Privacy Policy

 [[NOTE TO MERCHANT: Please read and remove/replace text wrapped in double square brackets like this]]


[[NOTE TO MERCHANT: This is a template Privacy Policy designed to cover your collection, use, and disclosure of personal information about visitors and customers of your Shopify-powered Site. Please review and customize the content so that it is tailored to your store and business practices regarding how you collect, use, and disclose personal data. For example, you may need to update the template content if: you are based in certain jurisdictions (particularly to reflect certain disclosures that are required under GDPR), you collect information from other sources like third parties or offline; you disclose information to additional service providers or business partners; or you add third-party cookies or other analytics tools. Please also remember to delete all "Note to Merchant" drafting notes prior to publishing.]]


[[NOTE TO MERCHANT: This template is not legal advice, and you are solely responsible for ensuring that you meet your obligations under applicable laws. As privacy laws are constantly evolving, you should regularly review your privacy notice to ensure that it is compliant with updated laws and regulation and that it accurately reflects current data handling practices. We recommend that you consult a lawyer as needed.]]


Shahjahan Siraj Privacy Policy.

Last updated: [[Date]]


This Privacy Policy describes how Shahjahan Siraj (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from https://itexam.blogspot.com (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.


Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.


Changes to This Privacy Policy


We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.


How We Collect and Use Your Personal Information


To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.


In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.


What Personal Information We Collect


The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.


Information We Collect Directly from You


Information that you directly submit to us through our Services may include:


- Basic contact details including your name, address, phone number, email.

- Order information including your name, billing address, shipping address, payment confirmation, email address, phone number.

- Account information including your username, password, security questions.

- Shopping information including the items you view, put in your cart or add to your wishlist.

- Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.


Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.


Information We Collect through Cookies


We also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.


Information We Obtain from Third Parties


Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:


- Companies who support our Site and Services, such as Shopify.

- Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you have requested, in order to perform our contract with you.

- When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.


Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party's policies or practices. For more information, see the section below, Third Party Websites and Links.


How We Use Your Personal Information


- Providing Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, to send notifications to you related to you account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, facilitate any returns and exchanges and to enable you to post reviews.

- Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites.

- Security and Fraud Prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately.

- Communicating with you. We use your personal information to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you.


Cookies


Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.


Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.


How We Disclose Personal Information


In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:


- With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).

- With business and marketing partners, including Shopify, to provide services and advertise to you. [[NOTE TO MERCHANT: INSERT THE FOLLOWING SENTENCE IF USING SHOPIFY'S AD SERVICES, SUCH AS SHOPIFY AUDIENCES]] [For example, we use Shopify to support personalized advertising with third-party services]. Our business and marketing partners will use your information in accordance with their own privacy notices.

- When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations, with your consent.

- With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.

- In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.


We have, in the past 12 months disclosed the following categories of personal information and sensitive personal information (denoted by *) about users for the purposes set out above in "How we Collect and Use your Personal Information" and "How we Disclose Personal Information":


Category:


- Identifiers such as basic contact details and certain order and account information

- Commercial information such as order information, shopping information and customer support information

- Internet or other similar network activity, such as Usage Data


Categories of Recipients:


- Vendors and third parties who perform services on our behalf (such as Internet service providers, payment processors, fulfillment partners, customer support partners and data analytics providers)

- Business and marketing partners

- Affiliates


We do not use or disclose sensitive personal information for the purposes of inferring characteristics about you.


[[NOTE TO MERCHANT- INSERT THE FOLLOWING PARAGRAPH AND LISTS IF USING SHOPIFY'S AD SERVICES SUCH AS SHOPIFY AUDIENCES OR ENGAGING IN ANY OTHER ACTIVITY THAT MAY BE CONSIDERED "SELLING" OR "SHARING" PERSONAL INFORMATION OR PROCESSING PERSONAL INFORMATION FOR "TARGETED ADVERTISING"]]


We have "sold" and "shared" (as those terms are defined in applicable law) personal information over the preceding 12 months for the purpose of engaging in advertising and marketing activities, as follows.


