Odds and Sods

Apple Fall 2016 Product Announcements

Are the  Apple product extravaganzas vaguely creepy? It seemed if you were a presenter you had to be a gray-haired guy wearing a rumpled denim shirt. We are so excited.   The new Home button!  The special adapter for plugging your old earphones into the Lightning port! Everything is so awesome. Each tiny incremental change is touted like a family FaceBook update.

We wanted a refreshed MacBook (four years old). We got Pokemon on the iWatch.

Biggest news was probably the upgraded camera on the iPhone.

Upgrade to Quickbooks 2016

We have upgraded our QuickBooksPro 2014 to QuickBooksPro 2016. There doesn’t appear to be any major changes from an installation standpoint.  The main steps include:

  1. Purchase Quickbooks Pro 2016 3-user license through TechSoup. The result of this purchase process is that you receive a unique license ID number.  You’ll need that number plus the “product ID” number to complete installations on each machine.
  2. Download Quickbooks Pro 2016 to each workstation.
  3. Download Quickbooks Pro 2016 to the “server”  Our server is a re-purposed  Windows 7 workstation with a shared folder for the Quickbooks data files.  When you use the Quickbooks installer on the server,  choose “Host the company file on this machine, but access it from Quickbooks on other machines”
  4. Copy the company data file to the shared folder on the server.
  5.  Run the Database Manager on the server, to make the file available to the workstations.
  6. Open the file on the workstation(s).
    A few more hints on configuring the server are located here.  Don’t forget the AntiVirus!

 

PCI compliance.

If you take credit cards and handle the actual card data, then you may have already been prompted to certify that you are in compliance with the PCI security standards. This requires a yearly questionnaire and a quarterly scan of your public IP addresses. You can get started by doing free scans from HackerGuardian. If this works for you and you need to continue with scanning you can get a 3 year subscription via TechSoup for $67.00.

Progress with MailClark, Slack, FileMaker, WordPress

Somemotor-1381998_1280times you just have a week where you are grinding away at things, and nothing particularly new or spectacular happens, and no new revelations are on the horizon. This was one of those weeks.

MailClark and Slack

The MailClark experiment is moving into its third week. As I hoped, it  appears to be working well as an application for low-volume  email customer support. In another couple of weeks, I will introduce this to the rest of the customer support team, so that more than one of us can respond to emails and questions sent in to our help address.

FileMaker CRM

Our FileMaker CRM is taking shape. I have built the basic tables, and am working on the data entry screens. I’ve hosted it on a new Mac Mini with an SSD drive using FileMaker Server. This is the first time I’ve ever used an SSD up close and personal (all Linodes are SSD based), and I’m impressed with the speed.

FileMaker has been steadily improving the web client of the application called WebDirect. This is an effective implementation of the regular FileMaker desktop interface, but rendered in HTML5 and CSS for a web browser, which eliminates the need to install the FileMaker software client on your desktop workstation.  My thought is that we will provide access to the CRM via a virtual private networking connection rather than allowing direct access through our firewall.

Similar to FileMaker Go, the FileMaker client that runs on iPhones and iPads, I  expect to build dedicated data entry screens for the web clients. This means that each platform gets its  own screens….desktop,  iDevice, and web.  The startup script for the application will contain a CASE statement which determines which platform you are connecting with, and point you to the correct screen.

So far the data design and use cases appear to be pretty accurate and for the most part remain unchanged. One thing I have done is add a “reference” section. This will provide a front-end for the National Center for Educational Statistics database of public and private schools.

WordPress and Apache

I spent a couple days faffing about with my Apache / WordPress installation, trying to figure out what what slowing down our blog. It turns out to be hidden in plain sight, and here is one explanation.

 

Troubleshoot Apache with mod_status

We are having a bit of a contretemps with one our of Linode blog hosts. This host is running Ubuntu Linux 12X  LTS and WordPress, and seems to be having fits of high CPU utilization. One way to see into the web hosting process is to examine the Apache mod_status page.

Mod_status is an Apache module which prints statistics about the Apache application. By default the page will be accessible using the the suffix of /server-status on your root web site URL. http://mysite.com/server-status. However, by default this is restricted to a request from a browser at the 127.0.0.1 address.

If you log into the console, you can attempt to see the status by running the following:

apachectl status

or if you aren’t logged in as root,

sudo apachectl status

This returns the status page.

