37℃的站点

好诗

admin — Mon, 07 May 2012 01:22:12 +0000

我年八十卿十八，卿是红颜我白发。与卿颠倒本同庚，只隔中间一花甲

十八新娘八十郎，苍苍白发对红妆。鸳鸯被里成双夜，一树梨花压海棠。

oracle 权限导致的无法登陆问题

admin — Wed, 18 Apr 2012 09:41:15 +0000

ORA-01034: ORACLE not available
ORA-27123: unable to attach to shared memory segment
SVR4 Error: 13: Permission denied

因为今天不小心把数据库的权限更改了，导致数据库无法登陆

cd cd /u01/oracle/product/10.2.0.3/bin

chmod u+x oracle

重启下数据库

就可以了

http://space.itpub.net/7364032/viewspace-245928

centos nginx php mysql 安装脚本

admin — Thu, 29 Mar 2012 02:51:08 +0000

centos nginx php mysql 安装脚本

lnmp

支持centos 5 和centos 6 64位没机器测试。

持续更新

centos mono nginx aspx

admin — Thu, 29 Mar 2012 02:41:09 +0000

参考网址

http://www.claassen.net/geek/blog/2011/01/nginxmono-vs-apachemod_mono.html

http://www.mono-project.com/FastCGI_Nginx

vim /etc/yum.repos.d/mono.repo

[mono]
name = novell-mono
baseurl=http://ftp.novell.com/pub/mono/download-stable/RHEL_5/
enabled=1
gpgcheck=0
~

yum install mono-*

source /opt/novell/mono/bin/mono-addon-environment.sh

cat /opt/novell/mono/bin/mono-addon-environment.sh /etc/profile.d/

mono –version

vim /etc/init.d/mono

#!/bin/sh

# chkconfig: – 85 15
# description: Fast CGI mono server
# processname: fastcgi-mono-server2.exe

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/novell/mono/bin
DESC=fastcgi-mono-server4

WEBAPPS=”/:/home/wwwroot/37du.org/asp.37du.org”
LISTENER=”tcp:127.0.0.1:9000″

MONOSERVER=/opt/novell/mono/bin/fastcgi-mono-server2
MONOSERVER_PID=$(ps auxf | grep “${LISTENER}” | grep -v grep | awk ‘{print $2}’)

case “$1″ in
start)
if [ -z "${MONOSERVER_PID}" ]; then
echo “starting mono server”
${MONOSERVER} /applications=${WEBAPPS} /socket=${LISTENER} &
echo “mono server started”
else
echo ${WEBAPPS}
echo “mono server is running”
fi
;;
stop)
if [ -n "${MONOSERVER_PID}" ]; then
kill ${MONOSERVER_PID}
echo “mono server stopped”
else
echo “mono server is not running”
fi
;;
esac

exit 0
~

vim facgi.conf

# mono
fastcgi_param PATH_INFO "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

vim asp.37du.org

server
{
listen 80;
server_name asp.37du.org;
location /
{
root /home/wwwroot/37du.org/asp.37du.org;
index index.html default.aspx index.aspx;
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index default.aspx;
include /usr/local/nginx/conf/fcgi.conf;
}

location ~* ^.+\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked 37du.org *.37du.org ;
if ($invalid_referer) {
rewrite ^/ http://www.37du.org/403.html;
}
expires 30d;
}
location ~* \.(js|css)?$
{
expires 12h;
}
access_log /dev/null;
}

启动mono 重启nginx

下载探针

wget wget http://aspnetsysinfo.googlecode.com/files/aspnetsysinfo-revision_23.zip

linux ext3 文件系统目录下子目录限制及文件限制

admin — Wed, 28 Mar 2012 07:08:54 +0000

.ext3文件系统一级子目录的个数默认为31998(个)，准确地说是32000个。
include/linux/ext3_fs.h:#define EXT3_LINK_MAX

