tag:blogger.com,1999:blog-35108576282961959832024-03-07T20:52:25.607-08:00Dmitriy MorozovskySolutions and How-To from My professional experiencesDmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-3510857628296195983.post-29028777512049733442008-06-17T04:43:00.000-07:002008-06-17T05:03:29.383-07:00Running Vservers on Debian<i id="fqpb"><b id="fqpb0"><u id="neko"><span id="u-_." style="color: rgb(0, 0, 255); background-color: rgb(255, 255, 255);font-size:100%;" >R</span></u><span id="u-_." style="color: rgb(0, 0, 255); background-color: rgb(255, 255, 255);font-size:100%;" >unning "Vservers" environment on Debian Etch</span><br /></b></i><br /><b id="neko0"><span id="neko1" style="font-size:85%;">Installation</span></b><br />1) Install a vserver enables kernel<br /> <span id="oi5k" style="color: rgb(0, 255, 0);"># apt-get update</span><br /><span id="oi5k0" style="color: rgb(0, 255, 0);"> # apt-get install linux-image-vserver-X.X.X</span> // choose actual kernel image for your platform and<br /> reconfigure your GRUB, or edit /boot/grub/menu.lst and set "kernel x.xx.x -vserver" to default<br /> boot kernel.<br /> <span id="tz9n" style="color: rgb(0, 255, 0);"># sync; sync; reboot</span><br />2) Install all needed userland binaries<br /> <span id="tz9n0" style="color: rgb(0, 255, 0);"># apt-get install util-vserver vserver-debiantools</span><br /><b id="l50e">Configuration</b><br />1) crate symlink to point to your $VROOTDIR<br /> <span id="tz9n1" style="color: rgb(0, 255, 0);"># mkdir /home/vservers</span><br /><span id="tz9n2" style="color: rgb(0, 255, 0);"> # ln -s /home/vservers /etc/vservers/.defaults/vdirbase</span><br /> configure /etc/vserver/newvserver-vars as your need<br /> <span id="lwax" style="color: rgb(0, 255, 0);">#mcedit /etc/vserver/newvserver-vars</span><br /><br /> <span id="lwax0" style="color: rgb(0, 0, 255);"># Architecture: overide on non-Debian host such as Redhat otherwise dpkg</span><br /><span id="lwax1" style="color: rgb(0, 0, 255);"> # will detect whether we are i386/powerpc/sparc/etc</span><br /><span id="lwax2" style="color: rgb(0, 0, 255);"> #ARCH=""</span><br /><br /><span id="lwax3" style="color: rgb(0, 0, 255);"> # Which debian distribution (Warning. unstable and testing distributions</span><br /><span id="lwax4" style="color: rgb(0, 0, 255);"> # change frequently so you can not expect it to work out of the box).</span><br /><span id="lwax5" style="color: rgb(0, 0, 255);"> DIST="etch"</span><br /><br /><span id="lwax6" style="color: rgb(0, 0, 255);"> # Local or nearest location of a debian mirror (must include the /debian)</span><br /><span id="lwax7" style="color: rgb(0, 0, 255);"> MIRROR="http://debian.co.il/debian"</span><br /><br /><span id="lwax8" style="color: rgb(0, 0, 255);"> # Default network interface for vservers: </span><br /><span id="lwax9" style="color: rgb(0, 0, 255);"> INTERFACE="eth0"</span><br /><br /><span id="lwax10" style="color: rgb(0, 0, 255);"> # Package caching</span><br /><span id="lwax11" style="color: rgb(0, 0, 255);"> #PKGCACHE=1</span><br /><b id="l50e0">Creating Vservers</b><br />1) create new vserver<br /> # <span id="r3ln" style="color: rgb(0, 255, 0);">newvserver -v --hostname vsrv1 --domain "example.com" --ip 192.168.1.11 </span> \\ your domain and IPADDRESS<br />2) start new vserver<br /> <span id="r3ln0" style="color: rgb(0, 255, 0);"># vserver vsrv1 start</span><br /> * Starting system log daemon...<br /> ...done.<br /> * Starting OpenBSD Secure Shell server...<br /> ...done.<br />3) enter to the new vserver<br /> <span id="r3ln1" style="color: rgb(0, 255, 0);"># vserver vsrv1 enter</span><br /> <span id="e_nu" style="color: rgb(0, 255, 0);"> vsrv1: # apt-get update && apt-get dist-upgrade </span><br /><span id="e_nu0" style="color: rgb(0, 255, 0);"> vsrv1: # apt-get install PACKAGES (what you want)</span><br /><span id="e_nu1" style="color: rgb(0, 255, 0);"> vsrv1: # exit</span><br />4) stop the vserver<br /> <span id="w3uc" style="color: rgb(0, 255, 0);"># vserver vsrv1 stop</span><br /> * Stopping OpenBSD Secure Shell server... [ ok ]<br /> * Stopping system log daemon... [ ok ]<br /> * Sending all processes the TERM signal... [ ok ]<br /> * Sending all processes the KILL signal... [ ok ]<br /> * Unmounting remote and non-toplevel virtual filesystems... [ ok ]<br /> * Shutting down LVM Volume Groups... [ ok ]<br /> let init start the new vserver<br /> <span id="w3uc0" style="color: rgb(0, 255, 0);"># echo "default" > /etc/vservers/vsrv1/apps/init/mark</span><br /><br /><b id="w3uc1">For extended conntrol on new vservers use following command</b><br /> <span id="zj3:" style="color: rgb(0, 255, 0);"># vserver-info </span><br /><span id="mh2." style="color: rgb(103, 78, 167);">Versions:</span><br /><span id="mh2.0" style="color: rgb(103, 78, 167);"> Kernel: 2.6.18-5-vserver-686</span><br /><span id="mh2.1" style="color: rgb(103, 78, 167);"> VS-API: 0x00020002</span><br /><span id="mh2.2" style="color: rgb(103, 78, 167);"> util-vserver: 0.30.212; Dec 9 2006, 12:26:51</span><br /><br /><span id="mh2.3" style="color: rgb(103, 78, 167);">Features:</span><br /><span id="mh2.4" style="color: rgb(103, 78, 167);"> CC: gcc, gcc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-20)</span><br /><span id="mh2.5" style="color: rgb(103, 78, 167);"> CXX: g++, g++ (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-20)</span><br /><span id="mh2.6" style="color: rgb(103, 78, 167);"> CPPFLAGS: ''</span><br /><span id="mh2.7" style="color: rgb(103, 78, 167);"> CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time'</span><br /><span id="mh2.8" style="color: rgb(103, 78, 167);"> CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time'</span><br /><span id="mh2.9" style="color: rgb(103, 78, 167);"> build/host: i486-pc-linux-gnu/i486-pc-linux-gnu</span><br /><span id="mh2.10" style="color: rgb(103, 78, 167);"> Use dietlibc: yes</span><br /><span id="mh2.11" style="color: rgb(103, 78, 167);"> Build C++ programs: yes</span><br /><span id="mh2.12" style="color: rgb(103, 78, 167);"> Build C99 programs: yes</span><br /><span id="mh2.13" style="color: rgb(103, 78, 167);"> Available APIs: compat,v11,fscompat,v13,net,v21,oldproc,olduts</span><br /><span id="mh2.14" style="color: rgb(103, 78, 167);"> ext2fs Source: e2fsprogs</span><br /><span id="mh2.15" style="color: rgb(103, 78, 167);"> syscall(2) invocation: alternative</span><br /><span id="mh2.16" style="color: rgb(103, 78, 167);"> vserver(2) syscall#: 273/glibc</span><br /><br /><span id="mh2.17" style="color: rgb(103, 78, 167);">Paths:</span><br /><span id="mh2.18" style="color: rgb(103, 78, 167);"> prefix: /usr</span><br /><span id="mh2.19" style="color: rgb(103, 78, 167);"> sysconf-Directory: /etc</span><br /><span id="mh2.20" style="color: rgb(103, 78, 167);"> cfg-Directory: /etc/vservers</span><br /><span id="mh2.21" style="color: rgb(103, 78, 167);"> initrd-Directory: $(sysconfdir)/init.d</span><br /><span id="mh2.22" style="color: rgb(103, 78, 167);"> pkgstate-Directory: /var/run/vservers</span><br /><span id="mh2.23" style="color: rgb(103, 78, 167);"> vserver-Rootdir: /var/lib/vservers</span><br /><br /><span id="i9ku" style="color: rgb(0, 255, 0);"># vserver-stat </span> \\get statistics about vservers<br /><span id="mh2.24" style="color: rgb(103, 78, 167);">CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME</span><br /><span id="mh2.25" style="color: rgb(103, 78, 167);">0 58 109.1M 17.6M 19d16h01 2d08h04 112d03h38 root server</span><br /><span id="mh2.26" style="color: rgb(103, 78, 167);">49160 379 2G 650.6M 4d18h38 11h01m48 48d01h05 devel</span><br /><span id="mh2.27" style="color: rgb(103, 78, 167);">49161 121 3.1G 324M 1h35m03 6m03s50 48d01h05 sys</span><br /><span id="mh2.28" style="color: rgb(103, 78, 167);">49162 245 3.5G 412M 2d23m32 9h04m23 48d01h05 vsrv1 </span><br /><br /> <span id="i9ku0" style="color: rgb(0, 255, 0);"># vps -ef vsrv1</span>: \\like ps but only for vservers<br /><span id="mh2.29" style="color: rgb(103, 78, 167);"> root 8102 0 MAIN 8100 0 12:40 pts/1 00:00:00 -bash</span><br /><span id="mh2.30" style="color: rgb(103, 78, 167);"> root 8210 49159 vsrv1 5542 0 12:49 ? 00:00:00 sshd: root@pts/2 </span><br /><span id="mh2.31" style="color: rgb(103, 78, 167);"> root 8212 49159 vsrv1 8210 0 12:49 pts/2 00:00:00 -bash</span><br /><span id="mh2.32" style="color: rgb(103, 78, 167);"> root 8271 1 ALL_PROC 8102 0 12:57 pts/1 00:00:00 vps -ef</span><br /><span id="mh2.33" style="color: rgb(103, 78, 167);"> root 8272 1 ALL_PROC 8271 0 12:57 pts/1 00:00:00 ps -ef</span><br /><br />Useful vserver binaries<br /> vapt-get: use apt-get in given or all vservers<br /> <span id="ojen" style="color: rgb(0, 255, 0);"># vserver vsrv1 enter</span><br /> <span id="ojen0" style="color: rgb(103, 78, 167);"> vsrv1: # htop</span><br /><span id="ojen1" style="color: rgb(103, 78, 167);"> bash: htop: command not found</span><br /><span id="ojen2" style="color: rgb(103, 78, 167);"> vsrv1: # exit</span><br /><span id="ojen3" style="color: rgb(103, 78, 167);"> # vapt-get vsrv1 -- install htop</span><br /><span id="ojen4" style="color: rgb(103, 78, 167);"> Reading package lists... Done</span><br /><span id="ojen5" style="color: rgb(103, 78, 167);"> Building dependency tree... Done</span><br /><span id="ojen6" style="color: rgb(103, 78, 167);"> The following NEW packages will be installed:</span><br /><span id="ojen7" style="color: rgb(103, 78, 167);"> htop</span><br /><span id="ojen8" style="color: rgb(103, 78, 167);"> 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.</span><br /><span id="ojen9" style="color: rgb(103, 78, 167);"> Need to get 40.2kB of archives.</span><br /><span id="ojen10" style="color: rgb(103, 78, 167);"> After unpacking 164kB of additional disk space will be used.</span><br /><span id="ojen11" style="color: rgb(103, 78, 167);"> Get:1 http://debian.co.il/debian etch htop 0.5.2-1 [40.2kB]</span><br /><span id="ojen12" style="color: rgb(103, 78, 167);"> Fetched 40.2kB in 0s (710kB/s)</span><br /><br /><span id="ojen13" style="color: rgb(103, 78, 167);"> Preconfiguring packages ...</span><br /><span id="ojen14" style="color: rgb(103, 78, 167);"> Selecting previously deselected package htop.</span><br /><span id="ojen15" style="color: rgb(103, 78, 167);"> (Reading database ... 9417 files and directories currently installed.)</span><br /><span id="ojen16" style="color: rgb(103, 78, 167);"> Unpacking htop (from .../archives/htop_0.5.2-1_i386.deb) ...</span><br /><span id="ojen17" style="color: rgb(103, 78, 167);"> Setting up htop (0.5.2-1) ...</span><br /><span id="n0og" style="color: rgb(0, 255, 0);"> # vserver vsrv1 enter</span><br /> <span id="w5lh" style="color: rgb(0, 255, 0);"> vsrv1: # htop</span><br /><br /><b id="w5lh0">Very important !! </b><br />If after login via ssh to virtual server You have been redirected<br />to mother server - please login to mother server<br />and change in /etc/ssh/sshd_config variable "ListenAddress 0.0.0.0"<br />to your IP .<br />Regards.Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-7482119717228280832007-11-24T14:52:00.000-08:002007-11-25T09:48:17.221-08:00Corporate IM gateway <font color="#3333ff"><b><i> Corporate Instant Messaging system. </i></b></font><br> Task: installation of corporate Instant Messaging gateway with possibility of logging of all conversations.<br>Including adjustment of transport for others IM networks (ICQ, MSN, AIM ) As well as authentication of users in LDAP.<br> The choice between LCS (Live Communication Server M$) and XMPP/Jabber has been made instantly ;) .<br> It is necessary to choose only which Jabber server to use.<br> From the considered variants:<br> chime (Java) <a href="http://www.codecobra.com/chime/" id="gczq" title="http://www.codecobra.com/chime/">http://www.codecobra.com/chime/</a><br> DJabberd (Perl) <a href="http://danga.com/djabberd/" id="dbn1" title="http://danga.com/djabberd/">http://danga.com/djabberd/</a><br> ejabberd (Erlang) Home page and Community Site<br> jabberd14 (C) <a href="http://jabberd.org/" id="g5lj" title="http://jabberd.org/">http://jabberd.org/</a><br> jabberd2 (C) <a href="http://jabberd2.xiaoka.com/" id="g63p" title="http://jabberd2.xiaoka.com/">http://jabberd2.xiaoka.com/</a><br> Openfire (Wildfire Server) (Java) <a href="http://www.igniterealtime.org/projects/openfire/" id="wtdo" title="http://www.igniterealtime.org/projects/openfire/">http://www.igniterealtime.org/projects/openfire/</a><br> OpenIM (Java) <a href="http://www.open-im.net/" id="y9_0" title="http://www.open-im.net/">http://www.open-im.net/</a><br> pretzel (Python) <a href="http://code.google.com/p/pretzel/" id="jer_" title="http://code.google.com/p/pretzel/">http://code.google.com/p/pretzel/</a><br> psyced (LPC) <a href="http://www.psyced.org/" id="cokj" title="http://www.psyced.org/">http://www.psyced.org/</a><br> Tigase (Java) <a href="http://www.tigase.org/" id="b:nr" title="http://www.tigase.org/">http://www.tigase.org/</a><br> WPJabber (C) <a href="http://spik.wp.pl/jabber.html" id="vxeu" title="http://spik.wp.pl/jabber.html">http://spik.wp.pl/jabber.html</a><br> xmppd.py (Python) <a href="http://xmpppy.sourceforge.net/" id="dgcj" title="http://xmpppy.sourceforge.net/">http://xmpppy.sourceforge.net/</a><br> <br> For comparison the following document has been taken: <a href="http://www.jabber.org/admin/jsc/" id="md88" title="http://www.jabber.org/admin/jsc/">http://www.jabber.org/admin/jsc/</a><br> <br>From the advantages listed above - ejabberd option has been choosen mostly for the following reasons :<br>1.Protocol-standards compatibility (XMPP Core, XMPP IM),<br> 2.fully distributable<br> 3.database can be replicated to many nodes .<br> 4.The default database, Mnesia, is suitable for small, as well as big deployments.<br> 5.code can be updated while ejabberd is running (feature of Erlang)<br> 6.loading and unloading of modules while ejabberd is running is possible (feature of Erlang)<br> 7.Modular design<br> <span style="color: rgb(255, 0, 0);"><b> Installation</b></span><br> I have install ejabberd on FreeBSD 6.2 , I think that there won`t be large differences in Linux operating system. <br> Installation performed by ports using “portinstall”.<br> Before starting installation - it is necessary to download following software:<br> diablo-jdk<br> tzupdater (JDK US DST Timezone Update Tool)<br> Let's execute following actions:<br> cd /usr/ports/distfiles/<br> lynx '<a href="http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd6-i386-1.5.0_07-b01.tar.bz2" id="r80x" title="http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd6-i386-1.5.0_07-b01.tar.bz2">http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd6-i386-1.5.0_07-b01.tar.bz2</a>'<br> (Read and follow the license agreement)<br> Download via your web browser <a href="http://java.sun.com/javase/downloads/index.jsp" id="xt_5" title="http://java.sun.com/javase/downloads/index.jsp">http://java.sun.com/javase/downloads/index.jsp</a><br> and copy tzupdater-x_x_x_x_x.zip to /usr/ports/distfiles/<br> installing ejabberd:<br> <span style="color: rgb(0, 153, 0);">cd /usr/ports/</span><br style="color: rgb(0, 153, 0);"> <span style="color: rgb(0, 153, 0);"> portinstall -p ejabberd-1.1.4</span><br> Don't enable support ODBC .<br> If all these components successfully compiled and installed - the following line should appear in /etc/rc.conf <br><br><span style="color: rgb(51, 51, 255);">ejabberd_enable="YES"</span><br> <br><span style="color: rgb(255, 0, 0);"><b>DNS Records<br><br></b></span> eJabberd server and clients, are able to use DNS SRV records for hostname resolution. DNS SRV records allow for delegation of services — by port — to other hosts.<br> I described setting for BIND , if You use other DNS server - please check following documentation: <a href="http://jabberd.jabberstudio.org/2/docs/section05.html#5_7" id="b-55" title="http://jabberd.jabberstudio.org/2/docs/section05.html#5_7">http://jabberd.jabberstudio.org/2/docs/section05.html#5_7</a><br> There are 3 SRV records that could be created for a eJabberd server installation:<br> <span style="color: rgb(51, 51, 255);">_jabber._tcp.your_domain.com. 86400 IN SRV 5 0 5269 host.your_domain.com.</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);">_xmpp-server._tcp.your_domain.com. 86400 IN SRV 5 0 5269 host.your_domain.com.</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);">_xmpp-client._tcp.your_domain.com. 86400 IN SRV 5 0 5222 host.your_domain.com.</span><br style="color: rgb(0, 153, 0);"> <br> Replace “you_domain” with Your Domain Name and host with hostname, and don't forget to put “.” after the domain name.<br> <br> Let's configure eJabber.<br> <span style="color: rgb(0, 153, 0);">cp /usr/local/etc/ejabberd/ejabberd.cfg.example /usr/local/etc/ejabberd/ejabberd.cfg</span><br style="color: rgb(0, 153, 0);"> <span style="color: rgb(0, 153, 0);">cp /usr/local/etc/ejabberd/ejabberd.defaults.example /usr/local/etc/ejabberd/ejabberd.defaults</span><br> and edit fail:<br> vi /usr/local/etc/ejabberd/ejabberd.cfg<br> <span style="color: rgb(51, 51, 255);">{acl, admin, {user, "alex"}}.</span><br> Let's add here our user who will have the Administrator permission.<br> Change “localhost” to Your Server name. <br> <span style="color: rgb(51, 51, 255);"> % Host name:</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {hosts, ["host.your_domain.com"]}.</span><br> Configure support SSL:<br> vi /usr/local/etc/ejabberd/ejabberd.cfg<br> <span style="color: rgb(51, 51, 255);">% Listened ports:</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);">{listen,</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> [{5222, ejabberd_c2s, [{access, c2s},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {max_stanza_size, 65536},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> starttls, {certfile, "/usr/local/etc/ejabberd/server.pem"},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {shaper, c2s_shaper}]},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {5223, ejabberd_c2s, [{access, c2s},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {max_stanza_size, 65536},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> tls, {certfile, "/usr/local/etc/ejabberd/server.pem"},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {shaper, c2s_shaper}]},</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> % Use STARTTLS+Dialback for S2S connections</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {s2s_use_starttls, true}.</span><br style="color: rgb(51, 51, 255);"> <span style="color: rgb(51, 51, 255);"> {s2s_certfile, "/usr/local/etc/ejabberd/server.pem"}. </span> Full path to file sertificate !!!<br> Now We will create the certificate :<br> <span style="color: rgb(0, 153, 0);">cd /usr/local/etc/ejabberd/</span><br style="color: rgb(0, 153, 0);"> <span style="color: rgb(0, 153, 0);">openssl req -new -x509 -nodes -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem -subj </span><br style="color: rgb(0, 153, 0);"> <span style="color: rgb(0, 153, 0);"> "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=host.your_domain.com/emailAddress="postmaster@your_domain.com</span><br style="color: rgb(0, 153, 0);"> <span style="color: rgb(0, 153, 0);">cat privkey.pem >> server.pem</span><br style="color: rgb(0, 153, 0);"> <span style="color: rgb(0, 153, 0);">rm privkey.pem</span><br> <br> ...and start our server by: <span style="color: rgb(0, 153, 0);">/usr/local/etc/rc.d/ejabberd start</span><br> (Try to telnet localhost 5222 or 5223 for SSL in order to check this.)<br><br>Now you have working and reliable jabber server.<br> <br><span style="color: rgb(255, 0, 0);"><b> LDAP</b></span><br> <br>What about authentication abilities ? We need to authenticate users against LDAP server and to use LDAP Directory as vCard storage.<br> Edit the file - ejabberd.cfg<br> <pre style="margin-bottom: 0.2in;"><font face="Arial, sans-serif"><font size="3"> <span style="color: rgb(0, 153, 0);">vi</span></font></font><span style="color: rgb(0, 153, 0);"> /usr/local/etc/ejabberd/ejabberd.cfg<br><font color="#3333ff">% Authentication method. <br>%{auth_method, internal}. </font> <span style="color: rgb(0, 0, 0);"><---!!! Comment this line !!!!</span><br><br><font color="#3333ff">% For LDAP authentication use these lines instead of above one:<br>{auth_method, ldap}.<br>{ldap_servers, ["ldap.your_domain.com"]}. % List of LDAP servers<br>{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID<br>{ldap_base, "ou=People,dc=</font></span><font color="#3333ff"><span style="color: rgb(0, 153, 0);">your_domain</span><span style="color: rgb(0, 153, 0);">,dc=com"}. % Search base of LDAP directory<br>{ldap_rootdn, "cn=jabber,ou=DSA,dc=</span><span style="color: rgb(0, 153, 0);">your_domain</span></font><span style="color: rgb(0, 153, 0);"><font color="#3333ff"><font color="#3333ff">,</font>dc=com"}. % LDAP manager<br>{ldap_password, "password"}. % Password to LDAP manager<br></font><br></span>Now We want to use user`s LDAP-info as their vCard. In order to implement this - find and edit the following<br>line in section <br><br><font color="#009900">% Used modules:</font><br><br><font color="#3333ff">{mod_vcard_ldap, [{host, "ldapyour_domain.com"}]},</font><br></pre>and then just restart eJabber <font color="#009900">/usr/local/etc/rc.d/ejabberd restart</font><br> <br><font color="#ff0000"><b> Logging Messages</b></font><br> <br> I usеd for this purpose "Bandersnatch" software. <a href="http://funkypenguin.co.za/" id="vsjw" title="http://funkypenguin.co.za/">http://funkypenguin.co.za/</a><br>Originally , this soft works perfectly , but have a little issue with different encoding.