Latest Entry
Mar 9, 2010 Postfix, Tips & Tricks
If you are administrating a mail server and use blacklists to block spam, sometimes you may have a problem with certain mail servers. This happens because a specific mail server was blacklisted. You can see that one server was blacklisted if you trace your maillog:
reject: RCPT from unknown[196.206.244.208]: 554 5.7.1 Service unavailable; Client host [196.206.244.208] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?196.206.244.208; from=<laya@mymail.com> to=<laya@mymail.com> proto=SMTP helo=<aimp.org>
In this example, the mail server 196.206.244.208 is blacklisted and therefore blocked (also in this case, message was spam and we won’t whitelist 196.206.244.208).
To whitelist servers, we need one file (for example /etc/postfix/rbl_whitelist) where we will list all IP addresses or host names marked for whitelist.
# nano /etc/postfix/rbl_whitelist
Every line should contain only one IP address or one hostname in next format
196.196.196.196 OK
mail.mymail.com OK
Save file and then run:
# postmap /etc/postfix/rbl_whitelist
After you created whitelist in postfix format, open /etc/postfix/main.cf and search for the smtpd_recipient_restrictions parameter. Add
check_client_access hash:/etc/postfix/rbl_whitelist
after reject_unauth_destination, but before the first blacklist.
Remember BEFORE the first blacklist or this won’t work.
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_client_access hash:/etc/postfix/rbl_whitelist,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permitThe lines shown above is only example. Please check all those blacklist because some of them are not active any more….
And finally reload postfix with
# service postfix restart
or
# /etc/init.d/postfix restart
Edit
Remember that smtpd_recipient_restrictions section mentioned above is just for reference. Please double check this blacklists before you use them. (Some of them doesn’t work any more). Especially if you find this post 3 years after I wrote it…
Recent Entries
Feb 26, 2010 Hardware, MySQL, Tips & Tricks
If you want to test server performance, you can think about SysBench. SysBench is a modular, cross-platform and multi-threaded benchmark tool for evaluating OS parameters that are important for a system running a database under intensive load. The idea of this benchmark suite is to quickly get an impression about system performance without setting up complex database benchmarks or even without installing a database at all.
Current features allow to test the following system parameters:
* file I/O performance
* scheduler performance
* memory allocation and transfer speed
* POSIX threads implementation performance
* database server performance (OLTP benchmark)
(Primarily written for MySQL server benchmarking, SysBench will be further extended to support multiple database backends, distributed benchmarks and third-party plug-in modules)
I couldn’t find CentOS RPM so here are few tips how to install it manually.
Download Sysbench (current version is 0.4.12)
# wget http://garr.dl.sourceforge.net/sourceforge/sysbench/sysbench-0.4.12.tar.gz
Then unpack it and install with
# tar -xvzf sysbench-0.4.12.tar.gz
# cd sysbench-0.4.12
# libtoolize --force --copy
# ./autogen.sh
# ./configure
# make
# make install
To test CPU performance you can try
# sysbench --test=cpu --cpu-max-prime=20000 run
For MySQL test, you’ll need to prepare database for testing with
# sysbench --test=oltp --mysql-table-engine=innodb --oltp-table-size=500000 --mysql-user=test_database --mysql-password=test_database_password --mysql-socket=/var/lib/mysql/mysql.sock prepare
(replace test_database with valid username and test_database_password with valid password)
This command will create sample table inside test_database and it will have 500 000 rows (InnoDB engine).
sysbench 0.4.12: multi-threaded system evaluation benchmark
No DB drivers specified, using mysql
Creating table 'test-database'...
Creating 500000 records in table 'test-database'...
Now to start read test
# sysbench --num-threads=16 --max-requests=100000 --test=oltp --oltp-table-size=500000 --mysql-socket=/var/lib/mysql/mysql.sock --oltp-read-only --mysql-user=test_database --mysql-password=test_database_password run
For read-write test you can try
# sysbench --num-threads=16 --max-requests=10000 --test=oltp --oltp-table-size=500000 --mysql-socket=/var/lib/mysql/mysql.sock --oltp-test-mode=complex --mysql-user=test_database --mysql-password=test_database_password run
More info about specific parameters can be found in official docs (http://sysbench.sourceforge.net/docs/)
Jan 22, 2010 Networks, Other, Tips & Tricks
Trivial File Transfer Protocol (TFTP) is a file transfer protocol, with the functionality of a very basic form of File Transfer Protocol (FTP). It was first defined in 1980 and it is used for operations like firmware upgrade on network devices. This post won’t be the history lesson 
. To install tftp server on RH based distros, follow the next steps
Install tftp-server with
# yum install tftp-server xinetd
Now you will need to set up some things before you can start and use tftp server
# nano /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}To enable tftp server, set “disable” to no. Also, check server_args. In this case, all files will be/must be in /var/lib/tftpboot. If you have any problems with permissions, try to chmod 777 /var/lib/tftpboot and fix perms later.
Restart xinetd to apply settings you just made
Setting “disable” to yes will disable tftp server and for security reasons, you should disable tftp whenever you don’t need it.
TFTP has been implemented on top of the User Datagram Protocol (UDP) using port number 69. TFTP is designed to be small and easy to implement, therefore, lacks most of the features of a regular FTP. TFTP only reads and writes files (or mail) from/to a remote server. It cannot list directories, and currently has no provisions for user authentication.
In TFTP, any transfer begins with a request to read or write a file, which also serves to request a connection. If the server grants the request, the connection is opened and the file is sent in fixed length blocks of 512 bytes. Each data packet contains one block of data, and must be acknowledged by an acknowledgment packet before the next packet can be sent. A data packet of less than 512 bytes signals termination of a transfer. If a packet gets lost in the network, the intended recipient will timeout and may retransmit his last packet (which may be data or an acknowledgment), thus causing the sender of the lost packet to retransmit that lost packet. The sender has to keep just one packet on hand for retransmission, since the lock step acknowledgment guarantees that all older packets have been received. Notice that both machines involved in a transfer are considered senders and receivers. One sends data and receives acknowledgments, the other sends acknowledgments and receives data.
