howto

Generic category for all howto posts

SpamAssassin + Razor + Pyzor on Debian 6/Ubuntu

September 22, 2011

by Kura in debian, howto, mail, postfix, ubuntu

This is part 4 of my series on configuring a mail server, please see part one, part two and part three if you're not familiar with them.

The content of this article was written to work with the previous three articles but should work on any SpamAssassin set-up.

Razor

First off we need to install Razor.

apt-get install razor

Now we need to run three commands to register and configure Razor.

razor-admin -home=/etc/spamassassin/.razor -register razor-admin -home=/etc/spamassassin/.razor -create razor-admin -home=/etc/spamassassin/.razor -discover

These 3 commands should be pretty self More >

email mail postfix pyzor razor spam spamassassin

Debian/Ubuntu upgrade security packages only – a better way to do it

September 21, 2011

by Kura in debian, howto, ubuntu

I have created a scripts that handle these tasks for you, available here.

First thing we need to do is create an sources list specifically for security.

sudo grep "-security" /etc/apt/sources.list | sudo grep -v "#" > /etc/apt/security.sources.list

Now that this is done we can simply continue to use the command below to trigger security-only upgrades

sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list

Note

This will work until you upgrade your distro (e.g. 10.04 -> 12.04), at which point you will need to re-run the first command to regenerate the security.sources.list More >

apt debian security ubuntu upgrades

Postfix + DK (DomainKeys) + DKIM + SPF on Debian 6/Ubuntu

September 17, 2011

by Kura in debian, howto, mail, postfix, ubuntu

This is part 3 of my guide to getting a mail server configured with all the sexy bits to improve deliverability, spam and virus protection.

Part 1 can be found here and part 2 here.

The key pair

We need to create a key pair to sign emails with

openssl genrsa -out private.key 1024

openssl rsa -in private.key -out public.key -pubout -outform PEM

mkdir /etc/dk/

cp private.key /etc/dk/dk.key

Now we can move on to DK and DKIM signing, make sure you keep the public key for later.

DKIM

First we'll need to install an application to sign our emails.

apt-get install dkim-filter

Once installed we need More >

debian dk dkim domainkeys email mail postfix spf ubuntu

Postfix + SpamAssassin + ClamAV + Procmail on Debian 6/Ubuntu

September 16, 2011

by Kura in debian, howto, mail, postfix, ubuntu

This is part 2 of my series on mail servers on Debian 6/Ubuntu 10.04, it should work on other versions of each though. For part 1, go here.

SpamAssassin

First off we'll get SpamAssassin installed and configured.

apt-get install spamassassin

We'll be configuring SpamAssassin as a daemon that Postfix interfaces with using spamc.

SpamAssassin on Debian and Ubuntu runs as root which is NOT a good thing so we'll need to make some changes.

We'll add a group called spamd with GID 5001.

groupadd -g 5001 spamd

Next we add a user spamd with UID 5001 and add it to the spamd group, as well as set it's More >

clamav clamsmtp debian email mail postfix procmail spamassassin ubuntu

Postfix + Dovecot (IMAP/IMAPS) + SASL + Maildir on Debian 6/Ubuntu

September 15, 2011

by Kura in debian, howto, mail, postfix, ubuntu

This guide is part 1 of what I plan will be a couple of guides that take you through installing a base mail system, SpamAssassin, DKIM and much more. Stay tuned.

This guide was written for Debian 6 but should be the same or similar for Debian 5 and Ubuntu 10.04 and above.

The installation

apt-get install dovecot-imapd postfix sasl2-bin libsasl2-2 libsasl2-modules

Choose "Internet site" when prompted and enter the fully qualified name of your server.

Once all this is done installing we'll need to make some changes, first off will be Postfix.

Postfix

Open up /etc/postfix/main.cf and add the More >

debian dovecot email imap imaps mail maildir postfix sasl ubuntu

Installing kernel headers for current kernel version with ease on Debian/Ubuntu

September 15, 2011

by Kura in debian, howto, ubuntu

This is a simple one but I found out that there are people out there that don't know about it, so here we go.

apt-get install linux-headers-$(uname -r)

This will install kernel headers for your current active kernel on Debian/Ubuntu.

apt apt-get debian headers kernel ubuntu

nginx log real IP from Pound

August 10, 2011

by Kura in apache, debian, howto, nginx, pound, ubuntu

Recently I started using Pound as a load balancer to a cluster of nginx servers and found my access logs were filled with the IP address of the load balancer. I did some digging and found the correct way to "fix" this.

