Eureka 写道 “不少使用海外虚拟主机的用户同时也有使用代理的需求,除了Tor等专门配合软件使用的代理外,可以使用SSH作代理,不过SSH不是每个主机商都支持。 如果你有海外虚拟主机并且有使用代理的需求,并且虚拟主机有充足的流量,则可以考虑使用基于PHP的Glype代理。 Glype下载后解压缩传到服务器上即可。使用起来很方便,并且能够对URL甚至网页内容进行编码以避过监听,也可以选择是否开启Cookie和脚本支持。 相比同类PHP代理,Glype提供了一个后台界面方便进一步设置管理,如开启缓存、日志、续传等。 对于blogger来说,你可以把Glype作为一个私人代理服务,这样速度和可靠性有保证,而且本地无需安装额外的软件; 对于没有合适空间的用户,也可以试试官方网站给出的一些在线代理。”
CentOS 5.3下安装ispCP后proftpd启动失败和无法登陆的故障
在CentOS5.3下安装ispCP后,进入管理后台,建立用户和ftp帐号,一开始proftpd无法启动,一启动就失败,后来修改过后终于可以启动 了,但是启动后无论如何都无法使用ftp登录建立好的网站,采用域名访问和使用PUTTY登录服务器查看,显示网站已经建立。经过一番查看后,终于把问题 解决了。
先解决无法启动proftpd的问题,因为ispCP自带的proftpd的配置文件与目前安装的proftpd文件在版本上可能有一些出入,而安装 ispCP的过程中,将使用ispCP的模板来替换原有的proftpd配置文件,最终导致出现启动失败,启动失败的问题出在这一行:
DisplayFirstChdir message
我们只要在他前面增加个“#”来屏蔽这行配置或者将其删除即可,可改为如下:
DisplayChdir message
而启动后不能FTP,老是用户验证失败的问题,经过仔细查看,最后目光落在proftpd的配置文件/etc/proftpd.conf这个文件中的一行,内容如下:
AuthOrder mod_sql.c mod_auth_pam.c* mod_auth_unix.c
这里分别采用了几种验证方式,莫非因为验证方式过多引起的??于是把多余的验证方式删除,改成如下内容:
AuthOrder mod_sql.c mod_auth_pam.c mod_auth_unix.c
再次FTP登录,结果成功了。我猜想可能是由于登录的验证方式过多,而且优先级不同,结果造成了验证无法通过。当然,这种猜想不一定正确,但是确实解决了无法ftp的问题。
chroot环境下Postfix的一些问题
ispCP装好后,没用过它的邮局功能,那天在CentOS5.3上安装了,发现不能发邮件,记得之前在CentOS5.2上装,新开主机什么的都可以发邮件的,经过一番折腾,发现CentOS5.2上能发,是因为它用的是sendmail,CentOS5.3上则是用Postfix,为解燃眉之急,只能把CentOS5.3上的Postfix停掉,启用sendmail,发信正常。
前天专门再装了台测试机,用来测试邮局功能。下面先贴下默认情况下,发信收信时,maillog的一些错误,日志中的邮箱地址和IP地址均已被替换。
测试时,首先把sendmail关掉
chkconfig –level 2345 sendmail off
service sendmail stop
然后开启相关邮局服务
maillog的内容
#################################################
Jun 20 13:32:16 test.com postfix/smtpd[318]: warning: connect to 127.0.0.1:12525: Connection refused
Jun 20 13:32:16 test.com postfix/smtpd[318]: warning: problem talking to server 127.0.0.1:12525: Connection refused
Jun 20 13:32:17 test.com postfix/smtpd[318]: warning: connect to 127.0.0.1:12525: Connection refused
Jun 20 13:32:17 test.com postfix/smtpd[318]: warning: problem talking to server 127.0.0.1:12525: Connection refused
Jun 20 13:32:17 test.com postfix/smtpd[318]: NOQUEUE: reject: RCPT from unknown[125.77.233.210]: 451 4.3.5 Server configuration problem; from=<root@debian.ispcp.net> to=<user@example.net> proto=ESMTP helo=<debian.ispcp.net>
Jun 20 13:32:17 test.com postfix/smtpd[318]: disconnect from unknown[125.77.233.210]
Jun 20 21:35:37 test.com postfix/anvil[319]: statistics: max connection rate 1/60s for (smtp:125.77.233.210) at Jun 20 21:32:16
Jun 20 13:35:37 test.com postfix/anvil[319]: statistics: max connection count 1 for (smtp:125.77.233.210) at Jun 20 13:32:16
Jun 20 13:35:37 test.com postfix/anvil[319]: statistics: max cache size 1 at Jun 20 13:32:16
Jun 20 21:36:00 test.com imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 20 21:36:00 test.com imapd: LOGIN, user=user@example.net, ip=[::ffff:127.0.0.1], port=[48051], protocol=IMAP
Jun 20 21:36:00 test.com imapd: LOGOUT, user=user@example.net, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=87, sent=391, time=0
Jun 20 21:37:01 test.com spamd[500]: logger: removing stderr method
Jun 20 21:37:08 test.com spamd[502]: spamd: server started on port 783/tcp (running version 3.2.5)
Jun 20 21:37:08 test.com spamd[502]: spamd: server pid: 502
Jun 20 21:37:08 test.com spamd[502]: spamd: server successfully spawned child process, pid 507
