Postfix Fallback Relay

See: http://www.postfix.org/postconf.5.html

fallback_relay (default: empty)

Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. With Postfix 2.3 this parameter is renamed to smtp_fallback_relay.

By default, mail is returned to the sender when a destination is not found, and delivery is deferred when a destination is unreachable.

The fallback relays must be SMTP destinations. Specify a domain, host, host:port, [host]:port, [address] or [address]:port; the form [host] turns off MX lookups. If you specify multiple SMTP destinations, Postfix will try them in the specified order.

Note: before Postfix 2.2, do not use the fallback_relay feature when relaying mail for a backup or primary MX domain. Mail would loop between the Postfix MX host and the fallback_relay host when the final destination is unavailable.

* In main.cf specify "relay_transport = relay",
* In master.cf specify "-o fallback_relay =" (i.e., empty) at the end of the relay entry.
* In transport maps, specify "relay:nexthop..." as the right-hand side for backup or primary MX domain entries.

Postfix version 2.2 and later will not use the fallback_relay feature for destinations that it is MX host for.

-

Here my actual scenario:

Servers:
mail1 - connected to mail2 and mail3 and internet with public IP
mail2 - connected to mail1 and mail3 and internet with public IP
mail3 - connected to mail2 and mail1 and internet with public IP


1. mail1 has its default smtp to its public IP since its a Postfix Server and its fallback_relay is mail2
2. The rest, same config, default smtp is it self, fallback_relay is the available mailx via intranet.

Config @ mail1


#/etc/postfix/main.cf
transport_maps = hash:/etc/postfix/transport



#/etc/postfix/transport
#smtp_server_mail2
@mail2.mydomain.com smtp_mail2:[mail2]
#
@mail3.mydomain.com smtp_mail3:[mail3]
#
#smtp_default, where all smtp goes thru
* smtp_default:



#/etc/postfix/master.cf
smtp_default unix - - n - - smtp -o fallback_relay=[xx.yy.zy.xz]
smtp_mail2 unix - - n - - smtp -o fallback_relay=[mail3]
smtp_mail3 unix - - n - - smtp -o fallback_relay=[mail2]
#



Fixing rpmdb problem

I got this problem when running rpm at centos 5.3, dont know why.


[root@dimdim2 localhost ~]# yum list
rpmdb: Lock table is out of available locker entries
rpmdb: Unknown locker ID: 2a19
error: db4 error(22) from db->close: Invalid argument
error: cannot open Packages index using db3 - Cannot allocate memory (12)
error: cannot open Packages database in /var/lib/rpm
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.main(sys.argv[1:])
File "/usr/share/yum-cli/yummain.py", line 85, in main
base.getOptionsConfig(args)
File "/usr/share/yum-cli/cli.py", line 163, in getOptionsConfig
disabled_plugins=self.optparser._splitArg(opts.disableplugins))
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 164, in _getConfig
self._conf = config.readMainConfig(startupconf)
File "/usr/lib/python2.4/site-packages/yum/config.py", line 685, in readMainConfig
yumvars['releasever'] = _getsysver(startupconf.installroot, startupconf.distroverpkg)
File "/usr/lib/python2.4/site-packages/yum/config.py", line 752, in _getsysver
idx = ts.dbMatch('provides', distroverpkg)
TypeError: rpmdb open failed


the fix,

[root@dimdim2 localhost ~]# rm /var/lib/rpm/__db.00*
rm: remove regular empty file `/var/lib/rpm/__db.000'? y
rm: remove regular file `/var/lib/rpm/__db.001'? y
rm: remove regular file `/var/lib/rpm/__db.002'? y
rm: remove regular file `/var/lib/rpm/__db.003'? y


[root@dimdim2 localhost ~]# rpm --rebuilddb


Tips on nagios installation to bypass selinux

I installed a nagios3 monitoring on a centos 5 server, forgot to disable SELinux and I encountered some issue related to cgi and running external command. so here are some commands that can help without the need to restart the server.

