Monday, August 16, 2021

Thêm thông tin Subject và File đính kèm vào log Zimbra

Posted on August 16, 2021 by  with No comments

Thêm thông tin Subject và File đính kèm vào log Zimbra


  1. Tạo file custom_header_check

[root@mbx1 ~]# su - zimbra
[zimbra@mbx1 ~]$ vi /opt/zimbra/conf/custom_header_checks
/^Subject:/ WARN
/^subject:/ WARN
/filename=\"?(.*)\"?$/ WARN

  1. Thêm custom_header_checks vào zimbraMtaHeaderChecks

  • Kiểm tra nội dung zimbraMtaHeaderChecks
[zimbra@mail ~]$ zmprov gs `zmhostname` zimbraMtaHeaderChecks
# name mail.lab.local
zimbraMtaHeaderChecks: pcre:/opt/zimbra/conf/postfix_header_checks
  • Thêm custom_header_checks
[zimbra@mailbk ~]$ zmprov ms `zmhostname` zimbraMtaHeaderChecks "pcre:/opt/zimbra/conf/postfix_header_checks, pcre:/opt/zimbra/conf/custom_header_checks"
  • Kiểm tra thông tin sau khi thêm
[zimbra@mailbk ~]$ zmprov gs `zmhostname` zimbraMtaHeaderChecks
# name mail.lab.local
zimbraMtaHeaderChecks: pcre:/opt/zimbra/conf/postfix_header_checks, pcre:/opt/zimbra/conf/custom_header_checks

  1. Gán zimbraMtaBlockedExtensionWarnRecipient = FALSE

  • Kiểm tra cấu hình
[zimbra@mail ~]$ zmprov gcf zimbraMtaBlockedExtensionWarnRecipient
zimbraMtaBlockedExtensionWarnRecipient: TRUE
  • Gán giá trị FALSE
[zimbra@mail ~]$ zmprov mcf zimbraMtaBlockedExtensionWarnRecipient FALSE
  • Kiểm tra lại cấu hình
[zimbra@mail ~]$ zmprov gcf zimbraMtaBlockedExtensionWarnRecipient
zimbraMtaBlockedExtensionWarnRecipient: FALSE

  1. Reload postfix

[zimbra@mail ~]$ postfix reload
/postfix-script: refreshing the Postfix mail system

  1. Kiểm tra log

[zimbra@mailbk ~]$ tail -f /var/log/zimbra.log | grep warning
Jun 15 10:18:15 mailbk postfix/cleanup[19490]: C640A987D455: warning: header Subject: APPLE from mailbk.lab.local[10.72.1.226]; from=<testmail@lab.local> to=<thiennl@yahoo.com> proto=ESMTP helo=<mailbk.lab.local>
Jun 15 10:18:15 mailbk postfix/cleanup[19490]: C640A987D455: warning: header Content-Disposition: attachment; filename="KNX Planner Brochure.pdf" from mailbk.lab.local[10.72.1.226]; from=<testmail@lab.local> to=<thiennl@yahoo.com> proto=ESMTP helo=<mailbk.lab.local>
Jun 15 10:18:19 mailbk postfix/cleanup[19490]: 1E1BB987D450: warning: header Subject: APPLE from localhost[127.0.0.1]; from=<testmail@lab.local> to=<thiennl@yahoo.com> proto=ESMTP helo=<localhost>
Jun 15 10:18:19 mailbk postfix/cleanup[19490]: 1E1BB987D450: warning: header Content-Disposition: attachment; filename="KNX Planner Brochure.pdf" from localhost[127.0.0.1]; from=<testmail@lab.local> to=<thiennl@yahoo.com> proto=ESMTP helo=<localhost>

Thêm Subject vào message trace

  1. Thực hiện bước trên

  2. Backup zmmsgtrace

[zimbra@mail ~]$ cp /opt/zimbra/libexec/zmmsgtrace /opt/zimbra/libexec/backup.zmmsgtrace

  1. Tải file zmmsgtrace mới

[zimbra@mail ~]$ curl -k https://raw.githubusercontent.com/cdhtlr/Zimbra-Tools/master/trace.pl > /opt/zimbra/libexec/zmmsgtrace