Jun 20 21:37:08 test.com spamd[502]: spamd: server successfully spawned child process, pid 508
Jun 20 21:37:08 test.com spamd[502]: prefork: child states: II
Jun 20 21:37:39 test.com postfix/smtpd[511]: connect from unknown[127.0.0.1]
Jun 20 13:37:39 test.com postfix/smtpd[511]: NOQUEUE: reject: RCPT from unknown[127.0.0.1]: 450 4.1.2 <user@example.com>: Recipient address rejected: Domain not found; from=<user@example.net> to=<user@example.com> proto=ESMTP helo=<11.22.33.44>
Jun 20 13:37:39 test.com postfix/smtpd[511]: lost connection after RCPT from unknown[127.0.0.1]
Jun 20 13:37:39 test.com postfix/smtpd[511]: disconnect from unknown[127.0.0.1]
Jun 20 13:37:41 test.com postfix/smtpd[511]: connect from unknown[127.0.0.1]
Jun 20 13:37:41 test.com postfix/smtpd[511]: NOQUEUE: reject: RCPT from unknown[127.0.0.1]: 450 4.1.2 <user@example.com>: Recipient address rejected: Domain not found; from=<user@example.net> to=<user@example.com> proto=ESMTP helo=<11.22.33.44>
Jun 20 13:37:41 test.com postfix/smtpd[511]: lost connection after RCPT from unknown[127.0.0.1]
Jun 20 13:37:41 test.com postfix/smtpd[511]: disconnect from unknown[127.0.0.1]
Jun 20 13:38:14 test.com postfix/smtpd[511]: connect from unknown[125.77.233.210]
Jun 20 13:38:14 test.com postfix/smtpd[511]: warning: connect to 127.0.0.1:12525: Connection refused
Jun 20 13:38:14 test.com postfix/smtpd[511]: warning: problem talking to server 127.0.0.1:12525: Connection refused
Jun 20 21:38:14 test.com postfix/smtpd[516]: connect from unknown[125.77.233.210]
Jun 20 13:38:14 test.com postfix/smtpd[516]: warning: connect to 127.0.0.1:12525: Connection refused
Jun 20 13:38:14 test.com postfix/smtpd[516]: warning: problem talking to server 127.0.0.1:12525: Connection refused
Jun 20 13:38:15 test.com postfix/smtpd[511]: warning: connect to 127.0.0.1:12525: Connection refused
Jun 20 13:38:15 test.com postfix/smtpd[511]: warning: problem talking to server 127.0.0.1:12525: Connection refused
Jun 20 13:38:15 test.com postfix/smtpd[511]: NOQUEUE: reject: RCPT from unknown[125.77.233.210]: 451 4.3.5 Server configuration problem; from=<root@debian.ispcp.net> to=<user@example.net> proto=ESMTP helo=<debian.ispcp.net>
Jun 20 13:38:15 test.com postfix/smtpd[511]: disconnect from unknown[125.77.233.210]
Jun 20 13:38:15 test.com postfix/smtpd[516]: warning: connect to 127.0.0.1:12525: Connection refused
Jun 20 13:38:15 test.com postfix/smtpd[516]: warning: problem talking to server 127.0.0.1:12525: Connection refused
#################################################
Jun 20 23:51:18 test.com postfix/postfix-script: starting the Postfix mail system
Jun 20 23:51:18 test.com postfix/master[6161]: daemon started — version 2.3.3, configuration /etc/postfix
Jun 20 23:51:18 test.com postfix/qmgr[6164]: C8FB618A830B: from=<xxx@dddf.com>, size=331, nrcpt=1 (queue active)
Jun 20 23:51:18 test.com postfix/smtp[6166]: fatal: unknown service: smtp/tcp
Jun 20 23:51:19 test.com postfix/qmgr[6164]: warning: premature end-of-input on private/smtp socket while reading input attribute name
Jun 20 23:51:19 test.com postfix/qmgr[6164]: warning: private/smtp socket: malformed response
