PHP based mail server; Release Day

So the day has come, I’m a modern web developer come sysadmin. One thing that I have learn’t over time, is rely upon others for critical systems! as a result, I outsource Mail to Google Apps and DNS to Point HQ , they’re experts at both, they keep my email up 99.9% (or something) and my DNS systems running smoothly..

But being a web developer, I like tinkering with my web server configuration! As a result, I run a VPS for my http serving which combines a special blend of Nginx, Apache, PHP-fpm, mod_php and MySQL.. For the last 2 years this setup has been running awesome, but I’ve found one thing that was lacking.. being able to receive and act upon emails to my vps. With all mail being handled by Google Apps, I couldn’t just watch the local mailboxes.

The obvious way forward was to install a mail server onto my VPS to process incoming email. Long story short, email servers suck. While researching, I came up against the fact that every mail server out there was designed for being a proper mail server.. Not what I wanted, a server to process emails..

I could ramble, but skip to here if you don’t care about the back story above.


Today I give you: A PHP based Mail server, It’s written in pure PHP, it receives SMTP data on STDIN, and responds on STDOUT, perfect for use with xinetd.

I originally started out with code from:  http://perplexed.co.uk/545_php_smtp_server_for_receiving_emails.htm however, fast replaced it with a home grown version, and have now expanded further to today’s class based approach.

This isn’t, and hasn’t been, designed for high load that being said, It’s received over 5,000 spam emails last month with little impact upon the VPS.  (who knew that spam bots just connect to port 25 on random IP’s??)

This is designed for a single-user situation, since PHP is a scripting language running as a single user, this can’t switch to the correct users account for processing or anything.. Doesnt suit everyone.. but works

This relies upon an external application to handle the TCP -> Stream conversion, a future release might daemon itself and use sockets to accept connections, do some pcntl_fork()’ing for individual connections, and even posix_setuid() to set the effective user.. but that’s filed into the Future Release bucket.

There is no support at all. although, if you throw a comment on this post, I might respond if I’ve got time. hopefully it should be reasonably straight forward to understand.

Licensing is also left sketchy for now, See the mail-server.php header for a initial custom license, tl;dr: You may use it for commercial and personal use, you must however credit, don’t fork/rename/charge for it, but give it to your friends.. always refer to the license in the header however, as that’s the only valid source of licensing details.

No External libraries required, Aside from the previous mentioned PHP and XInetd (or similar) to handle the connections. Oddly enough, It doesn’t even require WordPress (what a shock huh? – Stay tuned, I’m sure you’ll see WordPress as a Email Client soon enough with the integration of this ;))

This is NOT a relay mail server, It’s been designed to process incoming mail, and discard mail for addresses which it doesnt know. It will not forward mail on for you. Please check that you don’t conflict with sendmail on your own system, I think I have mine set for sendmail on loopback, and this on the external interface or something like that.

You can get the code from my SVN: http://svn.dd32.id.au/php-mail-server/ – Please note, this is a READ ONLY repository, if you find a bug and would like to submit it, for now, just sent it over to me at contact [at] dd32.id.au

 Integrating with Xinetd:

How I have it running is as follows: /etc/xinetd.d/d-mail

service smtp {
        port                    = 25
        bind                    = YOUR IP ADDRESS
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = USERID TO RUN IT AS
        server                  = /path/to/mail-server/mail-server.php
        instances               = 10
        nice                    = 10
        disable                 = no
}

That limits connections to 10 active at a time (instances) which works well for me, that should hopefully prevent overloading.

What emails am I processing? Well, the examples should suggest that to you! SVNSync to automatically sync up a local repository with a remote repository which I don’t have admin access on for one, SVN update on a local WordPress installation (This site! It’s running on the latest WordPress trunk release within a few seconds of each commit) and there’s a few domino effect processing I’d like to do as well (ie. Alter mailing list posts to selectivly ignore certain things, Remove partial content from svn emails (I don’t want to see a 100kb minified css file in a commit email!). I’ll publish those details later when I get to it!

Magic 8 Ball Example! 

Included in the SVN repo, is a single Example plugin. A Magic 8ball extension, send an email to it with a question in the subject, and it’ll reply with an answer.

You can test this out by emailing 8ball [at] php-mail.dd32.id.au and seeing if it replies (It better!)

FIN.