32000

1.ext3文件系统一级子目录的个数默认为31998(个)，准确地说是32000个。
Linux为了cpu的搜索效率而规定的,要想改变数目限制需要重新编译内核。我看到在kernel代码中有这样的：
include/linux/ext2_fs.h:#define EXT2_LINK_MAX 32000
include/linux/ext3_fs.h:#define EXT3_LINK_MAX 32000

http://www.51testing.com/?uid-225738-action-viewspace-itemid-236959

erlang

admin — Sun, 25 Mar 2012 08:33:12 +0000

otp 14b

wget -O /etc/yum.repos.d/epel-erlang.repo http://repos.fedorapeople.org/repos/peter/erlang/epel-erlang.repo

这里有编译好的rpm包 otp 15

http://binaries.erlang-solutions.com/R15B/

Postfix Randomizing Outgoing IP Using TCP_TABLE And Perl

admin — Wed, 21 Mar 2012 06:13:01 +0000

This time i’ll show you how to randomize your smtp outbound’s IP addresses. This can be done via transport map. But, since ordinary Postfix lookup tables store information as (key, value) pairs. it will provide static value only. we need someting that can manipulate the value (right hand side) of a lookup table. In order to answer random transport value.

first come to mind was tcp_tables, tcp_tables lookup table gives some flexibility for us to execute our tiny perl script that will randomizing transport. that’s the basic idea.

Ok, here’s the first part, create perl script call random.pl, anyway this script only provide answer in “catch-all” manner. so it will randomized, all outgoing mail.
# cd /etc/postfix
# vi random.pl

#!/usr/bin/perl -w
#author: Hari Hendaryanto

use strict;
use warnings;
use Sys::Syslog qw(:DEFAULT setlogsock);

#
## our transports array, we will define this in master.cf as transport services
##

our @array = (
‘rotate1:’,
‘rotate2:’,
‘rotate3:’,
‘rotate4:’,
‘rotate5:’
);
#
#
# Initalize and open syslog.
#
openlog(‘postfix/randomizer’,'pid’,'mail’);

#
# Autoflush standard output.
#
select STDOUT; $|++;

while (<>) {
chomp;
# randomizing transports array
my $random_smtp = int(rand(scalar(@array)));
if (/^get\s(.+)$/i) {
print “200 $array[$random_smtp]\n”;
syslog(“info”,”Using: %s Transport Service”, $random_smtp);
next;
}

print “200 smtp:”;
}

Make it executable

chmod 755 random.pl

master.cf parts

Run the scripts via postfix spawn daemon service

127.0.0.1:2527 inet n n n - 0 spawn

user=nobody argv=/etc/postfix/random.pl

add 5 smtp client services called rotate1, rotate2, rotate3, rotate4, rotate5, that bind to its own ip
address and has uniq syslog/helo name.

# random smtp

rotate1 unix - - n - - smtp

-o syslog_name=postfix-rotate1

-o smtp_helo_name=smtp1.example.com

-o smtp_bind_address=1.2.3.1

rotate2 unix - - n - - smtp

-o syslog_name=postfix-rotate2

-o smtp_helo_name=smtp2.example.com

-o smtp_bind_address=1.2.3.2

rotate3 unix - - n - - smtp

-o syslog_name=postfix-rotate3

-o smtp_helo_name=smtp3.example.com

-o smtp_bind_address=1.2.3.3

rotate4 unix - - n - - smtp

-o syslog_name=postfix-rotate4

-o smtp_helo_name=smtp4.example.com

-o smtp_bind_address=1.2.3.4

rotate5 unix - - n - - smtp

-o syslog_name=postfix-rotate5

-o smtp_helo_name=smtp5.example.com

-o smtp_bind_address=1.2.3.5

Before we actually implement our randomize transport, let’s make sure that the setting actually work.

Reload postfix

Note on “whatever”, since the script acted in “catch-all” mode as i’ve mentioned earlier, what ever postfix transport_maps client asked. it will be answered with random values such as rotate1, rotate2, rotate3, rotate4, rotate5 in randomized fashion.

main.cf parts

transport_maps = tcp:[127.0.0.1]:2527

127.0.0.1:2527_time_limit = 3600s

that’s it. example log would be like these and that’s indicate that randomizer is working.

