Glen Solsberry's questions

I'm trying to block access to everything on a vhost except a single safe-path (and really, everything under it, so /safe-path/item-1, /safe-path/item-2, etc); from reading the docs, it seems that I should be able to do:

<Location />
Order allow,deny
Deny from all
</Location>
<Location /safe-path>
Order allow,deny
Allow from all
</Location>

But this doesn't seem to work; all URLs return a 403. I've tried the other order as well, and it doesn't seem to matter. If there's a "better" solution to the problem I'm trying to solve, I'm open to that as well.

EDIT: After doing some more research, I found Require all denied and Require all granted, which seems to be the 2.4 syntax. However, even setting the blocks to look like this it doesn't seem to work as expected:

<Location "/">
    Require all denied
</Location>
<Location "/safe-path">
    Require all granted
</Location>

I'm getting a 403 on every URL I hit. Even changing the order doesn't seem to make a difference.

I'm trying a simple location directive in my nginx config, and it doesn't seem to be working all that well; I want to ensure that all requests to a local css or js file have an expires header, so I added the following to my server block (shown below). Am I missing something? The movies location block correctly works (and loads CSS), however it does not have the expires header as expected. I've tried putting the wanted location block inside the movies location block to no success.

server {
  server_name           www.example.com;

  index  index.php index.html index.htm;

  access_log            /var/log/nginx/example.com/access.log;
  error_log             /var/log/nginx/example.com/error.log;

  root /var/example.com;

  location / {
    try_files $uri $uri/ /index.php$is_args$args;
  }

  # CSS and Javascript -- this is the added location block
  location ~* \.(css|js)$ {
    expires 1y;
    access_log off;
    add_header Cache-Control "no-cache, public, must-revalidate, proxy-revalidate";
  }

  location = /movies {
    return 301 $scheme://$host/movies/;
  }
  location ^~ /movies {
    alias /var/example.com/movies/current/public;
    fastcgi_index index.php;
    try_files $uri $uri/ /movies/movies/index.php$is_args$args;

    location ~* \.php {
      fastcgi_pass unix:/run/php/php7.1-fpm.sock;
      fastcgi_split_path_info ^(.+\.php)(.*)$;
      include /etc/nginx/fastcgi_params;
    }
  }

  ## many other location blocks like the immediate above snipped

  # pass the PHP scripts to FastCGI server listening on /run/php/php7.1-fpm.sock
  location ~ \.php$ {
    try_files $uri /index.php =404;
    fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

I'm running supervisor 3.2.0-2ubuntu0.2 Ubuntu 16.04. I want to change the command that one of my processes uses, but I need to make sure that supervisor sends the correct signal to it so that the process may wrap up; unfortunately, supervisor is still sending a SIGKILL even though I've requested TERM.

[program:my-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /home/worker/job --param=a,b,c
autostart=true
autorestart=true
stopwaitsecs=10
user=worker
stopsignal=TERM
numprocs=1
stdout_logfile=/var/log/supervisor/worker.log
stderr_logfile=/var/log/supervisor/worker-error.log

If I follow Supervisor not loading new configuration files after changing the "command" (for example: php /home/worker/job --param=a,b,c,d) I get the following in the logs:

2018-08-08 09:05:21,514 INFO waiting for worker_00 to stop
2018-08-08 09:05:21,533 INFO stopped: worker_00 (terminated by (9) SIGKILL)

I specifically need to make sure that SIGTERM is being sent - I've gone delving in to the code, but I didn't see anything obvious that would suggest my config is incorrect. Am I calling the wrong commands? service supervisord restart triggers the same.

I have an nginx config that looks like this:

location ^~ /movies {
    alias /var/dp.cx/movies/current/public;
    fastcgi_index index.php;
    try_files $uri /movies/index.php;

    location ~* \.php {
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        include /etc/nginx/fastcgi_params;
    }
}

This is a Laravel application, which works almost completely out of the box. However, there are a couple of small problems that I have with this configuration.

• Hitting /movies triggers a 404. Hitting /movies/ works successfully.
• Hitting one of the pagination URLs (/movies/test?page=2) has no information from the querystring.

I'm not sure where I found this configuration, but it seems to be the closest thing to a "working" configuration I've ever found for nginx + fpm with a subdirectory URL.

We do most of our work on colocated servers in a datacenter over SSH. This means that we're connected to the boxes almost all day, 5 days a week. Intermittently, we'll see a lag between typing on the keyboard, and having the contents echo'd back to us on the shell. I started doing some digging, and I'm having trouble understanding the results; I'm also looking for next steps to look at. Earlier, I ran a wireshark trace against tcp.dstport == 22, which seems to be where we have the majority of the problems. I did notice a large-ish (10-20 out of several thousand packets) that were TCP Retransmissions. I assume this is related to the lag issue we're seeing.

1) mtr to remote host

                                         Packets               Pings
 Host                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.100.254                    76.6%   454    0.5   0.5   0.3   4.7   0.4
 2. 10.113.128.1                       80.6%   454   17.3 130.8   5.7 6030. 726.7
 3. 74.128.19.209                      79.5%   454    9.7  25.8   6.7 1270. 133.2
 4. 74.128.8.233                       80.6%   454    8.5  31.9   6.6 1369. 150.6
 5. 4.71.250.1                         79.2%   454  1547.  50.5  14.7 1547. 194.1
 6. 4.69.138.158                       80.4%   454   20.1  29.7  15.4 1003. 104.5
 7. 4.69.140.189                       74.2%   454   16.2  28.6  15.0 920.0  85.5
 8. 4.69.138.4                         72.6%   454   17.0  41.2  15.5 821.6  81.7
 9. ???
10. 216.26.190.9                       79.4%   453   45.2 105.8  24.4 3008. 406.7
11. 216.26.162.162                     90.7%   453   28.3  40.2  24.1 556.3  81.7

2) mtr to 192.168.100.254 (happening simultaneously to above mtr)

                                         Packets               Pings
 Host                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.100.254                     0.0%   591    0.8   0.4   0.3   6.9   0.5

First question: why does the top mtr suggest packet loss at 192.168.100.254, when the bottom one does not?

Second question: how can I determine better what might be causing this?

EDIT:

mtr to first host outside our network:

                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. edge.networldalliance.local      18.1%   393    0.5   0.5   0.4   1.8   0.2
 2. 10.113.128.1                      0.0%   393   10.0  10.1   5.5 744.3  37.4

separate mtr to second host in the hop:

                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. edge.networldalliance.local      87.9%   424    0.8   0.7   0.5   1.2   0.1
 2. 10.113.128.1                      0.0%   424    9.5   9.5   5.2 577.8  27.8
 3. 74-128-19-209.dhcp.insightbb.com  0.0%   423    6.5  10.4   6.2 243.9  12.8

separate (again) mtr to third host in the hop:

                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. edge.networldalliance.local      87.2%   440    0.6   0.7   0.4   2.2   0.3
 2. 10.113.128.1                      0.0%   439    6.4  10.9   5.6 991.8  47.2
 3. 74-128-19-209.dhcp.insightbb.com  0.0%   439    8.5  13.3   6.5 744.3  35.6
 4. 74.128.8.233                      0.0%   439    7.9  23.6   6.3 493.8  47.2

Any suggestions based on this new data? I'm going to see about getting the router / firewall replaced.

I've set up dkim-filter on my mail server. I've set up postfix to use dkim-filter as the milter; However, I'm getting the following in my logs:

Jul  7 13:00:29 magni postfix/smtpd[6742]: connect from mail-vw0-f53.google.com[209.85.212.53]
Jul  7 13:00:29 magni postfix/smtpd[6742]: D0F802BC74: client=mail-vw0-f53.google.com[209.85.212.53]
Jul  7 13:00:29 magni postfix/cleanup[6756]: D0F802BC74: message-id=<....-....mail.gmail.com>
Jul  7 13:00:34 magni dkim-filter[7039]: D0F802BC74: key retrieval failed

Why am I getting that, and how can I stop it from happening?

I have a need to throttle the bandwidth usage, similar to how some ISPs do it, so that after a couple of seconds, it throttles down the speed.

Somehow, one of our sites continues to be compromised. Is there a way that I can log every command that PHP runs, either via system(), exec(), etc?

I need to set up nginx so that when a timeout occurs attempting to reach the upstream proxy, that it will just return the cached version on disk.

Can someone tell me how, as the docs are a little sparse on information.