  1. Kiểm tra kết quả

[zimbra@mail ~]$ /opt/zimbra/libexec/zmmsgtrace-new -r thiennl@yahoo.com
Tracing messages
to thiennl@yahoo.com
zmmsgtrace-new: total unmatched entries in '/var/log/zimbra.log': 10
zmmsgtrace-new: use -debug to see unmatched lines
Message ID '1411279819.304333.1623726671716.JavaMail.zimbra@lab.local'
Subject 'YAHOO!!'
testmail@lab.local -->
thiennl@yahoo.com
Recipient thiennl@yahoo.com
Jun 15 10:11:11 - mailbk.lab.local (10.72.1.226) --> 127.0.0.1:10026 (127.0.0.1:10026) status sent
Jun 15 10:11:12 - mailbk --> 127.0.0.1:10032 (127.0.0.1:10032) status sent


Sunday, August 15, 2021

Cấu hình OpenSSH trên Windows Server và Windows 10

Posted on August 15, 2021 by  with No comments

 

— Cài đặt OpenSSH sử dụng PowerShellYêu cầu: Windows Server 2019 và Windows 10 1809 (or later)Mở PowerShell với quyền Administrator@Kiểm tra xem tính năng OpenSSH đã được hỗ trợ trên OS hiện tại chưa
PS C:\Users\thiennl> Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'


Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent

Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
@Cài đặt OpenSSH (Server/Client)
PS C:\Users\thiennl> Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Path :
Online : True
RestartNeeded : False

PS C:\Users\thiennl> Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Path :
Online : True
RestartNeeded : False
@Kiểm tra trạng thái OpenSSH sau khi cài đặt
PS C:\Users\thiennl> Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

Name : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name : OpenSSH.Server~~~~0.0.1.0
State : Installed
@Cấu hình SSH Server
#Start dịch vụ
PS C:\Users\thiennl> Start-Service sshd
#Khởi động dịch vụ cùng HĐH
PS C:\Users\thiennl> Set-Service -Name sshd -StartupType 'Automatic'
#Kiểm tra firewall allow ssh
PS C:\Users\thiennl> Get-NetFirewallRule -Name *ssh*

Name : OpenSSH-Server-In-TCP
DisplayName : OpenSSH SSH Server (sshd)
Description : Inbound rule for OpenSSH SSH Server (sshd)
DisplayGroup : OpenSSH Server
Group : OpenSSH Server
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
@Cấu hình firewall allow ssh (nếu chưa có)
PS C:\Users\thiennl> New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Name : sshd
DisplayName : OpenSSH Server (sshd)
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
— Test ssh windows
[root@dinguyen ~]# ssh thiennl@172.17.16.1
The authenticity of host '172.17.16.1 (172.17.16.1)' can't be established.
ECDSA key fingerprint is SHA256:50GYguyCeMT05GqgSypn5a+V5ljUgJKbuRqCcG2uTko.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.17.16.1' (ECDSA) to the list of known hosts.
thiennl@172.17.16.1's password:
Microsoft Windows [Version 10.0.19042.746]
(c) 2020 Microsoft Corporation. All rights reserved.


Wednesday, August 11, 2021

Khai báo biến trong Javascript

Posted on August 11, 2021 by  with No comments
Từ khóa: var, let (từ ES6)
Không cần phải khai báo kiểu dữ liệu của biến

  1. var

  • Khi biến được khai báo trong 1 hàm -> biến đó sẽ nằm trong phạm vi của hàm
  • Khi biến được khai báo trong 1 khối (block {}), hoặc bên ngoài hàm -> biến toàn cục có phạm vi toàn cục
  • Biến có thể được khai báo lại và gán lại trong chương trình
  • Hoisting: Khái niệm hoisting chỉ tồn tại với từ khóa var (Không tồn tại với từ khóa let, const)
Ví dụ:
var str = "Hello World";
console.log(str);

  1. let



---

To be continued ...

Friday, March 26, 2021

Cài đặt Zimbra Policyd MySQL

Posted on March 26, 2021 by  with No comments
@Domain dinguyen.com
@Kiểm tra bind-address
[root@mail ~]# vi /opt/zimbra/conf/my.cnf

[mysqld]

basedir = /opt/zimbra/mariadb
datadir = /opt/zimbra/db/data
socket = /opt/zimbra/db/mysql.sock
pid-file = /opt/zimbra/db/mysql.pid
bind-address = 127.0.0.1
port = 7306
user = zimbra
tmpdir = /opt/zimbra/data/tmp

@Tạo db và user policyd
[root@mail ~]# su - zimbra

[zimbra@mail ~]$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1644
Server version: 10.0.15-MariaDB-log Zimbra binary distribution

Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
MariaDB [(none)]> create database policyd CHARACTER SET 'UTF8';
MariaDB [(none)]> show databases;
MariaDB [(none)]> create user 'policyd'@'127.0.0.1' identified by 'DiNguyen2o2i';
Query OK, 0 rows affected (0.96 sec)

MariaDB [(none)]> grant all privileges on policyd.* to 'policyd'@'127.0.0.1' identified by 'DiNguyen2o2i' with grant option;
Query OK, 0 rows affected (0.06 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit;
Bye

@Convert .tsql files to .sql file
[zimbra@mail database]$ cd /opt/zimbra/common/share/database/
[zimbra@mail database]$ ll
total 48
-rw-r--r-- 1 root root 1272 Dec 31 2015 access_control.tsql
-rw-r--r-- 1 root root 2755 Dec 31 2015 accounting.tsql
-rw-r--r-- 1 root root 4147 Dec 31 2015 amavis.tsql
-rw-r--r-- 1 root root 3227 Dec 31 2015 checkhelo.tsql
-rw-r--r-- 1 root root 1295 Dec 31 2015 checkspf.tsql
-rwxr-xr-x 1 root root 3116 Dec 31 2015 convert-tsql
-rw-r--r-- 1 root root 4882 Dec 31 2015 core.tsql
-rw-r--r-- 1 root root 4417 Dec 31 2015 greylisting.tsql
-rw-r--r-- 1 root root 3137 Dec 31 2015 quotas.tsql
drwxr-xr-x 2 root root 143 Feb 26 2019 whitelists

[zimbra@mail database]$POLICYDTABLESSQL="$(mktemp /tmp/policyd-dbtables.XXXXXXXX.sql)"

[zimbra@mail database]$for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql accounting.tsql;
do
./convert-tsql mysql $i;
done > "${POLICYDTABLESSQL}"

[root@mail tmp]# ll policyd-dbtables.vl6f9V4E.sql
-rw------- 1 root root 24846 Mar 19 13:26 policyd-dbtables.vl6f9V4E.sql
@import db
[zimbra@mail ~]$ /opt/zimbra/bin/mysql policyd < /tmp/policyd-dbtables.vl6f9V4E.sql
@Kiểm tra db
[zimbra@mail ~]$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1782
Server version: 10.0.15-MariaDB-log Zimbra binary distribution

Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
| mboxgroup98 |
| mboxgroup99 |
| mysql |
| performance_schema |
| policyd |
| test |
| zimbra |
+--------------------+
106 rows in set (0.00 sec)
MariaDB [(none)]> use policyd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [policyd]> show tables;
+---------------------------+
| Tables_in_policyd |
+---------------------------+
| access_control |
| accounting |
| accounting_tracking |
| amavis_rules |
| checkhelo |
| checkhelo_blacklist |
| checkhelo_tracking |
| checkhelo_whitelist |
| checkspf |
| greylisting |
| greylisting_autoblacklist |
| greylisting_autowhitelist |
| greylisting_tracking |
| greylisting_whitelist |
| policies |
| policy_group_members |
| policy_groups |
| policy_members |
| quotas |
| quotas_limits |
| quotas_tracking |
| session_tracking |
+---------------------------+
22 rows in set (0.00 sec)

MariaDB [policyd]> quit
Bye
@Chỉnh thông số trong file /opt/zimbra/conf/cbpolicyd.conf.in
#Gán user db
[zimbra@mail ~]$ grep -lZr -e ".*sername=.*$" "/opt/zimbra/conf/cbpolicyd.conf.in" | xargs -0 sed -i "s^.*sername=.*$^Username=policyd^g"
#Gán password
[zimbra@mail ~]$ grep -lZr -e ".*assword=.*$" "/opt/zimbra/conf/cbpolicyd.conf.in" | xargs -0 sed -i "s^.*assword=.*$^Password=DiNguyen2o2i^g"
#Gán db
[zimbra@mail ~]$ grep -lZr -e "DSN=.*$" "/opt/zimbra/conf/cbpolicyd.conf.in" | xargs -0 sed -i "s^DSN=.*$^DSN=DBI:mysql:database=policyd_db;host=127.0.0.1;port=7306^g"
#Kiểm tra lại kết quả
[zimbra@mail ~]$ vi /opt/zimbra/conf/cbpolicyd.conf.in

Cấu hình các rules
@Xem db policyd tables
[zimbra@mail ~]$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1818
Server version: 10.0.15-MariaDB-log Zimbra binary distribution

Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use policyd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [policyd]> show tables;
+---------------------------+
| Tables_in_policyd |
+---------------------------+
| access_control |
| accounting |
| accounting_tracking |
| amavis_rules |
| checkhelo |
| checkhelo_blacklist |
| checkhelo_tracking |
| checkhelo_whitelist |
| checkspf |
| greylisting |
| greylisting_autoblacklist |
| greylisting_autowhitelist |
| greylisting_tracking |
| greylisting_whitelist |
| policies |
| policy_group_members |
| policy_groups |
| policy_members |
| quotas |
| quotas_limits |
| quotas_tracking |
| session_tracking |
+---------------------------+
22 rows in set (0.00 sec)
@Sẽ thay đổi nội dung các tables sau:
| policies |
| policy_group_members |
| policy_groups |
| policy_members |
| quotas |
| quotas_limits |

@Xem các policy groups đang có
MariaDB [policyd]> select * from policy_groups;
+----+------------------+----------+---------+
| ID | Name | Disabled | Comment |
+----+------------------+----------+---------+
| 1 | internal_ips | 0 | NULL |
| 2 | internal_domains | 0 | NULL |
+----+------------------+----------+---------+
2 rows in set (0.00 sec)
@Thêm Policy group list_domain
MariaDB [policyd]> INSERT INTO policy_groups (ID, Name,Disabled,Comment) VALUES(3, 'list_domain', 0, 'NULL');
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from policy_groups;
+----+------------------+----------+---------+
| ID | Name | Disabled | Comment |
+----+------------------+----------+---------+
| 1 | internal_ips | 0 | NULL |
| 2 | internal_domains | 0 | NULL |
| 3 | list_domain | 0 | NULL |
+----+------------------+----------+---------+
3 rows in set (0.00 sec)
@Kiểm tra các Policy group member
MariaDB [policyd]> select * from policy_group_members ;
+----+---------------+--------------+----------+---------+
| ID | PolicyGroupID | Member | Disabled | Comment |
+----+---------------+--------------+----------+---------+
| 1 | 1 | 10.0.0.0/8 | 0 | NULL |
| 2 | 2 | @example.org | 0 | NULL |
| 3 | 2 | @example.com | 0 | NULL |
+----+---------------+--------------+----------+---------+
3 rows in set (0.00 sec)
@Xóa các member và thêm member @dinguyen.com
MariaDB [policyd]> DELETE FROM `policy_group_members` WHERE Member='@example.org';
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> DELETE FROM `policy_group_members` WHERE Member='@example.com';
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> DELETE FROM `policy_group_members` WHERE Member='10.0.0.0/8';
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> INSERT INTO `policy_group_members`(ID,PolicyGroupID,Member,Disabled,Comment) VALUES (1,3,'@dinguyen.com',0,'NULL');
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from policy_group_members ;
+----+---------------+--------------------+----------+---------+
| ID | PolicyGroupID | Member | Disabled | Comment |
+----+---------------+--------------------+----------+---------+
| 1 | 3 | @dinguyen.com | 0 | NULL |
+----+---------------+--------------------+----------+---------+
1 row in set (0.00 sec)
#Notes: PolicyGroupID  = 3 --> chính là ID của list_domain trong policy_groups;
@Kiểm tra các polices
MariaDB [policyd]> select * from policies;
+----+------------------+----------+--------------------------------+----------+
| ID | Name | Priority | Description | Disabled |
+----+------------------+----------+--------------------------------+----------+
| 1 | Default | 0 | Default System Policy | 0 |
| 2 | Default Outbound | 10 | Default Outbound System Policy | 0 |
| 3 | Default Inbound | 10 | Default Inbound System Policy | 0 |
| 4 | Default Internal | 20 | Default Internal System Policy | 0 |
| 5 | Test | 50 | Test policy | 0 |
+----+------------------+----------+--------------------------------+----------+
@Kiểm tra các policy members
MariaDB [policyd]> select * from policy_members ;
MariaDB [policyd]> select * from policy_members ;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination | Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL | NULL | 0 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains | NULL | 0 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains | NULL | 0 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains | NULL | 0 |
| 5 | 5 | @example.net | NULL | NULL | 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
5 rows in set (0.00 sec)
@Disable tất cả các policy members trên
MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 2;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 3;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 4;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 5;
Query OK, 1 row affected (0.29 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [policyd]> select * from policy_members ;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination | Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL | NULL | 1 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains | NULL | 1 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains | NULL | 1 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains | NULL | 1 |
| 5 | 5 | @example.net | NULL | NULL | 1 |
+----+----------+-----------------------------------+--------------------+---------+----------+
5 rows in set (0.00 sec)
@Thêm 2 policy members:
From: %list_domain to: !%list_domain --> Gửi từ mail có domain trong list_domain đến các mail khác domain
From: !%list_domain  to: any --> Gửi từ mail có domain 0 nằm trong list_domain đến các mail khác
MariaDB [policyd]> INSERT INTO policy_members (ID,PolicyID,Source,Destination,Comment,Disabled) VALUES(6,1, '%list_domain', '!%list_domain', 'NULL', 0);
Query OK, 1 row affected (0.00 sec)

