I’ve been working throughout the whole week to solve the send mail problem by the new box. The thing is that I have created an online form and the completed form should be sent to an appointed email address. I have been using Sendmail as the MTA (Mail Transport Agent) but it fails to function properly. The log file shows that it failed to send the email to the appointed email hosts and whenever it spots a same domain name (local), it won’t send the email although I have continuously change the settings, rebooted the box and edited php.ini, etc. I tried to find the solutions in Ubuntu Forums and some of them suggests to replace the MTA from Sendmail to Exim. I have been a Sendmail user since my first cup of Ubuntu as it is used with the default PHP configuration and I never tried Exim, but since Sendmail is not working as it suppose to be, I’m giving Exim a try. A couple of my first trial with Exim still doesn’t solve the matter and I have to reinstall it a couple of times since I have mess with  the configuration file. Thankfully apt-get saves most of my time. (just run apt-get install exim4 <- current version)

The configuration of Exim is user friendly than Sendmail and it’s easier to understand the settings as the configuration’s user interface will take you step by step with details and explanation. To configure Exim by user interface, the following command should be issued;

dpkg-reconfigure exim4-config

Manual configuration can be done by editing /etc/exim4/update-exim4.conf file but then we have to run;

update-exim4.conf

and restart exim4 process for the configuration to take place. The process should be running and listening on port 25 (smtp)

Exim4 process running and listening on port 25

To check the installation, run mail command (install mailutils first) and try sending mail and refer the log file for the status. The mail may be arriving late to your inbox for the first time, sometimes delayed until 7 hours as it may be on queue for spam check by the recipient server but it should be OK after that.

Send mail and tail the log

There seems no error whatsoever on the log but I can’t receive the mail on my yahoo account. On the previous log, it says that yahoo gives a “421 message deferred” error. It seems that yahoo’s filtering the message and considering it as a spam, etc. No luck on Yahoo I guess..whatever..I won’t be using Yahoo for the apps. (and I don’t want to waste my time contacting them) . I tried to figure out why the message was not able to be received by Yahoo Mail and I think it must be something related to the mail header. So I open the received mail on my Gmail account and inspect the message header;

email header shows SPF: Neutral

The SPF (Sender Policy Framework), an extension of RFC2822, shows that the query was neutral. Maybe Yahoo Mail is being strict on this…maybe . As you can see on the above image, inspecting email headers is very interesting too as you can trace the sender’s IP, location, mail client, etc. These are some of the tricks used to bust spammers, anonymous mailers, etc. hehe~ . In the end, Exim works as my box’s new MTA.

References:
Ubuntu documentation to install Exim4
OpenSPF

It has been 3 years since I bought msaifuddin.com (19 June 2006) and tomorrow will be the expiration date for the domain’s yearly contract.

Every year, I will transfer my domain to a new domain registrar to save a few bucks.

A week before the expiration date, I will spend some time to monitor the TLD (top level domain) market prices and compare them with different companies.

The first time I bought msaifuddin.com, I am still naive about all the domain+web related things and I did not care much about the prices. I just pay..pay..and pay.

As time goes by, I learn that I can save a few ringgit/dollars by choosing company that provides discount coupons on their domain/hosting packages.

There are hundreds of companies which provides this kind of offers. A few clicks on Go0gle could help you to find one.

Discount coupons can save a few bucks from its original prices. If you can find a reliable company, domain registration/renewal should only cost below USD$10 (RM35~) and with discount coupons, sometimes the price can drop until 50% from its usual price.

Besides coupons, currency exchange also can help you to save money.

Domain name in sold in USD by most US companies is cheaper than the price offered by most Malaysian-based companies.

An average price for a domain in USD is about USD$10 each (you can find many below $10), while a domain in Ringgit Malaysia is about RM40. USD$1 ~= RM3.50. You do the maths!

Anyway, there are millions of companies in the internet that offers a great deal for your money. Just be wise when buying them.

