Darkavich's Daily Ramblings

Well I finally got a around to installing ssl/imap. That’s not the interesting part 😉

I wanted to change the name of the daemon from imapd to imapsd. That’s where all my frustration started. Long story short… if you change the name of the binary, you need to also need to change the name of the file that holds the certificates.

In this case “/usr/local/ssl/certs” needed a file called imapsd.pem. I just created a sym-link to the imapd.pem file and all started working again.

Nowhere is this clearly documented. I was able to figure out the issue with this trusty truss command: truss -f -d -a -e -v all -p PID

The new iPhone upgrade allows you to see the lyrics stored in your music file. Turns out that there is a great little widget that will automatically update the songs. THe program is called GimmeSomeTune.

Another freeware tool you should donate to the owner.

As many of you know I have been hooked on BBQ. BBQ as defined by the pit masters is anything you cook low and slow. Last year I took a class from a Pit Master. I took the class from The BBQ Institute.

Konrad was a great teacher. He has no problem sharing his secrets and I learned a lot. The best thing I can say is in the 40 years of cooking, I have ever been able to make ribs. I learned a few secrets and my 1st attempt after this class came out perfect!

I did a lot of research about what smoker to buy. All of the comments said get a weber bullet. I purchased the Smokey Mountain Cooker.

This unit is amazing. I put the heat source in (generally Kingsford charcoal) and the temperature stays at an amazing 250 degrees for hours. I can run the smoker for 7 hours or more on one chimney of charcoal.

If your looking for a smoker, or are starting out. I strongly recommend this unit.

Ok, for the last 4 days I have been struggling with getting the iPhone mail client to work properly when on edge.

The client works perfectly when on WiFii, but failed to connect when on edge. There are lots of postings of other people having the same problem all over the country. Knowing a few things about networking 😉 I started troubleshooting.

I found that with an edge device we could telnet to my hosts on port 80 and port 25 (web and mail), but failed to connect on port 143 (imap). I ran several snoops and noticed that we could see the packets making it to my server, but the imap session never being established.

I was running the snoops so I could see what IP address the devices are coming from. When I saw the bizzare names, I decided to start doing some investigating and noticed that there was a reverse PTR record, but no forward A record.

% host mobile-032-162-049-101.mycingular.net.
Host mobile-032-162-049-101.mycingular.net not found: 3(NXDOMAIN)
% host 32.162.49.101
101.49.162.32.in-addr.arpa domain name pointer mobile-032-162-049-101.mycingular.net.

Well, this was the lightbulb I needed. imapd is launched from inetd, unlike mail and web. Mail and web both have a daemon running on their own. All of my inetd services like imapd are wrapped by tcp-wrappers. A quick look at the tcpd logs showed:

Jan 7 11:09:37 c130 imapd[19384]: [ID 140027 local6.error] warning: can’t verify hostname: gethostbyname(mobile-032-162-049-101.mycingular.net) failed
Jan 7 11:09:37 c130 imapd[19384]: [ID 947420 local6.warning] refused connect from 32.162.49.101

So the problem is both AT&T’s and mine. Because I use tcp-wrappers, the connecting hosts MUST have a valid A record for the PTR. The fact that AT&T doesn’t have valid A records is not playing nice on the internet.

Now the world is starting to make sense. Why does this work for some people and not others. The reason is because they are still using old IP’s from Cingular, and not the new ones from AT&T. It appears that all of the mycingular hosts are missing the forward lookups.

So, I have my workaround, but ultimately AT&T needs to fix this problem. I will still suggest you open a ticket with AT&T and ask them to fix their DNS records. Properly registering IP addresses that are used on the Internet is not only a polite thing to do, but also prevents things from breaking that rely on valid DNS records.