Linux/Unix

Fight spam with sendmail (CentOS5/RHEL5)

Posted on by Andy

Hello,

Sendmail is a very often used MTA (Mail Transfer Agent) on unix platforms. It implements configurations to do realtime blocklist checks with lists from spamhaus.org or spamcop.net or any other blocklist. Open your /etc/mail/sendmail.mc and add following two lines to it:

FEATURE(`enhdnsbl', `sbl.spamhaus.org', `"554 Rejected " $&{client_addr} " – see http://www.spamhaus.org/sbl/"')dnl
FEATURE(`enhdnsbl', `bl.spamcop.net', `"554 Rejected " $&{client_addr} " – see http://www.spamcop.net/bl.shtml"')dnl

Please remember to put them after this line:
include(`/usr/lib/opcenter/sendmail/install/popauth.m4')

If you do not, the sendmail.cf compilation will fail with an error. Well now it's time to compile our config file, so type this:

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

and restart the mail server with

# service sendmail restart

The advantage of this method is that the email is rejected before it enters the server so it saves bandwidth and cpu ressources. I personnally disabled the blocklist checking in MailScanner after using this because i found no need for it anymore.

There are also a few config options i found useful:

throttle connections to servers which sent out email to more than 10 invalid adresses:
define(`confBAD_RCPT_THROTTLE', `10')dnl

replace smtp welcome message with a custom string (hides sendmail verison):
define(`confSMTP_LOGIN_MSG', `<Your custom string here> MTA, local time is $b')dnl

Enable NFS Share on CentOS/RHEL 6

Posted on by Andy

Hello,

NFS (Network File System) is the equivalent to SMB (Samba/CIFS) from the Windows world in the Unix world. Over NFS you can share folders on the network. Building a NFS share is quite easy but the configuration a bit tricky if you plan the usage of a firewall, for example iptables.

You need following ports open:

TCP/UDP 111 (RPC portmapper)
TCP/UDP 2049 (NFSD server)
TCP/UDP 32803 (*)
TCP/UDP 32769 (*)
TCP/UDP 892 (*)
TCP/UDP 875 (*)
TCP/UDP 662 (*)
TCP/UDP 2020 (*)

(*) Because NFS choses random ports every time it's started we need to fix several ports in the config file /etc/sysconfig/nfs. Without these fixed ports we can't do firewalling on a nfs server. So, to activate these ports uncomment the following lines in the mentioned config file:

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020

Afterwards restart all daemons needed for the nfs server:

# /etc/init.d/rpcbind restart
# /etc/init.d/nfs restart
# /etc/init.d/rpcsvcgssd restart

Now that the server is running you only need to add the ports to your iptables config. Open /etc/sysconfig/iptables and repeat the following 2 lines for each port:

-A INPUT -m state –state NEW -p tcp –dport <port> -j ACCEPT
-A INPUT -m state –state NEW -p udp –dport <port> -j ACCEPT

Now we have to export a folder. First open the file /etc/exports and add the export, here an example line:

/home/BACKUP    192.168.0.0/24(rw,sync,root_squash)

Short explanation:
/home/BACKUP – That's the folder you want to export
192.168.0.0/24 – That's the host part which has access to the share (here the whole mentioned network)
(rw,sync,root_squash) – That's the option part (here read/write, sync and act as root)

For more explanations on the options you can consult the manpages (# man exports)

After you have created the share and saved the file, push it online with
# exportfs -a

I also restart the nfs server every time after the exportfs command but i don't know if it's really needed.

LVM Resizing

Posted on by Andy

Hi,

IMPORTANT: PLEASE ALWAYS BACKUP YOUR DATA FIRST BEFORE TOUCHING PARTITION TABLES ETC

first there are a few tools we need to accomplish this: resize2fs, lvscan, lvresize. Use "lvscan" to show your LVM group(s).

Here the steps to extend your LV:

  1. # lvscan
    Scans for available LV
  2. # fschk.ext3 /dev/VolGroup00/LogVol00
    Does a sanity check and corrections on the filesystem before further manipulation. Here the type is Ext3.
  3. # lvresize -L 15G /dev/VolGroup00/LogVol00
    Sets capacity of the concerned LV (here LogVol00) to 15 GB
  4. # resize2fs /dev/VolGroup00/LogVol00 15G
    Resizes the partition inside the LV to a capacity of 15 GB

Here are the steps to shrink your LV:

  1. # lvscan
    Scans for available LV
  2. # fschk.ext3 /dev/VolGroup00/LogVol00
    Does a sanity check and corrections on the filesystem before further manipulation. Here the type is Ext3.
  3. # resize2fs /dev/VolGroup00/LogVol00 15G
    Sets capacity of the concerned LV (here LogVol00) to 15 GB
  4. # lvresize -L 15G /dev/VolGroup00/LogVol00
    Sets capacity of the concerned LV (here LogVol00) to 15 GB

All these steps can be done with the disk online, except for the root partition. If you want to modify this, you have to boot into a live cd. Also note that step 3 and 4 are inverted. If you want to increase your capacity you first need to grow your LV then the partition, if you want to shrink your capacity first shrink your partition then the LV. PLEASE TAKE CARE that your LV is NOT smaller than your partition! In this case DATA LOSS is almost sure.