Essentially, I'm looking at the .list files in /etc/apt/sources.list.d/. Each of them has a deb entry; I'm curious to know if there's a way to see if any new distribution exists for any of the entries.

How can I force postfix to check (and log/flag/etc) all outgoing mail for spam?

Just want to make sure I'm doing my part on my servers.

EDIT: Postfix config, as requested.

main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   reject_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

alias_maps = hash:/etc/aliases

myhostname = example.com
myorigin = /etc/mailname
mydestination = localhost, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
content_filter = smtp-amavis:[127.0.0.1]:10024

transport_maps = mysql:/etc/postfix/mysql/transport_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_alias_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf


virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
dovecot_destination_recipient_limit = 1

master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
    -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache

127.0.0.1:10025     inet    n   -   y   -   -   smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject

    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=100

smtp-amavis unix -  -   y   -   2   smtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

mysql/transport_maps.cf

user = user
password = password
hosts = 127.0.0.1

dbname = postfix

query = SELECT target FROM transports WHERE hostname = '%d' AND active = 1

mysql/virtual_alias_domains.cf

user = user
password = password
hosts = 127.0.0.1

dbname = postfix
select_field = domain
table = domains
where_field = domain
additional_conditions = AND active = 1

mysql/virtual_alias_maps.cf

user = user
password = password
hosts = 127.0.0.1

dbname = postfix
select_field = forward
table = aliases
where_field = source
additional_conditions = AND active = 1

mysql/virtual_mailbox_maps.cf

user = user
password = password
hosts = 127.0.0.1

dbname = postfix

query = SELECT mailbox_path FROM users WHERE address = '%s' AND active = 1

I'm trying to improve the performance of our primary MySQL server. It's a Dual Quadcore Intel X5450, with 8GB of RAM. It's a dedicated MySQL box. I'm only in the beginnings of configuring it, so I'm starting relatively fresh.

I noticed that Created_tmp_disk_tables was awfully high, at 330k. Created_tmp_tables is only at 380k. This might not be too bad, except that MySQL was restarted less than 4 hours ago.

I've set the following:

15:31:15 (9) > show global variables like '%table_size%';
+---------------------+------------+
| Variable_name       | Value      |
+---------------------+------------+
| max_heap_table_size | 1073741824 | 
| tmp_table_size      | 1073741824 | 
+---------------------+------------+

This page suggests that the smaller of the two values determines when a temporary table becomes a disk-based table. I would think (personally) that 1GB would be more than large enough to handle any sized temporary table that we'd be creating, but apparently, I'm incorrect.

Can anyone suggest other methods to keep the number of disk-based temporary tables down?

I've got a rewrite like this:

RewriteRule /products.php?id=123&t=12345 /product/New-Product-Name

If I turn on RewriteLogging, and turn the level up, I get the following:

applying pattern '/products.php?id=123&t=12345' to uri '/products.php'

Why is the full uri (including querystring) not being looked at?

Our backup "solution" includes hooking up a USB drive to the backup server, and running a custom script that rsyncs the data on to the USB drive. However, after a while, the drive becomes read-only. Here's the output of dmesg:

[2502923.708171]  sdb: sdb1
[2502923.742767] sd 36:0:0:0: [sdb] Attached SCSI disk
[2502980.368020] kjournald starting.  Commit interval 5 seconds
[2502980.482705] EXT3 FS on sdb1, internal journal
[2502980.482705] EXT3-fs: recovery complete.
[2502980.488709] EXT3-fs: mounted filesystem with ordered data mode.
[2590744.432168] usb 1-2: USB disconnect, address 36
[2590744.432655] sd 36:0:0:0: [sdb] Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
[2590744.432784] end_request: I/O error, dev sdb, sector 795108447
[2590744.432857] Buffer I/O error on device sdb1, logical block 99388548
[2590744.432925] lost page write due to I/O error on sdb1
[2590744.433002] Buffer I/O error on device sdb1, logical block 99388549
[2590744.433070] lost page write due to I/O error on sdb1
[2590744.433139] Buffer I/O error on device sdb1, logical block 99388550
[2590744.433207] lost page write due to I/O error on sdb1
[2590744.433275] Buffer I/O error on device sdb1, logical block 99388551
[2590744.433343] lost page write due to I/O error on sdb1
[2590744.433410] Buffer I/O error on device sdb1, logical block 99388552
[2590744.433478] lost page write due to I/O error on sdb1
[2590744.433545] Buffer I/O error on device sdb1, logical block 99388553
[2590744.433613] lost page write due to I/O error on sdb1
[2590744.433681] Buffer I/O error on device sdb1, logical block 99388554
[2590744.433749] lost page write due to I/O error on sdb1
[2590744.433817] Buffer I/O error on device sdb1, logical block 99388555
[2590744.433884] lost page write due to I/O error on sdb1
[2590744.433953] Buffer I/O error on device sdb1, logical block 99388556
[2590744.434021] lost page write due to I/O error on sdb1
[2590744.434089] Buffer I/O error on device sdb1, logical block 99388557
[2590744.434157] lost page write due to I/O error on sdb1
[2590744.443942] sd 36:0:0:0: [sdb] Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
[2590744.447945] end_request: I/O error, dev sdb, sector 795108687
[2590744.452065] Aborting journal on device sdb1.
[2590744.452065] __journal_remove_journal_head: freeing b_committed_data
[2590744.452410] EXT3-fs error (device sdb1) in ext3_ordered_writepage: IO failure
[2590744.453795] __journal_remove_journal_head: freeing b_committed_data
[2590744.454481] ext3_abort called.
[2590744.454548] EXT3-fs error (device sdb1): ext3_journal_start_sb: Detected aborted journal
[2590744.454697] Remounting filesystem read-only
[2590744.457033] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #11968705 offset 0
[2590776.909451] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #122881 offset 0
[2590777.637030] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #30015490 offset 0
[2590949.026134] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591121.070802] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591211.109072] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591300.269439] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591357.322837] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591418.664452] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591572.792037] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591667.952082] EXT3-fs error (device sdb1): ext3_find_entry: reading directory #2 offset 0
[2591669.639597] __ratelimit: 3981 messages suppressed
[2591669.639658] Buffer I/O error on device sdb1, logical block 61014530
[2591669.639698] lost page write due to I/O error on sdb1

I'm not unmounting the drive within my script; can anyone suggest what would be causing this, so I can fix it?

I have a Debian GNU/Linux 4.0 box (that cannot be upgraded) running 24x7. It has several jobs in /etc/cron.daily, including our backup scripts. I noticed several weeks ago that the backup script was not running with any regularity.

This morning, I ran the cron directory manually (nice run-parts --report /etc/cron.daily) which is seen in both /etc/anacrontab and /etc/crontab. I got an email for logwatch, but not for any of the other jobs. Our backup scripts, specifically, have a large amount of output, and take a few hours. I have tried rearranging the jobs in /etc/cron.daily, with no effect, and I've recently removed anacron, since this box should "never" experience downtime.

Running any of the jobs individually seems to work fine. I've just added the backup script to /etc/crontab manually to see if it runs properly.

Does anyone have other suggestions?

I'm running Postfix + amavis + SpamAssassin. Messages are coming through just fine, and they're getting X-Spam-Score as I would expect, along with X-Spam-Status values, implying that SA is doing something with them. Unfortunately, amavis doesn't seem to want to actually mark them as spam, as all messages are coming through with X-Spam-Flag: NO.

An example message that I'm looking at right now has the following headers:

X-Virus-Scanned: Debian amavisd-new at magni
X-Spam-Flag: NO
X-Spam-Score: 11.733
X-Spam-Level: ***********
X-Spam-Status: No, score=11.733 tests=[BAYES_99=3.5, HTML_MESSAGE=0.001,
        MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905,
        RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033] autolearn=no

Here's my amavisd.conf file:

$mydomain = "";
$MYHOME = '/var/amavisd';
$TEMPBASE = "$MYHOME/tmp";

$inet_socket_port = 10024;
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;

# @local_domains_acl = qw( "." ); # you may want to use qw() to check all in and out
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 999; # triggers spam evasive actions
$sa_debug = 1;

$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT but we're tagging and passing)

$spam_admin = "postmaster\@$mydomain";
$spam_lovers{lc("postmaster\@$mydomain")} = 1;
$virus_admin = "postmaster\@$mydomain";

$QUARANTINEDIR = undef;
$virus_quarantine_to = undef;
#$spam_quarantine_to = 'spam-quarantine';

$remove_existing_spam_headers = 0;
$sa_local_tests_only = 0; # (default: false)
$SYSLOG_LEVEL = 'mail.err';
$DO_SYSLOG = 1;
$log_level = 2;

$enable_dkim_verification = 0;

# @bypass_spam_checks_maps = (1);

@lookup_sql_dsn = ( 'DBI:mysql:database=postfix;host=127.0.0.1;port=3306', '', '' );
$sql_select_policy = 'SELECT "Y" as local FROM aliases WHERE source IN (%k) UNION SELECT "Y" as local FROM users WHERE address IN (%k)';

1;

Any ideas?

UPDATE: A message that I've been holding on to:

X-Spam-Flag: NO
X-Spam-Score: 14.085
X-Spam-Level: **************
X-Spam-Status: No, score=14.085 tests=[BAYES_99=3.5, NO_DNS_FOR_FROM=1.496,
        RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5,
        RAZOR2_CHECK=0.5, RCVD_IN_XBL=3.033, RDNS_NONE=0.1,
        URIBL_BLACK=1.955,
        URIBL_JP_SURBL=1.501] autolearn=no

has this entry in the mail logs:

mail.log.1:Sep  5 21:43:39 magni amavis[25486]: (25486-10) Passed CLEAN, [78.189.26.137] [88.206.193.68] <[email protected]> -> <gms8994>, Message-ID: <[email protected]>, mail_id: 4Moi5p2dOV-I, Hits: 14.085, size: 891, queued_as: AFF8C2C367, 1156 ms

As suggested by Dave Drager, I'm going to try stopping spamd, and see what happens.

UPDATE2: Stopped spamassassin, leaving amavis running, just got this message:

X-Spam-Flag: NO
X-Spam-Score: 17.712
X-Spam-Level: *****************
X-Spam-Status: No, score=17.712 tests=[BAYES_99=3.5, FH_FROMEML_NOTLD=2.696,
        RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5,
        RAZOR2_CHECK=0.5, RCVD_ILLEGAL_IP=1.908, RCVD_IN_SORBS_WEB=0.619,
        RCVD_IN_XBL=3.033, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501]
        autolearn=failed

with this in the logs:

mail.log:Sep  9 08:49:11 magni amavis[13604]: (13604-10) Passed CLEAN, [77.70.121.78] [77.70.121.78] <trfq@pc-2bb82028ef37> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Lg-rCSg9x0rr, Hits: 17.712, size: 844, queued_as: 8269D2BF6B, 2312 ms

per @cite, I looked at /etc/amavis/conf.d/50-user (I am actually running debian). It was empty. I moved the configuration from /etc/amavis/amavisd.conf to 50-user, and restarted, and messages are now being tagged with X-Spam-Flag: YES. Points to cite.

I currently have a 3 disk RAID5, all are 400GB WD SATA drives, on an Areca RAID controller. One of the drives has recently gone bad, leaving the array in a degraded state. If I replace the bad drive with, say, a 500GB drive, and then restore the array, will it still have the same size, or will it automatically grow larger?

Part two of this question: what if I then upgrade each disk one at a time, and restore the array each time?

Currently, at the datacenter, we have 6 boxes. Each of these runs a LAMP stack, and each of these needs to be backed up. The obvious solution is to back up all of this to one machine, and then plug in a drive to it, and back that up.

Problem is, some of our employees (read: the person who would be plugging in the drive) are lazy. So I was tasked with writing a script to back up each of our machines locally, so that they could then be backed up offsite in the same vein as above. However, the datacenter charges on a 95th percentile, and these backups are costing the company money.

My question, for small/medium sized businesses: what is the appropriate scenario that we should be using to back up our data? Currently, buying another machine to backup to is a far off non-possibility, but would be taken in to consideration.

I need to have postfix store mail in a maildir in /var/mail/<DOMAIN>/<USER>. I've got

mail_spool_directory = /var/mail

and I'm preparing

home_mailbox = 

but I don't know where to go from there.

Assistance please?

EDIT: SF ate my tag. Please re-read to determine paths.

I'd like to create a single rule in iptables (if possible) that uses multiple source IP addresses. Is this possible?