<br> I need to log different languages such a France, Russian, Hebrew, Spain in my company.<br> So, I made a little correction in the Perl script and Data Base structure for "Bandersnatch".<br> If someone will be interested - please ask me by e-mail, I will send you by the reply<br> attached files.<br><br> ...unpack "Bandersnatch" archive to special directory and make executable<font color="#3333ff"> bandersnatch</font> Perl script<br> <font color="#009900"><br>chmod +x bandersnatch</font><br> <b>Cofigure ejabberd:</b><br> <p> Edit ejabberd.cfg and add this line to the 'modules' section: </p> <p> <font color="#3333ff">{mod_service_log, [{loggers, ["bandlog.your_domain.com"]}]},</font> </p> <p> </p> <pre>Add the following lines to 'listen' section to give eJabberd ability to listen for Bandersnatch connect.<br><font color="#3333ff">% listen for Bandersnatch connections <br>{5526, ejabberd_service, [{ip, {127, 0, 0, 1}}, {access, all},<br> {hosts, ["bandlog.your_domain.com"],<br> [{password, "password"}]}]}</font><br><br>Create DB for Log System <br></pre> mysql -u root -pPassword bandlog < bandersnatch.sql (I recommend use my file bandersnatch.sql)<br> <br> <b>Configure Bandersnatch:</b><br> edit config.xml<br> <font color="#3333ff"><server><br> <connectiontype>tcpip</connectiontype><br> <hostname>localhost</hostname><br> <port>5526</port><br> <secret>password</secret><br> </server><br> <component><br> <name>bandersnatch@bandlog.your_domain.com</name><br> </component><br> <mysql><br> <server>localhost</server><br> <dbname>bandlog</dbname><br> <username>bandlog</username><br> <password>bandlog</password><br> </mysql><br> <br> <font color="#000000">Do not forget to add to DNS a new A record ( like this example ):</font><br><br>bandlog A 192.168.1.1 <font color="#000000">( jabber server's IP)</font><br> <br> <font color="#000000">Now restart Your eJabberd server:<br> <font color="#009900">/usr/local/etc/rc.d/ejabberd restart</font><br> And run in "screen" bandersnatch:<br> <font color="#009900">./path/to/bandersnatch/bandrsnatch config.xml<br> <font color="#000000"> if You see output like this:<br> </font>Bandersnatch: Connected to Jabber server (localhost) ...<br> Bandersnatch: Connected to MySQL database (bandlog@localhost) ...<br><font color="#000000">You have successfully installed the system !</font><br> <br> <br><font color="#ff0000"><b>Transports<br></b><span style="color: rgb(0, 0, 0);">I srongly recomend read befor:<br></span></font></font></font></font><font style="color: rgb(255, 102, 0);" color="#3333ff"><a title="http://wiki.blathersource.org/wiki/index.php/PyICQt" href="http://wiki.blathersource.org/wiki/index.php/PyICQt" id="sb-1">http://wiki.blathersource.org/wiki/index.php/PyICQt</a></font><br><font style="color: rgb(51, 51, 255);" color="#3333ff"><a title="http://wiki.blathersource.org/wiki/index.php/PyAIMt" href="http://wiki.blathersource.org/wiki/index.php/PyAIMt" id="l404">http://wiki.blathersource.org/wiki/index.php/PyAIMt</a> <br><a title="http://delx.cjb.net/pymsnt/docs/user.html" href="http://delx.cjb.net/pymsnt/docs/user.html" id="ui:y">http://delx.cjb.net/pymsnt/docs/user.html</a><br></font> <font color="#3333ff"><font color="#000000">but if you have reached this point without a problem, with "transport" installation You should not have any problems.<br>I describe it together (ICQ, MSN, AIM) . At the moment of a writing of this article in OS FreeBSD port jabber-yahoo-2.3.2_2 has been marked IGNORE (broken)<br>please check for status of Yahoo transport on site <a title="http://yahoo-transport-2.jabberstudio.org/" href="http://yahoo-transport-2.jabberstudio.org/" id="ese6">http://yahoo-transport-2.jabberstudio.org/</a> <br><br>So, let's install all needed software:<br><font color="#009900">portinstall -p jabber-pyicq-transport-0.8a<br>portinstall -p jabber-pymsn-transport-0.11.2_2,1<br>portinstall -p jabber-pyaim-transport-0.8a</font><br><br>Add following "A" records to DNS<br><font color="#3333ff">icq.your_domain.com<br>msn.</font></font></font><font color="#3333ff"><font color="#3333ff">your_domain.com</font><br></font><font color="#3333ff"><font color="#000000"><font color="#3333ff">aim</font>.</font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff">your_domain.com<br><br><font color="#000000">Edit following rc scripts in /usr/local/etc/rc.d:</font><br><b>jabber-pyaim-transport</b><br> : ${jabber_pyaim_enable="YES"}<br> : ${jabber_pyaim_dir="/usr/local/lib/jabber/pyaim"}<br> : ${jabber_pyaim_piddir="/var/spool/ejabberd/pid"}<br> : ${jabber_pyaim_user="ejabberd"}<br> <br><b>jabber-pyicq-transport</b><br> : ${jabber_pyicq_enable="YES"}<br> : ${jabber_pyicq_dir="/usr/local/lib/jabber/pyicq"}<br> : ${jabber_pyicq_piddir="/var/spool/ejabberd/pid"}<br> : ${jabber_pyicq_user="ejabberd"}<br><br><b>jabber-pymsn-transport</b><br> : ${jabber_pymsn_enable="YES"}<br> : ${jabber_pymsn_dir="/usr/local/lib/jabber/pymsn"}<br> : ${jabber_pymsn_piddir="/var/spool/ejabberd/pid"}<br> : ${jabber_pymsn_user="ejabberd"}<br><font color="#000000"><br>Do not forgot make symlink and change owner:<br><span style="color: rgb(0, 153, 0);">chown -R </span></font></font></font></font><font style="color: rgb(0, 153, 0);" color="#3333ff">/usr/local/lib/jabber/<br>chown -R </font><font style="color: rgb(0, 153, 0);" color="#3333ff">/var/spool/ejabberd/</font><br><font color="#3333ff"><font color="#000000"><font color="#3333ff"><font color="#000000"><font color="#009900">ln -s /var/spool/ejabberd /var/spool/jabber</font></font></font></font></font><span style="font-family: monospace;"><br><br></span><font color="#3333ff"><font color="#000000"><font color="#3333ff"><font color="#000000">Now let's edit config of eJabberd server:<br><span style="color: rgb(0, 153, 0);">vi /usr/local/etc/ejabberd/ejabberd.cfg</span><br></font></font></font></font><span style="font-family: monospace;"><br>in section<br><span style="color: rgb(51, 51, 255);">% Listened ports: </span><br style="color: rgb(51, 51, 255);"></span><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);">add <br><span style="color: rgb(51, 51, 255);">% listen for PyICQt connections </span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">{5347, ejabberd_service, [{access, all},{host, "icq.your_domain.com",</span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);"> [{password, "preved"}]}]},</span><br style="color: rgb(51, 51, 255);"><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">% listen for PyMSNt connections </span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">{5348, ejabberd_service, [{host, "msn.</span></span></font></font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><span style="color: rgb(51, 51, 255);">your_domain</span></span></font></font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><span style="color: rgb(51, 51, 255);">.com",</span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);"> [{password, "password"}]}]},</span><br style="color: rgb(51, 51, 255);"><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">% listen for PyAIMt connections </span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">{5349, ejabberd_service, [{host, "aim.</span></span></font></font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><span style="color: rgb(51, 51, 255);">your_domain</span></span></font></font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><span style="color: rgb(51, 51, 255);">.com",</span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);"> [{password, "password"}]}]}<br><br></span>Edit following config of transports:<br></span></font></font></font><br style="font-weight: bold;"><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><font color="#3333ff"><b>jabber-pyicq.xml<br> </b> <jid>icq.your_domain.com</jid><br> <spooldir>/var/spool/ejabberd</spooldir><br> <pid>/var/spool/ejabberd/pid/PyICQt.pid</pid><br> <mainServer>127.0.0.1</mainServer><br> <port>5347</port><br> <secret>preved</secret> <br style="font-weight: bold;"><b>jabber-pymsn.xml<br></b></font></span></font></font></font> <font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><font color="#3333ff"> <jid>msn.your_domain.com</jid><br> <spooldir>/var/spool/ejabberd</spooldir><br> <pid>/var/spool/ejabberd/pid/PyMSNt.pid</pid><br> <mainServer>127.0.0.1</mainServer><br> <port>5348</port><br> <secret>password</secret> </font></span></font></font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><font color="#3333ff"><b> <br></b></font> <span style="color: rgb(51, 51, 255);"> <getAllAvatars/></span><br></span></font></font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><font color="#3333ff"><b>jabber-pyaim.xml<br> </b></font></span></font></font></font> <font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);"><font color="#3333ff"> <jid>aim.your_domain.com</jid><br> <spooldir>/var/spool/ejabberd</spooldir><br> <pid>/var/spool/ejabberd/pid/PyAIMt.pid</pid><br> <mainServer>127.0.0.1</mainServer><br> <port>5349</port><br> <secret>password</secret><br><br><br><span style="color: rgb(0, 0, 0);">Last stap - add to</span> /etc/rc.conf <span style="color: rgb(0, 0, 0);">following lines:<br><span style="color: rgb(51, 51, 255);">jabber_pyicq_enable="YES"</span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">jabber_pymsn_enable="YES"</span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">jabber_pyaim_enable="YES"</span><br></span><br></font></span></font></font></font><font color="#3333ff"><font color="#000000">Now restart Your eJabberd server:<br> <font color="#009900">/usr/local/etc/rc.d/ejabberd restart<br><br></font></font></font><font color="#3333ff"><font color="#000000"><font color="#3333ff"><span style="color: rgb(0, 0, 0);">and run all transports:<br><span style="color: rgb(51, 51, 255);">/usr/local/etc/rc.d/jabber-pyaim-transport start</span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">/usr/local/etc/rc.d/jabber-pyicq-transport start</span><br style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">/usr/local/etc/rc.d/jabber-pymsn-transport start</span><br><br><br><br>P.S.