Month date 12:26:53 host postfix-rotate1/smtp[4252]: A1CA68480A4: to=, relay=mx.example.com.com[xx.xx.xxx.xx]:25], delay=3.6, delays=0.69/0.01/0.81/2, dsn=2.0.0, status=sent (250 ok dirdel)

--snip--

Month date 12:27:06 host postfix-rotate5/smtp[4253]: 41C2E8480A4: to=, relay=mx.example.net[xx.xxx.xxx.xxx]:25], delay=6, delays=0.14/0.01/0.85/5, dsn=2.0.0, status=sent (250 ok dirdel)

--snip--

Month date 12:27:22 host postfix-rotate3/smtp[4277]: 4BA9F8480A4: to=, relay=mx.exa

摘自

http://www.kutukupret.com/2010/12/06/postfix-randomizing-outgoing-ip-using-tcp_table-and-perl/

ultraiso 9.5 注册码

admin — Tue, 20 Mar 2012 02:34:04 +0000

用户名：王涛
注册码：7C81-1689-4046-626F

用户名:Steve Olson
注册码:2BEC-ED28-82BB-95D7

centos postfix opendkim spf smtpd dovecot

admin — Wed, 29 Feb 2012 06:57:19 +0000

qq 110129307

操作系统centos 5 64位
操作系统centos 6 32位

系统需要smtpd 验证和 pop3 收取信件

postfix 2.5.9 通过iredmail 安装的，amavisd-new设置dkim，但是太占用资源，改用postfix加系统用户使用opendkim来做签名

下载epel
centos5
wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

rpm -ivh epel-release-5-4.noarch.rpm

centos 6

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

yum remove sendmail

yum install opendkim postfix dovecot

先在godaddy设置域名指向 a记录和mx记录，godaddy支持spf

点击add spf record 类似下面的v=spf1 a mx ptr mx:mail.37du.org ptr:-all include:-all -all

修改主机名
hostname /etc/sysconfig/network

yum install opendkim or yum install postfix opendkim cyrus-sasl*

一、postfix 主要更改

myhostname = mail.37du.org

mydomain = 37du.org

myorigin = $mydomain

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

home_mailbox = Maildir/

#sasl
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

smtpd_client_restrictions =
permit_mynetworks

smtpd_sender_restrictions =
permit_mynetworks

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,

#在最后面添加opendkim相关配置

smtpd_milters     = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol   = 2

二、为系统用户添加验证我们这里使用cyrus-sasl

vi /etc/sysconfig/saslauthd

看MECH=pam 是否等于pam

vi /usr/lib64/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

系统自带的sasl无法测试通过，修改启动脚本的参数

vi /etc/init.d/saslauthd

在 -a 后面加入shadow参数可以通过测试
daemon $DAEMONOPTS $path -m $SOCKETDIR -a shadow $MECH $FLAGS

测试系统用户

testsaslauthd -u luo -p 123456
0: OK “Success.”

说明测试成功

以上是centos 6 64 32位系统而在centos 5 x86-64没有修改直接通过

三、配置opendkim
mkdir /etc/opendkim/keys/37du.org

生成签名

opendkim-genkey -D /etc/opendkim/keys/37du.org/ -d 37du.org -s default

设置权限

chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com

修改文件名

Mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/example.com/default
cat /etc/opendkim/keys/example.com/default.txt
default._domainkey IN TXT “v=DKIM1; r=postmaster; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdmEVryuABtNw0CDf9NwQUBI8+pklPWND891llorZE8ubwQjUc49VEQC378V5chuWSiobFeZCmkrceKhTLKMD/vGeH7y6gRunQsS12G0I1DgYwESXDg0OOnyHCQgqcdv5JpZvDOdAlsIuI2hGyntHnrndP3diZIMWBR+8v7DFdewIDAQAB” ; —– DKIM default for 37du.org

将双引号内的部分去掉r=postmaster; 填到域名txt记录内并且在添加一个下面的

_adsp._domainkey.example.com IN TXT “dkim=unknown”

