Tuesday, December 12, 2006

Filter rules for exim server antivirus.exim file

Hello,

First off we need to create a special log file for these filters do this:

touch /var/log/filter.log
chmod 0644 /var/log/filter.log

Now open up the configuration file
vi /etc/antivirus.exim

It should have a whole whack of comments at the top.

Here’s the webhostgear.com antivirus.exim configuration. Simple add this to your existing file, save the changes and they take effect instantly.



### CUSTOM WEBHOSTGEAR.COM FILTERS by Steven Leggett info@webhostgear.com
######################################################

# START
# Filters all incoming an outgoing mail


logfile /var/log/filter.log 0644
## Common Spam
if

# Header Spam
$header_subject: contains "Pharmaceutical"
or $header_subject: contains "Viagra"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"


# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"

then
# Log Message - SENDS RESPONSE BACK TO SENDER
# SUGGESTED TO LEAVE OFF to prevent fail loops
# and more work for the mail system
#fail text "Message has been rejected because it hasn
# triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"

seen finish
endif


# END
# Filters all incoming an outgoing mail


# START
# All outgoing mail on the server only - what is sent out

#Check forwarders so it doesn't get blocked
#Forwarders still work =)

## FINANCIAL FAKE SENDERS
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@citibank.com" or
$header_from contains "@bankofamerica.com" or
$header_from contains "@wamu.com" or
$header_from contains "@ebay.com" or
$header_from contains "@chase.com" or
$header_from contains "@paypal.com" or
$header_from contains "@wellsfargo.com" or
$header_from contains "@bankunited.com" or
$header_from contains "@bankerstrust.com" or
$header_from contains "@bankfirst.com" or
$header_from contains "@capitalone.com" or
$header_from contains "@citizensbank.com" or
$header_from contains "@jpmorgan.com" or
$header_from contains "@wachovia.com" or
$header_from contains "@bankone.com" or
$header_from contains "@suntrust.com" or
$header_from contains "@amazon.com" or
$header_from contains "@banksecurity.com" or
$header_from contains "@visa.com" or
$header_from contains "@mastercard.com" or
$header_from contains "@mbna.com"
)
then
logwrite "$tod_log $message_id from $sender_address is fraud"
seen finish
endif

## OTHER FAKE SENDERS SPAM
## Enable this to prevent users using @domain from addresses
## Not recommended since users do use from addresses not on the server
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@hotmail.com" or
$header_from contains "@yahoo.com" or
$header_from contains "@aol.com"


)
then
logwrite "$tod_log $message_id from $sender_address is forged fake"
seen finish
endif



## KNOWN FAKE PHISHING
### Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
#Paypal
$message_body: contains "Dear valued PayPal member" or
$message_body: contains "Dear valued PayPal customer" or
$message_body: contains "Dear Paypal" or
$message_body: contains "The PayPal Team" or
$message_body: contains "Dear Paypal Customer" or
$message_body: contains "Paypal Account Review Department" or


#Ebay
$message_body: contains "Dear eBay member" or
$message_body: contains "Dear eBay User" or
$message_body: contains "The eBay team" or
$message_body: contains "Dear eBay Community Member" or


#Banks
$message_body: contains "Dear Charter One Customer" or
$message_body: contains "Dear wamu.com customer" or
$message_body: contains "Dear valued Citizens Bank member" or
$message_body: contains "Dear Visa" or
$message_body: contains "Dear Citibank" or
$message_body: contains "Citibank Email" or
$message_body: contains "Dear customer of Chase Bank" or
$message_body: contains "Dear Bank of America customer" or




#ISPs
$message_body: contains "Dear AOL Member" or
$message_body: contains "Dear AOL Customer"


)
then
logwrite "$tod_log $message_id from $sender_address is phishing"
seen finish
endif

# END
# All outgoing mail on the server only - what is sent out



The log file will have the logging format like this:
/var/log/filter.log

2006-05-10 12:05:13 1Fds7S-0002Sa-MV from smooth595@gmail.com contained spam keywords
2006-05-10 14:18:47 1FduCn-0006GV-1r from dayton.nowellu7xn@gmail.com contained spam keywords
2006-04-27 15:44:35 1FZDLn-0005Mo-5z from nobody@ocean.wavepointmedia.com is fraud
2006-04-27 16:37:40 1FZEB9-0002KQ-VP from nobody@ocean.wavepointmedia.com is phishing


Date and time, the Exim message ID, the sender and the section of the filter, like phishing, fraud or spam. You can check the mail message by grepping the exim_mainlog for it like this

grep 1FZEB9-0002KQ-VP /var/log/exim_mainlog

If you haven’t already you should enable a higher level of logging in your mail server which will be in our next tutorial.

