That happened a few days later when I tried to use Apple’s Back to My Mac — it just didn’t work. After some network tracing I found out that the Apple machine sent DNS SOA requests but never got a reply back. It turned out that all SOA request got blocked somewhere. Sending requests to my own name server (host -t soa blackdown.de ns.blackdown.de) and tracing DNS there showed that no packet ever arrived.

I put the Speedport back into router-mode at this point and, who would have guessed it, SOA requests worked fine again.

After fruitless discussions with Deutsche Telekom support (it was impossible to find anyone who even remotely understood what I was talking about) and sending a bug report to AVM (the 701V actually is a FRITZ!Box) which never got an answer, I finally solved the problem by putting a Freetz firmware on the Speedport. This firmware had an option to disable the PPPoE-Filter. After disabling the filter the device worked flawlessly in modem-mode.

Now, a few days ago, I switched to VDSL and got a new router: a Speedport W920V.
First thing I did was to put it into modem-mode. And there it was again, the DNS SOA problem!

Knowing what the problem was, I found a simpler fix this time:

1. Download the configuration from the device
2. Manually change dnsfilter_for_active_directory = yes; to dnsfilter_for_active_directory = no; in the pppoefw section
3. Manually change ipnetbiosfilter = yes; to ipnetbiosfilter = no; in the pppoefw section
4. Insert a NoChecks=yes line after the Country=… line in the header to make the device accept the modified file although its checksum is wrong now
5. Upload the modified configuration to the device

(If you have a local NTP server, you also might want to add it to the server_list in the ntpclient section while editing the configuration of the Speedport.)

Read the complete SSL setup guide here: Securing WordPress 2 Admin Access With SSL

Regarding WordPress security, please note that there still is a possible exploit for 2.0.6: New WordPress exploit also affects version 2.0.6
Make sure you use safe a PHP version and set register_globals = off.

The built-in sound card is completely unsupported at this time. As I did not feel like writing a driver for it, I plugged in an old USB sound device (Creative Sound Blaster Audigy 2 NX). At first this did not work, I just got oopses. But with a small fix (included in the kernel since 2.6.15.5) it started to work.

Next I tried to set up ALSA‘s dmix plug-in with S16 which resulted in horrible crackling: The byte swapping code was broken.

Also, ALSA’s softvol plug-in (not strictly necessary but nice to have with GNOME’s volume control applet) didn’t work, it did not support any format available with snd-usb-audio on big-endian machines.

Here are the fixes for these two problems (against alsa-lib-1.0.11rc3):

• alsa-dmix-fix.patch
• alsa-softvol.patch

If somebody is interested, here is the USB-Audio.conf I use with my Audigy 2 NX.

By the way: Is it normal that the dmix plug-in consumes 100% CPU?

April 9th, 2006: The patches have been integrated into alsa-libs 1.0.11rc4, the 100% CPU issue is fixed in that version too.
There’s also a ALSA driver for the chip in the PowerMac Quad now, see this mail from Johannes Berg.

The situation has not changed much since WordPress 1.5: WordPress 2.0 still does not support HTTPS access to the admin area when the rest of the blog is served via normal HTTP and I still do not like logging in to my server over unencrypted connections, especially not when using public WLANs. Getting around this WordPress limitation requires quite a few steps:

The Goal

All communication involving passwords or authentication cookies should be done over HTTPS connections. wp-login.php and the wp-admin directory should only be accessible over HTTPS.
Normal reading access, as well as comments, tracebacks, and pingbacks still should go over ordinary HTTP.

The Plan

• Add an HTTPS virtual host that forwards requests to the HTTP virtual host
• Modify WordPress to send secure authentication cookies, so cookies never get sent over insecure connections accidentally
• Require a valid certificate on HTTPS clients. That means to log in to WordPress you need both a valid certificate and a valid password. If someone manages to get your password, he still can not login because he does not have a valid certificate.

