Miscellaneous Linux Stuff

Ubuntu Linux Specific Guides
Post Reply
User avatar
dedwards
Site Admin
Posts: 69
Joined: Wed Mar 15, 2006 8:28 pm
Contact:

Miscellaneous Linux Stuff

Post by dedwards » Mon Oct 11, 2010 12:41 pm

Get system drive and partitions:

Code: Select all

lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT


Get Network Adapter Link speed:

Code: Select all

dmesg | grep -i eth0


Find out which directory on the server is taking up all the space

Code: Select all

cd /
du -h --max-depth=1


Install/Re-Install Grub

Install on the MBR of a drive

Code: Select all

sudo grub-install /dev/sdx

Where "x" is the drive number.

Find the UUID of a disk drive in order to enter in /etc/fstab

Code: Select all

ls -l /dev/disk/by-uuid


Create EXT4 filesystem
Assuming drive is /dev/sda:

Code: Select all

mkfs.ext4 /dev/sda1


Create /etc/fstab entry for XFS filesystem

Code: Select all

UUID=0b7f3f5a-876b-4c7b-88f9-d2ea506d01eb /mnt/raid xfs defaults,noatime,allocsize=512m,logbufs=8 0 2


Get device file system (Ensure device is mounted)

Code: Select all

sudo df -T


Delete contents of a file

Code: Select all

/bin/echo -n index.txt


24. Install and configure getadsmtp.pl (Optional)

If you are planning on putting this relay in front of an Exchange server, there is an easy way of pulling all of the smtp addresses from active directory and parsing them in the "/etc/postfix/relay_recipients" so you don't have to type them in manually.

First, install "libnet-ldap-perl" package:

Code: Select all

sudo apt-get install libnet-ldap-perl


Next, create the "getadsmtp.pl" script under "/usr/sbin":

Code: Select all

sudo vi /usr/sbin/getadsmtp.pl


Next paste the following:

Code: Select all

#!/usr/bin/perl -T -w

# Version 1.02

# This script will pull all users' SMTP addresses from your Active Directory
# (including primary and secondary email addresses) and list them in the
# format "user@example.com OK" which Postfix uses with relay_recipient_maps.
# Be sure to double-check the path to perl above.

# This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
# type "perl -MCPAN -e shell" and then "install Net::LDAP"

use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );

# Enter the path/file for the output
$VALID = "/etc/postfix/example_recipients";

# Enter the FQDN of your Active Directory domain controllers below
$dc1="domaincontroller1.example.com";
$dc2="domaincontroller2.example.com";

# Enter the LDAP container for your userbase.
# The syntax is CN=Users,dc=example,dc=com
# This can be found by installing the Windows 2000 Support Tools
# then running ADSI Edit.
# In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" &
# you will see, for example, DC=example,DC=com (this is your base).
# The Users Container will be specified in the right pane as
# CN=Users depending on your schema (this is your container).
# You can double-check this by clicking "Properties" of your user
# folder in ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
# which would be $hqbase="cn=Users,dc=example,dc=com"
# Note:  You can also use just $hqbase="dc=example,dc=com"
$hqbase="cn=Users,dc=example,dc=com";

# Enter the username & password for a valid user in your Active Directory
# with username in the form cn=username,cn=Users,dc=example,dc=com
# Make sure the user's password does not expire.  Note that this user
# does not require any special privileges.
# You can double-check this by clicking "Properties" of your user in
# ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
# which would be $user="cn=user,cn=Users,dc=example,dc=com"
# Note: You can also use the UPN login: "user\@example.com"
$user="cn=user,cn=Users,dc=example,dc=com";
$passwd="password";

# Connecting to Active Directory domain controllers
$noldapserver=0;
$ldap = Net::LDAP->new($dc1) or
   $noldapserver=1;
if ($noldapserver == 1)  {
   $ldap = Net::LDAP->new($dc2) or
      die "Error connecting to specified domain controllers $@ \n";
}

