Monthly Archives: March 2013

30 day reminder certificates bash.

Like i said, im stil very new in Unix / Linux. Came up with the following to check for certificates that are gonna expire within 30 days time, it sends a mail to the chosen emailadres if u add it to the crontab.

#!/usr/local/bin/bash
# check certificate and mail output bla.
HOST=`hostname`
DOMAINS=`ls /home/vhosts/*/certificates/*.crt | sed ‘s/\/home\/vhosts\/\(.*\)certificates/\1/g’ | sed s/”\/\/.*”/””/`

for DOMAIN in $DOMAINS
do
CERT=`ls /home/vhosts/$DOMAIN/certificates/*.crt`
for CERTS in $CERT
do
expiry=$(openssl x509 -in $CERTS -noout -enddate | cut -d’=’ -f2 | awk ‘{print $2 ” ” $1 ” ” $4}’)

Expirydate=$(date -j -f “%d %b %Y” “${expiry}” +%s)
Today=$(date +%s)
secondsToExpire=$(echo ${Expirydate} – ${Today} | bc)
daysToExpire=$(echo “${secondsToExpire} / 60 / 60 / 24” | bc)

DAYS=${daysToExpire}

if [ $DAYS -lt 30 ]
then
echo “——- Certificate check ——-” > /tmp/mailcert.txt
echo “$DOMAIN verloopt over $DAYS dagen.” > /tmp/mailcert.txt

/usr/bin/mail -s “Certificaten check $HOST” who@knows.nl < /tmp/mailcert.txt

fi
done
done

Gr gr
Thomas

Spamassasin install on qmail with qmail-scanner / tcpserver

So to install spamassasin on a freebsd server with qmail tcpserver.
This will reject in and outgoing spam or quarantine or delete it.

SpamAssassin:

/usr/ports/mail/p5-Mail-SpamAssassin
make install clean
Just say yes blabla, read before u do so.
Add to /etc/rc.conf
spamd_enable=”YES”

cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf

Edit:
/usr/local/etc/mail/spamassassin/local.cf
Remove the #’s before the following options
required_score 5.0 (When is it tagged as spam?)
use_bayes 1 (Autolearn)
bayes_auto_learn 1
shortcircuit BAYES_99 spam
shortcircuit BAYES_00 ham

Start spamasassin:
/usr/local/etc/rc.d/sa-spamd restart

QMAIL-SCANNER:

/usr/ports/mail/qmail-scanner
make install clean

Check if the output is blank by running this:
/usr/local/bin/qmail-scanner-queue.pl

Edit:
/usr/local/bin/qmail-scanner-queue.pl
Im not gonna go deep into clamav deamon etc. This is just to filter spam and very basic.

Search for:
my @scanners_installed=(“clamdscan_scanner”,”mhr_scanner”,”spamassassin”,”perlscan_scanner”);

Replace that with:
my @scanners_installed=(“mhr_scanner”,”spamassassin”,”perlscan_scanner”);

Trestholds in spamscores:
Search for:
my $sa_quarantine_site=’0′;
Replace that with:
my $sa_quarantine_site=’9′;

Search for:
my $sa_delete_site=’0′;
Replace that with:
my $sa_delete_site=’15’;

Search for:
my $sa_reject_site=’0′;
Replace that with:
my $sa_reject_site=’15’;

Search for:
my $sa_alt=’0′;
Replace that with:
my $sa_alt=’1′;

Copy and create new “quarantine-events.txt”:
cp /var/spool/qscand/quarantine-events.txt.sample /var/spool/qscand/quarantine-events.txt
/usr/local/bin/qmail-scanner-queue.pl -g

TCPSERVER:
Bron: http://cr.yp.to/qmail/faq/servers.html

Create this file:
/etc/tcp.smtp
Add this to the file:
127.0.0.1:allow,RELAYCLIENT=””
:allow,QMAILQUEUE=”/usr/local/bin/qmail-scanner-queue”

And run this make it a cdb file.
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp

Qmail does not need to be restarted for this process.