Enjoy

Wednesday, December 06, 2006

Ftp access of user for files outside home directory

Hello,

You may have face soem problem when we setup an FTP server software (regardless if this is proftpd, vsftpd, etc.) at that time we want to restrict the access that ftp users will have (limited access to files normally in their own home directory) but also we want to allow them access to another folder that is normally in a different location (like development files for whatever work they are doing).

The problem is that if we configure the chroot restriction for the ftp users we will notice that as expected they will be locked in the chrooted folder (let’s say their home directory). If we try to create a symlink to the other folder they need access, this will just not allow them to change into that folder (break out the chroot) and this is very normal.
To exemplify this let’s consider that I am using vsftpd and one user ftp_user. Chroot restriction is enabled on ftp accounts and his home is in /home/ftp_user. But I need to provide him access for another folder /var/www/dev/. Even though I am using here vsftpd the same concept applies to any other ftp server software.

The configurations for vsftpd are basic ones (but I will include them at the end of the post for reference). The important one here is:

chroot_local_user=YES

Of course that one solution to overcome this limitation is to disable chroot and allow the ftp users full access to all the system files. This is not at all recommended and this little tip will show you how you can achieve this with chroot enabled. The solution to this little problem is to mount the needed directory using the –bind parameter… from the man page of mount: “–bind Remount a subtree somewhere else (so that its contents are available in both places)“.

So we might do something like:

mkdir /home/ftp_user/www_dev
mount --bind /var/www/dev/ /home/ftp_user/www_dev

After this the ftp user will be able to see the needed files in his home directory and use them in his ftp client as if they were local files.

If you need to make this configuration permanent you can either add the mount command in some startup script or you can just include a line in /etc/fstab:

/var/www/dev /home/ftp_user/www_dev none bind 0 0

I hope that you have found this tip useful in case you have a similar issue… Just for the reference here is the vsftpd configuration used (the important parameter is only the one noted above chroot_local_users):

/etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

Enjoy..
Cheap Dedicated server
Cheap Dedictaed Server hosting

Friday, September 29, 2006

Access denied for user 'root'@'localhost' (using password: NO)

Hello,

If you are getting this error messege while accessing mysql from the shell then make sure that you have done
su -
from the command prompt after that fire
mysql
even if you are getting that error messege then you need to reset the mysql password you can use following steps for it

first locate your mysql’s hostname.pid file then

kill `cat /mysql-data-directory/host_name.pid`
mysqld_safe –skip-grant-tables &
mysqladmin -u root flush-privileges password “newpassword”

New password will be the password that you want to set now.

Enjoy..
Cheap Dedicated server
Cheap Dedictaed Server hosting

Default Mysql my.cnf configuration file

Hello,

If you are not aware of my.cnf files configuration and want to use mysql server to optimize your database usage then replace this configuration file.
------------------------------------------------------------------------------------
[mysqld]
socket = /var/lib/mysql/mysql.sock
safe-show-database
old-password=1
max_connections=500
interactive_timeout=100
wait_timeout=30
connect_timeout=30
thread_cache_size=8
key_buffer=32M
join_buffer=8M
max_allowed_packet=32M
table_cache=1024
sort_buffer=32M
record_buffer=8M
thread_cache_size=128
max_user_connections=30

thread_concurrency=4
myisam_sort_buffer_size=64M
query_cache_limit=2M
query_cache_size=32M
query_cache_type=1

old-passwords = 1

[safe_mysqld]
err-log=/var/log/mysqld.log
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=32M

[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates

[isamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_bufer=16M

[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[mysqlhotcopy]
interactive-timeout
------------------------------------------------------------------------------------
Enjoy..
Cheap Dedicated server
Cheap Dedictaed Server hosting

Linux Tweaks

Hello,

Here are some of the tweaks mentioned below you can try to learn something and to get benefits of the same as per your requirement. This is realy going to help you.

The best you can do to speedup ur box in linux is:

- Use http://driverondemand.sourceforge.net for driver management.. If you dont have a driver installed for a device, it will install the best rated driver automatically, so your less likely to accidently download a crappily designed driver (and you dont need to worry about drivers).

