我想创建一个加密的 tar,但我也想记录 tar 压缩的内容,我正在使用以下命令:
tar -cvvf - --files-from=/root/backup.cfg | openssl des3 -salt -k backuppass | dd of=/root/tmp/back.encrypted
但我需要一份 tar 的标准输出日志。我不知道如何得到它,因为如果我在 tar 命令 openssl 中使用“>”,结果是不正确的。
我还检查了 tar 手册,希望找到一些将 stdout 写入文件的选项,但我一无所获。
有帮助吗?
感谢和问候。
我正在尝试从 Linux 服务器获取正在运行的进程,但我有一些疑问。如果我得到最高出口,我有:
# top -b -n1 | head -n5
top - 16:18:19 up 60 days, 21:22, 8 users, load average: 0.03, 0.13, 0.15
Tasks: 1274 total, 7 running, 1267 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.6% us, 2.4% sy, 0.0% ni, 95.8% id, 0.1% wa, 0.0% hi, 0.0% si
Mem: 6291556k total, 5269044k used, 1022512k free, 29976k buffers
Swap: 6291448k total, 82508k used, 6208940k free, 649292k cached
我想知道的是哪个处理是 top 在第二行中说的“正在运行”的“7”。
我试过“ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm”并按等于“R”的“stat”状态过滤,但我无法得到这个4道工序。我总是得到“ps 和 grep”,有时我得到另一个,但不是 ttop 显示的七个。
有什么办法可以得到吗?
感谢和问候。
我正在尝试配置辅助后缀以针对我的主后缀服务器启用 SMTP AUTH (postfix + ldap auth + cyrus)
我已经按照http://www.postfix.org/SASL_README.html#client_sasl添加:
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
relayhost = [192.168.66.98]
辅助后缀的配置文件是:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost, 192.168.66.85
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = ddol-test.com
mynetworks = 192.168.66.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination
relayhost = [192.168.66.98]
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
transport_maps =
unknown_local_recipient_reject_code = 550
# cat /etc/postfix/sasl_passwd
[192.168.66.98] [email protected]:1234
当我发送邮件时,它被正确重定向到 .66.98,但它没有对其进行身份验证,并且电子邮件的行为类似于未经过身份验证的用户。
这是我的主要后缀配置:
# cat main.cf
...
...
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions =
reject_authenticated_sender_login_mismatch,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
check_policy_service inet:127.0.0.1:10031,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unverified_recipient,
check_policy_service inet:127.0.0.1:10045,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client xbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
permit
header_checks = pcre:/etc/postfix/header_checks
smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:10031
soft_bounce = no
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_sender_login_maps = ldap:/etc/postfix/sender_maps
amavisd-new_destination_concurrency_limit = 20
virtual_alias_maps = ldap:/etc/postfix/mailRedirect ldap:/etc/postfix/virtual ldap:/etc/postfix/catch-all
smtpd_sasl_local_domain =
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
message_size_limit=15728640
现在,从辅助后缀发送的任何邮件都被转发到主后缀,但它通过了所有检查,因为它是针对未经过身份验证的用户的,但我不希望这样。我希望电子邮件的行为与经过身份验证的用户相同,并在 smtpd_recipient_restrictions 中的“permit_sasl_authenticated”中停止。
我已经使用 MYSQL 和以下选项在 postfix 中定义了全局白名单:
smtpd_recipient_restrictions =
reject_invalid_hostname,
check_client_access mysql:/etc/postfix/client_whitelist
check_sender_access mysql:/etc/postfix/sender_whitelist
check_recipient_access mysql:/etc/postfix/recipient_whitelist
permit_mynetworks,reject
内容/etc/postfix/client_whitelist
host = localhost:3306
user = root
password = password
dbname = postfix
query = SELECT restriction FROM client_whitelist WHERE client = "%s" AND status = "1";
mysql表
+---------------+-------------+--------+
| client | restriction | status |
+---------------+-------------+--------+
| 192.168.66.18 | OK | 1 |
| 192.168.66.92 | OK | 1 |
| 192.168.66.93 | REJECT | 1 |
+---------------+-------------+--------+
