2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (230)
- ftp (5)
- IPTABLES (15)
- SFTP (1)
- swap (3)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (31)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (9)
Ldap (5)
Linux (189)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (36)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

Fedora 20 automount nfs fs with autofs

Fedora 20 automount nfs fs with autofs
# yum install autofs

# cat /etc/auto.misc
#
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# Details may be found in the autofs(5) manpage

cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
RemoteDownload -rw,soft,intr 192.168.1.100:/Download

# the following entries are samples to pique your imagination
#linux -ro,soft,intr ftp.example.org:/pub/linux
#boot -fstype=ext2 :/dev/hda1
#floppy -fstype=auto :/dev/fd0
#floppy -fstype=ext2 :/dev/fd0
#e2floppy -fstype=ext2 :/dev/fd0
#jaz -fstype=ext2 :/dev/sdc1
#removable -fstype=ext2 :/dev/hdd

# systemctl start autofs.service
# systemctl enable autofs.service
ln -s ‘/usr/lib/systemd/system/autofs.service’ ‘/etc/systemd/system/multi-user.target.wants/autofs.service’
[root@localhost maccu]# showmount -e serious
Export list for serious:
/Download *

# ls /misc/RemoteDownload/

Single User mode is password protected by the root password on RHEL 7

# RHEL 5
# ——————————————————————————————

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q

# RHEL 6
# ——————————————————————————————

# Edit /etc/inittab and add “su:S:wait:/sbin/sulogin” before ‘initdefault’ line:

vi /etc/inittab
[…]
su:S:wait:/sbin/sulogin
id:3:initdefault:

# Edit /etc/sysconfig/init and replace “SINGLE=/sbin/sushell” with “SINGLE=/sbin/sulogin”:

vi /etc/sysconfig/init
[…]
# Set to ‘/sbin/sulogin’ to prompt for password on single-user mode
# Set to ‘/sbin/sushell’ otherwise
SINGLE=/sbin/sulogin

# RHEL 7
# ——————————————————————————————

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
[…]

[Service]
Environment=HOME=/root
WorkingDirectory=/root
ExecStartPre=-/bin/plymouth quit
ExecStartPre=-/bin/echo -e ‘Welcome to emergency mode! After logging in, type […]
ExecStart=-/bin/sh -c “/usr/sbin/sulogin; /usr/bin/systemctl –fail –no-block default” <--- Type=idle StandardInput=tty-force StandardOutput=inherit StandardError=inherit KillMode=process IgnoreSIGPIPE=no SendSIGHUP=yes

maybe-recordio

Install and use maybe-recordio script

Maybe-recordio is a little script written by John M. Simpson which makes it possible for an SMTP service to selectively enable recordio for certain IPs, so you can see what they are doing without filling up your log files with a lot of extra stuff you don’t need to see from other addresses.

With this script, you can debug SMTP session coming from a determined IP

Additionnal information can be found on http://qmail.jms1.net/scripts/#maybe-recordio
Install it

cd /downloads/scripts
wget http://qmail.jms1.net/scripts/maybe-recordio
cp /downloads/scripts/maybe-recordio /usr/local/bin/
chmod 755 /usr/local/bin/maybe-recordio

Activate it by modifying the file /service/qmail-smtpd/run (and/or /service/qmail-smtpdssl/run for SMTP SSL) by un-commenting RECORDIO

# djb’s “recordio” can be used to log the raw SMTP conversations.
# http://qmail.jms1.net/scripts/#maybe-recordio is a script which allows you
# to log only certain conversations (for debugging issues with specific
# clients, without killing your log files.)

RECORDIO=”recordio”

Restart the service

qmailctl restart

Restarting qmail:
* Stopping qmail-smtpdssl.
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
* Restarting qmail-smtpdssl.

