2010 – KutuKupret colorful website

Postfix Randomizing Outgoing IP Using TCP_TABLE And Perl

This time i’ll show you how to randomize your smtp outbound’s IP addresses. This can be done via transport map. But, since ordinary Postfix lookup tables store information as (key, value) pairs. it will provide static value only. we need someting that can manipulate the value (right hand side) of a lookup table. In order to answer random transport value.

first come to mind was tcp_tables, tcp_tables lookup table gives some flexibility for us to execute our tiny perl script that will randomizing transport. that’s the basic idea.

Ok, here’s the first part, create perl script call random.pl, anyway this script only provide answer in “catch-all” manner. so it will randomized, all outgoing mail.

# cd /etc/postfix
# vi random.pl

#!/usr/bin/perl -w
# author: Hari Hendaryanto <hari.h -at- csmcom.com>

use strict;
use warnings;
use Sys::Syslog qw(:DEFAULT setlogsock);

#
# our transports array, we will define this in master.cf as transport services
#

our @array = (
'rotate1:',
'rotate2:',
'rotate3:',
'rotate4:',
'rotate5:'
);

#
# Initalize and open syslog.
#
openlog('postfix/randomizer','pid','mail');

#
# Autoflush standard output.
#
select STDOUT; $|++;

while (<>) {
        chomp;
        # randomizing transports array
        my $random_smtp = int(rand(scalar(@array)));
        if (/^get\s(.+)$/i) {
                print "200 $array[$random_smtp]\n";
                syslog("info","Using: %s Transport Service", $random_smtp);
                next;
        }

	print "200 smtp:";
}

admin December 6, 2010perl, postfix, tcp_table96

perl postfix tcp_table

Postfix header_checks using tcp_table and checkdbl.pl script

Postfix implements the header_checks as built-in content inspection classes while receiving mail. Usually the best performance is obtained with pcre (Perl Compatible Regular Expression) tables or slower regexp (POSIX regular expressions). Googling on the net, i’ve found tiny perl script that can queries to dbl.spamhaus.org, multi.surbl.org, black.uribl.com. ( Sahil Tandon wrote it, based on João Gouveia perl script, i think..)

first download the script

# cd /etc/postfix
# wget http://people.freebsd.org/~sahil/scripts/checkdbl.pl.txt

Rename and make it executable

# mv checkdbl.pl.txt checkdbl.pl
# chmod 755 checkdbl.pl

Edit master.cf add this two lines

127.0.0.1:2526 inet  n       n       n       -       0      spawn
user=nobody argv=/etc/postfix/checkdbl.pl

Make preliminary test, to ensure checkdb.pl sih really spawned and answering our queries

# postfix reload
# telnet 127.0.0.1 2526

admin December 3, 2010header_check, perl, postfix, tcp_table5

amavis antivirus

amavisd-new with AVG 8.5 free Edition for Linux

I’m evaluating the AVG 8.5 free Edition for Linux on Centos 5. It’s fairly easy step to setup. Just download the installer, install, update virus definition database.tweak some avgtcpd’s config and voila!! it’s running smoothly. Here’s the step everyone might want to know.

Download avg 8.5 installer

$ wget -t0 -c http://download.avgfree.com/filedir/inst/avg85flx-r863-a3205.i386.rpm

Install

$ sudo rpm -ivh avg85flx-r863-a3205.i386.rpm

start the service (in this case i was using init.d script)

$ sudo /etc/init.d/avgd start

Verify if avgtcpd is running

$ sudo netstat -pltn | grep avgtcpd
tcp        0      0 127.0.0.1:54321             0.0.0.0:*                   LISTEN      10839/avgtcpd
tcp        0      0 127.0.0.1:54322             0.0.0.0:*                   LISTEN      10839/avgtcpd

Update virus definition database

$ sudo avgupdate

admin November 24, 2010amavis, antivirus, avgNo Comments

nginx

Nginx worker_cpu_affinity

By Default, without setting worker_cpu_affinity directive in nginx.conf, linux kernel will spread all nginx’s worker all over CPUs.

