Also, I’ve figured out during install I forgot to set …

Thursday, 28th March 2024

Comment on Pc-Freak 2 days Downtime / Debian Linux Squeeze 32 bit i386 to amd64 hell / Expression of my great Thanks to Alex and my Sister by admin.

Also, I’ve figured out during install I forgot to set up mkvalidrcptto to periodically run via cron job so I set it there as well:


crontab -u root -e
# update validrcptto for mail server
10,20,30,40,50,55 * * * * /usr/sbin/update-validrcptto >/dev/null 2>&1

admin Also Commented

Pc-Freak 2 days Downtime / Debian Linux Squeeze 32 bit i386 to amd64 hell / Expression of my great Thanks to Alex and my Sister
And then after days, I’ve figured out there are issues with the mail server (so far I did not have the time and didn’t use mail server).

Today I just found there was issues with Validrcptto after recovery so mails dedicated to local properly existing mail accounts in vpopmail were not delivered at all:

Here is one extract from /var/log/qmail/qmail-smtpd/current, to show you what I mean:


@40000000508092851d177ca4 qmail-smtpd[4013]: Received-SPF: pass (/var/qmail/control/me: local policy designates 82.195.75.100 as permitted sender)
@40000000508092851d17808c qmail-smtpd[4013]: MAIL FROM:
@40000000508092851d178474 qmail-smtpd[4013]: RCPT TO:
@40000000508092851d17885c qmail-smtpd[4013]: validrcptto [82.195.75.100] trying: hipo@pc-freak.net
@40000000508092851d178c44 qmail-smtpd[4013]: validrcptto [82.195.75.100] trying: @pc-freak.net
@40000000508092851d17bb24 qmail-smtpd[4013]: validrcptto [82.195.75.100] not found: hipo@pc-freak.net
@4000000050809285202a5254 tcpserver: end 4013 status 0

….

After checking /usr/local/bin/mkvalidrcptto script I’ve figured out it was failing to load a perl dynamic library, located in /usr/lib/perl/5.10/DynaLoader.pm …., as well as failed loading a perl library located in /usr/local/bin/mkvalidrcptto on line (35).

Hence checking what is inside line 35 in the file, I’ve found:


use CDB_File ;

Trying to solve the DynaLoader errs and make mkvalidrcpto work, I first checked with apt-cache about CDB, found package libcdb1 and installed with apt-get:


# apt-get install --yes libcdb1

This however did not solve the error, after a bit of pondering I ended up reading again Thibs ValidRCPTTO page and had to follow and slightly modify his instructions to have perl CPAN’s CDB_File install on Debian. I say slightly installed because in Thibs tutorial it is pointed out to build a CDB_File for i386 deb package. Where in my case I had to build the package for amd64 (64 bit arch) deb package.

So in my case I had to run:

cd /downloads/deb-packages
dh-make-perl --build --install --cpan 'CDB_File'
dpkg -i /downloads/deb-packages/libcdb-file-perl_0.97-1_amd64.deb

cp /downloads/scripts/mkvalidrcptto /usr/local/bin
chmod 755 /usr/local/bin/mkvalidrcptto
cd /var/qmail/control/
/home/vpopmail/bin/vadddomain MY_PRIMARY_MAIL_DOMAIN_NAME random-password
mkvalidrcptto > /var/qmail/control/validrcptto.txt
cdbmake-12 /var/qmail/control/validrcptto.cdb validrcptto.tmp < /var/qmail/control/validrcptto.txt

Then finally to check all perl libraries invoked by mkvalidrcptto are loaded correctly used:


perl -cwT mkvalidrcptto
mkvalidrcptto syntax OK


Pc-Freak 2 days Downtime / Debian Linux Squeeze 32 bit i386 to amd64 hell / Expression of my great Thanks to Alex and my Sister
Another thing I forgot I did after re-compiling qmail was to re-build the CDB list with:

# qmailctl cdb
....


Pc-Freak 2 days Downtime / Debian Linux Squeeze 32 bit i386 to amd64 hell / Expression of my great Thanks to Alex and my Sister
Something I forgot to mention, after updating vpopmail it was also necessery to re-run:
vadddomain my-domain-name.com
vadddomain my-domain1.com
vadddomain …..

If I don’t do the mailboxes are not recognized by new re-complied and re-installed over vpopmail.


Recent Comments by admin

Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
       –rwo, –report-warnings-only
              This option causes only warning messages to be displayed. This can be useful when rkhunter is run via cron. Other options may
              be used to force other items of information to be displayed.

       –sk, –skip-keypress
              When  the  –check command option is used, after certain sections of tests, the user will be prompted to press the return key
              in order to continue. This option disables that feature, and rkhunter will run until all the tests have completed.

         


Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
As rkhunter check, can be pretty annoying and ask you to press keypresses multiple times and spit you a lot of unnecessery data a very good useful option arguments are:

–rwo and –sk

# rkhunter -c –rwo –sk
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': yes
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no


Fix eth changing network interface names from new Linux naming scheme ens, eno, em1 to legacy eth0, eth1, eth2 on CentOS Linux

Sorry for really late reply.

perhaps you have to create it or rename the ifcfg-eno1 to ifcfg-eth1 or you have some old ifcfg-enp1s0f0 or ifcfg-eno still under /etc/sysconfig/network-scripts/ interfering


How to RPM update Hypervisors and Virtual Machines running Haproxy High Availability cluster on KVM, Virtuozzo without a downtime on RHEL / CentOS Linux
if you happen to be missing versionlock plugin and you need to get use of it

yum versionlock capabilities

You will have to install yum-utils package:

For example on CentOS 8 Linux, to enable the yum versionlock plugiun

yum install yum-utils.noarch


How to log every Linux executed command by every running system program to separte log via rsyslog for better server Security and audit trails

In case if by default log is not configured for snoopy,
these are default output locations on various Linux distributions:

Distribution Snoopy output location Notes
CentOS /var/log/secure  
Debian /var/log/auth.log  
Ubuntu /var/log/auth.log  
(others) /var/log/messages (potentially, could be elsewhere)

Share this on:

Comments are closed.