Retry timeout exceeded – Exim greylist problem

This article relates to Exim 4, running in a WHM/cPanel environment under Centos, but may affect other configs too.

You may find instances where a local user tries to send mail to a host that operates greylisting. The messages never gets to the recipient. You see things like this in the exim_mainlog

2011-11-10 15:14:05 1ROWKK-0003I1-Ia <= localuser@localdomain.co.uk H=something.com (FredBlogs) [2.2.2.2] P=esmtp S=7852 id=!&!AAAAAAAAAAAYAAAAAAAAAEDCVk4NrhRJjsshyvaOnAfCgAAAEAAAAOV7jpjiT51Jm/WbyNPkywIBAAAAAA==@domain.co.uk T="FW: test" for remoteuser@remotedomain.co.uk
2011-11-10 15:14:06 1ROWKK-0003I1-Ia == remoteuser@remotedomain.co.uk <remoteuser@remotedomain.co.uk> R=lookuphost T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<remoteuser@remotedomain.co.uk>: host mail.host100.co.uk [5.5.5.5]: 451 Greylisted, please try again in 223 seconds
2011-11-10 15:14:06 1ROWKK-0003I1-Ia ** remoteuser@remotedomain.co.uk: retry timeout exceeded
2011-11-10 15:14:06 1ROWKK-0003I1-Ia Completed
Show the full article…

1 Comment

How to switch from Mobile Me iCloud to Google Apps

I decided to divorce myself from the Apple-a-tron that is iCloud for a number of reasons.

  • I don’t like being forced to upgrade to iCloud
  • I don’t like being forced to upgrade to Lion to use iCloud
  • As a user of Adobe CS5 and numerous peripherals for photo/print etc, I can’t see how upgrading to Lion is going to make anything easier for me (actually the reverse)
  • I felt it was time to move my online self to a domain that I control, instead of me.com or mac.com

So, how to do it? I run a number of Macs, and an iPhone so whatever I choose has to work on both, and be relatively painless. This guide isn’t for total beginners, I wish I had the time to describe every step in detail with screenshots, but anyone with a sense of adventure should get through this guide without difficulty. Show the full article…

Leave a comment

How to test your website before switching DNS

This article will show you how you can access and test your joomla, wordpress, drupal, or other content managed website before you actually change nameservers or DNS and risk a huge disaster! I’m surprised I haven’t written about this before – it’s such a simple thing to do, and is an absolute killer tip for any developers out there. Show the full article…

Leave a comment

Find and replace all timthumb.php on server – bash script

The recent vulnerablity found in the popular timthumb.php image resizer has hit websites worldwide pretty hard. Pretty easy to deal with if you are just running your own site – just replace the script with the latest version from the source.

If you are running a hosting company, then you have either mitigated the issue somehow, or your helpdesk is probably still hung over from the after effects of exploited timthumb scripts.

So, cutting to the chase, here’s a script that I have used to run through whole cPanel based servers, looking for files called timthumb.php or thumb.php, which contain the text “timthumb” (almost every instance I have seen of the script contains this code in it somewhere).

It then moves/renames the file to something safe, and copies over the latest source from a location you can tweak in the script, and then sets the ownership and permissions correctly (assuming you are running suPHP).

The bash script:

Obviously, the usual disclaimers apply here – You are free to use this script, but NO responsibility can be accepted for anything that goes wrong if you choose to!

This is actually version 2, as it were – I have modified the script so that it now looks for the version number within the script and only updates versions that do not match those shown in the if statement.

#!/bin/bash
IFS="$"
###################################################################
##  timthumb correction                                          ##
###################################################################
 
GOODTHUMB="/root/scripts/timthumb.php"
 
###########################
##  Assign temp file     ##
###########################
TMPFILE="/tmp/healthchk.$$.tmp"
if [ -f ${TMPFILE} ]; then
   rm -f ${TMPFILE}
fi
 
# set pwd to tmp
cd /tmp
 
###########################
##  Create temp file     ##
###########################
setup_temp_file() {
  if [ -e $1 ]; then
     rm -f $1
  fi
  /bin/touch $1
  /bin/chown root:root $1
  /bin/chmod 0600 $1
}
 
##########################################################
##  SCRIPT BEGINS HERE                                  ##
##########################################################
 
echo "This script will check all home directories for timthumb..."
 
unset CPUSER CPHOME
 
/bin/ls -- /var/cpanel/users | /bin/grep -v "\`\|\.\|cpanel\|root\|mysql\|nobody" | while read CPUSER; do
   CPHOME="$(/bin/grep "^${CPUSER}:" /etc/passwd | cut -d':' -f6)/public_html"
   echo -e "\nChecking user ${CPUSER} - home directory = ${CPHOME}"
   echo "Checking ${CPHOME} ... "
   if [ -d ${CPHOME} ]; then
 
     #####################################
     ## Start looking for timthumb!     ##
     #####################################
     setup_temp_file ${TMPFILE} 
 
     /usr/bin/find ${CPHOME} -type f \( -iname "timthumb.php" -o -iname "thumb.php" \) >> ${TMPFILE} 2> /dev/null
     /bin/cat -- ${TMPFILE} | while read TARGET; do
         # every version of the script I have seen contains the string timthumb somewhere
        ISITBUTTER="$(/bin/grep -i timthumb ${TARGET} )"
        THEVERSION="$(/bin/grep -o "VERSION.*'[0-9\.]*'" ${TARGET} | /bin/grep -Eo "[0-9].[0-9]+" )"
        if [ ${#THEVERSION} -gt 1 ]; then # prevent crash on empty variable in next if test
            # You can modify the versions to accept (i.e. not modify) below
            if [ ${#ISITBUTTER} -gt 1 -a ${THEVERSION} != "2.8" -a ${THEVERSION} != "2.7" ]; then
                echo "Found one!: ${TARGET}    version ${THEVERSION}"
                mv ${TARGET} "${TARGET}._removedbykrystal"
                cp ${GOODTHUMB} ${TARGET}
                /bin/chown ${CPUSER}:${CPUSER} ${TARGET}
                /bin/chmod 640 ${TARGET}
            fi
        fi
     done
 
   fi
done
##  Clean up any trace
if [ -e ${TMPFILE} ]; then
   rm -f ${TMPFILE}
fi

 

4 Comments

NATS AWARE GPS Lanyard Problem

NATS AWARE

A fantastic and simple aid to safety!

OK, so you have the nice little NATS AWARE GPS unit for your microlight. Because you are doing things by the book, you are going to submit TIL109a to the BMAA to show that you have been duly diligent in the fitting of the unit to your aircraft.

However, if like most pilots, you fit your AWARE unit in a removable manner, Section 2 on page 4 of the TIL (specifically section 2.1) asks “Lanyard fitted – Ensure GPS is not a hazard if supported only by the lanyard.”

OK, I’m not knocking the AWARE or Airbox in any way. I love my Aware, and heartily recommend one to anyone who wants a simple GPS device to help keep themselves away from controlled airspace – but…

It’s ironic that the AWARE, developed by Airbox in association with NATS, and supported by the BMAA with it’s own fast track TIL minor mod submission, doesn’t actually have a Lanyard loop anywhere on it’s shiney orange and black casing.

To make an omelette

To make a lanyard hole I needed to know where to drill (oh my! there goes the warranty!) two holes. So, it was time to take the back off. Doing so would also reveal the location and type of LiPo battery powering the unit – thus making it easier to replace in future.

Note: I really shouldn’t have to say this, but taking your AWARE apart is at least going to invalidate the warranty, and if you’re ham fisted, quite likely to end in tears…

The case is a bit fiddly to open up – 4 tiny grub screws (circled in BLUE) hold the back of the case to the orange screen mouting frame, so whizz those out, and then there are four snap tabs on the inside of the case loacted as shown below (circled in RED):

Opening up the NATS AWARE

Opening up the NATS AWARE

You just have to sneek a small blade/tip into the gap between the black and orange plastic to locate these and apply a bit of pressure to click them free. Be carefull not to push too hard and break the tabs!

I first considered the corner where the speaker is mounted but discounted this as it would be too weak, relying on a little bit of the black casing, which is pretty thin.

The better solution would be a single hole near the stylus hole itself. If drilling into the case blind while it is still assembled, be VERY careful, as if you bodge your drill bit in too far you may rupture the LiPo battery with spectacular results… The drill bit should not go in any more than 2mm.

Potential Lanyard Hole Sites

Potential Lanyard Hole Sites

Once drilled, pass a nylon tie/zip/cable wrap into the stylus hole, and out of the new hole in the case and pull it tight. A standard/generic lanyard can then be fitted around the exposed portion of the cable tie and fixed to a point in the aircraft (or the mounting bracket – see below). Although this denies the stylus it’s storage hole, this is a very strong solution, which easily passed a 9G load test.

Another solution

Large piece of PCB circuit board glued to the back of the case with a hole in! – Hysol 9462 is probably one of the better epoxies to do this with.

Mounting bracket

We used the RAM-HOL-PD3 universal PDA mount in our Skyranger, which has plenty of opportunity for an extra hole for a lanyard fitting. It’s a great mount, with a spring loaded side claw, so popping the GPS in and out is easy.

 

4 Comments

Shift Key Contrain Broken in Illustrator

If you suddenly find the Shift key no longer constrains to porportions in Adobe Illustrator, and holding down the space bar no longer allows you to pan around your artwork, here’s the weirdest fix you will ever find for this Illustrator problem. For info, I have had this on CS5 since a clean install on OSX Snow Leaopard.

Install Tweetdeck… Open Tweetdeck… then go back to Illustrator – and hey presto! No longer do i have to log out and back in again to get round this REALLY annoying bug.

Enjoy!

Leave a comment