These are the numeric values and its related permissions in a linux system.
4000 - Setuid on execution
2000 - setgid on execution
1000 - set sticky bit
0400 - read by owner
0200 - write by owner
0100 - execute by owner
0040 - read by group
0020 - wrrite by group
0010 - execute by group
0004 - read by others
0002 - write by others
0001 - execute by others
The chmod numeric value varies from 0000 to 7777
You can use these or combination of these numeric values with chmod command or you can specify it with strings. While specifying with strings use the following arguments..
u - user - to add/remove permissions of user or owner of file.
g - group - to add/remove permissions of group members of file.
o - other - to add/remove permissions of other group members or world wide permission of file.
Eg:
The following commands will enable the setuid on the file abc.pl
chmod 4755 abc.pl
chmod u+s abc.pl
December 19, 2009
Locating files using the find command
Find is a versatile tool which can be used to locate files and directories satisfying different user criteria. But the sheer number of options for this command line tool makes it at the same time both powerful and encumbering for the user. Here I will list a few combinations which one can use to get useful results using find command.
Find all HTML files starting with letter 'a' in your current directory (Case sensitive)
find . -name a\*.html
Same as above but case insensitive search.
find . -iname a\*.html
Find files which are larger than 5 MB in size.
find . -size +5000k -type f
Here the '+' in '+5000k' indicates greater than and k is kilobytes. And the dot '.' indicates the current directory. The -type option can take any of the following values:
f - file
d - directory
l - symbolic link
c - character
p - named pipe (FIFO)
s - socket
b - block device
Find all empty files in your directory
find . -size 0c -type f
... Which is all files with 0 bytes size. The option -size can take the following:
c - bytes
w - 2 byte words
k - kilo bytes
b - 512 byte blocks
Note: The above command can also take the -empty parameter.
Find is very powerful in that you can combine it with other commands. For example, to find all empty files in the current directory and delete them, do the following:
find . -empty -maxdepth 1 -exec rm {} \;
To search for a html file having the text 'Web sites' in it, you can combine find with grep as follows:
find . -type f -iname \*.html -exec grep -s "Web sites" {} \;
... the -s option in grep suppresses errors about non-existent or unreadable files. And {} is a placeholder for the files found. The semicolon ';' is escaped using backslash so as not to be interpreted by bash shell.
Note: You can use the -exec option to combine any command in Linux with the find command. Some of the useful things you can do with it are as follows:
Compress log files on an individual basis
find /var -iname \*.log -exec bzip {} \;
Find all files which belong to user lal and change its ownership to ravi
find / -user lal -exec chown ravi {} \;
Note: You can also use xargs command instead of the -exec option as follows:
find /var -iname \*.log | xargs bzip -
Find all files which do not belong to any user:
find . -nouser
Find files which have permissions rwx for user and rw for group and others :
find . -perm 766
... and then list them.
find . -perm 766 -exec ls -l {} \;
Find all directories with name music_files
find . -type d -iname \*music_files\*
Suppose you want to find files of size between 700k and 1000k, do the following:
find . \( -size +700k -and -size -1000k \)
And how about getting a formatted output of the above command with the size of each file listed ?
find . \( -size +700k -and -size -1000k \) -exec du -Hs {} \; 2>/dev/null
... here, the '2>/dev/null' means all the error messages are discarded or suppressed.
You can also limit your search by file system type. For example, to restrict search to files residing only in the NTFS and VFAT filesystem, do the following:
find / -maxdepth 2 \( -fstype vfat -or -fstype ntfs \) 2> /dev/null
These are the most common uses of the find command. You can see additional uses by reading the find manual.
Find all HTML files starting with letter 'a' in your current directory (Case sensitive)
find . -name a\*.html
Same as above but case insensitive search.
find . -iname a\*.html
Find files which are larger than 5 MB in size.
find . -size +5000k -type f
Here the '+' in '+5000k' indicates greater than and k is kilobytes. And the dot '.' indicates the current directory. The -type option can take any of the following values:
f - file
d - directory
l - symbolic link
c - character
p - named pipe (FIFO)
s - socket
b - block device
Find all empty files in your directory
find . -size 0c -type f
... Which is all files with 0 bytes size. The option -size can take the following:
c - bytes
w - 2 byte words
k - kilo bytes
b - 512 byte blocks
Note: The above command can also take the -empty parameter.
Find is very powerful in that you can combine it with other commands. For example, to find all empty files in the current directory and delete them, do the following:
find . -empty -maxdepth 1 -exec rm {} \;
To search for a html file having the text 'Web sites' in it, you can combine find with grep as follows:
find . -type f -iname \*.html -exec grep -s "Web sites" {} \;
... the -s option in grep suppresses errors about non-existent or unreadable files. And {} is a placeholder for the files found. The semicolon ';' is escaped using backslash so as not to be interpreted by bash shell.
Note: You can use the -exec option to combine any command in Linux with the find command. Some of the useful things you can do with it are as follows:
Compress log files on an individual basis
find /var -iname \*.log -exec bzip {} \;
Find all files which belong to user lal and change its ownership to ravi
find / -user lal -exec chown ravi {} \;
Note: You can also use xargs command instead of the -exec option as follows:
find /var -iname \*.log | xargs bzip -
Find all files which do not belong to any user:
find . -nouser
Find files which have permissions rwx for user and rw for group and others :
find . -perm 766
... and then list them.
find . -perm 766 -exec ls -l {} \;
Find all directories with name music_files
find . -type d -iname \*music_files\*
Suppose you want to find files of size between 700k and 1000k, do the following:
find . \( -size +700k -and -size -1000k \)
And how about getting a formatted output of the above command with the size of each file listed ?
find . \( -size +700k -and -size -1000k \) -exec du -Hs {} \; 2>/dev/null
... here, the '2>/dev/null' means all the error messages are discarded or suppressed.
You can also limit your search by file system type. For example, to restrict search to files residing only in the NTFS and VFAT filesystem, do the following:
find / -maxdepth 2 \( -fstype vfat -or -fstype ntfs \) 2> /dev/null
These are the most common uses of the find command. You can see additional uses by reading the find manual.
Simple linux commands
/bin/ls Lists the contents of the directory.
/bin/cp Copies the file.
/bin/mv Moves the file.
/bin/rm Deletes the file.
/bin/vi A very versatile, flexible and powerful editor.
/bin/touch Update the time stamp of the file with current time.
/bin/df Shows the disk free space of mounted file systems.
/usr/bin/du Shows the disk usage.
/usr/bin/who Displays who's loged in the system.
/bin/cat Concatenate files and print the output on the standard output.
/bin/cp Copies the file.
/bin/mv Moves the file.
/bin/rm Deletes the file.
/bin/vi A very versatile, flexible and powerful editor.
/bin/touch Update the time stamp of the file with current time.
/bin/df Shows the disk free space of mounted file systems.
/usr/bin/du Shows the disk usage.
/usr/bin/who Displays who's loged in the system.
/bin/cat Concatenate files and print the output on the standard output.
How to use RPM Commands
This section contains an overview of principal modes using with RPM for installing, uninstalling, upgrading, querying, listing, and checking RPM packages on your Linux system. You must be familiar with these RPM commands now because we'll use them often in the continuation of this book. To install a RPM package, use the command:
[root@deep] /#rpm -ivh foo-1.0-2.i386.rpm
Take a note that RPM packages have a file of names like foo-1.0-2.i386.rpm, which include the package name (foo), version (1.0), release (2), and architecture (i386).
To uninstall a RPM package, use the command:
[root@deep] /#rpm -e foo
Notice that we used the package name foo, not the name of the original package file foo-1.0-2.i386.rpm.
To upgrade a RPM package, use the command:
[root@deep] /#rpm -Uvh foo-1.0-2.i386.rpm
With this command, RPM automatically uninstall the old version of foo package and install the new one. Always use rpm -Uvh to install packages, since it works fine even when there are no previous versions of the package installed.
To query a RPM package, use the command:
[root@deep] /#rpm -q foo
This command will print the package name, version, and release number of installed package foo. Use this command to verify that a package is or is not installed on your system.
To display package information, use the command:
[root@deep] /#rpm -qi foo
This command display package information; includes name, version, and description of the installed program. Use this command to get information about the installed package.
To list files in package, use the command:
[root@deep] /#rpm -qlfoo
This command will list all files in a installed RPM package. It works only when the package is already installed on your system.
To check a RPM signature package, use the command:
[root@deep] /#rpm --checksig foo
This command checks the PGP signature of specified package to ensure its integrity and origin. Always use this command first before installing new RPM package on your system. Also, GnuPG or Pgp software must be already installed on your system before you can use this command.
Look at the scripts/config files and documentation that ship with the package, you can do that using:
[root@deep] /#rpm -qc
resp.
[root@deep] /#rpm -qd
In most cases a solution may be at hand without needing my help.
[root@deep] /#rpm -ivh foo-1.0-2.i386.rpm
Take a note that RPM packages have a file of names like foo-1.0-2.i386.rpm, which include the package name (foo), version (1.0), release (2), and architecture (i386).
To uninstall a RPM package, use the command:
[root@deep] /#rpm -e foo
Notice that we used the package name foo, not the name of the original package file foo-1.0-2.i386.rpm.
To upgrade a RPM package, use the command:
[root@deep] /#rpm -Uvh foo-1.0-2.i386.rpm
With this command, RPM automatically uninstall the old version of foo package and install the new one. Always use rpm -Uvh to install packages, since it works fine even when there are no previous versions of the package installed.
To query a RPM package, use the command:
[root@deep] /#rpm -q foo
This command will print the package name, version, and release number of installed package foo. Use this command to verify that a package is or is not installed on your system.
To display package information, use the command:
[root@deep] /#rpm -qi foo
This command display package information; includes name, version, and description of the installed program. Use this command to get information about the installed package.
To list files in package, use the command:
[root@deep] /#rpm -qlfoo
This command will list all files in a installed RPM package. It works only when the package is already installed on your system.
To check a RPM signature package, use the command:
[root@deep] /#rpm --checksig foo
This command checks the PGP signature of specified package to ensure its integrity and origin. Always use this command first before installing new RPM package on your system. Also, GnuPG or Pgp software must be already installed on your system before you can use this command.
Look at the scripts/config files and documentation that ship with the package, you can do that using:
[root@deep] /#rpm -qc
resp.
[root@deep] /#rpm -qd
In most cases a solution may be at hand without needing my help.
Difference Between .rpm and .tar.gz
RPM
Rpm (redhat package manager), is default installation type for all distributions except debian (which use .deb's).
The main uses are
Install from compiled i386|i486|i586|i686.rpm
rpm -ivh applicationname.i386.rpm
this breaks down to -i (install) -v (be verbose) h (hash -- or show progress)
Upgrading comes in the form of
rpm -Uvh appname.i386.rpm
(-U being upgrade)
Rebuilding from a .src.rpm
rpm --rebuild appname.src.rpm
Here the configure and make script are performed automagically. A couple of lines up when the compilation is finished it will say
WROTE: /usr/src/RPM/RPMS/i686/appname.rpm
or something similar. All you need to do then is
rpm -ivh (or Uvh) /usr/src/RPM/RPMS/i686/appname.rpm
Source tar.gz
Most source applications come in tar.gz files. These are compressed files not unlike .zip files. These are uncompressed using
tar xzvf tarfilename.tar.gz
x = extract, z = gzip, v = verbose f=file/force
The sources should now be untarred to their own directory from where you unpacked them.
cd newappdir
(change directory)
run the configure script
./configure
if all goes well, with no errors the make files are now created. Now we run
make
Once all the source files are compiled, the app is installed
make install
The app can now be located in the same dir, or optionally in /usr/bin or /usr/sbin
Rpm (redhat package manager), is default installation type for all distributions except debian (which use .deb's).
The main uses are
Install from compiled i386|i486|i586|i686.rpm
rpm -ivh applicationname.i386.rpm
this breaks down to -i (install) -v (be verbose) h (hash -- or show progress)
Upgrading comes in the form of
rpm -Uvh appname.i386.rpm
(-U being upgrade)
Rebuilding from a .src.rpm
rpm --rebuild appname.src.rpm
Here the configure and make script are performed automagically. A couple of lines up when the compilation is finished it will say
WROTE: /usr/src/RPM/RPMS/i686/appname.rpm
or something similar. All you need to do then is
rpm -ivh (or Uvh) /usr/src/RPM/RPMS/i686/appname.rpm
Source tar.gz
Most source applications come in tar.gz files. These are compressed files not unlike .zip files. These are uncompressed using
tar xzvf tarfilename.tar.gz
x = extract, z = gzip, v = verbose f=file/force
The sources should now be untarred to their own directory from where you unpacked them.
cd newappdir
(change directory)
run the configure script
./configure
if all goes well, with no errors the make files are now created. Now we run
make
Once all the source files are compiled, the app is installed
make install
The app can now be located in the same dir, or optionally in /usr/bin or /usr/sbin
How to delete symbolic link
When using the rm or unlink command to remove a symbolic link to a directory, make sure you don’t end the target with a ‘/’ character because it will create an error. Example:
$ mkdir dirfoo
$ ln -s dirfoo lnfoo
$ rm lnfoo/
rm cannot remove directory ‘lnfoo/’ : Is a directory
$ unlink lnfoo/
unlink: cannot unlink ‘lnfoo/’: Not a directory
$ unlink lnfoo
$ mkdir dirfoo
$ ln -s dirfoo lnfoo
$ rm lnfoo/
rm cannot remove directory ‘lnfoo/’ : Is a directory
$ unlink lnfoo/
unlink: cannot unlink ‘lnfoo/’: Not a directory
$ unlink lnfoo
scp - Secure copy of your content
scp is a great way to move files around from one machine to second machine.
This can take the place of an ftp server for moving files around.
From remote machine to local
root :~# scp user@xx.xx.xx.xx:/home/user/old-stuff /home/user/restore
From local machine to remote
root :~# scp home/to/file you@xx.xx.xx.xx:path/to/file
From remote to remote
root :~# scp user@xx.xx.xx.xx:path/to/file user@xx.xx.xx.xx:path/to/file
xx.xx.xx.xx == Your server IP
This can take the place of an ftp server for moving files around.
From remote machine to local
root :~# scp user@xx.xx.xx.xx:/home/user/old-stuff /home/user/restore
From local machine to remote
root :~# scp home/to/file you@xx.xx.xx.xx:path/to/file
From remote to remote
root :~# scp user@xx.xx.xx.xx:path/to/file user@xx.xx.xx.xx:path/to/file
xx.xx.xx.xx == Your server IP
sgid
Setting the SGID attribute on a directory : chmod g+s
If the SGID (Set Group Identification) attribute is set on a directory, files created in that directory inherit its group ownership.
If the SGID is not set the file's group ownership corresponds to the user's default group.
In order to set the SGID on a directory or to remove it, use the following commands:
chmod g+s directoryname
chmod g-s directoryname
When set, the SGID attribute is represented by the letter "s" which replaces the "x" in the group permissions:
ls -l directoryname
drwxrwsr-x 10 george administrators 4096 2006-10-10 8:45 directory
If the SGID (Set Group Identification) attribute is set on a directory, files created in that directory inherit its group ownership.
If the SGID is not set the file's group ownership corresponds to the user's default group.
In order to set the SGID on a directory or to remove it, use the following commands:
chmod g+s directoryname
chmod g-s directoryname
When set, the SGID attribute is represented by the letter "s" which replaces the "x" in the group permissions:
ls -l directoryname
drwxrwsr-x 10 george administrators 4096 2006-10-10 8:45 directory
How could I know list of the new features available for each kernel?
rpm -qp --changelog kernel-2.6.9-1.860_EL.i686.rpm | more
Egrep is used to print lines matching a pattern
# egrep --help
Usage: egrep [OPTION]... PATTERN [FILE] ...
Search for PATTERN in each FILE or standard input.
Example: egrep -i 'hello world' menu.h main.c
Regexp selection and interpretation:
-E, --extended-regexp PATTERN is an extended regular expression
-F, --fixed-strings PATTERN is a set of newline-separated strings
-G, --basic-regexp PATTERN is a basic regular expression
-P, --perl-regexp PATTERN is a Perl regular expression
-e, --regexp=PATTERN use PATTERN as a regular expression
-f, --file=FILE obtain PATTERN from FILE
-i, --ignore-case ignore case distinctions
-w, --word-regexp force PATTERN to match only whole words
-x, --line-regexp force PATTERN to match only whole lines
-z, --null-data a data line ends in 0 byte, not newline
Miscellaneous:
-s, --no-messages suppress error messages
-v, --invert-match select non-matching lines
-V, --version print version information and exit
--help display this help and exit
--mmap use memory-mapped input if possible
Output control:
-m, --max-count=NUM stop after NUM matches
-b, --byte-offset print the byte offset with output lines
-n, --line-number print line number with output lines
--line-buffered flush output on every line
-H, --with-filename print the filename for each match
-h, --no-filename suppress the prefixing filename on output
--label=LABEL print LABEL as filename for standard input
-o, --only-matching show only the part of a line matching PATTERN
-q, --quiet, --silent suppress all normal output
--binary-files=TYPE assume that binary files are TYPE
TYPE is 'binary', 'text', or 'without-match'
-a, --text equivalent to --binary-files=text
-I equivalent to --binary-files=without-match
-d, --directories=ACTION how to handle directories
ACTION is 'read', 'recurse', or 'skip'
-D, --devices=ACTION how to handle devices, FIFOs and sockets
ACTION is 'read' or 'skip'
-R, -r, --recursive equivalent to --directories=recurse
--include=PATTERN files that match PATTERN will be examined
--exclude=PATTERN files that match PATTERN will be skipped.
--exclude-from=FILE files that match PATTERN in FILE will be skipped.
-L, --files-without-match only print FILE names containing no match
-l, --files-with-matches only print FILE names containing matches
-c, --count only print a count of matching lines per FILE
-Z, --null print 0 byte after FILE name
Context control:
-B, --before-context=NUM print NUM lines of leading context
-A, --after-context=NUM print NUM lines of trailing context
-C, --context=NUM print NUM lines of output context
-NUM same as --context=NUM
--color[=WHEN],
--colour[=WHEN] use markers to distinguish the matching string
WHEN may be `always', `never' or `auto'.
-U, --binary do not strip CR characters at EOL (MSDOS)
-u, --unix-byte-offsets report offsets as if CRs were not there (MSDOS)
Usage: egrep [OPTION]... PATTERN [FILE] ...
Search for PATTERN in each FILE or standard input.