Add the IP you want to monitor into the file /etc/tcp.smtp

xx.xx.xx.xx:allow,USE_RECORDIO=”1″ (where xx.xx.xx.xx is the IP you want to monitor)

qmailctl cdb

Analyze your logs in the file /var/log/qmail/qmail-smtpd/current (you can see the detailed SMTP session coming from the IP you want to monitor)

qlogtools

Install qlogtools

This package is a set of tools that are useful in analyzing or producing logs from qmail and other packages. Those tools are mainly useful if you plan to make use of qmailanalog or other mail log analyzer

A the end, you ‘ll have following additional commands in /usr/local/bin/

multipipe – Supervise an pipeline of commands
multitail – Watch output sent to a file
qfilelog – Log messages to a single file
spipe – Supervise an pipeline of commands
tai2tai64n – Convert TAI timestamps to TAI64N
tai64n2tai – Convert TAI64N timestamps to TAI
tai64nlocal – Convert TAI64N timestamps to human readable format
tai64nfrac – Convert TAI64N timestamps to seconds since epoch
teepipe – Copy stdin to a program and stdout

cd /downloads
tar zxvfp qlogtools-3.1.tar.gz
cd qlogtools-3.1/
patch < /downloads/patches/qlogtools_errno.patch make ./installer Install tai64nfrac (needed by several tools you can find around the Internet) cd /downloads/ tar -zxvf tai64nfrac-1.4.tar.gz cd tai64nfrac-1.4 make make install

mtrack qmail

cd /downloads/scripts/
wget http://qmail.jms1.net/scripts/mtrack
wget http://qmail.jms1.net/scripts/strack
chmod 751 mtrack strack
cp /downloads/scripts/mtrack /var/qmail/bin/
cp /downloads/scripts/strack /var/qmail/bin/

ln -s /var/qmail/bin/mtrack /usr/bin/
ln -s /var/qmail/bin/strack /usr/bin/

Use it
cat /var/log/qmail/qmail-send/current | mtrack
cat /var/log/qmail/qmail-smtpd/current | strack
cat /var/log/qmail/qmail-smtpdssl/current | strack

You should have such result
@400000004e46646a134478e4 starting delivery 27: msg 654065 to remote nospam@test.com
@400000004e46647f195ff2e4 delivery 27: deferral: Sorry,_I_wasn’t_able_to_establish_an_SMTP_connection._(#4.4.1)/

@400000004e469ca431a49094 tcpserver: pid 14351 from XX.XX.XX.XX
@400000004e469ca433190c0c tcpserver: ok 14351 thibs.com:XX.XX.XX.XX XXXXX.com:XX.XX.XX.XX::49391
@400000004e469ca5337c2b0c qmail-smtpd[14351]: MFCHECK pass [XX.XX.XX.XX] XXXXX.com
@400000004e469ca533ca1844 qmail-smtpd[14351]: Received-SPF: pass (YYYY.com: SPF record at XXXXX.com designates XX.XX.XX.XX as permitted sender)
@400000004e469ca533ca339c qmail-smtpd[14351]: MAIL FROM:
@400000004e469ca533ca3784 qmail-smtpd[14351]: RCPT TO:
@400000004e469caa1ccb4104 tcpserver: end 14351 status 256

When you ‘ve installed the daemontool, you have also installed the command tai64nlocal that converts the timestamp to local time in ISO format: YYYY-MM-DD HH:MM:SS.SSSSSSSSS

How to clear the Qmail Queue

Clear & Clean Qmail Queue Completely, Safely & Fast!

This script should not remove anything it should not remove, and it should clear all e-mail from your qmail queue safely so you can start sending mail normally again. (This is for qmail only and not a solution for any other mail programs.) You’re going to need ssh access and an ssh program like putty or putty portable.

Let’s get busy with the Qmail Clear script:

Log into your server through ssh
type this:
su –
type this:
wget http://www.howtohacks.com/scripts/qmailclear.sh
type this:
sh qmailclear.sh or sh ./qmailclear.sh
done.