<br> about a Jabber Client software You can find more here <a title="http://en.wikipedia.org/wiki/List_of_Jabber_client_software" href="http://en.wikipedia.org/wiki/List_of_Jabber_client_software" id="nj1j">http://en.wikipedia.org/wiki/List_of_Jabber_client_software</a> <br>I recommend "<a title="PSI" href="http://www.psi-im.org/" id="tc1y">PSI</a>" and "<a title="Gajem" href="http://www.gajim.org/" id="wcht">Gajem</a>".<br><br><br></span> <br></font><br></font></font> <br> <br> <br>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-59030905754273131442007-11-11T11:38:00.000-08:002007-11-12T11:50:35.095-08:00PostgreSQL checkpoints<div style="text-align: center;"><span style="font-style: italic; color: rgb(0, 0, 153);font-size:130%;" ><span style="font-weight: bold;"> PostgreSQL checkpoints.</span></span><br /></div><br /><span style=";font-family:arial;font-size:100%;" >In documentation ( </span><a title="http://www.postgresql.org/docs/" href="http://www.postgresql.org/docs/" id="rmn2">http://www.postgresql.org/docs/</a><span style=";font-family:arial;font-size:100%;" > ) PostgreSQL checkpoints are described as follows:<br /><span style="color: rgb(102, 0, 204);">checkpoint_segments</span><span style="color: rgb(51, 153, 153);"><br />Maximum distance between automatic WAL checkpoints, in log file segments (each segment is normally 16 megabytes). The default is three segments. This parameter can only be set in the postgresql.conf file or on the server command line.<br /></span><span style="color: rgb(102, 0, 204);">checkpoint_timeout</span><span style="color: rgb(51, 153, 153);"><br />Maximum time between automatic WAL checkpoints, in seconds. The default is five minutes (5min). This parameter can only be set in the postgresql.conf file or on the server command line.<br /></span><span style="color: rgb(102, 0, 204);">checkpoint_warning </span><span style="color: rgb(51, 153, 153);"><br />Write a message to the server log if checkpoints caused by the filling of checkpoint segment files happen closer together than this many seconds (which suggests that checkpoint_segments ought to be raised). The default is 30 seconds (30s). Zero disables the warning. This parameter can only be set in the postgresql.conf file or on the server command line.<br /><span style="color: rgb(0, 0, 0);">I shall describe it is more expanded:<br /></span></span></span> <p style="margin-bottom: 0in;">When the transaction log no longer has available space, the installation of a so-called control checkpoint takes place. This serves as an order for the system to remove all the unprocessed material to a disk, so the log can become available for use once again. Additionally, the control checkpoint may be installed not upon occasion, but after a certain period of time, typically standing at 5 min. When there is massive logging to the database, the transaction log can become overloaded too rapidly. This, in turn, will lead to a substantial deceleration of the aforementioned material removal to a disk.</p> <p style="margin-bottom: 0in;">Establishing the installation frequency of control checkpoints:</p> <p style="margin-bottom: 0in;">The installation of control checkpoints must take place every couple of minutes. If the installation takes place too frequently (for instance, every minute), the productivity of the system would notably decrease. To establish the current frequency, at which the system installs control checkpoints, you can use the log's analysis of timestamps. First, however, make sure that you've allowed access to the log. Check follow options in the file <span style=";font-family:arial;font-size:100%;" >postgresql.conf:</span></p><p style="margin-bottom: 0in;"><span style="color: rgb(255, 0, 0);font-family:arial;font-size:100%;" > log_timestamp = true</span> </p> After that changes the file of a configuration will be automatically re-read, and you can observe in a logfile of server PostgreSQL following records:<br /><span style="color: rgb(0, 102, 0);font-family:arial;font-size:100%;" >2007-02-11 21:17:32 LOG: recycled transaction log file 0000000000000000<br />2007-02-11 21:17:33 LOG: recycled transaction log file 0000000000000001<br />2007-02-11 21:17:33 LOG: recycled transaction log file 0000000000000002<br /></span>Estimate the period between two control points. It will allow you to define their frequency.<br />In the example resulted above you can see, that control points were made each 40 seconds that is too frequent operation ,<br />and that slows down productivity of system as a whole. By the way, be not surprised, having found out records with the same<br />time mark (see above). Frequently the same control point enters the name in the log several times.<br /><br />Reduction of frequency of installation of Control points<br /><br />Reduction of frequency of Control points leads to increase in number of files of anticipatory caching, created in data/pg_xlog. Each file has the size of 16 mbyte, that as a result can affect considerably the general free space on a disk. Installation by default means minimization of number of such files. For reduction of frequency of control points you should change following parameter:<br /><br /><span style="color: rgb(255, 0, 0);">checkpoint_segments = 3<br /></span>Its initial value is equal 3.<br />Gradually increase this value until the interval between control<br />points not begins to be equaled to several minutes.<br />The next record in the logfile , which you can observe, can be like this:<br /><div class="Ih2E3d">LOG: XLogWrite: new log file created - consider increasing WAL_FILES<br /><br /></div> It means, that the parameter wal_files requiers increase in a file<br />postgresql.conf.<span style="color: rgb(255, 0, 0);"><br /></span><br /><br /><span style=";font-family:arial;font-size:100%;" ><span style="color: rgb(51, 153, 153);"><span style="color: rgb(0, 0, 0);"><br /></span></span></span><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-7933759293097663402007-11-06T01:40:00.000-08:002007-11-12T11:51:58.250-08:00Postfix and Cyrus TLS howto<p> <span style="font-family:arial;"><b><i><span style="color: rgb(0, 0, 153);">Cyrus Postfix AUTH TLS</span></i></b><br />Here comes TLS into play. Before we put it to work we need a certificate. Either you get it from a Certificate Authority whom you have to pay, or you create it for yourself. I will not describe how to become a Certificate Authority; instead I will show you how you can create a self signed .pem certificate. </span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">This howto is meant as a practical guide, it does not cover the theoretical backgrounds. </span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">And I would recommend will familiarize with the Documentation at leisure:</span> </p> <p style="margin-bottom: 0in;"> <a href="http://www.postfix.org/TLS_README.html"><span style="font-family:arial;">http://www.postfix.org/TLS_README.html</span></a> </p> <p style="margin-bottom: 0in;"><br /></p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">+++++++++ CERTIFICATE ++++++++++++++</span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">Now we have to generate the certificate files needed for TLS:<br /><span style="color: rgb(0, 153, 0);">mkdir /var/imap</span><br /><span style="color: rgb(0, 153, 0);">cd /var/imap</span></span> </p> <p> <span style="color: rgb(0, 153, 0);">openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024</span> </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Enter a password for smtpd.key.</span><br />chmod 600 smtpd.key<br />openssl req -new -key smtpd.key -out smtpd.csr</span></span> </p> <p style="margin-bottom: 0in;"> Again, enter your password for smtpd.key.<br />Enter your Country Name (e.g., "CA").<br />Enter your State or Province Name.<br />Enter your City.<br />Enter your Organization Name (e.g., the name of your company).<br />Enter your Organizational Unit Name (e.g. "IT Department").<br />Enter the Fully Qualified Domain Name of the system (e.g. "mail.mydomain.com").<br />Enter your Email Address. (postmaster@mydomain.com)<br />The following information is optional:<br />Enter a challenge password.<br />Enter an optional company name. </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt<br /><span style="color: rgb(0, 0, 0);">Again, enter your password for smtpd.key.</span><br />openssl rsa -in smtpd.key -out smtpd.key.unencrypted<br /><span style="color: rgb(0, 0, 0);">Again, enter your password for smtpd.key.</span><br />mv -f smtpd.key.unencrypted smtpd.key<br />openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out ca-cert.pem -days 3650</span></span> </p> <p style="margin-bottom: 0in;"> Again, enter your password for smtpd.key.<br />Enter your Country Name (e.g., "DE").<br />Enter your State or Province Name.<br />Enter your City<br />Enter your Organization Name (e.g., the name of your company).<br />Enter your Organizational Unit Name (e.g. "IT Department").<br />Enter the Fully Qualified Domain Name of the system (e.g. "mail.mydomain.com").