Alexander Farber's questions

在 CentOS 7 Linux 上，我运行 Drupal，它要求用户确认他们的邮件地址。

我通过以下方式修改了后缀配置文件：

/etc/后缀/通用：

@www.localdomain [email protected]

/etc/postfix/main.cf：

smtp_generic_maps = hash:/etc/postfix/generic

这导致 Drupal 向新用户发送注册邮件，其中包含以下标题：

From: [email protected]     <--- non-existing address at my domain
Reply-To: [email protected] <--- my private mail address

这很好用（比以前更好，当我设置From:为我的 Gmail 地址并且 Gmail 认为我的网站正在向其他人发送垃圾邮件时），但我有一个问题：

我不想再接收任何发给任何人的邮件@preferans.de（太多垃圾邮件涌入），所以我删除了服务器 DNS 条目中的 MX 记录，并通过 iptables 关闭了端口 25。

现在当一个新的 Drupal 用户输入一个虚假地址时，注册邮件会退回，[email protected]但我的 postfix 安装无法传递它：

/var/log/maillog：

Aug 16 18:20:44 www postfix/master[1006]: daemon started -- version 2.10.1, configuration /etc/postfix
Aug 16 22:29:20 pref postfix/cleanup[9031]: 785952C03A8: message-id=<[email protected]>
Aug 16 22:29:20 pref postfix/bounce[9033]: 5B56F2C03A7: sender non-delivery notification: 785952C03A8
Aug 16 22:29:20 pref postfix/qmgr[24449]: 785952C03A8: from=<>, size=3262, nrcpt=1 (queue active)
Aug 16 22:29:20 pref postfix/qmgr[24449]: 5B56F2C03A7: removed
Aug 16 22:29:22 pref postfix/smtp[9009]: connect to preferans.de[88.99.244.39]:25: Connection refused
Aug 16 22:29:22 pref postfix/smtp[9009]: 785952C03A8: to=<[email protected]>, relay=none, delay=1.5, delays=0/0/1.5/0, dsn=4.4.1, status=deferred (connect to preferans.de[88.99.244.39]:25: Connection refused)
Aug 16 22:38:51 pref postfix/qmgr[24449]: 785952C03A8: from=<>, size=3262, nrcpt=1 (queue active)
Aug 16 22:38:51 pref postfix/smtp[9208]: connect to preferans.de[88.99.244.39]:25: Connection refused
Aug 16 22:38:51 www postfix/smtp[9208]: 785952C03A8: to=<[email protected]>, relay=none, delay=571, delays=571/0.01/0.01/0, dsn=4.4.1, status=deferred (connect to preferans.de[88.99.244.39]:25: Connection refused)
Aug 16 22:48:51 www postfix/qmgr[24449]: 785952C03A8: from=<>, size=3262, nrcpt=1 (queue active)
Aug 16 22:48:51 www postfix/smtp[9393]: connect to preferans.de[88.99.244.39]:25: Connection refused
Aug 16 22:48:51 www postfix/smtp[9393]: 785952C03A8: to=<[email protected]>, relay=none, delay=1171, delays=1171/0.01/0.01/0, dsn=4.4.1, status=deferred (connect to preferans.de[88.99.244.39]:25: Connection refused)
Aug 16 23:08:51 www postfix/qmgr[24449]: CF37F2C039F: from=<[email protected]>, size=1234, nrcpt=1 (queue active)
Aug 16 23:08:51 www postfix/qmgr[24449]: 785952C03A8: from=<>, size=3262, nrcpt=1 (queue active)
Aug 16 23:08:51 www postfix/smtp[9797]: connect to preferans.de[88.99.244.39]:25: Connection refused
Aug 16 23:08:51 www postfix/smtp[9797]: 785952C03A8: to=<[email protected]>, relay=none, delay=2371, delays=2371/0.01/0.01/0, dsn=4.4.1, status=deferred (connect to preferans.de[88.99.244.39]:25: Connection refused)
Aug 16 23:08:51 www postfix/smtp[9796]: connect to gamai.com[67.227.226.241]:25: Connection refused
Aug 16 23:08:51 www postfix/smtp[9796]: CF37F2C039F: to=<[email protected]>, relay=none, delay=4588, delays=4588/0.01/0.13/0, dsn=4.4.1, status=deferred (connect to gamai.com[67.227.226.241]:25: Connection refused)
Aug 16 23:48:52 www postfix/qmgr[24449]: 785952C03A8: from=<>, size=3262, nrcpt=1 (queue active)
Aug 16 23:48:52 www postfix/smtp[10420]: connect to preferans.de[88.99.244.39]:25: Connection refused
Aug 16 23:48:52 www postfix/smtp[10420]: 785952C03A8: to=<[email protected]>, relay=none, delay=4772, delays=4772/0.01/0.01/0, dsn=4.4.1, status=deferred (connect to preferans.de[88.99.244.39]:25: Connection refused)

队列已满：

# sudo mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
CF37F2C039F     1234 Wed Aug 16 21:52:22  [email protected]
                 (connect to gamai.com[67.227.226.241]:25: Connection refused)
                                         [email protected]

785952C03A8     3262 Wed Aug 16 22:29:20  MAILER-DAEMON
                (connect to preferans.de[88.99.244.39]:25: Connection refused)
                                         [email protected]

BD4222C03B6     1219 Thu Aug 17 07:48:48  [email protected]
(host mx.yandex.ru[87.250.250.89] said: 451 4.5.1 The recipient <[email protected]> has exceeded their message rate limit. Try again later. 1502957639-8f63s3727h-Dw8G1QLj (in reply to end of DATA command))
                                         [email protected]

-- 6 Kbytes in 3 Requests.