Jan 4, 2010 Other, Tips & Tricks
It is useful to know how to check the size of a folder. All you need to do is to run next command:
For example:
[root@myserver /]# du -hs /mail/mydomain.com/
837M /mail/mydomain.com/
In this case, the size is shown in MBs.
Dec 30, 2009 Other, Tips & Tricks
Hi there… Its been a while since my last post and that seems like a tradition for my blogs… Few posts and then couple months of inactivity… Well, you know, I’m busy, I’m sick, tired etc.. At the end I would like to announce a couple articles about Sysbench, mod_fcgid and other “Nuclear science” utilities…
see ya …
May 30, 2009 CentOS, Tips & Tricks
You can run the command below at a command prompt to see what version of Centos/Fedora/RH your server is running.
[root@hydra:~]# cat /etc/redhat-release
CentOS release 5.2 (Final)
Fedora sample:
[root@s2 ~]# cat /etc/redhat-release
Fedora release 7 (Moonshine)
Apr 2, 2009 CentOS, PHP
As you probably know, the latest CentOS and RHEL distros are available only with PHP 5.1.6 and if you want to upgrade PHP, you need to install it manually (or to find someone to do it for you ). The 5.2.5 release brings several security enhancements, more than 60 bug fixes, and improved performance for those of you that like arrays (and really, who doesn’t?). I wanted to install latest RoundCube webmail application and it won’t work if you don’t have PHP> 5.2. Also, latest Vivvo won’t work without 5.2.x
So, if you don’t want to build rpms or to go through ./configure, make, make install nightmare, you can enable Jason Litka yum repository to your RHEL or CentOS system. To do this please follow next few steps.
First you need to validate that the packages came from Jason Litka and you’ll do it with next command:
#rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
After you added his public GPG key, you’ll need to adjust yum so he can search at his repo. To do this, please follow next steps:
#nano -w /etc/yum.repos.d/utterramblings.repo
Now copy next lines inside this file and save those changes.
[utterramblings]
name=Jason's Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
Now you can upgrade your PHP installation with simple:
More information about this can be found HERE.
should return
[root@ns1 ~]# php -v
PHP 5.2.6 (cli) (built: May 5 2008 10:32:59)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
[root@ns1 ~]#
I forget to say that you should restart httpd after upgrade.
Mar 31, 2009 MySQL
In this post, I will present few basic commands for MySQL administration. You’ll see how to create a database, create user, assign a database for specific user, etc. First I suppose that you have root password set and that you know it… (in next posts I will present few steps to set this password or to recover it…)
Log in to mysql console:
[root@hydra mysql]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 248
Server version: 5.0.45 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
Here you can see server version (in this case 5.0.45). With next command you can see all databases
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| birds |
| mysql |
| private |
| bdd1 |
| test |
+--------------------+
6 rows in set (0.05 sec)
mysql>
If you want to create a new database, enter next command (remember that all SQL commands must be terminated with ; )
mysql> create database db1;
Query OK, 1 row affected (0.00 sec)
Now we need to assign a user to newly created database. Also, we need to grant him all privileges for this database but restrict access and operations on another databases (except test database)
mysql> CREATE USER 'db1'@'localhost' IDENTIFIED BY 'db1pass';
Query OK, 0 rows affected (0.02 sec)
mysql> GRANT ALL PRIVILEGES ON db1.* TO 'db1'@'localhost' IDENTIFIED BY 'db1pass';
Query OK, 0 rows affected (0.01 sec)
mysql> quit;
Bye
After this you can repeat step from the beginning and test new user account. In next posts I will present phpMyadmin
Mar 23, 2009 DNS
BIND, or Berkley Internet Name Domain, is an Internet naming system used for DNS, which allows you to find the sites you are looking for. BIND contains entries for DNS names, so for example, if you type www.bla.com into your browser, the record tells your browser at what IP address to find the site. If you need to test BIND version running on DNS server, you can use next commands:
Windows
nslookup -q=txt -class=CHAOS version.bind 192.168.51.250
Linux
#dig -t txt -c chaos VERSION.BIND @192.168.51.250
After this, you should get next answers
Windows
Server: my.server.net
Address: 192.168.51.250
version.bind text =
"9.3.4-P1"
version.bind nameserver = version.bindThe Linux users will have more details about server
[root@server ~]# dig -t txt -c chaos VERSION.BIND @192.168.51.250
; <<>> DiG 9.3.4-P1 <<>> -t txt -c chaos VERSION.BIND @192.168.51.250
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44906
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;VERSION.BIND. CH TXT
;; ANSWER SECTION:
VERSION.BIND. 0 CH TXT "9.3.4-P1"
;; AUTHORITY SECTION:
VERSION.BIND. 0 CH NS VERSION.BIND.
;; Query time: 54 msec
;; SERVER: 192.168.51.250#53(192.168.51.250)
;; WHEN: Mon Mar 23 20:09:57 2009
;; MSG SIZE rcvd: 65
To hide your version of bind, add the following value to named.conf (now the commands shown above won’t return Bind version)
options {
.....
version "[SECURED]";
};Save named.conf and restarted named.
Remember the fact that Bind is the most popular Internet naming system but not the only one…
Mar 7, 2009 Other
# nano hello.sh
#!/bin/bash
STR='Hello World!'
echo $STR
# chmod +x hello.sh
[me@star ~]# ./hello.sh
Hello World!
