postfix mail flow
Receiving Mail
When a message enters the Postfix mail system, the first stop is the incoming queue. The figure below shows the main components that are involved with new mail.
Mail is posted locally. The Postfix sendmail program invokes the privileged postdrop program which deposits the message into the maildrop directory, where the message is picked up by the pickup daemon. This daemon does some sanity checks, in order to protect the rest of the Postfix system.
Mail comes in via the network. The Postfix SMTP server receives the message and does some sanity checks, in order to protect the rest of the Postfix system.
Mail is generated internally by the Postfix system itself, in order to return undeliverable mail to the sender. The bounce or defer daemon brings the bad news.
Mail is forwarded by the local delivery agent, either via an entry in the system-wide alias database, or via an entry in a per-user .forward file. This is indicated with the unlabeled arrow.
Mail is generated internally by the Postfix system itself, in order to notify the postmaster of a problem (this path is also indicated with the unlabeled arrow).The Postfix system can be configured to notify the postmaster of SMTP protocol problems, UCE policy violations, and so on.
The cleanup daemon implements the final processing stage for new mail. It adds missing From: and other message headers, arranges for address rewriting to the standard user@fully.qualified.domain form, and optionally extracts recipient addresses from message headers. The cleanup daemon inserts the result as a single queue file into the incoming queue, and notifies the queue manager of the arrival of new mail. The cleanup daemon can be configured to transform addresses on the basis of canonical and virtua table lookups.
On request by the cleanup daemon, the trivial-rewrite daemon rewrites addresses to the standard user@fully.qualified.domain form.
things to know about apache
Use CustomLog and the rotatelogs programs Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs /path/to/logs/access_log.%Y-%m-%d 86400" combined
How you will put a limit on uploads on your web server? This can be achieved by LimitRequestBody directive.<Directory "/var/www/html/data_uploads"> LimitRequestBody 100000 </Directory>
Here I have put limit of 100000 Bytes
How to enable PHP scripts on your server? If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php
postfix interview questions
When a local email message enters the postfix system. Local messages are deposited into the maildrop directory of the Postfix queue by the postdrop command, usually through the sendmail compatibility program. The pickup daemon reads the message from the queue and feeds it to the cleanup daemon. The cleanup daemon processes all inbound mail and notifies the queue manager after it has placed the cleaned-up message into the incoming queue. The queue manager then invokes the appropriate delivery agent to send the message to its next hop or ultimate destination.
What are the important files for postfix server ?
/etc/postfix/main.cf
/etc/postfix/access
/etc/postfix/aliases
Which command checks for configuration problems?
# postfix check
How you will see the queue of postfix server?
#postqueue -p
or mailq
How can I clear postfix mail server queue?
# postsuper -d ALL
How you will reload the postfix queue?
# postsuper -r ALL
which command is used to find out that postfix is complied with mysql or not?
# postconf -m
nis
regexp
environ
mysql
btree
unix
hash
Explain smtpd_recipient_limit parameter? And what is the default value for this parameter?
The smtpd_recipient_limit parameter can limit the number of recipients allowed in a single incoming message.
The default value for this parameter is 1000.
Explain smtpd_timeout Parameter?
The smtpd_timeout parameter limits the amount of time Postfix waits for an SMTP client request after sending a response. This allows the Postfix administrator to quickly disconnect SMTP servers that "camp out" on the SMTP connection, utilizing system resources for the SMTP connection without actually sending a message.
smtpd_timeout = value
By default, Postfix will assume the value is in seconds.
Explain maximal_queue_lifetime Parameter?
The maximal_queue_lifetime parameter sets the amount of time (in days) that a message remains in the deferred message queue before being returned as undeliverable. The default value is 5 days. Once this value is reached, Postfix returns the message to the sender.
Explain queue_run_delay Parameter?
The queue_run_delay parameter sets the time interval (in seconds) that Postfix scans the deferred message queue for messages to be delivered. The default value for this is 1,000 seconds.
Explain default_destination_concurrency_limit Parameter?
The default_destination_concurrency_limit parameter defines the maximum number of concurrent SMTP sessions that can be established with any remote host. This parameter is related to the SMTP maxprocess parameter in the master.cf configuration file. The maximum number of concurrent SMTP sessions cannot exceed the maxprocess value set for the maximum number of SMTP client processes. Thus, if the default maxprocess value of 50 is used, setting the default_destination_concurrency_limit greater than 50 has no effect.
meaning of 'prefork' MPM and 'worker' MPM in apache
If you are unsure which MPM is built into Apache, it can be determined by running the Apache web server executable with the '-V' option. The output from running the web server executable with this option will be information about how it was configured when built.
Server version: Apache/2.2.1
Server built: Mar 4 2007 20:48:15
Server's Module Magic Number: 20051115:1
Server loaded: APR 1.2.6, APR-Util 1.2.6
Compiled using: APR 1.2.6, APR-Util 1.2.6
Architecture: 32-bit
Server MPM: Worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/usr/local/apache-2.2"
-D SUEXEC_BIN="/usr/local/apache-2.2/bin/suexec"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Which MPM is being used can be determined from the 'Server MPM' field.