我有相同的发件人和收件人表。我的主要问题是我在 postfix 后面有多个域,我想在考虑哪个是接收者的情况下过滤客户端/发件人。例如:
Mail from 192.168.66.92 and sender "[email protected]" IS ALLOW to "[email protected]"
Mail from 192.168.66.92 and sender "[email protected]" IS NOT ALLOW to "[email protected]"
Mail from 192.168.66.18 IS ALLOW for recipient or domain "domain1.com"
Mail from 192.168.66.18 IS NOT ALLOW for recipient or domain "domain2.com"
有什么办法可以在 postfix 中实现这个吗?我一直在谷歌搜索但没有运气。
另一方面,我正在考虑放置一个“后缀代理”以重定向到另一个后缀实例,并且每个实例都会过滤每个域。但是我不确定这种环境的性能,即使它是可能的。
我正在尝试实施 postfix + policyd/amavis + dspam。问题是我需要进行 ldap 查找才能获得 nexthop。但同时我需要将一些“电子邮件地址”重定向到“dspam-retrain”。我不知道该怎么做,我的意思是,我的配置如下:
主文件
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
mydomain = ddol-test.com
myorigin = $myhostname
inet_interfaces = localhost, 192.168.66.98
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.66.0/24, 127.0.0.0/8
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#transport_maps = ldap:/etc/postfix/perditionMailhost_ldap
transport_maps = hash:/etc/postfix/transport
content_filter = amavisd-new:[127.0.0.1]:10024
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
local_recipient_maps =
大师.cf
smtp inet n - n - 200 smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
-o disable_dns_lookups=yes
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
amavisd-new unix - - n - 2 smtp
-o smtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=lmtp:unix:/tmp/dspam.sock
-o dspam_destination_recipient_limit=1
localhost:10026 inet n - n - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
dspam-retrain unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --user [email protected] --class=$nexthop --source=error
cat /etc/postfix/传输
[email protected] dspam-retrain:spam
[email protected] dspam-retrain:innocent
[email protected] dspam-retrain:innocent
cat /etc/postfix/perditionMailhost_ldap
server_host = ldap1-1.ddol-test.com:1389
version = 3
search_base = ou=mymensajes,ou=pre_ddolcontext,dc=org
scope = sub
query_filter = mail=%s
result_attribute = perditionMailhost
ldap_bind = no
result_filter = relay:[%s]
所以,我需要:
如果邮件是 [email protected] 重定向到 dspam-retrain:spam 否则使用 ldap 表来获取 nexthop。
但我不知道应该使用哪个额外选项,因为我不能使用两个 transport_maps 定义。
我不确定我是否正确地解释了自己,但愿如此:)
谢谢!
我正在尝试使用 postfix + policyd/amavis + mysql 白名单/黑名单查找来实现邮件服务器。
问题是我想在它们之间有一个“中间”队列,以防其中一个失败,电子邮件不会被拒绝并保持在队列中,直到故障点恢复。
我的想法如下:
postfix(25) -> queue -> mysql white/blacklist lookups (RBL) -> queue -> policyd(10031)/amavis(10014) -> queue -> dspam(sock) -> postfix(10025)/relay
有了这个想法,如果其中一个“中间”点失败,我不会丢失任何电子邮件,所有电子邮件都将留在队列中。
我的配置是:main.cf
...
transport_maps = ldap:/etc/postfix/perditionMailhost_ldap
content_filter = amavisd-new:[127.0.0.1]:10024
...
smtpd_recipient_restrictions =
reject_invalid_hostname,
check_client_access mysql:/etc/postfix/client_whitelist
check_sender_access mysql:/etc/postfix/sender_whitelist
check_recipient_access mysql:/etc/postfix/recipient_whitelist
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
check_policy_service inet:127.0.0.1:10031,
permit_mynetworks,
reject
smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
disable_vrfy_command = yes
invalid_hostname_reject_code = 554
non_fqdn_reject_code = 554
...
大师.cf
smtp inet n - n - 200 smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
amavisd-new unix - - n - 2 smtp
-o smtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
relay unix - - n - - smtp
-o smtp_fallback_relay=
-o disable_dns_lookups=yes
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
有什么帮助吗?甚至,我不确定这是否可能。
感谢和问候。