You can download it and view it yourself, but just as a quick summary so you know what it’s doing, the Qmail Clear script looks like this:

echo Cleaning Queue
mv /var/qmail/queue/lock /root/
cd /var/qmail/queue; find . -type f -exec rm -f ‘{}’ \;
mv /root/lock /var/qmail/queue/
echo Queue is now Clean

If this didn’t do the trick and you’re receiving oversized file truncating errors (or “Argument list too long”) then you should use this more intense script. It will take longer but it will get the job done.

Let’s get busy with the Qmail Clean script :

Log into your server through ssh
type this:
su –
type this:
wget http://www.howtohacks.com/scripts/qmailclean.sh
type this:
sh qmailclean.sh or sh ./qmailclean.sh
done.

DO NOT restart any process. DO NOT reboot the server. DO NOT do anything until the script says it is done. If you restart a process, etc, it will break qmail and that’s no fun. Just run the script until it’s complete.

You can download the script and view all of the code yourself, but here’s a quick summary of the main lines of code so you know what’s taking place when running the Qmail Clean script:

echo “Stopping Qmail”
/etc/init.d/qmail stop
echo “Clearing the Mail Queue”
cd /var/qmail/queue/info
rm -rf blah blah blah
echo “Info folder clean, clearing mess folder”
cd /var/qmail/queue/mess
rm -rf blah blah blah
echo “Mess folder clean, clearing remote folder”
cd /var/qmail/queue/remote
rm -rf blah blah blah
echo “Remote folder clean, clearing intd folder”
cd /var/qmail/queue/intd
rm -rf blah blah blah
echo “Intd folder clean, clearing local folder”
cd /var/qmail/queue/local
rm -rf blah blah blah
echo “Local folder clean, clearing todo folder”
cd /var/qmail/queue/todo
rm -rf blah blah blah
echo “Mail queue cleaned”
echo “Restarting Qmail Now”
/etc/init.d/qmail start
echo “Qmail Started!”
echo “Done!”

If you’re interested in reading more about Qmail I recommend this book Qmail book and also these links:
A reference for qmail users – qmail.org
A qmail tutorial site – Life With Qmail

qmqtool

cd /downloads/
tar zxvfp /downloads/qmqtool-1.14.tgz

cd /downloads/qmqtool-1.14/
./configure –perl=/usr/bin/perl –qmaildir=/var/qmail

You should have such result
found perl: /usr/bin/perl
found qmail directory: /var/qmail
qmqtool will be installed in: /usr/local/script
documentation will be installed in /usr/local/man

if any of these values need changing, try ./configure –help

Making sure this package is intact..
src/qmqtool syntax OK
…done.
Writing Makefile…

now type ‘make’ and then ‘make install’

Compile it
make
make install

You should have such result
mkdir -p /usr/local/script
cp qmqtool /usr/local/script
chown 0 /usr/local/script/qmqtool
chmod 755 /usr/local/script/qmqtool
mkdir -p /usr/local/man/man8/
cp qmqtool.8 /usr/local/man/man8/
chown 0 /usr/local/man/man8/qmqtool.8
chmod 744 /usr/local/man/man8/qmqtool.8

