Archive

Posts Tagged ‘Debian’

Count domain in mail.log (Qmail)

February 20th, 2009
No comments

 Powered by Max Banner Ads 
# cat /usr/local/sbin/count_mail_per_domain.sh
#!/bin/bash
logfile=$2
domain=$3
 
case "$1" in
        -t)
	cat $logfile |grep "to remote" | awk '{print $14}'
					| awk -F@ '{ field = $2 }; {print "domain: " field }'
					| sort |uniq -c |sort -nr
					| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini: "totale;}'
            ;;
 
        -su)
	cat $logfile |grep "to remote"  |grep -i "$domain"
					|awk ' { field = $14 }; {print "to remote: " field }'
					| sort| uniq -c| sort -nr
					| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini per utente: "totale;}'
            ;;
	-s)
        cat $logfile |grep "to remote"  |grep -i "$domain" |awk '{print $14}'
                                        | awk -F@ '{ field = $2 }; {print "to remote domain: " field }'
                                        | sort| uniq -c| sort -nr
                                        | awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini: "totale;}'
 
         ;;
        *)
            echo $"Usage: $0 { -t /var/log/mail.log.0 }  for print total mail for domain "
            echo $"Usage: $0 { -su /var/log/mail.log.0 domain.com } for print total mail for single domain per user"
            echo $"Usage: $0 { -s /var/log/mail.log.0 domain.com } for print total mail for single domain"
            exit 1
 
esac

for more tips visit qmail relay to smarthost

Fabio Laganà Debian, Mailserver, Qmail, Shell, Uncategorized, awk, bash , , , , ,

Creating an SSL-certificate for my webserver

November 12th, 2008
No comments 
#!/bin/sh
SERVER=ssl.mioserverweb.dominio
PRIVATE_KEY=$SERVER.private.key
CERTIFICATE_FILE=$SERVER.crt
VALID_DAYS=365
 
echo Delete old private key
rm $PRIVATE_KEY
echo Create new private/public-keys without passphrase for server
openssl genrsa -out $PRIVATE_KEY 2048
 
echo Create selfsigned certificate
rm $CERTIFICATE_FILE
# From man req:
#  -x509
#    this option outputs a self signed certificate instead
#    of a certificate request. This is typically used to
#    generate a test certificate or a self signed root CA.
#    The extensions added to the certificate (if any) are
#    specified in the configuration file.
 
openssl req -new 
        -days $VALID_DAYS 
        -key $PRIVATE_KEY 
        -x509 
        -out $CERTIFICATE_FILE
 
echo private-keyfile is $PRIVATE_KEY
echo server-certificate-file is $CERTIFICATE_FILE
 
ls -l $PRIVATE_KEY $CERTIFICATE_FILE

Fabio Laganà Debian, Linux, SSL, bash , , , ,

Update Expired SSL Certs

October 29th, 2008
No comments 
- Farsi una copia del vecchio certificato
cd /etc/ssl/certs
cp -ap pop3ss.pem pop3s.pem.scaduto
 
- Ricreazione nuovo certificato
cd /etc/ssl
openssl req -new -x509 -nodes -days 3650 -newkey rsa:1024 -keyout private/pop3s.key -out pop3s.cert
touch certs/pop3s-new.pem
chmod 600 certs/pop3s-new.pem
cat private/pop3s.key pop3s.cert > certs/pop3s-new.pem
dd if=/dev/urandom count=2 | openssl dhparam -rand - 512
pico certs/pop3s-new.pem
chown vpopmail certs/pop3s-new.pem
cd certs
mv pop3s-new.pem pop3s.pem
 
-- rollback in caso qualcosa andasse storto --
mv pop3s.pem.scaduto pop3s.pem

Fabio Laganà SSL, bash , , , ,

Bash script for checking mysql problem by reading daemon.log

August 6th, 2008
No comments 
#!/bin/bash
 
### Checking del daemon.log per eventuali problemi sul DB MySQL
# rel. 0.3 - 01 Agosto 2008
 
# time_to_check_min=`date +"%b %d %k:%M" -d "-1 min"`
# time_to_check_hour=`date +"%b %d %k:%M" -d "-1 hour"`
file_to_check=/var/log/daemon.log
tmp_file=/tmp/info.tmp.01.$$
tmp_file1=/tmp/info.tmp.02.$$
host=`cat /etc/hostname`
semaphore=/tmp/.flag_checking_daemon_log
 
