaigns for finding talent (if you want it done cheap). As an example, I once had a freelancer who, upon “completion” of the SEO backlinking campaign, I discovered had linked his own blog instead of my client’s website (the freelancer was instructed to use three links per article, and the freelancer used 2 of those three links to promote the freelancer’s own blog). As another example, I had a freelancer work on a similar campaign a while back, and the freelancer did great work. Minimal supervision (always good) was required, and the individual understood the work to be done. The difference between these two outsourced projects was the price. The project that had a bad freelancer was a short and cheap project. Conversely, the project that had a higher budget and a longer deadline had the better freelancer.

The way that I see it, if I can get a particular task done in less than a day, sometimes it’s best not to outsource. I’m paying that price right now, where I’m waiting on a Perl programmer to email me a fix to his script (it’s been 5 days now). Outsourcing has it’s place- just not with the small and cheap projects.

For those who are wondering (this isn’t a service I advertise), I do often manage projects involving outside coders or freelancers. I’ve been involved with projects ranking from 30 line scripts, to large software deployments. My experience has told me that sometimes, it’s best not to outsource a particular project. Instead, roll up your sleeves, and get the job done yourself. It might not be fun, but neither is the hassle of outsourcing work!

Easy Alternatives to CAPTCHA

cpace — Tue, 29 Sep 2009 13:08:52 +0000

If it’s one thing that I hate worse than spam, it’s CAPTCHA. We’ve all seen CAPTCHA ages before, they look like a three year old scribbled some random letters on a piece of paper, and than spilled a can of paint in the middle of that paper. Somehow, we are supposed to be able to read these letters, and insert the correct characters in order to submit a form. Most of the time, the CAPTCHA level of noise, or amount of ink splots and other material added to distort the letters, is so high that I can’t even tell if a character is even a member of the same alphabet that I use.

Perhaps the most damaging part of CAPTCHA is the assumption that you are up to no good. A website is placing an undue amount of stress upon you, for what? To enter a comment on a blog? To register for an email address? To send someone a message? I wonder how many potential customers and clients alike have been turned away from a website or vendor because of their CAPTCHA implementation. Personally, I’m afraid of it as well (on my contact form), that’s why I haven’t implemented it yet on that form.

However, alternatives to CAPTCHA are gaining ground. Acceptable alternatives, in my opinion, involve the least troublesome challenges to your website visitors or clients. Examples include:

Simple math questions (What is four plus three?)

Logic questions (when you freeze water, is it cold or hot?)

Requiring the user to select pictures of familiar animals (click on the kittens)

The problem that most opponents have with CAPTCHA alternatives is that they can be easily spoofed, if the script creator doesn’t add enough random challenges into the mix. Admittedly, if your form only contained the challenge, “Is ice cold or hot?”, you would be in some trouble shortly. However, you can always combine challenges, and with a set greater than 20 challenges, have a very formidable defense against spam bots. Especially, when you combine images with text. Consider the following challenge:

Is ice hot or cold? ________

Now, this challenge isn’t particularly difficult for most spam bots, you just need to re-write some code. You could even allow it to guess, buy inputting as the answers “is”, “ice”, “hot”, “or”, and cold”- until you finally got the right answer. However, let’s take it a step further. Let’s do this:

_______

Now, we’ve got the same question, just inserted into our site as an image. Assuming that the image is randomly named, this is an excellent way of combining different CAPTCHA workarounds. Now, in order to defeat our form script, a bot writer will have to implement OCR technology into his script, and also implement a routine that submits every word in the challenge sentence, in order to try and fool our form script.

Now, let’s make things interesting. In our form script, let’s have a set of, say 20 questions. These 20 questions are selected from a database (to make things a bit easier to add or remove questions), and we randomly pick our question from that database. We can go further from our “Is ice hot or cold”, to include such questions as “What is the name of the planet that you live on?”. In this last example, the correct answer, earth, is not located anywhere in that question. Now, the person writing a bot to spam our form has to hand write each and every answer to every question.

We can stop this game at any time, but the bottom line is that with the proper amount of preparation, our form script can be harder to beat than CAPTCHA. Most importantly, it will not cost us ANY visitors, clients, or customers. The humans can still easily submit information to us using our form, and all of the spam bots won’t know what to do with our web form.

Now, the tricky part is just getting everyone else to switch over from CAPTCHA to one of these alternatives. Perhaps over time, these alternatives to CAPTHA will gain in popularity. Only then will I finally be able to create an account on a website without pulling my hair out at a mixture of something from Picaso’s works and the modern alphabet.

New Article: What to Compare When Choosing a Web Host

cpace — Sun, 20 Sep 2009 16:28:23 +0000

I wrote a new article this weekend that describes the most important features to consider when choosing a web host. Too often, I’ve seen clients that have been drawn into a cheap web host provider, only to find out that the network performance is horrible. Needless to say, poor network performance results in lost sales revenue, frustrated customers, and the stress of switching web hosts. To prevent my clients from making a poor choice when choosing a web host, I wrote this article.

One of the major resources noted in this article is Netcraft’s website. Netcraft provides a great web host comparison chart for free that is updated monthly. Netcraft compares response time (network performance) and uptime (network reliability) when it ranks the top web hosting providers. Finally, these results are tallied into a top 10 and top 50 web host table. This makes it trivially easy for anyone to compare web host providers. Simply put, there is no better resource available for comparing different Internet websites or web host uptime, and network performance, than Netcraft.

Hopefully, this article will help out a client or website visitor in their choice for a web host. Nobody likes a slow web hosting provider, and if you think slow website performance is bad- try SSHing into a slow web host sometime!

Here is the article:
http://linuxconsultant.info/tutorials/choosing-a-web-host.html

New Article: Yahoo Temporarily Defers Email with Message 421

cpace — Thu, 10 Sep 2009 00:23:57 +0000

I wrote a new article this weekend that identifies the main reason that Yahoo temporarily defers mail messages with an error 421. With spam mail messages on the constant rise, we can hardly blame Yahoo for being more strict on blocking mail messages that aren’t guaranteed to be spam free. With this problem, Yahoo has a solution for businesses that have to send commercial or bulk email- DKIM. DKIM solves Yahoo’s spam problem by allowing them to authenticate emails sent from your server, and it solves a businesses’ problem of ensuring that important non-unsolicited bulk email is delivered.

Many administrators and email marketers alike have been frustrated by the addition of SPF and DKIM authentication, and few know how to properly tackle this burden. As always, if you need help installing a DKIM filter, or adding SPF to your domain’s DNS records, be sure to contact me.

Here is the article:
http://linuxconsultant.info/tutorials/yahoo-temporarily-defers-email-with-error-message-421.html

New Tutorial: 5 Linux VPS Performance Tips

cpace — Sun, 02 Aug 2009 21:08:19 +0000

I wrote a new tutorial this week, called 5 Linux VPS Performance Tips, which I believe can help quite a few of my clients. This short tutorial shows the top 5 ways that a Linux System Administrator can increase the performance of a Linux server, just by following 5 easy tips. Too often, I’ve seen a client run a bloated MySQL installation that eats over 200 MB of RAM- RAM that they are renting from a VPS host at a premium price. In fact, following the tips in this tutorial can save 30-50% on a VPS hosting bill! Don’t take my word for it though, follow the instructions in this tutorial, and see the difference in memory usage for yourself.

Here is the tutorial:
http://linuxconsultant.info/tutorials/5-linux-VPS-performance-tips.html