<br />Enter your Email Address. (postmaster@mydomain.com) </p> <p><br /><br /></p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Make certificat and key file accessible by postfix and Cyrus</span></span><br /><span style="color: rgb(0, 102, 0);">chown -R cyrus:mail /var/imap/ </span> </p> <p style="margin-bottom: 0in;"><br />+++++++++++++++++++++++++++++++++++++++ </p> <p style="margin-bottom: 0in;"> +++++++++++++ POSTFIX +++++++++++++++++ </p> <p style="margin-bottom: 0in;"> Let's enable SMTP AUTH and TLS in Postfix </p> <p style="margin-bottom: 0in;"> Add to the file <span style="color: rgb(0, 0, 153);">/etc/postfix/main.cf </span><span style="color: rgb(0, 0, 0);">following lines:</span> </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">smtp_use_tls = yes<br />smtpd_use_tls = yes<br />smtpd_tls_CApath = /var/imap<br />smtpd_tls_CAfile = /var/imap/ca-cert.pem<br />smtpd_tls_cert_file = /var/imap/smtpd.crt<br />smtpd_tls_key_file = /var/imap/smtpd.key<br />smtpd_tls_loglevel = 1<br />smtpd_tls_received_header = yes</span></span> </p> <p style="margin-bottom: 0in;"><br /></p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">And uncomment in file <span style="color: rgb(0, 0, 153);">/etc/postfix/master.cf</span> lines:</span> </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">smtps inet n - n - - smtpd<br />-o smtpd_tls_wrappermode=yes<br />-o smtpd_sasl_auth_enable=yes</span></span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">And restart MTA <span style="color: rgb(0, 153, 0);">/etc/init.d/postfix restart</span></span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">++++++++++++++++++++++++++++++++++++++++</span> </p> <p style="margin-bottom: 0in;"><br /></p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">+++++++++++ Cyrus ++++++++++++++++</span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">For access to IMAP server using secure authentcation add/uncomment following lines: </span> </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 0, 153);"><span style="font-family:arial;">/etc/imapd.conf</span></span> </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">tls_cert_file: /var/imap/smtpd.crt<br />tls_key_file: /var/imap/smtpd.key<br />tls_ca_file: /var/imap/ca-cert.pem<br />tls_ca_path: /var/imap/</span></span> </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 0, 153);"><span style="font-family:arial;">/etc/cyrus.conf</span></span> </p> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100<br />pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50</span></span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">Then restart IMAP server <span style="color: rgb(0, 153, 0);">/etc/init.d/cyrus2.2 restart</span></span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">.</span> </p><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-52030519992001507862007-11-02T13:48:00.000-07:002007-11-12T11:54:24.679-08:00Filtering Image Spam With FuzzyOCR And SpamAssassin<p style="margin-bottom: 0in;" align="center"> <span style="color: rgb(51, 51, 255);"><span style="font-family:arial;"><i><b>Struggle against a spam.... An episode the third.</b></i></span></span> </p> <p style="margin-bottom: 0in;"> <span style="font-family:arial;"><br /> This article describes how to scan emails for image spam with <span style="color: rgb(255, 0, 0);">FuzzyOCR</span>. FuzzyOCR is a plugin for SpamAssassin which is aimed at unsolicited bulk mail containing images using different methods, it analyzes the content and properties of images to distinguish between normal and spam mails. Installation will reviewed on Debian(Etch).</span><br /> <span style="font-family:arial;">I assume that SpamAssassin (and MailServer) is already installed and working :) and exist symlink /etc/mail/spamassassin (other case <span style="color: rgb(0, 153, 0);">ln -s /etc/spamassassin /etc/mail/spamassassin</span></span> <span style="font-family:arial;">).</span><br /> <span style="font-family:arial;">For the beginning We install necessary dependences:</span><br /> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">aptitude install netpbm gifsicle libungif-bin gocr ocrad libstring-approx-perl libmldbm-sync-perl imagemagick tesseract-ocr libdbd-mysql-perl libdbi-perl libtie-cache-perl</span> </span><br /> <span style="font-family:arial;">Next step We download unpack and install the latest <span style="color: rgb(255, 0, 0);">FuzzyOCR</span></span> <span style="font-family:arial;">:</span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">cd /usr/src/</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">wget http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-3.5.1-devel.tar.gz</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">tar -zxvf fuzzyocr-3.5.1-devel.tar.gz<br /> cd FuzzyOcr-3.5.1/</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">cp -r FuzzyOcr* /etc/spamassassin/ </span><span style="color: rgb(0, 0, 0);">(include directory FuzzyOcr/</span></span><span style="color: rgb(0, 0, 0);"> <span style="font-family:arial;">!!! )<br /><br /> </span></span><span style="font-family:arial;">Source directory /usr/src/FuzzyOcr-3.5.1/</span> <span style="font-family:arial;">contain directory sapmples/ with sample spam emails, that we need later for testing.</span><br /> <span style="font-family:arial;">So, installation finished, now we start to configure it. All configs are in /etc/spamassassin/<br /> In the file <span style="color: rgb(0, 153, 0);">/etc/mail/spamassassin/FuzzyOcr.cf</span></span> <span style="font-family:arial;">uncomment follow line:</span><br /> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">focr_global_wordlist /etc/mail/spamassassin/FuzzyOcr.words<br /><br /> <span style="color: rgb(0, 0, 0);">The file</span> /etc/mail/spamassassin/FuzzyOcr.words</span><span style="color: rgb(0, 0, 0);"> <span style="font-family:arial;">is the predetermined list of words which goes with FuzzyOCR. You can recustomize оr to add it under the needs.<br /> Replace these two lines<br /> </span></span><span style="font-family:arial;">focr_bin_helper pnmnorm, pnminvert, pamthreshold, ppmtopgm, pamtopnm</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">focr_bin_helper tesseract</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">on following </span><span style="color: rgb(0, 153, 0);"><br /> focr_bin_helper pnmnorm, pnminvert, convert, ppmtopgm, tesseract</span></span><br /> <span style="font-family:arial;">Finally we add or uncomment next lines:<br /> <span style="color: rgb(0, 153, 0);">focr_path_bin /usr/local/netpbm/bin:/usr/local/bin:/usr/bin</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">focr_preprocessor_file /etc/mail/spamassassin/FuzzyOcr.preps</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">focr_scanset_file /etc/mail/spamassassin/FuzzyOcr.scansets</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">focr_enable_image_hashing 2</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">focr_digest_db /etc/mail/spamassassin/FuzzyOcr.hashdb</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">focr_db_hash /etc/mail/spamassassin/FuzzyOcr.db</span></span><br /> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">focr_db_safe /etc/mail/spamassassin/FuzzyOcr.safe.db<br /> <span style="color: rgb(0, 0, 0);">The last 4 lines - adjustment hashing instead of MySQL.<br /> Now we can feed all samples-spam mails to spamassassin, for check of its connected with Fuzzy.<br /> </span><span style="color: rgb(0, 153, 0);">/usr/bin/spamassassin </span>--debug FuzzyOcr < /usr/src/FuzzyOcr-3.5.1/samples/ocr-gif.eml > /dev/null<br /><br /> </span>As you see FuzzyOCR is working.</span><br /> <span style="font-family:arial;">Now restart Spamassassin and closely check</span><span style="color: rgb(0, 153, 0);"> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">(</span>tail -f /var/log/mail.info<span style="color: rgb(0, 0, 0);">)</span> </span></span><span style="font-family:arial;">on presence of errors from spamassassin or Perl modules.</span><br /> <span style="font-family:arial;">........Your SpamAssassin is now able to recognize image spam!</span> </p><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-35529100633193832482007-10-31T11:21:00.000-07:002007-11-12T11:54:57.920-08:00Corporate Mail Server<h3> </h3> <p style="margin-bottom: 0in;" align="center"> <span style="color: rgb(51, 51, 255);"><span style="font-family:arial;"><i><b>Fast Start with mail server.</b></i></span></span> </p> <p> <span style="font-family:arial;">In this article given an example setup and adjustments of post system on the basis of operational system Debian "Etch" with a following set of applications:</span> </p> <ul><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;"><b>Postfix-SMTP</b> </span> </p> </li><li> <p style="margin-bottom: 0in;"> <b><span style="font-family:arial;">Saslauthd</span></b> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;"><b>Saslbd2</b> </span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;"><b>Cyrus-imap</b> </span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;"><b>Amavisd-new</b> </span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;"><b>Spamassasin</b> </span> </p> </li><li> <p> <b><span style="font-family:arial;">Clamav</span></b> </p> </li></ul> <p> <span style="font-family:arial;">First of all, for continuation of setup it is necessary to adjust an environment.</span><br /> <span style="font-family:arial;">Add to </span><span style="font-family:Courier;"><span style="color: rgb(0, 153, 0);">/etc/apt/sources.list</span> additional source for latest version of ClamAV<br /> <span style="color: rgb(0, 153, 0);">deb http://volatile.debian.org/debian-volatile etch/volatile main contrib</span><br /> </span><span style="font-family:arial;">Further we shall update the list of packages:</span><br /> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">apt-get update<br /> <span style="color: rgb(0, 0, 0);">On it all preparatory measures is finished. Let's establish necessary for work of a Mail Server packages.<br /> </span></span><span style="font-family:Courier;">apt-get install postfix libsasl2 libsasl2-modules sasl2-bin cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-admin-2.2</span></span><br /> <span style="font-family:arial;">Let's adjust a server of authorization saslauthd on use of a database of passwords sasldb2.<br /> For this we shall edit a file <span style="color: rgb(0, 153, 0);">/etc/default/saslauthd <span style="color: rgb(0, 0, 0);">:<br /> </span></span></span><span style="color: rgb(0, 153, 0);"><span style="font-family:Courier;">START=yes</span><span style="font-family:arial;"><br /> </span><span style="font-family:Courier;">MECHANISMS="sasldb"<br /> <span style="color: rgb(0, 0, 0);">and start the service</span> /etc/init.d/saslauthd start<br /> </span></span><span style="font-family:Courier;"><span style="color: rgb(0, 0, 0);">Now we shall check up correctly it works, but for the beginning it is necessary to add even one user:</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">mailserver:~# saslpasswd2 test<br /> Password:<br /> Again (for verification):<br /> mailserver:~# sasldblistusers2<br /> test@mailserver: userPassword<br /> mailserver:~# testsaslauthd -u test -p test</span></span> </p> <p> <span style="color: rgb(0, 102, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">If you have received the message </span>"0: OK "Success."<span style="color: rgb(0, 0, 0);"> Means everything is all right.