$mesg = $ldap->bind ( dn => $user,
                     password =>$passwd);
if ( $mesg->code()) {
    die ("error:", $mesg->code(),"\n","error name: ",$mesg->error_name(),
        "\n", "error text: ",$mesg->error_text(),"\n");
}

# How many LDAP query results to grab for each paged round
# Set to under 1000 for Active Directory
$page = Net::LDAP::Control::Paged->new( size => 990 );

@args = ( base     => $hqbase,
# Play around with this to grab objects such as Contacts, Public Folders, etc.
# A minimal filter for just users with email would be:
# filter => "(&(sAMAccountName=*)(mail=*))"
         filter => "(& (mailnickname=*) (| (&(objectCategory=person)
                    (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
                    (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
                    (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
                    (objectCategory=group)(objectCategory=publicFolder) ))",
          control  => [ $page ],
          attrs  => "proxyAddresses",
);

my $cookie;
while(1) {
  # Perform search
  my $mesg = $ldap->search( @args );

# Filtering results for proxyAddresses attributes 
  foreach my $entry ( $mesg->entries ) {
    my $name = $entry->get_value( "cn" );
    # LDAP Attributes are multi-valued, so we have to print each one.
    foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) {
     # Test if the Line starts with one of the following lines:
     # proxyAddresses: [smtp|SMTP]:
     # and also discard this starting string, so that $mail is only the
     # address without any other characters...
     if ( $mail =~ s/^(smtp|SMTP)://gs ) {
       push(@valid, $mail." OK\n");
     }
    }
  }

  # Only continue on LDAP_SUCCESS
  $mesg->code and last;

  # Get cookie from paged control
  my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
  $cookie    = $resp->cookie or last;

  # Set cookie in paged control
  $page->cookie($cookie);
}

if ($cookie) {
  # We had an abnormal exit, so let the server know we do not want any more
  $page->cookie($cookie);
  $page->size(0);
  $ldap->search( @args );
  # Also would be a good idea to die unhappily and inform OP at this point
     die("LDAP query unsuccessful");
}
# Only write the file once the query is successful
open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";
print VALID @valid;
# Add additional restrictions, users, etc. to the output file below.
#print VALID "user\@example.com OK\n";
#print VALID "user1\@example.com 550 User unknown.\n";
#print VALID "bad.example.com 550 User does not exist.\n";

close VALID;


This script was created by a gentleman named Christ Covington. The script can also be found in its entirety at:

http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl

Change the following entries in the file:

Code: Select all

$VALID = "/etc/postfix/example_recipients";


This must be changed to the actual relay_recipients file in your configuration. For this particular example I changed it to

Code: Select all

$VALID = "/etc/postfix/relay_recipients";


in order to match the "relay_recipient_maps = hash:/etc/postfix/relay_recipients" entry in the "/etc/postfix/main.cf" entry from the instructions above.

Next you will need to enter either the Fully Qualified Domain Name (FQDN) of your Active Directory Domain Controller or you can enter the DC's local IP address(es). You may have to do the latter if your DC uses the "yourdomain.local" naming scheme since your spamfilter would not be able to resolve this address (unless you explicitly tell it). In any event, depending on your situation, this parameter may need some tweaking in order for the spamfilter to "talk" to the DC. If you only have one DC, make sure that both $dc1 and $dc2 lines are set with the same FQDN or IP address of your one and only DC. Change the lines that say:

Code: Select all

$dc1="domaincontroller1.example.com";
$dc2="domaincontroller1.example.com";


