Kernel Neighbour table overflow

Sometimes we may see this kind of messages in /var/log/messages


Oct 31 11:15:38 mail kernel: [ 4897.071608] __ratelimit: 97 callbacks suppressed
Oct 31 11:15:40 mail kernel: [ 4898.932524] Neighbour table overflow.

The neighbour table is generally known as ARP table and the default value for gc_thresh1 is 128.

Check the present value with the following command and the result should be like this:

# cat /proc/sys/net/ipv4/neigh/default/gc_thresh1

128

the 128 value is not enough. We also need to change the gc_thresh2 (soft limit) and gc_thresh3 (hard limit) for this. 

To resolve this problem edit the /etc/sysctl.conf file and add the following lines there.

net.ipv4.neigh.default.gc_thresh1 = 4096

net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv4.neigh.default.base_reachable_time = 86400
net.ipv4.neigh.default.gc_stale_time = 86400

then check with #sysctl -P

Hope the problem will be solved. 

Connection error: Connection refused (111)

After installing the change password plugin when we try to change a password from webmail, we may see this error.

"Connection error: Connection refused (111)"

This is because the plugin is dependent to another package named "poppassd"

Just install it by the following command.

apt-get install poppassd

and restart the apace2 service. 

The problem will be solved.

Postfix SASL authentication with SMTP port 465

By default postfix SMTP works on 25 port. You can check this by following command with the output below:

#netstat -nat
tcp        0      0 0.0.0.0:25             0.0.0.0:*               LISTEN   


Here we will change the port to 465 with SASL authentication. It is useful technique to fight against spam. Users those travel here and there with their laptops need not to change their e-mail client software settings also.

Here is how we can do it.

1. Edit the file /etc/dovecot.conf and make sure your auth default section has the lines below.

auth default {
  socket listen {
    client {
 path = /var/spool/postfix/private/auth
 mode = 0660
 user = postfix
 group = postfix
    }
  }
  mechanisms = plain login
}


2. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated


3. Edit /etc/postfix/master.cf
Put hash before the following line.
#smtp      inet  n       -       -       -       -       smtpd
Remove hash from the following lines.
smtps     inet  n       -       -       -       -       smtpd

-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject


Restart postfix service
Restart dovecot service

Now check the port again with the command:

#netstat -nat

tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN

Check more with telnet:

#telnet localhost 465

Sender Access Check in Postfix

I am working with a Debian Linux server and Postfix is using as its MTA. To control unwanted sender access to use that MX please go for the following steps:


Add a line in main.cf file:
vim /etc/postfix/main.cf
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access



create sender_access file and give all the valid users account as following:

vim /etc/postfix/sender_access
user1@example.com      OK
user2@example.com      OK
and more.....

save and exit the file.

Run the following Command:

postmap /etc/postfix/sender_access



restart postfix service.
/etc/init.d/postfix restart


Check the mail log with non-listed user of sender_access file.
tail -f /var/log/mail.log

pop-before-smtp configuration with Postfix

pop-before-smtp configuration:-
At first install the following packages.

Step 1: apt-get install libtimedate-perl libnet-netmask-perl libberkeleydb-perl

Step 2:- apt-get install pop-before-smtp

Step 3:- vim /etc/pop-before-smtp/pop-before-smtp.conf

( unhash the following lines)

$logto = '/var/log/pop-before-smtp';
$dbfile = '/var/lib/pop-before-smtp/hosts';


and the 4 lines portion of the following

# For Dovecot POP3/IMAP when using syslog.
( unhash the following four  lines)

$pat = '^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: ' .
   'Login: .*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]';
$out_pat = '^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: ' .
   'Disconnected.*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]';


Now integrate with postfix.

vim /etc/postfix/main.cf

hash:/var/lib/pop-before-smtp/hosts (add this line with my networks)



restart pop-before-smtp
restart postfix

Checking log: tail –f /var/log/pop-before-smtp

Specific file extension block in postfix

How to block attachment file extension in Postfix (OS= Debian)?


vim /etc/postfix/main.cf


Add the following line.

mime_header_checks = regexp:/etc/postfix/mime_header_checks

Save and close the file.




Now open /etc/postfix/mime_header_checks file:

vim /etc/postfix/mime_header_checks

 Append following line:

/name=[^>]*\.(bat|exe|dll|eml|vbs)/ REJECT    ### File ext that you want to block ####

Save and close the file.



Restart Postfix service and check with mail log.

Root Password Recover (Debian)

To recover root password in debian:

1.       Reboot the Machine and wait for loading the GRUB menu.

2.       Select “single user mode” from the menu and press “e” from the keyboard.

3.       Select “kernel” line from the menu and press “e” from the keyboard.

4.       At the end of the line type: init=/bin/sh and press “enter”.

5.       While selecting “kernel” line press “b” from the keyboard.

6.       After booting type the following: mount –o remount, rw /

7.       Now type “passwd” command and choose your password.

8.     Reboot your server. 

Openwebmail redirect

vim /var/www/index.html <HTML><HEAD> <TITLE>Auto-Redirect Page for Open Webmail</TITLE> <meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/cgi-bin/openwebmail/openwebmail.pl"> </HEAD><BODY> </body> </html>

Squirrelmail problem: Connection refused 111

Squirrelmail problem: Connection refused 111 First go to ./configure of squirrelmail select General Options make it >> 17. Disable secure forms         : true then save and exit now  apt-get install poppassd and apt-get install xinetd vim /etc/xinetd.d/poppassd service poppassd { disable = no socket_type             = stream wait                    = no user                    = root server                  = /usr/sbin/poppassd log_on_success          += USERID log_on_failure          += USERID }  /etc/init.d/xinetd restart

Squirrelmail index.html (Auto-Redirect)

vim /var/www/index.html

<HTML><HEAD>
<TITLE>Auto-Redirect Page for Webmail</TITLE>
<meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/webmail/">
</HEAD><BODY>
</body>
</html>

Openwebmail Configuration

I used Debian 6.0.0 OS. At first we need apache. apt-get install apache2 Download openwebmail tar from internet. #wget http://www.openwebmail.org/openwebmail/download/release/openwebmail-2.53.tar.gz tar -zxvf openwebmail-2.53.tar.gz you will get to dirrectories named: "data" and "cgi-bin" cp -R cgi-bin/openwebmail  /usr/lib/cgi-bin/ cd data/ cp -R openwebmail  /var/www vim /usr/lib/cgi-bin/openwebmail/etc/openwebmail.conf Edit the following: domainnames             pijush.com auth_module             auth_unix.pl mailspooldir            /var/mail ow_cgidir               /usr/lib/cgi-bin/openwebmail ow_cgiurl               /cgi-bin/openwebmail ow_htmldir              /var/www/openwebmail ow_htmlurl              /openwebmail logfile                 /var/log/openwebmail.log vim /usr/lib/cgi-bin/openwebmail/etc/defaults/auth_unix.conf Edit the following: passwdfile_encrypted    /etc/shadow passwdmkdb              none vim /usr/lib/cgi-bin/openwebmail/etc/defaults/dbm.conf Edit the following: dbm_ext                 .pag dbmopen_ext             none dbmopen_haslock         no Install the following dependencies. apt-get install perl-suid apt-get install libhtml-template-perl cd /usr/lib/cgi-bin/openwebmail #chmod 4555 *.pl cd /var/www # chown -R www-data:www-data openwebmail cd /usr/lib/cgi-bin/openwebmail/etc/ #  chmod 777 sessions cd /usr/lib/cgi-bin/openwebmail # ./openwebmail-tool.pl --init