So go forth and download/run/test out the PHP Mail Server!  Download from  http://svn.dd32.id.au/php-mail-server/ Send patches to contact[at] dd32.id.au, oh, and test it out by sending an email to 8ball  [at]  php-mail.dd32.id.au with a question in the subject!  

Twenty Eleven Theme Colour Palette

As a follow up to my previous post: WordPress 3.2 Admin Colour Palette I was asked if I could do a Twenty Eleven version. See the previous post for the script used.

Standard “Light” colour scheme

#e5e5e5
#000000
#f7f7f7
#efefef
#444444
#0a0a0a
#ffffff
#555555
#aaaaaa
#d3d3d3
#575757
#f6f6f6
#999999
#777777
#3c3c3c
#252525
#f9f9f9
#666666
#222222
#cccccc
#e2e2e2
#dddddd
#373737
#fafafa
#f4f4f4
#eeeeee
#bbbbbb
#111111
#888888
#7a7a7a
#e0e6e8
#bfddf3
#fff9c0
#29628d
#ff4b33
#1982d1
#0861a5
#bd3500

Alternate “Dark” theme

Just a note here, Due to TwentyEleven’s structure, some of the colours in the above light theme will be used as part of this colour scheme, this is just for visual information purposes.

#282828
#888888
#060606
#444444
#000000
#2c2c2c
#aaaaaa
#555555
#090909
#a8a8a8
#959595
#c3c3c3
#777777
#111111
#1d1d1d
#242424
#0b0b0b
#ffffff
#999999
#333333
#bbbbbb
#0f0f0f
#dddddd
#222222
#383838
#272727
#cccccc
#0a0a0a
#858585
#eeeeee
#42caff
#40220c
#00b4cc
#00063f

WordPress 3.2 Admin Colour Palette

So a ticket popped up on trac, mentioning the Gray colour scheme example colours were out of date, gave me a quick idea to make a script to make a colour palette of the colour schemes (ie. All colours used in the colour css file), so here we have it:

Fresh – Gray

#e9e9e9
#f5f5f5
#c3c3c3
#ededed
#909090
#a0a0a0
#ffffff
#d7d7d7
#f2f2f2
#dadada
#aaaaaa
#ebebeb
#555555
#b2b2b2
#888888
#e7e7e7
#c0c0c0
#606060
#d5d5d5
#fbfbfb
#c1c1c1
#d3d3d3
#e3e3e3
#e5e5e5
#444444
#cfcfcf
#e1e1e1
#6d6d6d
#bbbbbb
#f4f4f4
#666666
#dddddd
#e8e8e8
#9a9a9a
#fcfcfc
#000000
#ececec
#101010
#f9f9f9
#222222
#808080
#cccccc
#f1f1f1
#dfdfdf
#eeeeee
#eaeaea
#464646
#333333
#777777
#999999
#ebeaeb
#f0f6fb
#eaf2fa
#eaf3fa
#ededff
#ffebe8
#e4f2fd
#fffbe4
#ffffe0
#b6bdd2
#ddffdd
#ffdddd
#cfe1ef
#cee1ef
#ccf3fa
#b8d3e2
#fffbcc
#f0f0b8
#9fd0d5
#9999dd
#ffa0a0
#ff9999
#99ff99
#557799
#ffb78c
#ffec8b
#c3ff88
#ff6666
#264761
#e6db55
#448abd
#f04040
#cc4433
#ff853c
#298cba
#21759b
#13455b
#d54e21
#8dff1c
#0a246a
#bc0b0b
#0000ff
#ffcc00
#cc0000
#dd0000
#006505
#d98500
#ff0000

