LinuxWebLog.com

1. Backup files:
   
      /etc/mail/sendmail.mc
   /etc/mail/sendmail.cf
   /etc/mail/access
   /etc/mail/access.db
   /etc/aliases
2. These changes go in the /etc/mail/sendmail.mc file:

   Security enhancements:

   • Require a HELO or EHLO greeting from the sending SMTP server.
     
   • Put limits on Sendmail forks and other settings to stop a DOS attack from overwhelming server.
     
   • Munge the Sendmail server identification.
     
   • Recipient throttle to identify when an envelope arrives with more than 4 invalid users, presuming that this is a dictionary attack.
     
   • Limit the number of recipients in a single message.
   dnl #
dnl #start security mods
define(`confPRIVACY_FLAGS�39;, `authwarnings,novrfy,noexpn,restrictqrun,needmailhelo')dnl
define(`confMAX_DAEMON_CHILDREN',20)dnl
define(`confSMTP_LOGIN_MSG',$j Sendmail; $b)dnl
define(`confMIN_FREE_BLOCKS', `4000')dnl
define(`confMAX_HEADERS_LENGTH', `32000')dnl
define(`confMAX_MIME_HEADER_LENGTH', `1024')dnl
define(`confBAD_RCPT_THROTTLE',`4')dnl
define(`confMAX_RCPTS_PER_MESSAGE', `10')
dnl #end security mods
dnl #

   Enable DNS BlockLists:

   dnl #
dnl # Begin Spam Block Enhancement mod
dnl # Start BlockList
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Spam blocked - see http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `zen.spamhaus.org', `"554 Rejected - see http://www.spamhaus.org/query/bl?ip="$&{client_addr}')dnl
dnl # sorbs dynamic user list ( not dial up )
FEATURE(`dnsbl', `dul.dnsbl.sorbs.net', `"554 Rejected "$&{client_addr}"; - see http://dnsbl.sorbs.net"')dnl
dnl # End BlockList
dnl # Start dont bounce errors back to me
define(`confDOUBLE_BOUNCE_ADDRESS', `dev-null')dnl
dnl # End dont bounce
dnl # Start delay checks, so we see the intended recipient
dnl # Added friend so we can exempt specified local user via access file
FEATURE(`delay_checks',`friend')dnl
dnl # End delay checks
dnl # End Spam Block Enhancement mod
dnl #

   All of the above should go before the line:

   FEATURE(`blacklist_recipients')dnl

   Notes:

   The above Double Bounce Address throws the double bounces into the bit bucket.

   The delay_checks feature causes it to log the sender from address and other info, when it rejects spam.

3. Create an alias in "/etc/aliases" called dev-null and point it to "/dev/null":
   dev-null: /dev/null

4. In file "/etc/mail/access", enter:
   Connect:xxx.xxx.xxx.xxx OK

   where xxx.xxx.xxx.xxx is the server IP. This keeps you from blocking yourself, if you happen to get listed in one of the blocklists used!

5. To apply the configurations, run:
   # newaliases
# makemap hash /etc/mail/access.db < /etc/mail/access
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /sbin/service sendmail restart

1. Update openssh and openssl packages
   
   # apt-get update
# apt-get install openssh openssl
2. Install openssh-blacklist and openssl-blacklist
   
   # apt-get install openssh-blacklist openssl-blacklist
3. Check all ssh compromised keys via:
   
   # ssh-vulnkeys -a
4. Check all ssl keys and certificates via:
   
   # openssl-vulnkeys *.key *.pem

   Note: Plesk specific ssl certs are stored at "/opt/psa/var/certificates/"

The -b switch instructs sendmail to "Become"/operate in a mode.
The -d0 switch, instructs sendmail to produce debugging information.
The level .11 prints more information than the default level of .1 .
The -bp switch instructs sendmail to print the contents of the queue.

You can verify aliases with the -bv switch:

To run sendmail verbosely, use the -v switch:

If you've installed a different version of python via yum using pyvault repos, then you need to switch the default python back to the systems default to avoid problems with the OS packages.

Install the alternatives first:

where 100 and 24 are the priority numbers (Higher number prevailing).

Remove existing symlinks:

Configure the default:

Or, set it to create automatically, which will use the highest priority:

Check with:

A recent storm surge killed my Belkin wireless router and was quickly replaced by a LinkSys WRT54GS wireless router. But, for some reason my ssh clients would time out due to inactivity of just a couple minutes. A quick fix was to include the below line in "/etc/ssh/ssh_config":

Recently, I've had a client who's had issues with uploading files and general functioning of the ISPConfig hosting control panel.

So the first thing I checked out was "/proc/user_beancounters", and everything seemed normal there.

Quick check with `vzquota` turned out that the inodes were maxed out.

Blocks and Inodes can also be checked/displayed within the container via `df -h` and `df -i`.

Additionally, since he had a lot of users, he was maxed out on the users limits too. Noticed that with `repquota -a` which pulled up a huge number of users.

Increasing the appropriate limits with vzctl on diskspace, diskinodes and quotaugidlimit resolved all issues.

Recently I've had to provide a developer with the makedep tool. It is available via imake rpm. However, it is deprecated and when installing automake and autoconf, it should automatically get installed as it is a required package by autoconf.

If getting the error "Metadata file does not match checksum", try running `

`yum clean all` should also resolve the issue if the metadata fails.

Lists out the files in a directory including hidden files in a single-column format and pipes it through a line count via wc.

Often times when moving files from one directory to another, specifically when dealing with web folders, I have missed out the all important .htaccess hidden files with just the usual `mv source/* destination` command.

Here's a one liner that will include the hidden files too: