Friday, July 8, 2011

How to Disable or Enable open relay in sendmail

Sendmail 8.9 and above will disallows relaying by default. By default this will allow relaying from localhost only.
You can edit the sendmail access database  ( /etc/mail/access) and enable or disable open relay.
Default Configuration: 

#vim /etc/mail/access
Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY



You can use host name or ip address in the access database
youordomain.com               RELAY 
spam@buyme.com             550 Spammers not allowed
virus@virusdomain.com    DISCARD

10.10.10                              REJECT

To Reject Mail Form Particular Hoste

rejectserver.com                REJECT
10.10.2.2                             REJECT


Open Relay:
  Open Relay servers will be configured to relay all ip range
By adding the *.* entry in /etc/mail/access you can enable relay for all 

*.*         RELAY
Also by adding your domain name in the /etc/mail/relay-domains you can enable relay form particular domain server.
Now a days most of the mail servers will not allow mails from open relay servers.


To Disable OPEN Relay:
 By allowing relay from only your local ip range and localhost, you can disable the open relay.
127.0.0.1               RELAY
192.168.1              RELAY
If your server is configured with smtp auth or POP-before-SMTP, then you can remove all the relay entries (Even local ip range) in the access database.
It is always better to configure your server with smtp auth or POP-before-SMTP . This will be useful for roaming users also.

Also check /etc/mail/relay-domains and remove all the relay domains


In some cases relaying is allowed even though it isn't intended. This is because of the use of FEATURE(relay_entire_domain) which allows relaying for every system in class m. If class m is wrong, then the system may open up relaying for other hosts in that domain. You have to verify this
echo '$=m' | sendmail -bt -d0.4
Sometimes class m is set wrong to be just a TLD (e.g., com). In this case, fix your hostname to be host.sld.tld instead of sld.tld or change $m, or remove FEATURE(relay_entire_domain) and use other means instead

Open Relay Testing Websites:

http://www.abuse.net/relay.html
http://www.mob.net/~ted/tools/relaytester.php3
http://www.checkor.com/

MX Tool
http://www.mxtoolbox.com/

smtp authentication vs. pop before smtp

Sendmail configuration file location in linux

Sendmail Configuration files are saved in /etc/mail directory by default.

/etc/mail/access     - sendmail access database file
/etc/mail/aliases     - Mailbox aliases
/etc/mail/local-host-names-     Lists of hosts sendmail accepts mail for
/etc/mail/mailer.conf     - Mailer program configuration
/etc/mail/mailertable     - Mailer delivery table
/etc/mail/sendmail.cf     - sendmail master configuration file
/etc/mail/virtusertable - Virtual users and domain tables

Open Source Migration

 Here I have listed out the Open Source products which are replacing the commercial products

1) Mail Server

     Linux Sendmail with cyrus-imap is the good opensource replace for other commercial mailing solutions like Microsoft Exchange , Lotus Notes etc. We can integrate MailScanner and Clam-AV with Sendmail. 


2) Web Server

   Apache web server can be used as a Replace for Microsoft IIS

3) Active Directory

 Fedora DS   Replace Microsoft AD  

4) Proxy Server

    Squid Proxy server is one of the best proxy server. Squid can be configured with lots of Access controls. Content filter, Upload & Download Limit, User Base access, time based access, block list, are the key features.

5) UTM
     Untangle , pfsense
6) Database
     Mysql, 
7) FTP Server
    vsftpd
8) Network Monitoring Tools
     Cacti, zabbix,  
9) Asset Management
     GLPI
10) Bug Tracking
       Bugzilla
11) Web Mail
      Ilohamail, roundcube
12) Other Open source Web based Applications

Mysqld error while starting

After upgrading my fedora11 to fedora 12, mysqld server stopped working and I gets the following error at start up

100702 14:52:37 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
100702 14:53:28 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
100702 14:53:28 [Note] Plugin 'ndbcluster' is disabled.
/usr/libexec/mysqld: Table 'mysql.plugin' doesn't exist
100702 14:53:28 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
100702 14:53:29  InnoDB: Started; log sequence number 0 44233
100702 14:53:29 [ERROR] /usr/libexec/mysqld: unknown option '--skip-bdb'
100702 14:53:29 [ERROR] Aborting

Fix:
After removing the following config entries I was able to start mysqld
and run mysql_upgrade.

