tag:blogger.com,1999:blog-337637442011-11-27T20:13:35.894-05:00Um, a blog.reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.comBlogger191100tag:blogger.com,1999:blog-33763744.post-43560989498305868752008-05-26T03:18:00.000-04:002008-05-26T03:47:55.968-04:00In the middle of a month long holiday in Africa, I finally am at a place where I can connect my notebook to the internet. I have been able to get to my mail via webmail, but I don't have all the filters I like set up on the webmail system, so it is still way to noisy to get past all the mailing lists...<br /><br />IMAP is a blessing. Except when the provider firewall blocks port 993. In this particular case it doesn't block 10993 though, so I decided to set up a proxy which would get me my mail. It was really quite simple.<br /><br />So this is an example of how to use balance on freebsd 7 to set up a proxy for a TCP service. In my case i am proxying imaps via an unprivileged port on my utility server to the imaps port on the actual mail server.<br /><br />I connected to my freebsd box over ublocked ssh and... <br /><br /><pre><br />reed@host $ cd /usr/ports/net/balance<br />reed@host $ sudo make install<br /></pre><br /><br />I did a quick connection test like so:<br /><br /><pre><br />reed@host $ sudo balance -fp 10993 mail.serverbox.com:993<br /></pre><br /><br />and a quick telnet confirmed connection to the destination so I then added some config to rc.conf:<br /><br /><pre><br />### balance <br />balance_enable="YES"<br />balance_hosts="host1"<br />balance_host1_address="my.proxy.box.com"<br />balance_host1_ports="10993"<br />balance_host1_targets="mail.server.box.com:imaps"<br /></pre><br /><br />And I am now receiving and filtering email with Mail...<br /><br />Cake<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-4356098949830586875?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-52643955433576807952008-04-14T11:53:00.000-04:002008-04-14T11:54:14.289-04:00Open the PackageMaker program.<br />Click "Assist me..."<br />Add the files you want to install and give them a destination on the destination drive.<br />Select files appropriate for a Welcome page, README, license, and conclusion.<br />Add a bg image if so desired.<br /><br /><p><br /></p><br />Save and move to the directory in a terminal then<br /><br /><br /><p>$hdiutil create Subversion-1.4.3 -srcFolder ~/projects/Subversion-1.4.3.mpkg<br /></p><br /><p>viola!<br /></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-5264395543357680795?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-27285056890007393252008-04-14T11:21:00.000-04:002008-04-14T11:22:16.536-04:00Aquamacs with Python completion and ipython<br /><br /><ol type="1"><li>Install <a href="http://pymacs.progiciels-bpi.ca/">Pymacs</a> (python setup.py install) </li><li>Make sure you have pymac-services and rebox in your PATH. They install where the python binaries are.</li><li>Install python-mode.el in your site-lisp (/Library/Application\ Support/Emacs/site-lisp (create if necessary))</li><br /><ol><li>from the <a href="http://python-mode.sourceforge.net/">python mode</a> folder copy pycomplete.py to your python site-packages (or otherwise add it to your python path.) and the .el files to your site-lisp directory<br /></li></ol><br /><li>Install <a href="http://ipython.scipy.org/moin/">ipython</a></li><li>edit your .emacs </li></ol><br /><p align="center" class="discreet">(your path may differ, as well as your mileage)</p><br /><pre>(setq auto-mode-alist (cons '("\\.py$" . python-mode) auto-mode-alist))<br />(setq interpreter-mode-alist (cons '("python" . python-mode) interpreter-mode-alist))<br />(autoload 'python-mode "python-mode" "Python editing mode." t)<br />(autoload 'pymacs-load "pymacs" nil t)<br />(autoload 'pymacs-eval "pymacs" nil t)<br />(autoload 'pymacs-apply "pymacs")<br />(autoload 'pymacs-call "pymacs")<br />(require 'pycomplete)<br />(setq ipython-command "/Library/Frameworks/Python.framework/Versions/Current/bin/ipython")<br />(require 'ipython)</pre><br /><br /><br /><br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-2728505689000739325?