Category Archives: Ubuntu

Mailfilter fails to POP timestamp in message-ID invalid

Posted on by

Mailfilter POP timestamp in message-ID invalid and potentially also causes mailfilter to stall at 100% CPU (blocking ?).

I have a fetchmail daemon that call mailfilter as a postconnect (defined in the .fetchmailrc file). I got the following error message,
mailfilter: Examining 297 message(s).

mailfilter: Error: POP timestamp in message-ID invalid.
mailfilter: Error: Parsing the header of message 292 failed.
mailfilter: Error: Scanning of mail account failed.
mailfilter: Error: Skipping account xxxxxx@example.com@mail.example.com due to earlier errors.

and I noticed that the mailfilter process was running at 100% CPU though that may be unrelated.

I found that mailfilter 0.8.3 has a new option of -i to ignore POP timestamp. This is probably what I want to make this more stable.

As I’m adding this to a Parallels based server it is unlikely to have this version of mailfilter as this package has very little development activity as it is a stable application so I had to build from from source.

My server didn’t have svn so I browsed the Sourceforge svn for mailfilter on my local PC and at the bottom there is a linkfor “Download GNU tarball” I copied that link and then pasted into my console and used wget to get this latest tarball from Sourceforge. It has a odd name so moved that to a tar.gz file name e.g. mv index.html\?view\=tar mailfilter.0.8.3.tar.gz and then ran tar xvfz mailfilter.0.8.3.tar.gz

Perquisite packages for building,

  • g++
  • bison
  • flex
  • libssl-dev

There may be more but that is the ones I needed to add to my server.

Making this you cd to the mailfilter directory and then run

./autogen.sh
make
sudo make install

If that works then this’ll probably install the mailfilter to /usr/local/bin/mailfilter so now in the .fetchmailrc change the postconnect line to have,

postconnect ''/usr/local/bin/mailfilter -i ''

use double quotes if you pass the new -i option to ignore timestamps. The -i is a new feature in Mailfilter 0.8.3 (not in 0.8.2).

Killall the mailfilter and fetchmail and then re-launch your fetchmail daemon.

Errors

Missing g++

If you see,

checking whether the C++ compiler works... no
configure: error: in `/root/sources/mailfilter':
configure: error: C++ compiler cannot create executables
See `config.log' for more details.

Then check the log file and look for g++ line e.g.

configure:2879: checking for g++
configure:2909: result: no

Do a g++ and if it comes back with -bash: g++: command not found then install the g++ package and then it will work. Re-run the ./autogen.sh and then make

Missing bison

If you get the make fail and you can see /bin/sh: yacc: command not found then you need a YACC of some kind. I installed bison re-run the ./autogen.sh and then make

Missing flex

If you get an error in the make e.g. it crashes out with g++: rcfile.cc: No such file or directory

g++: no input files
make[2]: *** [rcfile.o] Error 1

then check back and see if you see error: FlexLexer.h: No such file or directory . If so then check flex is installed. Install and then re-run ./autogen.sh and then make

Missing openssl header files
If you see openssl/ssl.h: No such file or directory and similar openssl/rand.h: No such file or directory then you need to install libssl-dev. Install that package and then re-run ./autogen.sh and then make.

Ubuntu 10.10 package download of large files can fail with OverflowError: signed integer is less than minimum

Posted on by

I was doing a distribution upgrade on a 10.10 system to 11.04 via do-release-upgrade. The system has games installed, so the total files to download are over 2.5 Gigabytes e.g. games like Nexuiz has a data file that is about 273 Megabytes. The Internet access is low speed broadband (about 70 KBytes per second download maximum) with other machines using this ADSL line so that’s about 10 hours for the whole release.