ln -s /usr/local/script/qmqtool /usr/local/bin/qmqtool

Use it

-l list messages in all parts of the queue
-L list messages with local recipients
-R list messages with remote recipients
-T list messages not completely processed
-s show statistical information
-Q be as quiet as possible (useful for snmp, cron, and such)
-V be more verbose
-B
b Backup queue into /var/qmail/queue.backup/
r Restore backup from /var/qmail/queue.backup/
-c check queue consitancy
-r repair queue (by deleting fragments) found by checking queue consistancy
-i show how many messages are queued per ip address
-nN pay attention to the Nth last smtp-hop
-S show how many bytes are queued per ip address
-e expire message
may specify N (multiples may be comma separated), or -f ‘STRING’ and/or -o N
-u unexpire message
may specify N (multiples may be comma separated), or -f ‘STRING’ and/or -o N
-d delete message
may specify N (multiples may be comma separated), or -f ‘STRING’ and/or -o N
-E expire messages in [A]ll, [R]emote, or [L]ocal queues
-U unexpire messages in [A]ll, [R]emote, or [L]ocal queues
-v
N view first 100 lines of message number N
N -w view whole message N
-f ‘STRING’ display comma separated list of message number(s) containing STRING.
prints 0 if no matches are found.
-o N display comma separated list of message number(s) older than N hours.
prints 0 if no matches are found.
-x N prints extended information on message N. format identical to -l.
may specify N (multiples may be comma separated), or -f ‘STRING’ and/or -o N

Usage samples :

List all messages in the queue having the subject “XXX” (case insensitive)
qmqtool -f ‘/^subject: xxx/i’

Delete all messages in the queue having the subject “XXX” (case insensitive)
qmqtool -d -f ‘/^subject: XXX/i’
qmailctl restart

Delete all messages in the queue from user “XXX” (case insensitive)
qmqtool -d -f ‘/^From: XXX/i’
qmailctl restart

What domains are being sent the most mail from the server
qmqtool -R | grep “To: ” | cut -d @ -f2 | tr -d ‘>’ | sort | uniq -c | sort -rn | head -20
qmqtool -R | grep “Envelope Recipient: ” | cut -d @ -f2 | awk ‘{print $1}’ | tr -d ‘>’ | sort | uniq -c | sort -rn | head -20

What domains are have the most mail in the local queue
qmqtool -L | grep “To: ” | cut -d @ -f2 | tr -d ‘>’ | sort | uniq -c | sort -rn | head -20
qmqtool -L | grep “Envelope Recipient: ” | cut -d @ -f2 | awk ‘{print $1}’

Who most of my remotely queued messages are destined for ?
qmqtool -R | awk ‘/Recipient:/ { print $3 }’ | sort | uniq -c | sort -n

How can I expire messages with a subject of “Failure Notice” that are have been queued for 18+ hours ?
qmqtool -V -e -o 18 -f ‘^Subject: Failure Notice’

tar zxvfp /downloads/qmqtool-1.14.tgz

cd /downloads/qmqtool-1.14/
./configure –perl=/usr/bin/perl –qmaildir=/var/qmail

You should have such result
found perl: /usr/bin/perl
found qmail directory: /var/qmail
qmqtool will be installed in: /usr/local/script
documentation will be installed in /usr/local/man

if any of these values need changing, try ./configure –help

Making sure this package is intact..
src/qmqtool syntax OK
…done.
Writing Makefile…

now type ‘make’ and then ‘make install’

Compile it
make
make install

ln -s /usr/local/script/qmqtool /usr/local/bin/qmqtool

Use it

Usage samples :

List all messages in the queue having the subject “XXX” (case insensitive)
qmqtool -f ‘/^subject: xxx/i’

Delete all messages in the queue having the subject “XXX” (case insensitive)
qmqtool -d -f ‘/^subject: XXX/i’
qmailctl restart

Delete all messages in the queue from user “XXX” (case insensitive)
qmqtool -d -f ‘/^From: XXX/i’
qmailctl restart

Who most of my remotely queued messages are destined for ?
qmqtool -R | awk ‘/Recipient:/ { print $3 }’ | sort | uniq -c | sort -n

How can I expire messages with a subject of “Failure Notice” that are have been queued for 18+ hours ?
qmqtool -V -e -o 18 -f ‘^Subject: Failure Notice’

spamdyke

Installing spamdyke is pretty simple.