我的问题是：

如何配置我的 postfix 安装，以便它立即删除未发送的邮件（但仍然通过灰名单）？

最后是当前的postconf -n输出：

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550

在 CentOS 7 Linux 上，我在 Jetty 9 前面成功地使用了 HAProxy 1.5.14，通过 FastCGI 为 Wordpress 站点提供服务。

/ws/它工作得非常好，但是对于同一网站上的 HTML5/WebSocket 游戏来说，WebSocket 连接到URL 需要更高的客户端和服务器超时。

所以我将/etc/haproxy/haproxy.cfg文件修改为以下内容：

global
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    tune.ssl.default-dh-param 2048

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m    # HOW TO INCREASE FOR /ws/ ?
    timeout server          1m    # HOW TO INCREASE FOR /ws/ ?
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend public
    bind 144.76.184.151:80
    bind 144.76.184.151:443 ssl crt /etc/pki/tls/certs/slova.de.pem

    acl websocket_url path_end /ws/
    #timeout client 60m if websocket_url   # SYNTAX ERROR
    use_backend ws-jetty if websocket_url
    default_backend jetty

backend jetty
    server domain 127.0.0.1:8080 send-proxy

backend ws-jetty
    timeout client 60m    # IS IGNORED HERE
    timeout server 60m
    server domain 127.0.0.1:8080 send-proxy

当我设置

    timeout client 60m
    timeout server 60m

在defaults部分中，我的 WebSocket 游戏可以根据需要运行，但我不希望通常的 HTTP 连接有 1 小时的超时。

当我将该部分放入backend ws-jetty然后打印警告时，该超时客户端不是后端选项，因此被忽略。

当我尝试该行时timeout client 60m if websocket_url，会报告语法错误。

在CentOS 7 Linux 上，我已成功遵循为 FastCGI 配置 Jetty的指南。

但是$JETTY_BASE/webapps/jetty-wordpress.xml，该指南中的文件提供了位于以下位置的单个Wordpress 安装/var/www/wordpress：

<New id="root" class="java.lang.String">
    <Arg>/var/www/wordpress</Arg>
</New>

<Set name="contextPath">/</Set>
<Set name="resourceBase"><Ref refid="root" /></Set>
<Set name="welcomeFiles">
    <Array type="string"><Item>index.php</Item></Array>
</Set>

虽然我有几个虚拟主机，每个虚拟主机都安装了 Wordpress：

• /var/www/wordpress1 (www.site1.com)
• /var/www/wordpress2 (www.site2.com)
• /var/www/wordpress3 (www.site3.com)

到目前为止，我一直在使用 Apache httpd.conf（使用 localhost 作为 IP 地址，因为 Apache/Jetty 在 HAProxy 后面）：

<VirtualHost 127.0.0.1:8080>
    DocumentRoot /var/www/wordpress1
    ServerName site1.com
    ServerAlias *.site1.com
</VirtualHost>

<VirtualHost 127.0.0.1:8080>
    DocumentRoot /var/www/wordpress2
    ServerName site2.com
    ServerAlias *.site2.com
</VirtualHost>

<VirtualHost 127.0.0.1:8080>
    DocumentRoot /var/www/wordpress1
    ServerName site3.com
    ServerAlias *.site3.com
</VirtualHost>

如何将上述 Apache-config 转换为 Jetty IoC XML 格式？

在 CentOS 7 Linux（充当 LAMP - 而不是“防火墙/网关”）上，我创建了一个自定义 systemd 服务，用于在端口 8080 上以用户身份运行嵌入式 Jetty nobody：

[Unit]
Description=WebSocket Handler Service
After=network-online.target

[Service]
Type=simple
User=nobody
Group=nobody
ExecStart=/usr/bin/java -classpath '/usr/share/java/jetty/*' de.afarber.MyHandler 123.123.123.123:8080
ExecStop=/bin/kill ${MAINPID}
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

但是，我实际上需要服务器在端口 80 上进行侦听 - 这样即使通过公司防火墙，与它的 WebSocket 连接也能正常工作。

关于为非根用户设置端口 80 访问的 Jetty 文档建议运行以下命令：

# iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

幸运的是，我已经iptables-services在我的专用服务器上使用了包，当前/etc/sysconfig/iptables文件包含：

*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
COMMIT

我的问题是我不知道上述文件的正确 PREROUTING 语法。

我已经尝试运行上面的命令，然后iptables -S希望 iptables 会为我列出所需的行——但这并没有发生。

更新：

不幸的是，以下/etc/sysconfig/iptables文件不起作用：

*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
-A PREROUTING -p tcp -m tcp --dst 123.123.123.123 --dport 80 -j REDIRECT --to-ports 8080
COMMIT

*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
:FORWARD ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports 25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
-A FORWARD -p tcp -m tcp --dst 123.123.123.123 --dport 8080 -j ACCEPT
COMMIT

我需要将传入 123.123.123.123:80 的 HTTP 连接重定向到 123.123.123.123:8080 （Jetty 正在以用户“nobody”的身份监听），但由于某种原因，这不会发生。

当我浏览到http://123.123.123.123:8080时，我看到了 Jetty 响应。

但是当我浏览到http://123.123.123.123连接被拒绝。

有人可以帮我找出错误吗？

这是我当前的nat表：

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             afarber.de           tcp dpt:http redir ports 8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

这是我当前的filter表：

# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere             icmp any
ACCEPT     tcp  --  anywhere             anywhere             tcp state NEW multiport dports smtp,http,https,webcache
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN state NEW limit: avg 2/min burst 1

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             afarber.de           tcp dpt:webcache