Example: egrep -i 'hello world' menu.h main.c
Regexp selection and interpretation:
-E, --extended-regexp PATTERN is an extended regular expression
-F, --fixed-strings PATTERN is a set of newline-separated strings
-G, --basic-regexp PATTERN is a basic regular expression
-P, --perl-regexp PATTERN is a Perl regular expression
-e, --regexp=PATTERN use PATTERN as a regular expression
-f, --file=FILE obtain PATTERN from FILE
-i, --ignore-case ignore case distinctions
-w, --word-regexp force PATTERN to match only whole words
-x, --line-regexp force PATTERN to match only whole lines
-z, --null-data a data line ends in 0 byte, not newline
Miscellaneous:
-s, --no-messages suppress error messages
-v, --invert-match select non-matching lines
-V, --version print version information and exit
--help display this help and exit
--mmap use memory-mapped input if possible
Output control:
-m, --max-count=NUM stop after NUM matches
-b, --byte-offset print the byte offset with output lines
-n, --line-number print line number with output lines
--line-buffered flush output on every line
-H, --with-filename print the filename for each match
-h, --no-filename suppress the prefixing filename on output
--label=LABEL print LABEL as filename for standard input
-o, --only-matching show only the part of a line matching PATTERN
-q, --quiet, --silent suppress all normal output
--binary-files=TYPE assume that binary files are TYPE
TYPE is 'binary', 'text', or 'without-match'
-a, --text equivalent to --binary-files=text
-I equivalent to --binary-files=without-match
-d, --directories=ACTION how to handle directories
ACTION is 'read', 'recurse', or 'skip'
-D, --devices=ACTION how to handle devices, FIFOs and sockets
ACTION is 'read' or 'skip'
-R, -r, --recursive equivalent to --directories=recurse
--include=PATTERN files that match PATTERN will be examined
--exclude=PATTERN files that match PATTERN will be skipped.
--exclude-from=FILE files that match PATTERN in FILE will be skipped.
-L, --files-without-match only print FILE names containing no match
-l, --files-with-matches only print FILE names containing matches
-c, --count only print a count of matching lines per FILE
-Z, --null print 0 byte after FILE name
Context control:
-B, --before-context=NUM print NUM lines of leading context
-A, --after-context=NUM print NUM lines of trailing context
-C, --context=NUM print NUM lines of output context
-NUM same as --context=NUM
--color[=WHEN],
--colour[=WHEN] use markers to distinguish the matching string
WHEN may be `always', `never' or `auto'.
-U, --binary do not strip CR characters at EOL (MSDOS)
-u, --unix-byte-offsets report offsets as if CRs were not there (MSDOS)
How To Use Pico
What is PICO?
PICO is a very simple and easy-to-use text editor offering paragraph justification, cut/paste, and a spelling checker. (Pico is an acronym for PIne COmposer)
Commands:
The editing commands are displayed at the bottom of the screen and are envoked using CTRL-KEY combinations. (Key is the key letter such as CTRL-W) The ^ character is representing the CTRL and the letter that follows represents the KEY. For example ^W will be CTRL-W on your keyboard. You press the CTRL key hold it and then press the W key. Some commands will require input such as searching. The prompts will be at the bottom of the screen, above the command labels.
Start Pico:
Type: pico
This will tell PICO to open a file. If you do not specific a file you can start editing a blank file, and then save it as whatever you wish when you quit.
Save Your Changes:
Press: CTRL-O
You will be displayed / asked what file PICO should save the document as.
Press: Enter (Or rename file to your linking and then press enter)
PICO has now saved your document.
Exiting Pico:
Press: CTRL-X
You will be prompted "Save modified buffer" this means do you want to save your modified file.
PICO Commands:
CTRL-K will delete the entire line that the cursor is currently on (Cut Text)
CTRL-U will insert the previously deleted line of text at the current position (Un-Cut Text)
CTRL-W will bring up a box at the bottom of the document for you to search.
CTRL-C will cancel anything.
CTRL-T will bring up the spell checker.
PICO is a very simple and easy-to-use text editor offering paragraph justification, cut/paste, and a spelling checker. (Pico is an acronym for PIne COmposer)
Commands:
The editing commands are displayed at the bottom of the screen and are envoked using CTRL-KEY combinations. (Key is the key letter such as CTRL-W) The ^ character is representing the CTRL and the letter that follows represents the KEY. For example ^W will be CTRL-W on your keyboard. You press the CTRL key hold it and then press the W key. Some commands will require input such as searching. The prompts will be at the bottom of the screen, above the command labels.
Start Pico:
Type: pico
This will tell PICO to open a file. If you do not specific a file you can start editing a blank file, and then save it as whatever you wish when you quit.
Save Your Changes:
Press: CTRL-O
You will be displayed / asked what file PICO should save the document as.
Press: Enter (Or rename file to your linking and then press enter)
PICO has now saved your document.
Exiting Pico:
Press: CTRL-X
You will be prompted "Save modified buffer" this means do you want to save your modified file.
PICO Commands:
CTRL-K will delete the entire line that the cursor is currently on (Cut Text)
CTRL-U will insert the previously deleted line of text at the current position (Un-Cut Text)
CTRL-W will bring up a box at the bottom of the document for you to search.
CTRL-C will cancel anything.
CTRL-T will bring up the spell checker.
If you are trying to find a program, log into the shell.
Type the command:
# whereis
where 'program' is the program you are looking for, will show you one or more possibilities for what you are looking for.
If you have more than one copy of a program, say one in /usr/bin and another in /usr/local/bin/ ,
typing "which program" will show you which one will be called first.
If you can't find it at all, type command:
# locate
will show you everyfile that matches "program".
Some of the most common programs :
• /usr/sbin/sendmail
• /usr/bin/perl
• /bin/mail
• /usr/bin/php
Default locations for most commonly used configuration files and important directories:
Exim
• /etc/exim.conf
• /var/log/exim_mainlog
• /var/log/exim_rejectlog
• /etc/valiases/
• /etc/vfilters/
• /home/username/.forward
MySQL
• /root/.my.cnf
• /etc/my.cnf
• /var/lib/mysql/
Apache
• /usr/local/apache/conf/httpd.conf
• /usr/local/apache/domlogs/
System
• /var/log/messages
• /var/log/dmesg
Proftpd
• /etc/proftpd.conf
• /var/log/xferlog
• /etc/proftpd/
sshd
• /etc/ssh/sshd_config
# whereis
where 'program' is the program you are looking for, will show you one or more possibilities for what you are looking for.
If you have more than one copy of a program, say one in /usr/bin and another in /usr/local/bin/ ,
typing "which program" will show you which one will be called first.
If you can't find it at all, type command:
# locate
will show you everyfile that matches "program".
Some of the most common programs :
• /usr/sbin/sendmail
• /usr/bin/perl
• /bin/mail
• /usr/bin/php
Default locations for most commonly used configuration files and important directories:
Exim
• /etc/exim.conf
• /var/log/exim_mainlog
• /var/log/exim_rejectlog
• /etc/valiases/
• /etc/vfilters/
• /home/username/.forward
MySQL
• /root/.my.cnf
• /etc/my.cnf
• /var/lib/mysql/
Apache
• /usr/local/apache/conf/httpd.conf
• /usr/local/apache/domlogs/
System
• /var/log/messages
• /var/log/dmesg
Proftpd
• /etc/proftpd.conf
• /var/log/xferlog
• /etc/proftpd/
sshd
• /etc/ssh/sshd_config
Interactive Find command usage
Sometimes we need to find the file in server which we do not know where exactly it is located:
Search and list all files from current directory and down for the string ABC:
Quote
find ./ -name "*" -exec grep -H ABC {} \;
find ./ -type f -print | xargs grep -H "ABC" /dev/null
egrep -r ABC *
Find all files of a given type from current directory on down:
Quote
find ./ -name "*.conf" –print
Find all user files larger than 5Mb:
Quote
find /home -size +5000000c –print
Find all files owned by a user (defined by user id number) on
the system: (could take a long time)
Quote
find / -user 501 –print
Find all files created or updated in the last five minutes: (Great for finding effects of make install)
Quote
find / -cmin -5
Find all world writable directories:
Quote
find / -perm -0002 -type d –print
Find all world writable files:
Quote
find / -perm -0002 -type f -print
find / -perm -2 ! -type l -ls
Find files with no user:
Quote
find / -nouser -o -nogroup –print
Find files modified in the last two days:
Quote
find / -mtime 2 -o -ctime 2
finding files in a directory that are older than 3 days and deleting them:
Quote
find /directoryname -type f -mtime +3 -exec rm {} \;
Search and list all files from current directory and down for the string ABC:
Quote
find ./ -name "*" -exec grep -H ABC {} \;
find ./ -type f -print | xargs grep -H "ABC" /dev/null
egrep -r ABC *
Find all files of a given type from current directory on down:
Quote
find ./ -name "*.conf" –print
Find all user files larger than 5Mb:
Quote
find /home -size +5000000c –print
Find all files owned by a user (defined by user id number) on
the system: (could take a long time)
Quote
find / -user 501 –print
Find all files created or updated in the last five minutes: (Great for finding effects of make install)
Quote
find / -cmin -5
Find all world writable directories:
Quote
find / -perm -0002 -type d –print
Find all world writable files:
Quote
find / -perm -0002 -type f -print
find / -perm -2 ! -type l -ls
Find files with no user:
Quote
find / -nouser -o -nogroup –print
Find files modified in the last two days:
Quote
find / -mtime 2 -o -ctime 2
finding files in a directory that are older than 3 days and deleting them:
Quote
find /directoryname -type f -mtime +3 -exec rm {} \;
Other commands on Version, Virus scan etc
What version of Linux is running
root:~#cat /etc/redhat-release
or for non Red-Hat Linux
root:~#cat /etc/issue
Comapre this to the kernel
root:~#uname -a
and
root:~#cat /proc/version
Who is the author of the file:
root:~#ls –la --author
When was the last time the file has been accessed and by who:
root:~#ls -l --time=access
Before you run off and use the cat command it is good to first check the file type with the file command. Many a time I myself have been fooled seeing a file marked as something.html and finding it was really a binary file.
What kind of file is it:
root:~#file filename
or
root:~#file /path/to/directory/*
Real Time Network Activity Examples:
root:~#watch -d "netstat -nalp |grep -v DGRAM |grep -v STREAM |grep -v LISTEN"
root:~#watch "netstat -nalp"|grep ":TCP PORT Number"
root:~#watch "netstat -nalp"|grep ":22"
Update the Locate Database:
root:~#updatedb &
Search for Apache Exploit
for i in `locate access_log` ; do echo $i ; egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' $i ; done
or
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /path/to/log/files/*
cPanel
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /usr/local/apache/logs/*
Ensim
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20'/home/virtual/site*/fst/var/log/httpd/*
Plesk
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /home/httpd/vhosts/*/statistics/logs/*
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /var/log/httpd/*
Of course not every thing that it locates is an exploit, it takes some interpreting. You are looking for obvious things such as a call to wget to download a file, or a call to perl that looks strangely out of place. However one thing this script does not search for is a call to shell code. Once you locate the access logs run a second search for long strings containing /x90/. I have yet to find a good interpreter of what these shell codes do but again google.com is your friend. Most often you can do a search for the code itself and come up with a technical explanation of what the code does.
Search for Shell Code:
cat /path/to/access/logs/* |grep "/x90/"
Finally now you can run your favorite virus scan and root kit hunter. Some favorites include rkhunter and chkrootkit.
ChkRootkit
http://www.chkrootkit.org
RKHunter
http://www.rootkit.nl
Hopefully by now the updatedb has finished, you can check the status of that by usingthe jobs command. Look for things that are out of place and dont belong, are there .bash_history or access_log files that seem to be in the wrong area. This is where you try to think like a hacker and try to find the strange things that just don’t seem right.
Think Like a Hacker in Your Search
root:~#locate .bash_history
root:~#locate access_log
root:~#locate "..."
root:~#locate ".. "
root:~#locate " .."
root:~#locate ". "
root:~#locate " ."
Who Ownes the IP Address
root:~#whois 12.34.56.78
Gather all Data About the IP Address
root:~#for i in `ls /var/log -la |grep -v drwx |grep -v lrwx | awk '{print $9}'`; do echo /var/log/$i; cat /var/log/$i |grep "12.34.56.78 ; done
root:~#cat /etc/redhat-release
or for non Red-Hat Linux
root:~#cat /etc/issue
Comapre this to the kernel
root:~#uname -a
and
root:~#cat /proc/version
Who is the author of the file:
root:~#ls –la --author
When was the last time the file has been accessed and by who:
root:~#ls -l --time=access
Before you run off and use the cat command it is good to first check the file type with the file command. Many a time I myself have been fooled seeing a file marked as something.html and finding it was really a binary file.
What kind of file is it:
root:~#file filename
or
root:~#file /path/to/directory/*
Real Time Network Activity Examples:
root:~#watch -d "netstat -nalp |grep -v DGRAM |grep -v STREAM |grep -v LISTEN"
root:~#watch "netstat -nalp"|grep ":TCP PORT Number"
root:~#watch "netstat -nalp"|grep ":22"
Update the Locate Database:
root:~#updatedb &
Search for Apache Exploit
for i in `locate access_log` ; do echo $i ; egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' $i ; done
or
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /path/to/log/files/*
cPanel
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /usr/local/apache/logs/*
Ensim
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20'/home/virtual/site*/fst/var/log/httpd/*
Plesk
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /home/httpd/vhosts/*/statistics/logs/*
egrep -i '(chr\(|system\()|(curl|wget|chmod|gcc|perl)%20' /var/log/httpd/*
Of course not every thing that it locates is an exploit, it takes some interpreting. You are looking for obvious things such as a call to wget to download a file, or a call to perl that looks strangely out of place. However one thing this script does not search for is a call to shell code. Once you locate the access logs run a second search for long strings containing /x90/. I have yet to find a good interpreter of what these shell codes do but again google.com is your friend. Most often you can do a search for the code itself and come up with a technical explanation of what the code does.
Search for Shell Code:
cat /path/to/access/logs/* |grep "/x90/"
Finally now you can run your favorite virus scan and root kit hunter. Some favorites include rkhunter and chkrootkit.
ChkRootkit
http://www.chkrootkit.org
RKHunter
http://www.rootkit.nl
Hopefully by now the updatedb has finished, you can check the status of that by usingthe jobs command. Look for things that are out of place and dont belong, are there .bash_history or access_log files that seem to be in the wrong area. This is where you try to think like a hacker and try to find the strange things that just don’t seem right.
Think Like a Hacker in Your Search
root:~#locate .bash_history
root:~#locate access_log
root:~#locate "..."
root:~#locate ".. "
root:~#locate " .."
root:~#locate ". "
root:~#locate " ."
Who Ownes the IP Address
root:~#whois 12.34.56.78
Gather all Data About the IP Address
root:~#for i in `ls /var/log -la |grep -v drwx |grep -v lrwx | awk '{print $9}'`; do echo /var/log/$i; cat /var/log/$i |grep "12.34.56.78 ; done
ipcs
System administration command. Print report on interprocess communication (IPC) message queues, shared memory segments, and semaphore arrays for which the current process has read access. Options can be used to specify the type of resources to report on and the output format of the report.
Options
Resource specification options:
-a
Report on all IPC facilities: shared memory segments, message queues, and semaphore arrays. This is the default.
-m
Report on shared memory segments.
-q
Report on message queues.
-s
Report on semaphore arrays.
Output format options:
-b
Print information on maximum size of the resource: size in bytes of messages or shared memory segments, and the number of semaphores per set in the case of semaphore arrays.
-c
Print creator and owner user IDs for IPC facilities.
-l
Print resource maximum and minimum limits.
-o
Print outstanding usage of the resource in question: the number of messages and the total size of the message queue, or the number of processes using shared memory segments.
-p
Print creator and last operation process identifiers.
-t
Print attach, detach, and change times for shared memory segments, last operation and change times for semaphore arrays, and send, receive, and change times for message queues.
-u
Print summary of current resource usage.
Other options:
-h
Print help message, then exit.
-i identifier
Used in combination with the -m, -q, or -s options. Report only on the resource specified by numeric identifier.
Quote
# ipcs
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
------ Semaphore Arrays --------
key semid owner perms nsems
0x00000000 11927552 apache 600 1
0x00000000 11960321 apache 600 1
0x00000000 11993090 apache 600 1
0x00000000 12025859 apache 600 1
0x00000000 12058628 apache 600 1
0x00000000 12091397 apache 600 1
0x00000000 12124166 apache 600 1
0x00000000 12156935 apache 600 1
------ Message Queues --------
key msqid owner perms used-bytes messages
Options
Resource specification options:
-a
Report on all IPC facilities: shared memory segments, message queues, and semaphore arrays. This is the default.
-m
Report on shared memory segments.
-q
Report on message queues.
-s
Report on semaphore arrays.
Output format options:
-b
Print information on maximum size of the resource: size in bytes of messages or shared memory segments, and the number of semaphores per set in the case of semaphore arrays.
-c
Print creator and owner user IDs for IPC facilities.
-l
Print resource maximum and minimum limits.
-o
Print outstanding usage of the resource in question: the number of messages and the total size of the message queue, or the number of processes using shared memory segments.
-p
Print creator and last operation process identifiers.
-t
Print attach, detach, and change times for shared memory segments, last operation and change times for semaphore arrays, and send, receive, and change times for message queues.
-u
Print summary of current resource usage.
Other options:
-h
Print help message, then exit.
-i identifier
Used in combination with the -m, -q, or -s options. Report only on the resource specified by numeric identifier.
Quote
# ipcs
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
------ Semaphore Arrays --------
key semid owner perms nsems
0x00000000 11927552 apache 600 1
0x00000000 11960321 apache 600 1
0x00000000 11993090 apache 600 1
0x00000000 12025859 apache 600 1
0x00000000 12058628 apache 600 1
0x00000000 12091397 apache 600 1
0x00000000 12124166 apache 600 1
0x00000000 12156935 apache 600 1
------ Message Queues --------
key msqid owner perms used-bytes messages
Advance command for System Administrator
To get the list of username with its user ID in formatted way:
Quote
# awk -F":" '{ print "username: " $1 "\t\tuid:" $3 }' /etc/passwd
Find the particular string from the list of files in current directory:
Quote
# cd /etc
# for i in $(find -type f); do grep -iH nfsnobody $i; done
Or
Quote
# grep -iH nfsnobody *
Get the no of occurrences of particular word in file:
Quote
# awk '/ServerName/ {i=i+1} END {print i}' /etc/httpd/conf/httpd.conf
# grep ServerName /etc/httpd/conf/httpd.conf
To delete resources of semaphore arrays from memory:
Quote
# ipcs -s | grep apache | perl -e 'while () { @a=split(/\s+/); print`ipcrm sem $a[1]`}'
To check whether perl module is installed correctly or not:
If all is correct then output of this command nothing
Quote
# perl -e 'require Mail::SPF::Query'
To install CPAN module:
Quote
#cpan
cpan> install Mail::SPF::Query
CPAN: Storable loaded ok
Going to read /root/.cpan/Metadata
Database was generated on Thu, 24 Nov 2005 14:54:20 GMT
Mail::SPF::Query is up to date.
