Zimbra, NATs, and YOU

Today’s lesson: Zimbra.

IF

  1. You have a NAT’ed environment…
  2. You’re installing Zimbra…
  3. You get slammed with 6 million plus SPAM messages flowing through your server overnight (despite following all best practices and ensuring you’re not an open relay)…

THEN

  1. Ignore Zimbra’s instructions that all your interfaces need to be in the “trusted networks” list.
  2. Use this command to override the admin interface rules:
    zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8'

    (Include any private networks that need access, too.)

  3. Tail the logs and enjoy all those “Relay access denied” messages.

This boils down to Zimbra not specifying that when you set up split-horizon DNS, you potentially open up your MTA to abuse right out of the box.

MySQL joins on IP addresses

If you are doing this:

  1. using MySQL
  2. storing IPv4 addresses as varchar
  3. attempting to join two tables on IPv4 varchar columns

You need to stop and go learn about INET_ATON. It converts those IP addresses to BIGINTS and speeds up your queries like you wouldn’t believe. I had an existing project that did not require any joins against my IPs, so I never bothered to do the conversion. I’m currently neck-deep in some new code that requires me to join against those same IPs, and INET_ATON took my queries from 120 seconds to under half a second to complete.

Those are results you can believe in.

WordPress Widget: Bill’s ArtistData Widget

ArtistData has shut down.

I have podged together my first WordPress Widget: Bill’s ArtistData Widget

Not suprisingly, it displays your band’s Artistdata.com upcoming shows RSS feed in your sidebar.

I will update this post with the WordPress.org link as soon as it’s approved.

Download “Bill’s ArtistData Widget” here –> artistdata

Installing OpenSUSE 11.2 With A 2Wire USB Adapter

Here’s your “pro-tip” for the day:

IF you’re installing OpenSUSE 11.2 AND you’re worried about driver support for your USB wireless adapter (specifically, for example, the 2Wire US-G-AT-02), just plug the thing in when you boot from the install disc. Amazingly enough, it installs all drivers and wrappers correctly and is ready to use on first boot.

Amazing. People make a face when I say I use OpenSUSE, but it very rarely disappoints.

IP Matching With CIDR Notation In PHP

Sometimes you can’t find an answer, no matter how hard you Google. I consider myself lucky to have found this answer!

The Problem: You have a list of IP ranges in CIDR notation. You need to take visiting IPs and evaluate if they are within this list of allowed addresses. And, you need to do it in PHP.

The Answer: Load your CIDR list into an array and evaluate each visiting IP with the following function (found here)…

function ipfilter($ip) {
    $source = array("10.0.0.0/8",
        "192.168.1.1/32",
        "127.0.0.0/8");
    foreach ($source as $line) {
    

        // Get the base and the bits from the CIDR
        list($base, $bits) = explode('/', $line);
       
        // Now split it up into it's classes
        list($a, $b, $c, $d) = explode('.', $base);
       
        // Now do some bit shifting/switching to convert to ints
        $i    = ($a << 24) + ($b << 16) + ( $c << 8 ) + $d;
        $mask = $bits == 0 ? 0: (~0 << (32 - $bits));
       
        // Here's our lowest int
        $low = $i & $mask;
       
        // Here's our highest int
        $high = $i | (~$mask & 0xFFFFFFFF);
       
        // Now split the ip we're checking against up into classes
        list($a, $b, $c, $d) = explode('.', $ip);
       
        // Now convert the ip we're checking against to an int
        $check = ($a << 24) + ($b << 16) + ( $c << 8 ) + $d;
       
        // If the ip is within the range, including highest/lowest values,
        // then it's witin the CIDR range
        if ($check >= $low && $check <= $high) {
            return 1;
        }
    }
    return 0;

}

Is it efficient? I don’t know. Does it work? Yes it does. And thats more than I can say about other solutions to this problem that I found (here and elsewhere).

McCain/Obama: Compare & Contrast

Found in the comments section on THR.com:

  • Graduate from Harvard law School and you are unstable.
  • Attend 5 different small colleges before graduating, you’re well grounded.
  • If you spend 3 years as a brilliant community organizer, become the first black President of the Harvard Law Review, create a voter registration drive that registers 150,000 new voters, spend 12 years as a Constitutional Law professor, spend 8 years as a State Senator representing a district with over 750,000 people, become chairman of the state Senate’s Health and Human Services committee, spend 4 years in the United States Senate representing a state of 13 million people while sponsoring 131 bills and serving on the Foreign Affairs, Environment and Public Works and Veteran’s Affairs committees, you don’t have any real leadership experience.
  • If your total resume is: local weather girl, 4 years on the city council and 6 years as the mayor of a town with less than 7,000 people, 20 months as the governor of a state with only 650,000 people, then you’re qualified to become the country’s second highest ranking executive.
  • If you have been married to the same woman for 19 years while raising 2 beautiful daughters, all within Protestant churches, you’re not a real Christian.
  • If you cheated on your first wife with a rich heiress, and left your disfigured wife and married the heiress the next month, you’re a Christian.
  • If you teach responsible, age appropriate sex education, including the proper use of birth control, you are eroding the fiber of society.
  • If , while governor, you staunchly advocate abstinence only, With no other option in sex education in your state’s school system while your unwed teen daughter ends up pregnant , you’re very responsible.

OK, much clearer now.

Son Of Hurricane Fever

You may remember a few years ago I posted some pictures of the traffic on the north Houston freeways a few days prior to Hurricane Rita coming ashore. No shocker, it’s happening again in the exact same fashion.

One picture was taken from the front page of a local TV station, showing the early-evening traffic on Thursday. The other is a capture from one of the traffic cameras pointed at the same stretch of highway earlier this morning. If nothing else, we’re consistent.