I have 4 logical CPUs on my server, which is CPU0 – CPU3

Cpu0  :  2.9%us,  0.9%sy,  0.0%ni, 88.9%id,  7.2%wa,  0.0%hi,  0.2%si,  0.0%st
Cpu1  :  1.8%us,  0.6%sy,  0.0%ni, 95.3%id,  2.2%wa,  0.0%hi,  0.1%si,  0.0%st
Cpu2  :  2.4%us,  0.7%sy,  0.0%ni, 94.3%id,  2.5%wa,  0.0%hi,  0.1%si,  0.0%st
Cpu3  :  1.9%us,  0.7%sy,  0.0%ni, 96.7%id,  0.6%wa,  0.0%hi,  0.0%si,  0.0%st

Using default setting, nginx’s worker always bind to those 4 logical CPUs. which is has “f” bitmask

# taskset -p 12348
pid 25748's current affinity mask: f
# taskset -p 12349
pid 25749's current affinity mask: f
# taskset -p 12351
pid 25751's current affinity mask: f
# taskset -p 12352
pid 25752's current affinity mask: f
# taskset -p 12353
pid 25753's current affinity mask: f

CPU affinity is represented as a bitmask (given in hexadecimal), with the lowest order bit corresponding to the first logical CPU and the highest order bit corresponding to the last logical CPU.
Examples:

admin November 18, 2010nginx, worker_cpu_affinity7

linux nginx php

How To Make php-fpm Listen On Both Tcp And Unix Socket?

I need to make php-fpm listeing on both tcp/unix socket, and this is how it done.
(this was not pretty workarround i guess, but it work 😀 )
first download php rpm source

$ wget http://centos.alt.ru/pub/php-fpm/5.3.3-2/SRPMS/php-5.3.3-2.el5.src.rpm

Compile and install

$ rpmbuild --rebuild php-5.3.3-2.el5.src.rpm
$ sudo rpm -Uvh /path/to/RPMS/php-*

Configuring the default php-fpm for using tcp socket
Edit www.conf

$ sudo vi /etc/php-fpm.d/www.conf

Find line containing

listen = 127.0.0.1:9000

We can make it listening to port what ever we desire, ie 9001 etc
Start php-fpm first instance

$ sudo service php-fpm start

Configuring php-fpm for using unix socket

$ sudo cp /etc/php-fpm.conf /etc/php-fpm2.conf
$ sudo cp -rp /etc/php-fpm.d /etc/php-fpm2.d

Edit /etc/php-fpm2.conf

include=/etc/php-fpm2.d/*.conf
pid = /var/run/php-fpm/php-fpm2.pid
error_log = /var/log/php-fpm/error2.log

Edit /etc/php-fpm2.d/www.conf

listen = /tmp/php-fpm.sock
php_admin_value[error_log] = /var/log/php-fpm/www-error2.log

admin October 26, 2010linux, nginx, php, tcp, unix socket3

nginx

Nginx, Subdirs Without Trailing Slash

If you set [xml] location /mail/ { fastcgi_pass localhost:8888; ... } [/xml] and request "/mail" then nginx will return external redirect to "/mail/". If you do not want the redirect, then [xml] location = /mail { fastcgi_pass localhost:8888; fastcgi_param SCRIPT_FILENAME $document_root/index.php; fastcgi_param SCRIPT_NAME /index.php; root /var/www; } location /mail/ {…

admin September 16, 2010nginx, Trailing SlashNo Comments

geoip nginx

Nginx, Geo IP and Distributed Server

When you have many networks, which are located far apart and in different location. You want users to access the server closest to their network. town1 users when accessing the main server, the server will diredirect town1.example.com, and the town2's users will be redirected to town2.example.com. [xml] http { geo…

admin September 16, 2010geoip, nginx1

nginx

Nginx, limit website visitor bandwidth by country

First grab this perl script which you will use to convert Maxmind’s geo IP database into a format usable by Nginx. make it executable [bash] $ chmod 755 geo2nginx.pl [/bash] Then download Maxmind’s latest GeoLite country database in CSV format. Unzip it, and run perl script [bash] $ unzip GeoIPCountryCSV.zip…

admin September 16, 2010bandwidth, nginx2

netcat tar

Backup using netcat and tar

On the master/sender: [bash] $ tar cf - directory_to_copy | netcat other_host 10000 [/bash] On the backup/receiver: [bash] $ netcat -l -p 10000 | tar x [/bash]

admin September 16, 2010netcat, tarNo Comments

filesystem linux

Mounting a JFFS2 filesystem in Linux

what is JFFS2? JFFS2 is Journalling Flash File System version 2 or JFFS2 is a log-structured file system for use in flash memory devices. It is the successor to JFFS. JFFS2 has been included in the Linux kernel since the 2.4.10 release. JFFS2 is also available for Open Firmware, the…

admin September 16, 2010filesystem, linuxNo Comments