Jun 20 23:51:19 test.com postfix/qmgr[6164]: warning: transport smtp failure — see a previous warning/fatal/panic logfile record for the problem description
Jun 20 23:51:19 test.com postfix/master[6161]: warning: process /usr/libexec/postfix/smtp pid 6166 exit status 1
Jun 20 23:51:19 test.com postfix/master[6161]: warning: /usr/libexec/postfix/smtp: bad command startup — throttling
Jun 20 23:51:19 test.com postfix/qmgr[6164]: C8FB618A830B: to=<user@example.com>, relay=none, delay=1708, delays=1707/1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
好了,关键出错日志都贴出来了,下面讲解决办法
1、connect to 127.0.0.1:12525: Connection refused
输入命令netstat -aln | grep 12525
发现确实没有12525的监听程序
我们在/etc/postfix/main.cf可以看到一段配置:
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
check_policy_service inet:127.0.0.1:12525,
check_policy_service inet:127.0.0.1:60000,
check_policy_service inet:127.0.0.1:12525
这一行是配置使用policyd-weight来进行垃圾邮件判别的,CentOS上默认没有装,但在debian5.0.1上装ispCP,默认是安装policyd-weight的
详细可以参考以下这个网址:
http://www.policyd-weight.org/
解决办法
a、安装policyd-weight,然后启用它
安装可以参考这篇文章:http://www.187299.com/archives/1044
b、把policyd-weight相关配置注释掉
把/etc/postfix/main.cf里相应配置注释掉,修改为如下:
# check_policy_service inet:127.0.0.1:12525,
# check_policy_service inet:127.0.0.1:60000,
service postfix restart重启服务。
2、Recipient address rejected: Domain not found
chroot环境下,Postfix不能用/etc/resolv.conf来进行域名解析,所以说Domain not found
解决办法:
cp /etc/resolv.conf /var/spool/postfix/etc/
处理到这一步,能达到的效果是Postfix能收不能发,也就是可以收到外部发给本地的邮件,但本地还不能发邮件给外面。
3、fatal: unknown service: smtp/tcp
跟第二个问题一样,chroot环境下,Postfix不能使用/etc/services
解决办法:
cp /etc/services /var/spool/postfix/etc/
至此,将邮局相应服务启动起来就可以进行邮件收发了。
知识备忘
/etc/postfix/master.cf
# service type private unpriv chroot wakeup maxproc command + args
smtp inet n – – – – smtpd
这里对各种服务进行定义,如果是-或者y,则表示为真,所以以上关于smtp的配置,就是运行在chroot环境下。
网上很多文章都建议不要在chroot环境下运行Postfix,因为Postfix本来已经是一个非常健壮的MTA
有时间再研究下怎样设置Postfix在chroot环境下的根目录,再看如何把它改为普通环境运行。
Howto setup Postfix and policyd-weight
1. Read the changelog
1.1. Download policyd-weight
Depending on the bugfixes (see changelog) download the appropriate release:
or if quot;devel" sounds more exciting:
Move policyd-weight to the proper location for your operating system (example shows *BSD
):
# mv policyd-weight /usr/local/libexec/postfix/policyd-weight
# chmod 0555 /usr/local/libexec/postfix/policyd-weight
Check the default settings
# /usr/local/libexec/postfix/policyd-weight defaults
If these settings seem appropriate you don't need a configuration file at all. In case you like to change some settings, create a file (i.e. /usr/local/etc/policyd-weight.conf) and add only the variables that differ from the defaults. For example if you want only DNSBL checks and a different port use:
# —————————————————————-
# minimal configuration for policyd-weight
# —————————————————————-
$dnsbl_checks_only = 1;
$TCP_PORT = 12336;
There is another option, which is not recommended:
# /usr/local/libexec/postfix/policyd-weight defaults > /usr/local/etc/policyd-weight.conf
# chmod 0644 /usr/local/etc/policyd-weight.conf
This will write the default configuration to a file. However, this is not good practice, because it will make maintaining the configuration file difficult and changed defaults will not picked up automatically.