daemon=mysql
 
if [[ -e $semaphore ]];
  then
    echo "checking for mysqld....Nothing to do ....another cron is still working"
  else
    touch $semaphore
if [[ `date +"%d"` < '10' ]]; then
    time_to_check_min=`date +"%b %d %k:%M" -d "-1 min"| sed -r 's/[[:space:]](0)([1-9])[[:space:]]/  2 /'`
    time_to_check_hour=`date +"%b %d %k:%M" -d "-1 hour"| sed -r 's/[[:space:]](0)([1-9])[[:space:]]/  2 /'`
else
    time_to_check_min=`date +"%b %d %k:%M" -d "-1 min"`
    time_to_check_hour=`date +"%b %d %k:%M" -d "-1 hour"`
fi
#echo "checking for ""$file_to_check  $time_to_check_min"
grep "$time_to_check_min" "$file_to_check" > $tmp_file
grep "$daemon" "$tmp_file" > $tmp_file1
if [[ -e $tmp_file1 ]];
    then
        if [[ -s $tmp_file1 ]]; then
            mail -s "Something happening on [ $daemon ] for ""$host" tech-c@bakeca.it < $tmp_file1
        fi
        #remove the tmp_file
        rm -f $tmp_file
        rm -f $tmp_file1
    fi
   #removing the semaphore
   rm -f $semaphore
fi

Fabio Laganà Debian, Linux, Shell, bash, mysql , , , , ,

Install Debian on CF

November 16th, 2006
No comments

dmesg # look for your CF part, mine is hde
cfdisk /dev/hdx #delete all, make a partition, set bootable, write, exit
mkfs.ext3 /dev/hdx1
mkdir /mnt/cf
mount /dev/hdx1 /mnt/cf

debootstrap sarge /mnt/cf # edit /usr/lib/debootstrap/scripts/sarge
# to remove unwanted packages, like man
# cdebootstrap also exists in testing

sync
du -sh /mnt/cf

Fabio Laganà Debian, Linux , ,

SSH dynamic port forwarding with SOCKS

October 26th, 2006
No comments

SSH has numerous uses beyond just logging into a remote system. In
particular, SSH allows you to forward ports from one machine to another,
tunnelling traffic through the secure SSH connection. This provides a
convenient means of accessing a service hosted behind a firewall, or one
blocked by an outgoing firewall.

However, forwarding an individual port still requires you to change
where your program connects, telling it to use a non-standard port on
|localhost| rather than the standard port on the remote machine, and it
requires a separate port forward for each machine you want to access.
Dynamic port forwarding via SOCKS
provides a more convenient alternative.

The examples in this article assume that you reside behind a restrictive
firewall which does not allow outgoing SMTP connections except to a
designated mail server. You want to connect to a different mail server,
|mail.example.net|, on port 25. You have an SSH account on a machine
|shell.example.org|, which does not reside within the restrictive
firewall and can thus access port 25 on |mail.example.net|.

With standard SSH port forwarding, you could enter the command:

ssh -L 2525:mail.example.net:25 shell.example.org

This will forward port 2525 on your machine to port 25 on
|mail.example.net|, by way of |shell.example.org|. You will then need to
configure your mailer to send mail to |localhost|, port 2525, and use
the authentication information for your mail account on
|mail.example.net|. For example, in Thunderbird^WIcedove, you could add
an additional outgoing mail server via Edit->Preferences, “Outgoing Mail
Server (SMTP)”, “Add…”, and either set it as the default or explicitly
set your mail account to use that server. You can then send your mail,
which will potentially (if you use secure authentication with
|mail.example.net|) give you a security warning about |localhost|
presenting a certificate for |mail.example.net|, and then prompt you for
your account password. After you have finished sending all the mails you
want to send, you can then change your outgoing mail server back to the
previous setting, and exit SSH.

To avoid all this hassle, SSH also supports dynamic port forwarding via
SOCKS. SOCKS defines a standard mechanism for a client to connect to a
server by way of a proxy. SSH can serve as the proxy, allowing you to
connect to |shell.example.org| and make connections from there to an
arbitrary server such as |mail.example.net|. Simply run:

ssh -D 1080 shell.example.org

to make the connection to |shell.example.org| and start a SOCKS proxy on
|localhost| port 1080.

In order to make use of the SOCKS proxy, you can either use applications
which can speak SOCKS natively, or you can use a socksifier program like
tsocks. tsocks provides a library used with |LD_PRELOAD|, which replaces
the standard sockets functions like |socket|, |connect|, and |sendto|
with functions that make use of a designated SOCKS proxy. The tsocks
script runs a program with this library loaded. The library will read
|/etc/tsocks.conf| to find out what SOCKS proxy to use. To configure
tsocks to work with an SSH SOCKS proxy on localhost, edit the default
|/etc/tsocks.conf|, change the server variable to 127.0.0.1, and comment
out the path example.

Now that you have tsocks configured, you can run the following whenever
you want to send mail via |mail.example.net|:

ssh -D 1080 shell.example.org
tsocks thunderbird

This will open the SSH-tunnelled SOCKS proxy to |shell.example.org| and
run thunderbird. You can then send mail normally, without changing the
outgoing server configuration, and without seeing any authentication
mismatch warnings.

Fabio Laganà Debian , , , , ,