#skip-innodb
#skip-bdb
#skip-federated
So I commented out:
#skip-locking
#skip-innodb
#skip-bdb

Now i started MySQL 

#service mysqld start
Starting MySQL:                                            [  OK  ]

Then I run mysql_upgrade

#mysql_upgrade  -uroot -p
#service mysqld restart
And now everything is working fine

How To Install Mysql On Linux

There are multiple ways to install mysql on Linux machine


Installing through Yum:
If your server is on internet and yum repository is enabled, then you can install directly by runing the below command on linux console. 

#yum install -y mysql-server
Installing:
mysql-server                                          x86_64                                        5.1.47-2.fc12
Installing for dependencies:
perl-DBD-MySQL                              x86_64                                        4.016-1.fc12
perl-DBI                                              x86_64                                        1.609-3.fc12
Updating for dependencies:
mysql                                                 x86_64                                        5.1.47-2.fc12
mysql-libs                                            x86_64                                        5.1.47-2.fc12


Installing from RPM:
Download the latest mysql-server rpm from rpm.pbone.net
You may need to download and install the dependency packages (mysql-libs, mysql, perl-DBD-MySQL, perl-DBD )before installing mysql-server 
Transfer the downloaded file to the server using winscp or some other file transfer method
#rpm -ivh  mysql-libs* mysql* perl-DBD-MySQL* perl-DBD*
#rpm -ivh mysql-server*


Initial Configurations: 
After installing the mysql using one of the above method, you can start mysql with the default my.cnf settings
#service mysqld start


To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
/usr/bin/mysqladmin -u root password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation

Default my.cnf file 
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1

# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0

# To allow mysqld to connect to a MySQL Cluster management daemon, uncomment
# these lines and adjust the connectstring as needed.
#ndbcluster
#ndb-connectstring="nodeid=4;host=localhost:1186"

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[ndbd]
# If you are running a MySQL Cluster storage daemon (ndbd) on this machine,
# adjust its connection to the management daemon here.
# Note: ndbd init script requires this to include nodeid!
connect-string="nodeid=2;host=localhost:1186"

[ndb_mgm]
# connection string for MySQL Cluster management tool
connect-string="host=localhost:1186"


How to Set mysql root password:
By default there will be no password set for mysql admin (root). Now you can set root password using the below command 
#/usr/bin/mysqladmin -u root password 'new-password' 
#mysqladmin -u root password mysqlpasswd 
Now you can login to mysql server using the below commands
#mysql -u root -p  

How to reset mysql root password in linux | Fedora | Redhat

Using the below simple steps, you can reset your mysql root password.

1) Stop mysql server:
#service mysqld stop

2)Start mysql server in safe mode:
Now you have to start the mysql in safe mode with the following option
#mysqld_safe --user=mysql --skip-grant-tables --skip-networking &

3)Login to mysql server without password:
Now you have to login to mysql server without password Using mysql Root User
#mysql -u root mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.47 Source distribution
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>

4)Reset mysql root password:
Run the below command without any mistake ( semicolon is a must )
mysql> UPDATE user SET Password=PASSWORD(‘newrootpassword’) WHERE User=’root’;
mysql> flush privileges;
mysql> exit


5) Restart mysql server:
#service mysqld restart

6) Login to MySQL With the New Password:
root@server ]# mysql -u root -p
Enter password:
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

How to Create Database in Mysql

Login to your mysql server through console remote shell(putty)

If you want to create a database name = mytestdb and grant permission for user = testuser with password = testpasswd
database name = mytestdb
User Name = testuser
Password  = testpasswd


#mysql -u root -p ( enter the mysql root password)
mysql> create database mytestdb;
mysql> grant all privileges on mytestdb.* to testuser@localhost identified by 'testpasswd';
mysql> FLUSH PRIVILEGES;

mysql>show databases;
mysql> exit
 


This will create mytestdb and enable access for testuser form localhost
If you want to connect mysql form remote server, then replace localhost with your remote server ip

How to upgrade MailScanner

To upgrade MailScanner from older version to newer version, you can follow the below simple steps. 