<br /> If authorization has not passed- check file </span>/var/log/auth.log<br /> <span style="color: rgb(0, 0, 0);">Now We need to transfer socket of saslauthd to "cherooted" working directory of postfix</span> /var/spool/postfix/ <span style="color: rgb(0, 0, 0);">make this by editing</span> /etc/fstab<br /> /var/run/saslauthd /var/spool/postfix/var/run/saslauthd none rw,bind 0 0<br /> <span style="color: rgb(0, 0, 0);">Also it is necessary make directory where we shall mount a socket of saslauthd:</span><br /> mkdir -p /var/spool/postfix/var/run/saslauthdmount /var/run/saslauthd<br /> <span style="color: rgb(0, 0, 0);">Now we shall configure postfix for use sasl authorizations:</span><br /> <span style="color: rgb(0, 0, 0);">edit </span>/etc/postfix/main.cf:<br /> smtpd_sasl_local_domain =<br /> smtpd_sasl_auth_enable = yes<br /> smtpd_sasl_security_options = noanonymous<br /> broken_sasl_auth_clients = yes<br /> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br /> smtpd_sasl_authenticated_header = yes<br /> smtpd_sasl_application_name = smtpd</span></span> </p> <p> <span style="color: rgb(0, 102, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Now we forbid to send mail through ours SMTP without authorization,<br /> For this purpose we shall create a file </span>/etc/postfix/sasl/smtpd.conf <span style="color: rgb(0, 0, 0);">with following contents:<br /> </span>pwcheck_method: saslauthd<br /> mech_list: PLAIN LOGIN</span></span> </p> <p> <span style="color: rgb(0, 0, 0);"><span style="font-family:arial;">Restart the Postfix server and let's closely see following files for mistakes:</span></span> </p> <ol><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">/var/log/mail.err</span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">/var/log/mail.info</span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="font-family:arial;">/var/log/mail.warn</span> </p> </li><li> <p> <span style="font-family:arial;">/var/log/mail.log</span> </p> </li></ol> <p> <span style="color: rgb(0, 102, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">That "to be friends" saslauthd and postfix it is necessary to execute the following:</span><br /> adduser postfix sasl</span></span> </p> <p> <span style="color: rgb(0, 102, 0);"><span style="font-family:arial;"><b><i><span style="color: rgb(102, 102, 204);">Cyrus-imapd: cyrus will be engaged in rreceive of mail from postfix, sorting it on folders and granting to it of access to users.</span></i></b></span></span> </p> <p> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Let's edit a file </span><span style="color: rgb(0, 102, 0);">/etc/imapd.conf</span></span> </p> <p> <span style="color: rgb(0, 102, 0);"><span style="font-family:arial;">admins: cyrus<br /> allowplaintext: yes<br /> sasl_mech_list: PLAIN<br /> sasl_pwcheck_method: saslauthd auxprop<br /> sasl_auxprop_plugin: sasldb</span></span> </p> <p> <span style="color: rgb(0, 0, 0);"><span style="font-family:arial;">Pay attention, <span style="color: rgb(255, 0, 0);">cyrus</span> the same as and <span style="color: rgb(255, 0, 0);">saslauthd</span>, it is necessary to cooperate with postfix, therefore they need to be made available each other. We take advantage of already known mechanism (by editing /etc/fstab):</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">/var/run/cyrus /var/spool/postfix/var/run/cyrus none rw,bind 0 0</span></span> </p> <p> <span style="font-family:arial;">It is not forgotten to create a folder for cyrus:</span> </p> <p> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">mkdir -p /var/spool/postfix/var/run/saslauthd<br /> mkdir -p /var/spool/postfix/var/run/cyrus<br /> mount /var/spool/postfix/var/run/saslauthd<br /> mount /var/spool/postfix/var/run/cyrus</span><br /> <span style="color: rgb(0, 153, 0);">mount /var/run/cyrus</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Now we give an opportunity <span style="color: rgb(255, 0, 0);">cyrus</span> to take away mails at </span><span style="color: rgb(255, 0, 0);">postfix </span><span style="color: rgb(0, 0, 0);">by editing </span>/etc/postfix/main.cf <span style="color: rgb(0, 0, 0);">:</span><br /> mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp<br /> local_recipient_maps =</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Let's add our Mail Server to <span style="color: rgb(204, 51, 204);">lmtp</span> group:</span><br /> addgroup lmtp<br /> adduser postfix lmtp</span></span> </p> <p> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">and make following: </span><br /> <span style="color: rgb(0, 153, 0);">dpkg-statoverride --remove /var/run/cyrus/socket<br /> dpkg-statoverride --force --update --add cyrus lmtp 750 /var/run/cyrus/socket</span></span> </p> <p> <span style="font-family:arial;">Names and passwords are stored in a format which is distinct from system, it is necessary to specify the given option. Above mentioned added options "<span style="color: rgb(0, 153, 0);">local_recipient_maps =</span>" It means " to accept letters for any addressee ". We add the user <span style="color: rgb(255, 0, 0);">cyrus</span> in our base of registration records:<br /> <span style="color: rgb(0, 153, 0);">saslpasswd2 -c cyrus</span></span> </p> <p> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Enter password, and restart the services:</span><br /> <span style="color: rgb(0, 153, 0);">/etc/init.d/postfix restart</span><br /> <span style="color: rgb(0, 153, 0);">/etc/init.d/cyrus2.2 restart</span><br /> <span style="color: rgb(0, 153, 0);">/etc/init.d/saslauthd restart</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">By this moment can already receive and send mails, create and delete folders on an IMAP-server, establish quotas and access rights on folders means of the utility </span><span style="color: rgb(255, 0, 0);">cyradm</span><span style="color: rgb(0, 0, 0);">. As all the further actions on adjustment for testing will demand to send and receive mail, I result the brief instruction on creation of IMAP accounts (mailboxes).</span></span></span> </p> <p> <br /><br /></p> <p> <span style="font-family:arial;"><span style="color: rgb(0, 153, 0);">saslpasswd2 –c <username><br /> cyradm –user cyrus localhost<br /> localhost>cm user.<username><br /> localhost>cm user.<username>.INBOX<br /> localhost>cm user.<username>.Sent<br /> localhost>cm user.<username>.Spam<br /> localhost>cm user.<username>.Draft<br /> localhost>cm user.<username>.Trash</username></username></username></username></username></username></username></span></span> </p> <p> <br /><br /></p> <p> <span style="color: rgb(102, 51, 255);"><span style="font-family:arial;"><i>"Be protected, sir". It is necessary to protect itself from a spam and viruses </i></span></span> </p> <p> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Let's start installation:</span><br /> <span style="color: rgb(0, 153, 0);">apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip unarj unrar bzip2<br /> </span><span style="color: rgb(0, 0, 0);">And make some changes to configuration files </span><span style="color: rgb(255, 0, 0);">amavisd</span><span style="color: rgb(0, 0, 0);">:</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Edit</span> /etc/amavis/conf.d/50-user</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">use strict;<br /> $forward_method = 'smtp:127.0.0.1:10025';<br /> $notify_method = $forward_method;<br /> $virus_quarantine_to = 'undef';<br /> $sa_local_tests_only = 0;<br /> @inet_acl = qw( 127.0.0.1 [::1] xxx.xxx.xxx.xxx );<br /> #------------ Do not modify anything below this line -------------<br /> 1; # insure a defined return</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Edit</span> /etc/amavis/conf.d/20-debian_defaults</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">use strict;<br /> $QUARANTINEDIR = '/var/lib/amavis/virusmails';<br /><br /> $log_recip_templ = undef; # disable by-recipient level-0 log entries<br /> $DO_SYSLOG = 1; # log via syslogd (preferred)<br /> $syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages<br /> $syslog_facility = 'mail';<br /> $syslog_priority = 'debug'; # switch to info to drop debug output, etc<br /> $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)<br /> $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1<br /> $inet_socket_port = 10024; # default listenting socket<br /> $sa_spam_subject_tag = '***SPAM*** ';<br /> $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level<br /> ##$sa_tag_level_deflt = -999;<br /> $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level<br /> $sa_kill_level_deflt = 6.31; # triggers spam evasive actions<br /> ##$sa_kill_level_deflt = 999;<br /> $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent<br /> $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger<br /> $sa_local_tests_only = 0; # only tests which do not require internet access?<br /><br /> # Quota limits to avoid bombs (like 42.zip)<br /> $MAXLEVELS = 14;<br /> $MAXFILES = 1500;<br /> $MIN_EXPANSION_QUOTA = 100*1024; # bytes<br /> $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes<br /><br /> ### DM ####<br /> $final_virus_destiny = D_REJECT; # (defaults to D_BOUNCE)<br /> $final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE)<br /> $final_spam_destiny = D_PASS; # (defaults to D_REJECT)<br /> $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested<br /> $viruses_that_fake_sender_re = new_RE(<br /> qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,<br /> qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,<br /> qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,<br /> qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,<br /> qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan<br /> qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc<br /> [qr'^(EICAR|Joke\.|Junk\.)'i => 0],<br /> [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],<br /> [qr/.*/ => 1], # true by default (remove or comment-out if undesired)<br /> );<br /><br /> $virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default<br /> # Leave empty (undef) to add no header<br /> $X_HEADER_LINE = "Debian $myproduct_name at $mydomain";<br /><br /> @viruses_that_fake_sender_maps = (new_RE(<br /> [qr'\bEICAR\b'i => 0], # av test pattern name<br /> [qr/.