Screenshot_071516_011101_PM

If you are attempting to access this from a browser on another workstation via http://mysite.com/server-status, you get a 403 message:

Screenshot_071516_110946_AM

The first thing is to find where this restriction is located. It is going to be in one of the Apache configuration files. These are located within /etc/apache2. If the status module is enabled, there will be a status.conf file that can be edited.

sudo nano  /etc/apache2/mods-enabled/status.conf

Screenshot_071516_112041_AM

Edit the lines after the <Location /server-status> line, per the instructions. After editing mine looked like:

<Location /server-status>
   SetHandler server-status
   #Require local 
   Require ip 192.168.xxx.0/24
</Location>

where “xxx” is your local subnet.  In the above example, I’m accessing the server from inside the firewall from a workstation located on the same subnet as the Apache server. (In reality, I’m actually accessing a server running within a VirtualBox virtual machine, located on my Windows machine. )

Once these changes are made you have to restart Apache.

service apache2 restart

 

If this is successful,  you get a page similar to the character-based page, but nicely formatted in html. Since the data is similar, however, if there is any issue trying to get at the statistics, probably the character-based method at the console is the first thing to try.

Screenshot_071516_011525_PM

Ah…but what if you get a page, but it isn’t a status page?  This is the problem we have with our WordPress site, and it has to do with which page is served as the default. http://myblog.com/server-status  returns the default page from the blog rather than the server-status page.  Stay tuned for that fix.

MailClark: Use Slack for Customer Support

One thing that is pretty wonderful about Slack is the number of integrations available. We have integrated Trello, Google Calendar, Dropbox and Google Drive with our Slack installations. Now a new one has presented itself that allows you to create what I would call a “threaded customer support system”. This appears to be ideal for relatively low-volume eMail support. Here’s how it works:

Hire a Mail Clerk, (named Clark).

The key is a terrific application called MailClark an email bot for Slack. If you have worked with Slack at all, you know about the “slackbot”; an artificial intelligence “user” which you can communicate with to perform various tasks, or to get help on Slack. (Think Siri for Slack). MailBot is a similar “bot” but one that allows you to send and receive eMail directly to and from Slack channels.

Adding MailClark to Slack adds a new user called @mailclark, and provides you with an intermediate email address that includes your team name and the channel that you are going to use for inbound questions.  So, for example if your Slack team name is  “tfnphelpteam”, and you have a Slack channel called “grantsupport” you will get an email address of grantsupport@tfnphelpteam.mailclark.ai.

Emails sent to that address will show up in the techsupport channel showing the complete email address of the sender and a reply button. Screenshot_071416_110006_AM.jpg

If I click on the reply button, MailClark will create an entirely new Slack channel for the conversation, including the original query.  This channel will be named similarly to the original (inbound) channel, but will be randomized for the individual. The channel will show up with unread messages…  and you can then click on the channel to reply to the original question.

Screenshot_071416_110252_AM.jpg

The crux on the replies is that you need to follow the your reply with @mailclark send on its own line at the end of the message.

 

Screenshot_071416_111434_AM.jpg

What’s cool, is that any subsequent emails to or from this person will stay in the channel, so that you have a threaded discussion of an entire conversation. This is the equivalent of a “trouble ticket” system like ZenDesk.

Of course grantsupport@tfnphelpteam.mailclark.ai. isn’t a particularly intuitive email address for help. So, we created our own own google eMail address, something like grants@tfnp.com (not a real address!) which then gets forwarded to the MailClark address.

Tech Friday: Debugging the WordPress White Screen of Death

motor-1381998_1280Problem: I attempted to change a password for a user of the WordPress web site. I got into the administrator’s dashboard, choose “Users”, found the person’s entry, changed their password, clicked on “save changes” and Poof! I get a blank screen.

 

It turns out there is a name for such screens, and the name is called the WordPress White Screen of Death, or WSOD.

There are a ton of possible causes for this, but many of them relate to a problem with PHP code located someplace  within WordPress, or within WordPress plugins. Since the WSOD is just that…it doesn’t show any kind of detailed error message, one approach to finding the problem is to enable error checking and display at the PHP level. This is a quick entry in the WordPress wp-config.php file located in the root WordPress directory.  Here’s the file as it shows up in FileZilla.