To get the list of IP addresses in the server:
Quote
#ifconfig | grep -vw inet6 | grep -w inet | cut -d : -f 2 | cut -d \ -f 1
Find list of IP address along with eth device and network mask:
Quote
# ifconfig | cut -d " " -f1,12,16 | grep -A 1 eth | tr -d - | tr -s "\n" |sed -e :a -e N -e 's/\n/ /'
Know the performance of your HardDisk:
change the device address as per your servers configuration
Quote
# hdparm -Tt /dev/sda
Get the customized output of raw accesslog of httpd:
Navigate the folder where your http access log reside
Quote
# tail -f access_log | awk '{if ($11 ~"\"-\"") print $1, $7, $12; else print $1, $10, $11, $12}'
The details of the present http connections can be found by using:
Quote
# netstat -plan | grep ":80 " | awk {'print $5'} |awk -F: {'print $1'}|sort
# cat /proc/net/ip_conntrack | grep "port=80" | wc -l
Number of connection from perticular IP addfess:
Quote
# netstat -ntu | awk '{print $5}'| cut -d: -f1 | sort | uniq -c | sort -nr | more
No of conections:
Quote
# netstat -alntp
#/sbin/ldconfig /usr/local/lib - Update the system linker cache
Port scanning using nmap:
You can customized it to get more informative output
Quote
# nmap -sS localhost -
instead host localhost, it could be IP address of another server which is in question
You can execute bash command a certain number of times by using something similar to the following:
Quote
n=0;while test -$n -gt -10; do echo n=$n; n=$[$n+1]; done
That code will print "n=0", "n=1", and so on 10 times.
Only get the listing of directories:
Quote
ls -F $1 | grep \/ | sed -e 's/\/$/4/g'
Real Time Network Activity Examples:
Quote
root# watch -d "netstat -nalp |grep -v DGRAM |grep -v STREAM |grep -v LISTEN"
root# watch "netstat -nalp"|grep ":TCP PORT Number"
root# watch "netstat -nalp"|grep ":22"
I think below command will be use to know the highest process used by IP address for particular services
Quote
netstat -tnp | awk -F':|/|\t*| *' '{if( $7 == "25" ) {print; $cmd=sprintf("ps -uwwwp %d",$9);system($cmd);}}'
Return which ports are currently being listened :
Quote
netstat -ant | grep LISTEN | sed -n 's/^[^:]*:\([0-9]\+\) .*$/\1/p'
Quote
# awk -F":" '{ print "username: " $1 "\t\tuid:" $3 }' /etc/passwd
Find the particular string from the list of files in current directory:
Quote
# cd /etc
# for i in $(find -type f); do grep -iH nfsnobody $i; done
Or
Quote
# grep -iH nfsnobody *
Get the no of occurrences of particular word in file:
Quote
# awk '/ServerName/ {i=i+1} END {print i}' /etc/httpd/conf/httpd.conf
# grep ServerName /etc/httpd/conf/httpd.conf
To delete resources of semaphore arrays from memory:
Quote
# ipcs -s | grep apache | perl -e 'while (
To check whether perl module is installed correctly or not:
If all is correct then output of this command nothing
Quote
# perl -e 'require Mail::SPF::Query'
To install CPAN module:
Quote
#cpan
cpan> install Mail::SPF::Query
CPAN: Storable loaded ok
Going to read /root/.cpan/Metadata
Database was generated on Thu, 24 Nov 2005 14:54:20 GMT
Mail::SPF::Query is up to date.
To get the list of IP addresses in the server:
Quote
#ifconfig | grep -vw inet6 | grep -w inet | cut -d : -f 2 | cut -d \ -f 1
Find list of IP address along with eth device and network mask:
Quote
# ifconfig | cut -d " " -f1,12,16 | grep -A 1 eth | tr -d - | tr -s "\n" |sed -e :a -e N -e 's/\n/ /'
Know the performance of your HardDisk:
change the device address as per your servers configuration
Quote
# hdparm -Tt /dev/sda
Get the customized output of raw accesslog of httpd:
Navigate the folder where your http access log reside
Quote
# tail -f access_log | awk '{if ($11 ~"\"-\"") print $1, $7, $12; else print $1, $10, $11, $12}'
The details of the present http connections can be found by using:
Quote
# netstat -plan | grep ":80 " | awk {'print $5'} |awk -F: {'print $1'}|sort
# cat /proc/net/ip_conntrack | grep "port=80" | wc -l
Number of connection from perticular IP addfess:
Quote
# netstat -ntu | awk '{print $5}'| cut -d: -f1 | sort | uniq -c | sort -nr | more
No of conections:
Quote
# netstat -alntp
#/sbin/ldconfig /usr/local/lib - Update the system linker cache
Port scanning using nmap:
You can customized it to get more informative output
Quote
# nmap -sS localhost -
instead host localhost, it could be IP address of another server which is in question
You can execute bash command a certain number of times by using something similar to the following:
Quote
n=0;while test -$n -gt -10; do echo n=$n; n=$[$n+1]; done
That code will print "n=0", "n=1", and so on 10 times.
Only get the listing of directories:
Quote
ls -F $1 | grep \/ | sed -e 's/\/$/4/g'
Real Time Network Activity Examples:
Quote
root# watch -d "netstat -nalp |grep -v DGRAM |grep -v STREAM |grep -v LISTEN"
root# watch "netstat -nalp"|grep ":TCP PORT Number"
root# watch "netstat -nalp"|grep ":22"
I think below command will be use to know the highest process used by IP address for particular services
Quote
netstat -tnp | awk -F':|/|\t*| *' '{if( $7 == "25" ) {print; $cmd=sprintf("ps -uwwwp %d",$9);system($cmd);}}'
Return which ports are currently being listened :
Quote
netstat -ant | grep LISTEN | sed -n 's/^[^:]*:\([0-9]\+\) .*$/\1/p'
Other useful commands
netstat -tupl :List internet services on a system
netstat -tup :List active connections to/from system
# lsof -p $$ :List paths that process id has open
# lsof ~ :List processes that have specified path open
# last reboot :Show system reboot history.
# ls -lSr :Show files, biggest last
# du -s * | sort -k1,1rn | head :Show top disk users in current dir. See also dutop
# cat /proc/partitions :Show all partitions registered on the system
netstat -tup :List active connections to/from system
# lsof -p $$ :List paths that process id has open
# lsof ~ :List processes that have specified path open
# last reboot :Show system reboot history.
# ls -lSr :Show files, biggest last
# du -s * | sort -k1,1rn | head :Show top disk users in current dir. See also dutop
# cat /proc/partitions :Show all partitions registered on the system
Automatically reboot on high iowait sta
Write below mentioned code in SHELL:
Automatically reboot on high iowait stat
Quote
# top -C -b -n 1 -i |awk '/total/ && substr($7, 0, index($7,".")) >70{print "/sbin/reboot"}'|sh
Awk displays "/sbin/reboot", if IOWAIT > 70 % and shell runs the command
you can run that in root's cron or include it via a shell script.
-C = combines statistics on a SMP machine into 1 line
-n 1 = display once
-i = ignore zombie/waiting processes
This how to is derived from Ev1servers forum
Automatically reboot on high iowait stat
Quote
# top -C -b -n 1 -i |awk '/total/ && substr($7, 0, index($7,".")) >70{print "/sbin/reboot"}'|sh
Awk displays "/sbin/reboot", if IOWAIT > 70 % and shell runs the command
you can run that in root's cron or include it via a shell script.
-C = combines statistics on a SMP machine into 1 line
-n 1 = display once
-i = ignore zombie/waiting processes
This how to is derived from Ev1servers forum
Using chattr to Eliminate Command Line Histories
Red Hat uses Bash as its default shell. One of the features of Bash is its ability to keep a running history of commands the user has typed. This could, however, end up being a security problem. If a bad guy were able to compromise a user's home directory, they could view commands the user has executed. In some cases, this could expose improperly used passwords or special privileges available to the user (such as sudo.)
In an environment where security is more important than convenience, you may consider disabling this function. A simple solution would be to use the chattr command to lock out the ability to update the file. As root, access the user's home directory. Type:
Code:
rm .bash_history
touch .bash_history
chattr +i .bash_history
The user will still have a command line history, but it will only apply to the current session. When the user logs out, the information will not be saved to the drive. To have this apply to all future users, make the changes in the /etc/skel directory.
In an environment where security is more important than convenience, you may consider disabling this function. A simple solution would be to use the chattr command to lock out the ability to update the file. As root, access the user's home directory. Type:
Code:
rm .bash_history
touch .bash_history
chattr +i .bash_history
The user will still have a command line history, but it will only apply to the current session. When the user logs out, the information will not be saved to the drive. To have this apply to all future users, make the changes in the /etc/skel directory.
split - split big files into smaller files
While searching about spliting large file in smaller files I have found below mentioned command:
Syntax:
root :~# split -b 2000 FILENAME
split is the command
-b stands for bytes
2000b is nearly 2mb (you can change this to whatever you want too for size)
FILENAME is the filename of file you want to split.
Now, to get that many pieces BACK together again with the CAT command:
put all the "pieces" into one directory and then run the command
root :~# cat * > NEWFILE
Syntax:
root :~# split -b 2000 FILENAME
split is the command
-b stands for bytes
2000b is nearly 2mb (you can change this to whatever you want too for size)
FILENAME is the filename of file you want to split.
Now, to get that many pieces BACK together again with the CAT command:
put all the "pieces" into one directory and then run the command
root :~# cat * > NEWFILE
File - Folder Size in linux
If you want to know file/folder size every time then use below menthod:
Quote
root:~# du -h --max-depth=1
You could create an alias in .bashrc file and use it.
Quote
alias fs='du -h --max-depth=0 $1' #fs=foldersize -requires ONE input
Quote
root:~#fs log
4.1G log
Quote
root:~# du -h --max-depth=1
You could create an alias in .bashrc file and use it.
Quote
alias fs='du -h --max-depth=0 $1' #fs=foldersize -requires ONE input
Quote
root:~#fs log
4.1G log
Find kernel driver/module
To find out what a particular driver/module does you can usually use the modinfo command:
# modinfo -d e1000
Intel(R) PRO/1000 Network Driver
#
# modinfo -d hangcheck-timer
Hangcheck-timer detects when the system has gone out to lunch past a certain margin.
#
To get a list of parameters supported by a kernel driver/module, the modinfo command will usually provide the information:
# modinfo -p e1000
debug:Debug level (0=none,...,16=all)
InterruptThrottleRate:Interrupt Throttling Rate
RxAbsIntDelay:Receive Absolute Interrupt Delay
RxIntDelay:Receive Interrupt Delay
TxAbsIntDelay:Transmit Absolute Interrupt Delay
TxIntDelay:Transmit Interrupt Delay
XsumRX:Disable or enable Receive Checksum offload
FlowControl:Flow Control setting
AutoNeg:Advertised auto-negotiation setting
Duplex:Duplex setting
Speed:Speed setting
RxDescriptors:Number of receive descriptors
TxDescriptors:Number of transmit descriptors
#
# modinfo -p hangcheck-timer
hangcheck_dump_tasks:If nonzero, the machine will dump the system task state when the timer margin is exceeded.
hangcheck_reboot:If nonzero, the machine will reboot when the timer margin is exceeded.
hangcheck_margin:If the hangcheck timer has been delayed more than hangcheck_margin seconds, the driver will fire.
hangcheck_tick:Timer delay.
#
To set the parameters when modules are loaded, you can add entries to /etc/modprobe.conf on RHEL or /etc/modprobe.conf.local on SLES. For example:
options hangcheck-timer hangcheck_tick=30 hangcheck_margin=180
To load the module and see the new settings, run:
# modprobe -v hangcheck-timer
insmod /lib/modules/2.6.9-22.EL/kernel/drivers/char/hangcheck-timer.ko hangcheck_tick=20 hangcheck_margin=280
#
# dmesg | tail -1
Hangcheck: starting hangcheck timer 0.5.0 (tick is 30 seconds, margin is 180 seconds).
#
The newly loaded module will be at the top of the lsmod list:
# lsmod | head -2
Module Size Used by
hangcheck_timer 3289 0
#
To unload the module, run:
# rmmod hangcheck-timer
# modinfo -d e1000
Intel(R) PRO/1000 Network Driver
#
# modinfo -d hangcheck-timer
Hangcheck-timer detects when the system has gone out to lunch past a certain margin.
#
To get a list of parameters supported by a kernel driver/module, the modinfo command will usually provide the information:
# modinfo -p e1000
debug:Debug level (0=none,...,16=all)
InterruptThrottleRate:Interrupt Throttling Rate
RxAbsIntDelay:Receive Absolute Interrupt Delay
RxIntDelay:Receive Interrupt Delay
TxAbsIntDelay:Transmit Absolute Interrupt Delay
TxIntDelay:Transmit Interrupt Delay
XsumRX:Disable or enable Receive Checksum offload
FlowControl:Flow Control setting
AutoNeg:Advertised auto-negotiation setting
Duplex:Duplex setting
Speed:Speed setting
RxDescriptors:Number of receive descriptors
TxDescriptors:Number of transmit descriptors
#
# modinfo -p hangcheck-timer
hangcheck_dump_tasks:If nonzero, the machine will dump the system task state when the timer margin is exceeded.
hangcheck_reboot:If nonzero, the machine will reboot when the timer margin is exceeded.
hangcheck_margin:If the hangcheck timer has been delayed more than hangcheck_margin seconds, the driver will fire.
hangcheck_tick:Timer delay.
#
To set the parameters when modules are loaded, you can add entries to /etc/modprobe.conf on RHEL or /etc/modprobe.conf.local on SLES. For example:
options hangcheck-timer hangcheck_tick=30 hangcheck_margin=180
To load the module and see the new settings, run:
# modprobe -v hangcheck-timer
insmod /lib/modules/2.6.9-22.EL/kernel/drivers/char/hangcheck-timer.ko hangcheck_tick=20 hangcheck_margin=280
#
# dmesg | tail -1
Hangcheck: starting hangcheck timer 0.5.0 (tick is 30 seconds, margin is 180 seconds).
#
The newly loaded module will be at the top of the lsmod list:
# lsmod | head -2
Module Size Used by
hangcheck_timer 3289 0
#
To unload the module, run:
# rmmod hangcheck-timer
partprobe
Many system administrators may be in the habit of re-booting their systems to make partition changes visible to the kernel. With Red Hat® Enterprise Linux® this is not usually necessary. The partprobe command, from the parted package, informs the kernel about changes to partitions. After all, anything that can help you avoid a re-boot has to be a good thing!
For example:
Code:
# cat /proc/partitions
major minor #blocks name
3 0 58605120 hda
3 1 200781 hda1
3 2 2040255 hda2
3 3 56364052 hda3
8 0 1018880 sda
8 1 10224 sda1
# partprobe
# cat /proc/partitions
major minor #blocks name
3 0 58605120 hda
3 1 200781 hda1
3 2 2040255 hda2
3 3 56364052 hda3
8 0 1018880 sda
8 1 10224 sda1
8 2 1008640 sda2
For example:
Code:
# cat /proc/partitions
major minor #blocks name
3 0 58605120 hda
3 1 200781 hda1
3 2 2040255 hda2
3 3 56364052 hda3
8 0 1018880 sda
8 1 10224 sda1
# partprobe
# cat /proc/partitions
major minor #blocks name
3 0 58605120 hda
3 1 200781 hda1
3 2 2040255 hda2
3 3 56364052 hda3
8 0 1018880 sda
8 1 10224 sda1
8 2 1008640 sda2
renice - - set nice values of running processes
Lets say you have started a process as root and you are updating something. You notice a HUGE slowdown in your system. You open a shell, and type "top" and notice that a process is using 94% of your CPU and hogging all the cpu time slowing everything else to a crawl!!! now what!!!!
Enter the command renice. Just as the manpages say, renice "set nice values of running processes". So, while running top, you notice the PID (process ID number) of the offending program/command is XXXXX (will actually be a number not x's).
As a root from shell:
Quote
root:~# renice 19 XXXXX
This will reset the nice value to a much lower (probably) nice value than it's currently running (top shows that as well).
Quote
root:~ # renice 19 22537
22537: old priority 0, new priority 19
The man pages give a pretty good description of all of this, plus they give several other specific examples on how renice can also be used.
What is the highest priority I can set ??
when processes are created it's default niceness values is 0[ZERO],
Maximum niceness value we can give 19(Lowest Priority) and minimum we can give -20(Hightest Priority).
Enter the command renice. Just as the manpages say, renice "set nice values of running processes". So, while running top, you notice the PID (process ID number) of the offending program/command is XXXXX (will actually be a number not x's).
As a root from shell:
Quote
root:~# renice 19 XXXXX
This will reset the nice value to a much lower (probably) nice value than it's currently running (top shows that as well).
Quote
root:~ # renice 19 22537
22537: old priority 0, new priority 19
The man pages give a pretty good description of all of this, plus they give several other specific examples on how renice can also be used.
What is the highest priority I can set ??
when processes are created it's default niceness values is 0[ZERO],
Maximum niceness value we can give 19(Lowest Priority) and minimum we can give -20(Hightest Priority).
Command to reinstall Interchange
/scripts/rebuildinterchangecfg
/usr/local/cpanel/bin/startinterchange
/usr/local/cpanel/bin/startinterchange
Where are files stored in Linux
Root or "/" contains operating system and maintentece tools.
/usr contains all commands, libraries, documentation and other files that do not change during operation. (Major applications that come with your distribution of Linux will also be found here)
/var contains files that are modified/changed. log files, lock files, spool directories, temporary files, and man pages.
/home contains all of the user files. This includes the users settings, customized files, documents, data, e-mail, and more.)
/proc contains 'fake' files. These files don't exist on the disk and don't take up any disk space. (ls -l still shows a size) When you view them you are really accessing information stored in memory. These are used to access information about the system.
Parts of root filesystem
/bin--executables (binaries) needed during bootup that might be used by normal users.
/sbin--executables (system binaries) not intended for use by general users (users may still use them, but this directory is not on their PATH).
/etc--system-wide configuration files for your operating system.
/root--the home directory of the system administrator (called super-user or root).
/dev--device files. Devices appear on Linux as files so that hardware is abstracted and it is easy to write to them or read from them.
/usr contains all commands, libraries, documentation and other files that do not change during operation. (Major applications that come with your distribution of Linux will also be found here)
/var contains files that are modified/changed. log files, lock files, spool directories, temporary files, and man pages.
/home contains all of the user files. This includes the users settings, customized files, documents, data, e-mail, and more.)
/proc contains 'fake' files. These files don't exist on the disk and don't take up any disk space. (ls -l still shows a size) When you view them you are really accessing information stored in memory. These are used to access information about the system.
Parts of root filesystem
/bin--executables (binaries) needed during bootup that might be used by normal users.
/sbin--executables (system binaries) not intended for use by general users (users may still use them, but this directory is not on their PATH).