2.1 Add a system account for policyd-weight
Use the appropriate commands for your operating system to add a new user and a new group named polw. This unprivileged user does not need a valid shell.
2.2 Create an init script
Either create an rc-init script or manage otherwise that policyd-weight gets started at boot-time. The command to start policyd-weight in daemon mode is:
# /path/to/policyd-weight start
You need to be root to do that.
3. Edit Postfix main.cf
This example shows a minimal setup. Do NOT copy & paste, instead adjust your main.cf to meet the minimal requirements. Please keep old authentication restrictions (such as SASL) and so forth:
01: smtpd_helo_required = yes # required
02: smtpd_delay_reject = yes # suggested
03:
04: smtpd_helo_restrictions =
05: permit_mynetworks, # suggested
06: reject_invalid_hostname # suggested
07:
08: smtpd_client_restrictions = permit_mynetworks # suggested
09:
10: smtpd_sender_restrictions = permit_mynetworks # suggested
11:
12: smtpd_recipient_restrictions =
13: permit_mynetworks, # required
14: … other authed permits …
15: … (permit_sasl_authenticated) …
16: reject_unauth_destination, # required
17: reject_unauth_pipelining, # suggested
18: … whitelists (role accounts, clients) …
19: reject_non_fqdn_recipient, # suggested
20: check_policy_service inet:127.0.0.1:12525 # required
02: smtpd_delay_reject = yes # suggested
03:
04: smtpd_helo_restrictions =
05: permit_mynetworks, # suggested
06: reject_invalid_hostname # suggested
07:
08: smtpd_client_restrictions = permit_mynetworks # suggested
09:
10: smtpd_sender_restrictions = permit_mynetworks # suggested
11:
12: smtpd_recipient_restrictions =
13: permit_mynetworks, # required
14: … other authed permits …
15: … (permit_sasl_authenticated) …
16: reject_unauth_destination, # required
17: reject_unauth_pipelining, # suggested
18: … whitelists (role accounts, clients) …
19: reject_non_fqdn_recipient, # suggested
20: check_policy_service inet:127.0.0.1:12525 # required
Lines 6: makes sure to only allow valid DNS Names (in terms of [RFC 2821] Sect. 2.3.5, [RFC 1123] Sect. 5.2.5 and [RFC 1035] Sect. 2.3.1) in the HELO command. reject_invalid_hostname (or reject_invalid_helo_hostname as of Postfix 2.3.x) makes sure that no bogus characters are used. It's a safety and RFC setting.
Line 20: calls the policy daemon on host 127.0.0.1 (localhost) at port 12525.
For whitelisting hosts read the FAQ.
To prevent that a proper MTA can use your own domain as sender please read and unterstand Ralf Hildebrandts receipe
If you don't understand some settings or don't know their meaning please read Postfix SMTP relay and access control first, respectively the postconf.5 manpage.
4. Score tuning and other configurations
To tune scores or turn on/off some features such as X-headers, read and edit /usr/local/etc/policyd-weight.conf
The configuration file is Perl syntax. If you make Perl syntax errors there, policyd-weight won't work.
It is not required to restart or reload postfix. Changes made to the configuration are picked up by each new policyd-weight instance. To have changes take effect immediately you can a) kill each policyd-weight instance, or b) restart Postfix if running in master.cf mode.
Awstats注意问题
很久以前把Apache的日志下载回来用awstats分析,先分析前天的日志,然后分析昨天的,
执行以下命令:
C:\Program Files\AWStats\wwwroot\cgi-bin>awstats.pl -config=localhost
刷新浏览器页面,发现还是前天的数据
经过一番查找,发现
C:\Program Files\AWStats\wwwroot\cgi-bin>awstats.pl -config=localhost
当运行此命令后,命令会生成一个txt文件,C:\Program Files\AWStats\wwwroot\cgi-bin\awstats112008.localhost.txt
如果修改了access_log,需要先删除该awstats112008.localhost.txt(如果需要保留,则将其改名),再运行awstats.pl -config=localhost,这样,通过浏览器才能查看最新的日志
以上说法未必对,有待求证,有可能是awstats只允许按月来分析,而不允许整年地分析,才会导致无法update,试下加全年参数?
另外,要修改awstats.pl里perl命令的路径,因为它默认是类nix的路径,所以要把它修改为Windows下perl的安装路径
当然也用awstats来分析maillog,要先运行一个转换程序,忘了,太久了。