Posts Tagged ‘redirect’
Thursday, October 29th, 2020
Lets say you're a sysadmin doing email migration of a Clustered SMTP and due to that you want to capture for a while all incoming email traffic and redirect it (forward it) towards another single mailbox, where you can review the mail traffic that is flowing for a few hours and analyze it more deeper. This aproach is useful if you have a small or middle sized mail servers and won't be so useful on a mail server that handels few hundreds of mails hourly. In below article I'll show you how.
How to redirect all postfix mail for a specific domain to single external email address?
There are different ways but if you don't want to just intercept the traffic and a create a copy of email traffic using the always_bcc integrated postfix option (as pointed in my previous article postfix copy every email to a central mailbox). You can do a copy of email flow via some custom written dispatcher script set to be run by the MTA on each mail arriva, or use maildrop filtering functionality below is very simple example with maildrop in case if you want to filter out and deliver to external email address only email targetted to specific domain.
If you use maildrop as local delivery agent to copy email targetted to specifidc domain to another defined email use rule like:
if ( /^From:.*domain\.com/:h ) {
cc "!someothermail@domain2.com"
}
To use maildrop to just forward email incoming from a specific sender towards local existing email address on the postfix to an external email address use something like:
if ( /^From: .*linus@mail.example.com.*/ )
{
dotlock "forward.lock" {
log "Forward mail"
to "|/usr/sbin/sendmail linuxbox@collector.example.com"
}
}
Then to make the filter active assuming the user has a physical unix mailbox, paste above to local user's $HOME/.mailfilter.
What to do if your mail delivered via your Email-Server.com are sent from a monitoring and alarming scripts that are sending towards many mailboxes that no longer exist after the migration?
To achive capturing all normal attempted to be sent traffic via the mail server, we can forward all served mails towards a single external mail address you can use the nice capability of postfix to understand PCRE perl compatible regular expressions. Regular expressions in postfix of course has its specific I recommend you take a look to the postfix regexp table documentation here, as well as check the Postfix Regex / Tester / Debugger online tool – useful to validate a regexp you want to implement.
How to use postfix regular expression to do a redirect of all sent emails via your postfix mail relayhost towards external mail servers?
In main.cf /etc/postfix/main.cf include this line near bottom or as a last line:
virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp
One defines the virtual file which can be used to define any of your virtual domains you want to simulate as present on the local postfix, the regexp: does load the file which is read by postfix where you can type the regular expression applied to every incoming email via SMTP port 25 or encrypted MTA ports 385 / 995 etc.
So how to redirect all postfix mail to one external email address for later analysis?
Create file /etc/postfix/virtual-regexp
/.+@.+/ external-forward-email@gmail.com
Next build the mapfile (this will generate /etc/postfix/virtual-regexp.db )
# postmap /etc/postfix/virtual-regexp
This also requires a virtual.db to exist. If it doesn't create an empty file called virtual and run again postmap postfix .db generator
# touch /etc/postfix/virtual && postmap /etc/postfix/virtual
Note in /etc/postfix/virtual you can add your postfix mail domains for which you want the MTA to accept mail as a local mail.
In case you need to view all postfix defined virtual domains configured to accept mail locally on the mail server.
$ postconf -n | grep virtual
virtual_alias_domains = mydomain.com myanotherdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual
The regexp /.+@.+/ external-forward-email@gmail.com applied will start forwarding mails immediately after you reload the MTA with:
# systemctl restart postfix
If you want to exclude target mail domains to not be captured by above regexp, in /etc/postfix/virtual-regexp place:
/.+@exclude-domain1.com/ @exclude-domain1.com
/.+@exclude-domain2.com/ @exclude-domain2.com
Time for a test. Send a test email
Next step is to Test it mail forwarding works as expected
# echo -e "Tseting body" | mail -s "testing subject" -r "testing@test.com" whatevertest-user@mail-recipient-domain.com
Tags: after, again, alias, ALL, amp, and, another, ANY, are, article, com, copy, email address, file, How to, MTA, postfix, redirect, traffic, use
Posted in Postfix, System Administration | No Comments »
Thursday, July 2nd, 2015
Sometimes it happens that some websites are indexed in Search Engines (Google, Yandex, Yahoo, Bing, Ask Jeeves etc.) with www.website-name.com and you want to get rid of the www in the hostname in favour of just the hostname in terms of Apache .htaccess redirect. I knwo redirect www to non-www, might seem a bit weird as usually people want to redirect their website domain without www to point to www but there is a good reason for that weirdness, if you're a Christian and you dislike the fact that WWW is being red as Waw Waw Waw's or Vav / Vav Vav letters in Hebrew which represents in hebrew 666 or the mark of the beast prophecised in last book of Holy Bible (Revelation) written by saint John, the book is also called often Apocalypse.