Category of Personal Information


- Identifiers such as basic contact details and certain order and account information

- Commercial information such as records of products or services purchased and shopping information

- Internet or other similar network activity, such as Usage Data


Categories of Recipients


- Business and marketing partners


User Generated Content


The Services may enable you to post product reviews and other user-generated content. If you choose to submit user generated content to any public area of the Services, this content will be public and accessible by anyone.


We do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.


Third Party Websites and Links


Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.


Children's Data


The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.


As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.


[[NOTE TO MERCHANT: PLEASE CONSULT WITH LEGAL COUNSEL IF YOUR SITE IS CHILD FOCUSSED OR DIRECTED, AS MORE SPECIFIC DISCLOSURES MAY BE REQUIRED.]]


Security and Retention of Your Information


Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.


How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.


Your Rights and Choices


Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.


- Right to Access / Know. You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information.

- Right to Delete. You may have a right to request that we delete personal information we maintain about you.

- Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.

- Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.


[[NOTE TO MERCHANT: IF USING SHOPIFY'S AD SERVICES SUCH AS SHOPIFY AUDIENCES OR ENGAGING IN ANY OTHER ACTIVITY THAT MAY BE CONSIDERED "SELLING" OR "SHARING" PERSONAL INFORMATION OR PROCESSING PERSONAL INFORMATION FOR "TARGETED ADVERTISING", INSERT THE LIST ITEM BELOW AND ENSURE YOU PROVIDE CUSTOMERS THE ABILITY TO "OPT OUT" OF THIS ACTIVITY ON YOUR SITE BY USING SHOPIFY'S PRIVACY AND COMPLIANCE APP OR OTHERWISE.]]


- Right to Opt out of Sale or Sharing or Targeted Advertising. You may have a right to direct us not to "sell" or "share" your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out of the "sale" or "sharing" of information for the device and browser that you use to visit the Site.


[[NOTE TO MERCHANT: IF YOU COLLECT INFORMATION THAT MAY BE DEEMED TO BE SENSITIVE PERSONAL INFORMATION UNDER APPLICABLE PRIVACY LAWS THERE MAY BE ADDITIONAL CONSENTS/DISCLOSURES REQUIRED. INSERT THE LIST ITEM BELOW IF YOU COLLECT SENSITIVE PERSONAL INFORMATION AND CONSULT WITH EXTERNAL LEGAL COUNSEL TO CONFIRM YOUR RESPONSIBILITIES.]]


- Right to Limit and/or Opt out of Use and Disclosure of Sensitive Personal Information. You may have a right to direct us to limit our use and/or disclosure of sensitive personal information to only what is necessary to perform the Services or provide the goods reasonably expected by an average individual.

- Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information.

- Withdrawal of Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent.

- Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.

- Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.


You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.


We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, You may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.


[[NOTE TO MERCHANT: INSERT THE FOLLOWING SENTENCE IF USING SHOPIFY'S AD SERVICES SUCH AS SHOPIFY AUDIENCES]]


Complaints


If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority.


International Users


Please note that we may transfer, store and process your personal information outside the country you live in, including the United States. Your personal information is also processed by staff and third party service providers and partners in these countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.


Contact


Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call [[TOLL FREE TELEPHONE NUMBER IF YOU HAVE A PHYSICAL RETAIL LOCATION]] or email us at rubelsbd@gmail.com or contact us at 20/5, Pallabi, Dhaka, Dhaka, 1216, Bangladesh.


[[NOTE TO MERCHANT: INSERT THE FOLLOWING IF YOUR SITE IS GOVERNED BY GDPR]] For the purpose of applicable data protection laws, we are the data controller of your personal information. Our representative in the [[EEA]] [[and]] [[the UK]] is [[INSERT REPRESENTATIVE DETAILS]].

Continue reading Privacy Policy
,

SIP Protocol Messages

Requests


  • INVITE Indicates that a user is being invited to join a session.
  • ACK Confirms that client has received a response to the invite message.
  • BYE Terminates a call.
  • CANCEL Cancels any Pending Searches.
  • OPTIONS Queries for Capabilities.
  • REGISTER Registers the Address listed in the header field with a SIP Server

Responses


1xx Informational Messages

  • 100 Trying: Indicates that a request has been initiated by the caller and the called party has yet not been located.
  • 180 Ringing: Indicates that the called party has been located and is being notified of the call.
  • 181 Call is being forwarded: Indicates that the called party has rerouted the call to another.
  • 182 Queued: Indicates that the called party is currently not available, and have put the call in queue.
  • 183 Session in Progress


2xx Successful Responses

  • 200 OK: Indicates that the request has been successfully processed.