/etc--system-wide configuration files for your operating system.
/root--the home directory of the system administrator (called super-user or root).
/dev--device files. Devices appear on Linux as files so that hardware is abstracted and it is easy to write to them or read from them.
How to replace a file in linux?
To replace home by house in the file abcd
Use the command as follows:
replace home house -- abcd
Use the command as follows:
replace home house -- abcd
How to: Create Files in Linux from a Bash Shell Prompt
Q. I’m new to Linux and installed CentOS on my Laptop. How do I create a file from bash prompt without using GUI tools?
A. Linux / UNIX offer many command line tools and text editors for creating text files. You can use vi or JOE text editor. It is a terminal-based text editor for Linux/Unix systems, available under the GPL. It is designed to be easy to use.
Create a Text File using cat command
To create a text file called foo.txt, enter:
$ cat > foo.txt
Output:
This is a test.
Hello world!
press CTRL+D to save file
To display file contents, type
$ cat foot.txt
Create a Text File using joe text editor
JOE is text editor. To create a file called foo.txt, type:
$ joe -help foo.txt
You will see help menu on screen. Next type something. To save the file and leave joe, by typing ^KX (press CTRL+K+X).
Create a Text File using vi / vim text editor
vi / vim is another text editor. To create a file called bar.txt, type:
$ vi bar.txt
A. Linux / UNIX offer many command line tools and text editors for creating text files. You can use vi or JOE text editor. It is a terminal-based text editor for Linux/Unix systems, available under the GPL. It is designed to be easy to use.
Create a Text File using cat command
To create a text file called foo.txt, enter:
$ cat > foo.txt
Output:
This is a test.
Hello world!
press CTRL+D to save file
To display file contents, type
$ cat foot.txt
Create a Text File using joe text editor
JOE is text editor. To create a file called foo.txt, type:
$ joe -help foo.txt
You will see help menu on screen. Next type something. To save the file and leave joe, by typing ^KX (press CTRL+K+X).
Create a Text File using vi / vim text editor
vi / vim is another text editor. To create a file called bar.txt, type:
$ vi bar.txt
Outlook configuration
For Outlook
1. In Outlook, go to the Tools menu and click on Email Accounts.
2. Select Add a new email account and then click Next.
3. Select POP3 and then click Next.
4. Enter your email information:
Your Name: your name
Email Address: matt@castleman.net (the email address the messages will be sent from)
Incoming Mail server (POP3): mail.castleman.net
Outgoing Mail server (SMTP): mail.castleman.net
User Name: matt@castleman.net
Password: the password for the email address
5. Click on More Settings and Select the Outgoing Server Tab. Check My outgoing server (SMTP) requires authentication. Select Use same settings as my incoming mail server.
6.Click Ok. Click Next. Click Finish.
If you cannot send email using mail.yourdomainname.com as your SMTP server,
it may be because your ISP is blocking port 25 on their network, used for sending outoing mail via the SMTP protocol. In this instance, we recommend using your ISPs outgoing mail server, which can be obtained from your ISP.
1. In Outlook, go to the Tools menu and click on Email Accounts.
2. Select Add a new email account and then click Next.
3. Select POP3 and then click Next.
4. Enter your email information:
Your Name: your name
Email Address: matt@castleman.net (the email address the messages will be sent from)
Incoming Mail server (POP3): mail.castleman.net
Outgoing Mail server (SMTP): mail.castleman.net
User Name: matt@castleman.net
Password: the password for the email address
5. Click on More Settings and Select the Outgoing Server Tab. Check My outgoing server (SMTP) requires authentication. Select Use same settings as my incoming mail server.
6.Click Ok. Click Next. Click Finish.
If you cannot send email using mail.yourdomainname.com as your SMTP server,
it may be because your ISP is blocking port 25 on their network, used for sending outoing mail via the SMTP protocol. In this instance, we recommend using your ISPs outgoing mail server, which can be obtained from your ISP.
Mail duplicate delivery in qmail
SYMPTOMS
You have two (or more) copies of every message sent/received from/to your qmail system.
CAUSE
Most probably you have two (or more) qmail instances running.
RESOLUTION
Verify that you have only one qmail instance running. To do this, login to the mail server and run:
# ps -ax | grep qmail-send
If you see two (or more) processes, stop qmail and verify it is stopped:
# /etc/init.d/qmail stop
# ps -ax | grep qmail
You should see no qmail processes here, each qmail instance would be stopped by this command.
Now it is safe to start qmail:
# /etc/init.d/qmail start
Only one copy should be started.
You have two (or more) copies of every message sent/received from/to your qmail system.
CAUSE
Most probably you have two (or more) qmail instances running.
RESOLUTION
Verify that you have only one qmail instance running. To do this, login to the mail server and run:
# ps -ax | grep qmail-send
If you see two (or more) processes, stop qmail and verify it is stopped:
# /etc/init.d/qmail stop
# ps -ax | grep qmail
You should see no qmail processes here, each qmail instance would be stopped by this command.
Now it is safe to start qmail:
# /etc/init.d/qmail start
Only one copy should be started.
FormMail
To use Formmail, you need to create a form on one of your web pages.
The form action line should be
FORM ACTION = "http://yourdomainname.com/cgi-sys/FormMail.cgi" METHOD = "POST"
FormMail.cgi will do all the programming work for you. You alter the behavior of Formmail by using hidden fields in your form.
There is only one form field that you must have in your form for FormMail to work correctly. This is the recipient field.
Field: recipient
Description: This form field allows you to specify to whom you wish for your form results to be mailed. Most likely you will want to configure this option as a hidden form field with a value equal to that of your e-mail address.
Syntax:
Optional Form Fields:
Field: subject
Description: The subject field will allow you to specify the subject that you wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the script will default to a message subject: WWW Form Submission
Syntax:
If you wish to choose what the subject is:
To allow the user to choose a subject:
Field: email
Description: This form field will allow the user to specify their return e-mail address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into the From: field of the message you receive.
Syntax:
Field: realname
Description: The realname form field will allow the user to input their real name. This field is useful for identification purposes and will also be put into the From: line of your message header
Syntax:
Field: sort
Description: This field allows you to choose the order in which you wish for your variables to appear in the e-mail that FormMail generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which isn't always the exact same order they appeared in the form.) When sorting by a set order of fields, you should include the phrase 'order:' as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas.
Syntax:
To sort alphabetically:
To sort by a set field order:
Field: redirect
Description: If you wish to redirect the user to a different URL, rather than having them see the default response to the fill-out form, you can use this hidden variable to send them to a pre-made HTML page.
Syntax:
To choose the URL the user will end up at:
To allow the user to specify a URL he wishes to travel to once the form is filled out:
Field: required
Description: You can now require for certain fields in your form to be filled in before the user can successfully submit the form. Simply place all field names that you want to be mandatory into this field. If the required fields are not filled in, the user will be notified of what they need to fill in, and a link back to the form they just submitted will be provided.
Syntax:
If you want to require that the user fill in the email and phone fields in your form, so that you can reach them once you have received the mail, use a syntax like:
Field: env_report
Description: Allows you to have Environment variables included in the e-mail message you receive after a user has filled out your form. Useful if you wish to know what browser they were using, what domain they were coming from or any other attributes associated with environment variables. The following is a short list of valid environment variables that might be useful:
REMOTE_HOST - Sends the hostname making a request.
REMOTE_ADDR - Sends the IP address of the remote host making the request.
HTTP_USER_AGENT - The browser the client is using to send the request. General format: software/version library/version
Syntax:
If you wanted to find the remote host and browser sending the request, you would put the following into your form:
Field: title
Description: This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL.
Syntax:
If you wanted a title of 'Feedback Form Results':
Field: return_link_url
Description: This field allows you to specify a URL that will appear as return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page.
Syntax:
Field: return_link_title
Description: This is the title that will be used to link the user back to the page you specify with return_link_url. The two fields will be shown on the resulting form page as:
* return_link_title
Syntax:
Field: background
Description: This form field allow you to specify a background image that will appear if you do not have the redirect field set. This image will appear as the background to the form results page.
Syntax:
Field: bgcolor
Description: This form field allow you to specify a bgcolor for the form results page in much the way you specify a background image. This field should not be set if the redirect field is.
Syntax:
For a background color of White:
Field: text_color
Description: This field works in the same way as bgcolor, except that it will change the color of your text.
Syntax:
For a text color of Black:
Field: link_color
Description: Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is.
Syntax:
For a link color of Red:
Field: vlink_color
Description: Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is. Syntax:
For a visited link color of Blue:
Field: alink_color
Description: Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.
Syntax:
For a visited link color of Blue:
Any other form fields that appear in your script will be mailed back to you and displayed on the resulting page if you do not have the redirect field set.
The form action line should be
FORM ACTION = "http://yourdomainname.com/cgi-sys/FormMail.cgi" METHOD = "POST"
FormMail.cgi will do all the programming work for you. You alter the behavior of Formmail by using hidden fields in your form.
There is only one form field that you must have in your form for FormMail to work correctly. This is the recipient field.
Field: recipient
Description: This form field allows you to specify to whom you wish for your form results to be mailed. Most likely you will want to configure this option as a hidden form field with a value equal to that of your e-mail address.
Syntax:
Optional Form Fields:
Field: subject
Description: The subject field will allow you to specify the subject that you wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the script will default to a message subject: WWW Form Submission
Syntax:
If you wish to choose what the subject is:
To allow the user to choose a subject:
Field: email
Description: This form field will allow the user to specify their return e-mail address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into the From: field of the message you receive.
Syntax:
Field: realname
Description: The realname form field will allow the user to input their real name. This field is useful for identification purposes and will also be put into the From: line of your message header
Syntax:
Field: sort
Description: This field allows you to choose the order in which you wish for your variables to appear in the e-mail that FormMail generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which isn't always the exact same order they appeared in the form.) When sorting by a set order of fields, you should include the phrase 'order:' as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas.
Syntax:
To sort alphabetically:
To sort by a set field order:
Field: redirect
Description: If you wish to redirect the user to a different URL, rather than having them see the default response to the fill-out form, you can use this hidden variable to send them to a pre-made HTML page.
Syntax:
To choose the URL the user will end up at:
To allow the user to specify a URL he wishes to travel to once the form is filled out:
Field: required
Description: You can now require for certain fields in your form to be filled in before the user can successfully submit the form. Simply place all field names that you want to be mandatory into this field. If the required fields are not filled in, the user will be notified of what they need to fill in, and a link back to the form they just submitted will be provided.
Syntax:
If you want to require that the user fill in the email and phone fields in your form, so that you can reach them once you have received the mail, use a syntax like:
Field: env_report
Description: Allows you to have Environment variables included in the e-mail message you receive after a user has filled out your form. Useful if you wish to know what browser they were using, what domain they were coming from or any other attributes associated with environment variables. The following is a short list of valid environment variables that might be useful:
REMOTE_HOST - Sends the hostname making a request.
REMOTE_ADDR - Sends the IP address of the remote host making the request.
HTTP_USER_AGENT - The browser the client is using to send the request. General format: software/version library/version
Syntax:
If you wanted to find the remote host and browser sending the request, you would put the following into your form:
Field: title
Description: This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL.
Syntax:
If you wanted a title of 'Feedback Form Results':
Field: return_link_url
Description: This field allows you to specify a URL that will appear as return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page.
Syntax:
Field: return_link_title
Description: This is the title that will be used to link the user back to the page you specify with return_link_url. The two fields will be shown on the resulting form page as:
* return_link_title
Syntax:
Field: background
Description: This form field allow you to specify a background image that will appear if you do not have the redirect field set. This image will appear as the background to the form results page.
Syntax:
Field: bgcolor
Description: This form field allow you to specify a bgcolor for the form results page in much the way you specify a background image. This field should not be set if the redirect field is.
Syntax:
For a background color of White:
Field: text_color
Description: This field works in the same way as bgcolor, except that it will change the color of your text.
Syntax:
For a text color of Black:
Field: link_color
Description: Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is.
Syntax:
For a link color of Red:
Field: vlink_color
Description: Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is. Syntax:
For a visited link color of Blue:
Field: alink_color
Description: Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.
Syntax:
For a visited link color of Blue:
Any other form fields that appear in your script will be mailed back to you and displayed on the resulting page if you do not have the redirect field set.
When I try to delete a message from webmail it fails with: 'There was an error deleting messages from the folder "Inbox". This is what the server said: [TRYCREATE] Mailbox does not exist.'
RESOLUTION
The most probalby you have switched to "When deleting messages, move them to your Trash folder instead of marking them as deleted?" in Horde IMP preferences under "Options" -> "Deleting and Moving Messages".
Please make sure that trash folder was created and selected under "Trash folder:" option.
Steps
*Login to Horde
*Click on Options
*Deleting and Moving Messages
*Select "When deleting messages, move them to your Trash folder instead of marking them as deleted? "
*Then specify the folder Trash or some one you want to.
?HORDE ERROR IN CPANEL
Reset Horde is a solution
/scripts/resethorde
Or
/scripts/fullhordereset ----------Don't do it until you find another solution. :)
?HORDE LOGIN PROBLEM
Hope you would have got this issue often. The client cannot able to login to his Horde account to check his mail. He would have reached till the login screen and if he click "Login" it will stay back in the same screen instead of going to his inbox. Here is the fix for it,
Check the following first,
1. goto " cd var/lib/mysql/horde " and check if there is a file named " horde_sessionhandler.frm "
2. move all the file named "horde_sessionhandler" with other name
3. Or you can goto mysql and can drop the table "horde_sessionhandler". It will show error message some times. If so use the step 2, so that the table gets moved automatically.(Remember that if you are using step2 skip the step 3)
4. Now type in shell "mysql"
5. It will take to mysql prompt . type "use horde";
6. copy this command and paste there :
CREATE TABLE horde_sessionhandler (session_id VARCHAR(32) NOT NULL, session_lastmodified INT NOT NULL, session_data LONGBLOB, PRIMARY KEY (session_id)) ENGINE = InnoDB;
7. quit from mysql and restart mysql.
8. Try now... Your issue is fixed!!!!!
The most probalby you have switched to "When deleting messages, move them to your Trash folder instead of marking them as deleted?" in Horde IMP preferences under "Options" -> "Deleting and Moving Messages".
Please make sure that trash folder was created and selected under "Trash folder:" option.
Steps
*Login to Horde
*Click on Options
*Deleting and Moving Messages
*Select "When deleting messages, move them to your Trash folder instead of marking them as deleted? "
*Then specify the folder Trash or some one you want to.
?HORDE ERROR IN CPANEL
Reset Horde is a solution
/scripts/resethorde
Or
/scripts/fullhordereset ----------Don't do it until you find another solution. :)
?HORDE LOGIN PROBLEM
Hope you would have got this issue often. The client cannot able to login to his Horde account to check his mail. He would have reached till the login screen and if he click "Login" it will stay back in the same screen instead of going to his inbox. Here is the fix for it,
Check the following first,
1. goto " cd var/lib/mysql/horde " and check if there is a file named " horde_sessionhandler.frm "
2. move all the file named "horde_sessionhandler" with other name
3. Or you can goto mysql and can drop the table "horde_sessionhandler". It will show error message some times. If so use the step 2, so that the table gets moved automatically.(Remember that if you are using step2 skip the step 3)
4. Now type in shell "mysql"
5. It will take to mysql prompt . type "use horde";
6. copy this command and paste there :
CREATE TABLE horde_sessionhandler (session_id VARCHAR(32) NOT NULL, session_lastmodified INT NOT NULL, session_data LONGBLOB, PRIMARY KEY (session_id)) ENGINE = InnoDB;
7. quit from mysql and restart mysql.
8. Try now... Your issue is fixed!!!!!
Can not send outgoing email (Error Number: 0x800CCC0B) SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0B
If you can not send email using mail.yourdomainname.com as your SMTP server, it may be because your ISP is blocking port 25 on their network, used for sending outoing mail via the SMTP protocol. In this instance, we recommend using your ISPs outgoing mail server, which can be obtained from your ISP. This practice has been put in place in an effort to stop spam.
Please check with your ISP for their outgoing mail server settings (SMTP) and adjust in your email program under email account setup.
Relaying mail through your ISP will not change the look and appearance of email you send. It will simply use your ISPs outgoing mail server to relay your message, which will appear from your email address, etc.
Please check with your ISP for their outgoing mail server settings (SMTP) and adjust in your email program under email account setup.
Relaying mail through your ISP will not change the look and appearance of email you send. It will simply use your ISPs outgoing mail server to relay your message, which will appear from your email address, etc.
Delete all mails in queue
/etc/init.d/qmail stop
find /var/qmail/queue/mess -type f -exec rm {} \;
find /var/qmail/queue/info -type f -exec rm {} \;
find /var/qmail/queue/local -type f -exec rm {} \;
find /var/qmail/queue/intd -type f -exec rm {} \;
find /var/qmail/queue/todo -type f -exec rm {} \;
find /var/qmail/queue/remote -type f -exec rm {} \;
/etc/init.d/qmail start
find /var/qmail/queue/mess -type f -exec rm {} \;
find /var/qmail/queue/info -type f -exec rm {} \;
find /var/qmail/queue/local -type f -exec rm {} \;
find /var/qmail/queue/intd -type f -exec rm {} \;
find /var/qmail/queue/todo -type f -exec rm {} \;
find /var/qmail/queue/remote -type f -exec rm {} \;
/etc/init.d/qmail start
Thunderbird configuration
1.Open Thunderbird
2.Open the "New Account" dialog box. This is accessible from the menus by going to "File", "New", then clicking on Account ...".
3.Select "Email Account" as the New Account type, then click "Next".
4.When asked to enter your identity information, type in your full name and email address in the boxes provided. Then click next.
5.For server information, choose IMAP. Enter "linus.it.uts.edu.au" as both incoming and outgoing servers. Click next
6.For user names, your incoming user name should be filled out for you. If not, enter your FIT username and click next
7.You account name can be set to any name you want to refer to the account by. In this case, we'll keep it to the default and use the email address as the name of the account. Click next when you're done.
8.The next screen will display the list of settings which you have just entered. Make sure you haven't misspelled any of the settings. If you have, you'll need to keep clicking on "Back" until you reach the screen with the typographical error, then "Next" until you reach this screen again. Click "Finish" when you are okay with settings that you have entered.
9.You should now be prompted to enter a mail server password. Click Cancel. We still need to configure a few more settings before we connect.
10. On the main thunderbird window, you should now see your account name on the left hand side. Right click it and select "Properties" to access the "Account Settings" window. You can also access this window by going to the "Edit" menu and selecting "Account settings".
11. Click on "Server Settings" under your account name on the left hand side of the window. In the security settings area, click on the option box next to SSL. Make sure the box next to "Use secure authentication" is not checked. Click on the "Advanced" button to open the "Advanced settings" dialog.
12. In the "Advanced settings" dialog, type in "mail/" as the IMAP server directory and uncheck Server supports folders that contain sub-folders and messages. Click "OK" when finished.