Using Apache mod_rewrite's .htaccess is a good way to do the redirect especially if you're in a shared hosting, where you don't have direct access to edit Apache Virtualhost httpd.conf file but have only access to your user's home public_html directory via lets say FTP or SFTP.
To achieve the www to non-www domain URL redirect, just edit .htaccess with available hosting editor (in case if shell SSH access is available) or web interface or download the .htaccess via FTP / SFTP modify it and upload it back to server.
You need to include following mod_rewrite RewriteCond rules to .htaccess (preferrably somewhere near beginning of file):
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.Your-Website.org [NC]
RewriteRule ^(.*)$ http://Your-Website.org/$1 [L,R=301]
As .htaccess is being dynamically red by Apache's mod_rewrite module no Apache webserver restart is required and you should see immediately the affect, hopefully if the webhosting doesn't imply some caching with mod_cache or there is no some cache expiry setting preventing the new .htaccess to be properly redable by webserver.
Also in case of troubles make sure the new uploaded .htaccess file is properly readable e.g. has some permissions such as 755. Also in case if it doesn't immediately works out, make sure to clean up your browser cache and assure your browser is not configured to use some caching proxy host (be it visible or transparent).
Besides this would work and your Search Engines in future will hopefully stop indexing your site with WWW. in front of domain name, there is a downside of using .htaccess instead of including it straight into Apache's VirtualHost configuration is that this will cause a bit of degraded performance and add some milliseconds slowness to serve requests to your domain, thus if you're on your own dedicated server and have access to Apache configuration implement the www to non www hostname redirect directly using VirtualHost as explained in my prior article here
Tags: case, good reason, hostname, htaccess file, preferrably, redirect, RewriteCond, Search Engines Google, website domain, www
Posted in Christianity, Computer Security, Curious Facts, Everyday Life, Linux, System Administration, Various, Web and CMS | No Comments »
Wednesday, April 2nd, 2014 A classic sysadmin scenario is to configure new Apache webserver with requirement to have an SSL ceriticate installed and working on port 443 and all requests coming on port 80 to be redirected to https://.
On Apache this is done with simple mod_rewrite rule:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Before applying the rule don't forget to have Apache mod_rewrite enabled usually it is not enabled on default most Linux distributions by default.
On shared hostings if you don't have access to directly modify Apache configuration but have .htaccess enabled you can add above rules also to .htaccess
Add this to respective VirtualHost configuration and restart Apache and that's it. If after configuring it for some reason it is not working debug mod_rewrite issues by enabling mod_rewrite's rewrite.log
Other useful Apache mod_rewrite redirect rule is redirect a single landing page from HTTP to HTTP
RewriteEngine On
RewriteRule ^apache-redirect-http-to-https.html$ https://www.site-url.com/apache-redirect-http-to-https.html [R=301,L]
!Note! that in case where performance is a key requirement for a website it might be better to use the standard way to redirect HTTP to HTTPS protocol in Apache through:
ServerName www.site-url.com Redirect / https://www.site-url.com/
To learn more on mod_rewrite redirecting check out this official documentation on Apache's official site.
Tags: case, default, HTTP, HTTPS, key, official documentation, performance, port, redirect, requirement, RewriteRule, SSL, standard, sysadmin, website, working, www
Posted in System Administration, Various, Web and CMS | No Comments »
Saturday, August 20th, 2011 I’ve recently had to build a Linux server with some other servers behind the router with NAT.
One of the hosts behind the Linux router was running a Window GRE encrypted tunnel service. Which had to be accessed with the Internet ip address of the server.