1) Have a working qmail installation that runs from tcpserver. If you can’t
send and receive email, stop and go to one of the following sites for help:
http://www.lifewithqmail.org/
http://www.qmailrocks.org/
http://www.qmailtoaster.org/

If you’re using QmailToaster, there’s no need to install spamdyke by hand.
Use the spamdyke installation script in QmailToaster Plus:
http://qtp.qmailtoaster.com/

2) Unpack the spamdyke tarball somewhere convenient, like /usr/local/src:
cd /some/convenient/path
tar -xzvf spamdyke-x.y.z.tgz

3) The fastest way is to change to the “spamdyke” directory, run “configure”
and “make”. spamdyke will be compiled with the default options.
cd spamdyke-x.y.z/spamdyke
./configure
make
You shouldn’t see any errors or warnings.

On some older BSD and Solaris installations, the “configure” script will
stop with an error message if the getopt_long() function cannot be found
in a system library. This typically means the libgnugetopt package is
not available. After it has been installed, the “configure” script will
finish successfully.

The “configure” script accepts several parameters to add or remove some
features from spamdyke:
–disable-tls: compiles spamdyke without TLS support. By default, the
“configure” script will include TLS support if it detects the OpenSSL
libraries are installed.
–without-debug-output: compiles spamdyke without the messages produced
when the “log-level” option is set to “debug”. This reduces the size of
the spamdyke binary. By default, the “configure” script will add the
debug messages to spamdyke.
–with-excessive-output: compiles spamdyke with extra debugging output
that is visible when the “log-level” option is set to “excessive”.
By default, the “configure” script will not add the excessive messages
to spamdyke.
–with-debug-symbols: compiles spamdyke with debugging symbols so it can
be debugged with a debugger like gdb. This option does not add any
visible output or features; it just increases the size of the spamdyke
binary. By default, the “configure” script will not add the debugging
symbols to spamdyke.
–with-address-sanitizer: compiles spamdyke with the “address sanitizer”
extension to catch illegal memory accesses and buffer overflows. This
requires a fairly new version of gcc and the “asan” libraries. It
makes spamdyke much bigger and much slower; it is really only useful
for developers to use during testing.

4) Copy the spamdyke executable to /usr/local/bin:
su
cp spamdyke /usr/local/bin/

5) If you want spamdyke to perform recipient validation and reject invalid
recipient addresses, you’ll need to compile and install the spamdyke-qrv
command as well.

If you’re using Plesk, skip this step. Plesk already does recipient
validation for you.

Compiling is very easy:
cd spamdyke-x.y.z/spamdyke-qrv
./configure
make

Copy the spamdyke-qrv executable to /usr/local/bin:
su
cp spamdyke-qrv /usr/local/bin/
chown root /usr/local/bin/spamdyke-qrv
chmod u+s /usr/local/bin/spamdyke-qrv

The “configure” script accepts several parameters to add or remove some
features from spamdyke-qrv:
–with-excessive-output: compiles spamdyke-qrv with extra debugging output
that is visible when the “-v” flag is given twice. By default, the
“configure” script will not add the excessive messages to spamdyke-qrv.
–without-vpopmail-support: compiles spamdyke-qrv without extra logic for
supporting vpopmail installations. Without the vpopmail logic,
spamdyke-qrv will report every address within a local domain is valid,
even when they would otherwise bounce.
–with-debug-symbols: compiles spamdyke-qrv with debugging symbols so it
can be debugged with a debugger like gdb. This option does not add any
visible output or features; it just increases the size of the
spamdyke-qrv binary. By default, the “configure” script will not add
the debugging symbols to spamdyke-qrv.
–with-address-sanitizer: compiles spamdyke-qrv with the “address
sanitizer” extension to catch illegal memory accesses and buffer
overflows. This requires a fairly new version of gcc and the “asan”
libraries. It makes spamdyke-qrv much bigger and much slower; it is
really only useful for developers to use during testing.

6) Find the script that runs qmail when an incoming connection is established.