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

这是我的/etc/sysctl.conf文件：

net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

问题：请求-d 123.123.123.123 --dport 80没有被重定向到8080

更新 2：

该行也无济于事：

-A PREROUTING -p tcp -m tcp -i eth0:1 --dst 123.123.123.123 --dport 80 -j DNAT --to-destination :8080

与的连接123.123.123.123:80仍然断开

我在具有 4 个 IP 地址的 CentOS 6.6 Linux 服务器上托管 2 个 Web 域（domain1.com 和 domain2.com）。

Postfix 2.6.6 接受邮件到[email protected]和[email protected]并将它们转发到[email protected]和[email protected]。这里是配置文件的摘录：

/etc/postfix/main.cf

inet_interfaces = all
inet_protocols = ipv4

virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic

/etc/postfix/虚拟

[email protected]        [email protected]
[email protected]        [email protected]

我的问题是第一个人（我父亲，他从 1990 年开始从事互联网业务）变成了很多垃圾邮件。我使用 Spamassassin 拒绝这些邮件，但有些邮件仍然通过，当转发到[email protected]时，它们会导致 Google 限制我的服务器：

DFC32800849 3412 Fri Jan 30 11:40:38 [email protected]（主机 alt1.gmail-smtp-in.l.google.com[74.125.130.26] 说：421-4.7.0 [144.76.123.123 15] 我们的系统已检测到来自您的 IP 地址的 421-4.7.0 未经请求的邮件的异常速率。为了保护我们的 421-4.7.0 用户免受垃圾邮件，从您的 IP 地址发送的邮件暂时受到 421-4.7.0 速率限制。请访问421-4.7.0 http://www.google.com/mail/help/bulk_mail.html查看我们的批量 421 4.7.0 电子邮件发件人指南。fl14si17784804pdb.81 - gsmtp（回复 DATA 命令的结尾））person1 @gmail.com

这会影响第二个人，他会在长时间延迟后将邮件发送到 [email protected]。

我的问题是是否可以配置 Postfix 以便它使用不同的 IP 地址（因为我的服务器有 4 个）来转发邮件？

谢谢，下面是当前的“postconf -n”输出：

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = www.domain1.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 40s
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual

更新：

我已经按照undefined的建议修改了我的配置文件（谢谢！）然后postmap /etc/postfix/transport运行service postfix restart​​-

/etc/mail/master.cf：

smtp      unix  -       -       n       -       -       smtp
smtp-1    unix  -       -       n       -       -       smtp -o smtp_bind_address=my_ip_3
smtp-2    unix  -       -       n       -       -       smtp -o smtp_bind_address=my_ip_4

/etc/mail/transport：

[email protected] smtp-1:
[email protected] smtp-2:

不幸的是，我仍然在传递的邮件标题中看到旧的问题my_ip_2 。

我怎样才能验证正在使用新的“运输”？

以下是更改后的日志摘录：

Feb  7 14:56:50 www postfix/postsuper[14206]: Deleted: 92 messages
Feb  7 14:57:06 www postfix/anvil[14172]: statistics: max connection rate 1/60s for (smtp:37.233.142.116) at Feb  7 14:53:45
Feb  7 14:57:06 www postfix/anvil[14172]: statistics: max connection count 1 for (smtp:37.233.142.116) at Feb  7 14:53:45
Feb  7 14:57:06 www postfix/anvil[14172]: statistics: max cache size 1 at Feb  7 14:53:45
Feb  7 14:57:07 www postfix/smtp[14008]: warning: open active 6870A8007E8: No such file or directory
Feb  7 14:57:14 www postfix/smtpd[14213]: connect from mail-ie0-f171.google.com[209.85.223.171]
Feb  7 14:57:14 www postfix/smtpd[14216]: connect from unknown[213.179.214.207]
Feb  7 14:57:14 www postfix/smtpd[14213]: 3EBA0800187: client=mail-ie0-f171.google.com[209.85.223.171]
Feb  7 14:57:14 www postfix/cleanup[14218]: 3EBA0800187: message-id=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>
Feb  7 14:57:14 www postfix/qmgr[12668]: 3EBA0800187: from=<[email protected]>, size=1707, nrcpt=1 (queue active)
Feb  7 14:57:14 www spamd[1856]: spamd: connection from localhost [127.0.0.1] at port 34152
Feb  7 14:57:14 www spamd[1856]: spamd: setuid to spam succeeded
Feb  7 14:57:14 www spamd[1856]: spamd: processing message <CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com> for spam:502
Feb  7 14:57:14 www spamd[1856]: spamd: clean message (-1.9/5.0) for spam:502 in 0.0 seconds, 1670 bytes.
Feb  7 14:57:14 www spamd[1856]: spamd: result: . -1 - BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,T_DKIM_INVALID scantime=0.0,size=1670,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34152,mid=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>,bayes=0.000000,autolearn=ham
Feb  7 14:57:14 www postfix/smtpd[14216]: 68890800246: client=unknown[213.179.214.207]
Feb  7 14:57:14 www postfix/pipe[14219]: 3EBA0800187: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=0.18, delays=0.13/0/0/0.05, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb  7 14:57:14 www postfix/qmgr[12668]: 3EBA0800187: removed
Feb  7 14:57:14 www postfix/pickup[14119]: 69FD7800187: uid=502 from=<[email protected]>
Feb  7 14:57:14 www postfix/cleanup[14223]: 69FD7800187: message-id=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>
Feb  7 14:57:14 www postfix/qmgr[12668]: 69FD7800187: from=<[email protected]>, size=2042, nrcpt=1 (queue active)
Feb  7 14:57:14 www spamd[1762]: prefork: child states: II
Feb  7 14:57:14 www postfix/smtpd[14213]: disconnect from mail-ie0-f171.google.com[209.85.223.171]
Feb  7 14:57:14 www postfix/cleanup[14218]: 68890800246: message-id=<[email protected]>
Feb  7 14:57:14 www postfix/qmgr[12668]: 68890800246: from=<[email protected]>, size=13993, nrcpt=1 (queue active)
Feb  7 14:57:14 www spamd[1856]: spamd: connection from localhost [127.0.0.1] at port 34153
Feb  7 14:57:14 www spamd[1856]: spamd: setuid to spam succeeded
Feb  7 14:57:14 www spamd[1856]: spamd: processing message <[email protected]> for spam:502
Feb  7 14:57:14 www postfix/smtpd[14216]: disconnect from unknown[213.179.214.207]
Feb  7 14:57:14 www spamd[1856]: spamd: clean message (1.6/5.0) for spam:502 in 0.2 seconds, 13741 bytes.
Feb  7 14:57:14 www spamd[1856]: spamd: result: . 1 - BAYES_50,HTML_MESSAGE,RDNS_NONE,T_REMOTE_IMAGE,UNPARSEABLE_RELAY scantime=0.2,size=13741,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34153,mid=<[email protected]>,bayes=0.484741,autolearn=no
Feb  7 14:57:15 www postfix/pickup[14119]: 00CD6800247: uid=502 from=<[email protected]>
Feb  7 14:57:15 www postfix/cleanup[14223]: 00CD6800247: message-id=<[email protected]>
Feb  7 14:57:15 www postfix/pipe[14219]: 68890800246: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=0.68, delays=0.43/0/0/0.25, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb  7 14:57:15 www postfix/qmgr[12668]: 68890800246: removed
Feb  7 14:57:15 www postfix/qmgr[12668]: 00CD6800247: from=<[email protected]>, size=14341, nrcpt=1 (queue active)
Feb  7 14:57:15 www spamd[1762]: prefork: child states: II
Feb  7 14:57:47 www postfix/smtp[14008]: warning: open active A6F92801560: No such file or directory