13. On the left hand side of the "Account settings" window, select "Outgoing Server (SMTP)". Select the staff server (the one with linus.it.uts.edu.au in it's name) and click on "Edit".
14. Under "Use secure connection" select "TLS". You can also include a description of the server, e.g. "FIT Staff Outgoing" in the "Description" input box. Click "OK".
15. Back in the "Account settings" window, select the account name from the left hand side. The "Outgoing Server" should match the one you have just edited. Click "OK" when done.
16. You may be asked to accept a website certificate for "linus.it.uts.edu.au". Choose the option for accepting the certificate permanently.
17. You're now set up and ready to go.
2.Open the "New Account" dialog box. This is accessible from the menus by going to "File", "New", then clicking on Account ...".
3.Select "Email Account" as the New Account type, then click "Next".
4.When asked to enter your identity information, type in your full name and email address in the boxes provided. Then click next.
5.For server information, choose IMAP. Enter "linus.it.uts.edu.au" as both incoming and outgoing servers. Click next
6.For user names, your incoming user name should be filled out for you. If not, enter your FIT username and click next
7.You account name can be set to any name you want to refer to the account by. In this case, we'll keep it to the default and use the email address as the name of the account. Click next when you're done.
8.The next screen will display the list of settings which you have just entered. Make sure you haven't misspelled any of the settings. If you have, you'll need to keep clicking on "Back" until you reach the screen with the typographical error, then "Next" until you reach this screen again. Click "Finish" when you are okay with settings that you have entered.
9.You should now be prompted to enter a mail server password. Click Cancel. We still need to configure a few more settings before we connect.
10. On the main thunderbird window, you should now see your account name on the left hand side. Right click it and select "Properties" to access the "Account Settings" window. You can also access this window by going to the "Edit" menu and selecting "Account settings".
11. Click on "Server Settings" under your account name on the left hand side of the window. In the security settings area, click on the option box next to SSL. Make sure the box next to "Use secure authentication" is not checked. Click on the "Advanced" button to open the "Advanced settings" dialog.
12. In the "Advanced settings" dialog, type in "mail/" as the IMAP server directory and uncheck Server supports folders that contain sub-folders and messages. Click "OK" when finished.
13. On the left hand side of the "Account settings" window, select "Outgoing Server (SMTP)". Select the staff server (the one with linus.it.uts.edu.au in it's name) and click on "Edit".
14. Under "Use secure connection" select "TLS". You can also include a description of the server, e.g. "FIT Staff Outgoing" in the "Description" input box. Click "OK".
15. Back in the "Account settings" window, select the account name from the left hand side. The "Outgoing Server" should match the one you have just edited. Click "OK" when done.
16. You may be asked to accept a website certificate for "linus.it.uts.edu.au". Choose the option for accepting the certificate permanently.
17. You're now set up and ready to go.
Access Spambox
So you are running SpamAssasin and you want to make sure some important e-mail isn't being blocked.
Easy enough... or it should be if you new where / how to check your spam box. Spam Box is where
SpamAssasin stores all the denied/blocked spam emails. You have access to this for every single
e-mail account. You can access Spam Box through WebMail and programs such as MS Outlook.
Accessing SpamBox through WebMail
1. Load up your favorite internet browser.
Type: yourdomain.com/webmail in the address bar.
(replace yourdomain.com with 'your' domain name)
2. Select "NEO Mail" from the options.
3. Once logged in click the drop down menu in the top left.
4. Select 'SPAM' from the drop down menu.
Everything in here was mail that you never received at your address because it was considerd spam.
That's why it is now in the Spam Box.
Access Spam Box through OutLook Express
1. Setup a new POP3 account in OutLook Express.
Tools --> Accounts --> Add --> Mail
2. Instead of just doing username@domain do this
username@domain.com/spam
3. Finish setting up the account like normal.
That's it, now you will grab all the spam too. It is suggested to make all this mail
go into another folder so that you do not fill up your inbox with hundreds of spam.
Easy enough... or it should be if you new where / how to check your spam box. Spam Box is where
SpamAssasin stores all the denied/blocked spam emails. You have access to this for every single
e-mail account. You can access Spam Box through WebMail and programs such as MS Outlook.
Accessing SpamBox through WebMail
1. Load up your favorite internet browser.
Type: yourdomain.com/webmail in the address bar.
(replace yourdomain.com with 'your' domain name)
2. Select "NEO Mail" from the options.
3. Once logged in click the drop down menu in the top left.
4. Select 'SPAM' from the drop down menu.
Everything in here was mail that you never received at your address because it was considerd spam.
That's why it is now in the Spam Box.
Access Spam Box through OutLook Express
1. Setup a new POP3 account in OutLook Express.
Tools --> Accounts --> Add --> Mail
2. Instead of just doing username@domain do this
username@domain.com/spam
3. Finish setting up the account like normal.
That's it, now you will grab all the spam too. It is suggested to make all this mail
go into another folder so that you do not fill up your inbox with hundreds of spam.
AUTOMATICALLY DELETE ALL MAIL WITH A SPAM SCORE OF 5 OR MORE
1. Open your Control panel
2. Click Email -> Spam Assassin
3. Click Enable Spam Assasin
4. Click Email -> Spam Assassin
5. Click Configure (required to rewrite subjects)
6. In the box rewrite_header subject enter this: *****SPAM*****
7. Click Email -> Spam Filters
8. In the drop down boxes under Block mails when Select Subject and Contains.
9. In the box, type *****SPAM*****
10. In the Destination box type Discard.
What this all does:
* Any mail with a spam score of over 5 will have the word *****SPAM***** added
to the subject header (step 6).
* The filter will delete any mail with the word *****SPAM***** in the subject line.
If you DO NOT want to delete the SPAM mail omit steps 7,8,9 and 10. All spam mail will now be
delivered to the corresponding mailboxes BUT it will have the word *****SPAM**** in the subject line.
You can setup a mail filter on your mail client to move all emails containing this word to a
folder (spam typically) of your choice.
2. Click Email -> Spam Assassin
3. Click Enable Spam Assasin
4. Click Email -> Spam Assassin
5. Click Configure (required to rewrite subjects)
6. In the box rewrite_header subject enter this: *****SPAM*****
7. Click Email -> Spam Filters
8. In the drop down boxes under Block mails when Select Subject and Contains.
9. In the box, type *****SPAM*****
10. In the Destination box type Discard.
What this all does:
* Any mail with a spam score of over 5 will have the word *****SPAM***** added
to the subject header (step 6).
* The filter will delete any mail with the word *****SPAM***** in the subject line.
If you DO NOT want to delete the SPAM mail omit steps 7,8,9 and 10. All spam mail will now be
delivered to the corresponding mailboxes BUT it will have the word *****SPAM**** in the subject line.
You can setup a mail filter on your mail client to move all emails containing this word to a
folder (spam typically) of your choice.
Block emails from a specific domain
Anonymous writes "To block all emails sent from a specific domain:
-go to WHM/Service Configuration/Exim Configuration Editor and switch to Advanced mode
-at begin acl form put:
if $header_from: contains "@domain_name.com"
then
fail text "What message do you want."
seen finish
endif"
-go to WHM/Service Configuration/Exim Configuration Editor and switch to Advanced mode
-at begin acl form put:
if $header_from: contains "@domain_name.com"
then
fail text "What message do you want."
seen finish
endif"
Email and website on different servers
Anonymous writes "When a client want to get email from other server you need to change MX
(change from WHM/Edit a DNS Zone not from cPanel)
1. In DNS Zone do that:
domain.com. 14400 IN MX 0 any.domain.com.
2. Add new entry
any.domain.com. 14400 IN A 123.123.123.123
Change last figure of Serial Number and click Save. Restart Bind
3. Make a ssh connection and remove the domain name from /etc/localdomains
Add the domain name in /etc/remotedomains
Restart Exim
You need to wait aprox. 4 hours to work
If the domain name are pointed to Email server and from there are redirected the www do that:
1. Remove the DNS Zone from WHM
2. Make a ssh connection and remove the domain name from /etc/localdomains
Add the domain name in /etc/remotedomains
Restart Exim"
(change from WHM/Edit a DNS Zone not from cPanel)
1. In DNS Zone do that:
domain.com. 14400 IN MX 0 any.domain.com.
2. Add new entry
any.domain.com. 14400 IN A 123.123.123.123
Change last figure of Serial Number and click Save. Restart Bind
3. Make a ssh connection and remove the domain name from /etc/localdomains
Add the domain name in /etc/remotedomains
Restart Exim
You need to wait aprox. 4 hours to work
If the domain name are pointed to Email server and from there are redirected the www do that:
1. Remove the DNS Zone from WHM
2. Make a ssh connection and remove the domain name from /etc/localdomains
Add the domain name in /etc/remotedomains
Restart Exim"
Fix Horde Save Address Error
When attempting to save an e-mail address in the account manager in Horde you get an error,
and that e-mail doesn't get saved... at all! This small and simple how-to is how to fix this problem,
so that you, and your webhosting customers can save e-mails (contacts) in Horde.
1. Login to your server via SSH
2. Type: mysql
3. Copy & Paste this:
CREATE TABLE horde.turba_objects (object_id varchar(32) PRIMARY KEY,owner_id varchar(255),object_name varchar(255),object_alias varchar(32),object_email varchar(255),object_homeAddress varchar(255),object_workAddress varchar(255),object_homePhone varchar(25),object_workPhone varchar(25),object_cellPhone varchar(25),object_fax varchar(25),object_title varchar(32), object_company varchar(32),object_notes text); insert into mysql.tables_priv values("%","horde","horde","turba_objects","root@localhost",now()+0,"Select,Insert,Update,Delete",""); flush privileges;
4. Exit Horde (if you are in it) and login again. Saving E-Mails (Contacts) now works in Horde.
and that e-mail doesn't get saved... at all! This small and simple how-to is how to fix this problem,
so that you, and your webhosting customers can save e-mails (contacts) in Horde.
1. Login to your server via SSH
2. Type: mysql
3. Copy & Paste this:
CREATE TABLE horde.turba_objects (object_id varchar(32) PRIMARY KEY,owner_id varchar(255),object_name varchar(255),object_alias varchar(32),object_email varchar(255),object_homeAddress varchar(255),object_workAddress varchar(255),object_homePhone varchar(25),object_workPhone varchar(25),object_cellPhone varchar(25),object_fax varchar(25),object_title varchar(32), object_company varchar(32),object_notes text); insert into mysql.tables_priv values("%","horde","horde","turba_objects","root@localhost",now()+0,"Select,Insert,Update,Delete",""); flush privileges;
4. Exit Horde (if you are in it) and login again. Saving E-Mails (Contacts) now works in Horde.
Horde -No browseable address books
Edit the file:
/usr/local/cpanel/base/horde/turba/config/sources.php
on the server with your favorite command line editor. Look for a line of code that reads like:
'public' => false,
'readonly' => false,
'admin' => array(),
'export' => true
Should be around line 132 I believe. Add 'browse' => true, to this section of code, so that it reads as:
'public' => false,
'readonly' => false,
'admin' => array(),
'browse' => true,
'export' => true
Then just save the file and log back into Horde.
/usr/local/cpanel/base/horde/turba/config/sources.php
on the server with your favorite command line editor. Look for a line of code that reads like:
'public' => false,
'readonly' => false,
'admin' => array(),
'export' => true
Should be around line 132 I believe. Add 'browse' => true, to this section of code, so that it reads as:
'public' => false,
'readonly' => false,
'admin' => array(),
'browse' => true,
'export' => true
Then just save the file and log back into Horde.
how do i configure eudora for my aplus.net email accounts?
Here is how to configure the Eudora email client to use with your Aplus.Net email accounts:
1. Open Eudora, and from the Tools menu select Options.
2. Now, you have to enter the following information while in the Getting Started section:
*
Real name – type in the name that your recipients will see in the “From” field of emails you send.
*
Email address – type in your complete email address. Please make sure to replace “yourdomain.com” with your actual domain name.
*
Mail Server (Incoming) - type in mail.yourdomain.com.
*
User Name - type in your complete email address.
*
SMTP Server (Outgoing) - type in smtp.yourdomain.com.
*
Allow Authentication – check this box.
Important: You may also choose to use the SMTP server of your ISP. However, if you decide to use Aplus.Net’s SMTP server as shown above (smtp.yourdomain.com), please make sure that the SMTP server is enabled for the particular email box:
* How do I enable SMTP service using the Aplus.Net Control Panel?
3. Go to the Checking Mail section and adjust the following settings:
*
Save Password – check this box.
*
Secure Sockets when Receiving – set this option to Never.
Note: If you wish to use a secure connection when receiving email messages, set this option to If Available, STARTTLS.
* You should leave Mail Server and User Name as already specified. The remaining settings are optional.
4. Go to the Sending Mail section and adjust the following settings:
*
Email address – your complete email address should be specified here.
*
Domain to add to unqualified addresses – leave this field blank.
*
SMTP server - type in smtp.yourdomain.com.
*
SMTP Relay Personality – set this option to None.
*
Allow Authentication – check this box.
*
Immediate send – optional.
*
Send on check – optional.
*
Use submission port (587) – check this box.
*
Secure Sockets when Sending – set this option to Required, STARTTLS.
5. Finally, click OK.
1. Open Eudora, and from the Tools menu select Options.
2. Now, you have to enter the following information while in the Getting Started section:
*
Real name – type in the name that your recipients will see in the “From” field of emails you send.
*
Email address – type in your complete email address. Please make sure to replace “yourdomain.com” with your actual domain name.
*
Mail Server (Incoming) - type in mail.yourdomain.com.
*
User Name - type in your complete email address.
*
SMTP Server (Outgoing) - type in smtp.yourdomain.com.
*
Allow Authentication – check this box.
Important: You may also choose to use the SMTP server of your ISP. However, if you decide to use Aplus.Net’s SMTP server as shown above (smtp.yourdomain.com), please make sure that the SMTP server is enabled for the particular email box:
* How do I enable SMTP service using the Aplus.Net Control Panel?
3. Go to the Checking Mail section and adjust the following settings:
*
Save Password – check this box.
*
Secure Sockets when Receiving – set this option to Never.
Note: If you wish to use a secure connection when receiving email messages, set this option to If Available, STARTTLS.
* You should leave Mail Server and User Name as already specified. The remaining settings are optional.
4. Go to the Sending Mail section and adjust the following settings:
*
Email address – your complete email address should be specified here.
*
Domain to add to unqualified addresses – leave this field blank.
*
SMTP server - type in smtp.yourdomain.com.
*
SMTP Relay Personality – set this option to None.
*
Allow Authentication – check this box.
*
Immediate send – optional.
*
Send on check – optional.
*
Use submission port (587) – check this box.
*
Secure Sockets when Sending – set this option to Required, STARTTLS.
5. Finally, click OK.
how to configure the Mac OS X Mail email client
Here is how to configure the "Mac OS X Mail" email client to use with your Aplus.Net email accounts
1. Start by opening up the Macintosh Mail program.
2. Select the File menu from the top navigation bar, and then select Add Account.
3. Click on the Account Type pull-down menu and select POP.
* In the Account Description field, enter a brief description that will help you quickly identify this e-mail account.
* In the Full Name field, enter the name you would like your recipients to see in the From field of the e-mails you send.
* Enter your full e-mail address (including the @example.com suffix) into the Email Address field.
* Click Continue when ready.
4. Configre your Incoming Mail Server:
o Enter your Incoming Mail Server: mail.example.com, where example.com is your actual hosted domain name.
o In the User Name field, enter your full e-mail address again (including the @example.com suffix).
o Enter the password for this e-mail account into the Password field.
o Click Continue when ready.
5. Make sure the Incoming Mail Security(SSL) is not checked and click Continue.
6. Configure your Outgoing Mail Server:
o Enter your Outgoing Mail Server: smtp.example.com, where example.com is your actual hosted domain name.
o Check the Use Authentication checkbox.
o In the User Name field, enter your full e-mail address again (including the @example.com suffix).
o Enter the password for this e-mail account into the Password field.
o Click Continue when ready.
Important: At this point the Mac Mail email client will try to test the Outgoing Mail Server connection. It will definetely fail at this stage as there are further settings which need to be reconfigured. Disregard the warning message and click Continue.
7. Enable the Use Secure Sockets Layer(SSL) option and make sure the Authentication method is set to Password. Click Continue when ready.
8. Double check the configuration settings on the Account Summary window, click Continue and then the final Done button.
9. Select the Mail menu from the top navigation bar, and then select Preferences...
10. Select the newly created account from the left panel. On the Account Information screen, click on Server Settings...
11. Change the Server port number to 465. Click OK when ready.
12. Your Email Account is now configured. You can use your Mac Mail client to send and receive email messages.
1. Start by opening up the Macintosh Mail program.
2. Select the File menu from the top navigation bar, and then select Add Account.
3. Click on the Account Type pull-down menu and select POP.
* In the Account Description field, enter a brief description that will help you quickly identify this e-mail account.
* In the Full Name field, enter the name you would like your recipients to see in the From field of the e-mails you send.
* Enter your full e-mail address (including the @example.com suffix) into the Email Address field.
* Click Continue when ready.
4. Configre your Incoming Mail Server:
o Enter your Incoming Mail Server: mail.example.com, where example.com is your actual hosted domain name.
o In the User Name field, enter your full e-mail address again (including the @example.com suffix).
o Enter the password for this e-mail account into the Password field.
o Click Continue when ready.
5. Make sure the Incoming Mail Security(SSL) is not checked and click Continue.
6. Configure your Outgoing Mail Server:
o Enter your Outgoing Mail Server: smtp.example.com, where example.com is your actual hosted domain name.
o Check the Use Authentication checkbox.
o In the User Name field, enter your full e-mail address again (including the @example.com suffix).
o Enter the password for this e-mail account into the Password field.
o Click Continue when ready.
Important: At this point the Mac Mail email client will try to test the Outgoing Mail Server connection. It will definetely fail at this stage as there are further settings which need to be reconfigured. Disregard the warning message and click Continue.
7. Enable the Use Secure Sockets Layer(SSL) option and make sure the Authentication method is set to Password. Click Continue when ready.
8. Double check the configuration settings on the Account Summary window, click Continue and then the final Done button.
9. Select the Mail menu from the top navigation bar, and then select Preferences...
10. Select the newly created account from the left panel. On the Account Information screen, click on Server Settings...
11. Change the Server port number to 465. Click OK when ready.
12. Your Email Account is now configured. You can use your Mac Mail client to send and receive email messages.
How to disable catch-all E-Mail.
This tutorial will show you how to disable the cathc-all e-mail that cPanel comes with standard.
Standard the catch-all is cpanel-login-name@domain-name.com
Example: dedicat@dedicated-resources.com
Normally these E-Mails catch a lot of spam, and trash so disabling them could help, but it could
also let some e-mails you need not get delivered. (Only in the case someone typed in the wrong address,
if the write address is used everything will be fine.)