STARTUP:
In the startup script i put this in, tho it would be more neat to do that otherwise.. but like i said its just fooling around and im a new to bsd :
command_args=”-d -r ${pidfile} -m 4″
its the maxium number of threads the spamd deaemon can spawn.

Cronjob:
Rotate the logfiles and update, send a mail.

Crontab:
# Spamassasin log rotate / quarantine cleanup
30 4 * * * root /home/thomas/qmscandrotate.sh

The cron itself in /home/thomas/qmscandrotate.sh:
#!/usr/local/bin/bash# Rotate spam quarantine witch are older then 7 days and have a spamscore over 9 points HOST=`hostname` /bin/rm /var/log/spamass.txt quarantine=`/usr/bin/find /var/spool/qscand/quarantine/spam/new/ -type f -mtime +7` /bin/echo “Clean spam quarantine, 7 days retention” >> /var/log/spamass.txt

/bin/echo “— $HOST —” >> /var/log/spamass.txt
for MESSAGE in $quarantine
do
/bin/echo “Cleaned up: $MESSAGE” >> /var/log/spamass.txt
/bin/rm -rf $MESSAGE
done

# the logfiles that are beeing recreated automatic after removing them
# the main logfile where u wanna look if something have happend is /var/log/maillog
/bin/echo “” >> /var/log/spamass.txt
# move log to log1 to be removed the next day
# debug logging rotate / remove
/bin/echo “Rotate logfiles:” >> /var/log/spamass.txt
/bin/rm /var/spool/qscand/qmail-queue.log1
/bin/mv /var/spool/qscand/qmail-queue.log /var/spool/qscand/qmail-queue.log1
touch /var/spool/qscand/qmail-queue.log
chown qscand:qscand /var/spool/qscand/qmail-queue.log
# quarantine logfiles rotate / remove
/bin/rm -rf /var/spool/qscand/quarantine.log1
/bin/mv /var/spool/qscand/quarantine.log /var/spool/qscand/quarantine.log1
echo “Rotation logiles in /var/spool/qscand/ done” >> /var/log/spamass.txt
touch /var/spool/qscand/quarantine.log
chown qscand:qscand /var/spool/qscand/quarantine.log
/bin/echo “” >> /var/log/spamass.txt
/bin/echo “Spamassassin updates:” >> /var/log/spamass.txt
# update spamassasin to latest ruleset put a -D after the /sa-update to see what its doing.
/usr/local/bin/sa-update -v >> /var/log/spamass.txt
/usr/local/etc/rc.d/sa-spamd restart
/bin/echo “Updates done / restart SA done” >> /var/log/spamass.txt
/usr/bin/mail -s “Spamassassin updates/maintance $HOST” who@knows.nl < /var/log/spamass.txt

Dont forget to make it executable:
chmod +x /home/thomas/qmscandrotate.sh

And like i pointed out earlyer, this works but its not the best way to do it..:)

Gr gr! :)

Export Plesk accounts + passwords / email accounts + passwords from PSA database.

We needed this for a migration of a plesk server, gl with them :)

Querys u run on the PSA db.
To export emailadress + passwords:
SELECT accounts.id, mail.mail_name, accounts.password, domains.name FROM domains LEFT JOIN mail ON domains.id = mail.dom_id LEFT JOIN accounts ON mail.account_id = accounts.id
To export emailadress + plesk accounts.
SELECT name,cname,pname,email FROM `domains` LEFT JOIN clients ON domains.cl_id=clients.id

Gr gr
Thomas

FD_SET() has a hidden limit of 256 descriptors big-concurrency patch fix

So needed to reinstall the qmail port in freebsd including the big currency path for qmail, i ran in to the following error:

./chkspawn
Oops. Your system’s FD_SET() has a hidden limit of 256 descriptors.
This means that the qmail daemons could crash if you set the run-time
concurrency higher than 125. So I’m going to insist that the concurrency
limit in conf-spawn be at most 125. Right now it’s 1000.
*** Error code 1

After a bit of googling i found if u edit: /usr/ports/mail/qmail/work/qmail-1.03/conf-cc and add -DFD_SETSIZE=2048 it will reinstall again.

Gr gr
Thomas