« » page 1/2, result 1-10, 1–10 11–16

Zimbra blacklist ip after many logon failures

 

and block mailbox after too many failures

As of from

https://wiki.zimbra.com/wiki/DoSFilter

"The denial-of-service filter or DoSFilter was added to the mailbox server in ZCS 8.0 to throttle clients sending a large number of requests over a very short period of time. The DoSFilter is applied to all requests for service, mailbox and admin..."

 

zmprov mcf zimbraHttpDosFilterDelayMillis 20
zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 250
zmprov mcf zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating 30
zmprov mcf zimbraInvalidLoginFilterMaxFailedLogin 10
zmprov mcf zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin 5

and in admin console Home > Configure > Class of Service >  Advanced > Failed Login Policy

Classi di servizio Zimbra

In a big company this can cause the block of an entire netword, so you can whitelist it

 

zmprov mcf +zimbraHttpThrottleSafeIPs 35.171.80.173/32



 

 


 

RIP Kobe

 

 

 


 

ZIMBRA - Outgoing SMTP Authentication

 

in italian

Le variabili sono:

  1. il nome del server Zimbra che deve spedire usando un SMTP esterno (autenticato)
  2. il nome, la porta e il tipo di sicurezza del server SMTP che farà da relay per noi
  3. servono username e password per il relay esterno
  4. la versione di Zimbra, dalla 8.5 ci sono dei comandi più integrati e non perdi le conf al riavvio dei servizi

 

che, per esempio, poniamo essere:

  1. mail.zimbrino.it
  2. smtp.provider.it porta 587 STARTTLS
  3. username password
  4. nel mio caso 8.8.15

I comandi devono essere impartiti da utente zimbra, quindi

su - zimbra

Dice a zimbra di usare un Mail Relay Agent

zmprov mcf zimbraMtaRelayHost smtp.provider.it:587

 

 

Crea il file conusername e password da usare per smtp.provider.it
echo smtp.provider.it username:password > /opt/zimbra/conf/relay_password

 

 

Crea il file con le password che userà postfix partendo dal file in chiaro (/opt/zimbra/conf/relay_password)
postmap /opt/zimbra/conf/relay_password
come verifica digitare:
postmap -q smtp.provider.it /opt/zimbra/conf/relay_password
l'output deve essere lo stesso del file e cioè nell'esempio:
smtp.provider.it username:password

Dice a postfix di usare quel file per l'autenticazione SASL
zmprov ms mail.zimbrino.it zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password

 

Dice a postfix di abilitare l'autenticazione
zmprov ms mail.zimbrino.it zimbraMtaSmtpSaslAuthEnable yes

 

Dice a postfix di usare il nome specificato al posto del canonical name che potrebbe essere diverso

zmprov ms mail.zimbrino.it zimbraMtaSmtpCnameOverridesServername no

 

attivare STARTTLS (http://www.postfix.org/postconf.5.html#smtp_tls_security_level)

zmprov ms mail.zimbrino.it zimbraMtaSmtpTlsSecurityLevel may

 

Se hai problemi di autenticazione [SASL authentication failed (si vede nella coda) + Relay denied (si vede nei log)]
zmprov ms mail.zimbrino.it zimbraMtaSmtpSaslSecurityOptions noanonymous

 

Per riavviare postfix
postfix reload
Per riavviare Zimbra (oppure stop e start)
zmcontrol restart
Per vedere i log di zimbra
tail -f /var/log/zimbra.log
Per vedere la coda
postqueue -p

oppure
mailq
Per forzare la coda
postqueue -p

 

Tip:

Dopo aver cambiato il CommonName è possibile avere degli errori SOAP nell'interfaccia di gestione come questo:

system failure exception during auth remotemanager

E' possibile risolvere rigenerando i certificati:

zmsshkeygen

e

zmupdateauthkeys

 

 


 

 


 

Extract string between two characters

 

estrarre testo compreso tra due caratteri delimitatori non necessariamente uguali

 

 

For example I want to see mail boxes logins, each login row is similar to this:

Nov 26 12:17:52 sgherro_mail_server dovecot: imap-login: Login: user=<usermailbox>, method=PLAIN, rip=192.168.0.225, lip=192.168.99.216, TLS

 

To extract usermailbox I did this:

cat /var/log/mail.log | grep "Login: " |sed -nr 's/.*<(.*)>.*/\1/p'

 

 


 

Ubiquiti AP adoption

 

 

  •  Identificare e/assegnare IP address al dispositivo
  •  Accedere al pannello https://uxxxi.nxxxxi.it:8443
  •  Accedere al site o crearlo se necessario, nel qual caso andare nelle impostazioni e mettere nazione e fuso orario corretti, in fondo ci sono delle credenziali
  •  Con putty o terminale UNIX collegarsi al dispositivo via ssh, username: ubnt password: ubnt
  •  digitare:


 set-inform http://uxxxi.nxxxxi.it:8080/inform

 (verificare che siano http e 8080)

  •   Sul pannello web, alla voce devices deve comparire il device
  •   In devices clicca su ADOPT
  •   Dal terminale ripeti il comando set-inform esattamente come prima
  •   Il dispositivo fa un provisioning e riavvia
  •   Configurare il wifi
  •   Applicare i gruppi WLAN al dispositivo (si fa da devices, si clicca sul dispositivo ecc.