- If your performance is jerky and inconsistant, you are probably having ACPI problems.. You can disable it by configuring ur lilo.conf or grub.conf, and doing acpi=off, like:
kernel (hd0,7)/kernel-2.6.7-rc1-mm1 root=/dev/hda8 vga=792 acpi=off

- if you have a directory with many different files, try to break it up when it gets too large into many directory.. especially if its your home directory... Especially when using GUI tools, that speeds things up dramatically

- Use the newest 2.6 kernel (the 2.6 series is faster then 2.4 in every aspect).

- Use reiser4 (its developmental, but is 2X faster then reiserfs, and 4X faster then NTFS.. seemed pretty stable to me).

- Dont use Xfree 4.2, use Xorg-x11 instead

- Make sure you are using ur vendors opengl

- Use ALSA instead of OSS whenever possible, and check on the alsa site if people have specific tweaks etc (for hardware mixing for instance).

- Use rc-update and disable all the crappy services you aren't using.
- If you have a very large amount of ram, you may want to disable ur swap
(http://kerneltrap.org/node/view/3000).

- Use a distribution designed for your architecture (many distro's, like windows are still compiled for 586.. If your running a P4 with hyperthreading, enable support for SMP, etc in the kernel).

- If you want pure speed, try using a GCC 3.4 devel distro (probably too unstable still though).. GCC 3.4 compiles programs so they run at least 7% faster in a large testcase.. By using good flags, you can expect higher performance gains

- Try to move off devFS to Udev.. Devfs is obsolete for a good reason, its got lots of locking problems and has many other various bugs.. Everyone should consider moving to Udev if they are on kernel 2.6.

- To speed up reboots, linux now has a few programs which allow it to reboot without physically rebooting the machine.. It will just shut down linux, and when it is about to reboot, instead starts it back up
(http://www-106.ibm.com/developerworks/linux/library/l-kexec.html?ca=dgr-lnxw01Reboot
Fast).

- If you want good speed, and if you use gnome or KDE, ensure you are running the newest versions.. Unlike Windows, the newer the desktop environment, the faster they get.. If you really want to tweak to the max though, blackbox or fluxbox use less resources..

- Altering the hdparm parameters can also speed things up slightly in some cases.

- Some Windows managers have settings that allow u to speed them up slightly, just look in their options
- You may want to use the -ck patchset http://kem.p.lodz.pl/~peter/cko/ for the kernel, Con is a genius at optimisations, and its not uncommon for many of his optimisations to join the mainstream kernel..

- Add noatime and notail to the drives in ur fstab. noatime turns off the access time
recording, and notail changes the way things are stored. An example is: "/dev/hda7 /boot reiserfs noauto,noatime,notail". Be aware notail though wastes a bit of extra space though.

- Avoid using ext2, ext3, or the windows filesystems (FAT32/NTFS) on any partitions on your computer.. They suck (due to the lack of competition on windows, m*c*s*t isn't encouraged to improve it to speed it up).. If you dont want to use Reiser4.. then at least use reiserfs or XFS is a bit better provided your harddisk is well designed, however, on badly designed harddisks, the journelling on XFS may not be perfect...

- If you want to make ur system more usable, check out project utopia (gnome volume manager, HAL, and DBUS).. They are going to be added to the next generation of gnome, and will make linux a lot more usable. Eikkes volume manager is a good alternative to gnome volume manager (easier to install), found at http://sourceforge.net/projects/ivman.

- If you want to play windows games, first check if there a native linux port, and use that if there is. Otherwise your best option is winex (www.transgaming.com). That wraps windows calls into linux ones, which slows it down, but for many games, and on good computers you generally dont notice it. Setting the exe file association in your desktop environment will let just click exe's allowing them to run.

- If you distro have automount.. sometimes its good to disable it.. Yes it can make life easier, but it can be a pain too sometimes.. If you find theres always a dramatic slowdown when opening nautilus or konquerer, dont use automount.. If you have a good cdrom drive though and are using the newest, you may not have these problems.

- ESD and ARTS sound servers are not new technologies.. I've seen nothing but pain from them.. Try to use ALSA instead of the sound servers wherever possible, and if your feeling really ready, you might want to just try disabling OSS completely in your kernel (not even have OSS emulation). OSS is old, and can only play one steam at a time (cannot do mixing), so when a OSS application plays a sound, it can often screw up every ALSA application which can automatically mix..

