NTP Server

NTP
[root@server1 ~]# yum install ntp

/usr/sbin/ntpd —> Service
/etc/ntp.conf —> Main File
/etc/ntp/keys —> Contains Encryption keys
/var/lib/ntp/drift —> Hardware clock drift statistic ( A file that will be used to store information about the inaccuracy of the local hardware clock.
/etc/ntp/step-trickers —> Optional server to use for initial clock syncronize at boot
/etc/sysconfig/ntpd —> Passes command-line option to ntpd

Utilities:-
/usr/sbin/ntpdate —> Set the system clock once from NTP Server
/usr/sbin/ntp-genkeys —> Generate a encryption key for Security
/usr/sbin/ntpq —> Standard Ntp query tool
/usr/sbin/ntpdc —> Special Ntp query tool
/usr/sbin/ntptrace —> Trace the chain of NTP Server back to initial time source

At least three Ntp Server as time source use for Organization.

Client Configuration:

[root@server3 ~]# vim /etc/ntp.conf
server 10.10.10.1
driftfile /var/lib/ntp/drift

[root@server ~]# iptables -t filter -I INPUT -p udp –dport 123 -j ACCEPT
[root@server1 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Server Configuration:
[root@server1 ~]# vim /etc/ntp.conf

server 1.asia.pool.ntp.org —> Public NTP Server
peer 10.10.10.2 —> Server Peer
server 127.127.29.0 —> A Trimble GPS (On a serial port)
server 127.127.1.0 —> Motherboard Hardware Clock
fudge 127.127.1.0 stratum 10 —> Which is advertise as high (unreliable) stratum 10-15

[root@server1 ~]# iptables -t filter -I INPUT -p udp –dport 123 -j ACCEPT
[root@server1 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Restrict and Access control:-
[root@server1 ~]# cat /etc/ntp.conf | grep restrict
restrict 10.10.10.2 —> No restriction
restrict 10.10.10.3 ignore —> Ignore all packet from this host
[root@server3 ~]# ntpdate 10.10.10.1
30 Jul 20:00:36 ntpdate[3212]: no server suitable for synchronization found
restrict 10.10.10.0 mask 255.255.255.0 nomodify —> Ignore remote config. request
noquery —> Ignore all status query and config req.

zimbra 80 gb ldap data.mdb

I have found this solution on zimbra forum.

As my experience this is solution is working successfully at first time but when i use this second time, this reduce the ldap database size but ldap service was not started.

for best solution use mdb_copy command which is recommend by zimbra.

# update database size
zmlocalconfig -e ldap_db_maxsize=67108864

# update log size
zmlocalconfig -e ldap_accesslog_maxsize=536870912

# allow time for zmconfigd to apply new setting (as suggested by Quanah)
sleep 90

# stop slapd
ldap stop

# change to database directory
cd /opt/zimbra/data/ldap/mdb/db

# backup database
/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db

# move to .old
mv data.mdb data.mdb.old

# recreate database with new size and restore from backup
/opt/zimbra/openldap/sbin/slapadd -q -b “” -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak

# start slapd
ldap start

# archive original
gzip data.mdb.old

zimbra dns-bl

http://wiki.zimbra.com/wiki/Configuring_and_Monitoring_Postfix_DNSBL

configuring and Monitoring Postfix DNSBL

Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.

zmprov mcf +zimbraMtaRestriction “reject_rbl_client zen.spamhaus.org”

Available DNSBLs

reject_rbl_client cbl.abuseat.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client sbl.spamhaus.org

Monitoring Logs for DNSBL bounces

dnsblcount is a perl script that checks your Postfix mail log for for RBL
rejections. It produces a report tallying rejections per RBL.

