One of the worst problems in qmail is that it accepts messages for non existent users and then sends back a bounce to the sender. This is the perfect setup to be exploited by a spammer. I'm using the qmail-tls port configured with vpopmail on FreeBSD.
There might be some patches that make qmail use the vpopmail command line tools directly to check if a user exists before accepting messages but I either didn't find them or thought that using the SMTP Plugins patch is more elegant and gives me more flexibility (It might be slower but this was not a high traffic server so I didn't care).
The SMTP plugins patch adds hooks at all STMP stages and the plugins can use those hooks to accept or reject a message based on the data in the smtp statements sent by the sender.
I used the Qmail-SPP - Vpopmail check user Script written by Werner Maier.
The only problem was that I had to patch the source code for qmail-tls with the qmail-spp patch and there were quite a few rejects because of the other patches applied by freebsd ports system.
I managed to adapt the code to make this patch work and here is how I did it...
First I built the original freebsd port:
- cd /usr/ports/mail/qmail-tls
- make config # pick up the options you want here ... I needed tls, smtpd-auth,vpopmail and a few others
- make install
This will also install the files and then after we apply the spp plugin we just copy the modified file ( qmail-smtpd )
Next step if to download the qmail-spp plugin into /usr/ports/mail/qmail-tls/work and apply it.
- cd work
- tar -xzpf qmail-spp-0.42.tar.gz
- cd qmail-1.03
- patch -p1 < ../qmail-spp-0.42/qmail-spp-smtpauth-tls-20060105.diff
This will give you some rejects but don't worry because you'll fix them with my next patch : Qmail-tls-spp-FreeBSD patch-0.1 (4.73 KB)
- patch < qmail-tls-spp-freebsd.patch
- /usr/local/etc/rc.d/svscan stop
- cp qmail-smtpd /var/qmail/bin
- /usr/local/etc/rc.d/svscan start
At this point qmail-smtpd should have smtp plugins working and we can set up the vpopmail user verifier script.
- cd /var/qmail
- mkdir plugins
- fetch http://www.maiers.de/qmail/vpopmail_check_recipient.sh
- chown root:qmail vpopmail_check_recipient.sh
- chmod 755 vpopmail_check_recipient.sh
Now edit vpopmail_check_recipient.sh and make sure the correct paths to vpopmail directory ( /home/vpopmail on freebsd ) are set in the script.
To test it, connect to smtp and try to send a message to an nonexistent account, you should see a reject message instead of the usual "ok".
I have finally upgraded wordpress to 2.5.
The old version was 2.3.1 ( yeah that old ) and the upgrade was pretty smooth. I didn't use plugins like instant upgrade for this upgrade but I'm thinking of using for the next upgrades.
How did I do it?
I have my own method for this. It's very similar to what they descibe in the official upgrade docs but a bit modified.
Here are the 7 steps I followed:
- backup the database using the backup plugin
- remember ( write a list of) active plugins then deactivate all ( so if any plugin will not work in the new version you can still access the blog and the admin interface )
- make a backup of all files ( assuming current install is in public_html ):
- cp -rp public_html wp-2.3.1_backup
- download and extract the new version ( it will create a wordpress folder so make sure you don't already have one cause it will overwrite the files in it ) :
- wget http://wordpress.org/latest.tar.gz
- tar -xzpf wordpress-2.5.tar.gz
- use rsync to copy the new files over the old files ( note the exclusion of wp-content to preserve the modifications you might have done to themes and plugins ) :
- sync -avz --exclude=wp-content wordpress/ public_html/
- call the upgrade.php script, go to : http://your_own_blog.tld/upgrade.php
- reactivate the plugins you had active before the upgrade
The whole thing took about 10 minutes and there were no problems encountered except for a few plugins that could not be reactivated because they were incompatible with the new version.
What I like about it?
I like the new interface,it seems friendlier, faster, more slick and I was getting bored of the old one.
I don't care much about the dashboard, but I love the way the WYSIWYG editor works.
I think the feature that I love the most is the automatic plugin upgrade but this is also the one that I think it needs more work ( of course there may be others that I did not notice yet )
what id didn't like?
Here are three problems I found with the automatic plugin upgrade:
- the first time I tired it id didn't seem to care that I selected "No" for the "Use SSL" option and it just told me it could not connect.
This was because my ftp server did not have ssl enabled but it was impossible to know this was the cause because it was clear to me from the web interface that it was not using SSL until I went in the code and just run a print_r on the $credentials variable .
I'm not sure why this happened, I guess a bug. I had to go into the database and manually edit the ftp_credentials option and set ssl to 0 and then the plugin upgrade worked.
- It doesn't remember the value of the "Use SSL" option. After I go in to upgrade another plugin the option is set to "yes" even thou in the database it is 0.
- it removes the old plugin first and then tries to install the other. If the new version install doesn't work for some reason you are left with no plugin and you will have to go in and install manually the old way. I think a bettwe approach would be to first deactivate the old plugin, make a backup copy, try to install the new one and if it doesn't work restore the old plugin.
