sometimes, ignorance is painful

So I’m still working on getting the new deadsquid server up and running to my satisfaction. It’s now using recent software, and I think the upgrade went well. It still works, and I admit I am afraid to reboot it until someone else looks at it and says “looks good to me”. That’ll happen sometime in the next couple weeks when Walt comes up for air.

The last obstacle is an up-to-date mail system, complete with a MySQL backend, user manageable preferences, and decent spam controls. I have been fighting with the MTA for almost a week, and have finally conquered it.

Long story short, it wouldn’t authenticate against the MySQL 4.1.7 database installed on the server, so couldn’t do any kind of lookups. This makes it difficult to use a database as a back-end. Had I read the documentation, I would have come across this section, and saved myself about two days of effort.

If you’re using Debian with your own build (or an unstable build) of MySQL 4.1.x, and a package you are installing makes use of debian MySQL client libraries that use 4.0 or less (essentially libclientmysql1x), make sure you set the database user account password using the OLD_PASSWORD directive.

It will save you a lot of pain. Trust me on this one.

SET PASSWORD FOR ‘user’@’host’ = OLD_PASSWORD(‘yourpassword’);

Ah well, the things we learn.

13 thoughts on “sometimes, ignorance is painful

  1. Seriously? You have to ask a question that is answered with a DNS lookup (or lucky guess) and a telnet?

  2. lol. nice kj. daz – postfix, but it applies to any mta which is installed as a package, because they all require libmysqlclient10 if you’re using mysql table lookups.

    I won’t bother going into detail, but let’s just say that the efforts to overcome this simple issue included upgrading the distro to testing, attempting to rebuild debian packages from source that differ slightly from what the large majority of users need, and building from source with other packages on the system having dependencies.

    Ok, I lied – that’s detail. It was a good learning experience, because I know a tonne about the Debian distro and how to build shit on it. I think I am a bigger fan of RedHat, because it assumes you know what you’re doing, not that you’re an idiot who needs protection from themselves.

  3. Thx for teh info.
    I got postfix relay thingy runing on fedora c2. Dont like it too much but it works. I will be moving to new email server (from old exchange) in near future. Gotta find me an exchange replacement….

  4. For the record (and yes, I’m in a mood today), checking SMTP banners is not snooping, since it is a deliberately exposed service, and the banner line is sent as part of the protocol.
    Now, not to say that the occasional BOFH wouldn’t CHANGE the banner (ahem), but that’s another story, entirely.

  5. another story, and a comma splice. wow. I _do_ need sleep.
    1/2 hour, and I’m done this friggin semester…

  6. One thing at a time 🙂 Banner will change, along with ehlo responses 🙂 I figure make everything work the way you want (provided it’s not a gaping hole), then lock everything down. I mean, just look how apache responds.

  7. I think that link has always been forbidden; changing servers hasn’t made it more so.

  8. Ya, like his CV hasn’t been available forever. I think it is because he loves his current employer.

  9. /personal/goatpr0n/ 403, forbidden as well.

    didn’t use to be.

  10. What are you talking about? The goat section still works. I mean, you’re the guy who contributed it, why would I take it down?

Comments are closed.