Classic – Blue

#e9e9e9
#606060
#aaaaaa
#ebebeb
#f2f2f2
#464646
#dddddd
#e8e8e8
#9a9a9a
#dadada
#e5e5e5
#444444
#b2b2b2
#c9c9c9
#f5f5f5
#c3c3c3
#f4f4f4
#fcfcfc
#888888
#555555
#d7d7d7
#ffffff
#101010
#bbbbbb
#d5d5d5
#e7e7e7
#000000
#666666
#222222
#cccccc
#c1c1c1
#f9f9f9
#808080
#333333
#eaeaea
#dfdfdf
#777777
#999999
#eeeeee
#c0c0c0
#f1f1f1
#d3d3d3
#ebeaeb
#f7fcfe
#f5fafd
#efede7
#f0f6fb
#eff8ff
#eaf3fa
#eaf2fa
#ededff
#ecf8fe
#ffebe8
#e4f2fd
#fffbe4
#d0dfe9
#cfdfe9
#bdccd5
#ffffe0
#d1e5ee
#b6bdd2
#ffdddd
#ddffdd
#cfe1ef
#cee1ef
#bed1dd
#b0c8d7
#ccf3fa
#b8d3e2
#fffbcc
#f0f0b8
#a0c3d5
#9fd0d5
#9999dd
#ffa0a0
#99ff99
#ff9999
#557799
#ffb78c
#ffec8b
#c3ff88
#5a8fad
#5589aa
#ff6666
#264761
#e6db55
#448abd
#f04040
#cc4433
#ff853c
#185069
#298cba
#174f69
#21759b
#13455b
#d54e21
#8dff1c
#0a246a
#bc0b0b
#ff0000
#ffcc00
#cc0000
#d98500
#dd0000
#0000ff
#006505

Script used

[php]
<?php
$file = ABSPATH . ‘wp-admin\\css\\colors-classic.dev.css’;
$file = escapeshellarg($file );

$in = shell_exec("grep -i -o -e #[0-9a-f]\\{3,6\\}\\b $file | uniq -i");

$in = str_replace(array(‘:’, ‘#’, ‘ ‘), ”, $in);

$in = explode("\n", $in);
$in = array_filter($in);

foreach ( $in as $i => $v ) {
if ( strlen($v) == 3 )
$in[$i] = $v[0] . $v[0] . $v[1] . $v[1] . $v[2] . $v[2];
}

$out = array();
foreach ( $in as $rgb ) {
$r = hexdec( substr($rgb, 0, 2) );
$g = hexdec( substr($rgb, 2, 2) );
$b = hexdec( substr($rgb, 4, 2) );
$hsl = rgb2hsl($r, $g, $b); // we’ll sort it by the Saturation
$out[ strtolower($rgb) ] = $hsl;
}

uasort($out, function($a, $b) {
return $a[1] > $b[1];
});

foreach ( $out as $c => $hsl ) {
$f = ($hsl[2] > 0.6 ) ? ‘000’ : ‘fff’;
echo "<div style=’background-color: #$c; color:#$f; width: 80px; height: 40px; display: inline-block;’>#$c</div>";
}

foreach ( $out as $c => $hsl ) {
$f = ($hsl[2] > 0.6 ) ? ‘000’ : ‘fff’;
echo htmlentities("<div style=’background-color: #$c; color:#$f; width: 80px; height: 40px; display: inline-block;’>#$c</div>") . ‘<br />’;
}

function rgb2hsl($r, $g, $b) {
$var_R = ($r / 255);
$var_G = ($g / 255);
$var_B = ($b / 255);

$var_Min = min($var_R, $var_G, $var_B);
$var_Max = max($var_R, $var_G, $var_B);
$del_Max = $var_Max – $var_Min;

$v = $var_Max;

if ($del_Max == 0) {
$h = 0;
$s = 0;
} else {
$s = $del_Max / $var_Max;

$del_R = ( ( ( $var_Max – $var_R ) / 6 ) + ( $del_Max / 2 ) ) / $del_Max;
$del_G = ( ( ( $var_Max – $var_G ) / 6 ) + ( $del_Max / 2 ) ) / $del_Max;
$del_B = ( ( ( $var_Max – $var_B ) / 6 ) + ( $del_Max / 2 ) ) / $del_Max;

if ($var_R == $var_Max) $h = $del_B – $del_G;
else if ($var_G == $var_Max) $h = ( 1 / 3 ) + $del_R – $del_B;
else if ($var_B == $var_Max) $h = ( 2 / 3 ) + $del_G – $del_R;

if ($h < 0) $h++;
if ($h > 1) $h–;
}

return array($h, $s, $v);
}
?>
[/php]

This post was edited to correct a few things, including sorting by the saturation of the colour rather than alphabetically.

What version of WordPress is behind that website?

Hi all, Dion here, Recently there’s been a few “security through obscurity” discussions going around, I’m sick of them, It doesn’t work, and this is my proof.

There are a few Plugins out there which hide the version number of WordPress, The first example i found was  Secure WordPress, It has over 170k downloads, But does it actually do what it claims?