Instead of disabling SELinux or setting it to permissive mode, you can use the following command to run the CGIs under SELinux enforcing/targeted mode:

chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

ref: nagios documentation - specific to fedora



chcon -R -t httpd_sys_script_rw_t /usr/local/nagios/var/rw/

ref: http://www.mail-archive.com/nagios-users@lists.sourceforge.net/msg14819.html

This allows the running of external command.

Btw, I installed nagios from source that is why the path referred to /usr/local/nagios.

hope it can help me next time. :D

Setting TimeZone at Linux via CLI

Quick how to change TimeZone under Linux using cli.

1. Login as root.

2. Issue command below:

mv /etc/localtime /etc/localtime-orig

- renaming the localtime reference file

3. Command for new timezone.

ln -sf /usr/share/zoneinfo/EST /etc/localtime

- this sets the timezone to EST

ln -sf /usr/share/zoneinfo/Asia/Manila /etc/localtime

- this sets the timezone to PHT

thats it!

Allowing SFTP but not SSH

Here's how they do it, well, I have also tried it.

The default login shell for an account to be able to ssh is /bin/bash, this is the entry at /etc/passwd file. For the certail user to use sftp only and not ssh, login shell should be change to the path of sftp-service. See below:

ssh allowed:

testuser:x:670:670::/home/testuser:/bin/bash

sftp only allowed:

testuser:x:670:670::/home/testuser:/usr/libexec/openssh/sftp-server

When the user try to login using ssh, nothing will happen, but when sftp, it will go to sftp prompt.

iptables for chillispot - working

#IPTABLES
# Generated by iptables-save v1.2.11 on Fri Apr 27 18:35:55 2007

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37:3532]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1812 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p udp -m udp --dport 1812 -j ACCEPT
-A INPUT -p udp -m udp --dport 1813 -j ACCEPT
-A INPUT -p udp -m udp --dport 1814 -j ACCEPT
#ftp
#-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1812 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -m iprange --src-range 10.10.1.200-10.10.1.230 -j ACCEPT
-A INPUT -i eth0 -s 10.1.1.1 -j ACCEPT
-A INPUT -i eth0 -s 10.1.9.3 -j ACCEPT
-A INPUT -m iprange --src-range 10.180.90.1-10.180.91.7 -j ACCEPT
#
#
#-A INPUT -i eth0 -s 10.10.1.1 -j ACCEPT
#-A INPUT -i eth0 -p tcp -m tcp -m multiport --destination-port 69 -j ACCEPT
#-A INPUT -i eth0 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -j DROP
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3990 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 10.10.1.0/24 -j ACCEPT
-A INPUT -s 10.10.9.0/24 -j ACCEPT
-A INPUT -s 10.210.1.1 -j ACCEPT
-A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG --log-prefix "--firewall-logs-chili-dvo--"
-A INPUT -i lo -j ACCEPT
-A FORWARD -i eth1 -j DROP
-A FORWARD -o eth1 -j DROP
COMMIT
# Completed on Fri Apr 27 18:35:55 2007
# Generated by iptables-save v1.2.11 on Fri Apr 27 18:35:55 2007
*nat
:PREROUTING ACCEPT [3654:725407]
:POSTROUTING ACCEPT [2:168]
:OUTPUT ACCEPT [24:1466]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Apr 27 18:35:55 2007
# Generated by iptables-save v1.2.11 on Fri Apr 27 18:35:55 2007
*mangle
:PREROUTING ACCEPT [5730:883086]
:INPUT ACCEPT [5321:743721]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1743:211303]
:POSTROUTING ACCEPT [1743:211303]
COMMIT
# Completed on Fri Apr 27 18:35:55 2007


Just my fstab, grub-menu.lst and disk partition


[root@ohbetpc ~]# fdisk -l

Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xbfdebfde

Device Boot Start End Blocks Id System
/dev/sda1 * 1 5099 40957686 7 HPFS/NTFS
/dev/sda2 5100 19457 115330635 f W95 Ext'd (LBA)
/dev/sda5 5100 10198 40957686 7 HPFS/NTFS
/dev/sda6 10199 11528 10683193+ b W95 FAT32
/dev/sda7 11529 11573 361431 83 Linux
/dev/sda8 11574 11983 3293293+ 83 Linux
/dev/sda9 11984 14127 17221648+ 83 Linux
/dev/sda10 14128 14263 1092388+ 82 Linux swap / Solaris
/dev/sda11 14264 19457 41720773+ 83 Linux