3xx Redirection Responses

  • 300 Multiple Choices: Indicates that the address resolved to more than one location.
  • 301 Moved permanently: Indicates user is no longer available at this location, an alternate location should be included in the header.
  • 302 Moved Temporarily: Indicates that the user in temporarily unavailable, an alternate location should be included in the header.
  • 305 Use Proxy: This response indicates that the caller must use a proxy to contact the called party.
  • 380 Call is not successful but alternate services are available.


4xx Request Failure Responses

  • 400 Bad Request: Indicates the request sent could not be understood.
  • 401 Unauthorized Request: Indicates the request requires authorization.
  • 402 Payment Required: Indicates payment is required to complete the call.
  • 403 Forbidden: Indicates Server has received the request but will not provide the service.
  • 404 Not Found: Indicates the server was not found.
  • 405 Method Not Allowed: Indicates that the request contains a list of methods that are not allowed.
  • 406 Not acceptable: Indicates that the request can not be processed by the client.
  • 407 Proxy Authentication Required: Client must first authenticate itself with a proxy.
  • 408 Request Timeout: The server could not produce a response before a given time out.
  • 409 Conflict: Indicates a conflict with the current state of the resource.
  • 410 Gone: Resource is no longer available at the server and no forwarding address was found.
  • 411 Length Required: User refuses request without a specified length.
  • 412 Request Entity Too Large: Server refuses to process request because URI is too long.
  • 415 Unsupported Media: Indicates the format of the body is not supported by the destination endpoint.
  • 420 Bad Extension: The server could not understand the protocol extension indicated in the required header.
  • 480 Temporarily Unavailable: Indicates that the called party was contacted but was temporarily unavailable.
  • 481 Call Leg Transaction Does Not Exist: Indicates that the server was ignoring the request of bye or cancel since there is no matching Invite transaction.
  • 482 Loop Detected: (Also, Request Merged) Server received a request which has it self in the path.
  • 483 Too Many Hops: The server received a request that required more hops than allowed.
  • 484 Incomplete Address: The server received a request with an incomplete address.
  • 485 Ambiguous: Server received a request in which the called address is ambiguous.
  • 486 Busy Here: The called party was contacted but the system was not able to receive any more calls.
  • 487 Request Terminated: The calling party canceled the request before the dialog was established with a 200 OK.
  • 488 Not Acceptable Here
  • 489 Bad Event: See RFC3265
  • 491 Request Pending
  • 493 Undecipherable
  • 494 Security Agreement Required: See RFC3329


5xx Server Failure Responses

  • 500 Server Internal Error: Server encountered an unexpected error and could not process the request
  • 501 Not Implemented: Server does not support the functions required to complete the request.
  • 502 Bad Gateway: Server received an invalid request upstream.
  • 503 Service Unavailable: Server has an overload or maintenance problem.
  • 504 Gateway Timeout: Server did not receive a timely response from another server.
  • 505 Version Not Supported: Server does not support the SIP protocol used in the request.


6xx Global Failure Responses

  • 600 Busy Everywhere: Called party is busy and cannot take the call at this time.
  • 603 Decline: Called party was contacted but does not want to take part in the call.
  • 604 Does Not Exist Anywhere: Called Party does not exist anywhere in the network.
  • 606 Not Acceptable: Called party has rejected some part of the call session description as unacceptable.
Continue reading SIP Protocol Messages
,

G.729 and G.723 Codec installation on Asterisk

Installation and Configuration of G.729 and G.723 codecs on asterisk
  1. Download the codec binary file from http://asterisk.hosting.lv/bin/codec_g729-ast14-gcc4-glibc-pentium4.so
  2. Copy it to the /usr/lib/asterisk/modules folder.
  3. Restart the Asterisk: /etc/init.d/asterisk restart