Pre-Request: 
 Download the latest version of mailscanner rpm package from www.mailscanner.info website and transfer the file to your MailServer.


Step 1 
MailScanner Upgradation 
Login to your MailServer using remote shell and go to the file location

#rpm -qa mailscanner
#tar -xvzf MailScanner-4.79.11-1.rpm.tar.gz
#cd MailScanner-4.79.11-1
#./install.sh
For more installation  methods, you can read the README file
Up-gradation will take some more time. After the successful completion of installation, you will receive the success message.
 

Step 2
Upgrade your MailScanner config file 
To upgrade your MailScanner.conf and languages.conf files automatically, you have to run the below two scripts
    upgrade_MailScanner_conf
    upgrade_languages_conf

#cd /etc/MailScanner
#upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new
This will upgrade the excising config file to newer one. Once you have checked that MailScanner.new contains what you want, you can then save your old one and move the new one into place, using commands like these:

#mv -f MailScanner.conf MailScanner.old
#mv -f MailScanner.new  MailScanner.conf

Step 3

Upgrade Language Script.
#cd /etc/MailScanner/reports/en
#upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new
#mv -f languages.conf languages.old
#mv -f languages.new  languages.conf



Step 4
Restart the MailScanner service and verify the rpm version
#service MailScanner restart
#rpm -qa mailscanner

Linux Terminal Server Config

Below you can find the sample lts.conf file for USB keyboard and USB mouse

[default]
#X_COLOR_DEPTH=16
X_COLOR_DEPTH=24
LOCALDEV=True
SOUND=True
NBD_SWAP=True
SYSLOG_HOST=server
XKBLAYOUT=us
LDM_GLOBAL_DMRC=/etc/ltsp/ldm-global-dmrc

# XKBLAYOUT=us
#LDM_NUMLOCK=true
# X_COLOR_DEPTH=24
X_MODE_0=1024x768
SCREEN_01=shell
#SCREEN_02=shell
#SCREEN_03=rdesktop
#SCREEN_04=shell
#SCREEN_05=shell
#SCREEN_06=shell
SCREEN_07=shell
#VOLUME=90
#p
#HEADPHONE_VOLUME=90
#PCM_VOLUME=90
#CD_VOLUME=90
#FRONT_VOLUME=90
#TIMEZONE=UTC
#TIMESERVER=clock.redhat.com
#LOCAL_APPS_MENU=True
#LOCAL_APPS_WHITELIST="/usr/bin/foo /usr/bin/bar"

# LDM_DIRECTX=yes is very insecure, but it is faster and more scalable
LDM_DIRECTX=yes
# LDM_DEBUG=yes writes to /var/log/ldm.log during client runtime
LDM_DEBUG=yes


[00:50:56:ac:06:da]
#PRINTER_0_DEVICE=/dev/usblp0
#XSERVER = auto
SCREEN_03=rdesktop -f -a 24 -g 1024x768 -N 10.0.0.1
SCREEN_04=kdm
SCREEN_05=ltsp-localapps /usr/bin/kdm
X_COLOR_DEPTH=24
X_MODE_0=1024x768

#for USB mouse and keyboard
[00:1E:43:de:06:63]

SCREEN_02=rdesktop -f -a 24 -g 1680x1050 -N 10.0.0.2
X_COLOR_DEPTH=24
X_MODE_0=1680x1050
# X_MODE_0=1280x1024
# X_MODE_0=1024x768
MODULE_01 = usb-uhci
MODULE_02 = usbmouse
MODULE_03 = mousedev
MODULE_04 = usbkbd
MODULE_05 = keybdev
MODULE_06 = usbcore
X_MOUSE_DEVICE = "/dev/input/mice"
X_MOUSE_PROTOCOL = "IMPS/2"

[00:1E:43:de:06:6d]

MODULE_01 = usb-uhci
MODULE_02 = usbmouse
MODULE_03 = mousedev
MODULE_04 = usbkbd
MODULE_05 = keybdev
MODULE_06 = usbcore
X_MOUSE_DEVICE = "/dev/input/mice"
X_MOUSE_PROTOCOL = "IMPS/2"
X_MODE_0=1024x768
X_COLOR_DEPTH=24
SCREEN_02=rdesktop -f -a 24 -g 1024x768 -N 10.0.0.3