Hiding the version number is Security through obscurity, You’re not making the install any safer, you’re merely not advertising the fact of which version you’re using.

But, do i hear you ask, “But if they dont know the version, doesnt that mean I’m safer?”
The answer to that is 3 fold:

  1. Just because they (the mystical hackers) cant see the version of WordPress you’re using, doesnt mean they’re not going to try the same attacks anyway, afterall, its only an extra 3 mouseclicks to run every exploit against every plugin known to man..
  2. Most  exploits in the WordPress world will be related to plugins, this is only due to the sheer number of them out there
  3. And finally, because hiding the version number doesnt hide the version of WordPress you’re using, which is the point of this tool/site

To use an example, It’s like walking through a battlefield with your gun hidden, just because they cant see your gun, doesn’t mean you’re going to be able to walk through the middle fo the battle, chances are, you’ll be shot anyway. Exploits are the same, they’ll attack anything that moves, the number of Joomla! or Drupal exploit attacks i see against my WordPress installs daily is enormous, & I’m sure Joomla! and Drupal installs see significant exploits thinking that the site is running WordPress. My point is, Exploits dont care, they’ll attack anyway.

Type the URL of a site below, be it advertising the fact its WordPress or not, and I’ll tell you instantly which version, or which version its most likely to be running:

Example sites:

PLEASE NOTE: This tool uses NOTHING PRIVATE, This is not connected to any WordPress.org infrastructure or otherwise secret data, All information that this tool uses is gleamed from your WordPress installation, just the same as anyone else can do.

Death to all…

..Who use

if ( $_POST['something'] )

its NOT cool!

Also, WTF?

if ( print_r( $options, 1 ) != print_r( $newoptions, 1 ) ) {

Also, As sure as i am that there was good reasoning behind it.. Who was the moron who decided to let the P2 theme look like ass under Internet Explorer? Seriously! As much as a lot of us hate coding for it, Its something we, As web developers, have to do. Just because you’re a firefox junkie doesn’t mean you should ignore those around you… like junkies……

Damn Buggy Software!

Well, Thats that, Over the last few weeks i’m sure some people have noticed nice large lovely 500 Error messages on my blog, And i’ve finally fixed it.

Well, Sort of.

It appears to have been caused by a conflict between the Buggy PHP 5.0.5 which my Host runs, and the new HTTP API in WordPress 2.7, The solution? Well, for the past few weeks its been to manually modify some of the source to remove statements which would blow up PHP (ie. replace SITEURL with  get_option(‘siteurl’), which actually just returns SITEURL…. – Note: Thats mearly an example, and not the actual changes i’ve made)’

..Until it happened again today. Finally had enough, I fired up SSH and took a look into it:

me@host:~/www/wordpress$ php index.php
FATAL: emalloc(): Unable to allocate 3768593271 bytes
me@host:~/www/wordpress$ php index.php
Segmentation fault
me@host:~/www/wordpress$ php index.php
Segmentation fault
me@host:~/www/wordpress$ php index.php
FATAL: emalloc(): Unable to allocate 3260808055 bytes
me@host:~/www/wordpress$ php index.php
Segmentation fault

(Oh yeah.. Trying to allocate 3.2GB? I’m not supprised its failing..)

Yep.. I’ve had enough, I have switched from PHP 5.0.5 to PHP 4.4.0 and it appears to now be working.. For now.

I guess the time has come to consider moving to a new Host, I’ve been thinking about a VPS solution, At least that way i can keep up with the version of the software i *want* to use.

Any suggestions from anyone? SliceHost has been mentioned to me, And their base package would probably do for me,  Heck, Find someone else to go halves would end up paying about the same as a el-cheapo shared hosting plan each!. But other host suggestions would be good (or hey, Even a hosting offer or 2 ;) heh)

Time to get naked

…Who’s with me? :)

I’ll be participating in CSS Naked Day on April 9th, So to those of you who think your browsers stuffed up, Its not :)

You can find more information over here: http://lorelle.wordpress.com/2008/04/07/strip-down-your-blog-css-naked-day/ and Annual CSS Naked Day

PS. If you missed it: http://dd32.id.au/?naked (Or it hasnt arrived yet :))

(Its a shame my theme has the sidemenu’s before the content… I need to design myself a new theme..)