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-16671864689738591742008-04-08T21:18:00.000-04:002008-04-08T21:49:46.600-04:00As a follow up to <a href="http://reedobrien.blogspot.com/2008/01/apache-round-robin-for-zeoclients.html">Apache Round Robin for ZeoClients</a>: <br /><br />we needed to send session specific things to a single instance.<br /><br />An example of why this is necessary is for <a href="http://pypi.python.org/pypi/collective.captcha/1.3">collective.captcha</a>. If the connections are being round robin-ed you get audio and image files from different instances. That is BAD. It doesn't work.<br /><br />First make sure varnish doesn't cache the captcha images and audio or your captcha protected form page.<br />In varnish.vcl add:<br /><pre><br /># Do NOT cache captcha image, audio, request<br /> if ( req.url ~ "/@@captcha"<br /> || req.url ~ "/contact-info"<br /> ) {<br /> pipe;<br /> }<br /></pre><br /><br />Next we need to map a server to do our captcha stuff. <br />In zopeservers.map add the line:<br /><br /><pre><br />CAPTCHA localhost:6970<br /></pre><br /><br />I will leave it to you to think of how to creatively balance requests to the other instances. Perhaps remove teh one that does some captcha and other special work from ALL, or maybe add the other instances more than once... OK I didn't leave much, but there are probably smarter ways to do it.<br /><br />Finally we need to add a rule for mapping captcha requests to the correct instance.<br />To the appropriate apache.conf (http.conf) add: <br /><br /><pre><br />RewriteRule ^/(@@captcha/(audio|image)|contact-info) \<br /> http://${zopeservers:CAPTCHA}/VirtualHostBase/http/%{SERVER_NAME}:80/msrd/VirtualHostRoot/$1 [L,P]<br /></pre><br /><br /><span style="font-weight:bold;">Don't forget to restart apache and varnish!!</span><br /><br />Thanks to <a href="http://chris.shenton.org/resume/">Chris Shenton</a> for suggesting the solution.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-1667186468973859174?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-80275388391338762622008-02-26T18:04:00.000-05:002008-02-26T18:10:17.796-05:00I was running a buildout and got this error:<br /><br /><pre><br />/psycopg/config.h:119: error: static declaration of 'round' follows non-static declaration</pre><br /><br />I know little to nothing about C so I asked Chris Shenton. He said, "Sounds like it is already defined. Try commenting it out." It worked.<br /><br />I assume this is new in FreeBSD 7 which I am running. So I think this should work:<br /><br /><pre><br />--- psycopg/config.h 2008-02-26 21:47:43 +0000<br />+++ psycopg/config.h 2008-02-26 21:56:06 +0000<br />@@ -113,7 +113,7 @@<br /> #define inline<br /> #endif<br /><br /><br />-#if defined(__FreeBSD__) || (defined(_WIN32) && !defined(__GNUC__)) || defined(__sun__)<br />+#if defined(__FREEBSD__ < 7) || (defined(_WIN32) && !defined(__GNUC__)) || defined(__sun__)<br /> /* what's this, we have no round function either? */<br /> static double round(double num)<br /> {<br /></pre><br /><br />I went to file a bug at initd.org, but their system was down. So I put it here. Thanks for the clue Chris.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-8027538839133876262?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-23402603006074985762008-01-15T18:21:00.000-05:002008-01-15T18:48:03.943-05:00There is a common approach to running Plone/Zope behind some service that distributes requests across numerous ZeoClients. Here's how I have been doing it using Apache (2.2.x).<br /><br /><pre><br /><br /> ________Zeoclient(6968)<br /> | _______ZeoClient(6969)<br />client-->varnish(80)-->apache(81)|<_______ZeoClient(6970)<br /> |________ZeoClient(6971)<br /></pre><br /><br />Everybody knows how to setup varnish, right? So I am only going to show the Apache bits here.<br /><br />First you need a rewrite map.<br /><br /><pre><br />#zopeservers.map<br />ALL localhost:6968|localhost:6969|localhost:6970|localhost:6917<br /></pre><br /><br />Of course there can be more or less hosts in the map and they don't have to be all localhost either.<br /><br />Next you need to enter the right stuff in the apache configuration. As here in a VirtualHost.<br /><br /><pre><br />&lt;VirtualHost *:81&gt;<br />...