Category: Technical

Posted on

Debian NO_PUBKEY

If you ever get an error like this.

W: GPG error: http://non-us.debian.org stable/non-US Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY F1D53D8C4F368D5D
W: You may want to run apt-get update to correct these problems

The way I solved it was as follows. As root…

# apt-get install gnupg
# gpg –keyserver wwwkeys.eu.pgp.net –recv-keys F1D53D8C4F368D5D
# gpg –armor –export F1D53D8C4F368D5D | apt-key add –
# gpg –export F1D53D8C4F368D5D >> /etc/apt/trusted.gpg
# gpg –list-keys

Posted on

Yahoo Slurp

Not sure if anyone else has noticed recently but Slurp has been doing a lot of of Spidering lately. I actually took extreme measures today and added a crawl delay to the site.

Posted on

WWW::Mechanize Fun

I have been writing a test suite for a website recently and came upon the following error.

Illegal value ‘GBR’ for field ‘country_iso’ at /usr/local/share/perl/5.8.4/WWW/Mechanize.pm line 1232

This seemed strange to me at first but when I thought about it I was using the following code

$mech->select(“country_iso”, ‘GBR’ );

If the value i.e. “GBR” in my case is not a valid select option then obviously WWW::Mechanize or rather HTML::Form will throw an error. It was actually HTML::Form::ListInput that the error came from but this is a package declared in the HTML/Form.pm module.

Posted on

SSH Connection Reset By Peer

If ever you see the following when using SSH and it all seems inexplicable.
Read from remote host www.somehwhere.com: Connection reset by peer
There may be a quick cure (caveat, your mileage may vary). Some routers, i.e. Linksys WRT54G will close a connecting that does not appear busy. So far I have found that if I add
ServerAliveInterval = 300
ServerAliveCountMax = 300
to my /etc/ssh/ssh_config file then everything is fine.
Basically we are send a message to the server every “ServerAliveInterval” seconds and if the client has not had a response after “ServerAliveCountMax” messages then the connection will disconnect. This makes the connection look active to hardware that thinks it’s doing you a favour by disconnecting idle connections.
see “man ssh_config” for more details.
I have also noticed the following method but have not tried it
echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time

Posted on

DBD::Pg::dr::imp_data_size

If you are running Apache in a chroot env and you receive something like this.
null: Had to create DBD::Pg::dr::imp_data_size unexpectedly at /usr/local/lib/perl/5.8.4/DBI.pm line 1190
One cure is to make sure you have copied all your PostgreSQL library files into the directory in your chroot environment.

Posted on

swaks and TLS

A good command for testing if your TLS setup works in exim4 is:
swaks -s insert.host.name.here -tls -q ehlo
It goes something like this.
~$ swaks -s insert.host.name.here -tls -q ehlo
=== Trying insert.host.name.here:25…
=== Connected to insert.host.name.here.
EHLO debian
<- 250-insert.host.name.here Hello somewhere.com [81.107.112.224]
<- 250-SIZE 52428800
<- 250-PIPELINING
<- 250-AUTH PLAIN_TEXT LOGIN
<- 250-STARTTLS
STARTTLS
EHLO debian
<~ 250-insert.host.name.here Hello cpc2-cable.ntl.com [8.0.1.4]
<~ 250-SIZE 52428800
<~ 250-PIPELINING
<~ 250-AUTH PLAIN_TEXT LOGIN
QUIT
<~ 221 insert.host.name.here closing connection

Posted on

250-XXXXXXXA

If you get the above when inspecting the putput from your SMTP server then you most likely have something inspecting your SMTP or ESMTP traffic. In my case it was a CISC0 851 router. I believe a most CISCO gear especially PIX firewalls are culprits for this. Below is what I was getting:
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN_TEXT LOGIN
250-XXXXXXXA
250 XXXB
starttls
500 unrecognized command
If you want to see a genuine output from a server try the following.
debian:~# telnet YOURSERVER.COM 25
Trying 8.8.8.9…
Connected to YOURSERVER.COM.
Escape character is ‘^]’.
220 YOURSERVER.COM ESMTP Exim 4.5 Sun, 21 Jan 2007 19:16:18 +0000
When you see the above, enter:
EHLO [10.10.10.8]
and the following will be the output.
250-YOURSERVER.COM Hello me.org [81.107.112.224]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN_TEXT LOGIN
250-STARTTLS
250 HELP
Then type:
STARTTLS
to see.
220 TLS go ahead
This means your encrypted link to the server is working.
Have fun.

Posted on

Base64 decoding error exim4

If you get the following error when testing TLS.
TLS error on connection from … (DH params import): Base64 decoding error.
Regenerate your /var/spool/exim4/gnutls-params file. You may have upgraded exim and it can no longer read the file. See:
http://www.mail-archive.com/exim-dev@exim.org/msg01219.html

Posted on

Exim Entropy

While trying to get exim4 using TLS I noticed an odd problem. For some reason /dev/random was not generating a lot of output due to a lack of entropy. I do not fully understand the problem but it meant that exim4 was being blocked when generating the RSA key. I tried changing from a 2.4.32 kernel to a 2.6.16.27 kernel and this seemed to generate more random data but it still wasn’t sufficient.
I resorted to editing my
/etc/cron.daily/exim4-base
commenting out the last line that deletes
/var/spool/exim4/gnutls-params
I then ran
find / -type f | xargs cat > /dev/null
to generate a lot of noise on the system.
hal:~# swaks -a -tls -q HELO -s localhost -au harry
Password:
=== Trying localhost:25…
=== Connected to localhost.
EHLO hal.vm.bytemark.co.uk
<- 250-hal.vm.bytemark.co.uk Hello localhost [127.0.0.1]
<- 250-SIZE 52428800
<- 250-PIPELINING
<- 250-STARTTLS
STARTTLS