On the Windows platform the only available MPM is 'winnt'.
The UNIX 'prefork' MPM¶
This MPM is the most commonly used. It was the only mode of operation available in Apache 1.3 and is still the default mode on UNIX systems in later versions of Apache. In this configuration, the main Apache process will at startup create multiple child processes. When a request is received by the parent process, it will be processed by which ever of the child processes is ready.
Each child process will only handle one request at a time. If another request arrives at the same time, it will be handled by the next available child process. When it is detected that the number of available processes is running out, additional child processes will be created as necessary. If a limit is specified as to the number of child processes which may be created and the limit is reached, plus there are sufficient requests arriving to fill up the listener socket queue, the client may instead receive an error resulting from not being able to establish a connection with the web server.
Where additional child processes have to be created due to a peak in the number of current requests arriving and where the number of requests has subsequently dropped off, the excess child processes may be shutdown and killed off. Child processes may also be shutdown and killed off after they have handled some set number of requests.
Although threads are not used to service individual requests, this does not preclude an application from creating separate threads to perform some specific task.
For the typical 'prefork' configuration where multiple processes are used, the WSGI environment key/value pairs indicating how processes and threads are being used will be as follows.
wsgi.multithread | False |
wsgi.multiprocess | True |
Because multiple processes are being used, a WSGI middleware component such as the interactive browser based debugger described would not be able to be used. If during development and testing of a WSGI application, use of such a debugger was required, the only option which would exist would be to limit the number of processes being used. This could be achieved using the Apache configuration:
StartServers 1
ServerLimit 1
With this configuration, only one process will be started, with no additional processes ever being created. The WSGI environment key/value pairs indicating how processes and threads are being used will for this configuration be as follows.
wsgi.multithread | False |
wsgi.multiprocess | False |
In effect, this configuration has the result of serialising all requests through a single process. This will allow an interactive browser based debugger to be used, but may prevent more complex WSGI applications which make use of AJAX techniques from working. This could occur where a web page initiates a sequence of AJAX requests and expects later requests to be able to complete while a response for an initial request is still pending. In other words, problems may occur where requests overlap, as subsequent requests will not be able to be executed until the initial request has completed.
The UNIX 'worker' MPM¶
The 'worker' MPM is similar to 'prefork' mode except that within each child process there will exist a number of worker threads. Instead of a request only being able to be processed by the next available idle child process and with the handling of the request being the only thing the child process is then doing, the request may be processed by a worker thread within a child process which already has other worker threads handling other requests at the same time.
It is possible that a WSGI application could be executed at the same time from multiple worker threads within the one child process. This means that multiple worker threads may want to access common shared data at the same time. As a consequence, such common shared data must be protected in a way that will allow access and modification in a thread safe manner. Normally this would necessitate the use of some form of synchronisation mechanism to ensure that only one thread at a time accesses and or modifies the common shared data.
If all worker threads within a child process were busy when a new request arrives the request would be processed by an idle worker thread in another child process. Apache may still create new child processes on demand if necessary. Apache may also still shutdown and kill off excess child processes, or child processes that have handled more than a set number of requests.
Overall, use of 'worker' MPM will result in less child processes needing to be created, but resource usage of individual child processes will be greater. On modern computer systems, the 'worker' MPM would in general be the prefered MPM to use and should if possible be used in preference to the 'prefork' MPM.
Although contention for the global interpreter lock (GIL) in Python can causes issues for pure Python programs, it is not generally as big an issue when using Python within Apache. This is because all the underlying infrastructure for accepting requests and mapping the URL to a WSGI application, as well as the handling of requests against static files are all performed by Apache in C code. While this code is being executed the thread will not be holding the Python GIL, thus allowing a greater level of overlapping execution where a system has multiple CPUs or CPUs with multiple cores.
This ability to make good use of more than processor, even when using multithreading, is further enchanced by the fact that Apache uses multiple processes for handling requests and not just a single process. Thus, even when there is some contention for the GIL within a specific process, it doesn't stop other processes from being able to run as the GIL is only local to a process and does not extend across processes.
For the typical 'worker' configuration where multiple processes and multiple threads are used, the WSGI environment key/value pairs indicating how processes and threads are being used will be as follows.
wsgi.multithread | True |
wsgi.multiprocess | True |
Similar to the 'prefork' MPM, the number of processes can be restricted to just one if required using the configuration:
StartServers 1
ServerLimit 1
With this configuration, only one process will be started, with no additional processes ever being created, but that one process would still make use of multiple threads.