不幸的是，在交付的测试邮件中仍然可以看到相同的 IP（受 Google 限制）144.76.184.154：

Delivered-To: [email protected]
Received: by 10.170.190.67 with SMTP id h64csp2513657yke;
        Sat, 7 Feb 2015 05:59:08 -0800 (PST)
X-Received: by 10.180.89.210 with SMTP id bq18mr14321108wib.45.1423317548028;
        Sat, 07 Feb 2015 05:59:08 -0800 (PST)
Return-Path: <[email protected]>
Received: from www.afarber.de ([144.76.184.154])
        by mx.google.com with ESMTP id k10si7979060wif.41.2015.02.07.05.59.07
        for <[email protected]>;
        Sat, 07 Feb 2015 05:59:08 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 144.76.184.154 as permitted sender) client-ip=144.76.184.154;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning [email protected] does not designate 144.76.184.154 as permitted sender) [email protected];
       dkim=pass [email protected];
       dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: by www.afarber.de (Postfix, from userid 502)
    id 69FD7800187; Sat,  7 Feb 2015 14:57:14 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on www.afarber.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
    HTML_MESSAGE,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mail-ie0-f171.google.com (mail-ie0-f171.google.com [209.85.223.171])
    by www.afarber.de (Postfix) with ESMTP id 3EBA0800187
    for <[email protected]>; Sat,  7 Feb 2015 14:57:14 +0100 (CET)

这不是我为 smtp-1 或 smtp-2 指定的 IP。

更新 2：

我已将“-v”添加到/etc/postfix/master.cf：

smtp      inet  n - n - - smtpd -o content_filter=spamassassin
....
smtp      unix  - - n - - smtp
smtp-1    unix  - - n - - smtp -o smtp_bind_address=144.76.184.155 -v
smtp-2    unix  - - n - - smtp -o smtp_bind_address=144.76.184.156 -v
....
spamassassin unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

现在在/var/log/maillog中查看更多 Spamassassin 消息。

这是更新后的“postconf -n”输出（上面没有显示）：

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = www.afarber.de
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 40s
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
virtual_alias_domains = videoskat.de balkan-preferans.de simplex.ru larissa-farber.de bukvy.de slova.de
virtual_alias_maps = hash:/etc/postfix/virtual

我在 CentOS 6.5 Linux 服务器上为客户管理多人游戏。

客户要求我发送每日聊天日志（以识别和禁止攻击性玩家） - 作为文本文件附件。

所以我想出了以下 crontab 命令：

CONTENT_TYPE="text/plain; charset=utf-8"
[email protected]
LANG=en_US.UTF-8
#minute hour    mday    month   wday    command

55      23      *       *       *       
grep CHAT /var/log/game-`date +\%a`-*.txt | 
(echo 'The log is attached'; uuencode `date +\%A`.txt) | 
mail -s 'The daily chat log' [email protected] 

这对我很适合 Gmail。但是客户只使用 Mail.ru 或 Yandex.ru 帐户，看起来很糟糕 - 没有显示附件，他看到uuencode输出内联（又名begin 664 MT)Blah§$%&Blah）：

我的问题是，是否有更安全的方式通过邮件将 cron 作业输出作为文本文件附件发送。我知道在 perl 的帮助下可以做很多事情（我可以​​对其进行编程），但我想知道是否有更简单的方法 - 使用uuencode或mailx或其他一些实用程序？

这是我在 CentOS 6.5 Linux 服务器上尝试的内容：

1. 安装了 postfix 和 spamassassin 软件包
2. 已配置的 Postfix - 它运行良好（我在此省略详细信息）
3. 添加-x到/etc/sysconfig/spamassassin中的 SPAMDOPTIONS
4. 将以下 2 行添加到/etc/postfix/master.cf