The  do-release-upgrade downloads can fail on these larger files on congested lines at and if you look at the log file, i.e. tail /var/log/dist-upgrade/main.log ,  it will say something like,

  File "/tmp/update-manager-HXahEI/DistUpgradeViewText.py", line 42, in pulse
    apt.progress.text.AcquireProgress.pulse(self, owner)

  File "/usr/lib/python2.6/dist-packages/apt/progress/text.py", line 164, in pulse
    apt_pkg.time_to_str(eta))

OverflowError: signed integer is less than minimum

If you look at that code in /usr/lib/python2.6/dist-packages/apt/progress/text.py (it’s Python) around line 161 onwards and think about what can happen on …

            eta = int(float(self.total_bytes - self.current_bytes) /
                      self.current_cps)

There are a number of issues here with this. That eta value isn’t checked before it is passed to the apt_pkg.time_to_str() and that’s not good because,

1) I think the self.current_cps can be a float less than 1 and as the size of an int on this system (64bit Athlon with Python 2.6.6 ) is,

>>> import sys
>>> print sys.maxint
9223372036854775807

then the eta could be quite large e.g. if that maximum value was seconds and converted to years would be just under 300 billion years.

2) But the actual error is “signed integer is less than minimum” not an overflow of a maximum so this bug seems to be about some magic number. Now if you enter in the python program,

>>> import apt_pkg
>>> print apt_pkg.time_to_str(-1)
213503982334601d 7h 0min 15s

and if you enter in other odd numbers then you can trigger the “signed integer is less than minimum” e.g. see these examples,

>>> apt_pkg.TimeToStr(-2147483648)
'213503982309746d 3h 46min 8s'
>>> apt_pkg.TimeToStr(-2147483649)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OverflowError: signed integer is less than minimum

so it clearly can have values over 24855 days i.e. apt_pkg.time_to_str(2147483647) so looks like there are some odd boundaries that cause OverflowError: signed integer is less than minimum as well as a OverflowError: signed integer is greater than maximum. I ran a loop that incremented an integer by 1 and gave up and Control-C it when it went through 836477585 which is 9681d 10h 53min 5s so if there are any boundary conditions it’s not obvious. I suspect that the garbage is with what is fed to the TimeToStr() and not a flaw in TimeToStr(). I suspect that if the download process resets itself then the file size self.total_bytes is temporarily nonsensical e.g. 0 whilst the program resets the download.

So that code section needs sanity limits on the eta because looks like we can’t trust any of self.current_cps to be reasonable or self.total_bytes to be accurate but I think self.current_bytes may always be fine, e.g. I changed line 164 end =… to have some range checking,

            if eta < 0:
                end = " %sB/s ~%s" % (apt_pkg.size_to_str(self.current_cps),apt_pkg.time_to_str(0))
            elif eta > (30 * 24 *60 * 60):
                end = " %sB/s >%s" % (apt_pkg.size_to_str(self.current_cps),apt_pkg.time_to_str(30 * 24 *60 * 60))
            else:
                end = " %sB/s %s" % (apt_pkg.size_to_str(self.current_cps),
                                 apt_pkg.time_to_str(eta))

where the 30*24*60*60 means 30 days but there are other ways of doing this e.g. check  self.total_bytes is greater or equal to self.current_bytes or limit eta to a range and then keep existing calculation.

Once you edit that file you can simply restart the do-release-upgrade console and it will use your new code on the fly.

The bug is in other distributions e.g. see this bug report https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/884625 but not fixed. The problem is that the apt_pkg.time_to_str(), which is actually apt_pkg.TimeToStr() is probably being passed nonsensical values for self.total_bytes due to file downloads being reset for large and/or poor circuits. The apt_pkg.TimeToStr() should also reasonably handle negative times and not display nonsense but that’s another problem.

Recovering from power loss-interrupted Ubuntu distribution upgrade

Posted on by

Was doing an Ubuntu maverick (10.10) to natty (11.04) upgrade on a test system (desktop) and the power was lost. No UPS. On reboot it didn’t come back properly and I got,

The disk drive for / is not ready yet or not present

As far as I know this was part way through the package installations. If it fails during the package download then there is never any problem but with a part-install then parts of the system are running the new version and parts are on the old distribution.