Overall wp 2.5 brings good improvements and great new features but as with any new major version increase there are a few minor details not taken good care of. Waiting to see what the 2.5.1 version wil bring on he bug fixing side.
Have you upgraded yet? what are your thoughts on the 2.5 version ?
There is a new version of this plugin. Please download it from the plugin page
After the first release of the Hidden affiliate Links plugin some bloggers wanted to know if this plugin would be able to automatically replace some keywords in posts and turn them into affiliate links.
John Chow bought a plugin for wordpress that does something like that from DealDotCom (yes it's an afiliate link and it was created automatically ) but I know it wouldn't be that hard to add such a functionality to my plugin. So here's the real deal they should put on DealDotCom:
Now my plugin will let you define keywords and it will replace those keywords (when you save/update a post) with a new link you can specify. And it will still work for adding such links manually as the first version does (just don't put anything into keywords or Link fields ) .
The keywords field is actually a field where you can specify a regular expression ( so make sure you escape special characters like - or . (dot ) by placing a \ ( backslash ) in front of them.
Let's say you write a post and you want this plugin to replace both the keywords/phrases DealDotCom and "Deal Dot Com" then the content of the keywords column should look like DealDotCom|Deal Dot Com . The "Match slug" field can be go/dealdotcom and the "New link" should be something like "/go/dealdotcom" or "http://patchlog.com/go/dealdotcom" ( without the quotes ) - this is what it looks like on your blog.
Download new version
If you have already installed version 0.1 you will have to deactivate from wp-admin -> Plugins and delete the table wp_hal_links then just install the new plugin like any other plugin.
Because the plugin allows you to specify regular expression for the " Match Slug" field you will have to escape some special characters like . (dot ) , _ , - and / by placing a backslash in front of them . I could make the plugin so that this will not be necessary but that would make it lose the great flexibility that regular expression matching can offer.
- make it configurable so that the user can chose to match case sensitive or insensitive keywords and link slugs. At the moment the match is case sensitive but some users may not like that. It would also be nice to be able to specify this for each link.
- give the user the option to replace the keywords at runtime (every time the post is rendered). This has the advantage that the keywords on all posts will be replaced ( not just the ones you update after you install the plugin ) but has the disadvantage that it can slow down your blog
- Anything else you would like ? feed free to let me know in the comments...
I looked at my sidebar and I saw what he meant by clutter. Darren could have used my sidebar as an example of a cluttered sidebar.
The sidebar was full of widgets that were not really useful to me or to my visitors. Here is what I had and removed:
- Most popular Posts: I removed this because I didn't think it was really useful for my visitors. A lot of them come from a search engine and look for something specific. I don't think they are interested in what's popular on my blog, but I might be wrong about it and I might add it back in the future, maybe on the footer.
- Tag cloud: this one was getting too big. I occupied too much space and the most popular tags were already the words in categories to it was kind of redundant. I might add this on a page of it's own
- Top commentators: I removed this because it looks bad to see a list of top commentators where #1 has only 3 comments.
- Technorati fave this blog: removed because I already have a technorati button at the bottom of each post
- Google Referrals banners: The banners increased the load times and were not making money. I may add them back as links like this :
because I see some potential in this but I'll have to get more traffic before I start using it again
- Text link adds affiliate banner: In two months of using this I got about 80 clicks on it and no conversions. But the text link ads is reported to be one of the best affiliate program. They give you $25 for signing up an active publisher or advertiser
- Reviewme banner: removed because I received no offer for a review since I started using it a few months ago. I guess no one wants me to review a patch
- WordPress meta: does anyone care about this ?
- DoFollow: This doesn't really have anything to do with the sidebar but I removed this plugin because it was pretty much useless. I don't think anyone that commented on my posts did it because of the dofollow plugin. The only ones that commented because of dofollow were those that commented on the post about dofollow. The idea to reward your commentators is good but if there isn't anyone ( or very few ) to reward the plugin is useless. Also I think the Top commentators plugin might be better for this.
Some thoughts about what I should do, but I'm not sure about this yet:
- move archives and maybe categories in the footer
- add most popular posts in the footer
- remove google ads, I this I can afford losing about $2/month
- remove kontera
- create a top navigation bar and move the links to pages on that bar
What do you think I should do about the blog ? Any suggestions are welcome in the comments.
In my previous post about optimizing the comment relish plugin I managed to lower the load generated by the comment relish plugin on the database server by adding an index on a column in the cr_emailed table and by optimizing a query ( basically removing a "useless?" join ). This improved the load time a lot but some users still reported slow load times on blogs with a lot of comments.
Looking more over the source code I realized that the function that tried to find new commentators was executed on each page. This function was executing a mysql query that joined two tables wp_comments and wp_cr_emailed. I think you can imagine the result of this on blogs with a large number of comments.