这里：

smtp         inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

不幸的是，当我发送带有主题的测试垃圾邮件时

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

它仍然通过！（并且主题没有被重写 - 尽管rewrite_header Subject [SPAM]在未修改的/etc/mail/spamassassin/local.cf文件中）。

我想知道，我错过了什么？我的/var/log/maillog如下：

postfix/postfix-script[2546]: starting the Postfix mail system
postfix/master[2547]: daemon started -- version 2.6.6, configuration /etc/postfix
postfix/qmgr[2550]: D5B19807033: from=<[email protected]>, size=1843, nrcpt=1 (queue active)
postfix/qmgr[2550]: 831CA809733: from=<[email protected]>, size=41369, nrcpt=1 (queue active)
postfix/qmgr[2550]: 42B7A80A312: from=<[email protected]>, size=4399, nrcpt=1 (queue active)
postfix/qmgr[2550]: AED94809D29: from=<[email protected]>, size=28035, nrcpt=1 (queue active)
postfix/qmgr[2550]: E69AA809D3C: from=<>, size=3487, nrcpt=1 (queue active)
postfix/qmgr[2550]: 2BDE980A61B: from=<[email protected]>, size=4073, nrcpt=1 (queue active)
postfix/qmgr[2550]: 0D37280A51F: from=<[email protected]>, size=7888, nrcpt=1 (queue active)
postfix/smtp[2552]: D5B19807033: host gmail-smtp-in.l.google.com[74.125.136.27] said: 421-4.7.0 [144.76.184.154      15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. l16si23407549wjr.0 - gsmtp (in reply to end of DATA command)
postfix/smtp[2552]: D5B19807033: to=<[email protected]>, orig_to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[74.125.25.27]:25, delay=6325, delays=6323/0/1.2/0.61, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.25.27] said: 421-4.7.0 [144.76.184.154      15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. f7si4794087pdm.22 - gsmtp (in reply to end of DATA command))
postfix/smtpd[2557]: connect from mail-ie0-f180.google.com[209.85.223.180]
postfix/smtpd[2557]: B3FFF809367: client=mail-ie0-f180.google.com[209.85.223.180]
postfix/cleanup[2561]: B3FFF809367: message-id=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com>
postfix/qmgr[2550]: B3FFF809367: from=<[email protected]>, size=1767, nrcpt=1 (queue active)
spamd[2034]: spamd: connection from localhost [127.0.0.1] at port 42928
spamd[2034]: spamd: setuid to nobody succeeded
spamd[2034]: spamd: processing message <CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com> for nobody:99
postfix/smtpd[2557]: disconnect from mail-ie0-f180.google.com[209.85.223.180]
spamd[2034]: spamd: identified spam (999.9/5.0) for nobody:99 in 0.2 seconds, 1730 bytes.
spamd[2034]: spamd: result: Y 999 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,GTUBE,HTML_MESSAGE,T_TO_NO_BRKTS_FREEMAIL scantime=0.2,size=1730,user=nobody,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=42928,mid=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com>,autolearn=no
postfix/pickup[2549]: 3124F80A3DA: uid=99 from=<[email protected]>
postfix/cleanup[2561]: 3124F80A3DA: message-id=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com>
postfix/pipe[2562]: B3FFF809367: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=0.59, delays=0.37/0.01/0/0.22, dsn=2.0.0, status=sent (delivered via spamassassin service)
postfix/qmgr[2550]: B3FFF809367: removed
spamd[2032]: prefork: child states: II
postfix/qmgr[2550]: 3124F80A3DA: from=<[email protected]>, size=2843, nrcpt=1 (queue active)

从一个 iOS 应用程序中，我将 Apple Game Center 用户的小头像上传到 Web 服务器的/ios-avatars/目录中。

但是有些玩家没有任何照片。

通过使用 Apache mod_rewrite 是否可以将“未找到”请求重定向到类似/ios-avatars/GC123456789.png的文件/images/default.png？

如果收件人看起来像[email protected] (即 gmail.com 域和地址的用户名部分中超过 3 个点）？

header_checks可以用于此目的还是仅用于 INCOMING 邮件？

下面是我服务器上 Postfix 的当前配置（postconf -n输出）（我使用 virtual_alias_domains 来接受在我的专用服务器上托管为 Apache 虚拟主机的几个 Drupal 站点的邮件，我想停止为假用户发送注册邮件）：

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
virtual_alias_domains = videoskat.de balkan-preferans.de simplex.ru preferans.de larissa-farber.de bukvy.de
virtual_alias_maps = hash:/etc/postfix/virtual

更新：

感谢 Jenny D，以下似乎有效

/etc/postfix/header_checks：

/^To: \S+\.\S+\.\S+\.\[email protected]$/i DISCARD

/etc/postfix/main.cf：

header_checks = pcre:/etc/postfix/header_checks

尝试在 CentOS 6.4 /64 位服务器上安装 MySQL（用于 WordPress）。

我已经安装了mysql-server-5.1.69-1.el6_4.x86_64软件包并执行了以下命令：

# chkconfig mysqld on
# service mysqld start
# /usr/bin/mysqladmin -u root password 'xxxxx'
# /usr/bin/mysql_secure_installation

然后我注意到该mysqld_safe进程正在监听 0.0.0.0 并决定更改它 - 以便我的 WordPress 安装仅使用域套接字（或 unix 管道？不确定正确的术语）。

所以我修改/etc/my.cnf为：

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
bind-address = localhost
skip-networking
enable-named-pipe