Install dnsblcount

Download and install dnsblcount to your /usr/local/bin folder.
Example Output

[zimbra@zimbra01 ~]$ /usr/local/bin/dnsblcount /var/log/zimbra.log
bl.spamcop.net               233
dnsbl.sorbs.net              112
sbl.spamhaus.org               4
=================================
Total DNSBL rejections:       349

The script

For posterity, the dnsblcount script as of 11/3/2007 (but do see if there’s
updates here http://www.joreybump.com/code/dnsblcount/index.html)

#!/usr/bin/perl

# dnsblcount
# version 20061111
# (c) 2004, 2005, 2006 Jorey Bump

# Description:
# Counts DNSBL rejections in Postfix log

# Usage:
# dnsblcount /path/to/maillog
# dnsblcount /path/to/maillog1 /path/to/maillog2
# dnsblcount /path/to/maillogs*
# grep “search string” /path/to/maillog | dnsblcount

# Sample crontab:
# 30 5 * * *    /usr/local/sbin/dnsblcount /var/log/maillog | mail -s
# “$HOSTNAME – DNSBL Count” postmaster

# Sample Postfix 1.1 log lines:
# Mar  6 06:52:03 mail postfix/smtpd[11873]: reject: RCPT from
# unknown[208.61.231.102]: 554 Service unavailable; [208.61.231.102] blocked
# using bl.spamcop.net, reason: Blocked – see
# http://www.spamcop.net/bl.shtml?208.61.231.102; from=<bob@example.net>
# to=<rob@example.com>
# Mar 13 05:47:51 mail postfix/smtpd[28269]: reject: RCPT from
# mail68.example.info[66.63.191.68]: 554 Service unavailable; [66.63.191.68]
# blocked using sbl.spamhaus.org, reason:
# http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12057; from=<bob@example.net>
# to=<rob@example.com>

# Sample Postfix 2.1 log line:
# Apr 17 13:49:07 mail postfix/smtpd[18143]: NOQUEUE: reject: RCPT from
# c-7209e055.1111-2-64736c10.cust.bredbandsbolaget.se[85.224.9.114]: 554
# Service unavailable; Client host [85.224.9.114] blocked using
# bl.spamcop.net; Blocked – see http://www.spamcop.net/bl.shtml?85.224.9.114;
# from=<haqyhakox@example.com> to=<bob@example.net> proto=ESMTP
# helo=<c-7209e055.1111-2-64736c10.cust.example.com>

# Sample postfix 2.3 log line:
# Dec 25 05:41:28 mail postfix/smtpd[14586]: NOQUEUE: reject: RCPT from
# unknown[202.43.175.151]: 554 5.7.1 Service unavailable; Client host
# [202.43.175.151] blocked using bl.spamcop.net; Blocked – see
# http://www.spamcop.net/bl.shtml?202.43.175.151;
# from=<iglkjlpioed@example.com> to=<bob@example.net> proto=SMTP
# helo=<mail.example.com>

# Begin:
use strict;

my ( $dnsbl, $dnsbltotal, $ip, $length, $line, $max,
%dnsblcount
);

my $rule = “=”;
my $totstr = “Total DNSBL rejections:”;
$max = length($totstr);

# read line from stdin
while ($line = <>) {
if ($line =~ /(\[.*\]) blocked using ([^\s]*)(,|;) /) {
$ip = $1;
$dnsbl = $2;
$dnsblcount{$dnsbl} += 1;
$dnsbltotal += 1;
}
}

foreach $dnsbl (sort keys %dnsblcount) {
$length = length($dnsbl);
if ( $length > $max ) {
$max = $length
}
}

foreach $dnsbl (sort { $dnsblcount{$b} <=> $dnsblcount{$a} }
keys(%dnsblcount)) {
printf “%-${max}s  %7s\n”, $dnsbl, $dnsblcount{$dnsbl};
}

foreach (1..($max + 10)) {
printf “%s”, $rule;
}

print “\n”;

printf “%-${max}s  %8s\n”, $totstr, $dnsbltotal;

1;

Get Attachment log in zimbra

I have write down a simple script which is give you all the attachment within mail in another log file.