*/ => 1], # true for everything else<br /> ));<br /> @keep_decoded_original_maps = (new_RE(<br /> # qr'^MAIL$', # retain full original message for virus checking (can be slow)<br /> qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables<br /> qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,<br /> # qr'^Zip archive data', # don't trust Archive::Zip<br /> ));<br /><br /> # for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample<br /> $banned_filename_re = new_RE(<br /> # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components<br /><br /> # block certain double extensions anywhere in the base name<br /> qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,<br /><br /> qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict<br /><br /> qr'^application/x-msdownload$'i, # block these MIME types<br /> qr'^application/x-msdos-program$'i,<br /> qr'^application/hta$'i,<br /><br /> # qr'^application/x-msmetafile$'i, # Windows Metafile MIME type<br /> # qr'^\.wmf$', # Windows Metafile file(1) type<br /><br /> # qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types<br /><br /> # [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed<br /> # [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives<br /> # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives<br /><br /> qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic<br /> # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|<br /> # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|<br /> # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|<br /> # wmf|wsc|wsf|wsh)$'ix, # banned ext - long<br /><br /> # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.<br /><br /> qr'^\.(exe-ms)$', # banned file(1) types<br /> # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types<br /> );<br /> # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631<br /> # and http://www.cknow.com/vtutor/vtextensions.htm<br /> # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING<br /> @score_sender_maps = ({ # a by-recipient hash lookup table,<br /> # results from all matching recipient tables are summed<br /> # ## per-recipient personal tables (NOTE: positive: black, negative: white)<br /> # 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}],<br /> # 'user3@example.com' => [{'.ebay.com' => -3.0}],<br /> # 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0,<br /> # '.cleargreen.com' => -5.0}],<br /> ## site-wide opinions about senders (the '.' matches any recipient)</span></span> </p> <p> <span style="color: rgb(0, 153, 0);">'.' => [ # the _first_ matching sender determines the score boost<br /><br /> new_RE( # regexp-type lookup table, just happens to be all soft-blacklist<br /> [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],<br /> [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],<br /> [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],<br /> [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],<br /> [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],<br /> [qr'^(your_friend|greatoffers)@'i => 5.0],<br /> [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],<br /> ),<br /> # read_hash("/var/amavis/sender_scores_sitewide"),<br /> { # a hash-type lookup table (associative array)<br /> 'nobody@cert.org' => -3.0,<br /> 'cert-advisory@us-cert.gov' => -3.0,<br /> 'owner-alert@iss.net' => -3.0,<br /> 'slashdot@slashdot.org' => -3.0,<br /> 'securityfocus.com' => -3.0,<br /> 'ntbugtraq@listserv.ntbugtraq.com' => -3.0,<br /> 'security-alerts@linuxsecurity.com' => -3.0,<br /> 'mailman-announce-admin@python.org' => -3.0,<br /> 'amavis-user-admin@lists.sourceforge.net'=> -3.0,<br /> 'amavis-user-bounces@lists.sourceforge.net' => -3.0,<br /> 'spamassassin.apache.org' => -3.0,<br /> 'notification-return@lists.sophos.com' => -3.0,<br /> 'owner-postfix-users@postfix.org' => -3.0,<br /> 'owner-postfix-announce@postfix.org' => -3.0,<br /> 'owner-sendmail-announce@lists.sendmail.org' => -3.0,<br /> 'sendmail-announce-request@lists.sendmail.org' => -3.0,<br /> 'donotreply@sendmail.org' => -3.0,<br /> 'ca+envelope@sendmail.org' => -3.0,<br /> 'noreply@freshmeat.net' => -3.0,<br /> 'owner-technews@postel.acm.org' => -3.0,<br /> 'ietf-123-owner@loki.ietf.org' => -3.0,<br /> 'cvs-commits-list-admin@gnome.org' => -3.0,<br /> 'rt-users-admin@lists.fsck.com' => -3.0,<br /> 'clp-request@comp.nus.edu.sg' => -3.0,<br /> 'surveys-errors@lists.nua.ie' => -3.0,<br /> 'emailnews@genomeweb.com' => -5.0,<br /> 'yahoo-dev-null@yahoo-inc.com' => -3.0,<br /> 'returns.groups.yahoo.com' => -3.0,<br /> 'clusternews@linuxnetworx.com' => -3.0,<br /> lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,<br /> lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,<br /><br /> # soft-blacklisting (positive score)<br /> 'sender@example.net' => 3.0,<br /> '.example.net' => 1.0,<br /> },<br /> ], # end of site-wide tables<br /> });<br /> 1; # insure a defined return</span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 0, 0);">Add user </span><span style="color: rgb(255, 0, 0);">clamav</span> <span style="color: rgb(0, 0, 0);">to group </span><span style="color: rgb(255, 0, 0);">amavis</span><span style="color: rgb(0, 0, 0);">:</span><br /> adduser clamav amavis<br /> <span style="color: rgb(0, 0, 0);">Now we force postfix to give mail for check to antivirus,<br /> Add to file </span>/etc/postfix/master.cf<br /> smtp-amavis unix - - n - 2 smtp<br /> -o smtp_data_done_timeout=1200<br /> -o smtp_send_xforward_command=yes<br /> -o disable_dns_lookups=yes<br /> 127.0.0.1:10025 inet n - n - - smtpd<br /> -o content_filter=<br /> -o local_recipient_maps=<br /> -o relay_recipient_maps=<br /> -o smtpd_restriction_classes=<br /> -o smtpd_client_restrictions=<br /> -o smtpd_helo_restrictions=<br /> -o smtpd_sender_restrictions=<br /> -o smtpd_recipient_restrictions=permit_mynetworks,reject<br /> -o mynetworks=127.0.0.0/8<br /> -o strict_rfc821_envelopes=yes<br /> -o smtpd_error_sleep_time=0<br /> -o smtpd_soft_error_limit=1001<br /> -o smtpd_hard_error_limit=1000<br /> <span style="color: rgb(0, 0, 0);">As add in the end of file </span>/etc/postfix/main.cf <span style="color: rgb(0, 0, 0);">:</span><br /> content_filter=smtp-amavis:[127.0.0.1]:10024<br /> receive_override_options = no_address_mappings</span> </p> <p> <span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Restart the Postfix it also look there are no error in a logfile</span><br /> <span style="color: rgb(0, 153, 0);">/etc/init.d/postfix restart<br /> tail /var/log/mail.log</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Let's still more some tools and we adjust spamassassin:</span><br /> apt-get install razor pyzor dcc-client</span></span> </p> <p> Edit file <span style="color: rgb(0, 153, 0);">/etc/spamassassin/local.cf<br /> </span><span style="color: rgb(0, 0, 0);">(take into consideration difference between version 3.0. and 3.1. We review 3.1)</span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"># rewrite_header Subject *****SPAM*****<br /> # report_safe 1<br /> # trusted_networks 10.0.1.<br /> # lock_method flock<br /> # dcc<br /> use_dcc 1<br /> #pyzor<br /> use_pyzor 1<br /> #razor<br /> use_razor2 1<br /> #bayes<br /> use_bayes 1<br /> use_bayes_rules 1<br /> bayes_auto_learn 1</span></span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">and uncoment follow line in file</span> /etc/spamassassin/v310.pre <span style="color: rgb(0, 0, 0);">:<br /> </span>loadplugin Mail::SpamAssassin::Plugin::DCC<br /> loadplugin Mail::SpamAssassin::Plugin::Pyzor<br /> loadplugin Mail::SpamAssassin::Plugin::Razor2<br /> loadplugin Mail::SpamAssassin::Plugin::AntiVirus</span></span> </p> <p> <span style="font-family:arial;">Now it is necessary to allow spamassassin to be started:</span> </p> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;"><span style="color: rgb(0, 0, 0);">Edit</span></span> <span style="font-family:arial;">/etc/default/spamassassin</span> <span style="font-family:arial;">:</span><br /> ENABLED=1</span> </p> <p> <span style="color: rgb(0, 0, 0);"><span style="font-family:arial;">And restart following services:</span></span> </p> <ul><li> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">/etc/init.d/clamav-freshclam restart</span></span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">/etc/init.d/clamav-daemon restart</span></span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">/etc/init.d/spamassassin restart</span></span> </p> </li><li> <p style="margin-bottom: 0in;"> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">/etc/init.d/amavis restart</span></span> </p> </li><li> <p> <span style="color: rgb(0, 153, 0);"><span style="font-family:arial;">/etc/init.d/postfix restart</span></span> </p> </li></ul> <p style="margin-bottom: 0in;"> <br /> <span style="font-family:arial;">The theme of setup and maintains of a MailServer under Linux can be developed infinitely, :-)</span><br /> <span style="font-family:arial;">but in this article it is considered fast and easy way of install and configure of corporate Mail Server with IMAP access and antispam antivirus protection.<br /><br /> P.S.<br /> </span>All of the credentials are sent in cleartext which means they can be sniffedm the wire.<br /> <a href="http://morozovsky.blogspot.com/search/label/Postfix%20and%20Cyrus%20TLS">... What about TLS ?</a> </p> <p style="margin-bottom: 0in;"> <br /></p><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-22637734266478993532007-10-30T12:44:00.000-07:002007-11-12T11:55:44.970-08:00DNSBL server for Postfix<p> <b><i><span style="color: rgb(51, 51, 255);">Personal DNSBL(RBL) server for Postfix</span></i></b><br /><br /> In this article described an example of installation and configuring local DNSBL (RBL) server,<br /> for subsequent using it in the POSTFIX. For the simplicity DNSBL-server, DNS-server BIND and Postfix are being deployed altogether on one machine. The following software is being used in this example: Debian Linux, rbldnsd, BIND, rblcheck and Postfix.<br /><br /> * Configuring rbldnsd<br /> * Configuring of DNS-Server BIND<br /> * Configuring Postfix<br /> * Checking<br /><br /> 1) Configuring rbldnsd<br /><br /> First of all rbldnsd is being installed:<br /><br /> # apt-get install rbldnsd rblcheck<br /><br /> Everything is very simple<br /> Further we need to download several DNSBL-zones from internet sites that manage it. For this purpose we will use included in Debian Linux software "rsync"<br /><br /> # rsync -tvPz rsync.dsbl.org::dsbl/rbldns-list.dsbl.org /var/db/rbldnsd/rbldns-list.dsbl.org<br /> # rsync -tvPz rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-1.uceprotect.net<br /> /var/db/rbldnsd/dnsbl- 1.uceprotect.net<br /> # rsync -tvPz rsync.spamcannibal.org::zonefiles/bl.spamcannibal.org.in.ip4set.rbl<br /> /var/db/rbldnsd/bl.spamcannibal.org.in.ip4set.rbl<br /><br /> It will be more than enough for the beginning - in "useful links" you may find some additional sites<br /> that allow free access to their DNSBL-lists.