<br />RewriteMap zopeservers rnd:/usr/local/apache2/conf/zopeservers.map<br />RewriteRule ^/(.*) \<br /> http://${zopeservers:ALL}/VirtualHostBase/http/%{SERVER_NAME}:80/ploneroot/VirtualHostRoot/$1 [L,P]<br />...<br />&lt;/VirtualHost&gt;<br /></pre><br /><br />How does Emiril say... BAM!<br /><br />Not so hard at all. A couple of notes:<br /><br />1. I don't think apache knows how to detect if a client is down or broken. So it will serve up all the errors it gets.<br /><br />2. Varnish doesn't cache https, so it needs to be handled wihtout varnish...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-2340260300607498576?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-39979095503665464952008-01-12T00:19:00.000-05:002008-07-07T21:27:08.080-04:00This week I needed to work with passwords from an OpenLDAP database. I needed to create users and encode their passwords as SSHA. After much googling and reading of authentication code examples, this is what I came up with.<br /><br /><pre><br />import hashlib<br />import os<br />from base64 import urlsafe_b64encode as encode<br />from base64 import urlsafe_b64decode as decode<br /><br />def makeSecret(password):<br /> salt = os.urandom(4)<br /> h = hashlib.sha1(password)<br /> h.update(salt)<br /> return "{SSHA}" + encode(h.digest() + salt)<br /><br />def checkPassword(challenge_password, password):<br /> challenge_bytes = decode(challenge_password[6:])<br /> digest = challenge_bytes[:20]<br /> salt = challenge_bytes[20:]<br /> hr = hashlib.sha1(password)<br /> hr.update(salt)<br /> return digest == hr.digest()<br /></pre><br />Wow, python rules. So first I want to make sure I can validate a password against one generated by slappasswd<br /><pre><br />reedobrien$ slappasswd -s topsecret<br />{SSHA}Ccpjsip2UZL2CR2VsWTH7aF0vWKHQ7jn<br /></pre>And then see if I can validate it<br /><pre><br />>>> checkPassword('{SSHA}Ccpjsip2UZL2CR2VsWTH7aF0vWKHQ7jn',<br />... 'topsecret')<br /> True<br /></pre><br />Next I need to make sure I can generate one that OpenLDAP can use. So I used a script I wrote to create a user in ldap. This time I use the same password and get a different hash which is good.<br /><pre><br />>>> pw = "{SSHA}hq5ROYE8RoLA1Zcz6azgNQP5PkdETocx"<br /></pre> <br />which OpenLDAP represents in LDIFs as base64 encoded<br /><pre><br />...<br /># tester, people, reedobrien.com<br />dn: uid=tester,ou=people,dc=reedobrien,dc=com<br />objectClass: top<br />objectClass: inetOrgPerson<br />uid: tester<br />cn: test test<br />sn: test<br />mail: test@example.com<br />userPassword:: e1NTSEF9MHhaMEdZc2Fob1JNeXZWR2FVdGszS0VwSFZTQnVLTlc=<br />...<br /></pre><br />So I try authenticating:<br /><pre><br />>>> userPasword = "e1NTSEF9MHhaMEdZc2Fob1JNeXZWR2FVdGszS0VwSFZTQnVLTlc="<br /><br />>>> decode(userPassword) == pw<br /> True<br /><br />>>> checkPassword(decode(userPassword), 'topsecret')<br /> True<br /></pre><br />Now I want to make sure it works through the ldap server itself<br />In python:<br /><pre><br /><br />>>> import ldap<br /><br />>>> con = ldap.initialize("ldap://127.0.0.1")<br />>>> con.simple_bind_s('uid=tester,ou=people,dc=reedbrien,dc=com',<br /> 'topsecret')<br /> (97, []) ## indicates success<br /></pre> <br />And not using my stuff.<br /><pre><br />reedobrien$ ldapsearch -x -D "uid=tester,ou=people,dc=reedobrien,dc=com" -w topsecret<br /># extended LDIF<br />#<br /># LDAPv3<br /># base <> with scope sub<br /># filter: (objectclass=*)<br /># requesting: ALL<br />#<br /><br /># search result<br />search: 2<br />result: 32 No such object<br /><br /># numResponses: 1<br /></pre><br /><br />How do they say, `w00t!`<br /><br />So it was cool doing it and it made me feel smart for a minute. I am sure that there is a module or ten out there that already does this, but I couldn't find it. At least it was educational.<br /><br />Unfortunately, after getting it to work; I don't I understand any better what it really does or how SSHA is better than plain old SHA.<br /><br />Oh, well. Hopefully it helps some weary traveller out there one day.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-3997909550366546495?