The WSGI environment key/value pairs indicating how processes and threads are being used will for this configuration be as follows.
wsgi.multithread | True |
wsgi.multiprocess | False |
Because multiple threads are being used, there would be no problem with overlapping requests generated by an AJAX based web page.
more info here
content of /etc/fstab in linux
/dev/hda2 | / | ext2 | defaults | 1 1 |
/dev/hdb1 | /home | ext2 | defaults | 1 2 |
/dev/cdrom | /media/cdrom | auto | ro,noauto,user,exec | 0 0 |
/dev/fd0 | /media/floppy | auto | rw,noauto,user,sync | 0 0 |
proc | /proc | proc | defaults | 0 0 |
/dev/hda1 | swap | swap | pri=42 | 0 0 |
[Device] [Mount Point] [File System Type] [Options] [Dump] [Pass]
fields | description |
<device> | The device/partition (by /dev location or UUID) that contain a file system. |
<mount point> | The directory on your root file system (aka mount point) from which it will be possible to access the content of the device/partition (note: swap has no mount point). Mount points should not have spaces in the names. |
<file system type> | Type of file system (see LinuxFilesystemsExplained). |
<options> | Mount options of access to the device/partition (see the man page for mount). |
<dump> | Enable or disable backing up of the device/partition (the command dump). This field is usually set to 0, which disables it. |
<pass num> | Controls the order in which fsck checks the device/partition for errors at boot time. The root device should be 1. Other partitions should be 2, or 0 to disable checking. |
auto display script on login
/etc/motd
How to use template tool kit
vi /var/www/cgi-bin/somescript.pl
--------------------------------
#!/usr/bin/perl
use File::Copy;
use strict ;
use warnings;
use Data::Dumper ;
use CGI;
use Template;
use Socket;
print "Content-type: text/html\n\n";
my $remote_host = '59.163.11.66';
exit unless($ENV{REMOTE_ADDR} eq $remote_host );
my $tt = Template->new( INCLUDE_PATH => "/var/www/html/formBackup" ) || die "template process failed: $!";
my $q = new CGI;
my $editfile = "/tmp/aa1.$$" ;
my @allmastercf = qw(/etc/postfix /etc/postfix2nd );
my $hostname = `hostname`;
my %hash = get_ips();
##print Dumper ([\%hash]);
my (%postfixinstance,%ipsfile,%tag,%ips,$ptr,$myip,$iaddr,$name);
my %hash1;
my $ERRORS="";
foreach my $mastercf (@allmastercf) {
copy("$mastercf/master.cf", $editfile);
my @array1;
open (IN,$editfile ) or die "cannot open file ";
# -o smtp_mbind_address=/etc/postfix/ips_intoday
while (<IN>) {
chomp;
next unless /smtp_mbind_address=(\/\S+),?\b/;
push(@array1, $1) ;
}
push(@array1, "$mastercf/ips") ;
close (IN);
my @ips;
my @nofiles ;
my @noips;
foreach my $ipfile (@array1) {
unless(open (IN1, "$ipfile")){
print STDERR "Could not open $ipfile\n";
next;
}
while (<IN1>) {
chomp;
$iaddr = inet_aton("$_"); # or whatever address
$name = gethostbyaddr($iaddr, AF_INET);
push (@ips, "<br>$_ --> $name</br>");
#$hash1{$mastercf}{$ipfile} = "@ips";
}
close (IN1) ;
push @{$hash1{ipandfile}},{ip=>"@ips",ipfile=>$ipfile};
@ips ="";
}
push @{$tag{resulth}},{instance=>$mastercf},{info=>$hash1{ipandfile}};
%hash1 = ();
}
#
# Return a hash array %ret = ( '192.168.2.1' => 'eth0:1' , '192.168.2.2' => 'eth0:2' );
#
#print Dumper ([\%tag]);
$tt->process("serverips.html",\%tag) || die $tt->error();
sub get_ips {
my (%hash);
my ($ifconfig)="/sbin/ifconfig";
my (@lines)=qx|$ifconfig | or die("Can't get info from ifconfig: ".$!);
foreach(@lines){
if(/inet addr:([\d.]+)/){
$hash{$1}++ ;
}
}
return %hash;
}
-----------------------------------------------------------------------------------
vi /var/www/html/formBackup/servreip.html
------------------------------------------------------------------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>netcore Data backup </title>
<link rel="stylesheet" type="text/css" href="/databu/view.css" media="all">
<script type="text/javascript" src="/databu/view.js"></script>
</head>
<body id="main_body1" >
<img id="top" src="/databu/to1p.png" alt="">
<div id="form_container">
<h1><a>EMM server instance ips and PTR </a></h1>
<div class="form_description">
<!--<p>This is the file is written to /etc/backup/BACKUPDAILY</p> -->
</div>
<ul >
<li id="li_1" >
<label class="description" for="element_1">EMM server instance ips and PTR </label>
<table width="681" cellspacing="2" bgcolor="darkGray">
<tbody align="left" valign="baseline" bgcolor="lightGray">
<tr>
<td><h3>Instance</h3> </td>
<td><h3><CENTER>IP ---> PTR </CENTER></h3></td>
<td><h3>IP File</h3></td>
</tr>
[% FOREACH item IN resulth %]
<tr>
<td bgcolor="lightBlue">[% item.instance %]</td></tr>
[% FOREACH item2 IN item.info %]
<tr>
<td> </td>
<td>[% item2.ip %]</td>
<td>[% item2.ipfile %]</td>
</tr>
[% END %]
[% END %]
</tbody>
</table>
</li>
<li class="buttons">
<input type="hidden" name="form_id" value="286586" />
</li>
</ul>
</div>
<img id="bottom" src="/databu/bottom.png" alt="">
</body>
</html>
---------------------