The Implementation

Note: This documentation assumes a Debian sarge installation with Apache 2. Some things, in particular Apache module related ones, will be different on other systems.
The server used throughout the instructions is example.org/192.0.34.166. The server’s DocumentRoot is /blog and WordPress resides in /blog/wp. The value of WordPress’ home option is ‘http://example.org&/#8217; and the value of its site_url option is ‘http://example.org/wp’.

• Prepare the SSL certificates:
  • Generate your own certificate authority (CA) if you don’t have one already (I’m using the makefile from OpenSSL Certificate Authority Setup for managing mine) and import it into your browser.
  • Generate a certificate for the SSL server and certify it with your private CA.
  • Generate a certificate for your browser and certify it with your private CA. Most browsers expect a PKCS#12 file, so generate one with

    $ openssl pkcs12 -export -clcerts \
        -in blogclient.cert \
        -inkey blogclient.key \
        -out blogclient.p12

    Then import blogclient.p12 into your browser.

• Make WordPress SSL-ready:
  Apply this patch to the WordPress code. It makes the following changes:
  • Use secure authentication cookies in wp_setcookie()
  • Make check_admin_referer() work with HTTPS URLs
  • Use HTTPS URLs for notification mails
  • Use HTTPS URLS for redirects to wp-login.php
  • Only allow XML-RPC logins from the local host (ie. the HTTPS proxy)
  • Add the Mark-as-Spam feature from trunk

  The patch is against svn version 3825 of WordPress (ie. WordPress 2.0.3), when you apply it to a newer version, you will likely get some harmless ‘Hunk succeeded’ message. If you are getting ‘Hunk FAILED’ message, just send me note and I’ll update the patch.

• Enable the necessary Apache modules:
  • Install mod_proxy_html. It will be used to replace absolute ‘http://example.org&/#8217; HTTP URLs in the WordPress output with ‘https://example.org&/#8217; HTTPS URLs:

    $ aptitude install libapache2-mod-proxy-html

    The module gets enabled automatically after installation.

  • Enable mod_proxy and mod_ssl

    $ a2enmod proxy
    $ a2enmod ssl

    Debian provides sane default configurations for both modules. You might want to take a look at the configuration files (ssl.conf and proxy.conf) nevertheless.
    I have changed SSLCipherSuite to

    TLSv1:SSLv3:!SSLv2:!aNULL:!eNULL:!NULL:!EXP:!DES:!MEDIUM:!LOW:@STRENGTH

    in ssl.conf in order to just allow TLS v1 and SSL v3 ciphers which provide strong encryption and authentication (see ciphers(1)).

  • If you are compressing WordPress output (that is if you enabled the ‘WordPress should compress articles (gzip) if browsers ask for them’ option) then also enable mod_headers:

    $ a2enmod headers

• Configure Apache to listen on the HTTPS port

  $ cat > /etc/apache2/conf.d/ssl.conf << EOF
  <IfModule mod_ssl.c>
  	Listen 443
  </IfModule>
  EOF

• Modify the blog virtual host to limit access to wp-login.php and wp-admin to the local host. Also completely deny access to files which should never be accessed directly. Here is an example: 10-wp2-example.org
• Now setup the HTTPS virtual server: 20-wp2-example.org-ssl
  If you are compressing WordPress output you have to enable the RequestHeader line.
• Enable the site and restart Apache

  $ a2ensite 20-blog-ssl
  $ /etc/init.d/apache2 restart

• Remove the old WP cookies from your browser
• Test the new setup!

February 1st, 2006: wp2-ssl.patch updated for WordPress 2.0.1

March 11st, 2006: WordPress 2.0.2 has been released, fixing some security issues. The HTTPS patch still applies fine to that version.

March 19th, 2006: Updated wp2-ssl.patch. Changes: Fix bug in list-manipulation.php, use HTTPS for ‘Login’ and ‘Register’ links, backport ‘Mark-as-Spam’ feature from trunk

May 1st, 2006: WordPress 2.0.3 has been released. Here is the updated wp2-ssl.patch.

July 29th, 2006: WordPress 2.0.4 has been released, fixing some security issues. Here is an updated version of the wp2-ssl.patch.