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com1tag:blogger.com,1999:blog-33763744.post-12636590192515859412008-01-11T16:07:00.000-05:002008-01-11T19:02:38.224-05:00Since I said I would on the <a href="http://www.nabble.com/Is-replacing-a-Data.fs-file-a-more-reliable-way-to-migrate-to-a-production-environment-than-is-exporting-to-a-.zexp-file--td14624422s6741.html#a14638084">mailing list/forum</a>.<br /><br />Here it is:<br /><pre><br />import os<br />import shutil<br />import tarfile<br />import tempfile<br /><br />def application(environ, start_response):<br /> status = '200 OK'<br /><br /> tempdir = tempfile.mkdtemp()<br /> datafile = '%s/Data.fs' % tempdir<br /> tarball = '%s.tar.bz2' % os.path.join(tempdir,<br /> os.path.basename(datafile))<br /><br /> ## If I were smarter or had more time<br /> ## I would import from repozo or at<br /> ## least use subprocess<br /> os.system("/usr/local/zope/2.9.7/bin/repozo.py -v -z -R -r \<br /> /usr/local/zope/sites/2.9.7/msrd/zeo/var/backup/ -o %s" % datafile)<br /><br /> out = tarfile.TarFile.open(tarball, 'w:bz2')<br /> os.chdir(tempdir)<br /> out.add('Data.fs')<br /> out.close()<br /><br /><br /> response_headers = [('Content-type', 'application/octet-stream'),<br /> ('Content-Length', str(len(open(tarball).read()))),<br /> ('Content-Disposition',<br /> 'inline; filename="Data.fs.tar.bz2"')]<br /><br /> start_response(status, response_headers)<br /> try:<br /> return [open(tarball, 'rb').read()]<br /> finally:<br /> shutil.rmtree(tempdir)<br /></pre><br />I did it really quick. But it solved my problem very well. It gets a copy of the Data.fs from the last repozo backup. So all developers don't need shell access to the server...<br /><br />A couple things I could see doing that would make this cooler are:<br /><ul><li>Not using os.system</li><li>implement a method to do HEAD requests with the time of the last repozo delta so I don't compress and transfer this beast if there are no changes...<br /></li></ul><br />If you have mod_wsgi installed and working you just need to add something like:<br /><br />WSGIScriptAlias /Data.fs.tar.bz2 /usr/local/apps/getDataArchived.py<br /><br />to the appropriate configuration file.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-1263659019251585941?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com1tag:blogger.com,1999:blog-33763744.post-55393454074106665122007-12-16T22:19:00.000-05:002008-01-11T19:03:33.597-05:00<h3>Migrate SVN</h3><br />Description:<br /><br />Instructions to migrate a sub repository to it's own repository.<br /><span style="font-weight: bold;"><br /></span>Get a copy of the repo:<br /><div class="section" id="migrate-svn"><pre class="literal-block"> cp -r me@myserver:/usr/local/data/svn/myrepo .<br /></pre>Dump it:<pre class="literal-block"><br />svnadmin dump --quiet myrepo &gt; myrepo.DUMP<br /></pre>Filter the hunk you want:<br /><pre class="literal-block"><br />cat myrepo.DUMP | svndumpfilter include MySubProject &gt; MySubProject.DUMP|more<br /></pre><p>copy it to the new server (omit this if doing it on the new server):</p><pre class="literal-block"><br />scp MySubProject.DUMP robrien@myotherserver:~/<br /><br /></pre><p>Logon:</p><pre class="literal-block"><br /> ssh robrien@myotherserver<br /></pre><p>Create a new repo:</p><pre class="literal-block"><br /> sudo ./bin/svnadmin create /usr/local/repos/MySubProject<br /> sudo chown -R www:www /usr/local/repos/<br /></pre><p>Load the repo:</p><pre class="literal-block"> sudo svnadmin load --quiet /usr/local/repos/MySubProject &lt; /usr/home/robrien/MySubProject.DUMP<br /><br /></pre>Done.<br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-5539345407410666512?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-48077799128273952852007-10-29T21:26:00.000-04:002008-01-11T19:04:48.104-05:00<span style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 0, 0);">This entry attempts to give instructions for how to build the Python Imaging Library (PIL) on Mac OSX.