Next, you will need to determine and enter the LDAP container of your user base. To do this you should download and install the Windows 2000/2003 Support Tools and install them on your AD DC. The tools are usually located under the /Support/Tools directory of your Windows 2000/2003 Server installation CD if you don't want to download them. Once you install the support tools, goto your Exchange server and click on Start/Run and then type in "mmc". You should be
presented with the windows root console. Click on File and then "Add/Remove Snap-In". In the next window click on the "Add" button. In the following "Add Remove Standalone Snap-In" you should see a list of already installed snap-ins. If you installed the support tools correctly, you should see the "ADSI Edit" snap in. Click on it, and then click on "Add" and then click on "Close" and then "Ok". You should have the ADSI Edit snap-in under the Console Root window. Right-Click on ADSI Edit and then click on "Connect To". On the next window just click "OK". Now under the ADSI Edit in your Console Root you should see your domain. Expand the domain tree, then expand the "DC=" tree and then click on the "CN=" tree that contains your Exchange users. Unless you moved your users around different containers in your AD, this is most probably the "CN=Users" tree. Now on the label of your console root window. It should something similar to this:

Code: Select all

"Console Root\ADSI Edit\Domain [yourdc.yourdomain.tld]\DC=yourdomain,DC=tld\CN=users"


where yourdc.yourdomain.tld is the FQDN of your DC. So, on the getadsmtp.pl line below, change the default values to the values of your domain using the settings you got from above:

Code: Select all

$hqbase="cn=Users,dc=example,dc=com";


Next, you will need to enter a username and password for a user in your Active Directory. This user does not need any special privileges but you should make sure that the user's password is set to not expire. The format of the user should be entered as "cn=username,cn=Users,dc=example,dc=com". Again, I suggest you read the comments in the getadsmtp.pl script carefully. Note that because you are entering a password here in clear text, I would make sure that this script is only readable by root. Once you have the information you need, change the lines:

Code: Select all

$user="cn=user,cn=Users,dc=example,dc=com";
$passwd="password";


to the appropriate values.

* Please note that if the password you use contains the $ sign (and perhaps others? I am not familiar with perl really, but some characters such as $ and probably also quotes have special meaning) you will have to escape them appropriatly with the backslash or perl will complain. For exaple, if your password is: pa$$word, you would have to enter: pa\$\$word here.

Once you have made all the changes to the getadsmtp.pl script you should save it.

Now, make the script executable and test out the script and see if it works:

Code: Select all

sudo chmod 755 /usr/sbin/getadsmtp.pl


Execute the script:

Code: Select all

sudo /usr/sbin/getadsmtp.pl


If the script ran successfully, you should now have all the smtp addresses from your Exchange server in the "/etc/postfix/relay_recipients" file. Verify as follows:

Code: Select all

less /etc/postfix/relay_recipients


You should get an output similar to the one below except yours should hopefully be filled with valid smtp addresses:

Code: Select all

user1@domain.com OK
user2@domain.com OK
user2@domain2.com OK


25. Install and configure Postgrey (Optional)

Postgrey is a great anti-spam fighting tool. Postgrey introduces a delay by rejecting all incoming email. The email gets rejected with a code of 450 which basically tells delivering email servers to try delivering email at a later time. Properly configured email servers will attempt to re-deliver the email at a later time. Spammers on the other hand, most of the time will not try to re-deliver the email since they deliver so much email and they don't have the luxury to re-attempt delivery and most of the time their email servers are not properly configured. By default we set postgrey for a delay of 5 minutes. Once an outside server has waited the proper amount of time, the email is allowed to be delivered and that senders email address goes in Postgrey's whitelist for a specified period of time so subsequent email deliveries from that sender will not have to wait the 5 minutes each time.

Install Postgrey:

Code: Select all

sudo apt-get install postgrey


Accept all dependencies

Next edit the "vi /etc/default/postgrey" file:

Code: Select all

sudo vi /etc/default/postgrey


Set the "POSTGREY_OPTS=" entry as follows:

Code: Select all

POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=300"


where the "--delay=300" is the delay period in seconds. Of course you can adjust that as necessary but keep in mind your email recipients may get very annoyed if they have to wait prolonged periods of time for their email.