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

但是现在 MySQL 拒绝启动：

# service mysqld restart
Stopping mysqld:                                           [  OK  ]
MySQL Daemon failed to start.
Starting mysqld:                                           [FAILED]

/var/log/mysqld.log包含：

 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
  InnoDB: Initializing buffer pool, size = 8.0M
  InnoDB: Completed initialization of buffer pool
  InnoDB: Started; log sequence number 0 44233
 [ERROR] /usr/libexec/mysqld: unknown option '--enable-named-pipe'
 [ERROR] Aborting
  InnoDB: Starting shutdown...
  InnoDB: Shutdown completed; log sequence number 0 44233
 [Note] /usr/libexec/mysqld: Shutdown complete
 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended

我搜索了谷歌并搜索 /usr/share/mysql/*.cnf了该指令，但没有找到任何提示。

我以低成本的托管服务租用了一台专用服务器（带有 Intel Haswell CPU 和定制硬件），并将它与 CentOS 6.4 / 64 位 Linux（带有股票内核：2.6.32-358.14.1.el6.x86_64）一起使用。

每隔几周它就会挂起，其他客户似乎也有类似的问题。

在dmesg我看到的输出中（这里是完整的 dmesg 输出）：

CPU0: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz stepping 03
....
NMI watchdog enabled, takes one hw-pmu counter.
....
iTCO_wdt: Intel TCO WatchDog Timer Driver v1.07rh
iTCO_wdt: Found a Lynx Point TCO device (Version=2, TCOBASE=0x1860)
iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)

在进程列表中我看到：

#  ps uawwwx|grep [w]atchdog
root         6  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/0]
root        10  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/1]
root        14  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/2]
root        18  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/3]
root        22  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/4]
root        26  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/5]
root        30  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/6]
root        34  0.0  0.0      0     0 ?        S    Aug22   0:00 [watchdog/7]

这是否意味着，硬件看门狗已经在我的服务器上处于活动状态，并且会在冻结后 30 秒内重新启动我的机器？

（在我放的 /etc/sysctl.conf 中kernel.panic=10，这样它就不会再卡在 kdb 控制台中了）。

还是我必须安装并启动 CentOS 软件包watchdog？

在 CentOS 6.4 / 64 位 - 如何找到用户“nobody”的限制？

因为我不能只是su - nobody打电话ulimit -a：

# id nobody
uid=99(nobody) gid=99(nobody) groups=99(nobody)

# su - nobody
This account is currently not available.

更新：

我在问：如何调用ulimit -aCentOS 用户nobody，以便我可以调整/etc/security/limits.conf该用户的最大打开文件数。

更多细节：

我有一个 perl 脚本（一个基于非分叉 TCP-sockets 的纸牌游戏守护进程），它正在由init（我为它创建了一个文件/etc/init/my_card_game.conf：）启动，但随后放弃了超级用户权限并运行为nobody：

sub drop_privs {
        my ($uid, $gid) = (getpwnam('nobody'))[2, 3];
        die "User nobody not found\n" unless $uid && $gid;

        umask(0);
        chdir('/tmp') or die "Can not chdir to /tmp: $!\n";
        #chroot('/tmp') or die "Can not chroot to /tmp: $!\n";

        # try to set the real, effective and save uid
        setgid($gid) or die "Can not set gid to $gid: $!\n";
        setuid($uid) or die "Can not set uid to $uid: $!\n";
        # try to regain privileges - this should fail
        die "Not able to drop privileges\n" if setuid(0) || setgid(0);
}

我想确保它有足够大的最大数量nofiles- 以便它可以为所有连接的客户端提供服务。

我在用着：

# cat /etc/*release
CentOS release 6.3 (Final)

# rpm -qa | grep post
postfix-2.6.6-2.2.el6_1.x86_64

在 2 个服务器上：preferans.de和（是的，有趣的名字）static.103.78.9.176.clients.your-server.de

我拥有多个域，并希望所有发往这些域的传入邮件都转发到我的 Gmail 地址。

所以我已经为我的域设置了 MX 记录：

# host videoskat.de
videoskat.de has address 176.9.40.169
videoskat.de mail is handled by 100 static.103.78.9.176.clients.your-server.de.
videoskat.de mail is handled by 10 preferans.de.

# host balkan-preferans.de
balkan-preferans.de has address 176.9.40.169
balkan-preferans.de mail is handled by 100
static.103.78.9.176.clients.your-server.de.
balkan-preferans.de mail is handled by 10 preferans.de.

在我添加的两台服务器上：

# head /etc/postfix/virtual
@balkan-preferans.de [email protected]
@videoskat.de [email protected]

# postmap /etc/postfix/virtual

# postmap -q "@videoskat.de" /etc/postfix/virtual
[email protected]

并在防火墙中打开了25端口：

# grep -w 25 /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 25,22 -j ACCEPT

但是现在，当我向[email protected]发送邮件时，在 postfix 日志中看不到任何内容：

# sudo tail /var/log/maillog
Jan 15 10:50:42 postfix/postfix-script[1401]: starting the Postfix mail system
Jan 15 10:50:42 postfix/master[1402]: daemon started -- version 2.6.6,
configuration /etc/postfix

所以我可能遗漏了一些小东西？

顺便说一句，每天从两个服务器收到的 logwatch 邮件在我的 Gmail 收件箱[email protected]中都很好

更新 2：

我已经将这两行添加到/etc/postfix/main.cf

inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, videoskat.de, balkan-preferans.de

现在我在 中看到传入连接/var/log/maillog，但它们被拒绝了：

postfix/smtpd[3209]: NOQUEUE: reject: RCPT from static.114.69.9.176.clients.your-server.de[176.9.69.114]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<www>
postfix/smtpd[3209]: disconnect from static.114.69.9.176.clients.your-server.de[176.9.69.114]