Disk /dev/hdb: 20.0 GB, 20020396032 bytes
255 heads, 63 sectors/track, 2434 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x462db064

Device Boot Start End Blocks Id System
/dev/hdb1 * 1 2433 19543041 83 Linux



[root@ohbetpc ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda9 17G 7.9G 7.6G 51% /
/dev/sda7 342M 29M 296M 9% /boot
/dev/sda11 40G 34G 6.0G 85% /home
/dev/sda8 3.1G 73M 2.9G 3% /tmp
/dev/sda1 40G 11G 29G 27% /windows/c
/dev/sda5 40G 38G 1.8G 96% /windows/d
/dev/sda6 11G 5.5G 4.8G 54% /windows/e
/dev/hdb1 19G 16G 1.5G 92% /media/hd



[root@ohbetpc ~]# cat /boot/grub/menu.lst
timeout 10
color black/cyan yellow/cyan
default 6

title linux
kernel (hd0,6)/vmlinuz BOOT_IMAGE=linux root=UUID=dcad77ff-8f27-479d-9e19-dd0b5ac71097 resume=/dev/sda7 splash=silent vga=788
initrd (hd0,6)/initrd.img


title linux-nonfb
kernel (hd0,6)/vmlinuz BOOT_IMAGE=linux-nonfb root=UUID=dcad77ff-8f27-479d-9e19-dd0b5ac71097 resume=/dev/sda7
initrd (hd0,6)/initrd.img


title failsafe
kernel (hd0,6)/vmlinuz BOOT_IMAGE=failsafe root=UUID=dcad77ff-8f27-479d-9e19-dd0b5ac71097 failsafe
initrd (hd0,6)/initrd.img


title windows
root (hd0,0)
chainloader +1



title desktop 2.6.24.5-2mnb
kernel (hd1,6)/vmlinuz-2.6.24.5-desktop-2mnb BOOT_IMAGE=desktop_2.6.24.5-2mnb root=UUID=dcad77ff-8f27-479d-9e19-dd0b5ac71097 resume=/dev/sda7 splash=silent vga=788
initrd (hd1,6)/initrd-2.6.24.5-desktop-2mnb.img


title desktop 2.6.24.7-1mnb
kernel (hd0,6)/vmlinuz-2.6.24.7-desktop-1mnb BOOT_IMAGE=desktop_2.6.24.7-1mnb root=UUID=dcad77ff-8f27-479d-9e19-dd0b5ac71097 resume=/dev/sda7 splash=silent vga=788
initrd (hd0,6)/initrd-2.6.24.7-desktop-1mnb.img


title desktop 2.6.24.7-2mnb
kernel (hd0,6)/vmlinuz-2.6.24.7-desktop-2mnb BOOT_IMAGE=desktop_2.6.24.7-2mnb root=UUID=dcad77ff-8f27-479d-9e19-dd0b5ac71097 resume=/dev/sda7 splash=silent vga=788
initrd (hd0,6)/initrd-2.6.24.7-desktop-2mnb.img
[root@ohbetpc ~]#



Well, the reason why I post this was, I spent a whole day figuring out why I cant boot to my linux after re-installing windows XP. I made a manual regenarating GRUB. I even used the supergrub disk but still it has an error file not found when booting to a particular kernel on my GRYB menu. Well, the culprit, as you can see this entry " (hd0,6)/vmlinuz-2.xxx" after messing up with GRUB, that became (hd0,8) while I did not change that to anything. anyway.. It was my fault, I should have remembered that /dev/sdn is equal to (hd0,n-1) on the grub menu.lst entries... now, Im good, booting back to my Mandriva 2008.1.