MariaDB [policyd]> INSERT INTO policy_members (ID,PolicyID,Source,Destination,Comment,Disabled) VALUES(7,1, '!%list_domain', 'any', 'NULL', 0);
Query OK, 1 row affected (0.00 sec)

MariaDB [policyd]> select * from policy_members ;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination | Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL | NULL | 1 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains | NULL | 1 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains | NULL | 1 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains | NULL | 1 |
| 5 | 5 | @example.net | NULL | NULL | 1 |
| 6 | 1 | %list_domain | !%list_domain | NULL | 0 |
| 7 | 1 | !%list_domain | any | NULL | 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
Note: PolicyID=1 --> là ID của Default trong bảng policies.
@Gán Quotas
#Xem các quotas đang có
MariaDB [policyd]> select * from quotas;
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period | Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 | REJECT | NULL | 0 | NULL | 0 |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
2 rows in set (0.00 sec)
#Thêm quota rate_limit
MariaDB [policyd]> INSERT INTO quotas (ID,PolicyID,Name,Track,Period,Verdict,Data,LastQuota,Comment,Disabled) VALUES(3,1,'rate_limit','Sender:user@domain',3600, 'REJECT','NULL',0,'NULL',0);
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from quotas;
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period | Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 | REJECT | NULL | 0 | NULL | 0 |
| 3 | 1 | rate_limit | Sender:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
3 rows in set (0.00 sec)

@Disable 2 quota ID=1 và ID=2
MariaDB [policyd]> UPDATE quotas SET Disabled = 1 WHERE PolicyID = 5;
Query OK, 2 rows affected (1.10 sec)
Rows matched: 2 Changed: 2 Warnings: 0

MariaDB [policyd]> select * from quotas ;
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period | Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 | REJECT | NULL | 0 | NULL | 1 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 | REJECT | NULL | 0 | NULL | 1 |
| 3 | 1 | rate_limit | Sender:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
3 rows in set (0.00 sec)
@Xem các qouta limit đang có
MariaDB [policyd]> select * from quotas_limits ;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL | 0 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL | 0 |
| 3 | 2 | MessageCount | 12 | NULL | 0 |
+----+----------+-----------------------+--------------+---------+----------+
3 rows in set (0.00 sec)
@Disable 3 quota limits trên
MariaDB [policyd]> UPDATE quotas_limits SET Disabled = 1 WHERE ID = 1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE quotas_limits SET Disabled = 1 WHERE ID = 2;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE quotas_limits SET Disabled = 1 WHERE ID = 3;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> select * from quotas_limits ;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL | 1 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL | 1 |
| 3 | 2 | MessageCount | 12 | NULL | 1 |
+----+----------+-----------------------+--------------+---------+----------+
3 rows in set (0.00 sec)
@Thêm quota limit count = 160 cho quota rate_limit ( có ID = 3 trong bảng quotas)
MariaDB [policyd]> INSERT INTO quotas_limits (ID,QuotasID,Type,CounterLimit,Comment,Disabled) VALUES(4,3,'MessageCount',160,'NULL',0);
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from quotas_limits ;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL | 1 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL | 1 |
| 3 | 2 | MessageCount | 12 | NULL | 1 |
| 4 | 3 | MessageCount | 160 | NULL | 0 |
+----+----------+-----------------------+--------------+---------+----------+
4 rows in set (0.00 sec)
@Enable policyd
[root@mail ~]#su - zimbra
[zimbra@mail ~]$zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd
[zimbra@mail ~]$zmprov ms `zmhostname` zimbraCBPolicydQuotasEnabled TRUE
[zimbra@mail ~]$zmcontrol restart
@Kiểm tra log
[zimbra@mail ~]$ tail -f /opt/zimbra/log/cbpolicyd.log


Thursday, March 25, 2021

Chroot là gì ?