输出postconf -n如下

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, videoskat.de, balkan-preferans.de
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

本地收件人表中的用户未知在拒绝日志消息中意味着什么？

我目前正在使用 Google Apps 将发往我域 balkan-preferans.de (176.9.40.169) 中的收件人的邮件转发到我的地址 [email protected] - 这是由我的托管商提供的以下 DNS 区域完成的:

$TTL 86400
@   IN SOA ns1.first-ns.de. postmaster.robot.first-ns.de. (
    2012100402   ; serial
    14400        ; refresh
    1800         ; retry
    604800       ; expire
    86400 )      ; minimum

@                        IN NS      robotns3.second-ns.com.
@                        IN NS      robotns2.second-ns.de.
@                        IN NS      ns1.first-ns.de.

@                        IN A       176.9.40.169
localhost                IN A       127.0.0.1
www                      IN A       176.9.40.169
@                        IN MX 1    ASPMX.L.GOOGLE.COM.
@                        IN MX 5    ALT1.ASPMX.L.GOOGLE.COM.
@                        IN MX 5    ALT2.ASPMX.L.GOOGLE.COM.
@                        IN MX 10   ASPMX3.GOOGLEMAIL.COM.
@                        IN MX 10   ASPMX2.GOOGLEMAIL.COM.

这在过去一年中运行良好，但我想摆脱 Google Apps，因为它们不再免费，而且我不使用该产品的任何其他功能。

所以我想更改上面的 MX 记录以指向我的 2 个 Web 服务器——无论如何它们都是 24/7 运行的。

在装有 CentOS 6 Linux 的服务器上，我目前运行 sendmail（主要用于发送 logwatch 邮件）。

任何人都可以提供一些关于要添加到哪些宏的提示，/etc/mail/sendmail.mc以便 balkan-preferans.de 的所有邮件都被接受，然后转发到我的地址 [email protected]？

我是否也必须在 iptables 防火墙中打开传入端口？

我在装有 PostgreSQL 8.4.3 的 CentOS 6.3 四核机器上运行一个小型Facebook 游戏+ 几个 PHP 脚本（主要执行select查询）+ 1 个 Perl 守护进程，即使服务器工作正常，我还是建议我的用户将 RAM 加倍到 32 GB，他们为此收了钱。

现在我的问题是我不知道该转动哪个旋钮以及如何真正使用额外的内存来加速服务器。

下面是我在高峰时间（晚上）的最高输出 - 如您所见，未使用 27 GB 的 RAM：

# top - 18:47:55 up 23:12,  2 users,  load average: 2.17, 2.31, 2.56
Tasks: 246 total,   2 running, 244 sleeping,   0 stopped,   0 zombie
Cpu(s): 12.1%us,  0.2%sy,  0.0%ni, 87.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:  32790380k total,  5296664k used, 27493716k free,   197132k buffers
Swap:  2096056k total,        0k used,  2096056k free,  3815840k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
12363 postgres  20   0 4376m 717m 710m S 40.6  2.2   2:03.48 postmaster
 3842 nobody    20   0  118m  23m 3920 S 12.0  0.1  46:24.68 pref.pl
 9178 postgres  20   0 4375m 518m 514m S 11.3  1.6  53:50.63 postmaster
12380 postgres  20   0 4377m 668m 660m S 11.3  2.1   2:33.26 postmaster
12243 postgres  20   0 4377m 668m 662m S  9.3  2.1   2:20.49 postmaster
12438 postgres  20   0 4374m 502m 498m S  6.3  1.6   1:03.34 postmaster
12249 postgres  20   0 4384m 852m 839m S  3.0  2.7   3:59.11 postmaster
12241 postgres  20   0 4378m 632m 625m S  1.7  2.0   2:48.62 postmaster
12156 apache    20   0  366m  27m  17m S  1.0  0.1   0:05.12 httpd
   36 root      20   0     0    0    0 S  0.3  0.0   0:01.32 events/1
  100 root      39  19     0    0    0 S  0.3  0.0   0:06.04 khugepaged
 9217 postgres  20   0 21976 1036  516 S  0.3  0.0   1:01.07 pgbouncer
12010 apache    20   0  376m  37m  17m S  0.3  0.1   0:07.58 httpd
12280 apache    20   0  370m  30m  16m S  0.3  0.1   0:03.17 httpd
12362 apache    20   0  365m  15m 6816 R  0.3  0.0   0:01.90 httpd
12457 apache    20   0  360m 9.8m 3456 S  0.3  0.0   0:00.14 httpd
    1 root      20   0 19352 1584 1284 S  0.0  0.0   0:01.03 init
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd

# vmstat 10
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 6  2      0 27323416 196988 3852536    0    0     3   165   15    9 14  0 84  2  0
 1  0      0 27422148 197012 3814860    0    0     0  5284 4784 2104 46  1 51  2  0
 1  0      0 27454748 197020 3826656    0    0     4  1734 2021 1200 16  0 83  1  0
 0  2      0 27514008 197028 3813464    0    0     0   702 1475 1208  8  0 90  2  0
 0  0      0 27465612 197040 3813968    0    0     0  1435 1764 1725 10  0 85  5  0
 1  0      0 27459260 197060 3814248    0    0     0  2032 2667 1304 22  0 76  1  0
 1  0      0 27440076 197064 3827064    0    0     0  1604 3146 2109 27  0 72  1  0
 1  0      0 27466796 197068 3814868    0    0     2  1241 2014 1637 13  0 83  3  0
 4  0      0 27380104 197072 3848256    0    0     0  1064 2375  894 20  0 79  1  0
 1  0      0 27488168 197096 3815296    0    0     0  2075 2697 2220 23  0 75  1  0
 1  0      0 27462168 197116 3821380    0    0     0   871 1750  943 13  0 86  1  0
 4  0      0 27432100 197128 3822320    0    0     0  3980 4767 2340 46  1 53  1  0
 0  0      0 27493716 197132 3815844    0    0     0  1871 3209 2078 27  0 72  1  0
 3  0      0 27424284 197132 3827036    0    0     0  1452 2551 1487 18  0 78  3  0
 3  0      0 27435428 197160 3824116    0    0     0  2066 3430 2082 29  0 70  1  0
 2  0      0 27452004 197172 3817440    0    0     0  1356 2722 1895 23  0 76  1  0
 2  0      0 27436668 197176 3826648    0    0     0  1633 3629 2162 30  0 69  1  0
 1  0      0 27439924 197204 3823124    0    0     0  1502 1786 1293 14  0 86  0  0
 0  0      0 27466696 197212 3816780    0    0     0  1200 1701 1164 13  0 86  0  0
 3  0      0 27432204 197212 3818344    0    0     0  2587 2098 2154 16  0 83  1  0
 2  0      0 27421088 197224 3827224    0    0     0  1229 2635 1421 21  0 75  3  0
 3  0      0 27319136 197232 3832088    0    0    13  2965 4220 1951 40  0 59  1  0

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----

我已经做了什么：

/var/lib/pgsql/data/postgresql.conf（仅限本地连接）

max_connections = 100
shared_buffers = 4096MB
work_mem = 16M

/etc/php.ini

memory_limit = 300M
[PostgresSQL]
pgsql.allow_persistent = Off    # because I use pgbouncer

/etc/pgbouncer.ini（也仅限本地连接）

max_client_conn = 600
default_pool_size = 80

/etc/httpd/conf/httpd.conf（还没修改）：

<IfModule prefork.c>
StartServers      10
MinSpareServers    8
MaxSpareServers   30
ServerLimit      512
MaxClients       512
MaxRequestsPerChild  4000
</IfModule>

关于如何加速我的 Linux Apache PostgreSQL PHP（又名“LAPP”）服务器有什么建议吗？

我实际上希望 Linux 会使用额外的内存来缓存磁盘，但这似乎没有发生？

更新：

我已经安装iotop，它显示 PostreSQL 执行 SELECT 和我的 Perl 守护进程（用于 Facebook 游戏）：

Total DISK READ: 0.00 B/s | Total DISK WRITE: 101.72 K/s
  TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND
20555 be/4 postgres    0.00 B/s   78.25 K/s  0.00 %  0.28 % postgres: pref pref [local] SELECT
26397 be/4 postgres    0.00 B/s 1674.51 K/s  0.00 %  0.00 % postgres: pref pref [local] SELECT
26392 be/4 apache      0.00 B/s    3.91 K/s  0.00 %  0.00 % httpd
26402 be/4 postgres    0.00 B/s    3.22 M/s  0.00 %  0.00 % postgres: pref pref [local] SELECT
26448 be/4 apache      0.00 B/s   62.60 K/s  0.00 %  0.00 % httpd
26486 be/4 postgres    0.00 B/s    7.82 K/s  0.00 %  0.00 % postgres: pref pref [local] SELECT
26524 be/4 apache      0.00 B/s    3.91 K/s  0.00 %  0.00 % httpd
15392 be/4 nobody      0.00 B/s    3.91 K/s  0.00 %  0.00 % perl -w /usr/local/pref/pref.pl
    1 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % init
    2 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kthreadd]
    3 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [migration/0]
    4 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksoftirqd/0]
    5 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [migration/0]
    6 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [watchdog/0]
    7 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [migration/1]
    8 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [migration/1]
    9 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksoftirqd/1]

似乎磁盘缓存工作正常，因为read总是 0 ？

我有 357 个 .png 文件位于当前目录的不同子目录中：

settings# find . -name \*.png |wc -l
    357

settings# find . -name \*.png | head
./assets/authenticationIcons/audio.png
./assets/authenticationIcons/bbid.png
./assets/authenticationIcons/camera.png
./bin/icons/ca_video_chat.png
./bin/icons/ca_voice_control.png
./bin/icons/ca_vpn.png
./bin/icons/ca_wifi.png

是否有一个 oneliner 来计算它们占用的总磁盘空间（在我对它们进行 pngcrush 之前）？

我试过（未成功）：

settings# find . -name \*.png | xargs du -s
4       ./assets/support/wifi_locked_icon_white.png
1       ./assets/support/wifi_vpn_icon_connected.png
1       ./assets/support/wi_fi.png
1       ./assets/support/wi_fi_conected.png
8       ./bin/blackberry-tablet-icon.png
2       ./bin/icons/ca_about.png
2       ./bin/icons/ca_accessibility.png
2       ./bin/icons/ca_accounts.png
2       ./bin/icons/ca_airplane_mode.png
2       ./bin/icons/ca_application_permissions.png
1       ./bin/icons/ca_balance.png

在 PostgreSQL 8.4.9 中，在 pool_mode = session 中使用 pgbouncer 1.3.4（但有些用户直接连接到数据库） - 当我以“超级用户”身份登录时

   psql -U postgres -W postgres

请用什么命令断开所有“普通用户”并防止他们在我执行维护时再次连接（我想重命名一些表列以获得更一致的命名并相应地更改一些存储过程）。

我在III中找不到它。服务器管理文档。

或者我应该编辑 pg_hba.conf 并重新启动服务/进程吗？