October 2013 Archives
25-10-2013 17:59
Allow root ssh from selected machines
Sometimes you need to allow root ssh access. But this is not a great idea; I disallow root ssh on all my systems, instead finding alternative (often much more difficult) solutions such as running two or more ssh daemons and their config files and control access to them with iptables. Convoluted.
Recently I found out how you can use the Match statement to selectively allow root ssh (and even limit it to PubkeyAuthentication only). It is rather simple and reading the sshd_config man page explains more. Below is a self explaining example. The without-password actually means PubkeyAuthentication only and password auth is disabled. It does look a bit scary if you didn't know that. I did find that only having the Address 127.0.0.1 didn't allow root ssh access to localhost.
Match Address 127.0.0.1,23.4.76.129,8.8.8.8
PermitRootLogin without-password
Match Host localhost
PermitRootLogin without-password
25-10-2013 17:54
Allow root ssh from selected machines
Sometimes you need to allow root ssh access. But this is not a great idea; I disallow root ssh on all my systems, instead finding alternative (often much more difficult) solutions such as running two or more ssh daemons and their config files and control access to them with iptables. Convoluted.
Recently I found out how you can use the Match statement to selectively allow root ssh (and even limit it to PubkeyAuthentication only). It is rather simple and reading the sshd_config man page explains more. Below is a self explaining example. The without-password actually means PubkeyAuthentication only and password auth is disabled. It does look a bit scary if you didn't know that. I did find that only having the Address 127.0.0.1 didn't allow root ssh access to localhost.
Match Address 127.0.0.1,23.4.76.129,8.8.8.8
PermitRootLogin without-password
Match Host localhost
PermitRootLogin without-password
09-10-2013 15:14
FUDForum emails blocked by Hotmail and Gmail
I suddenly started having with issues where Gmail and Hotmail were blocking emails sent by my forum using my email server. Emails sent from this same email server by me using Thunderbird or anyone else, where not blocked. So somehow it was the way FUDforum was constructing the email headers. The reasons for blocking where RFC2822 (Gmail) and RFC5322 (Hotmsil). It turns out RFC2822 was superseded by RFC5322 (as RFC822 was superseded by RFC2822).
I found an online email header checker (here is one although not what I used http://mxtoolbox.com/public/tools/emailheaders.aspx). Comparing the headers Thunderbird would create verse FUDforum found that they both had errors in the checker but FUDforum headers had this: "WARNING: duplicate header 'From' at line 21". So I looked into the code for FUDforum and found where it was adding a From header and commented out. This file is $DATA_FOLDER/src/iemail.inc.t which will fix this for all of your themes. Recompiled the theme and voila! Fixed.
All of this is in this thread: http://fudforum.org/forum/index.php?t=msg&goto=183103
PATCH:
--- src/iemail.inc.t-orig 2013-09-23 04:14:00.680024261 +0000
+++ src/iemail.inc.t 2013-09-23 04:13:43.409824908 +0000
@@ -63,7 +63,8 @@
if (strpos($header, 'MIME-Version') === false) {
$extra_header = "\nMIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 8bit". $header;
}
- $header = 'From: '. $from ."\nErrors-To: ". $from ."\nReturn-Path: ". $from ."\nX-Mailer: FUDforum v". $GLOBALS['FORUM_VERSION']. $extra_header. $header;
+ //$header = 'From: '. $from ."\nErrors-To: ". $from ."\nReturn-Path: ". $from ."\nX-Mailer: FUDforum v". $GLOBALS['FORUM_VERSION']. $extra_header. $header;
+ $header = $extra_header. $header;
$body = str_replace("\r", '', $body);
if ($munge_newlines) {
UPDATE: I found the email header checker site I used: http://www.apps.ietf.org/content/message-lint