Estimating the Number of G.729 Channels Required

If you choose to purchase the G.729 license from Digium you will need to compute the number of G.729 channels required by your configuration. You can estimate the required value by using the following information:
  • a call between two SIP extensions usually requires two G.729 channels, unless the pass-thru mode is used (http://voip-info.org/wiki/view/Asterisk+G.729+pass-thru), in which case it doesn’t require any G.729 channel.
  • a call between a SIP extension and a Zaptel/DAHDI extension/trunk requires one G.729 channel.
  • a call to Voice Mail or another Asterisk service where IVR messages must be played requires one G.729 channel.
Continue reading G.729 and G.723 Codec installation on Asterisk
,

SIP Trunking - IP Based authentication and Password based authentication

SIP trunking is the method of sending calls to ITSP service provider using sip protocol.

Indepth details refer RFC 3261

There are two types of authentications

1. IP based authentication
2.Username and Password based authentication


For IP Based Authentication
You need to do the following changes in the sip.conf


[siptrunk]
type=friend
fromuser=X.X.X.X ( your asterisk server ip ) which will send traffic to the service provider
host=X.X.X.X ( service provider ip )
canreinvite=no
qualify=no
dtmfmode=RFC2833
context=intenal
disallow=all
allow=g729
allow=ulaw
allow=alaw
port=5060


Then you need to edit extensions.conf[intenal]
exten => _9X.,1,Dial(SIP/${EXTEN}@siptrunk)


For Username and password based authentication

[siptrunk]
type=friend
username=
fromuser=X.X.X.X
host=X.X.X.X
canreinvite=no
secret=
qualify=no
dtmfmode=RFC2833
context=intenal
disallow=all
allow=g729
allow=ulaw
allow=alaw
port=5060

define username and password to it
Continue reading SIP Trunking - IP Based authentication and Password based authentication
,

Setup DKIM on Postfix with OpenDKIM

Introduction

DKIM is an authentication framework which stores public-keys in DNS and digitally signs emails on a domain basis. It was created as a result of merging Yahoo's domainkeys and Cisco's Identified Internet mail specification. It is defined in RFC 4871.

We will be using the OpenDKIM implementation Centos, OpenDKIM is a fork of dkim-milter.

Installation

yum install opendkim

Generate the Keys

opendkim-genkey -d  -s 
Replace with the domain name you will be signing the mail for, and with a selector name it can be anything (but just one word). The command will create two files.
  • .txt - contains the public key you publish via DNS
  • .private - the private key you use for signing your email
Create a sub directory in /etc/opendkim/keys to store your key, i prefer to use the domain name as the sub directory name.
# mv .private /etc/opendkim/keys//.pem
# chmod 600 /etc/opendkim/keys//.pem
# chown opendkim.opendkim /etc/opendkim/keys//.pem

DNS Setup

You need to publish your public key via DNS, client servers use this key to verify your signed email. The contents of .txt is the record you need to add to your zone file a sample, is below (it uses default as the selector and example.com as the domain_name)
default._domainkey IN TXT "v=DKIM1; r=postmaster; g=*; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNA
DCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDv
wn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+z
JVW+CKpUcI8BJD03iW2l1CwIDAQAB" ; ----- DKIM default for example.com

Configuration

Edit /etc/opendkim.conf comment out "KeyFile /etc/opendkim/keys/default.private" and uncomment "#KeyTable /etc/opendkim/KeyTable"

Edit the file /etc/opendkim/KeyTable and add your domain using the following format
._domainkey. ::/etc/opendkim/keys//.pem
Add your servers IP addresses to /etc/opendkim/TrustedHosts
More advanced configuration options can be set in the file /etc/opendkim.conf

Configure Postfix

You need to add the following options to the postfix main.cf file to enable it to use the milter.
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Append the OpenDKIM options to the existing milters if you have other milters already configured.
Start OpenDKIM and restart postfix
# service opendkim start
# service postfix restart

Testing

Send an email to sa-test@sendmail.net or autorespond+dkim@dk.elandsys.com, you will receive a response stating if your setup is working correctly. If you have a Gmail account you can send an email to that account and look at the message details similar to the picture below, you should see signed-by “your domain” if your setup was done correctly.