 

 


 

docker commit

 

identify the docker

# docker ps

CONTAINER ID   IMAGE COMMAND CREATED  STATUS PORTS NAMES

then commit!

# docker commit CONTAINER ID NAMES

done

 

 


 

Bulk users creating for Zimbra

 

Create in /tmp folder a text file with this content:

 

ca ACCOUNT PASSWORD displayName 'DISPLAY_NAME' givenName FIRST_NAME sn SURNAME

 

and name it, for example, newaccounts.txt

 

now type as zimbra user:

zmprov -f /tmp/newaccounts.txt

 

To generate 16 chars random passwords you cau type this into the shell:

for i in `seq 1 100`; do mktemp -u XXXXXXXXXXXXXXXX; done

 

 

 


 

Empty Zimbra ML and populate it from file

 

or populate from file

Step 1

do a backup of the mailing list

 

zmprov gdlm NAME OF THE ML | tail -n +4 > /PATH/OF/THE/BACKUPFILE/FILENAME.txt

 

Step 2

Extract ML members and remove them

 

for a in `zmprov gdlm NAME OF THE ML | tail -n +4` ; do
   zmprov rdlm NAME OF THE ML $a
done

 

Step 3

Import new members (or add members) from a previously prepared text file, this version is a bash executable file named add-to-ml.sh with this content

for i in $(cat ${1}); do
   zmprov adlm NAME OF THE ML $i
done

 

The usage is this

 ./add-to-ml.sh /PATH/OF/THE/NEW_MEMBERS_FILE/FILENAME.txt

(the .txt extension is not mandatory but the file must be executable for the owner, chmod +x)

 For tips on how to clean a list of email addresses see my previous post:

http://www.apastore.org/index.php?Rimuovere-righe-a-capo-accapo-e-righe-vuote

(in italian)

 

 


 

Extract a part of a large file from row to row

 

Having a large Postgresql database dump with all databases I needed to extract only a single dump.

Use vi editor to discover the starting line of the needed database dump activating row numbering and searching the connect word

: se nu

:/connect

pressing n until reached the correct starting row I wrote the line number and at the next pressure of n I reached the start of the following database

260757 /connect my-beautifull-database

288232 /connect following_unusefull_database

So I need to extract from row 260757 to 288232, let's do it with php

<?php
$handle = fopen("/tmp/a.sql", "r");
$handle2 = fopen("/tmp/b.sql", "w");
if ($handle) {
    $riga = 0;
    while (($line = fgets($handle)) !== false) {
    if ( $riga > 260756 and $riga < 288232 ) {
        fwrite($handle2, $line);
    }
       $riga++;
    }

    fclose($handle);
    fclose($handle2);
} else {
    echo "Can't open input file";
}
?>

The usage of PHP from command line is

php -f bin/large.php

 

 

 


 

Lacie 2big NAS - no RAID recostruction

 

disk placed as spare

After a trivial error I removed a disk from a normal operating RAID1 NAS.

When I reinserted the disk the NAS rebuild the RAID but the data partition was marked as spare but thanks to everithing you want the NAS uses Linux as operating system.

 

What to do:

Shutdown the NAS

Remove and, if already not, correctly label the disks.

Connect them to a linux box (or a PC and start it with a live linux distribution) and start it

(if needed install mdadm tools)

 

See the state of the RAID with this commands as superuser (do it if you know what you are doing, otherwise you can loose all data on disks, at your own risk):

cat /proc/mdstat

mdadm -D /dev/mdN (where N for me was 123 == /dev/md123)

mdadm -D /dev/md123

 

My LAcie 2big NAS had RAID device /dev/md123 populated by /dev/sdb8 and /dev/sdc8, but /dev/sdb8 was  marked as spare, in this situation you must:

 

remove the partition from the raid

mdadm --manage /dev/md123 -r /dev/sdb8 (I used my devices don't repeat this commend exactly if you didn't understand it)

 

reinsert the partition into the raid

mdadm --manage /dev/md123 -a /dev/sdb8 (I used my devices don't repeat this commend exactly if you didn't understand it)

 

wait for reconstruction, 2.5 ours for 1,5tb of data

 

shutdown the box

 

put the devices in the correct bay of the NAS

 

start it

 

done

 

 


 

« » page 1/2, result 1-10, 1–10 11–16