Cover V11, I09



New Messages

From Mike Davis <>
Subject: Building a Web Mail Server with SquirrelMail

The section on installing imap is missing make install, and the section on OpenLDAP is missing make install.

The line just before "Install Apache" about configuring openldap without BerkleyDB just doesn't work. --with-ldb_api=ndbm with ndbm not even being an option.

Under Adding the PHP Module, make su-install should be make install-su.

Overall, the article was very useful, but the details weren't accurate enough to get a successful install.


From: Brent Bice <>
Subject: Re: Building a Web Mail Server with SquirrelMail

You're absolutely right.

It appears that the config line has changed a lot since the last time I built slapd on Solaris. Try this configure line instead:

./configure --prefix=/usr/local/openldap2.0.15 --without-threads --disable-slapd
That disables the need for ANY back-end. I made the mistake of making a shell script to extract and compile all the packages in order (for final testing of my instructions on Solaris) and forgot to check that the newer openldap libraries really got built. I missed the config error and PHP got rebuilt successfully since I already had the older libraries installed. Doh. That's what I get for doing all of the writing in late nights and weekends, I guess. (sheepish grin)


From: Mike Zeis <>
Subject: Correction to June article on performance tuning

I'd like to provide a correction to Bob Larson's article on performance tuning in the June issue. He mentions that as far as anyone knows the Wait/IO statistic issue for MP systems has not been fixed by any Unix vendor. While working at SGI in 1998 I fixed the problem in Irix 6.5. We needed to support 128 CPU Origin server systems and I worked to get the WIO problem addressed.

The solution I used was to factor in the number of threads waiting for I/O to complete when assigning idle time to the cpus. For example, an idle system with 100 CPUs and one thread waiting for I/O will then correctly report 99% idle and 1% WIO to reflect the one cpu that was idle because of the one thread waiting for I/O.

I had become very familiar with the WIO MP problem, having fixed it earlier while at Cray Research working on their Unix OS called UNICOS in 1994 and before that working at Control Data on their MP version of the MIPS r6000 Unix OS called EP/IX way back in 1991.

Michael Zeis
Cisco Systems

From: Ben Bennett <>
Subject: SysAdmin Mag, July 2002 error in "Compiling Palm Apps on Linux"

On page 14 of the July 2002 issue, you say that the code needs to be changed to accommodate lowercase tags. However, the function in question (strcasecmp) does a case-insensitive comparison of the strings so there is no need to change the tags.

Besides which, your proposed solution of adding an "or" clause for "h1" only works because there is one character in the string that is case sensitive. I frequently see tags with capitalized leading characters (e.g., Table vs. TABLE) so adding cases for all of those possibilities would be overly onerous.

Other than that, it was an interesting article.


From: Ave Wrigley <>
Subject: Using Email ... "in vol 11 no. 5 of Sys Admin"

I have a few comments on Bob Dilworth's article in the current issue. I have to say, that the title of the article set security alarm bells ringing in my head, but I thought it sounded interesting, so I pressed on. I found the article well written and absorbing, but slightly alarming. Here is why.

Security for the script is based in part on the From: field in the mail header (not MIME header, incidentally). It is incredibly easy to spoof mail headers - just telnet to port 25 on the appropriate machine and type them in! However, even if you don't know how to do this, the script grabs the From: field from e-mail messages using a simple regex that is applied to the whole message - header and body - so as long as you have a line matching /^[F|f]rom:/ (which, bizarrely, also matches "|rom", but there you are) and includes one of the valid e-mail addresses you are OK! This does assume that there isn't an invalid e-mail address in the mail header, but then a From: value that doesn't have a "@" in it will be ignored anyway, so depending on your mail client this is relatively easy to get around.

But, suppose you are careless enough not even to do this, surely the users.dat restrictings prevent you from executing commands? Apparently not! If a Command: line is found before a matching From: line (in the header or the body), it is parsed and executed, and the result is e-mailed to "noone". Since this will not result in a failure of the open pipe to mailx in mr_mailman, this failure is not detected (at least, unless you are reading no one's mailbox!). OK, possible denial of service attack here; nothing more serious, due to the emctl.dat restictions. The combination of the Parse::RecDescent grammar and the emctl.dat file mean that it is only possible to execute pre-scripted commands, with options that match the pattern in the grammar, which is fine.

Anyway, I think there is sufficient cause for concern here about whether this is a sensible approach to remote systems administration. Apologies if I have misunderstood the script - I am happy to concede if any of the points I have made are in error, but think this issue is worth raising nonetheless.

Ave Wrigley
New Media Technology Manager ITN

From: Bob Dilworth <>
Subject: Re: "Using Email ..." in vol 11 no. 5 of Sys Admin

Thanks for the email regarding my article in the May, 2002 Sys Admin. I really do appreciate your comments regarding the flaws in my script and the fact that you took the time to write me.

Unfortunately, I can't take the article back since it's already "out there". I can, however, fix it up internally here at MCO so that it's better behaved, which I will do.

Thanks again!
Bob Dilworth
Medical College of Ohio