The fix is fairly easy – at the prompt above then type M to get to the manual recovery.

The disk will be mounted as read-only so then remount this,

sudo mount -o remount,rw /

then try these commands,

sudo apt-get update -f
sudo dpkg --configure -a

then reboot and then the system should come back in a partially upgraded but stable state and you can continue with the distribution upgrade with,

sudo apt-get upgrade -f
sudo apt-get dist-upgrade

After the reboot it will be on the new distribution. Note that if a package is corrupted then you may need to delete that one package file from the /var/cache/apt/… location and re-run the sudo apt-get upgrade -f command. It is a pity the distribution upgrade process doesn’t have this kind of logic built in to facilitate unattended completion or recovery of a partial distribution upgrade.

 

Enabling IPv6 in Ubuntu ufw

Posted on by

I was creating a new web site dogstarplanet.com and as I was installing it on my IPv6 enabled host I thought I would setup the A and AAAA records for the same CNAME.

Windows based PCs without any IPv6 routing obviously ignore any AAAA records and the browser connects to the site as expected but an Ubuntu desktop I was using was unable to get to the site – both Firefox and Opera not connecting.

I loaded Wireshark to see if my traffic was leaving and though I could see the DNS queries for AAAA and A records there was no TSP traffic (Tunnel Setup Protocol) to the freenet6.net IPv4 address  (I’m using gogoc package out of the box). This means that the browser connection was not getting to the tunnel interface. This means firewalling or kernel.

If I run the Firestarter then I also see the tun (routed IP tunnel) but no traffic passes.

Well the IPv6 is in the kernel but I had ufw enabled and that doesn’t have IPv6 enabled by default so you get the error message if you try and use ping6 of e.g.

ping6 ipv6.google.com
 ping: sendmsg: Operation not permitted
 ping: sendmsg: Operation not permitted
 ping: sendmsg: Operation not permitted
 ...

If it is safe you can quickly test this is your problem by turning off the ufw with the command,

sudo ufw disable

Now your ping6 should work. If it does not then you have a tunnel problem. Use the command netstat  -rn6  to see if you have tun entries.

It is easy to enable IPv6 in ufw by editing /etc/default/ufw and towards the top there is a line of IPV6=no which you change to IPV6=yes

Save that and then disable and then enable the firewall i.e. sudo ufw enable or do a sudo ufw reload if it was still running.

Now you will be able to ping6 and connect to IPv6 enable hosts using a browser. Note that when you ping6 then there is a PTR query (that you would only see in wireshark) and you may get a no such name response if you have not configured your host DNS records right so if you are committed to setting up IPv6 on your host then please check you have added a suitable DNS PTR entry for the dotted nibble PTR part of your IPv6 address. Very few protocols, perhaps only mail connections and obviously ping6, use IPv6 PTR queries.

Ubuntu

Posted on by
Reply

We are currently Ubuntu fans. Before I was a Mandrake/Mandriva fan and before that a RedHat fan and before that a Slackware fan…..

What have I noticed in the past 14 years of using various GNU/Linux distributions ?  Three things:

  1. The distributions evolve best by doing better than their competition within their niche in the GNU/Linux world not competing against the Windows world. Make it simple for  applications to provide equal cross-platform  performance and by proxy then GNU/Linux competes with Windows.
  2. My children don’t actually care what distribution they can play games on. They know that certain applications run well in Windows, others are only found on Ubuntu (Linux) and that browser-based games are more or less cross-platform.
  3. New installations and upgrades have got easier and faster but as Familiarity breeds contempt, this means that it is trivial to wipe a machine, clean install a new distribution that you got from a Torrent if something has annoyed you with your current favourite distribution.

IBM is 100 years old this week in June 2011. Will Open Source technology such as GNU/Linux be with us in 100 years time ? You can bet your bottom fiat currency it will.