DKIM signed mail in google

Continue reading Setup DKIM on Postfix with OpenDKIM
, ,

PHP 5.3 on CentOS/RHEL 5.11 via Yum

To install, first you must install the yum repository information:

rpm -Uvh http://mirror.webtatic.com/yum/centos/5/latest.rpm
 
Now you can install php by doing:

yum --enablerepo=webtatic install php
 
Or update an existing installation of php, which will also update all of the other php modules installed:

yum --enablerepo=webtatic update php
Continue reading PHP 5.3 on CentOS/RHEL 5.11 via Yum
,

PHP5 with IMAP and SSL support

Building your own PHP with IMAP support is not that hard, but i noticed a lot of people tend to have problems when they want SSL support in it.
You might run into stuff like this (when reconfiguring php f.e.):
configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information.


This exact same problem came up for me on Fedora when trying to compile PHP 5.5.0.
The problem is related to the '--with-imap' configuration parameter.
In order to solve this problem I compiled my own version of imap from the latest source (currently imap-2007f) and to do that I had to install some prerequisites. On fedora I did this...

yum install openssl openssl-devel pam-devel
wget ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
tar zxvf imap-2007f.tar.gz
 
Then I had to make a soft link so the compiler could find the libraries. In my case I did the following:

mkdir /usr/local/ssl
ln -s /usr/include /usr/local/ssl/include
 
and then compile:

cd imap-2007f
make lnp SSLTYPE=unix EXTRACFLAGS=-fPIC
 
Then I was able to compile PHP by adding the imap source path to the config param like so:

/path/to/php/src> ./configure ...other_params...  
              '--with-imap=/path/to/imap-2007f' '--with-imap-ssl' 
make
make install
Continue reading PHP5 with IMAP and SSL support
,

Apache: service httpd does not support chkconfig

As you know, when you installed your Apache service to your Centos/Redhat server manually (make & make install but not yum) and could like to run the service automatically, you should copy the apachectl from the Apache bin folder to /etc/init.d/ folder as named httpd.
Then you might want to set the chkconfig and facing the error as below,

1
service httpd does not support chkconfig

To fix this issue, you may simply add the following line to your file at /etc/init.d/httpd.
 
 
1
2
3
4
5
6
7
8
9
#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf

Then you may chkconfig again,

1
chkconfig --level 235 httpd on

And now restart your httpd service.
Continue reading Apache: service httpd does not support chkconfig
, ,

Issues with firewall on HW Node - Impossible to use ip_nat and ipt_state modules

Information

Symptoms vary and may include:
  • Some iptables rules are not working
  • You see the following error when trying to create an iptables rule in the NAT table or when trying to use the STATE module:
    # iptables -t nat -L
    iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
    #
    

Cause

This problem usually occurs because connection tracking (the "conntracks" module) is disabled on your Parallels Virtuozzo Containers (PVC) hardware node (HW Node) by default. This means iptables is not statefull in the default installation.
You can verify this by checking whether you get the same output as below:
~# grep conntrac /etc/modprobe.d/vz-parallels.conf
options nf_conntrack ip_conntrack_disable_ve0=1
When support for connection tracking is disabled, the NAT table is absent in the list of available tables:
~# cat /proc/net/ip_tables_names
mangle
filter
Therefore, it is impossible to use the nf_nat and xt_state modules on the HW Node.

Resolution

Note: STATE module functionality of iptables may be replaced by adding explicit complimentary rules for INPUT and OUTPUT chains.
If you are not satisfied by that workaround or if you need the NAT table functionality, continue reading further.
Before you enable connection tracking support, we strongly recommend considering the following notes and warnings:
Warning 1: Enabling connection tracking uses a lot of resources.
Warning 2: With "conntracks" enabled, the HW Node may become completely unreachable from the network when you have a high network load. If a hosted container has malicious software running, a kernel panic can occur.
That is because the number of connection tracking slots is limited for a physical server. Enabling "conntracks" is especially dangerous for a PVC HW Node, because it allocates two tracking slots for each connection to a container – one for external connection and another one for connecting the HW Node with the container. So if a container opens too many connections, the HW Node will not be able to create any new connections.
This sort of situation might arise due to a DDoS attack of any container. The HW Node administrator would not be able to stop it by stopping a CT or adding iptables rules, because the administrator could not log in to the Node.