<br /> Continue with configuring of rbldnsd in the file /etc/default/rbldnsd:<br /><br /> RBLDNSD="dnsbl -r /var/db/rbldnsd -b 127.0.0.1/530 \<br /> list.dsbl.org:ip4tset:rbldns-list.dsbl.org \<br /> dnsbl-1.uceprotect.net:ip4tset:dnsbl-1.uceprotect.net \<br /> rbl.spamcannibal.org:ip4set:bl.spamcannibal.org.in.ip4set.rbl \<br /> "<br /> Pay attention, that rbldnsd will use UDP-port 530, because UDP-port 53 will remain free for BIND.<br /> Right now let launch rbldnsd and let add it to run level by default.<br /><br /> # /etc/init.d/rbldnsd start<br /><br /> 2) Setting up DNS-Server-BIND<br /><br /> Installing<br /> # apt-get install bind<br /><br /><br /> Configuring the following file "/etc/bind/named.conf"<br /><br /> zone "list.dsbl.org" IN {<br /> type forward;<br /> forward first;<br /> forwarders {<br /> 127.0.0.1 port 530;<br /> };<br /> };<br /><br /> zone " dnsbl-1.uceprotect.net" IN {<br /> type forward;<br /> forward first;<br /> forwarders {<br /> 127.0.0.1 port 530;<br /> };<br /> };<br /><br /> zone "rbl.spamcannibal.org " IN {<br /> type forward;<br /> forward first;<br /> forwarders {<br /> 127.0.0.1 port 530;<br /> };<br /> };<br /><br /> - this way we will point BIND to address regarding specified zones to our rbldnsd which is listening on<br /> UDP-port 530 . Let's start BIND add it to run level by default.<br /> # /etc/init.d/named start<br /><br /> Don`t forget to edit "/etc/resolv.conf" for addressing to our local BIND<br /><br /> nameserver 127.0.0.1<br /><br /> 3) Configuring Postfix<br /><br /> We are consuming that Postfix already installed and basically configured. We will edit only one section in the following file: "/etc/postfix/main.cf"<br /><br /> smtpd_sender_restrictions =<br /> reject_rbl_client list.dsbl.org,<br /> reject_rbl_client dnsbl-1.uceprotect.net,<br /> reject_rbl_client rbl.spamcannibal.org<br /><br /> We will add only the following lines: reject_rbl_client ..., - Let's consume that you already configured<br /> all other restrictions and rejections.<br /><br /><br /> let launch Postfix and let add it to run level by default.<br /><br /> # /etc/init.d/postfix start<br /><br /> 4) Check out<br /><br /> For the check out very simple and comfortable to set up rblcheck software<br /><br /> For instance, let's grab IP address from file DNSBL of DSBL-zone.<br /><br /> # tail -n1 /var/db/rbldnsd/rbldns-list.dsbl.org<br /> 1.2.3.4<br /><br /> (the address is fake here) and lets check if our rbldnsd server will consider it as a spam:<br /><br /> # rblcheck -s l27.0.0.1 1.2.3.4<br /> 1.2.3.4 RBL filtered by bl.dsbl.org<br /><br /> -Yes, the answer is positive ! In case that IP address is missing from current DNSBL-zone, so answer will be<br /> - not RBL filtered by -<br /><br /> Very simple, easy and short. As far as you see there is nothing complicated to set up and configure your own dedicated DNSBL server for using it with group of mail server and not only... </p><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-8841002639621517602007-10-26T12:34:00.000-07:002007-11-12T11:56:20.301-08:00Samba and SSHFS<span style="font-weight: bold; color: rgb(51, 51, 255); font-style: italic;font-size:130%;" ></span><h3><a href="http://morozovsky.blogspot.com/2007/10/samba-and-sshfs.html"><br /></a> </h3> <p><b><i><span style="color:#3333ff;">Sharing remote file system via Samba</span></i></b><br />In given article reviewed example installation and configuration "Fuse" for sharing via Samba file system of other server.<br /><br />From the beginning I use Samba as a gateway to export NFS volumes of other server to Windows clients.<br />I am using FreeBSD as NFS server and another Linux box (Debian) to mount the remote NFS volume locally, and this box also runs Samba3, export the local directory (on which the NFS volume is mounted) as CIFS shares.<br />My problem is that when using smbclient to access the CIFS share, I can get a directory listing, but after connecting I received “Error in dskattr: code 0” . If access from Windows clients, it takes a long time to display the directory contents, and then the Explorer window will keep hanging.<br />I've found other solution instead of NFS. What if I connected to the remote machines via SSHFS on FreeBSD machine and then shared the mounted directories via Samba on Linux machine ??<br />...So, We going to install SSHFS on Linux box (Debian in my case).<br />apt-get install sshfs<br />If You need mount directory as a regular user, you need to be added to the "fuse" group, which the package created:<br />adduser your-username fuse<br />Create a file at /etc/fuse.conf<br />touch /etc/fuse.conf<br />Put the following line in /etc/fuse.conf:<br />echo “user_allow_other” > /etc/fuse.conf<br />now I try to mount remote file system<br />sshfs root@192.168.0.1:/remotefolder /data/localfolder<br />and then receive ......failure:<br />fuse device not found, try 'modprobe fuse' first FATAL: Module fuse not found.<br />I found that needed to create a module for the kernel “fuse” . for installing fuse-source add following source to your Apt source.list:<br />deb http://ftp.de.debian.org/debian lenny main<br />apt-get update<br />apt--get install fuse-source<br />apt-get install dpatch ### Dependences<br />apt-get install module-assistant ### Dependences<br />apt-get install kernel-headers-`uname -r` ### Dependences<br />apt-get install kernel-source-`uname -r` ### Dependences<br />module-assistant build fuse #### Build module from source<br />m-a install fuse-source #### Installing module<br />Before loading the fuse kernel module, create the device node manually:<br />mknod -m 666 /dev/fuse c 10 229<br />modprobe fuse #### Loading the fuse kernel module<br />At this point You can rerun mounting : sshfs root@192.168.0.1:/remotefolder /data/localfolder</p> <p style="margin-bottom: 0in;"><br /></p><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-56581473958084760082007-10-26T10:57:00.000-07:002007-11-12T11:56:45.464-08:00Postfix - second instance<p style="margin-bottom: 0in;"> <span style="color: rgb(51, 51, 255);"><i><b>How-To run Postfix second instance</b></i></span> </p> <p style="margin-bottom: 0in;"> Adding a second Postfix instance<br /> 1.Add new IP address to the server.<br /> 2.Copy /etc/postfix to /etc/postfix_new_instance cp rp /etc/pstfix /etc/postfix_new_instance<br /> 3.Create an additional spool directory /var/spool/postfix_new_instance<br /> 4.Edit the new config files (/etc/postfix_new_instance/main.cf):<br /> a) add queue_directory = /var/spool/postfix_new_instance<br /> b) add inet_interfaces = xxx.xxx.xxx.xxx (127.0.0.1 not need)<br /> mynetwork = xxx.xxx.xxx.xxx<br /> c)myhostname = .... , mydomain = ..... , myorigin = $mydomain<br /> d)mydestination = $myhostname, $mydomain<br /> 5.Edit the old config file (/etc/postfix/main.cf)<br /> add inet_interfaces = 127.0.0.1 , xxx.xxx.xxx.xxx all needed IP's<br /> (don't forget 127.0.0.1 !!!!)<br /> 6.Let Postfix create the appropriate subdirectories and permissions:<br /> postfix c /etc/postfix_new_instance check<br /> cp rp /var/spool/postfix/etc /var/spool/postfix_new_instance<br /> cp rp /var/spool/postfix/usr /var/spool/postfix_new_instance<br /> cp rp /var/spool/postfix/lib /var/spool/postfix_new_instance<br /> 7.Create startup script for secondary instance:<br /> cd /etc/init.d/<br /> touch postfix_new_instance<br /> paste in fail<br /> #!/bin/sh<br /> # Start or stop second Postfix Instances<br /> PATH=/bin:/usr/bin:/sbin:/usr/sbin<br /> DAEMON=/usr/sbin/postfix<br /> NAME=Postfix<br /> case "$1" in<br /> start)<br /> echo n "Starting mail transport agent: Postfixpriv"<br /> $DAEMON c /etc/postfix_new_instance start 2>&1 |<br /> (grep v 'starting the Postfix' 1>&2 || /bin/true)<br /> echo "."<br /> ;;<br /> stop)<br /> echo n "Stopping mail transport agent: Postfixout"<br /> $DAEMON c /etc/postfix_new_instance stop 2>&1 |<br /> (grep v 'stopping the Postfix' 1>&2 || /bin/true)<br /> echo "."<br /> ;;<br /> restart)<br /> $0 stop<br /> $0 start<br /> ;;<br /> *)<br /> echo "Usage: /etc/init.d/postfix_new_instance {start|stop|restart}"<br /> exit 1<br /> ;;<br /> esac<br /> exit 0<br /> 8.pwd > /etc/init.d Ok. !<br /> 9. updaterc.d postfix_new_instance defaults<br /> Adding system startup for /etc/init.d/postfix_priv ...<br /> /etc/rc0.d/K20postfix_new > ../init.d/postfix_new<br /> /etc/rc1.d/K20postfix_new > ../init.d/postfix_new<br /> /etc/rc6.d/K20postfix_new > ../init.d/postfix_new<br /> /etc/rc2.d/S20postfix_new > ../init.d/postfix_new<br /> /etc/rc3.d/S20postfix_new > ../init.d/postfix_new<br /> /etc/rc4.d/S20postfix_new > ../init.d/postfix_new<br /> /etc/rc5.d/S20postfix_new > ../init.d/postfix_new<br /> /etc/init.d/postfix restart<br /> /etc/init.d/postfix_new_instance start </p> <style type="text/css">!-- @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } --></style><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.comtag:blogger.com,1999:blog-3510857628296195983.post-16928022884049739592007-10-26T10:46:00.000-07:002007-11-12T11:57:36.441-08:00Curiculum VitaeTalented, results-driven Unix oriented System Administrator, with extensive background in<br />Systems and network Engineering, Design, Support, and Installation. Proven ability to design and implement large-scale network and system infrastructures at the national and global levels.<br />Adept at determining requirements, project scheduling, and technology planning.<br /><br />QUALIFICATIONS<br /><br />Install configure and patch Linux (such as Debian, SuSE), FreeBSD Operating System.<br />Build, install, and configure complex Open Source software.<br />Create and maintain scripts of various kinds. (Perl, PHP, Bash, Ksh).<br />Ability to code/troubleshoot low-complexity web-applications in PHP, Perl.<br />Develop web-based and console tools that assist other teams in configuring and maintain services.<br />Manipulate data and log files to provide extensive statistical reporting.<br />Execute new system roll-outs, migrations and modifications.<br />VMWare, architecture/design and network experience. Install and configure GSX, ESX.<br />Hight skill level in hardware design, diagnosis, repair / upgrade, strong troubleshooting abilities<br />and electronic repair.<br />Network professional (CCNA level).Good knowledge of Protocol Stacks / OSI model<br />(TCP/IP, HTTP, STP, RSTP, RIP,OSPF, etc)<br />Fast self-learner.<br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"><br /></script><br /><script type="text/javascript"><br />_uacct = "UA-3000035-1";<br />urchinTracker();<br /></script>Dmitriy Morozovskyhttp://www.blogger.com/profile/09819676255332537334noreply@blogger.com