If you followed the instructions at lifewithqmail.org or qmailrocks.org, look
for:
/service/qmail-smtpd/run
If you installed qmail from the Debian packages, look for:
/etc/init.d/qmail
If your qmail installation is part of Plesk, look for:
/etc/xinetd.d/smtp_psa

Insert the spamdyke command before the “/var/qmail/bin/qmail-smtpd” command.
Something like this:
——————————————————————————–
… /usr/local/bin/spamdyke -FLAGS /var/qmail/bin/qmail-smtpd 2>&1
——————————————————————————–
Sometimes, the spamdyke command should be placed within a variable that is
substituted into the command line. If the script includes the rblsmtpd
command, it can be replaced with the spamdyke command.

Older installations of qmail may use the “softlimit” program as well. If you
see softlimit in the sequence of commands, REMOVE IT! softlimit causes many
more problems than it could ever possibly solve.

Most spamdyke installations use a configuration file named
“/etc/spamdyke.conf”. This file is not part of the spamdyke installation; it
must be created by each administrator. There is a sample configuration file
in spamdyke’s “documentation” folder to help you get started.

Special note for Plesk users: starting relaylock before spamdyke can cause
some (harmless) errors to be logged. If spamdyke is started before relaylock,
you shouldn’t see any errors:
——————————————————————————–
server_args = -Rt0 /usr/local/bin/spamdyke -FLAGS /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
——————————————————————————–
Plesk users can also use spamdyke for their SMTPS connections by adding it to
the /etc/xinetd.d/smtps_psa file. spamdyke’s configuration in that file will
need to include the options “tls-level” (set to “smtps”) and
“tls-certificate-file”.

Run the spamdyke command with the “-h” option to see the available options and
read the README.html file for full details. Please don’t enable a feature if
you don’t understand what it does!

7) Restart qmail.

If you followed the instructions at lifewithqmail.org or qmailrocks.org:
svc -d /service/qmail-smtpd
svc -u /service/qmail-smtpd
If you installed qmail from the Debian packages:
/etc/init.d/qmail restart
If your qmail installation is part of Plesk:
killall -HUP xinetd

8) That’s it! Watch syslog for any errors (usually /var/log/maillog; Plesk
reconfigures syslog to save mail system logs in
/usr/local/psa/var/log/maillog).

9) OPTIONAL: Copy the policy.php.example page from the “documentation” directory
to a website and change spamdyke’s “policy-url” option to give its URL.
Be sure to test the contact form to make sure it sends messages correctly.

Good luck! If you have any issues or questions, please send a message to the
spamdyke-users mailing list (the subscription form is at www.spamdyke.org).

The “utils” directory contains additional utilities that spamdyke does not
require. If you wish to compile them, change to the “utils” folder, then run
“configure” and “make”:
cd spamdyke-x.y.z/utils
./configure
make
Copy the executables to appropriate locations as needed. None of them need to
be in any specific directory to work. None of them require the presence of the
others. spamdyke does not need any of them to function.

EXAMPLE:
My server runs netqmail-1.05+TLS+viruscan and vpopmail, installed using the
instructions from lifewithqmail.org. I put the whitelist, blacklist and
graylist files in the /home/vpopmail directory. This is not required, I just
put them there because the qmaild user already owns all the files there.
Other good locations for them might be /etc/spamdyke or /var/qmail/spamdyke.

My entire /service/qmail-smtpd/run file is:
——————————————————————————–
#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z “$QMAILDUID” -o -z “$NOFILESGID” -o -z “$MAXSMTPD” -o -z “$LOCAL” ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
echo “No /var/qmail/control/rcpthosts!”
echo “Refusing to start SMTP listener because it’ll create an open relay”
exit 1
fi

exec /usr/local/bin/tcpserver -v -R -l “$LOCAL” -x /etc/tcp.smtp.cdb -c “$MAXSMTPD” -u “$QMAILDUID” -g “$NOFILESGID” 0 smtp \
/usr/local/bin/spamdyke -f /etc/spamdyke.conf \
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true \
2>&1
——————————————————————————–

My /etc/spamdyke.conf file contains:
——————————————————————————–
log-level=info
max-recipients=5
idle-timeout-secs=300
graylist-dir=/home/vpopmail/graylist
graylist-level=always
graylist-min-secs=300
graylist-max-secs=1814400
policy-url=http://my.policy.explanation.url/
reject-empty-rdns
reject-unresolvable-rdns
reject-ip-in-cc-rdns
rdns-whitelist-file=/home/vpopmail/whitelist_rdns
ip-whitelist-file=/home/vpopmail/whitelist_ip
greeting-delay-secs=5
dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=zen.spamhaus.org
rhs-blacklist-entry=fresh.spameatingmonkey.com
reject-sender=no-mx
reject-recipient=same-as-sender
tls-certificate-file=/var/qmail/control/servercert.pem
config-dir=/etc/spamdyke.d
config-dir=/etc/spamdyke.d2
sender-blacklist-file=/home/vpopmail/blacklist_senders
sender-whitelist-file=/home/vpopmail/whitelist_senders
recipient-blacklist-file=/home/vpopmail/blacklist_recipients
recipient-whitelist-file=/home/vpopmail/whitelist_recipients
ip-in-rdns-keyword-blacklist-file=/home/vpopmail/blacklist_keywords
ip-blacklist-file=/home/vpopmail/blacklist_ip
rdns-blacklist-dir=/home/vpopmail/blacklist_rdns.d
header-blacklist-file=/home/vpopmail/blacklist_headers
——————————————————————————–

qmHandle

#compter les mails dans la liste d’attente
/var/qmail/bin/qmail-qstat

#qmHandle lister les mails (l : liste, c : couleur)
qmHandle -l -c

#stop qmail
/etc/init.d/qmail stop

#pour lister
qmail-remove -p @domainesuspect.com

#pour lister et remove (l’ordre des paramètres compte)
qmail-remove -r -p @domainesuspect.com

#start qmail
/etc/init.d/qmail stop

#forcer traitement de file d’attente
qmHandle -a #ne fontionne pas des masses
/usr/local/psa/admin/bin/mailqueuemng -a

#modifier SMTPROUTES http://kb.parallels.com/fr/115531
/etc/init.d/qmail stop
vi /var/qmail/control/smtproutes

#saisir
mondomaine.fr:smtp.different.fr
#enregistrer avec :wq

/etc/init.d/qmail start
/etc/init.d/xineted restart

#Qmail spam prevention:

Start Qmail

/etc/init.d/qmail start
/etc/init.d/xinetd start

Stop Qmail

/etc/init.d/qmail stop
/etc/init.d/xinetd stop

The server is overloaded with SPAM. There are many messages in queue. Mail is delivered slowly.
ftp://download1.swsoft.com/Plesk/Plesk9.2/Doc/en-US/plesk-9.0-unix-advanced-administration-guide/index.htm?fileName=61674.htm

Many email messages are sent from PHP scripts on the server. How can I find what domains these scripts are running on?

[http://kb.swsoft.com/article_22_1711_en.html](http://kb.swsoft.com/article_22_1711_en.html)

Qmail var log location

/usr/local/psa/var/log/maillog

View the log in realtime

tail -f /usr/local/psa/var/log/maillog

Check qmail que size

/var/qmail/bin/qmail-qstat

###qmHandle

Install qmhandle

wget http://jaist.dl.sourceforge.net/sourceforge/qmhandle/qmhandle-1.3.2.tar.gz
tar xvzf qmhandle-1.3.2.tar.gz
chmod 777 qmhandle-1.3.2/qmHandle

Edit the file, uncomment the following lines, and comment out the default version

#my ($stopqmail) = ‘/etc/init.d/qmail stop’;
#my ($startqmail) = ‘/etc/init.d/qmail start’;

the move it to “`/usr/local/sbin/“`

mv qmhandle-1.3.2/qmHandle /usr/local/sbin/qmHandle

Show current queue stats:

qmHandle -s

List messages in the mail queue:

qmHandle -l

Get extended info about the Queue.