January 12st, 2007: wp2-ssl.patch updated for 2.0.6 and 2.0.7-RC1

January 15st, 2007: WordPress 2.0.7 has been released. The patch still applies fine to that version.

• Build a udev rule to give the mouse device a static name: I’m using

  ACTION=="add", \
    KERNEL=="event*", \
    SUBSYSTEM=="input", \
    SYSFS{manufacturer}=="Logitech", \
    SYSFS{product}=="USB Receiver", \
    NAME="input/mx1000"

  in /etc/udev/rules.d/010_local.rules.
  After restarting udev and replugging the mouse, you should see a device named /dev/input/mx1000.

• /etc/X11/xorg.conf:

  Section "InputDevice"
   Identifier "MX1000"
   Driver     "evdev"
   Option     "CorePointer"
   Option     "Device"    "/dev/input/mx1000"
  EndSection

• ~/.xbindkeysrc:
  (You have to install xbindkeys and xvkbd for this; I’m starting xbindkeys in ~/.gnomerc)

  # Backward and Forward buttons
  "xvkbd -text "\[Alt_L]\[Left]""
    m:0x10 + b:8
  "xvkbd -text "\[Alt_L]\[Right]""
    m:0x10 + b:9
  
  # "Cruise Control" disabled:
  #"xvkbd -text "\[Page_Up]""
  #  m:0x10 + b:11
  #"xvkbd -text "\[Page_Down]""
  #  m:0x10 + b:12
  
  # "Cruise Control" enabled:
  # Work-around extra events
  "~/bin/click 4"
   m:0x10 + b:11
  "~/bin/click 5"
   m:0x10 + b:12
  
  # Application-Switch button
  # A-Tab doesn't work
  # Use it as another Forward for now
  "xvkbd -text "\[Alt_L]\[Right]""
    m:0x10 + b:10

  Using the Application-Switch button for switching windows in GNOME doesn’t work because it would require holding down the Alt key while pressing Tab several times, xvkbd can’t do that. I’m using the button as another Forward now, it’s easier to reach than the real Forward button.
  Defining actions for the Cruise Control buttons only makes sense when Cruise Control is disabled (you can disable it with lmctl or the Logitech Mouse Applet). If it is disabled, the buttons generate 11 and 12. When it is enabled, they generate a single button 11 or 12 event and then a series of button 4 or 5 events just like scrolling the wheel does.
  I have no idea why the mouse generates 11 or 12 before starting normal scrolling in Cruise Control mode. I’m mapping 11 and 12 to a little utility (click by Jeremy Nickurak) which replaces these bogus events with normal scroll events.

• At this point the Backward and Forward buttons should work in GNOME, KDE, and Mozilla-based browsers. Horizontal scrolling should work in GNOME and KDE.
  Mozilla-based browser like Firefox need two additional changes to get horizontal scrolling working with the tilt wheel: Open about:config and set

  mousewheel.horizscroll.withnokey.action = 0
  mousewheel.horizscroll.withnokey.sysnumlines = true

January 18th, 2006: The evdev driver in XOrg 6.9 is broken on big-endian machines like powerpc. Here’s a fix.

The official sarge installer still uses a 2.4 kernel by default but includes a 2.6 kernel that can be used by booting with "install26" or "expert26". But even that kernel, 2.6.8, is too old for the Inspiron 9300. It still doesn’t recognize the hard disk.

Ubuntu’s installer, which uses a 2.6.11 kernel, works fine on the machine. Although Ubuntu is a nice distribution, I like pure Debian better. Unfortunately I wasn’t able to find any 2.6.11 based Debian installer on the net, even a question on debian-boot yielded nothing.

Anyhow, I finally had the time to build one myself:
debian-2.6.11-i386-businesscard.iso (GPG signature)

The image is basically a sarge businesscard ISO with a 2.6.11 kernel from Debian testing instead of the original 2.6.8 kernel.

Unlike with Ubuntu, installation on the Inspiron 9300 still doesn’t work out of the box but with a few tricks I was able to install Debian sarge:

• Boot with expert26
• When the installer starts up, switch to the second console (Alt-F2) and enter these commands:

  ~ # modprobe ide_generic
  ~ # modprobe ata_piix

  Without this the installer won’t find the CD-ROM.

• If network configuration via DHCP fails, just retry — worked for me
• When asked what version of Debian you would like to install, choose stable. Installing testing or unstable directly doesn’t work.
• It doesn’t matter which kernel you choose to install, we have to replace it with a 2.6.11 kernel later anyway
• Just before the first reboot, that means right after the installer ejects the CD-ROM, switch back to console two. Now download and install the latest available Debian kernel. I’ve used 2.6.11-1-686:

  ~ # mount -t proc proc /target/proc
  ~ # chroot /target
  sh-2.05b# cd /root
  sh-2.05b# wget http://blog.blackdown.de/static/debian/kernel-image-2.6.11-1-686_2.6.11-7_i386.deb
  sh-2.05b# dpkg -i kernel-image-2.6.11-1-686_2.6.11-7_i386.deb
  …
  sh-2.05b# exit
  ~ # umount /target/proc

• Reboot (using the kernel just installed) and complete the installation
• Upgrade to testing or unstable
• Build a custom kernel (2.6.12 or newer). It’s probably a good idea to include some additional libata patches. To get the DVD drive working you have to apply this patch.

As one can guess from the look of this site, I’m using WordPress as my blog engine. At this time WordPress does not support HTTPS access to the admin area when the rest of the blog is served via normal HTTP. This is a bit unfortunate. I do not like logging in to my server over unencrypted connections, especially not when using public WLANs. Getting around this WordPress limitation requires quite a few steps:

The Goal

All communication involving passwords or authentication cookies should be done over HTTPS connections. wp-login.php and the wp-admin directory should only be accessible over HTTPS.
Normal reading access, as well as comments, tracebacks, and pingbacks still should go over ordinary HTTP.

The Plan

• Add an HTTPS virtual host that forwards requests to the HTTP virtual host
• Modify WordPress to send secure authentication cookies, so cookies never get sent over insecure connections accidentally
• Require a valid certificate on HTTPS clients. That means to log in to WordPress you need both a valid certificate and a valid password. If someone manages to get your password, he still can not login because he does not have a valid certificate.

The Implementation

Note: This documentation assumes a Debian sarge installation with Apache 2. Some things, in particular Apache module related ones, will be different on other systems.
The server used throughout the instructions is example.org/192.0.34.166. The server’s DocumentRoot is /blog and WordPress resides in /blog/wp. The value of WordPress’ home option is ‘http://example.org&/#8217; and the value of its site_url option is ‘http://example.org/wp’.

• Prepare the SSL certificates:
  • Generate your own certificate authority (CA) if you don’t have one already (I’m using the makefile from OpenSSL Certificate Authority Setup for managing mine) and import it into your browser.
  • Generate a certificate for the SSL server and certify it with your private CA.
  • Generate a certificate for your browser and certify it with your private CA. Most browsers expect a PKCS#12 file, so generate one with

    $ openssl pkcs12 -export -clcerts \
        -in blogclient.cert \
        -inkey blogclient.key \
        -out blogclient.p12

    Then import blogclient.p12 into your browser.

• Make WordPress SSL-ready:
  Apply this patch to the WordPress code. It makes the following changes:
  • Use secure authentication cookies in wp_setcookie()
  • Make check_admin_referer() working with HTTPS URLs
  • Disable login over XML-RPC
• Enable the necessary Apache modules:
  • Install mod_proxy_html. It will be used to replace absolute ‘http://example.org&/#8217; HTTP URLs in the WordPress output with ‘https://example.org&/#8217; HTTPS URLs:

    $ aptitude install libapache2-mod-proxy-html

    The module gets enabled automatically after installation.

  • Enable mod_proxy and mod_ssl

    $ a2enmod proxy
    $ a2enmod ssl

    Debian provides sane default configurations for both modules. You might want to take a look at the configuration files (ssl.conf and proxy.conf) nevertheless.