- Use prelink to speed up running applications.. In some cases, prelink has been shown to cut application loading times dramatically. (thanks equilibrium for suggesting this one). http://www.gentoo.org/main/en/performance.xml has a benchmark showing the impact.. It is considered safe to use these days, and generally works on speeding up everything except wine.

- Many windows managers support taskbar applets (like a weather applet, network applet, wireless signal strength applet, notification area applet).. Try them out extensively, you'll be surprised how helpful they can be.. In my case in fact, I deleted the window list off my taskbar completely (I use ALT+TAB always anyway), and just left a windows list applet which I can click to see all the windows, deleted my second taskbar, and set the first one to not expand and to have autohide enabled, saving up alot of my desktop.

- I dont recommend saving files to your desktop at all.. In linux you have a central storage for each user, so use it for all your files.. it keeps your system alot cleaner, your desktop clear, and you can keep things more organised..

- In linux, everything from the complete bootup sequence (http://www.bootsplash.org/), the bootmenu, to nearly every program in linux can be easily skinned (even individual directories can be given a theme in nautilus).. I suggest you take advantage of the skinning, as they can have a massive impact (in fact, its a trivial job to even do stuff like make your linux look identical to windows (by theming or using http://www.xpde.com/), or any OS you want, so I suggest you do so.. Unlike windows linux also supports vector based icons, so if you want a Mac OS X like appearance, try to use a svg based themeset).

- If you want to do theming up to the point of even theming your web browser, use Mozilla firefox (http://www.mozilla.org/products/firefox/) as your webbrowser instead of mozilla or opera, it has awesome support for plugins and themes (which can be found at http://texturizer.net/firefox/index.html).. In fact, I suggest using firefox in Windows too..
-------------------------------------------------------------------------------------

Why aren't there many centralised tweak pages for Linux like windows?? Because the windows ones are useless, and are VERY often wrong..

An example of a misconception in windows of tweaking is editing the swap file size yourself instead of letting windows handle it, but the truth of that is that the people who recommended it never bothered to benchmark, and finally when it was, people actually discovered it was slower..And the rest of the tweaks slow down many cases.. MS does do alot of benchmarking to test the tweaks, and the ones they provide are in fact very good (except ones like enabling UDMA). And the tweaks people do come up with at best increase the worst case of the algorithms only minimally (1-2%). The tweaks combined which I gave you, especially if you are only using kernel 2.4 and a non optimised distro (like a i386 one), Give you the potential to increase the speed of ur computer by 200 - 300 % (At the very least changing to reiser4 will double ur harddisk speeds and using the -aa patchset will give 10% speedup potentially). Believe me, the windows tweaks are useless.. thats why there aren't any equivilent linux ones.. The kernel developers etc try to optimise things as much as possible (with help from distro's)..

Use the tweaks I gave you and I guarentee, you'll speed it up massively (way more
then all of the windows tweaks together can do).. setting a few tweaks for algorithms
is never as effective as changing the algorithms itself..

Anyway, you need help with some of this stuff you can always come on IRC.. Thats the
great thing about open source, you can tweak it FAR beyond the puny windows tweaks because u can optimise the code..

The idea is that if you need to adjust any settings of a algorithm in linux, then usually its badly designed anyway, and the kernel developers need to tweak the settings in the kernel source for everyone.

Enjoy..

Linux Data recover..

Hello,

If you are searching for some post in order to recover the disk space for your harddisk then read this.
The "ddrescue" is a program that copies data from one file or block device to another,
it is a tool to help you to save data from crashed partition.
It tries to read and if it fails it will go on with the next sectors, where tools like dd will fail. If the copying process is interrupted by the user it is possible to continue at any position later. It can copy backwards.
Install dd_rescue or ddrescue

If you are using Debian Linux:

# apt-get install ddrescue

If you are using RedHat/Fedora Core Linux, type the following command:

# yum -y install ddrescue

Or directly download ddrescue from official GNU web site. http://www.gnu.org/software/ddrescue/ddrescue.html

Please note that Debian install ddrescue binary as /bin/dd_rescue and other distribution as /usr/bin/ddrescue
How do I use dd_rescue (ddrescue)?