Add the following entry in order for Postgrey to auto whitelist incoming email:

Code: Select all

OPTIONS="$OPTIONS --auto-whitelist-clients"


Uncomment and adjust the text to your liking in the following entry:

Code: Select all

POSTGREY_TEXT="Recipient address rejected. Your email has been greylisted. Please try again after 5 minutes"


Save the file and restart Postgrey:

Code: Select all

sudo /etc/init.d/postgrey restart



Next configure Postfix to use Postgrey by editing the "smtpd_recipient_restrictions" entry in "/etc/postfix/main.cf" file and adding "check_policy_service inet:127.0.0.1:10031" at the end of it:

Code: Select all

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, check_policy_service inet:127.0.0.1:10023


26. Install and configure fetchmail (Optional)

Install fetchmail:

Code: Select all

sudo apt-get install fetchmail


Accept all dependencies

Edit "/etc/default/fetchmail":

Code: Select all

sudo vi /etc/default/fetchmail


Change:

Code: Select all

START_DAEMON=no


to

Code: Select all

START_DAEMON=yes


Add new user configurations as needed:

EXAMPLE 1: Fetch from gmail via secure POP3

Code: Select all

poll pop.gmail.com proto pop3 port 995 user 'yourusename@gmail.com' password 'yourpassword' smtpname 'user@yourdomain.tld' keep smtphost 192.168.xxx.xxx antispam 501 ssl


Where "yourusename@gmail.com" is your gmail username, "yourpassword" is your gmail password "user@yourdomain.tld" is the email address for your relay server to deliver the fetched email, "keep" tells fetchmail to keep the email at the gmail account instead of deleting it, "smtphost 192.168.xxx.xxx" is the email server to relay the email and "antispam" tells fetchmail to run fetched email through the anti-spam mechanism of your relay server.

Restart the fetchmail service:

Code: Select all

sudo /etc/init.d/fetchmail restart




*** SAMPLE SMTPD RESTRICTIONS DIRECTIVES ***

Code: Select all

smtpd_client_restrictions=permit_mynetworks,check_client_access hash:/etc/postfix/client_restrictions

smtpd_helo_restrictions=permit_mynetworks,hash:/etc/postfix/helo_access,warn_if_reject,reject_non_fqdn_hostname,reject_invalid_hostname, reject_unknown_hostname, reject_maps_rbl

smtpd_helo_restrictions=permit_mynetworks,hash:/etc/postfix/helo_access,warn_if_reject,reject_maps_rbl

smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_pipelining,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unauth_destination,reject_unknown_client, reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.mail-abuse.org, check_policy_service inet:127.0.0.1:10031, hash:/etc/postfix/recipient_access, permit

smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_pipelining,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.mail-abuse.org, check_policy_service inet:127.0.0.1:10031, hash:/etc/postfix/recipient_access, permit

smtpd_sender_restrictions=permit_mynetworks,check_sender_access, hash:/etc/postfix/sender_access, reject_unauth_pipelining



*** ENTRIES BELOW ARE WORK IN PROGRESS. DO NOT USE ***

Install and configure pflogsumm

Pflogsumm is a very nice mail reporting utility. It will e-mail a specified recipient the prior day’s activities of your mail server in a very nice and easy to read format. Install pflogsumm as follows:

Code: Select all

sudo apt-get install pflogsumm


Accept all dependencies

Schedule a cron job for pflogsumm in order to get daily reports:

Code: Select all

sudo crontab –e


Enter the following line. This will schedule a daily report at 6 a.m. Obviously, adjust to your liking. Under the someone@yourdomain.com should be substituted for a valid e-mail address you want to send the reports to:

perl /usr/sbin/pflogsumm -e -d today /var/log/mail.log | mail -s 'Logwatch for Postfix' computerservices@gmail.com

6 0 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail/info 2>&1 | /bin/mail -s "`uname -n` daily mail stats" root@mail-domain.com
Post Reply