  • If you are compressing WordPress output (that is if you enabled the ‘WordPress should compress articles (gzip) if browsers ask for them’ option) then also enable mod_headers:

    $ a2enmod headers

• Configure Apache to listen on the HTTPS port

  $ cat > /etc/apache2/conf.d/ssl.conf << EOF
  <IfModule mod_ssl.c>
  	Listen 443
  </IfModule>
  EOF

• Modify the blog virtual host to limit access to wp-login.php and wp-admin to the local host. Also completely deny access to files which should never be accessed directly. Here is an example: 10-example.org
• Now setup the HTTPS virtual server: 20-example.org-ssl
  If you are compressing WordPress output you have to enable the RequestHeader line.
• Enable the site and restart Apache

  $ a2ensite 20-blog-ssl
  $ /etc/init.d/apache2 restart

• Remove the old WP cookies from your browser
• Test the new setup!

I’m not completely satisfied with the MX1000. It’s too heavy and a bit too small for my hands. The notable exception is the Forward button, it’s too far away from my thumb. I’ve had the last problem with the IntelliMouse Explorer too. I still have a few IntelliMouse Optical on other machines, I really like that mouse. Perfect Size, good wheel, easily reachable side buttons. The only drawback is the annoying big red light.

Anyhow, back to the MX1000. Only a few changes to my configuration for the IntelliMouse Explorer where needed to get it working. Here’s my new configuration:

• /etc/X11/XF86Config-4 or /etc/X11/xorg.conf:

  Section "InputDevice"
   Identifier "MX1000"
   Driver     "mouse"
   Option     "CorePointer"
   Option     "Protocol"        "evdev"
   Option     "Dev Name"        "Logitech USB Receiver"
   Option     "Buttons"         "12"
   Option     "ZAxisMapping"    "11 12 10 9"
   Option     "Resolution"      "800"
   Option     "Emulate3Buttons" "false"
  EndSection

• /etc/X11/Xmodmap:

  ! MX1000
  pointer = 1 2 3 8 9 10 11 12 6 7 4 5

  This gets the buttons in right order: Scrolling the wheel generates 4 and 5, tilting the wheel 6 and 7.

• ~/.xbindkeysrc:
  (You have to install xbindkeys and xvkbd for this; I’m starting xbindkeys in ~/.gnomerc)

  # Backward and Forward buttons
  "xvkbd -text "\[Alt_L]\[Left]""
    m:0x10 + b:8
  "xvkbd -text "\[Alt_L]\[Right]""
    m:0x10 + b:9
  
  # "Cruise Control" disabled:
  #"xvkbd -text "\[Page_Up]""
  #  m:0x10 + b:11
  #"xvkbd -text "\[Page_Down]""
  #  m:0x10 + b:12
  
  # "Cruise Control" enabled:
  # Only use this if you have problems with Mozilla
  #"NoCommand"
  #  m:0x10 + b:11
  #"NoCommand"
  #  m:0x10 + b:12
  
  # Application-Switch button
  # A-Tab doesn't work
  # Use it as another Forward for now
  "xvkbd -text "\[Alt_L]\[Right]""
    m:0x10 + b:10

  Using the Application-Switch button for switching windows in GNOME doesn’t work because it would require holding down the Alt key while pressing Tab several times, xvkbd can’t do that. I’m using the button as another Forward now, it’s easier to reach than the real Forward button.
  Defining actions for the Cruise Control buttons only makes sense when Cruise Control is disabled (you can disable it with the Logitech Mouse Applet). If it is disabled, the buttons generate 11 and 12. When it is enabled, they generate a single button 11 or 12 event and then a series of button 4 or 5 events just like scrolling the wheel does.
  I have no idea why the mouse generates 11 or 12 before starting normal scrolling in Cruise Control mode. I’m mapping 11 and 12 to “NoCommand”, this eliminates the ButtonPress but not the ButtonRelease event. This seems to eliminate the negative effects of the extra button events in Mozilla. (Mozilla interprets the 11 and 12 events as normal left clicks, Firefox doesn’t have this issue. So if you’re using Firefox or if you don’t see the left-click problem with your Mozilla build, then don’t bind 11 and 12 to anything.)

