Archive

Archive for October, 2010

postfix’s filtering mechanism (antispam):blacklist & whitelist

October 21st, 2010 3 comments

First of all,modify /etc/postfix/main.cf ,append the following line to the end of it:
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
To add an item to the blacklist:
For example,you want to filter away coming mails that contain words 'A funny game' in the subject,and to reject the mail to the sender,then do as the follows:
Type in /etc/postfix/header_checks:
/^Subject:.*A funny game/ REJECT drop header deny
List of actions:
REJECT : return the mail to the sender;
WARN : receive the letter,and log the information of the matter;
DISCARD : discard the mail,and give no reflection to the sender.
Then,using postmap to test the configuration:
postmap -q - regexp:/etc/postfix/header_checks < /etc/postfix/header_checks
Then reload postfix if no errors prompts:
postfix reload
To test the theory,I send a mail using my gmail account,in which the subject of the mail is 'anotherhi,A funny game'.If it works,the mail should be rejected by the mail server.After I've sent the mail,I can get the response of the mail server:
tail -f /var/log/mail.info:
Oct 21 04:52:14 newserver6484 postfix/smtpd[27138]: connect from mail-qy0-f170.google.com[209.85.216.170]
Oct 21 04:52:15 newserver6484 postfix/smtpd[27138]: 0B8077529A5: client=mail-qy0-f170.google.com[209.85.216.170]
Oct 21 04:52:15 newserver6484 postfix/cleanup[27142]: 0B8077529A5: reject: header Subject: anotherhi,A funny game from mail-qy0-f170.google.com[209.85.216.170]; from= to= proto=ESMTP helo=: 5.7.1 drop header deny
#notice here,the mail is rejected by the mail server
Oct 21 04:52:15 newserver6484 postfix/smtpd[27138]: disconnect from mail-qy0-f170.google.com[209.85.216.170]
In my gmail account,I get a undelivered mail report as follows:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 drop header deny (state 18).
#notice the phrase here :'drop header deny'.
OK,success!Next we're going to add an item to the whitelist.
To add an item into the whitelist:
1.modify /etc/postfix/main.cf
Locate 'smtpd_recipient_restrictions' and type in the following content next to it:
check_recipient_access hash:/etc/postfix/to_white_list, #don't lose the comma
Then :
touch /etc/postfix/to_white_list
The content of the file to_white_list is the items of your whitelist,for example:
[email protected] OK
2.postmap /etc/postfix/to_white_list
postfix reload

After the above operations,[email protected] is then OK to send mail to your mail server.

Set the max pop connections simutaneously of one ip in postfix

October 21st, 2010 1 comment

In postfix by defaults,if one same ip has more than 4 pop3/imap clients to simutaneously receiving letters from(for example,your company has 5 people to connect to the same mail account to receive letters),the server will report the following errors in log file mail.err:
tail -f /var/log/mail.err:
Oct 21 04:27:31 newserver6484 couriertcpd: Maximum connection limit reached for ::ffff:1xxx.xxx.xxx.xxx
#xxx is the busy ip address,may be your company's ip address
To avoid the errors,do as the follows:
vim /etc/courier/pop3d #modify MAXPERIP=40,by default 4
Then,reboot courier-pop:
/etc/init.d/courier-pop restart
After the above operations,using tail -f /var/log/mail.err to see the result.Yes,no errors logged in the file any more.

linux curl to determin whether the site has a 301 redirection(with high efficiency by bash shell)

October 20th, 2010 No comments

Requirements as follows:

I've got a task to determine whether the tons of urls has 301 redirection.Tons of urls,yes,that's what it means,cause you know,about 350 urls.I'm first mad at the task,but then,I tried and get the much more high efficiency way by using bash shell.

The theory of the method is:Using curl with option -I,we can get the header response of the url.If the response contains a line of 'Location:',then we can conclude that the url 301 redirects to another site.