In order < б>to make the GRE tunnel accessible, a bit more than just adding a normal POSTROUTING DNAT rule and iptables FORWARD is necessery.
As far as I’ve read online, there is quite of a confusion on the topic of how to properly configure the GRE tunnel accessibility on Linux , thus in this very quick tiny tutorial I’ll explain how I did it.
1. Load the ip_nat_pptp and ip_conntrack_pptp kernel module
linux-router:~# modprobe ip_nat_pptp
linux-router:~# modprobe ip_conntrack_pptp
These two modules are an absolutely necessery to be loaded before the remote GRE tunnel is able to be properly accessed, I’ve seen many people complaining online that they can’t make the GRE tunnel to work and I suppose in many of the cases the reason not to be succeed is omitting to load this two kernel modules.
2. Make the ip_nat_pptp and ip_nat_pptp modules to load on system boot time
linux-router:~# echo 'ip_nat_pptp' >> /etc/modules
linux-router:~# echo 'ip_conntrack_pptp' >> /etc/modules
3. Insert necessery iptables PREROUTING rules to make the GRE tunnel traffic flow
linux-router:~# /sbin/iptables -A PREROUTING -d 111.222.223.224/32 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.3:1723
linux-router:~# /sbin/iptables -A PREROUTING -p gre -j DNAT --to-destination 192.168.1.3
In the above example rules its necessery to substitute the 111.222.223.224 ip address withe the external internet (real IP) address of the router.
Also the IP address of 192.168.1.3 is the internal IP address of the host where the GRE host tunnel is located.
Next it’s necessery to;
4. Add iptables rule to forward tcp/ip traffic to the GRE tunnel
linux-router:~# /sbin/iptables -A FORWARD -p gre -j ACCEPT
Finally it’s necessery to make the above iptable rules to be permanent by saving the current firewall with iptables-save or add them inside the script which loads the iptables firewall host rules.
Another possible way is to add them from /etc/rc.local , though this kind of way is not recommended as rules would add only after succesful bootup after all the rest of init scripts and stuff in /etc/rc.local is loaded without errors.
Afterwards access to the GRE tunnel to the local IP 192.168.1.3 using the port 1723 and host IP 111.222.223.224 is possible.
Hope this is helpful. Cheers 😉
Tags: bootup, Cheers, configure, confusion, dport, encrypted tunnel, external internet, flow, Forward, GRE, gre tunnel, Hope, host, hosts, How to, init, init scripts, Insert, internal ip address, internet ip address, ip nat, iptables, iptables firewall, kernel module, kernel modules, linux router, linux server, Load, make, modprobe, module linux, necessery, POSTROUTING, pptp, reason, redirect, sbin, system boot, tcp, topic, traffic flow, tutorial, window
Posted in Linux, System Administration | 6 Comments »
Saturday, July 17th, 2010 There is a quick way to achieve a a full url redirect from a normal unencrypted HTTP request to a SSL crypted HTTPS
This is achieved through mod_rewrite using the RedirectMatch directive.
For instance let’s say we’d like to redirect https://www.pc-freak.net/blog to https://www.pc-freak.net/blog.
We simply put in our .htacess file the following rule:
Redirect permanent /blog https://www.cadiabank.com/login
Of course this rule assumes that the current working directory where the .htacess file is stored is the main domain directory e.g. / .
However this kind of redirect is a way inflexible so for more complex redirect, you might want to take a look at mod rewrite’s RedirectMatch directive.
For instance if you inted to redirect all urls (https://www.pc-freak.net/blog/something/asdf/etc.) which as you see includes the string blog/somestring/asdf/etc. to (https://www.pc-freak.net/blog/something/asdf/etc then you might use some htaccess RedirectMatch rule like:
RedirectMatch permanent ^/blog/(.*)$ https://www.pc-freak.net.net$1
or
RedirectMatch permanent ^/blog/(.*)$ https://www.pc-freak.net.net/$1
Hopefully your redirect from the http protocol to https protocol with mod_rewrite rule should be completed.
Also consider that the Redirect directive which by the way is an Apache directive should be faster to process requests, so everywhere you can I recommend using instead of RedirectMatch which calls the external Apache mod_rewrite and will probably be times slower.
Tags: blog, directory, HTTP, HTTPS, instance, net, port, redirect, Redirect http URL folder to https e.g. redirect (http://example.com to https://www.example.com) with mod_rewrite, something, SSL, string, url, www
Posted in Linux, SEO, System Administration | 3 Comments »
Wednesday, April 27th, 2011 As you can read in my few previous posts I have just installed a new Ubuntu 10.10 on a Toshiba Satellite L40 notebook.
Most of the things which are necessery for a fully working Linux desktop are already installed and the machine works fine, however I just noticed there is an issue with the default torrent gnome client and transmission unable to download files from torrent trackers.
Few minutes of playing with the transmission’s settings has revealed what was causing my torrent download problems.
It seems on Ubuntu 10.10 (probably on other Ubuntus and Debians) by default the transmission bittorrent client is trying to use for torrent download connections an incoming port 53636 number.
As the computer is behind a firewall and does not have a real IP address seeders cannot properly connect to the notebook port 53636 and hence the transmission bittorrent client could not initialize any torrent downloads.
Fixing up the issue is rather easy to fix it I had to change the settings in transmission from the menus:
Edit -> Settings -> Network
You need to select the options:
- Pick a random port on startup
- Use UPnP or NAT-PMP to redirect connections
Next I had to restart transmission and my torrent downloads started 😉
Tags: bittorrent, client, Computer, connectionsNext, Desktop, download, few minutes, fine, firewall, Gnome, gnome client, incoming port, Initialize, ip address, issue, Linux, maverick, menus, NAT-PMP, necessery, notebook, port, random port, redirect, Satellite, torrent download, torrent tracker, torrent trackers, toshiba, toshiba satellite, tracker, Ubuntu, Ubuntus, UPnP
Posted in Linux, Linux and FreeBSD Desktop | 4 Comments »
Wednesday, December 22nd, 2010 My blog’s index has suddenly started redirecting to my last post. That was rather strange, since I haven’t done anything special, all I did before the problem occured was a change in wordpress wp-admin to my latest post.
There in I changed the post Visibility from Public to Private
Right after this my blog’s home started redirecting to the blog post where the changes was made.
This was really strange, so I reverted back the changes in Post’s Publish Visibility to the default setting.
Though the change the redirect to the latest post by accessing my www.pc-freak.net/blog/ was still there.
I tried completely wiping out the post by sending it to Trash and issuing the same post again, but now things became even worser.
Accessing my blog was opening 404 not found error message . Everything seemed fine in wordpress admin and therefore I suspected the redirect is being applied from info read in my wordpress database in MySQL.
A bit of investigation prooved my guess was correct, for some reason a record was made to the MySQL blog database in table wp_redirection_items.
The incorrect redirection wihtin the database looked like so:
| 4 | /blog/ | 0 | 2 | 0 | 0000-00-00 00:00:00 | 2 | enabled | url | 301 | /blog/how-to-change-from-default-main-menu-to-other-text-in-joomla/ | url | NULL |
Removing the incorrect redirect was kind of easy and came to simply issuing:
mysql> delete from wp_redirection_items where id='3';
Query OK, 1 row affected (0.00 sec)
This fixed the redirection issue and opening my blog main page started correctly opening the main page again! 🙂
Tags: blog, change, error message, everything, fine, freak, guess, home, How to fix wordpress blog sudden redirection to present post problem, info, investigation, issue, kind, null, page, private right, Public, Publish, Query, read, reason, redirect, redirection, visibility, wihtin, worser, www
Posted in Joomla, Various | 3 Comments »
Saturday, September 26th, 2009 I had the task to physically move a website from one host to another while doing it thebest SEO way possible.
Here is how I did it:
I used mod_rewrite and the following
.htaccess
rules like:redirect 301 /index.html http://new-location.com/index.htmlredirect 301 /somepage.html http://new-location.com/somathing.htmlFrom Search Engine point of view it is best to create a custom redirectfor every webpage available on the old location of the website to the new one.
END—–
Tags: after, another, moving, redirect, server, website
Posted in System Administration | No Comments »