• At this point the Backward and Forward buttons should work in GNOME, KDE, and Mozilla-based browsers. Horizontal scrolling should work in GNOME and KDE.
  Mozilla-based browser like Firefox need two additional changes to get horizontal scrolling working with the tilt wheel: Open about:config and set

  mousewheel.horizscroll.withnokey.action = 0
  mousewheel.horizscroll.withnokey.sysnumlines = true

April 5th, 2005: Update: Don’t bind 11/12 to anything in Cruise Control mode by default (only needed if there are problems with Mozilla). Fixed the "Cruise Control" comments in ~/.xbindkeysrc.

January 15th, 2006: Xorg 6.9 and later come with a different evdev driver. I’ve made an updated version of this guide now.

My exim configuration uses three different cyrus_sasl authenticators and each exim invocation resulted in three of these OTP warnings because exim calls sasl_listmech() for each configured authenticator. It doesn’t specify a limiting mech_list, that means SASL will test which of all installed mechs actually can be used for authentication. Debian’s SASL package includes libotp.so, so it also tries to use OTP which is not configured on my system.

There are two ways to get rid off the warnings:

• Remove /usr/lib/sasl2/libotp.*. You’ll have to do this after each upgrade of the libsasl2-modules package.
• Rebuild exim with this patch. The patch specifies a limiting mech_list option for SASL. This limits sasl_listmech() to the mechs used in the exim configuration. Other mechs won’t be tried anymore.

May 3rd, 2005: A slightly modified version of the patch has been integrated into Exim CVS and will be included in the next Debian release of exim4 (see Debian bug #299743)

That means libc.so.6 is linked statically now. But glibc’s getpwnam and getpwuid implementations still need the shared libraries. The needed libraries must be copied into the chroot because mysqld calls those functions after calling chroot. I’ve updated the mysql-chroot script accordingly.
(The rest of the chroot setup procedure still works as described in Chrooting MySQL on Debian.)

By the way, I’ve filed a wishlist bug at Debian’s BTS (#299265). mysqld should do all /etc/passwd lookups before calling chroot. That way chrooting would work without $CHROOT/etc/passwd and with copying any libraries into the chroot. That’s how Apache and Bind 9 do it.

March 17th, 2005: Debian has removed the -all-static flag again. I’m leaving the additional bits in the chroot script however, just in case the maintainers decide to add the flag again.

<VirtualHost 127.0.0.2:80>
        ServerName JustForOpeningSyslog
        Redirect permanent / http://127.0.0.1/
        ErrorLog syslog
</VirtualHost>

Now apache calls openlog(3) with LOG_NDELAY before being chrooted by libapache2-mod-chroot, and libapache2-mod-php4’s syslog(3) calls work just fine.
(Idea stolen from syslog(3) and chroot(2).)

But I’ve found no guide for chrooting MySQL, so here’s my short recipe:

• Prepare the chroot directory. It’s recommended to use an extra partition/filesystem for it. I will use /srv/mysql (which is an LVM2 partition with an ext3 filesystem on my system) for the rest of the text.
• Stop MySQL:

  /etc/init.d/mysql stop

• Copy the databases to new location:

  mkdir -p /srv/mysql/var/lib
  cp -a /var/lib/mysql /srv/mysql/var/lib

• Copy this script to /etc/default/mysql-chroot
• Edit /etc/init.d/mysql:
  • Source the mysql-chroot script somewhere at the top:

    …
    test -x /usr/sbin/mysqld || exit 0
    
    . /etc/default/mysql-chroot
    
    SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
    …

  • Run setup_chroot right in the start section:

    …
    if mysqld_status check_alive nowarn; then
      echo "...already running."
    else
      setup_chroot
      /usr/bin/mysqld_safe > /dev/null 2>&1 &
    …

  • Somehow /var/run/mysqld/mysqld.pid disappears after each start. We have to create it each time, otherwise the stop command won’t work properly:

