≡ Menu

Mail server

How To Tail (View) Multiple Files on UNIX / Linux Console

The tail command is one of the best tool to view log files in a real time using tail -f /path/to/log.file syntax on a Unix-like systems. The program MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). This is one of those dream come true program for UNIX sys admin job. You can browse through several log files at once and do various operations like search for errors and more.
[click to continue…]

Postfix Mail Server Security Update [moderate security impact]

Postfix MTA updated to fix security vulnerabilities such as incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. This update has been rated as having moderate security impact.

All users of postfix should upgrade to these updated packages.

How do I patch Postfix under Debian / Ubuntu Linux?

First, update the internal database, enter:
# apt-get update
Install corrected Postfix package, enter:
# apt-get upgrade

How do I patch Postfix under RHEL / CentOS Linux?

Type the following command under RHEL / CentOS 5.x:
# yum update
Type the following command under RHEL <= 4.x: # up2date -u

Linux Postfix SMTP (Mail Server) SSL Certificate Installations and Configuration

In this tutorial you will learn about Installing SSL Certificate (Secure Server Certificate) to secure communication between Postfix SMTP server and mail client such as Outlook or Thunderbird.
[click to continue…]

nixCraft FAQ Roundup Oct 29, 2008

Couple of quick question answered by me:

=> Host a domain without CPanel or Plesk Control Panel

=> Bash shell display only hidden (dot) files

=> Monitor Linux user activity in real time

=> Apache name based VirtualHost example

=> How do I find out my mail server blacklisted?

=> Solaris find out a package which a file belongs to

=> MySQL server status with mysqlreport report script

=> Exclude certain files when creating a tarball using tar command


Postfix mail server limit the mailbox size

So how do you limit the mailbox size for users configured with the Postfix mail server?

It is good choice to avoid problem (disk DoS) by limiting mailbox size. This will avoid the user or hacker to eat up all hard disk space.

Display the default mailbox size limit

Type the following command:
# postconf mailbox_size_limit

mailbox_size_limit = 51200000

51200000 bytes is default mailbox size limit.

Display the default maximum size in bytes of a message

Type the following command:
# postconf message_size_limit

message_size_limit = 10240000

Setup new mailbozsize limit

Open file /etc/postfix/main.cf and
# vi /etc/postfix/main.cf
Add/modify/set values as follows:
mailbox_size_limit = 30000000
message_size_limit = 10240000

Save and restart postfix mail server:
# /etc/init.d/postfix restart

Tentakel to execute commands on multiple Linux or UNIX Servers

This is Part II in a series on Execute Commands on Multiple Linux or UNIX Servers Simultaneously. The full series is Part I, Part II, and Part III. Many times, you want to execute a command not only on one server, but also on several servers. For example, find out

  • Version of kernel
  • Version of Apache web server
  • Update static html or images files on all web servers via rsync
  • Find out user information, server information, memory usage etc
  • Security/patch checking


I have already covered how to execute commands on multiple Linux or UNIX servers via shell script. The disadvantage of script is commands do not run in parallel on all servers. However, several tools exist to automate this procedure in parallel. With the help of tool called tentakel, you run distributed command execution. It is a program for executing the same command on many hosts in parallel using ssh (it supports other methods too). Main advantage is you can create several sets of servers according requirements. For example webserver group, mail server group, home servers group etc. The command is executed in parallel on all servers in this group (time saving). By default, every result is printed to stdout (screen). The output format can be defined for each group.

How it works?

Consider the following sample setup:

admin workstation   Group                  Hosts
|----------------> www-servers        host1, host2,host3
|----------------> homeservers,

You need to install tentakel on admin workstation ( We have two group servers, first is group of web server with three host and another is homeservers with two hosts.

The requirements on the remote hosts (groups) need a running sshd server on the remote side. You need to setup ssh-key based login between admin workstation and all group servers/hosts to take full advantage of this tentakel distributed command execution method.

System requirement

Tentakel requires a working Python installation. It is known to work with Python 2.3. Python 2.2 and Python 2.1 are not supported. If you are using old version of python then please upgrade it.


Let us see howto install and configure tentakel.

Step # 1 : Download tentakel

Visit sourceforge home page to download tentakel or download RPM files from tentakel home page.

Step # 2: Install tentakel

Untar source code, enter:

# tar -zxvf tentakel-2.2.tgz

You should be root user for the install step. To install it type

# make
# make install

Step # 3 Configure groups

For demonstration purpose we will use following setup:

   admin pc                    Group           hosts
Running Debian Linux       homeservers
User: jadmin

Copy sample tentakel configuration file tentakel.conf.example to /etc directory

# cp tentakel.conf.example /etc/ tentakel.conf

Modify /etc/tentakel.conf according to above setup, at the end your file should look like as follows:

# first section: global parameters
set ssh_path="/usr/bin/ssh"
set method="ssh"  # ssh method
set user="jadmin"   # ssh username for remote servers
#set format="%d %o\n" # output format see man page
#set maxparallel="3"  # run at most 3 commands in parallel
# our home servers with two hosts
group homeservers ()
+ +
# localhost
group local ()

Save the file and exit to shell prompt. Where,
group homeservers () : Group name
+ + : Host inclusion. name is included and can be an ip address or a hostname.

Step # 4 Configure SSH password less login

Configure ssh-key based login to avoid password prompt between admin workstation and group servers for jadmin user.

Step # 5 Test tentakel

Login as jadmin and type the following command:

$ tentakel -g homeservers

interactive mode

-g groupname: Select the group groupname The group must be defined in the configuration file (here it is homeservers). If not specified tentakel implicitly assumes the default group.

At tentakel(homeservers)> prompt type command uname and uptime command as follows:

exec "uname -mrs"
exec "uptime"

Few more examples
Find who is logged on all homeservers and what they are doing (type at shell prompt)

$ tentakel -g homeservers "w"

Executes the uptime command on all hosts defined in group homeservers:

$ tentakel -g homeservers uptime

As you can see, tentakel is very powerful and easy to use tool. It also supports the concept of plugins. A plugin is a single Python module and must appear in the $HOME/.tentakel/plugins/ directory. Main advantage of plugin is customization according to your need. For example, entire web server or mysql server farm can be controlled according our requirements.
However, tentakel is not the only utility for this kind of work. There are programs that do similar things or have to do with tentakel in some way. The complete list can be found online here. tentakel should work on almost all variant of UNIX/BSD or Linux distributions.

Time is a precious commodity, especially if you're a system administrator. No other job pulls people in so many directions at once. Users interrupt you constantly with requests, preventing you from getting anything done and putting lots of pressure on you. What do you do? The answer is time management. Read our book review of Time Management for System Administrators. Continue reading Execute commands on multiple hosts using expect tool Part III of this series.


  • Read tentakel man page for tentakel configuration options
  • tentakel home page

Update: Damon confirmed that it works on Windows too with little modification.

Linux Iptables: How to block or open mail server / SMTP protocol

SMTP is used to send mail. Sendmail, Qmail, Postfix, Exim etc all are used on Linux as mail server. Mail server uses the TCP port 25. Following two iptable rule allows incoming SMTP request on port 25 for server IP address (open port 25):
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

In order to block port 25 simply use target REJECT instead of ACCEPT in above rules.

And following two iptables rules allows outgoing SMTP server request for server IP address
iptables -A OUTPUT -p tcp -s --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 --sport 25 -d --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT