Wiki:Community Portal
From Wiki
I've patched Sendmail, BIND, and SSL more than my M$ boxes this year..
--xpoint 3. jun 2005 kl. 11:09 (CEST)
I can recommend my very "personal training center"
"The book of Postfix". ISBN: 1593270011 Ralf Hildebrandt and Patrick Koetter
It comes with 2 trainers and cost 30-50$
The training schedule is VERY flexible and can be done virtually anywhere (at home, in the train etc.)
Registrations are open now !!
--xpoint 3. jun 2005 kl. 11:11 (CEST)
#!/bin/sh
#
# Daily maintenance for spamassassin bayes, when used by amavisd-new
# place in /etc/cron.daily/ and name it "bayes-maint" or whatever you like
# remember to chmod +x /etc/cron.daily/bayes-maint
# Needed only if spamassassin is in use
# for spamassassin versions prior to 3.0, replace --sync with --rebuild
# to test, temporarily remove >/dev/null 2>&1
# assumes amavisd-new user name is 'amavis', modify user name, program name
# and paths as needed.
umask 027
test -e /usr/bin/sa-learn && test -e /usr/local/sbin/amavisd && {
su - amavis '/usr/bin/sa-learn --sync --force-expire -D' >/dev/null 2>&1
}
exit 0
@virus_admin_maps = (
new_RE( [qr'^(.*)(@[^@])?$' => 'virusalert${2}'] ),
);
See README.lookups.
Contents |
[edit] Wireless Collsns
4: ra0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0e:2e:38:8b:41 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 88819503 283493 0 0 0 52 TX: bytes packets errors dropped carrier collsns 222825337 317567 837 837 0 2538
why ?
[edit] How-to
Fairly Secure Anti Spam Wiki - Fairly-Secure Anti-Spam
domainkeys in postfix
domainkeys in postfix for debian how-to
[edit] Postfix mysql
user = mail
password = password
hosts = localhost
dbname = mail
table = aliases left join vdomains on vdomains.domainid = aliases.domainid
select_field = case when count(aliases.alias) = 1 then "OK" when count(aliases.alias) = 0 then "REJECT" END AS 'access'
where_field = concat(LEFT(aliases.alias, LOCATE('@',aliases.alias)),vdomains.domain)
hmm :-)
[edit] How to rsyncd & gensync
thanks Gunnar Wrobel
[edit] Postfix Rules
220 amiga.junc.org ESMTP Postfix 250 amiga.junc.org 501 Bad address syntax 503 Error: need MAIL command 503 Error: need RCPT command 221 Error: I can break rules, too. Goodbye.
somebody learns fast :-)
[edit] Razor2 for use with amavisd-new. Mini HOWTO
These are ad-hoc observations, and may not be 100% accurate.
Configuring Razor2 used to baffle me. I had no idea what the program wanted to run successfully, and how to integrate it into amavisd-new properly. The experiences I relay in this post I believe are generic to recent versions of razor, but I know that different versions may behave differently at times.
When razor starts up, it simply wants to find its configuration and data files. The beauty of razor is, it already knows what its conf and data files should look like, so (at least in recent versions) if no conf and data files exist, it simply uses what it already knows (the defaults). This at least allows the program to run. This would actually be fine, except that one of the defaults is to keep a log. That log, if left unattended, will eventually fill up a hard disk. So, we need to have an actual conf file that we can use to override that default.
When razor starts up, it looks for its data files in the home directory of the user that starts the program. It will look for its conf file in either /etc/razor or the home directory of the user that starts the program. If it finds /etc/razor/razor-agent.conf it will assume this is a global conf file. This file may be useful in some cases, but in the case where the only two users that will actually use razor are root and the amavisd-new user, this file makes razor configuration more difficult. The reason is this - when you run 'razor-admin -create' it creates the data files in $HOME/.razor. It should also create razor-agent.conf, but if /etc/razor/razor-agent.conf already exists, it assumes you don't need your own personal razor-agent.conf. So, I would first get rid of the annoying /etc/razor/razor-agent.conf before you run 'razor-admin -create'. Some distros (like Debian) create this annoying file, and others do not. OK, so we got rid of that file, now we can set up razor. At this point these two commands are everything we need to make razor work properly:
razor-admin -create (This creates the data and conf files in our $HOME/.razor directory) razor-admin -register (This generates a unique user name and password used to connect to the razor servers. Run this again if you get an error on the first try.)
