The Penguinlinux.com Blog

Want to just get going ? Try: qmqtool -l

Q. How do I install qmqtool ?
A. vi qmqtool, and ensure the path and syntax to “ps” and “grep” are
compatible with your operating system (defined at the top)
cp qmqtool /usr/local/script/
chmod 0700 /usr/local/script/qmqtool
chown root /usr/local/script/qmqtool

Q. Why arent messages that I just expired going away ?
A. After expiring, you can force the queue to run by:
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send/
A. If you have already forced qmail to re-run the queue, you may be
running into a scenario where qmail-remote is caching an
unresponsive SMTP server, and messages after the first are kept in
the queue to be tried later. There’s no solution to this problem,
besides to simply delete the messages instead of expire.

Q. Do I really have to restart qmail-send after using -d ?
A. You should. qmail doesnt know you’ve removed the message from the
queue, and will keep trying to send it. Each time it tries, you’ll
see a complaint in your log file.

Q. What is the difference between ‘expiring’ and ‘deleting’ messages?
A. qmail remembers what messages are in it’s queue. If you tinker
with the queue manually (via deleting a message), you will have
to restart qmail-send. By simply expiring the message, you trick
qmail into thinking the message has been in the queue too long
(about double the queuelifetime), and qmail gracefully removes the
message for you.

Q. How can I list all messages that have the subject of
“Free Pupil Enlargment” ?
A. qmqtool -f ‘^Subject: Free Pupil Enlargment’
will do a pretty good job; since qmqtool’s -f argument searches
the entire message, this could list an incorrect message if the
string ‘Subject: Free Pupil Enlargment’ is found in the body of
the email and not in the header.

Q. How can I delete all messages with a subject of “Pupil Enlargment”?
A. qmqtool -d -f ‘^Subject: Pupil Enlargment!’`
restart qmail-send.

Q. How can I show how many queued messages a host has sent?
A. If you’ve got a plain-vanilla qmail installation, try: qmqtool -i
If you’ve got frontend servers that relay mail to backend servers,
qmqtool -i -n 2
You can also try qmqtool -i -V

Q. How can I keep my queue clean of soon-to-be double bounces?
A. Enter the following single line into root’s crontab (adjust for
syntax and path differences, of course):
17,47 * * * * qmqtool -e -o 2 -f ‘invoked for bounce|^Subject: failure notice’ >/dev/null 2>&1
This is not 100% accurate; some legitimate bounce messages will be
deleted.

Q. How can I delete all messages from my remote and local queue ?
A. qmqtool -d -f .
restart qmail-send.

Q. How can I delete multiple messages at a time ?
A. qmqtool -d 1234,5678

Q. How can I find out who most of my remotely queued messages are
destined for?
A. qmqtool -R | awk ‘/Recipient:/ { print $3 }’ | sort | uniq -c | sort -n
(your awk, sort, and uniq syntax may differ)

Q. How can I list messages with a subject of “Failure Notice” that
are 18+ hours old ?
A. qmqtool -o 18 -f ‘^Subject: Failure Notice’

Q. How can I expire messages with a subject of “Failure Notice” that
are have been queued for 18+ hours ?
A. qmqtool -e -o 18 -f ‘^Subject: Failure Notice’

Q. How can I do the previous question, but watch as it goes ?
A. use -V: qmqtool -V -e -o 18 -f ‘^Subject: Failure Notice’

Q. How can I make a list of just queued bounce messages ?
A. qmqtool -f ‘invoked for bounce’
will do a good job.

Q. What is a “LWQ installation” ?
A. I (and the general qmail community) recommend installing qmail as
per http://www.lifewithqmail.org/

Q. How can I move qmail’s queue to a different machine?
A. Use the backup and restore feature:
1. On old machine:
stop qmail-send
qmqtool -Bb
cd /var/qmail
tar -zcvf queue.tgz queue.backup/
copy or move queue.tgz to the new machine

2. On new machine:
cd /var/qmail
tar -zxvf queue.tgz
stop qmail-send
qmqtool -Br
start qmail-send

Q. How can I view message number 12345 ?
A. qmqtool -v 12345

Q. How can I view the whole message 12345, instead of the first 100 lines?
A. qmqtool -wv 12345

Our older server got used to send out a whole crap load of those stock spams today. I am somewhat less than thrilled. I noticed an increase in messages this afternoon and saw from the header that it had come from a UID rather than the network.

After tracking it down to a php mail script that didn’t check for email injection I set about cleaning it up. I thought I would post my clean up here for anyone else that has the same misfortune. If you want to avoid this issue in the first place you can use this function (from php.net) and loop through your post vars like this:

# what we do - is we simply check all posted values.
foreach($_POST as $f=>$v) {
   $_POST[$f] = _local_replace_bad($v);
}

Right. Cleaning up this mess…..

1. look at the queue:

   /var/qmail/bin/qmail-qstat
   messages in queue: 27645
   messages in queue but not yet preprocessed: 82
   

2. dump the queue to a text file to look for emails being sent to BULK recipients:

   /var/qmail/bin/qmail-qread > queue.txt
   		

3. Find the offending email, where #id is the email id from stage 2:

   find /var/qmail/queue/mess/ -name #id
   		

4. Find out where the email originated, where #uid is the user id from stage 3:

   grep #uid /etc/passwd
   		

5. If stage 4 shows the user to be apache then you can see what scripts are running in realtime using:

   lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' {
   if(!str) { str=$1 } else { str=str\",\"$1}}END{print str}'` |
   grep vhosts | grep php
   		

6. Fix the script if necessary then stop smtp so we can fix the issue:

   service qmail stop
   service xinetd stop
   		

7. Remove the offending emails. The search text can be replaced with anything that identifies the spam (beware of false positives). The following displays matching emails:

   find /var/qmail/queue/mess -type f -exec grep \"Do you want cheap Viagra?\" {} \; -print
   		

   and this removes them

   find /var/qmail/queue/mess -type f -exec grep \"Do you want cheap Viagra?\" {} \; -print -exec rm {} \;
   		

8. Clean the qmail queue. This depends on your setup and if you have queue-fix or qmhandle installed
9. Re-start qmail and inetd:

   service qmail start
   service xinetd start
   		

10. Go through the access logs for the offending script. Find the delightful gentelmens’ IP address and give them a friendly hello.

I hope this helps people out there. We are going to be updating our framework to allow for easier tracking of spam so we can cut down the time it takes to track these things back. My profound thanks go to SWsoft for their knowledgebase and to FAQTs for theirs.

b.

Mounting smbfs Shares Permanently Help File

By Ray Cowan
This document provides help on mounting smbfs shares permanentantly. These can be shares on a Windows computer or on a Linux/UNIX server running Samba.

Throughout this document, I use the term Windows computer to indicate the server. It can be either a Windows computer or a Linux/UNIX server running Samba.

The Windows username and Windows password refer to the username and password on either the Windows computer or the Linux/UNIX server running Samba.

Continua”How to Mount SMB Shares Permanently”