    …
    if mysqld_status check_alive warn; then
      echo "."
      ln -sf $CHROOT_DIR/var/run/mysqld/mysqld.pid \
                     /var/run/mysqld
      # Now start mysqlcheck or whatever the admin wants.
      /etc/mysql/debian-start
    …

• In /etc/mysql/debian.cnf, change the socket line to:

  socket = /srv/mysql/var/run/mysqld/mysqld.sock

• In /etc/mysql/my.cnf:
  • Change the socket line in the [client] section to:

    socket = /srv/mysql/var/run/mysqld/mysqld.sock

    Don’t change the socket lines in the other sections!

  • Add

    chroot = /srv/mysql

    to the [mysqld] section.

• Prepend /srv/mysql to the log files listed in /etc/logrotate.d/mysql-server
• Start MySQL:

  /etc/init.d/mysql start

• Check /var/log/syslog for errors ;-)

March 13th, 2005: I’ve updated the script for newer Debian packages, see Updated MySQL Chroot Script for more information.

July 30th, 2006: These modifications still work fine on the current stable Debian release (3.1, “sarge”). The mysql packages in the testing (“etch”) and unstable (“sid”) distributions of Debian need a few additional changes, I’ll post an updated guide in a few days.

December 30th, 2006: I’ve made an updated guide on how to chroot more recent MySQL packages on Debian and Ubuntu

• Mouse section from /etc/X11/XF86Config-4:

  Section "InputDevice"
    Identifier "Configured Mouse"
    Driver     "mouse"
    Option     "CorePointer"
    Option     "Protocol"        "evdev"
    Option     "Dev Name"        "*Microsoft IntelliMouse*"
    Option     "Buttons"         "9"
    Option     "ZAxisMapping"    "8 9 6 7"
    Option     "Emulate3Buttons" "false"
  EndSection

• To get the buttons in the correct order for X11, change /etc/X11/Xmodmap to:

  pointer = 1 2 3 8 9 7 6 4 5

  Now horizontal scrolling should work with GNOME!

• In Mozilla-based browsers however, tilting the wheel moves back- or forward in the history now. To fix this open about:config and set mousewheel.horizscroll.withnokey.action to 0.
  Unfortunately Mozilla and GNOME seem to have different interpretations of left and right; set mousewheel.horizscroll.withnokey.sysnumlines to true to fix that.
• To get the sides buttons going back- and forward in history again, install xbindkeys and xvkbd. Bind the buttons to Alt-Left and Alt-Right in ~/.xbindkeysrc:

  "xvkbd -text "\[Alt_L]\[Left]""
    m:0x10 + b:8
  "xvkbd -text "\[Alt_L]\[Right]""
    m:0x10 + b:9

  and run xbindkeys in ~/.gnomerc

January 15th, 2006: Xorg 6.9 and later come with a different evdev driver. I’ve made a new guide now. The new guide talks about the Logitech MX1000 but it’s quite easy to adapt the configuartion for other mice.

• /etc/exim4/exim.pl:
  Don’t forget to change ppp0 to the interface you want to handle!

  #! /usr/bin/perl
  
  # Requires libio-interface-perl
  
  use strict;
  use IO::Socket;
  use IO::Interface;
  
  sub get_remote_helo_data()
  {
      my $s = IO::Socket::INET->new(Proto => 'udp');
      my $addr = inet_aton($s->if_addr('ppp0'));
      my $hostname = gethostbyaddr($addr, AF_INET);
  
      $hostname = '' if (!$hostname);
  
      return $hostname;
  }
  

• /etc/exim4/conf.d/main/50_exim4-localconfig_perl:

  #main/50_exim4-localconfig_perl
  perl_at_start = true
  perl_startup = do '/etc/exim4/exim.pl'
  

• Add the following code to the appropriate transport, e.g. remote_smtp_smarthost:

  helo_data = \
    ${if >{${strlen:${perl{get_remote_helo_data}}}}{0} \
                   {${perl{get_remote_helo_data}}} \
                   {$primary_hostname}}