If we ran these as root, we should have a /root/.razor directory with files like these in it:
lrwxrwxrwx 1 root root 19 2005-08-11 02:08 identity -> identity-ru4lEKie45 -rw------- 1 root root 90 2005-08-11 02:08 identity-ru4lEKie45 -rw-r--r-- 1 root root 698 2005-08-11 02:07 razor-agent.conf -rw-r--r-- 1 root root 648 2005-08-11 02:08 razor-agent.log -rw-r--r-- 1 root root 511 2005-08-11 02:07 server.folly.cloudmark.com.conf -rw-r--r-- 1 root root 484 2005-08-11 02:07 server.joy.cloudmark.com.conf -rw-r--r-- 1 root root 20 2005-08-11 02:07 servers.catalogue.lst -rw-r--r-- 1 root root 22 2005-08-11 02:07 servers.discovery.lst -rw-r--r-- 1 root root 38 2005-08-11 02:07 servers.nomination.lst
If you don't have razor-agent.conf, you can guess the reason! (Yes, you can simply copy /etc/razor/razor-agent.conf here if you like - but you MUST run 'razor-admin -create' BEFORE you do!) Maybe it's somewhere else? If it did not create razor-agent.conf you can be fairly certain there is one *somewhere* else. I suggest you seek and destroy, then run 'razor-admin -create again'.
Run 'spamassassin --lint -D' to see all kinds of razor related stuff that shows you that it is working.
Now the reason for this exercise. Edit /root/.razor/razor-agent.conf and change the debuglevel from 3 to 0 to prevent logging.
Now we need do the same for the amavisd-new user. Let's assume the amavisd user's name is 'vscan'.
If the user 'vscan' has shell access:
su vscan -c 'razor-admin -create' su vscan -c 'razor-admin -register'
This will create similar files it created for user 'root', but it will create them in vscan's home directory. This is often /var/amavis or /var/lib/amavis.
So now, for example, you would edit /var/amavis/.razor/razor-agent.conf and change the debuglevel from 3 to 0 to prevent logging.
We can test with:
su vscan -c 'spamassassin --lint -D'
If your amavisd-new user does not have shell access (you are probably using a Scott L. Henderson howto), you use a different method to create the files that amavisd-new needs, you simply make a copy of the files that were created for root:
cp -R /root/.razor /var/amavis (for example)
All these files will be owned by root, so the proper thing to do is to give them to your amavis user. In this example the amavis uid/gid will be 'amavis'.
chown -R amavis:amavis /var/amavis (for example, might as well do the whole tree while we are at it.)
Since in this case we don't have shell access, and therefore can't 'su amavis', run:
amavisd stop amavisd debug-sa and watch for the razor stuff. (Ctrl+c to cancel) amavisd start
Here is happiness from 'amavisd debug-sa':
Razor-Log: Computed user confpath from env: /var/amavis/.razor Razor-Log: read_file: 15 items read from /var/amavis/.razor/razor-agent.conf Razor-Log: Computed razorhome from env: /var/amavis/.razor Razor-Log: Found razorhome: /var/amavis/.razor <...> debug: Razor2 results: spam?
Thanks to Gary V for this howto
[edit] > Razor2 for use with amavisd-new. Mini HOWTO
Thanks, nice.
One general remark: it is better if the not-to-be-mucked-with files such as razor-agent.conf are not owned by (nor live in a directory owned by) vscan, just in case. It is safer to have them owned by root and let them live perhaps in /etc.
For the same reason I also prefer if the directory /var/amavis is owned by root and not writable by vscan, but provide a subdirectory such as /var/amavis/home, owned by vscan, where SA and other dynamic data files can live:
$MYHOME = '/var/amavis'; # a convenient default for other settings $helpers_home = "$MYHOME/home"; # prefer $MYHOME clean and owned by root $pid_file = "$helpers_home/amavisd.pid"; $lock_file = "$helpers_home/amavisd.lock";
The ownerships/protections are then something like:
$ ll -d /var/amavis drwxr-x--x 8 root wheel 512 Aug 5 15:29 /var/amavis
$ ll -d /var/amavis/home drwxr-x--- 5 vscan vscan 512 Aug 11 09:48 /var/amavis/home
$ ll /var/amavis/home/ drwxrwxr-x 2 vscan vscan 512 Aug 5 02:17 .pyzor drwxrwxr-x 2 vscan vscan 512 Aug 11 09:44 .razor drwxrwxr-x 2 vscan vscan 512 Aug 11 10:09 .spamassassin -rw-r----- 1 vscan vscan 0 Aug 11 10:09 amavisd.lock -rw-r----- 1 vscan vscan 6 Aug 11 09:48 amavisd.pid
Thanks Mark for this corrections
[edit] Maildrop in postfix master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vmail
argv=/usr/bin/maildrop -w 80 -d ${user} ${sender} ${recipient} ${extension}
-o maildrop_destination_recipient_limit = 1
This should work
[edit] Inteligente ting ældre mennesker falder for
the rabbit vil måske give dig nogen flere kaniner ?
[edit] Cluster Filesystems
drbd nogen som kender den ?
[edit] Amavisd-new
--main.cf-- content_filter = smtp-amavis:[127.0.0.1]:10024
--master.cf-- smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes -o smtp_send_xforward_command=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o disable_dns_lookups=yes -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o myhostname=localhost.junc.org -o strict_rfc821_envelopes=yes -o header_checks= -o body_checks= -o mime_header_checks= -o nested_header_checks= -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o smtpd_authorized_xforward_hosts=127.0.0.0/8
this is my amavisd config for postfix