Catch-All is for *@domain.com if another account is not configured.
Doing the following will still deliver mail to all the accounts, it just wont catch mail to a
non-existant account or mis-spelledone.
1. Log into cPanel for the account you wish to modify.
http://www.yourdomain.comc/cpanel
2. Click on the "Mail" icon, it is in top left for cPanel X theme.
3. Click on "Default Address"
4. Click on " et Default Address" (At bottom of page)
5. Now you see a text box to enter the location, and you see.
"Hint: You can enter :blackhole: to discard all incoming unrouted mail or :fail: no such address
here to bounce it."
:blackhole: Will discard all e-mail, and :fail" will bounce it back to sender saying no such address. I suggest blackhole because a lot of failures will result in a huge mail que.
That's it!
Standard the catch-all is cpanel-login-name@domain-name.com
Example: dedicat@dedicated-resources.com
Normally these E-Mails catch a lot of spam, and trash so disabling them could help, but it could
also let some e-mails you need not get delivered. (Only in the case someone typed in the wrong address,
if the write address is used everything will be fine.)
Catch-All is for *@domain.com if another account is not configured.
Doing the following will still deliver mail to all the accounts, it just wont catch mail to a
non-existant account or mis-spelledone.
1. Log into cPanel for the account you wish to modify.
http://www.yourdomain.comc/cpanel
2. Click on the "Mail" icon, it is in top left for cPanel X theme.
3. Click on "Default Address"
4. Click on " et Default Address" (At bottom of page)
5. Now you see a text box to enter the location, and you see.
"Hint: You can enter :blackhole: to discard all incoming unrouted mail or :fail: no such address
here to bounce it."
:blackhole: Will discard all e-mail, and :fail" will bounce it back to sender saying no such address. I suggest blackhole because a lot of failures will result in a huge mail que.
That's it!
How To make chkrootkit e-mail you daily
Make chkrootkit e-mail you the scanned files log daily. This is a great way to maintain a secure server, just skim over the e-mail every day/night looking for root kit infections.
1. Login to your server as root. (SSH)
2. Load crontab
Type: crontab -e
3. Add this line to the top:
0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s "chkrootkit output" root)
This will run CHKROOTKIT at 1am every day, and e-mail the output to root.
If you are in PICO - CTRl-X, Y, Enter to save and exit
1. Login to your server as root. (SSH)
2. Load crontab
Type: crontab -e
3. Add this line to the top:
0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s "chkrootkit output" root)
This will run CHKROOTKIT at 1am every day, and e-mail the output to root.
If you are in PICO - CTRl-X, Y, Enter to save and exit
How to Use and Configure SpamAssassin at CCIS
This document covers the following topics:
• Introduction
• What is SpamAssassin?
• How accurate is SpamAssassin?
• What isn't SpamAssassin?
• Using SpamAssassin at CCIS
• How do I turn SpamAssassin on and off?
• How do I filter possible spam automatically on the server?
• How do I filter possible spam automatically on my PC or Mac?
• Bayesian Classification
• What is Bayesian classification?
• How can I improve the accuracy of Bayesian classification?
• Customizing SpamAssassin
• Adjusting the score required to mark a message as spam
• Preventing SpamAssassin from marking mail from certain senders
• Adjusting the scores of particular tests
• For more information (about customization)
Introduction
SpamAssassin is spam-detection software that attempts to detect spam as mail is delivered to your mailbox, and flags messages that it thinks are likely to be spam. By itself, SpamAssassin does not filter spam, but it can be used in conjunction with other facilities to filter your mail. It is highly configurable.
At CCIS, all mail that gets delivered to our users' mailboxes is automatically run through SpamAssassin. (You can turn it off if you don't want your mail checked, as described below).
What is SpamAssassin?
SpamAssassin (http://www.spamassassin.org/) is a tool that attempts to automatically determine whether incoming mail is spam (unsolicited commercial email) or not. It does this by applying a number of tests to the mail, and assigning each test a score, which can be positive (likely to appear in spam) or, less frequently, negative (unlikely to appear in spam). For any given message, the scores of all the tests are added up, and compared with a threshold value.
If the message scores lower than the threshold, it is not marked as spam (but a summary of any tests that matched is added in a header field). If it scores higher than the threshold, it is marked as spam (by adding an 'X-Spam-Flag: YES' header in addition to the summary of tests) and a detailed report on the message is included at the top of the message, and the original message is included as an attachment.
The report has a preview of the content of the message (e.g. the first few lines of it, converted from HTML or unencoded if necessary), the total number of points SpamAssassin assigned towards its spam score, and a list of the rules that matched. The list of rules has three columns: the number of "points" each rule contributed towards the total score, the name of the rule (which can be used to customize how SpamAssassin scores rules, as described on the SpamAssassin web site), and a human-readable explanation of the rule. Rules can produce positive or negative numbers of points; if the number is positive, a match means that the message is likelier to be spam; if the number is negative, a match means that the message is likelier not to be spam. (For instance, messages in HTML with JavaScript are often spam, but PGP-signed messages are rarely spam.)
Note: Previous versions also added *****SPAM***** to the subject line. The current version doesn't do that by default, but you can tell it to as described below under Customizing SpamAssassin.
Some of the tests involve the body or the headers of the message itself. Others involve consulting various network databases. The current version also supports Bayesian classification of messages, in which it uses characteristics of messages it's already seen to try to improve its accuracy at classifying future messages.
How accurate is SpamAssassin?
For the most part, SpamAssassin relies on probabilities - identifying words, phrases, or headers that are more likely to appear in spam than in legitimate email, or mail from sites that are more likely than average to send spam. Few of SpamAssassin's tests are sure-fire guarantees that a message is or isn't spam. Therefore, if you get a lot of mail, it's almost certain that SpamAssassin will occasionally misidentify legitimate mail as spam ('false positives'), and often fail to mark spam as such ('false negatives'). At CCIS, I've seen SpamAssassin mark forwarded calls-for-papers as spam, and at home, I've seen it mark legitimate bills from my ISP as spam. For this reason it's very important not to automatically discard mail SpamAssassin marks as spam without looking at it.
Since SpamAssassin's threshold for marking a message as spam is configurable (see below), you have some control over the ratio of false positives and negatives.
Recent versions of SpamAssassin support Bayesian classification, described below. When used in the default, automatic mode, this improves accuracy a little bit over time, as the Bayesian logic learns new features of messages that SpamAssassin has decided based on other tests to consider as spam or non-spam. However, it can also be trained by hand, using messages that you've decided manually are spam or non-spam. When trained with a large enough number of hand-classified messages, both spam and non-spam, this can improve SpamAssassin's accuracy considerably, not least because it's customized to the actual types of mail that you tend to get.
What isn't SpamAssassin?
SpamAssassin itself doesn't do any actual mail filtering (in the sense of blocking mail, or filing it in a special folder). It just inspects the mail and marks it up to indicate whether meets the probable-spam threshold or not. However, the markup that SpamAssassin adds makes it easy to filter your mail with other tools, such as procmail (http://www.procmail.org/, described in one of our HOWTO document - How to use procmail for mail filtering at CCIS). As mentioned above, you shouldn't just delete mail that's flagged as spam, but you might want to filter it into a separate folder that you can skim through periodically.
Go to top ››
Using SpamAssassin at CCIS
How do I turn SpamAssassin on and off?
You don't need to do anything to turn SpamAssassin on; at CCIS it's run by default on all locally-delivered mail. If you don't want SpamAssassin to be run on your mail, however, you can turn it off by creating a file .spamassassin/disable in your home directory with the commands:
cd
mkdir .spamassassin
touch .spamassassin/disable
The 'mkdir .spamassassin' command will probably fail with a File exists error; you can ignore that if it does.
(Incidentally, this .spamassassin/disable file is a mechanism we've instituted at CCIS, not something built in to SpamAssassin.)
How do I filter possible spam automatically on the server?
You might want to sort mail which SpamAssassin marks as spam into a separate folder for future perusal. That way you can easily find legitimate mail in your main mailbox, and regularly skim through the mail in your potential-spam folder for any misidentified legitimate mail before clearing it out.
If you read your mail on CCIS Unix systems (e.g. with Pine), the easiest way to do this is with "procmail", which is configured by creating and editing a file called .procmailrc in your home directory. We have a HOWTO document discussing How to use procmail for mail filtering at CCIS , which you should read in order to learn how to do this. The easiest thing to filter on in your .procmailrc is the 'X-Spam-Flag: YES' header SpamAssassin adds to messages it thinks might be spam. If you want finer-grained control (e.g. if you want to filter possible spam into different folders depending on which specific SpamAssassin tests it matches) you might want to instead look at the contents of the 'X-Spam-Status:' header, which lists the total hits and the tests that matched.
Here is a sample .procmailrc that assumes you use Pine and stores mail in standard Unix mailbox format (a/k/a 'mbox' format) in the file mail/possiblespam (accessible in Pine as a folder called 'possiblespam').
IMPORTANT: You really should read How to use procmail for mail filtering at CCIS document and understand what "procmail" is doing and the risks of using "procmail" and how to minimize them rather than just copying this into your .procmailrc and hoping it works.
# $HOME/mail *should already exist* - run "mkdir ~/mail" first!
MAILDIR=$HOME/mail
# not setting DEFAULT or ORGMAIL, so mail that doesn't match will
# be left in system mailbox
LOGFILE=$HOME/procmail-log.txt
# stuff SpamAssassin thinks might be spam:
:0:
* ^X-Spam-Flag: YES
possiblespam
How do I filter possible spam automatically on my PC or Mac?
If you read your mail with a PC or Mac client such as Eudora, Outlook, or Outlook Express, you may be able to do filtering from your mail client based on the markup that SpamAssassin adds. (If you use IMAP to read your mail, you may alternatively be able to use "procmail" as described above as well, but getting that to work smoothly is a little tricky.) The easiest way is based on the 'X-Spam-Flag: YES' header that SpamAssassin adds to the message. Here are some links describing how to do that for certain mail readers:
• Email Client Configuration for SpamAssassin [real-time.com] lists procedures for many mail clients for Windows and Unix/Linux. Some are probably applicable to Macintosh clients as well.
• Setting up a SpamAssassin Filter in Windows [oregonstate.edu] is a detailed description of configuring several versions of Outlook (not Outlook Express) for SpamAssassin.
• This page about SpamAssassin on MacOS X [aplawrence.com] is mostly irrelevant, but about a third of the way down there's a description of how to automatically sort mail in Mail.app based on SpamAssassin's X-Spam-Flag: header.
• Generic (non-SpamAssassin specific) information on filtering in Eudora:
• How to Use Filters (for Windows) [eudora.com]
• How to Use Filters (for Macintosh) [eudora.com]
• Generic (non-SpamAssassin specific) information on filtering in Microsoft Outlook (not Outlook Express)
• Rules Wizards and Assistants [slipstick.com]
(The Usage section has lots of useful links.)
• Microsoft Knowledgebase: OL2000: How to Use the Rules Wizard in Outlook 2000 (Q196212) [microsoft.com]
(If your mail client can't filter based on arbitrary headers, you can tell SpamAssassin to add '*****SPAM*****' to the Subject: header as well, as described below under Customizing SpamAssassin.)
Go to top ››
Bayesian Classification
Bayesian classification works by taking pieces of mail that have already been sorted into spam and non-spam, and trying to discover characteristics that distinguish them. It's implementation in SpamAssassin has two modes: In auto-learning mode, which is turned on by default, SpamAssassin will use messages that it's already pretty sure (based on other tests it does) are spam, or already pretty sure are not spam, and examine them to determine characteristics that might be useful in detecting future spam or non-spam messages. If the rest of SpamAssassin's tests are sufficiently accurate, this can gradually improve SpamAssassin's accuracy over time -- as the kind of mail you get evolves, SpamAssassin learns new characteristics to distinguish spam and non-spam
In the other mode, SpamAssassin can be taught by hand to recognize spam and non-spam messages based on a sufficiently large number of messages you've sorted by hand. You do this by running the 'sa-learn' command on those messages. It's important to run 'sa-learn' on enough messages, both of spam and non-spam, and to run it on spam and non-spam with otherwise similar characteristics. (For instance, if you run it on a recent collection of non-spam and an old collection of spam, SpamAssassin will learn that older messages are likelier to be spam and newer messages are likelier to be non-spam, which will give inappropriate results.) SpamAssassin needs to have examined a couple hundred messages before it will use Bayesian classification; good results are reported with a couple thousand.
It is, however, still useful to run 'sa-learn' on individual messages, especially messages that SpamAssassin has misclassified. In combination with SpamAssassin's auto-learning, that can help prevent future false positives and false negatives
The 'sa-learn' command has a manual page, so you can type 'man sa-learn' for more information, but here are some typical invocations. (SpamAssassin refers to non-spam as ham.)
• sa-learn --ham --mbox ~/mail/saved
Tell SpamAssassin that all of the mail in the Unix mbox-format mail folder ~/mail/saved is ham (non-spam).
• sa-learn --spam --mbox ~/mail/spam
Tell SpamAssassin that all of the mail in the Unix mbox-format mail folder ~/mail/spam is spam. It won't be very helpful to do this on a folder you're automatically populating with messages SpamAssassin marks as spam, since SpamAssassin has already seen all those messages (and there might be false positives in there, so you'd be reinforcing SpamAssassin's errors). But it will help prevent future false-positives if you run it on a folder of spam you've sorted by hand.
• sa-learn --spam
This command would tell SpamAssassin to read a message from standard input and treat it as spam. For instance, from a mail reader like Pine or Elm or Mutt you could pipe a single message that was misclassified as non-spam into this sa-learn command.
• sa-learn --ham
This command would tell SpamAssassin to read a message from standard input and treat it as non-spam (ham). For instance, from a mail reader like Pine or Elm or Mutt you could pipe a single message that was misclassified as spam into this sa-learn command.
• sa-learn --spam 'mhpath cur'
This example is only for users of the MH or nmh mail system. MH keeps a notion of the current message, which is stored as an individual file, and this command would tell SpamAssassin that MH's current message in the current mail folder is spam. You could replace '--spam' with '--ham' to tell it the message was non-spam. (The MH command mhpath cur produces the full Unix pathname to the current message, so this command gives sa-learn the pathname to the file with the current message. This is much better than using 'show | sa-learn --spam', because the show command reformats the headers and may not print all of them.)
The sa-learn manual page has a lot of additional information, both on syntax and usage of the command itself, and on how to use it effectively to produce good results.
If you accidentally learn a message as spam (or as ham), you can correct that just by re-learning the same message with the correct option ('--ham' or '--spam'); the previous characterization of the message will be forgotten. Alternatively, you can use the '--forget' flag, which forgets the previous characterization of the message, but does not re-learn it.
Go to top ››
Customizing SpamAssassin
When it first processes a message (i.e. the first time you get mail after turning it on), SpamAssassin creates a .spamassassin/user_prefs file in your home directory. You can customize SpamAssassin by editing that file with a text editor. (If it doesn't already exist, you should turn SpamAssassin on and send yourself a piece of mail to make SpamAssassin create it - that's better than just creating a new empty .spamassassin/user_prefs file because SpamAssassin puts explanatory comments in the file.)
There are a few main things you're likely to want to set in that file:
• The total score needed to mark a message as spam.
• Whether to add '*****SPAM*****' to the Subject: header.
• Whether to use Bayesian classification, and if so whether to auto-learn based on presumed spam or non-spam.
• Email addresses from which SpamAssassin should not mark a message as spam.
• The score contributed by particular tests SpamAssassin applies.
Each is described below.
Adjusting the score required to mark a message as spam
By default, SpamAssassin tags a message as likely spam if the point-values of the tests the message matches add up to five or more. You can increase this value by putting a line in your .spamassassin/user_prefs file that looks like
required_hits 6
A value greater than 5 will make mail less likely to be marked as spam, decreasing the number of false positives and increasing the number of false negatives. A value less than 5 will make mail more likely to be marked as spam, decreasing the number of false negatives and increasing the number of false positives.
Turning on Subject: header rewriting
Previous versions of SpamAssassin added '*****SPAM*****' to the front of the Subject: header when a message was tagged at likely spam, in addition to adding the 'X-Spam-Flag: YES' header. If you want to restore the old behaviour, you can add the line
rewrite_header Subject *****SPAM*****
to your .spamassassin/user_prefs file. You can of course change the string that SpamAssassin adds to the Subject: line.
Controlling the Bayesian classifier
If you want to disable Bayesian classification entirely, you can add the line
use_bayes 0
to your .spamassassin/user_prefs file, and if you want to use the Bayesian database and train it by hand, but not try to automatically learn spam/ham distinctions based on mail SpamAssassin classifies, you can add the line
auto_learn 0
If you turn off Bayesian classification altogether, you may want to delete the three files bayes_journal, bayes_seen, and bayes_toks in your .spamassassin directory to save space.
Preventing SpamAssassin from marking mail from certain senders or domains as spam
SpamAssassin lets you list addresses (or domains) whose mail should not be marked as spam. This is referred to as 'whitelisting' senders. You might want to do this, for instance, for addresses for which it's very important that you see their mail quickly (such as billing@yourisp.net), or for senders or domains whose legitimate mail is likely to get incorrectly tagged as spam. For instance, if you have a correspondent with an account at an ISP that also hosts spammers, and she uses a mail program that forces her to send her mail as HTML, or adds phrases to the bottom of her message that sound like spam to SpamAssassin, you could add her address to the whitelist. Also, SpamAssassin has a hard time distinguishing between (unsolicited) spam and legitimate (solicited) advertising and marketing material, so if you've signed up for marketing newsletters, you might want to add the addresses they come from to the whitelist.
You do this by adding lines like
whitelist_from billing@myisp.net
whitelist_from example3881@hotmail.com
whitelist_from specials@example.com
to your .spamassassin/user_prefs file. As you can see, you can have multiple lines; each address needs to be on a separate line.
You can use the asterisk ('*') as a wildcard character to match parts of addresses, as you can when matching Unix filenames. So to avoid marking any messages that say (accurately or incorrectly) they're from myisp.net, you could add
whitelist_from *@myisp.net
and if you have a correspondent whose mail sometimes comes from julia@example.edu, sometimes from julia@www.example.edu, and sometimes from julia@mail.example.edu, you could add a line
whitelist_from julia@*example.edu
(Actually, addresses in the whitelist just get a very large negative number added to their score, so it's just conceivable that a message could be in the whitelist but still be marked as spam, if it had enough other spamlike characteristics.)
There's also a blacklist_from keyword you can use to cause mail from certain addresses to be flagged as spam even if it doesn't match any other tests.