Problems..they never stop!

(9-12/6)
I have set up a file server running on Dell PowerVault 725N using Win2k3 as the OS (Windows..makes life easier.. ). The box was set to join domain with PKK’s network so that every authorized user may access the box. Working with the access rules, domain configuration, etc. is something new to me . After spending about 2 hours trying to understand and experimenting with the configs, the box was successfully accessible throughout the network. I have also set a pointer record in the domain controller to resolve the box’s IP address. Everything went fine and I even run a few tests to make sure it is 100% ready for deployment. The only thing left that I have to do is to see the box’s user tomorrow morning and to teach her the steps to insert the data.

The next day when I am about to give step-by-step tutorial to the user, I tried to connect to the box from the user’s PC but it was inaccessible. It gives me error messages that the target path was not found and I have no authorization to log in to the target machine. Then I check the DNS settings on the domain controller-no problems found, checked the shared folder permission settings-no problems found. Strange. I go back to the server and reset the access permission, but it was still inaccessible. The ACL is intact, no changes whatsoever. Then I figured out it must be viruses messing with the box configuration. But after running a few manual check (still no AV installed), I couldn’t find any modification on the system/registry. Then I install Symantec AV, but the AV so suck that I have to remove it half an hour after installation. It uses too much memory and it couldn’t detect any problem (I am SURE there must be something hidden inside the system). Then I installed Kaspersky but it could not get the latest updates. It gives “Unable to resolve DNS” error. Something has override the DNS table and even flushdns won’t work. This is not some ordinary virus, it must be somekind of worm/rootkit. So, I installed GMER, a rootkit detector/remover. After running a scan, it detects that a “service” is hooking with the svchost process and has made a changes into the registry. A positive rootkit activity!..fuck!..I disabled the service and the Kaspersky updates were successful but the AV also failed to detect the rootkit source. Manual removal on the registry strings were unsuccessful. I could not delete/modify any of the modified settings. I deleted one of the hooked svchost and restarted the box, but Windows give a startup error and after running another rootkit scan, the “service” was restarted AGAIN! damn! It’s impossible to delete the “service” as it was hooked with a Windows file and even after I disable the service, the modified registry settings will override my changes!

What the rootkit does:

• modify registry settings and include itself as a legit system process
• block all DNS pointing to EVERY anti virus/anti rootkit sites (EVERY site like Nod32, AVG, Symantec, etc.)
• modify security policy settings, blocking all network connection

This is the cause to my problem. It overrides the security policy and remove EVERYONE access from the network and added 2 fake users with a random strings as the username.

So, how do I remove the rootkit?
- I formatted the box again. As simple as that since I cannot remove it manually.

After a fresh installation of Win2k3, the settings that took almost 2 hours in the first time, only takes about 10 minutes now.

The question that still bother me, where does the rootkit come from?
I left the box untouched not more than 20 hours after the OS installation, I didn’t access the internet, etc. Where is the source?

Last week was my battle with OS installation on Dell PowerEdge 4600 and after several failures of Fedora installation on the box, I finally manage to get Ubuntu 9.04 running as the system! A big relief for a n0ob like me. So, the OS problem was settled and it took me the whole day (last Tuesday) to finish the installation on a couple of servers. Application installation and updates went smoothly. Among the installed components were OpenSSL for additional cryptography on the box for web apps deployment, Apache2 as the web server, MySQL as the database engine and PHPMyAdmin as the database management and VSFTPD for FTP server deployment. Another box (intended for application server) was left untouched after the OS installation as we were running out of DMZ port on the router

The server will be used for PKK’s new web server and the next day, the web development begin. The old site is using Joomla 1.0 with about 14000+ users profile that  have to be transferred to Joomla 1.5 database. The migration was  a bit difficult and confusing not only because of the massive data that I have to handle, but also because of the differences between both versions’ database structures. However, the migration was successful and all of the user profiles remain intact.