First thing you need to do is make sure you remove X-Forwarded-For from Pound

ListenHTTP

... snip ...

... snip ...

HeadRemove "X-Forwarded-For"

End

Once this is done, reload Pound.

Next you need nginx compiled with realip module - http://wiki.nginx.org/NginxHttpRealIpModule

On Ubuntu/Debian servers this module comes by default, otherwise you may have to compile it in yourself More >

apache load balancer nginx pound reaip x-forwarded-for

Shared VMDKs on ESX vSphere

July 9, 2011

by Kura in howto, vmware

I'd first like to point out that although the VMDKs are shared between hosts using a shared SCSI BUS they are not synched, meaning that if you write to the mounted point on any machine it will not display on other machines with the same mount point until you remount the drive. Annoying, but understandable.

To business.

First off all machines that you want to share this VMDK with will need to be OFFLINE.

Next up we create the VMDK, I find it easiest to do this by adding hardware to an already existing machine, I'm going to use one that I want the VMDK shared with to make it even More >

esx iscsi scsi shared vmdk vmdk vmware

Logging Google Analytics cookies with nginx

June 5, 2011

by Kura in debian, howto, nginx, ubuntu

I was recently tasked with adding Google tracking cookies to our nginx logging for a couple of sites. It was so it could be pushed through a log processor.

It turned out too be a little trickier than it would have been with Apache, but the process itself is still quite simple.

Open up the server definition you wish to add it to and add a custom log format like below:

log_format g-a '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" More >

google analytics logging nginx

SSH Tunnelling

February 14, 2011

by Kura in howto, ssh

Quite a simple one:

ssh -f USER@INTERMEDIATE_DEVICE -L LOCAL_PORT:DESTINATION_DEVICE:DESTINATION_PORT -N

-f tells ssh to go to background

-L binds a local port to a remote device and port

-N tells ssh not to execute any commands

So use this to tunnel from local port 8000 in to a remote machine on port 22 you'd use

ssh -f user@server.test.com -L 8000:server.destination.com:22 -N

Once the tunnel is open you can use the following to ssh or scp data around

ssh localhost -p 8000

scp -P 8000 /path/to/local/file user@localhost:~

scp -P 8000 user@localhost:/path/to/remote/file .

I use ssh tunnels all More >

ssh tunnel

Show Older Posts

UK residents sign this HM Govt e-petition
Search Website
- Tags
- Archives
- Calendar
- Blogroll
- Recent Comments
apache apache2 apt apt-get backup cache crt debian denyhosts dkim domainkeys email esx find howto linux load balancing mail mod_ssl mysql nagios networking nginx partition pem php postfix pound python security spam ssh ssl ubuntu vmware wordpress
March 2012 (2)

February 2012 (1)

January 2012 (1)

December 2011 (4)

October 2011 (2)

September 2011 (11)

August 2011 (1)

July 2011 (1)

June 2011 (1)

February 2011 (1)

December 2010 (1)

October 2010 (1)
« Mar
May 2012
M T W T F S S

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31
A bit of stuff
Apache HTTPD
Code in the Hole
Debian
nginx
Python
Ubuntu
Web 2.5
Dan Burns I'm getting: /usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line 30: bad field countpostfix/postfix-script: fatal: cannot execute […] 3 days ago
Μανώλης Καμηλάκης thnx for that, just what I needed for a basic www service, and private ssh 1 week ago
Brian Have you ever seems this to the point where the load would rocket to 300 or 250 and become non responsive? this is what is happening to […] 2 weeks ago
Kura What version of Postfix? 2 weeks ago
Kura That really depends on how your server is configured to be honest. 2 weeks ago
Show More
About
Software
Tweets
Subscribe
Outbound: Non blogs
Outbound: Blogs
QR

howto

May 2012

About

Software

Tweets

Subscribe

Outbound: Non blogs

Outbound: Blogs

QR