[root@desktop51 ~]# vim attachment-log.sh

#!/bin/bash
# this script for get log attachment

su – zimbra  -c “echo your zimbra version is; zmcontrol -v”

echo “set for attachment log ”

su – zimbra -c “postconf -e “mime_header_checks=pcre:/opt/zimbra/postfix/conf/mime_header_checks””

echo ‘/^Content-(Disposition|Type).*name\s*=\s*”?(.*(\.|=2E)(ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe||zip|pdf|mp3|jpg|rar|exe|wmv|doc|avi|ppt|mpg|tif|wav|mov|psd|wma|sitx|sit|eps|cdr|avi|xls|mp4|txt|m4a|rmvb|bmp|pps|aif|pub|dwg|gif|qbb|mpeg|indd|swf|asf|png|dat|rm|mdb|chm|jar|htm|dvf|dss|dmg|iso|flv|wpd|cda|m4b|7z|gz|fla|qxd|rtf|aiff|msi|jpeg|3gp|cdl|vob|ace|m4p|divx|html|pst|cab|ttf|xtm|hqx|qbw|sea|ptb|bin|mswmm|ifo|tgz|log|dll|mcd|ss|m4v|eml|mid|ogg|ram|lnk|torrent|ses|mp2|vcd|bat|asx|ps|bup|cbr|amr|wps|sql|hlp|ht[at]|inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|vb[esx]?|vxd|ws[cfh]))(\?=)?”?\s*(;|$)/x              WARN Attachment name “$2” The file format is “.$4″‘ > /opt/zimbra/postfix/conf/mime_header_checks

chown zimbra:zimbra /opt/zimbra/postfix/conf/mime_header_checks

su – zimbra -c “zmmtactl restart”

echo “0 23 * * * root /bin/grep ‘filename=’ /var/log/maillog >> /var/log/attachment.log” > /etc/cron.d/attachmentlog

[root@desktop51 ~]# chmod  +x attachment-log.sh
[root@desktop51 ~]# sh attachment-log.sh
your zimbra version is
Release 8.0.2_GA_5569.RHEL6_64_20121210115059 CentOS6_64 FOSS edition.
set for attachment log
Rewriting configuration files…done.
/postfix-script: refreshing the Postfix mail system
Stopping saslauthd…done.
Starting saslauthd…done.
Stopping opendkim… done.
Started opendkim: pid 11287

[root@desktop51 ~]# tail /var/log/attachment.log
Aug 23 12:02:04 desktop51 postfix/cleanup[29729]: 0E4C265F45: warning: header Content-Disposition: attachment; filename=RHEV-USB-Client-136.exe from desktop51.bipinpatel.com[192.168.0.51]; from=<test1@bipinpatel.com> to=<test2@bipinpatel.com> proto=ESMTP helo=<desktop51.bipinpatel.com>: Attachment name “RHEV-USB-Client-136.exe” The file format is “.exe”
Aug 23 12:02:09 desktop51 postfix/cleanup[29729]: C6F5165F33: warning: header Content-Disposition: attachment; filename=RHEV-USB-Client-136.exe from localhost[127.0.0.1]; from=<test1@bipinpatel.com> to=<test2@bipinpatel.com> proto=ESMTP helo=<localhost>: Attachment name “RHEV-USB-Client-136.exe” The file format is “.exe”

Performing UDP tunneling through an SSH connection

The original source is:-

http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Tunnelling_UDP_Traffic_Through_An_SSH_Connection

http://www.qcnetwork.com/vince/doc/divers/udp_over_ssh_tunnel.html

on client:

[root@client tmp]# /usr/bin/ssh -L 9999:localhost:9999 root@192.168.0.51;

on server:

[root@server ~]# /usr/bin/mkfifo “/tmp/fifo”;

[root@server ~]# /bin/ls -al “/tmp/fifo”; prw-r–r– 1 root root 0 Mar 22 19:37 /tmp/fifo

[root@server ~]# /usr/bin/nc -l 9999 < “/tmp/fifo” | /usr/bin/nc -u 192.168.0.51 53 > “/tmp/fifo”;

on client:

[root@client tmp]# /usr/bin/mkfifo “/tmp/fifo”;

[root@client tmp]# /bin/ls -al “/tmp/fifo”;

prw-r–r– 1 root root 0 Mar 22 19:37 /tmp/fifo

[root@client tmp]# /usr/bin/nc -l -u 53  < “/tmp/fifo” | /usr/bin/nc 127.0.0.1 9999 > “/tmp/fifo”;

[root@client tmp]# dig desktop1.bipinpatel.com @127.0.0.1