Sysadmin Blog http://www.cyberbyte.ch/blog/index.php Postfix Mail Queue Cleaner http://www.cyberbyte.ch/blog/index.php?entry=entry140414-121759 

#! /bin/bash
if [ "$1" == "" ]; then
  echo "please give e-mail address"
  exit 1
else
  emailaddr=$1
fi
for id in `mailq | egrep "[0-9A-F]{10} " | grep "$emailaddr" | cut -d " " -f 1`
do
  echo $id
  postsuper -d $id
done

]]> DNS Tools http://www.cyberbyte.ch/blog/index.php?entry=entry131022-230042

Download


Download the tarball

Prerequisites


The "dig" tool must be installed on your system, and be allowed to be executed from php. If it doesn't work, e.g. if using safe_mode and/or open_basedir restrictions, add the path where dig is located to the two php options:
open_basedir /usr/bin/dig
safe_mode_exec_dir /usr/bin/
Within a VirtualHost, set with php_admin_value <option>.

In addition, TCP port 43 and UDP port 53 need to be open outbound.

Installation


Extract the content of the archive within your web root of the webserver, e.g.
cd <webroot>
tar xvzf dnstools.tar.gz

Usage


Navigate your web-browser to http://<your_host_name>/dnstools/ and enter either the appropriate form.
]]> QEMU/KVM Virtual Host Manager http://www.cyberbyte.ch/blog/index.php?entry=entry120929-211121 Description
This tiny script shows you a overview of the virtual machines on QEMU/KVM carrier servers using libvirt as management interface.

It can either show all virtual machines or only the running VMs.

Prerequisites


This PHP Script requires PHP extension libvirt-php

Download


Download the gzip'ped tar archive

Installation


Unpack the archive to a webserver document root with direct access to your libvirt hypervisors over TCP Port 16509 or SSH

Adapt at least the variables $dnsdomain and $arr_hosts to your infrastructure and change $comtype to "qemu+ssh" when SSH instead of direct port access is wanted

Try it out using http://yourwebserver/virtmgr/index.php
]]> Postfix Mail Queue Manager http://www.cyberbyte.ch/blog/index.php?entry=entry120929-000000 Description
This PHP script shows the content of the mail queues of multiple servers and give you the possibility to hold, release, delete and reqeue single messages.

If you install a tiny wrapper script on mail servers, you may even remove or requeue multiple messages from a certain sender.

In addition, you can also requeue all messages (sendmail -q).

Download


Download the gzip'ped tar archive

Prerequisites:


On a web- or intranet accessible host (access protection highly recommended!):
- Web Server with PHP script language support (shell_exec function has to be enabled)
- Key-based SSH access to mail servers for webserver user

On mail servers:
- Postfix
- sudo

Installation


Unpack the archive beneath a webserver document root

Adapt the variables $mailservers and $user to your needs, if you like to use the selection by sender e-mail address feature, configure also variable $wrapper_cmd

Add the following lines to /etc/sudoers on the mail server(s), assuming user admin for login to the mail server(s) (change it to your needs):

admin    ALL=(ALL) NOPASSWD: /usr/sbin/postsuper
admin    ALL=(ALL) NOPASSWD: /usr/sbin/postqueue
admin    ALL=(ALL) NOPASSWD: /usr/local/bin/mailqueue.sh
(last line only needed for selection by sender address)

If you want to use the selection by e-mail address feature, put mailqueue.sh to some path on the mail server(s) and make it executable, e.g.:
cp mailqueue.sh /usr/local/bin/mailqueue.sh
chmod 755 /usr/local/bin/mailqueue.sh

Try it out using http://yourwebserver/mailqmgr/index.php]]> Remove Apache VirtualHost section http://www.cyberbyte.ch/blog/index.php?entry=entry120717-000000 perl script removes a VirtualHost configuration section

Call with:
remove_virtual.pl <webname> <apache conf file>

<webname> is to be replaced with the FQDN of the name based virtual host (ServerName)

<apache conf file> is the full path to the apache configuration file that contains the VirtualHost]]> Schweizer Fernsehen (SF) Podcasts http://www.cyberbyte.ch/blog/index.php?entry=entry120716-000000 WDLXV site.

Simply get the file and copy it to /conf/ directory on your WD TV Live wdlxtv pimp'ed box:
 scp dailypodcasts.xml root@ip_of_your_wdtv:/conf/

(if you have trouble downloading the file, e.g. get displayed XML code, use "Save As..." function of your browser)]]> Data Synchronisation scripts for rsync http://www.cyberbyte.ch/blog/index.php?entry=entry071110-000000 shell scripts for synchronize your data using rsync.

You only have to adapt the variables at the beginning of the scripts according your needs.

rsync_home.sh


This one can be used if you have your remote system mounted onto the local file system, e.g. using NFS or SAMBA

Variables:

MOUNTPOINT: Path on local system where you have mounted the exported path of remote system
LOCALDIR: Path on local system from where you want to synchronize (by default your home directory)
EXCLUDEFILE: File where you can enter all path's (one on a line) that shouldn't be transferred
LOGFILE: File to log output of rsync into

rsync_home_ssh.sh


This one is an example if you want to access the remote system over SSH.

Variables:

REMOTEHOST: Full qualified host name of remote system
LOCALDIR: Path on local system from where you want to synchronize (by default your home directory)
REMOTEDIR: directory on remote host after the colon (":") (by default your home directory)
EXCLUDEFILE: File where you can enter all path's (one on a line) that shouldn't be transferred
LOGFILE: File to log output of rsync into

Remote Host can be either preset or passed as a command line parameter.

For not have to type your passphrase for your ssh key every time, you can store it within your SSH agent. ]]> Simple SSL Certificate Authority http://www.cyberbyte.ch/blog/index.php?entry=entry040322-000000
You can obtain a server certificate from Verisign or Entrust but they're quite expensive.

Or you can make them yourself. Here are some tools to get there. I won't provide information about cryptology at all, neither you will find a professional PKI solution here.

Creating your "own CA" makes only sense for sites where encryption should be in place, without providing official trusted credentials. Every user connecting to your secured site get a warning message every time he connects to your site, until he manually accept your CA Certificate.

First you need OpenSSL, the code which deals with digital certificates.
For information on the command options of the OpenSSL tools look at the OpenSSL Documentation (from openssl.org)
Then get the SSL CA-Tools 0.2 (SSL CA-Tools 0.2). This is a version slightly modified so you can also renew certificates easily.
If you do prefer to use the original version, you can find it here: SSL CA-Tools)

The SSL CA-Tools are easy to use scripts which query the necessary information in a dialog and execute the appropriate openssl commands. Untar it somewhere, e.g. under your openssl directory, look at the README, and create a self-signed CA certificate, user- and server certificates and finally sign them with your CA key.]]>