The follows are the procedures of the implementation:

1.touch domain.txt,and copy in it the urls(note:url must begin with 'www.')
www.xx1.jp
www.xx2.jp
www.xx3.jp
www.xx4.jp

2.Then touch if.sh,and chmod +x ./if.sh to endow it with the execution priviledge :
#!/bin/bash
#copyright:doxer.org
rm -rf ./redirect.txt
for i in `cat ./domain.txt`
do
echo -e "----------------------Begin $i----------------------\n" >>./redirect.txt
result=`curl -I --max-time 30 $i|grep -F 'Location:'`
[ $? = 0 ] && echo -e "$i\n" >>./redirect.txt && echo $result >>./redirect.txt
echo -e "----------------------End $i------------------------\n" >>./redirect.txt
done

3.OK!Now use cat ./redirect.txt to see the result:
----------------------Begin www.xx1.jp----------------------

----------------------End www.xx1.jp------------------------

----------------------Begin www.xx2.jp----------------------

----------------------End www.xx2.jp------------------------

----------------------Begin www.xx3.jp----------------------

----------------------End www.xx3.jp------------------------

----------------------Begin www.xx4.jp----------------------
www.xx4.jp

Location: http://xx5.jp/
----------------------End www.xx4.jp------------------------

It's easy and with high efficiency,isn't that?

How to retrieve qmail,postfix omissive letters

October 15th, 2010 No comments

Sometimes,for a variety of reasons,the customer service representatives' mail account can no longer used because of the banned old mail server.In this case,we must set up new pop/imap and smtp mail server in order to let the old mail account go on working.

However,after we've set up the new mail server and users can log in the mail system,you'll get the complaints from your colleagues that they lost some of the former mails from the customers.Yes,that circumstance exists if your colleague just not pull letters from the old mail server in their MUA before the time it crashed.In order to quiet down your staff,you may do as follows:
cp /var/qmail/mailnames/olddomain.tld/service/Maildir/new/* /var/qmail/mailnames/newdomain.tld/service/Maildir/new #copy & re-save
chown -R popuser:popuser /var/qmail/mailnames/newdomain.tld/service/Maildir/new
#take care to chmod directory permissions,for cp operation will make the owner to root
After the operations,you can notify your colleagues to receive letters from [email protected] now.And,the most important,contents include [email protected] that are 'lost' formerly  complained by them.(the same to postfix)

Notice:In this example,two domains are on the same mail server.

If not in your case,please consider using scp or ssh,sftp in replace of cp command.

php session mechanism:files

October 14th, 2010 No comments

Here I'm going to elaborates php session mechanism:files(files mechanism is also the most frequently used one).

In php.ini,session.save_handler = files instruct php using files mechanism in processing session.The files mechanism creates files in directory set by session.save_path in php.ini,and the filename is the cookie value on the client's side(cookie name is set by session.name in php.ini,PHPSESSID by defaults),for example,70mild37sara2jpa2rk3h8bjg1.To get the cookie value on the client's side,you go the follow steps in firefox(Or other browsers):Tools-Page Info-Security-View Cookies.Find the cookie name labeled PHPSESSID,click on it,and get the value of it.

On the server side,after the session's filename is ready,then time for the content of the session.You set the session content in PHP by using the $_SESSION global variable,for example,$_SESSION['email']='[email protected]',$_SESSION['firstname']='ff.Besides,you can use session_id([string $id]) to assign session id manually before session_start() turns up in your code.On the issue of session_id,refer to the url:http://www.php.net/manual/en/function.session-id.php

Then comes the most important matter:the mechanism session accomplish the task to identify unique user.Here are my comprehension on it.

Firstly,after end user opens a browser,which is also called UA(User Agent in computer term) ,a session is created.Then,the server side save the session to a file whose file descriptor specified by the client.Lastly,in order to determine whether the user is the one that talks to him,the server compares the file descriptor to end user's cookie value.