Adjusting the scores of particular tests
You can also adjust the score of a particular test. For instance, one of the tests is whether the subject of the message has lots of 8-bit characters. That violates the Internet email specifications (such characters are supposed to be encoded in a seven-bit format), and is very common with certain spam mail, but it also sometimes happens with legitimate non-English email sent with non-standards-compliant software. If you had a correspondent in Russia or Israel using a buggy mail program, that person's mail might be regularly flagged as spam partly due to that test. SpamAssassin calls its test for 8-bit characters 'SUBJ_ILLEGAL_CHARS', and you could turn it off by adding a line saying
score SUBJ_ILLEGAL_CHARS 0
to your .spamassassin/user_prefs file (or just lower its score from the default of 3.136). Alternatively, you can increase the scores for particular tests. You can find out the names of tests by reading the report of a message that matched a particular test, or by consulting the list at the link below.
Go to top ››
For more information
• The tests performed by the current version of SpamAssassin (which may be slightly different from the ones performed by the version we have installed) are documented at http://spamassassin.org/tests.html.
• Documentation on the configuration file is online (for the latest version) at http://spamassassin.org/doc/Mail_SpamAssassin_Conf.html, and you can see the same document for the version we have installed by running the command 'perldoc Mail::SpamAssassin::Conf' on a CCIS Unix machine.
(At CCIS, we're using an efficient version of SpamAssassin called "spamd" that runs as a separate server process running on our mail server; for security reasons that version doesn't allow you to define your own tests in your .spamassassin/user_prefs file as described in that documentation, but you can adjust the weighting of existing rules.)
• More SpamAssassin documentation is at http://spamassassin.org/doc.html
• A good general site about spam is http://www.mail-abuse.com/
• Introduction
• What is SpamAssassin?
• How accurate is SpamAssassin?
• What isn't SpamAssassin?
• Using SpamAssassin at CCIS
• How do I turn SpamAssassin on and off?
• How do I filter possible spam automatically on the server?
• How do I filter possible spam automatically on my PC or Mac?
• Bayesian Classification
• What is Bayesian classification?
• How can I improve the accuracy of Bayesian classification?
• Customizing SpamAssassin
• Adjusting the score required to mark a message as spam
• Preventing SpamAssassin from marking mail from certain senders
• Adjusting the scores of particular tests
• For more information (about customization)
Introduction
SpamAssassin is spam-detection software that attempts to detect spam as mail is delivered to your mailbox, and flags messages that it thinks are likely to be spam. By itself, SpamAssassin does not filter spam, but it can be used in conjunction with other facilities to filter your mail. It is highly configurable.
At CCIS, all mail that gets delivered to our users' mailboxes is automatically run through SpamAssassin. (You can turn it off if you don't want your mail checked, as described below).
What is SpamAssassin?
SpamAssassin (http://www.spamassassin.org/) is a tool that attempts to automatically determine whether incoming mail is spam (unsolicited commercial email) or not. It does this by applying a number of tests to the mail, and assigning each test a score, which can be positive (likely to appear in spam) or, less frequently, negative (unlikely to appear in spam). For any given message, the scores of all the tests are added up, and compared with a threshold value.
If the message scores lower than the threshold, it is not marked as spam (but a summary of any tests that matched is added in a header field). If it scores higher than the threshold, it is marked as spam (by adding an 'X-Spam-Flag: YES' header in addition to the summary of tests) and a detailed report on the message is included at the top of the message, and the original message is included as an attachment.
The report has a preview of the content of the message (e.g. the first few lines of it, converted from HTML or unencoded if necessary), the total number of points SpamAssassin assigned towards its spam score, and a list of the rules that matched. The list of rules has three columns: the number of "points" each rule contributed towards the total score, the name of the rule (which can be used to customize how SpamAssassin scores rules, as described on the SpamAssassin web site), and a human-readable explanation of the rule. Rules can produce positive or negative numbers of points; if the number is positive, a match means that the message is likelier to be spam; if the number is negative, a match means that the message is likelier not to be spam. (For instance, messages in HTML with JavaScript are often spam, but PGP-signed messages are rarely spam.)
Note: Previous versions also added *****SPAM***** to the subject line. The current version doesn't do that by default, but you can tell it to as described below under Customizing SpamAssassin.
Some of the tests involve the body or the headers of the message itself. Others involve consulting various network databases. The current version also supports Bayesian classification of messages, in which it uses characteristics of messages it's already seen to try to improve its accuracy at classifying future messages.
How accurate is SpamAssassin?
For the most part, SpamAssassin relies on probabilities - identifying words, phrases, or headers that are more likely to appear in spam than in legitimate email, or mail from sites that are more likely than average to send spam. Few of SpamAssassin's tests are sure-fire guarantees that a message is or isn't spam. Therefore, if you get a lot of mail, it's almost certain that SpamAssassin will occasionally misidentify legitimate mail as spam ('false positives'), and often fail to mark spam as such ('false negatives'). At CCIS, I've seen SpamAssassin mark forwarded calls-for-papers as spam, and at home, I've seen it mark legitimate bills from my ISP as spam. For this reason it's very important not to automatically discard mail SpamAssassin marks as spam without looking at it.
Since SpamAssassin's threshold for marking a message as spam is configurable (see below), you have some control over the ratio of false positives and negatives.
Recent versions of SpamAssassin support Bayesian classification, described below. When used in the default, automatic mode, this improves accuracy a little bit over time, as the Bayesian logic learns new features of messages that SpamAssassin has decided based on other tests to consider as spam or non-spam. However, it can also be trained by hand, using messages that you've decided manually are spam or non-spam. When trained with a large enough number of hand-classified messages, both spam and non-spam, this can improve SpamAssassin's accuracy considerably, not least because it's customized to the actual types of mail that you tend to get.
What isn't SpamAssassin?
SpamAssassin itself doesn't do any actual mail filtering (in the sense of blocking mail, or filing it in a special folder). It just inspects the mail and marks it up to indicate whether meets the probable-spam threshold or not. However, the markup that SpamAssassin adds makes it easy to filter your mail with other tools, such as procmail (http://www.procmail.org/, described in one of our HOWTO document - How to use procmail for mail filtering at CCIS). As mentioned above, you shouldn't just delete mail that's flagged as spam, but you might want to filter it into a separate folder that you can skim through periodically.
Go to top ››
Using SpamAssassin at CCIS
How do I turn SpamAssassin on and off?
You don't need to do anything to turn SpamAssassin on; at CCIS it's run by default on all locally-delivered mail. If you don't want SpamAssassin to be run on your mail, however, you can turn it off by creating a file .spamassassin/disable in your home directory with the commands:
cd
mkdir .spamassassin
touch .spamassassin/disable
The 'mkdir .spamassassin' command will probably fail with a File exists error; you can ignore that if it does.
(Incidentally, this .spamassassin/disable file is a mechanism we've instituted at CCIS, not something built in to SpamAssassin.)
How do I filter possible spam automatically on the server?
You might want to sort mail which SpamAssassin marks as spam into a separate folder for future perusal. That way you can easily find legitimate mail in your main mailbox, and regularly skim through the mail in your potential-spam folder for any misidentified legitimate mail before clearing it out.
If you read your mail on CCIS Unix systems (e.g. with Pine), the easiest way to do this is with "procmail", which is configured by creating and editing a file called .procmailrc in your home directory. We have a HOWTO document discussing How to use procmail for mail filtering at CCIS , which you should read in order to learn how to do this. The easiest thing to filter on in your .procmailrc is the 'X-Spam-Flag: YES' header SpamAssassin adds to messages it thinks might be spam. If you want finer-grained control (e.g. if you want to filter possible spam into different folders depending on which specific SpamAssassin tests it matches) you might want to instead look at the contents of the 'X-Spam-Status:' header, which lists the total hits and the tests that matched.
Here is a sample .procmailrc that assumes you use Pine and stores mail in standard Unix mailbox format (a/k/a 'mbox' format) in the file mail/possiblespam (accessible in Pine as a folder called 'possiblespam').
IMPORTANT: You really should read How to use procmail for mail filtering at CCIS document and understand what "procmail" is doing and the risks of using "procmail" and how to minimize them rather than just copying this into your .procmailrc and hoping it works.
# $HOME/mail *should already exist* - run "mkdir ~/mail" first!
MAILDIR=$HOME/mail
# not setting DEFAULT or ORGMAIL, so mail that doesn't match will
# be left in system mailbox
LOGFILE=$HOME/procmail-log.txt
# stuff SpamAssassin thinks might be spam:
:0:
* ^X-Spam-Flag: YES
possiblespam
How do I filter possible spam automatically on my PC or Mac?
If you read your mail with a PC or Mac client such as Eudora, Outlook, or Outlook Express, you may be able to do filtering from your mail client based on the markup that SpamAssassin adds. (If you use IMAP to read your mail, you may alternatively be able to use "procmail" as described above as well, but getting that to work smoothly is a little tricky.) The easiest way is based on the 'X-Spam-Flag: YES' header that SpamAssassin adds to the message. Here are some links describing how to do that for certain mail readers:
• Email Client Configuration for SpamAssassin [real-time.com] lists procedures for many mail clients for Windows and Unix/Linux. Some are probably applicable to Macintosh clients as well.
• Setting up a SpamAssassin Filter in Windows [oregonstate.edu] is a detailed description of configuring several versions of Outlook (not Outlook Express) for SpamAssassin.
• This page about SpamAssassin on MacOS X [aplawrence.com] is mostly irrelevant, but about a third of the way down there's a description of how to automatically sort mail in Mail.app based on SpamAssassin's X-Spam-Flag: header.
• Generic (non-SpamAssassin specific) information on filtering in Eudora:
• How to Use Filters (for Windows) [eudora.com]
• How to Use Filters (for Macintosh) [eudora.com]
• Generic (non-SpamAssassin specific) information on filtering in Microsoft Outlook (not Outlook Express)
• Rules Wizards and Assistants [slipstick.com]
(The Usage section has lots of useful links.)
• Microsoft Knowledgebase: OL2000: How to Use the Rules Wizard in Outlook 2000 (Q196212) [microsoft.com]
(If your mail client can't filter based on arbitrary headers, you can tell SpamAssassin to add '*****SPAM*****' to the Subject: header as well, as described below under Customizing SpamAssassin.)
Go to top ››
Bayesian Classification
Bayesian classification works by taking pieces of mail that have already been sorted into spam and non-spam, and trying to discover characteristics that distinguish them. It's implementation in SpamAssassin has two modes: In auto-learning mode, which is turned on by default, SpamAssassin will use messages that it's already pretty sure (based on other tests it does) are spam, or already pretty sure are not spam, and examine them to determine characteristics that might be useful in detecting future spam or non-spam messages. If the rest of SpamAssassin's tests are sufficiently accurate, this can gradually improve SpamAssassin's accuracy over time -- as the kind of mail you get evolves, SpamAssassin learns new characteristics to distinguish spam and non-spam
In the other mode, SpamAssassin can be taught by hand to recognize spam and non-spam messages based on a sufficiently large number of messages you've sorted by hand. You do this by running the 'sa-learn' command on those messages. It's important to run 'sa-learn' on enough messages, both of spam and non-spam, and to run it on spam and non-spam with otherwise similar characteristics. (For instance, if you run it on a recent collection of non-spam and an old collection of spam, SpamAssassin will learn that older messages are likelier to be spam and newer messages are likelier to be non-spam, which will give inappropriate results.) SpamAssassin needs to have examined a couple hundred messages before it will use Bayesian classification; good results are reported with a couple thousand.
It is, however, still useful to run 'sa-learn' on individual messages, especially messages that SpamAssassin has misclassified. In combination with SpamAssassin's auto-learning, that can help prevent future false positives and false negatives
The 'sa-learn' command has a manual page, so you can type 'man sa-learn' for more information, but here are some typical invocations. (SpamAssassin refers to non-spam as ham.)
• sa-learn --ham --mbox ~/mail/saved
Tell SpamAssassin that all of the mail in the Unix mbox-format mail folder ~/mail/saved is ham (non-spam).
• sa-learn --spam --mbox ~/mail/spam
Tell SpamAssassin that all of the mail in the Unix mbox-format mail folder ~/mail/spam is spam. It won't be very helpful to do this on a folder you're automatically populating with messages SpamAssassin marks as spam, since SpamAssassin has already seen all those messages (and there might be false positives in there, so you'd be reinforcing SpamAssassin's errors). But it will help prevent future false-positives if you run it on a folder of spam you've sorted by hand.
• sa-learn --spam
This command would tell SpamAssassin to read a message from standard input and treat it as spam. For instance, from a mail reader like Pine or Elm or Mutt you could pipe a single message that was misclassified as non-spam into this sa-learn command.
• sa-learn --ham
This command would tell SpamAssassin to read a message from standard input and treat it as non-spam (ham). For instance, from a mail reader like Pine or Elm or Mutt you could pipe a single message that was misclassified as spam into this sa-learn command.
• sa-learn --spam 'mhpath cur'
This example is only for users of the MH or nmh mail system. MH keeps a notion of the current message, which is stored as an individual file, and this command would tell SpamAssassin that MH's current message in the current mail folder is spam. You could replace '--spam' with '--ham' to tell it the message was non-spam. (The MH command mhpath cur produces the full Unix pathname to the current message, so this command gives sa-learn the pathname to the file with the current message. This is much better than using 'show | sa-learn --spam', because the show command reformats the headers and may not print all of them.)
The sa-learn manual page has a lot of additional information, both on syntax and usage of the command itself, and on how to use it effectively to produce good results.
If you accidentally learn a message as spam (or as ham), you can correct that just by re-learning the same message with the correct option ('--ham' or '--spam'); the previous characterization of the message will be forgotten. Alternatively, you can use the '--forget' flag, which forgets the previous characterization of the message, but does not re-learn it.
Go to top ››
Customizing SpamAssassin
When it first processes a message (i.e. the first time you get mail after turning it on), SpamAssassin creates a .spamassassin/user_prefs file in your home directory. You can customize SpamAssassin by editing that file with a text editor. (If it doesn't already exist, you should turn SpamAssassin on and send yourself a piece of mail to make SpamAssassin create it - that's better than just creating a new empty .spamassassin/user_prefs file because SpamAssassin puts explanatory comments in the file.)
There are a few main things you're likely to want to set in that file:
• The total score needed to mark a message as spam.
• Whether to add '*****SPAM*****' to the Subject: header.
• Whether to use Bayesian classification, and if so whether to auto-learn based on presumed spam or non-spam.
• Email addresses from which SpamAssassin should not mark a message as spam.
• The score contributed by particular tests SpamAssassin applies.
Each is described below.
Adjusting the score required to mark a message as spam
By default, SpamAssassin tags a message as likely spam if the point-values of the tests the message matches add up to five or more. You can increase this value by putting a line in your .spamassassin/user_prefs file that looks like
required_hits 6
A value greater than 5 will make mail less likely to be marked as spam, decreasing the number of false positives and increasing the number of false negatives. A value less than 5 will make mail more likely to be marked as spam, decreasing the number of false negatives and increasing the number of false positives.
Turning on Subject: header rewriting
Previous versions of SpamAssassin added '*****SPAM*****' to the front of the Subject: header when a message was tagged at likely spam, in addition to adding the 'X-Spam-Flag: YES' header. If you want to restore the old behaviour, you can add the line
rewrite_header Subject *****SPAM*****
to your .spamassassin/user_prefs file. You can of course change the string that SpamAssassin adds to the Subject: line.
Controlling the Bayesian classifier
If you want to disable Bayesian classification entirely, you can add the line
use_bayes 0
to your .spamassassin/user_prefs file, and if you want to use the Bayesian database and train it by hand, but not try to automatically learn spam/ham distinctions based on mail SpamAssassin classifies, you can add the line
auto_learn 0
If you turn off Bayesian classification altogether, you may want to delete the three files bayes_journal, bayes_seen, and bayes_toks in your .spamassassin directory to save space.
Preventing SpamAssassin from marking mail from certain senders or domains as spam
SpamAssassin lets you list addresses (or domains) whose mail should not be marked as spam. This is referred to as 'whitelisting' senders. You might want to do this, for instance, for addresses for which it's very important that you see their mail quickly (such as billing@yourisp.net), or for senders or domains whose legitimate mail is likely to get incorrectly tagged as spam. For instance, if you have a correspondent with an account at an ISP that also hosts spammers, and she uses a mail program that forces her to send her mail as HTML, or adds phrases to the bottom of her message that sound like spam to SpamAssassin, you could add her address to the whitelist. Also, SpamAssassin has a hard time distinguishing between (unsolicited) spam and legitimate (solicited) advertising and marketing material, so if you've signed up for marketing newsletters, you might want to add the addresses they come from to the whitelist.
You do this by adding lines like
whitelist_from billing@myisp.net
whitelist_from example3881@hotmail.com
whitelist_from specials@example.com
to your .spamassassin/user_prefs file. As you can see, you can have multiple lines; each address needs to be on a separate line.
You can use the asterisk ('*') as a wildcard character to match parts of addresses, as you can when matching Unix filenames. So to avoid marking any messages that say (accurately or incorrectly) they're from myisp.net, you could add
whitelist_from *@myisp.net
and if you have a correspondent whose mail sometimes comes from julia@example.edu, sometimes from julia@www.example.edu, and sometimes from julia@mail.example.edu, you could add a line
whitelist_from julia@*example.edu
(Actually, addresses in the whitelist just get a very large negative number added to their score, so it's just conceivable that a message could be in the whitelist but still be marked as spam, if it had enough other spamlike characteristics.)
There's also a blacklist_from keyword you can use to cause mail from certain addresses to be flagged as spam even if it doesn't match any other tests.
Adjusting the scores of particular tests
You can also adjust the score of a particular test. For instance, one of the tests is whether the subject of the message has lots of 8-bit characters. That violates the Internet email specifications (such characters are supposed to be encoded in a seven-bit format), and is very common with certain spam mail, but it also sometimes happens with legitimate non-English email sent with non-standards-compliant software. If you had a correspondent in Russia or Israel using a buggy mail program, that person's mail might be regularly flagged as spam partly due to that test. SpamAssassin calls its test for 8-bit characters 'SUBJ_ILLEGAL_CHARS', and you could turn it off by adding a line saying
score SUBJ_ILLEGAL_CHARS 0
to your .spamassassin/user_prefs file (or just lower its score from the default of 3.136). Alternatively, you can increase the scores for particular tests. You can find out the names of tests by reading the report of a message that matched a particular test, or by consulting the list at the link below.
Go to top ››
For more information
• The tests performed by the current version of SpamAssassin (which may be slightly different from the ones performed by the version we have installed) are documented at http://spamassassin.org/tests.html.
• Documentation on the configuration file is online (for the latest version) at http://spamassassin.org/doc/Mail_SpamAssassin_Conf.html, and you can see the same document for the version we have installed by running the command 'perldoc Mail::SpamAssassin::Conf' on a CCIS Unix machine.
(At CCIS, we're using an efficient version of SpamAssassin called "spamd" that runs as a separate server process running on our mail server; for security reasons that version doesn't allow you to define your own tests in your .spamassassin/user_prefs file as described in that documentation, but you can adjust the weighting of existing rules.)
