Entries in Life

Often, when setting up email on a server, you want to receive email from local processes (cron jobs, etc) but don't want email accounts to be abused by spammers.

For example, on Ubuntu systems you might have a cron job that runs as www-data that you want to get mail from, but you don't want spammers sending email to www-data@example.com. I just had a client ask me to fix this problem for them, so I thought I'd share the solution I came up with.

Typically, the /etc/aliases file directs mail from all these extra accounts (like www-data, nobody, etc) to root and you're expected to set up an forwarder for root (e.g. mah@example.com).

Instead of directing mail for all these accounts to root, I created a locked out account. The only purpose of this account is to verify that only locally generated email is sent on to the end recipient. No more Viagra spam for www-data@example.com!

To set up the locked out account:

$ sudo /usr/sbin/useradd localmail
$ sudo /usr/sbin/usermod -L -s /dev/null localmail
$ echo '"|exec /usr/bin/procmail"' | sudo -u localmail tee ~localmail/.forward
$ echo <<EOF | sudo -u localmail tee ~localmail/.procmailrc
# replace example.com with whatever domain locally generated email has
:0:
* !^Return-Path: .*example.com
/dev/null

:0:
!root
EOF

This works with postfix, but I haven't tried other MTAs.

Since I run 64bit Ubuntu, I couldn't use use Google Gears. Which was annoying. The Google Gears site says 64bit OSes are not supported.

But it is open source.

So I grabbed the source code, tweaked a few things here and there and I now have Google Gears up and running on my 64bit OS. It hasn't crashed and burned yet, but I haven't really tested it heavily yet, either (suggestions welcome).

Anyway, here's the XPI to install it. I'll post the source soon. Or maybe just the diffs to the Google Gears list.

I have this “thing” about owning my own data. I probably won't be a real user of Tim O'Reilly's Internet OS. I like running my own mail server — not relying on Google for Domains, not giving Google more and more data to feed into their advertising.

But I've been using Google Reader. I'm not sure what Google is doing with that information, but, well, I can run my own feed reader on the desktop. So I switched to Liferea. Besides nice things like task-bar notifications, integration with del.icio.us — or, with a SMOP, my own GotNoBlog — it allows me to pull RSS feeds that require authentication so that I can read LiveJournal friends-only feeds now.

I've managed to reclaim a little bit of my data. Hurrah!

Tags: linux, ubuntu

(Took some more pics on my ride yesterday. Played with macro a bit, too.)

Last night, I gave a talk at the Central PA Linux Users Group (CPLUG) that I called "Bringing Open Source to Africa". While I could have made it more general and talked about the various Open Source projects that have grown out of or are centered around Africa -- and perhaps this is a topic for another time -- I focused on the projects that IntraHealth is doing and how we've created or used Open Source.

The talk was followed by some good discussion and I got to talk about KnowledgeTree some as one of my friends there had heard of it and thought it would be useful, but was a little scared of setting it up.

The biggest drawback was that, due to my poor planning, I didn't get a set of slides done till just before the talk. I was lucky here because other people at IntraHealth have done so many talks so I was able to use their material to create my own presentation.

(copy of my slides.)

(Today, I took my camera with me on my ride. 30miles at 30degrees. Click the photo for a couple more.)

After flirting with Google's Picasa for Linux for managing my photos, I'm back to using f-spot.

I like the timeline and that it doesn't ask me to give a single "folder" for all the pictures I'm importing, but, instead, creates a directory structure so that my photos are sorted by date. Interestingly enough, it is actually better than Picasa for importing. Picasa won't automatically rotate images when importing them from the camera where f-spot will.

I still use Picasa for uploading pictures to be printed out (F-spot doesn't support uploading to Wal-Mart), and I love the online Picasa's ability to help recognise and tag people in photographs -- 7000 faces in 10,000 photos are no fun to do by themselves, but when Google picks out the faces and suggests names, it becomes a little game to see how good it gets and to see which person Google thinks looks like each of my kids.

(Yeah, I'm probably helping them improve their facial recognition software and they'll end up selling that to the TSA, but ... oh well.)