In general,different UA creates different session id.That's why you have to re-login your account after you switch browser from Firefox to IE.

mysql most frequently used sql statements:login,set password,create-import-dump database,add user,repair table,etc.

October 13th, 2010 No comments

Log in:
mysql -h localhost -u root -pyourpassword
set password:
set password for 'root'@'localhost' = password('123456');
create database:
CREATE DATABASE `databasename` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

add mysql account
CREATE USER 'user'@'%' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
flush privileges;
dump database
mysqldump -u root -pyourpassword --no-data --default-character-set=utf8 test>aaa.sql #--no-data,just the table definition without real lines
import
mysql -h localhost -u root -pyourpassword dbname</root/db.sql
repair table
repair table tablename;
#in detail:http://dev.mysql.com/doc/refman/5.1/en/table-maintenance-sql.html

Database Administration Statements
set,show,account management
#in detail:http://dev.mysql.com/doc/refman/5.1/en/sql-syntax-server-administration.html

All sql statements
in detail:http://dev.mysql.com/doc/refman/5.1/en/sql-syntax.html

view amounts of active mysql connections
./mysqladmin -uroot -p -hlocalhost processlist #Or use 'show processlist' in mysql>;
./mysqladmin -uroot -p -hlocalhost status #Threads is the amount of connections
executives under mysql/bin
In detail:http://dev.mysql.com/doc/refman/5.1/en/programs.html
innochecksum                mysql_find_rows
msql2mysql                  mysql_fix_extensions
myisamchk                   mysql_fix_privilege_tables
myisam_ftdump               mysqlhotcopy
myisamlog                   mysqlimport
myisampack                  mysql_install_db
my_print_defaults           mysql_secure_installation
mysql                       mysql_setpermission
mysqlaccess                 mysqlshow
mysqladmin                  mysqlslap
mysqlbinlog                 mysqltest
mysqlbug                    mysql_tzinfo_to_sql
mysqlcheck                  mysql_upgrade
mysql_client_test           mysql_waitpid
mysql_config                mysql_zap
mysql_convert_table_format  perror
mysqld_multi                replace
mysqld_safe                 resolveip
mysqldump                   resolve_stack_dump
mysqldumpslow

use mail command to send mail,postcat to read letter(postfix)

October 11th, 2010 No comments

In linux shell environment,using mail command to send mail,then use postcat command to read letter.

1.mail command
mail [email protected]

#type in the subject of the mail

#Enter,then type in the content of your mail

#press Ctrl+D to end your mail content,it then alerts Cc(carbon copy).If you need a Cc,type in.Then press Enter.The mail will be sent.
2.postcat command to read letter
postcat /var/spool/mail/virtual/yourdomain.tld/mail/new/1286789339.V801I7a28b4M273330.newserver6484
Or,you may also use outlook or other MUA to receive letter,which seems more convenient and advanced,isn't that?

Categories: IT Architecture, Linux, Systems Tags: ,

Solved:Cannot load /etc/httpd/modules/mod_auth_mysql.so into server: libmysqlclient.so.15: cannot open shared object file: No such file or directory

October 9th, 2010 2 comments

Today,when I use /etc/init.d/httpd restart to restart apache,it prints:
Starting httpd: httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/auth_mysql.conf: Cannot load /etc/httpd/modules/mod_auth_mysql.so into server: libmysqlclient.so.15: cannot open shared object file: No such file or directory
In general,this is because mysqlclient lib is absence for the needs of your apache mysql module.Here comes the solution:
wget -O /usr/lib/libmysqlclient.so.15 http://files.directadmin.com/services/es_5.0/libmysqlclient.so.15
After this,restart your apache server again.

PS:If your server is 64 bits,do the follow:
wget -O /usr/lib/libmysqlclient.so.15 http://files.directadmin.com/services/es_5.0_64/libmysqlclient.so.15