• More SpamAssassin documentation is at http://spamassassin.org/doc.html
• A good general site about spam is http://www.mail-abuse.com/
Mailman and WHM's "limit mail sends per hour"
http://forums.cpanel.net/showthread.php?t=35153
I was looking into something else and spotted this code in exim.pl:
Code:
open(CF,"/var/cpanel/cpanel.config"); while() { next if (/^#/); s/\n//g; my($var,$value) = split(/=/, $_); if ($var eq "maxemailsperhour") { $maxmails = int($value); } } close(CF); open(CPM,"/var/cpanel/maxemails"); while() { s/\n//g; my($mdomain,$mmax) = split(/=/); if ($mdomain eq $domain) { $maxmails = int($mmax); } } close(CPM);
The first open is getting the maxemailsperhour that you have set in WHM. The second open is the interesting one. It's opening a file /var/cpanel/maxemails and reading in domain=number pairs. If the domain for the email matches then the number overrides the WHM one.
So, if you want to exempt a domain from maxemailsperhour, create that file and put in it:
domain.com=0
If you just want to set a higher limit for a domain (or different domains), use:
domain.com=1000
otherdomain=20
Not tried it, but the code is there to use it
I was looking into something else and spotted this code in exim.pl:
Code:
open(CF,"/var/cpanel/cpanel.config"); while(
The first open is getting the maxemailsperhour that you have set in WHM. The second open is the interesting one. It's opening a file /var/cpanel/maxemails and reading in domain=number pairs. If the domain for the email matches then the number overrides the WHM one.
So, if you want to exempt a domain from maxemailsperhour, create that file and put in it:
domain.com=0
If you just want to set a higher limit for a domain (or different domains), use:
domain.com=1000
otherdomain=20
Not tried it, but the code is there to use it
omit sender verify
To help clear things up i have put all the instructions together, hope this helps.
1) Create a file that will be the actual whitelist. In this example it is /etc/whitelist_senders - the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain - *@domain.tld
To create the file:
Code:
touch /etc/whitelist_senders
2) in WHM, in the top most edit box add (if there is anything else in the text box add this bellow it):
Code:
addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders
3) still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:
Code:
#sender verifications are required for all messages that are not sent to lists
require verify = sender/callout
accept domains = +local_domains
endpass
and change it to:
Code:
#sender verifications are required for all messages that are not sent to lists
deny
!verify = sender/callout
!senders = +whitelist_senders
accept domains = +local_domains
endpass
4) still in the middle box scroll down to the end and change:
Code:
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept
to this:
Code:
#!!# ACL that is used after the DATA command
check_message:
deny
!verify = header_sender
!senders = +whitelist_senders
accept
5) Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the whitelist and see if it works.
Quote:
Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.
someone@domain1.tld
*@domain2.tld
1) Create a file that will be the actual whitelist. In this example it is /etc/whitelist_senders - the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain - *@domain.tld
To create the file:
Code:
touch /etc/whitelist_senders
2) in WHM, in the top most edit box add (if there is anything else in the text box add this bellow it):
Code:
addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders
3) still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:
Code:
#sender verifications are required for all messages that are not sent to lists
require verify = sender/callout
accept domains = +local_domains
endpass
and change it to:
Code:
#sender verifications are required for all messages that are not sent to lists
deny
!verify = sender/callout
!senders = +whitelist_senders
accept domains = +local_domains
endpass
4) still in the middle box scroll down to the end and change:
Code:
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept
to this:
Code:
#!!# ACL that is used after the DATA command
check_message:
deny
!verify = header_sender
!senders = +whitelist_senders
accept
5) Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the whitelist and see if it works.
Quote:
Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.
someone@domain1.tld
*@domain2.tld
Remove mailq
Remove mailq
Anonymous writes "To delete all files in the mailq
login as root (ssh)
cd /var/spool/exim/input
for file in *
do
rm -fv $file
done"
Anonymous writes "To delete all files in the mailq
login as root (ssh)
cd /var/spool/exim/input
for file in *
do
rm -fv $file
done"
Block spam with RBL
These files are used to manually block spammers, ignore certain domains or incoming hosts.
Create three text files in the /etc directory:
/etc/rblblacklist
/etc/rblbypass
/etc/rblwhitelist
touch /etc/rblblacklist; touch /etc/rblbypass; touch /etc/rblwhitelist
Examples with sample data:
/etc/rblblacklist
Is a manual blacklist, it rejects specific spammer hosts BEFORE they can send more email to your server:
domain1.com
domain2.com
domain3.com
/etc/rblbypass
Bypasses RBL email testing for specific destination (local) domains that don't want RBL filtering or prefer SpamAssassin tagging:
domain1.com
domain2.com
domain3.com
/etc/rblwhitelist
Blocks RBL email testing for listed incoming hosts, (wildcards allowed), in case an important client's mailserver is listed on an RBL you use, also automatically excludes relayhosts:
mail.domain1.com
*.domain2.com
*.domain3.com
Create three text files in the /etc directory:
/etc/rblblacklist
/etc/rblbypass
/etc/rblwhitelist
touch /etc/rblblacklist; touch /etc/rblbypass; touch /etc/rblwhitelist
Examples with sample data:
/etc/rblblacklist
Is a manual blacklist, it rejects specific spammer hosts BEFORE they can send more email to your server:
domain1.com
domain2.com
domain3.com
/etc/rblbypass
Bypasses RBL email testing for specific destination (local) domains that don't want RBL filtering or prefer SpamAssassin tagging:
domain1.com
domain2.com
domain3.com
/etc/rblwhitelist
Blocks RBL email testing for listed incoming hosts, (wildcards allowed), in case an important client's mailserver is listed on an RBL you use, also automatically excludes relayhosts:
mail.domain1.com
*.domain2.com
*.domain3.com
Too many levels of symbolic links --- while sending mails from shell or php mail function
I have just corrected this and its working correctly now, this is an issue with
FC5 installs only.
I removed the /usr/sbin/sendmail binary and replaced it with a symlink to exim
which is what it should be.
ln -s /usr/sbin/exim /usr/sbin/sendmail
FC5 installs only.
I removed the /usr/sbin/sendmail binary and replaced it with a symlink to exim
which is what it should be.
ln -s /usr/sbin/exim /usr/sbin/sendmail
Update MailScanne
If you run mailscanner please make sure it is up to date.
Here is a tip from the creator of the software package.
Some of the virus scanner "wrapper" and "autoupdate" scripts have been updated in version 4.24. If upgrading from earlier versions using the RPM distributions, you will need to manually rename each of the /usr/lib/MailScanner/*.rpmnew files over the top of the old scripts in the same directory. To do them all at once, you can do this:
sh
cd /usr/lib/MailScanner
for NEW in *-wrapper.rpmnew *-autoupdate.rpmnew
do
echo $NEW ...
F=`echo $NEW | sed -e 's/\.rpmnew//'`
[ -f $F ] && mv -f $F $.rpmold
mv -f $NEW $F
done
exit
Make sure you have the most up to date MailScanner by visiting.
MailScanner Site
Here is a tip from the creator of the software package.
Some of the virus scanner "wrapper" and "autoupdate" scripts have been updated in version 4.24. If upgrading from earlier versions using the RPM distributions, you will need to manually rename each of the /usr/lib/MailScanner/*.rpmnew files over the top of the old scripts in the same directory. To do them all at once, you can do this:
sh
cd /usr/lib/MailScanner
for NEW in *-wrapper.rpmnew *-autoupdate.rpmnew
do
echo $NEW ...
F=`echo $NEW | sed -e 's/\.rpmnew//'`
[ -f $F ] && mv -f $F $.rpmold
mv -f $NEW $F
done
exit
Make sure you have the most up to date MailScanner by visiting.
MailScanner Site
Users Cant Send Mail Error Number 0x800CCC0E
The Error:
The connection to the server has failed. Account 'mail.yourdomain.com', Server: 'mail.yourdomain.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10051, Error Number: 0x800CCC0E.
So your webhosting clients or even yourself are having problems sending e-mail using Outlook or any other E-Mail client that uses SMTP. The problem is not normally the client nor your web server, it is the ISP. Some ISPs will block SMTP port 25 for servers other than their own. They are trying to force you to use their servers to send mail. This will allow them to monitor you, and make sure you are not spamming. Disabling port 25 for everyone else makes sure you are not spamming through anyone elses server. (Unless of course you are using port 26 like we talk about below)
There are two ways to fix this problem.
1. Have the user use their ISPs SMTP Address.
2. Setup a secondary SMTP Port for your webserver so that users can send mail by setting "around" their ISP's block.
Here's how to do #2
1. Login to WHM as root
2. Click:
Service Manager
3. Scroll down to the very bottom (left)
4. Check:
exim on another port (Leave it as 26)
5. Click Save
6. Scroll down on the left
7. Click Mail Server (Exim)
8. Now Scroll all the way up and click Service Status
9. It will show "exim-26" if it is enabled.
If you are running any firewall or port blocking software on your dedicated server you will need to enable port 27. The same is true for the users/yours local computer as well.
Known ISPs Blocking Port 25
-NetZero
-Mindspring
-MSN
-Earthlink
-Flashnet
-MediaOne
-AT&T
-Verizon
-Bell Sympatico
-People PC
-Verio
-Comcast
-Cox
The connection to the server has failed. Account 'mail.yourdomain.com', Server: 'mail.yourdomain.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10051, Error Number: 0x800CCC0E.
So your webhosting clients or even yourself are having problems sending e-mail using Outlook or any other E-Mail client that uses SMTP. The problem is not normally the client nor your web server, it is the ISP. Some ISPs will block SMTP port 25 for servers other than their own. They are trying to force you to use their servers to send mail. This will allow them to monitor you, and make sure you are not spamming. Disabling port 25 for everyone else makes sure you are not spamming through anyone elses server. (Unless of course you are using port 26 like we talk about below)
There are two ways to fix this problem.
1. Have the user use their ISPs SMTP Address.
2. Setup a secondary SMTP Port for your webserver so that users can send mail by setting "around" their ISP's block.
Here's how to do #2
1. Login to WHM as root
2. Click:
Service Manager
3. Scroll down to the very bottom (left)
4. Check:
exim on another port (Leave it as 26)
5. Click Save
6. Scroll down on the left
7. Click Mail Server (Exim)
8. Now Scroll all the way up and click Service Status
9. It will show "exim-26" if it is enabled.
If you are running any firewall or port blocking software on your dedicated server you will need to enable port 27. The same is true for the users/yours local computer as well.
Known ISPs Blocking Port 25
-NetZero
-Mindspring
-MSN
-Earthlink
-Flashnet
-MediaOne
-AT&T
-Verizon
-Bell Sympatico
-People PC
-Verio
-Comcast
-Cox
Out Look : Error message appearing on IMAP email accounts
Out Look : Error message appearing on IMAP email accounts. The IMAP server for wishes to alert you to the following:STATUS failed.
Select Tools ---->Accounts---->Select your account--->click Properties ----> Select IMAP tab --->uncheck Check for new messages in all folders. ---> Apply the settings.
Select Tools ---->Accounts---->Select your account--->click Properties ----> Select IMAP tab --->uncheck Check for new messages in all folders. ---> Apply the settings.
Common Linux log files name and usage
* /var/log/messages: General message and system related stuff
* /var/log/auth.log: Authenication logs
* /var/log/kern.log: Kernel logs
* /var/log/cron.log: Crond logs (cron job)
* /var/log/maillog: Mail server logs
* /var/log/qmail/ : Qmail log directory (more files inside this directory)
* /var/log/httpd/: Apache access and error logs directory
* /usr/local/apache/logs/ : Apache access and error logs directory
* /var/log/lighttpd: Lighttpd access and error logs directory
* /var/log/boot.log : System boot log
* /var/log/mysqld.log: MySQL database server log file
* /var/log/secure: Authentication log
* /var/log/utmp or /var/log/wtmp : Login records file
* /var/log/yum.log: Yum log files
* /var/log/exim_mainlog: Exim log file
* /var/log/auth.log: Authenication logs
* /var/log/kern.log: Kernel logs
* /var/log/cron.log: Crond logs (cron job)
* /var/log/maillog: Mail server logs
* /var/log/qmail/ : Qmail log directory (more files inside this directory)
* /var/log/httpd/: Apache access and error logs directory
* /usr/local/apache/logs/ : Apache access and error logs directory
* /var/log/lighttpd: Lighttpd access and error logs directory
* /var/log/boot.log : System boot log
* /var/log/mysqld.log: MySQL database server log file
* /var/log/secure: Authentication log
* /var/log/utmp or /var/log/wtmp : Login records file
* /var/log/yum.log: Yum log files
* /var/log/exim_mainlog: Exim log file
Prevent spam using antivirus.exim
You need root access to your Cpanel server as usual.
First off we need to create a special log file for these filters do this:
touch /var/log/filter.log
chmod 0644 /var/log/filter.log
Now open up the configuration file
vi /etc/antivirus.exim
It should have a whole whack of comments at the top.
Here’s the webhostgear.com antivirus.exim configuration. Simple add this to your existing file, save the changes and they take effect instantly.
logfile /var/log/filter.log 0644
if (
$message_body: contains " AFML " or
$message_body: contains " AGAO " or
$message_body: contains " AUNI-OTC-BB " or
$message_body: contains " AUNI " or
$message_body: contains " APPM " or
$message_body: contains " APWL " or
$message_body: contains " BLNM " or
$message_body: contains " CBFE " or
$message_body: contains " CBRJ " or
$message_body: contains " CHFR " or
$message_body: contains " CNHC " or
$message_body: contains " CGDC " or
$message_body: contains " CGKY " or
$message_body: contains " CRSVF " or
$message_body: contains " CTXE " or
$message_body: contains " CWTD " or
$message_body: contains " CYRR " or
$message_body: contains " DIAAF " or
$message_body: contains " DPER " or
$message_body: contains " EPRT " or
$message_body: contains " EQTD " or
$message_body: contains " FCCN " or
$message_body: contains " FCYI " or
$message_body: contains " FTRM " or
$message_body: contains " GGTs " or
$message_body: contains " GTEM " or
$message_body: contains " GDKI " or
$message_body: contains " HYWI " or
$message_body: contains " HXPN " or
$message_body: contains " HER-2 " or
$message_body: contains " IWRs " or
$message_body: contains " KKPT " or
$message_body: contains " KMAG " or
$message_body: contains " LITL " or
$message_body: contains " LOMJ " or
$message_body: contains " LYJN " or
$message_body: contains " MHII " or
$message_body: contains " MISJ " or
$message_body: contains " MPRG " or
$message_body: contains " NMXC " or
$message_body: contains " NSLT " or
$message_body: contains " PCAI.PK " or
$message_body: contains " PGCN " or
$message_body: contains " PHYA " or
$message_body: contains " PPTL " or
$message_body: contains " PSUD " or
$message_body: contains " QEGY " or
$message_body: contains " QCPC " or
$message_body: contains " RRLB " or
$message_body: contains " RTCI " or
$message_body: contains " SBNs " or
$message_body: contains " SFWJ " or
$message_body: contains " SORD " or
$message_body: contains " SRRL " or
$message_body: contains " SWNM " or
$message_body: contains " TORA " or
$message_body: contains " UMSY " or
$message_body: contains " UTEV " or
$message_body: contains " UTVG " or
$message_body: contains " VMSI " or
$message_body: contains " VNBL " or
$message_body: contains " VTSs " or
$message_body: contains " WBRs " or
$message_body: contains " WEXE " or
$message_body: contains " WHKA.PK " or
$message_body: contains " WYSK " or
$header_subject: contains "Pharmaceutical"
or $header_subject: contains "Viagra"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"
) then
logwrite "$tod_log $message_id $header_from $header_subject contains known spammy stock symbol"
seen finish
endif
First off we need to create a special log file for these filters do this:
touch /var/log/filter.log
chmod 0644 /var/log/filter.log
Now open up the configuration file
vi /etc/antivirus.exim
It should have a whole whack of comments at the top.
Here’s the webhostgear.com antivirus.exim configuration. Simple add this to your existing file, save the changes and they take effect instantly.
logfile /var/log/filter.log 0644
if (
$message_body: contains " AFML " or
$message_body: contains " AGAO " or
$message_body: contains " AUNI-OTC-BB " or
$message_body: contains " AUNI " or
$message_body: contains " APPM " or
$message_body: contains " APWL " or
$message_body: contains " BLNM " or
$message_body: contains " CBFE " or
$message_body: contains " CBRJ " or
$message_body: contains " CHFR " or
$message_body: contains " CNHC " or
$message_body: contains " CGDC " or
$message_body: contains " CGKY " or
$message_body: contains " CRSVF " or
$message_body: contains " CTXE " or
$message_body: contains " CWTD " or
$message_body: contains " CYRR " or
$message_body: contains " DIAAF " or
$message_body: contains " DPER " or
$message_body: contains " EPRT " or
$message_body: contains " EQTD " or
$message_body: contains " FCCN " or
$message_body: contains " FCYI " or
$message_body: contains " FTRM " or
$message_body: contains " GGTs " or
$message_body: contains " GTEM " or
$message_body: contains " GDKI " or
$message_body: contains " HYWI " or
$message_body: contains " HXPN " or
$message_body: contains " HER-2 " or
$message_body: contains " IWRs " or
$message_body: contains " KKPT " or
$message_body: contains " KMAG " or
$message_body: contains " LITL " or
$message_body: contains " LOMJ " or
$message_body: contains " LYJN " or
$message_body: contains " MHII " or
$message_body: contains " MISJ " or
$message_body: contains " MPRG " or
$message_body: contains " NMXC " or
$message_body: contains " NSLT " or
$message_body: contains " PCAI.PK " or
$message_body: contains " PGCN " or
$message_body: contains " PHYA " or
$message_body: contains " PPTL " or
$message_body: contains " PSUD " or
$message_body: contains " QEGY " or
$message_body: contains " QCPC " or
$message_body: contains " RRLB " or
$message_body: contains " RTCI " or
$message_body: contains " SBNs " or
$message_body: contains " SFWJ " or
$message_body: contains " SORD " or
$message_body: contains " SRRL " or
$message_body: contains " SWNM " or
$message_body: contains " TORA " or
$message_body: contains " UMSY " or
$message_body: contains " UTEV " or
$message_body: contains " UTVG " or
$message_body: contains " VMSI " or
$message_body: contains " VNBL " or
$message_body: contains " VTSs " or
$message_body: contains " WBRs " or
$message_body: contains " WEXE " or
$message_body: contains " WHKA.PK " or
$message_body: contains " WYSK " or
$header_subject: contains "Pharmaceutical"
or $header_subject: contains "Viagra"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"
) then
logwrite "$tod_log $message_id $header_from $header_subject contains known spammy stock symbol"
seen finish
endif
Subscribe to:
Posts (Atom)