</span><br /><br />#download and untar the jpeg library</span><br /><span style="color: rgb(0, 153, 0);">#see here for location http://www.ijg.org/</span><br /><pre>curl http://path/to/jpegsrc.v6b.tar.gz | tar zxf -</pre><span style="color: rgb(0, 153, 0);">#change directory to</span><br /><pre>cd jpeg-6b</pre><span style="color: rgb(0, 153, 0);">#run configure</span><br /><pre>./configure CFLAGS='-fPIC'</pre><span style="color: rgb(0, 153, 0);">#run make</span><br /><pre>make</pre><span style="color: rgb(0, 153, 0);">#Run make install</span><br /><pre>sudo make install</pre><span style="color: rgb(0, 153, 0);">#run ranlib</span><br /><pre>ranlib libjpeg.a</pre><span style="color: rgb(0, 153, 0);">#copy the lib file to lib</span><br /><pre>cp libjpeg.a /usr/local/lib</pre><span style="color: rgb(0, 153, 0);">#copy headers to include</span><br /><pre>cp *.h /usr/local/include</pre><span style="color: rgb(0, 153, 0);">#make this your real python</span><br /><pre>PYTHON_COMMAND="/path/to/your/python"</pre><span style="color: rgb(0, 153, 0);">#get and untar the PIL source</span><br /><pre>curl http://path/to/Imaging-1.1.6.tar.gz | tar zxf -</pre><span style="color: rgb(0, 153, 0);"># cd</span><br /><pre>cd Imaging-1.1.6</pre><span style="color: rgb(0, 153, 0);"># copy setup out of it's way</span><br /><pre>mv setup.py setup.py.tmp</pre><span style="color: rgb(0, 153, 0);"># set up a replacement command</span><br /><span style="color: rgb(0, 153, 0);"># you can do edit setup.py by hand if you wish</span><br /><pre>SED_CMD="s|JPEG_ROOT = None|JPEG_ROOT = libinclude(\"/usr/local/lib\")|; s|ZLIB_ROOT = None|ZLIB_ROOT = libinclude(\"/usr/local/lib\")|;"</pre><span style="color: rgb(0, 153, 0);">#replace the stock jpg locations with the new ones you made</span><br /><pre>cat setup.py.tmp | sed -e "$SED_CMD" > setup.py</pre><span style="color: rgb(0, 153, 0);">#build it</span><br /><pre>$PYTHON_COMMAND setup.py build_ext -i</pre><span style="color: rgb(0, 153, 0);">#test it</span><br /><pre>$PYTHON_COMMAND selftest.py</pre><span style="color: rgb(0, 153, 0);">#install it</span><br /><pre>sudo $PYTHON_COMMAND setup.py install</pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-4807779912827395285?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-18357242347617254752007-10-24T14:34:00.000-04:002007-10-24T14:44:20.267-04:00Today there was a situation where someone made a permission change that made Plone inaccessible. The ZMI was also inaccessible (by design (not mine)). We could get access to the filesystem, however. So after a couple attempts at undos through in debug....There were issues with permissions and RESPONSE objects and all the other Zope machinery. So I tried mounting a ZODB directly and undoing transactions. The following worked great for me:<br /><br /><pre><br />filename = "/Users/reedobrien/instances/zeo/msrd/var/Data.fs"<br />import ZODB.FileStorage<br />import ZODB.DB<br />storage = ZODB.FileStorage.FileStorage(filename)<br />DB = ZODB.DB(storage)<br />txs = DB.undoLog()[::-1]<br />DB.undo(id=txs[0]['id'])<br />import transaction; transaction.commit()<br /></pre><br /><br />Maybe the wrong way and YMMV, but it stayed in one piece for me.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-1835724234761725475?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-91236748598889792092007-08-14T10:26:00.000-04:002007-08-14T10:29:05.078-04:00<h2>Create a key pair</h2><pre>mack:~ reedobrien$ ssh-keygen -t rsa -f ~/.ssh/id_rsa<br />Generating public/private rsa key pair.<br />Enter passphrase (empty for no passphrase):<br />Enter same passphrase again:<br />Your identification has been saved in /Users/reedobrien/.ssh/id_rsa.<br />Your public key has been saved in /Users/reedobrien/.ssh/id_rsa.pub.<br />The key fingerprint is:<br />bd:6c:18:e3:1a:46:5f:3d:d9:95:ed:82:6b:ea:6b:ec<br /><br /></pre><h2>Add the public Key to the server where you want to authenticate</h2><pre>mack:~ reedobrien$ scp ~/.ssh/id_rsa.pub username@remoteserver:~/.ssh/id_rsa.pub<br />mack:~ reedobrien$ ssh -l username remoteserver<br />password: ********<br />remoteserver:~ username$ cat ~/.ssh/id_rsa.pub &gt;&gt; ~/.ssh/authorized_keys<br />remoteserver:~ username$ exit<br /><br /></pre><span style="font-style: italic;">NOTE: There are many more advanced features, configurations, identity management things that can be done not covered here.</span><br /><h2>Test</h2><br /><pre>mack:~ reedobrien$ ssh -l robrien remoteserver<br />Last login: Mon Aug 13 22:28:10 2007 from 131.182.85.5<br />Welcome to A Better World!<br />remoteserver:~ robrien$</pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-9123674859888979209?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-42086292173081961532007-08-02T23:32:00.000-04:002007-08-03T00:33:06.718-04:00The solution in my earlier post doesn't fly in zope3. To get it to work in zope3 I modified:<br />~/instances/z3/bin/debugzope<br /><br /><br /><pre>if __name__ == '__main__': db = startup()<br /> del startup<br /> from zope.app.debug import Debugger<br /> debugger = app = Debugger.fromDatabase(db)<br /> root = app.root()<br /> del db<br /> del Debugger<br /> <span style="color: rgb(0, 102, 0);">import IPython</span><br /> <span style="color: rgb(0, 102, 0);">IPython.Shell.IPShell(user_ns={'root': root,<br /></span><span style="color: rgb(0, 102, 0);"> 'app': app,</span> <br /> <span style="color: rgb(0, 102, 0);"> 'top' : app.root() </span><br /><span style="color: rgb(0, 102, 0);"> </span><span style="color: rgb(0, 102, 0);">}).mainloop(sys_exit=1)</span></pre><span style="color: rgb(0, 102, 0);"></span><br /><br />I haven't figured out much about how the debugger differs in Zope3. But it gives me top as app.root().<br /><br /><br /><br /><pre><br />In [1]: print top.items()<br />&lt;OOBTreeItems object at 0x355c598&gt;<br /><br />In [2]: app.root()['foo']<br />Out[2]: &lt;zope.app.folder.folder.Folder object at 0x36dfef0&gt;<br /><br />In [3]: top<br />Out[3]: &lt;zope.app.folder.folder.Folder object at 0x36a27f0&gt;<br /><br />In [4]: top['foo']<br />Out[4]: &lt;zope.app.folder.folder.Folder object at 0x36df830&gt;<br /><br />In [5]: print [x for x in top.items()]<br />[(u'foo', &lt;zope.app.folder.folder.Folder object at 0x36df830&gt;)]<oobtreeitems><zope.app.folder.folder.folder><zope.app.folder.folder.folder><zope.app.folder.folder.folder><zope.app.folder.folder.folder><oobtreeitems><zope.app.folder.folder.folder><zope.app.folder.folder.folder><zope.app.folder.folder.folder><zope.app.folder.folder.folder></zope.app.folder.folder.folder></zope.app.folder.folder.folder></zope.app.folder.folder.folder></zope.app.folder.folder.folder></oobtreeitems></zope.app.folder.folder.folder></zope.app.folder.folder.folder></zope.app.folder.folder.folder></zope.app.folder.folder.folder></oobtreeitems></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-4208629217308196153?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-65200239404706197322007-07-01T15:56:00.000-04:002008-02-11T17:19:49.173-05:00A long time ago (6mos? a year) I got tired of manually typing support for history and tab completion into the zope debugger. So I just hooked the debug command up to read my .pythonrc file by importing user in the do_debug method of zopectl.py.<pre>def do_debug(self, arg):<br /> cmdline = self.get_startup_cmd(self.options.python + ' -i',<br /> "import Zope2; app=Zope2.app(); import user;")</pre>Today I tried getting ipython working as described in the <a href="http://plone.org/documentation/how-to/setup-ipython-for-zope">plone docs.</a> I also tried <a href="http://vanrees.org/weblog/topics/sorrentosprint2007">vanrees notes</a><div> and a couple others. I could not get it going though. So I decided to return to the hack above and extend it to load ipython.</div><pre>def do_debug(self, arg):<br /> cmdline = self.get_startup_cmd(self.options.python + ' -i',<br /> "import Zope2; app=Zope2.app(); import user; <br /> ns={'__name__':'msrd','app':app}; import IPython; <br /> IPython.Shell.IPShell(user_ns=ns).mainloop(sys_exit=1);")</pre>Poof, now debug comes up with ipython. Yay... What does that mean you may ask?<div><br /></div><blockquote><plonesite at="" msrd="">In [2]: ??app.msrd<br />Type: ImplicitAcquirerWrapper<br />Base Class: <class><br />String Form: <plonesite at="" msrd=""><br />Namespace: Interactive<br />Length: 1<br />Docstring [source file open failed]:<br />Make PloneSite subclass CMFSite and add some methods.<br />This will be useful for adding more things later on.<br /></plonesite></class></plonesite></blockquote><div>I know this is probably the wrong way to do this, but nyah nyah. It is working now. I do welcome feedback...</div><br /><br /><div>As a note: I also have import user in my args. This picks up stuff from your file defined in PYTHONSTARTUP. But then if you already use PYTHONSTARTUP you probably already know that.</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-6520023940470619732?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com1tag:blogger.com,1999:blog-33763744.post-36388684972461921232007-01-19T20:23:00.000-05:002007-01-19T21:30:22.106-05:00Today someone changed the ip on a dev box running an instance that had the ip as part of the url in CacheFu. So of course it won't load a page anymore. What to do? reinstall? nah. Let 's think for a second. Plone is a nice interface to Zope/CMF. Zope/CMF is a lovely interface to ZODB. ZODB is a persistence engine for Python objects. CacheFu's settings are persisted as atributes of a cache object in the ZODB. Let's just fix it directly....<br /><br /><br /><blockquote>/usr/local/{instance}<instance>/bin/zopectl debug<br />Starting debugger (the name "app" is bound to the top-level Zope object)<br />...{ 8< snip } ...<br />>>> import readline, rlcompleter, transaction<br />>>> readline.parse_and_bind("tab: complete")<br /><span style="color: rgb(0, 153, 0);"># now we have tab completion</span><br /><span style="color: rgb(0, 153, 0);"># bind the plone root to s</span><br />>>> s = app.itcd<br /><span style="color: rgb(0, 153, 0);"># bind our (s)ites cache settings to cc</span><br />>>> cc = s.portal_cache_settings<br />>>> cc.getDomains()<br />('http://1.2.3.4:80',) <span style="color: rgb(0, 153, 0);">## <<== look there is our old value!!</span><br /># yup it needs to be this new value<br />>>> cc.setDomains("http://4.3.2.1:8080")<br /><span style="color: rgb(0, 153, 0);"># and persisted. Otherwise it will be aborted at exit</span><br />>>> transaction.commit() </instance></blockquote><br />That was easy, no?<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-3638868497246192123?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-29872304256976607852007-01-05T19:51:00.000-05:002007-01-05T20:10:08.960-05:00<pre><br /><span style="color: rgb(0, 153, 0);">#!/usr/bin/env python</span><br /><span style="color: rgb(0, 153, 0);">#-------------------------------------------------------------</span><br /><span style="color: rgb(0, 153, 0);"># Name: finder.py</span><br /><span style="color: rgb(0, 153, 0);"># Purpose: This is a script to search through Posfix </span><br /><span style="color: rgb(0, 153, 0);"># and spamd logs for the last x days and return </span><br /><span style="color: rgb(0, 153, 0);"># hits. Mostly it is a quick and dirty way to </span><br /><span style="color: rgb(0, 153, 0);"># find entris regarding emails blocked by </span><br /><span style="color: rgb(0, 153, 0);"># spamd/postfix </span><br /><span style="color: rgb(0, 153, 0);"># Author: Reed L. O'Brien reed at reedobrien com</span><br /><span style="color: rgb(0, 153, 0);"># </span><br /><span style="color: rgb(0, 153, 0);"># Created: 2007-01-05</span><br /><span style="color: rgb(0, 153, 0);"># Modified: 2007-01-05</span><br /><span style="color: rgb(0, 153, 0);"># Copyright: (c) Reed L. O'Brien 2007</span><br /><span style="color: rgb(0, 153, 0);"># License: DWYWWI (improvements welcome) </span><br /><span style="color: rgb(0, 153, 0);">#-------------------------------------------------------------- </span><br /><br /><br /><span style="color: rgb(0, 153, 0);">#Do the imports</span><br />import os, re, bz2, sys, time<br /><br /><span style="color: rgb(0, 153, 0);"># make sure there is a regex</span><br />try:<br /><span style="color: rgb(0, 153, 0);"> # compile the regex</span><br /> regx = re.compile(sys.argv[1], re.IGNORECASE)<br />except IndexError:<br /> print """<br /> usage:<br /> finder <exp> [days back to search]<br /><br /> ex: finder foobar 2<br /> will find all occurences of 'foobar' in the last 2<br /> days of spamd and maillog files.\n\tThe number of days<br /> is optional and defaults to 1 if not given."""