Posted on March 25, 2021 by  with No comments




  • Trong Linux ( và các *unix based OS), Thư mục root (/) là thư mục cao nhất (top directory), chứa root file system, các file system khác cũng được mount trên root file system.
  • Khi linux os được khởi động, sẽ có root process với pid = 1, tất cả các process và job khác sẽ là process con của root process. Tất cả các process trong linux có thể truy cập vào 1 file hoặc thư mục trên file system.
  • Chroot là môt thủ tục thay đổi thư mục root cho các tiến trình đang chạy và các tiến trình con của nó. Khi đó process sẽ được chạy trên 1 thư mục có vai trò là thư mục root (khác với thư mục root /), và process với chroot có pid = 1. Và process không thể thấy và truy cập các file ở ngoài thư mục mà nó đang chạy.
  • Thư mục được chroot tạo ra để chạy process như trên gọi là chroot jail
  • Để thực hiện chroot, cần thực hiện gì?
    • Một chương trình (phần mềm) trên linux khi thực thi cần phải gọi đến các chương trình khác đã được cài đặt trên hệ thông (các gọi phụ thuộc và các thư viên/libraries phục vụ cho nó)
    • Khi chroot 1 chương trinh, thì nó chỉ có thể truy cập được các file trong chroot jail, và không thể gọi đến các chương trình và thư viện khác ở ngoài chroot jail. -> Do đó, để chương trình có thể chạy được, chroot jail phải bao gồm các file và thư viện liên quan.
    • Như hình minh họa bên dưới, để  sử dụng chroot, cần có 1 file system như 1 linux file system

                


(Còn nữa ... )



Linux virtual networking

Posted on March 25, 2021 by  with No comments

  1. Bridge

    • Linux bridge hoạt động như network switch. Nó forward packet giữa các interface. Nó thường được sử dụng để forward packet trên routers, gateways, giữa các VMs và network namespace trên 1 host. Bridge hỗ trợ STP, VLAN filter, multicast snooping
                

    • Cli

#brctl show
thiennl@VM-THIENNL:~$ brctl show
bridge name bridge id STP enabled interfaces
br-2d03c46e820a 8000.024213278b6a no
docker0 8000.02421791715d no

thiennl@VM-THIENNL:~$ ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:17:91:71:5d txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

thiennl@VM-THIENNL:~$ ifconfig br-2d03c46e820a
br-2d03c46e820a: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.17.1 netmask 255.255.255.0 broadcast 172.17.17.255
ether 02:42:13:27:8b:6a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0




  • Bonded interface

  • Team Device

  • VLAN: 

    • Virtual LAN. VLAN chia nhỏ miền broadcast bằng cách gán các tags cho các network packets


    • Tạo VLAN
thiennl@ubuntu:~$ ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c3:cb:c6 brd ff:ff:ff:ff:ff:ff
inet 172.17.16.47/24 brd 172.17.16.255 scope global dynamic ens33
valid_lft 1609sec preferred_lft 1609sec
inet6 fe80::20c:29ff:fec3:cbc6/64 scope link
valid_lft forever preferred_lft forever
3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff

thiennl@ubuntu:~$ sudo ip link add link ens38 name ens38.2 type vlan id 2
[sudo] password for thiennl:
thiennl@ubuntu:~$ sudo ip link add link ens38 name ens38.3 type vlan id 3

thiennl@ubuntu:~$ ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c3:cb:c6 brd ff:ff:ff:ff:ff:ff
inet 172.17.16.47/24 brd 172.17.16.255 scope global dynamic ens33
valid_lft 1553sec preferred_lft 1553sec
inet6 fe80::20c:29ff:fec3:cbc6/64 scope link
valid_lft forever preferred_lft forever
3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
4: ens38.2@ens38: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
5: ens38.3@ens38: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
    • Mô hình sau khi tạo vlan


    • Khi tạo vlan trên host, switch kết nối đến host phải hỗ trợ vlan tag (port kết nối đến host là mode trunk)

  • VXLAN

    • VXLAN là 1 tuneling protocol, nó đóng gói L2 frame với 1 VXALN header vào trong 1 UDP-IP packet

    • VXLAN ID (VXLAN Network Identifier) gồm 24bit -> có thể tạo được 2^24 virtual LAN
    • VXLAN thường được triển khai ở các host ảo hóa trong data center



  • MACVLAN

  • IPVLAN

  • MACVTAP/IPVTAP

  • MACsec

  • VETH




Wednesday, February 24, 2021

Subscribe to: Posts (Atom)