Saturday, July 10, 2010

Using Sendmail to Relay Mails from Your MSP/ISP in Centos, RHEL, Ubuntu and Other Linux Distros

Do you want to relay mails from your local sendmail server to your ISP. Just follow the below steps

Open sendmail.mc using default editor vi, edit, emacs
# vi /etc/mail/sendmail.mc

define(`SMART_HOST',`[smtp.yourisphost.com]')
FEATUREdnl

Save the File and exit
Open the File authinfo (If not Present Create a New File).


vi /etc/mail/authinfo
Add the following Line
"AuthInfo:smtp.yourisphost.com "U:UsernamefromISP" "P:passwordfromISP" "M:LOGIN PLAIN"

Save the File and Exit

Just run the below commands to recreate the sendmail.cf file

# cd /etc/mail/
# m4 sendmail.mc > sendmail.cf

Make Map will recreate the database for authinfo to be used in sendmail

# makemap hash /etc/mail/authinfo < /etc/mail/authinfo

Restart the Sendmail Service and check if All's Good !!!

# /etc/init.d/sendmail restart


echo '/map authinfo AuthInfo:smtp.yourisphost.com' | /usr/sbin/sendmail -bt



Sent Mail Check in Logs

Enjoy.....

Comment if issues or modification required.

Finding First Instance of the Pattern Using Grep in Linux

Grep in Linux
Have you ever faced a problem grepping (Parsing) for a pattern from a file, Definately being a Linux Administrator you have done it several times but have you came across a situation where from a huge file you only have to parse the first instance of the pattern, grepping the whole file for a pattern will be tedious and will be using more system resources especially when you are doing it using a script (Using Loop for, while, until)

The easy solution to tackle the problem is to use grep with inbuilt option which will display only the first instances instead of checking the whole file and than printing the first line using head command.


Command :
grep -m 1 "pattern" filename.txt


The "-m" option when passed with grep will search for the first matching pattern from the file and print the output same-way if you want to look for first 2 instances pass option "grep -m 2 "pattern" yourfilename.log"

Enjoy...

Friday, July 9, 2010

Blocking Specific Sender to Specific Recipient or IPs Spamming Using Sendmail in Linux

Maintaining a MailServer is really a all time headache for Mail Server Admins, specifically to prevent SPAM relayed from you Server or delivered to your server.

In this article we would use some inbuilt feature of Sendmail to block users from sending mail to specific users or domains, this can be attained in many ways but i have done it in the below manner. For any issues please comment at the bottom of the post.

Sendmail is Oldest Mail transfer agent used by major of the MSP's (Mail Service Providers) all over the world, with its huge forum, mailing list and IRC Support and help it has gained high name within its competitors.

When Do i need to block a user or IP?
Reasons Are Many
1. Spamming done from your domain.
2. Spamming happening from outside to your server.
3. Spamming from a particular IP.
4. Wants to reject relaying mail for a user (Used incase allowed to just fetch mails, no sending allowed)
5. Any Many More...........

To block the user or IP we will be using access file / database included in the sendmail, Access Database provides a single, central database with rules to accept, reject, and discard messages based on the sender name, address, or IP number. It is enabled with the access_db configuration feature.

1. Enable the Access Database in Sendmail
You have to make add or declare the following lines in your sendmail.mc file

FEATURE(`access_db')

The above line added in the sendmail.mc enables use of the access database, and enables the default database type and path as:

hash /etc/mail/access

2. Create the access Database
Edit the File /etc/mail/access, the entries should be inorder

key value

The lefthand column is the key which is composed of a prefix and an address expression, this can contain hostname, email address, IP address, networks etc

The righthand column contains the value, which can be keywords or values that determine what should be done with the item described on the left or in a layman langauge the action to be executed, the preferable values are OK, RELAY, REJECT, DISCARD, SKIP, ERROR:XYZ text.

Eg :

spam@goo.gle.com REJECT
10.0.0.35 REJECT
192.168.1.100/255.0.0.0 REJECT
From:spammer@somedomain.com REJECT
To:trusteddomain.org RELAY
Connect:2trusteddomain.com OK
Connect:ashwin.com RELAY
From:good@domain.com OK
From:anotherbaddomain.com REJECT

To be able to block specific sender to specific recipient you need to add the following line in sendmail.mc to enable compat.
FEATURE(`check_compat')


Then make the following entries in access file (Location : /etc/mail/access)

Compat:extsender@mydomain.com<@>recipient@outdomain.com DISCARD


After confirming all the entries as per your requirement in access file, we have to recreate the access in hash database for which execute the below command

cd /etc/mail

makemap hash access < access

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf


Restart the sendmail service
/etc/init.d/sendmail restart


Testing

telnet to_your_mailserver_ip 25
mail from:internaluser@example.com
Ok
rcpt to:spam@goo.gle.com
REJECTED


Enjoy..

Thursday, July 8, 2010

Packet Capturing and Analayzing packets Using TCPDUMP on Centos, Fedora, Ubuntu and other Linux Distros

Many a times Linux System Admin2 face problem in network latency, connectivity the servers hampers the services which impact to the business. Using linux basic tools can not really solve it but you can identify the issues faced by the host to host or host to the device.

Here we will be using tcpdump tool to capture packet after which you can analyse the data and conclude with errors host.
If you have installed linux properly tcpdump is by default installed on to your system, and if not you can install it finding the relevant packages for your distros

RPM Based Linux can google for "tcpdump +rpm" and Debian can google for "tcpdump +deb", you will get enough results to finish installing the TCPDUMP package onto your system.

After installing, check if tcpdump is installed successfully executing the below command

 #>which tcpdump


Should return the binary location of the package installed

/usr/sbin/tcpdump


After confirming you can run tcpdump with various options passing to the command to check for the options

[root@ashwin ~]# tcpdump --help
tcpdump version 3.9.8
libpcap version 0.9.8
Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ]
[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -Z user ]
[ expression ]


We will be capturing packets for 2 minutes and analyze for any issues with hosts connecting to and from.

Running the below command will capture all the packets transferring between the hosts through the Network Interface Cards and will be redirected to a file

tcpdump -n -i bond0 -e -vvv > output.log


Once you have captured packets for 5 minutes press Ctrl + z to end and proceed with analyzing the file "output.log"


Example :

2.39.omserv > 11.240.240.141.nfs: ., cksum 0x1eba (correct), 156:156(0) ack 28961 win 30782
18:41:21.397883 00:a0:98:10:7a:05 > 00:21:5a:4c:a6:3e, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 26738, offset 0, flags [DF], proto: TCP (6), length: 1500) 11.240.240.141.2049 > 11.240.240.39.33554432: reply ERR 1448

In the above line its clear that a partition is mounted on the host using NFS protocol from other hosts having IP 11.240.240.141 which is having issues while transferring data to host bearing IP 11.240.240.39 Error "reply ERR 1448"

You can find great detail in the output of tcpdump, Also you can use wireshark to read the output.txt and get a better clarity of the data transmission hence lot of network latency can be resolved.

Enjoy.

Packet Capturing and Analayzing packets Using TCPDUMP on Centos, Fedora, Ubuntu and other Linux Distros