WP_Config

And here is the contents of the file as displayed in Notepad++

WP_DEBUG

The trick is simply to change false to true to enable the display of error codes.  And sure enough,  once I did that and retried the password change operation I saw the following message:

Fatal error: Call to undefined function curl_init() in /var/www/html/wordpress/wp-content/plugins/gmail-smtp/class.phpmaileroauthgoogle.php on line 171

This was an indication that a plugin which I had added was causing the error. Once I removed the plugin, I could change my user’s password without problems and the WSOD was banished, at least for now.

WordPress: Troubleshooting Contact Forms 2

In our last episode, I determined that the contact form wasn’t working, even on the server that I thought was working. Further investigation, and a several eMails back and forth from Linode tech support yielded the following:

  1. The problem is not the Contact Form 7, it is with the eMail setup on the server where WordPress is installed. (Well there is a  problem with CF7, but we’ll get to that in a minute.)
  2. Linode has a guide for setting up PostFix (the background eMail program). In general, Linode guides are great for any Linux application, whether you are using Linode or not.
  3. To cut to the chase, there were several changes that needed to made.
    1. It looks like PostFix wasn’t completely configured. It was listening on only localhost. To fix this:Update the “inet_interfaces” value to listen on the actual IP address. in the /etc/postfix/main.cf. file  Change this:
      From: inet_interfaces = loopback-only
      To: inet_interfaces = xx.xxx.xxx.xxx, 127.0.0.1

      where xxx.xxx.xxx.xxx is the machine’s IP address.

      – Restart Postfix

      /etc/init.d/postfix restart

      – Verify that everything is working fine

      netstat -tulpn | grep 25  #Verify listening on port 25
      tail -f /var/log/maillog  #See the result of sending an eMail.
  4. The other piece of the puzzle involved editing the Domain Name nameserver records. These are required for Google to accept eMails for delivery, and involve two addtional entries for the domain name.
    1. A reverse name lookup record.
    2. An SPF record.Discussions for both of these items are located at the following links:

      https://www.linode.com/docs/networking/dns/setting-reverse-dns
      https://www.linode.com/docs/networking/dns/introduction-to-dns-records#spf

  5. Finally, the Contact Form CF7 plugin has a setting for the “from” address that is used as the sending address.  Typically, you want this to be something like customerservice@mydomain.com, but the default Contact Form setting actually allows the user to put in their own email address which is then included in the email generated by the form, so that you can simply reply to the email generated by the form. A more secure option (and the option required by Google), is to have the from address be in your own domain.  I just use the same address for both. If you look at the message body field below, you can see that the email address of the person making the inquiry will show up in the body of the message.Contact Setup

WordPress: Troubleshooting Contact Forms

Down the rabbit holeI’m trying to get a contact form working on our WordPress site, and it is a little more complicated than I thought it might be.

The contact form plugin itself in WordPress. We’re using Contact Form 7. Documentation for Contact Form 7 says something to the effect “we’re sending upteen zillion eMails a day, and CF form “just works” for everybody.  Well, kinda, sorta. There are several other issues involved:

  • an MTA (mail transfer agent) which maybe (?)  has to be on the WordPress server
  • the php_mail() function which is part of PHP (the programming language for WordPress)
  • the wp_mail() function which may or may not call the php_mail() function
  • Restrictions on to and from addresses.

I wanted to just run everything through our Google Mail SMTP account, but that seems to add an additional layer.  So first I started with our blog site which is on another server, and tested whether the contact form worked there. It actually doesn’t,  that is, it appears to send mail correctly from the users’s perspective, but no email was received anywhere.

 

Per this note I checked to see if anything was listening on port 25, the usual SMTP port.

$ netstat -tanpl | grep :25
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3030/master
tcp6 0 0 ::1:25 :::* LISTEN 3030/master

$ lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
master 3030 root 12u IPv4 9667 0t0 TCP localhost:smtp (LISTEN)
master 3030 root 13u IPv6 9668 0t0 TCP ip6-localhost:smtp (LISTEN)

Looks promising.  it appears that both IP4 and IP6 are listening.

So, I created a basic PHP script to test at the server command line, and saved this as testphpmail.php. There are three parameters, the receiver’s address, the subject and the body of the message.

//This is a test of the basic PHP eMail function.