To make exact copy of /dev/sda (damaged) to /dev/sdb (make sure sdb is empty) you need to type following command:

# ddrescue /dev/hda /dev/hdb

Naturally next step is to run fsck on /dev/sdb partition to recover/save data. Remember do not touch originally damaged /dev/sda. If this procedure fails you can send your disk to professional data recovery service. For example if /home (user data) is on /dev/sda2, you need to run a command on /dev/sdb2:

# fsck /dev/sdb2

Once fsck run, mount /dev/sdb2 somewhere and see if you can access data:

# mount /dev/sdb2 /mnt/data

It is time to take backup using tar command.

ddrescue command supports tons of options. Don’t forget to read man page:

# man ddrescue

OR

# man dd_rescue

This program is useful to rescue data in case of I/O errors, because it does not necessarily abort or truncate the output. This is why you need to use this program.

Cheap Dedicated server
Cheap Dedictaed Server hosting

Linux unix beginners with c programming

I hope this helps out. Let¡¦s start out with the basics.

Vocabulary
----------

Source: Youve probably seen this before Download Source In Linux (or unix) you will most likely be dealing with source code. This is actually the raw instructions that are written by the programmer. You can not run these! So dont try icon_smile.gif. You need to first compile them (well get to that later)

Binaries: Binaries are code that has been compiled. If you are downloading binaries you will need to insure that the binary was compiled on the same distro and chipset you are using. Most Linux users will always say it is better to compile everything from the source. In most cases this is true. But, if you are a beginner try to find binaries:-)

Compiler: This is the actual program that interprets the source into a binary format. Logically, your compiler must be for the language the source was written. The vast majority of the time it will be a C compiler, the most common is gcc.

Files you will need:
A compiler (duh) ok for this tutorial we are going to use gcc.

Redhat 8.0
ftp://rpmfind.net/linux/redhat/8.0/en/os/i386/RedHat/RPMS/gcc-3.2-7.i386.rpm
Source
ftp://rpmfind.net/linux/redhat/8.0/en/os/i386/SRPMS/gcc-3.2-7.src.rpm

Mandrake
ftp://rpmfind.net/linux/Mandrake/9.0/i586/Mandrake/RPMS/gcc-3.2-1mdk.i586.rpm
Source
ftp://rpmfind.net/linux/Mandrake/9.0/SRPMS/gcc-3.2-1mdk.src.rpm

Debian
<>

Some more basics:

Another thing a lot of beginners get confused with is the difference between a script and the source for a program. Scripts like pearl, PHP, ASP, and VBScript are interpreted at runtime. A compiled program is interpreted when you actually compile it, and then simply run. This means respective to their complexity compiled programs run faster than scripts.

Most software for Linux and other open source platforms are distributed as source code, usually a compressed archive commonly known as the tarball. This just means the file is in a compressed format, pretty much the same thing as a ZIP file.

Usually before you compile any programs, you should be logged in is a root user. You can do this by logging in as root or by typing su at the command line.

Another common mistake people make is to not have the required libraries. Libraries are shared code, that a program needs to run. For example: most programs that use extensive references to a certain type of protocol, such as SNMP will use a common library written by another programmer. Always check the readme file to see what libraries a program might need.

OK, the start out with a simple program we could write:

Int main(){
Printf(¡§Hello, world¡¨);
}

All this program does, is print hello world, easy enough, let's save it as test.c. Now to compile it just type:

gcc test.c

Now we should have a working binary program called a.out by default. If you want to give it a different name just type:

gcc test.c --o test1

The will output the file as test1.

Now remember how we talked about libraries, well libraries are included in source by the following:

#include

All includes will be displayed at the top of the source code to be within good programming principles. Now, when we compile our program that contains includes we need to tell GCC where the library is located, so that a permanent link can be made within the program. We do this by the following:

gcc test.c --o test1 --L/usr/lib --ISDL

OK, here's quick English rundown of what we just did. We told GCC to compile our source test.c and output it as test1 and told it that the library SDL was located in /usr/Lib.

Now I hope this helped you guys out a little bit. The final thing I'm going to cover, is a lot of people see in the install files of a lot of programs that they need to run ./configure. Now when I was just beginning I used to get frustrated, because I would type that at the command line, and I would get file not found. The trouble you're having is you are not in the correct shell of Linux. To fix this just type:

sh ./configure

OK, that just about wraps it up.

Enjoy..
Cheap Dedicated server
Cheap Dedictaed Server hosting