主要配置文件为/etc/opendkim.conf

修改opendkim.conf

Mode sv

可以注释掉下面一行

#KeyFile /etc/opendkim/keys/default.private

KeyTable /etc/opendkim/KeyTable

SigningTable /etc/opendkim/SigningTable

ExternalIgnoreList refile:/etc/opendkim/TrustedHost

InternalHosts refile:/etc/opendkim/TrustedHosts

修改

/etc/opendkim/KeyTable

default._domainkey.37du.org 37du.org:default:/etc/opendkim/keys/37du.org/default

修改

/etc/opendkim/SigningTable

37du.org default._domainkey.37du.org

修改

/etc/opendkim/TrustedHosts

127.0.0.1
localhost
1.2.3.5 添加自己的ip

#如果这个不加会报下面的错误Feb 28 22:10:53 vps81608 opendkim[1849]: (unknown-jobid): mail.37du.org [xx.xx.xx] not internal
Feb 28 22:10:53 vps81608 opendkim[1849]: (unknown-jobid): not authenticated
Feb 28 22:10:53 vps81608 opendkim[1849]: 70DE92FC433: no signature data
Feb 28 22:10:53 vps81608 postfix/qmgr[1928]: 70DE92FC433: from=, size=416, nrcpt=1 (queue active)

注解可看下面的连接

http://lists.opendkim.org/archive/opendkim/users/2010/03/0161.html

So looking at these log entries, you probably did get a domain name match on the mail, satisfying (a) above; however:

> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 no MTA name match

You didn’t have any configuration information that indicates what MTA names should be considered as internal sources;

> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 [10.255.0.2] [10.255.0.2] not internal

The internal host table does not contain 10.255.0.2, your SMTP client;

> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 not authenticated

…and SMTP AUTH was not done by the SMTP client sending the mail. So condition (b) above has not been met, so it will not sign your mail.

> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096: no signature data

So it tried to verify the mail instead, and this log entry indicates it was not signed.

Try adding 10.255.0.2 (or perhaps that whole subnet) to your internal hosts table and try sending again. Check the opendkim.conf(5) man page for the InternalHosts setting description

/etc/init.d/postfix start
/etc/init.d/opendkim start

发信测试网站http://www.brandonchecketts.com/emailtest.php

四、配置dovecot

vi /etc/dovecot/dovecot.conf

protocols = imap pop3 lmtp

vi 10-auth.conf

disable_plaintext_auth = no

auth_mechanisms = plain login

vi 10-mail.conf

mail_location = maildir:~/Maildir

如果用系统用户测试默认即可
auth-system.conf.ext

参考http://corpocrat.com/2008/07/10/setup-postfixdovecot-mailserver-for-centosrhel/

http://my.oschina.net/u/134739/blog/29588

main.cf

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous

transport_maps = hash:/etc/postfix/transport
slow_destination_concurrency_limit = 50
slow_destination_rate_delay = 1
slow_destination_concurrency_failed_cohort_limit = 1
slow_concurrency_failed_cohort_limit = $slow_destination_concurrency_failed_cohort_limit

strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_unknown_client,
permit
smtpd_sender_restrictions =
permit_mynetworks,
#     reject_sender_login_mismatch,
#     reject_authenticated_sender_login_mismatch,
#     reject_unauthenticated_sender_login_mismatch,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_multi_recipient_bounce,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit

smtpd_milters     = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol   = 2

transport

yahoo.com slow:

master.cf

slow unix - - n - - smtp
-o syslog_name=postfix-slow
控制向yahoo发送邮件重试次数

js挂马

admin — Tue, 10 Jan 2012 07:01:24 +0000

首页通过搜索引擎，点击后跳转到另外一个主页，查找php木马也查找不到，用命令发现有一个木马加密隐藏在模板里，网站是通过phpcms写的，phpcms的权限设置有点问题。导致经常中木马。

最后通过firebug发现首页里有一条访问js代码跳转到其他域名。原来是写到js脚本最后。