The solution was to execute this function only when a new comment was posted. And this comes with two benefits:
- because this is called only when a new comment is posted ( or approved ) the rest of the blog will remain as fast as before the plugin was installed.
- because of the way we call the function ( as an action/hook associated with the code that processes the comments ) we have more information about the comment so we don't have to do the query where we join two tables. We still do one query to get the whole comment data and one to see if this is a new commentator ( not emailed yet ) but these use indexes and are really fast.
Get the new optimized plugin here and let me know how it works for you.
the plugin link above contains a plugin that tries to send email even when the blog receives a pingback or trackback as reported by Rhys. I have uploaded another version that corrects this problem here: Optimized Comment Relish plugin-0.3 (3.58 KB)
Comment Relish is a wordpress plugin that sends an email the first time someone comments on your blog. The plugin allows you to define the message in wp-admin and you can embed tags like author's name, email, website and others in the message.
This can be used to send a welcome message to the first time commentators and maybe invite them to subscribe to your rss feed.
John Chow, tried to use it on his blog but the plugin and his huge number of comments ( 43000 ? ) put the site down for about 2 hours. He said the plugin misbehaved and he would not recommend it if you have a lot of comments.
I did a little simulation on a wordpres blog with about 25000 comments and I can see how the plugin misbehaves . It took more then tho minutes to select the email addresses that should be emailed before I decided to stop it, because that's just unacceptable, but I think it would have taken a lot more.
I managed to optimize it easily by just modifying a field in the table used by this plugin. If you don't care how I did it and just want the optimized plugin skip to the end of the post. If not then read on...
How it works
The plugin uses a table ( cr_emailed ) to remember which addresses received an email, so that it does not send a message more then once. Basically the plugin just inserts a new record in this table every time someone new comments on the blog. It tries to see if someone is new by doing a LEFT JOIN select on two tables: comments and cr_emailed, and then filters the results that have cr_emailed.email = NULL. The problem with this is that the email column has no index so if you have 43000 comments the query will have a huge result set and mysql will have to process each result to find out if cr_emailed.email is null ( the email has not received a message yet ) .
This was really simple, just convert the email field to a varchar ( needed in order to be able to set a fixed length key on this field ) and then add an index on it.
After doing this the query that took more then two minutes, now takes a little less then 1 second.
Some one on John Chow's blog suggested to add an index to wp_comments.comment_author_email. I tried that but I noticed no improvements, and using explain on the sql query shows the index on comment_author_email is not used, so that's useless.
Looking more over the code I noticed another weird thing. The query executed to find the email addresses looks like this:
- SELECT c.*, p.*
- FROM wp_comments c
- INNER JOIN wp_posts p ON p.ID = c.comment_post_ID
- LEFT JOIN wp_cr_emailed e ON e.email = c.comment_author_email
- WHERE e.email IS NULL AND c.comment_approved = '1'
I wonder why the author used the posts table in this query? The results from the posts table are not used anywhere in the code. I really couldn't see a good reason for keeping the posts table in this query so I removed the posts table from this query, making it even faster.
Get the source code
Here is a diff file between my version and the original version and here is a my new version . If you have this plugin already installed you have to uninstall it and remove the wp_cr_emailed table and then copy the new version and activate it in wp-admin.
I'm using the new version on this blog and is working but I have few comments here. I have only tested the modifications on this blog and on a fictional blog with 25000 automatically generated comments so the usual disclaimer applies... you know all that "WARNING NO WARRANTIES" stuff...
If you have a blog with many comments and you want to try this, let me know how it works in a real environment.
I just enabled full text feeds on this blog so now you can subscribe to my feeds and read full articles from the comfort of your feed reader .
I'm using the <!--more--> tag on some articles and because wordpress 2.1 also splits the feeds when it finds the more tag I had to install the Full Text Feeds plugin created by Ronald Heft.
There are some other methods to do this presented by Kevin Muldon on his How to use the more tag and display the full content in your RSS Feed post.
As of today the links in the comments section do not have the nofollow attribute anymore. So those that will comment on any post will get a link back to their site and that will add to their page rank. I'm using Oliver Bockelmann’s Nofollow Case by Case plugin that will remove the rel="external nofollow" attribute from links in comments. Thanks to Martin Reed of communityspark.com for his idea about making a blog link love compatible
The side bar also shows a top of those that commented the most with links to their sites ( also with no nofollow ) . I'm using the Show Top commentators plugin for this, thanks to John Chow for his ideas about how to increase blog comments
Some think that this will just increase spam ? what do you think ? do you show link love on your blog ?
A few days ago I had to upload two diff files with the extension .patch on my previous post about qmail and dkim and wordpress asked me to try other extension because the file extension did not met it's "security policy". That was really annoying so I started to look through the code to "fix" this .
Few minutes after, I find this function wp_check_filetype in wp-includes/functions.php. It seems this function is the one responsible for filtering unwanted extensions. The only problem with it is that the allowed extensions are hard coded in it. you can easily add your extension to it but then you'll have to do that every time you upgrade wordpress.