/usr/local/sbin/qmHandle -l -c

List messages in the mail queue while counting how many have the same subject:

qmHandle -l|grep Subject|sort| uniq -c|sort -n

List SMTP authorized senders from mail log and count how many emails they’ve sent:

cat /usr/local/psa/var/log/maillog |grep -I smtp_auth | grep -I ‘SMTP user’ | awk ‘{print $8}’ | sort |uniq -c |sort -n

List IP Addresses that have failed SMTP authentication and count them

cat /usr/local/psa/var/log/maillog | grep -I smtp_auth | grep -I FAILED | awk ‘{print $13}’ | sort | uniq -c | sort -n

Read a message in the queue:

qmHandle -m123456789

Delete a message based on subject:

qmHandle -S’failure notice’
qmHandle -S’Order Tracking’
qmHandle -S’Tracking Service’
qmHandle -S’Shipping Detail’
qmHandle -S’Order Detail’
qmHandle -S’Shipping Info’
qmHandle -S’Shipping Information’
qmHandle -S’Order Shipped’
qmHandle -S’Order Information’
qmHandle -S’Shipping Service’
qmHandle -S’Tracking Detail’
qmHandle -S’Tracking Info’
qmHandle -S’Tracking Information’

Queue up several subjects for deletion

qmHandle -S’failure notice’ ; qmHandle -S’Order Tracking’ ; qmHandle -S’Tracking Service’

Delete specific spam emails

qmHandle -H’smilesbymartin.com’
qmHandle -H’federalwaydentist.net’
qmHandle -H’bbjp.net’
qmHandle -H’periozone.com’

To delete the entire Queue (pretty slow if it’s huge)

qmHandle -D

To delete the entire Queue as files then start qmail back up (probably faster)

service qmail stop && find /var/qmail/queue/{mess,intd,local,remote,todo,info}/ -type f -exec rm {} \; && service qmail start

For looking at the queue to see if any more obvious crap addresses.

/var/qmail/bin/qmail-qread | less

###Find incoming vector

should help you find some results of which account(s) are being used.
“`cat /usr/local/psa/var/log/maillog | grep “smtp_auth”“`
“`cat /usr/local/psa/var/log/maillog | grep “spammer’s IP”“`
“`cat /usr/local/psa/var/log/maillog | grep “202.64.64.68”“`

### completely rebuild all mail boxes on server (use with caution, and be patient)

[Plesk article for command](http://kb.parallels.com/en/944)

/usr/local/psa/admin/sbin/mchk –without-spam

### See actively running scripts

lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ‘ { if(!str) { str=$1 } else { str=str”,”$1}}END{print str}’` | grep vhosts | grep php

### Turn off email for a domain in Plesk

/usr/local/psa/bin/mail –off roadsidemultimedia.com

### Block an IP Address

sudo iptables -I INPUT -s 88.2.145.216 -j DROP

dos2unix / unix2dos

dos2unix
Single Command Wrapper Script
perl -pi -e ‘s/\\r//’ [file]
#!/bin/sh
# Copy to /usr/local/bin/dos2unix

if [ “$1” = “” ]; then
echo Usage: `basename $0` [filename]
exit
fi

# Convert to Unix format.
perl -pi -e ‘s/\\r//’ $1
unix2dos
Single Command Wrapper Script
perl -pi -e ‘s/\\r//; s/\\n/\\r\\n/’ [file]
#!/bin/sh
# Copy to /usr/local/bin/unix2dos

if [ “$1” = “” ]; then
echo Usage: `basename $0` [filename]
exit
fi

# Force to Unix format first…
perl -pi -e ‘s/\\r//’ $1

# …and then convert to DOS.
perl -pi -e ‘s/\\n/\\r\\n/’ $1

Recent Posts

Pages

Categories

Archives

Recent Comments