How to enable "conntracks":

  1. Check that all necessary modules are loaded on the Hardware Node:
    ~# lsmod | grep -E "state|nat"
    nf_nat_ftp              3489  0
    nf_conntrack_ftp       12927  1 nf_nat_ftp
    iptable_nat             6236  0
    nf_nat                 23178  3 vzrst,nf_nat_ftp,iptable_nat
    nf_conntrack_ipv4       9848  3 iptable_nat,nf_nat
    ip_tables              18021  3 iptable_nat,iptable_mangle,iptable_filter
    xt_state                1474  2
    nf_conntrack           80758  8 vzrst,nf_nat_ftp,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
    
  2. Add those modules to the iptables configuration on the Node:
    ~# egrep '^IPTABLES_MODULES' /etc/sysconfig/iptables-config
    IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length xt_length xt_hl xt_tcpmss xt_TCPMSS xt_multiport xt_limit xt_dscp nf_conntrack iptable_nat"
    IPTABLES_MODULES_UNLOAD="yes"
    
  3. Edit /etc/modprobe.d/vz-parallels.conf and set ip_conntrack_disable_ve0=0:
    ~# grep conntrac /etc/modprobe.d/vz-parallels.conf
    options nf_conntrack ip_conntrack_disable_ve0=0
    
  4. Enable iptables, logging to verify that it works:
    ~# egrep '^kern' /etc/rsyslog.conf
    kern.*                                                 /var/log/messages
    
  5. Restart iptables:
    ~]# service iptables restart
    iptables: Applying firewall rules:                         [  OK  ]
    iptables: Loading additional modules: ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length xt_length xt_hl xt_tcpmss xt_TCPMSS xt_multiport xt_limit xt_dscp ip_conntrack iptable_nat                                         [  OK  ]
    
    (Please note that unloading of kernel modules can fail if modules are in use by running containers.)
  6. Restart syslog:
    ~# service rsyslog restart
    Shutting down system logger:                               [  OK  ]
    Starting system logger:                                    [  OK  ]
    
  7. Add a test rule, e.g., one to track new SSH connections:
    ~# iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name ssh_attempt --rsource -j LOG --log-prefix "SSH connection attempt: "
    
  8. Avoid tracking any other TCP connections to save system resources:
    ~# iptables -t raw -I PREROUTING -p tcp !  --dport 22 -j NOTRACK
    
    Note: setting rules in the raw table might cause issues with CT #1 restart. Update PVA Agent to the latest version.
  9. Try to log in to the server via SSH while monitoring the log:
    Jan 11 02:29:19 pvclin47 kernel: [  106.459592] SSH connection attempt: IN=eth0 OUT= MAC=00:1c:42:ac:d1:c9:00:1e:67:07:55:95:08:00 SRC=192.168.55.3 DST=10.39.3.111 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=44446 DF PROTO=TCP SPT=51889 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
    Jan 11 02:29:19 pvclin47 kernel: [  106.459592] SSH connection attempt: IN=eth0 OUT= MAC=00:1c:42:ac:d1:c9:00:1e:67:07:55:95:08:00 SRC=192.168.55.3 DST=10.39.3.111 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=44446 DF PROTO=TCP SPT=51889 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
    

FAQ

Q: What exactly does this option do?
A: This option controls the tracking of packets in the Node's environment. When it is disabled, packets are accepted, routed, etc., but the kernel does not store any information about the packet's connections, as it considers each packet to be a complete unit.
This option also has implications for NAT. For NAT, you need to have the following information: you need to determine the first packet of a connection and decide which of the next packets belongs to this first packet, i.e., which packet should be considered as a "connection."

Additional information

Continue reading Issues with firewall on HW Node - Impossible to use ip_nat and ipt_state modules