<?php
mail('joeblow@blow.com', "Test PHP Mail", "Test mail from PHP Mail");
?>

Run this script from the command line with the following command:

php -f testmail.php

This worked; I received the eMail. It shows that it comes from root.  At least  I knew that at least the fundamentals are in place on the server.

Checking the mail log,  at /var/log/mail.log I see the following:

$ cat/var/log/mail.log
May 20 14:28:17 li239-124 postfix/pickup[28709]: 11864F123: uid=0 from=<root>
May 20 14:28:17 li239-124 postfix/cleanup[28806]: 11864F123: message-id=<20160520142817.11864F123@localhost>
May 20 14:28:17 li239-124 postfix/qmgr[3039]: 11864F123: from=<root@localhost>, size=351, nrcpt=1 (queue active)
May 20 14:28:17 li239-124 postfix/smtp[28808]: 11864F123: to=<lkkg@myserver.org>,
relay=aspmx.l.google.com[173.194.204.27]:25, delay=0.21, delays=0.01/0.01/0.1/0.09, 
dsn=2.0.0, status=sent (250 2.0.0 OK 1463754497 e92si18328547qga.115 - gsmtp)

So this shows that the message was sent, using root@localhost as the sender’s address and my work eMail as the target.  And indeed, I received this email at work.

I checked the log file at /var/log/mail.log which presented various points of interest…including the fact that we are running the Postfix sendmail email server.  But there is also a status=bounced message for IP6.

$ cat /var/log/mail.log 
May 20 13:50:15 li239-124 postfix/pickup[13030]: 2973DF23B: uid=33 from=<www-data>
May 20 13:50:15 li239-124 postfix/cleanup[14078]: 2973DF23B: message-id=<49922f80371c574883b8b8d699f47d9b@blog.kidsgardening.org>
May 20 13:50:15 li239-124 postfix/qmgr[3039]: 2973DF23B: from=<www-data@localhost>, size=869, nrcpt=1 (queue active)
May 20 13:50:15 li239-124 postfix/smtp[14080]: 2973DF23B: to=<lkkg@myserver.org>, relay=aspmx.l.google.com[2607:f8b0:400d:c08::1a]:25, delay=0.41, delays=0.01/0.01/0.09/0.3, dsn=5.7.1, 
status=bounced (host aspmx.l.google.com[2607:f8b0:400d:c08::1a] said: 550-5.7.1 [2600:3c03::f03c:91ff:fe6e:916c] Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. 
Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. a139si18154032qkc.140 - gsmtp (in reply to end of DATA command))
May 20 13:50:15 li239-124 postfix/cleanup[14078]: 8DAAAF23C: message-id=<20160520135015.8DAAAF23C@localhost>
May 20 13:50:15 li239-124 postfix/bounce[14081]: 2973DF23B: sender non-delivery notification: 8DAAAF23C
May 20 13:50:15 li239-124 postfix/qmgr[3039]: 8DAAAF23C: from=<>, size=3381, nrcpt=1 (queue active)
May 20 13:50:15 li239-124 postfix/qmgr[3039]: 2973DF23B: removed
May 20 13:50:15 li239-124 postfix/local[14082]: 8DAAAF23C: to=<www-data@localhost>, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May 20 13:50:15 li239-124 postfix/qmgr[3039]: 8DAAAF23C: removed
root@li239-124:~# dpkg -S 'which sendmail'
dpkg-query: no path found matching pattern *which sendmail*.
root@li239-124:~# netstat -tanpl | grep:25
grep:25: command not found
root@li239-124:~# netstat -tanpl | grep :25
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3030/master
tcp6 0 0 ::1:25 :::* LISTEN 3030/master

Just to be sure, I ran the PHP script again having it send to my home email address which is outside my work domain.  This bounced and I didn’t receive it at the home address.  Now,  in theory, this might not be a bad thing, since all of the Contact Form 7  messages from the blog page should be sent to an address within the same domain, like customerservice@myserver.com.

So far, then we’ve established:

  • PostFix is installed on the blog’s server.
  • Contact Form 7 shows that it is sending message, but the messages are bouncing.  (Hmm…I wonder what I’ve been missing all those times? )

This is so typical of IT. You think you’re troubleshooting an issue on one server, and upon investigating the same issue on another server that you think is working…you find that it isn’t and down the rabbit hole you go!