<br /> sys.exit(0)<br /><br /><span style="color: rgb(0, 153, 0);"># empty list to store hits in</span><br />found = []<br /><br /><span style="color: rgb(0, 153, 0);"># move to the log directory</span><br />os.chdir('/var/log')<br /><span style="color: rgb(0, 153, 0);"># Start a counter for the number counted</span><br />s = 0<br /><br /><span style="color: rgb(0, 153, 0);">#get and set days</span><br />try:<br /> days = int(sys.argv[2])<br />except:<br /> days = 1<br /><span style="color: rgb(0, 153, 0);"># Get a list of qualifying files NOTE: you may need stat(x).[st_ctime|st_mtime] depending on your OS</span><br />L = [f for f in os.listdir('.')<br /> if os.stat(f).st_birthtime > time.time() - (days * 86400)<br /> and (f.startswith('spamd') or f.startswith('maillog'))]<br /><span style="color: rgb(0, 153, 0);"># get a count of how many files to search</span><br />n = len(L)<br /><br /><span style="color: rgb(0, 153, 0);"># start a loop on the list</span><br />for f in L:<br /><span style="color: rgb(0, 153, 0);"> # If it is a bz2 open it as a bz2 object</span><br />if (f.startswith('spamd') or f.startswith('maillog')) and f.endswith('2'):<br /><span style="color: rgb(0, 153, 0);"> # tell em what is happening</span><br /> sys.stdout.write("\rsearching: %2s remain %s " % (f,n))<br /> sys.stdout.flush()<br /><span style="color: rgb(0, 153, 0);"> # set a line count</span><br /> c = 1<br /><span style="color: rgb(0, 153, 0);"> # get a handle on the file</span><br /><span style="color: rgb(0, 153, 0);"> </span> handle = bz2.BZ2File(f)<br /><span style="color: rgb(0, 153, 0);"> # iterate through the lines</span><br /><span style="color: rgb(0, 153, 0);"> </span> for line in handle:<br /><span style="color: rgb(0, 153, 0);"> # if the regex is found</span><br /> if regx.search(line):<span style="color: rgb(0, 153, 0);"><br /> # append the filename, line count and line content to the found list</span><br /> found.append("%-10s : %s\n%s" % (c, f, line))<br /><span style="color: rgb(0, 153, 0);"> # increment the line count</span><br /> c += 1<br /> else:<br /> <span style="color: rgb(0, 153, 0);"> # or just increment the count if no regex match </span><br /> c += 1<br /><span style="color: rgb(0, 153, 0);"> # decrement the number of files remaining</span><br /> n -= 1 <br /><span style="color: rgb(0, 153, 0);"> # increment the number of files searched</span><br /> s += 1<br /><br /><span style="color: rgb(0, 153, 0);"> ## DO the same as above as a regular file object if not a bz2 file SEE NOTES FOR last loop</span><br />if (f.startswith('spamd') or f.startswith('maillog')) and not f.endswith('2'):<br /> sys.stdout.write("\rsearching: %2s remain %s " % (f,n))<br /> sys.stdout.flush()<br /> c = 1<br /> handle = open(f)<br /> for line in handle:<br /> if regx.search(line):<br /> found.append("%-10s : %s\n%s" % (c, f, line))<br /> c += 1<br /> else:<br /> c += 1<br /> n -= 1<br /> s += 1<br /><span style="color: rgb(0, 153, 0);"> ##make some space to overwrite the sys.stdout text </span><br />print '\n\n\n\n\n'<br />print 'Searched:', s # Print how many files were searched<br /><br /><span style="color: rgb(0, 153, 0);">#print the results from the found list.</span><br />for x in found:<br />print x<br /></exp></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-2987230425697660785?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-1167331619308366202006-12-28T13:46:00.000-05:002006-12-28T17:28:22.387-05:00<pre wrap="">for word based delims in text:<br />em = re.compile(r<a class="moz-txt-link-rfc2396E" href="mailto:%5Cb%5B%27A-Z0-9._%-%5D+@%5BA-Z0-9.-%5D+%5C.%5BA-Z%5D%7B2,4%7D%5Cb">"\b['A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b"</a>,<br /> re.IGNORECASE)<br /><br /><br />for start and endline delims:<br />em = re.compile(r<a class="moz-txt-link-rfc2396E" href="mailto:%5E%5B%27A-Z0-9._%-%5D+@%5BA-Z0-9.-%5D+%5C.%5BA-Z%5D%7B2,4%7D$">"^['A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$"</a>,<br /> re.IGNORECASE)</pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-116733161930836620?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-1166138152724855682006-12-14T15:02:00.000-05:002007-08-08T12:50:47.196-04:00<span><span style="color: rgb(0, 102, 0);"><span style="font-weight: bold;">untested but should be pretty close<br /><br /></span></span></span><span style="font-style: italic;">##Assumes Freebsd built with postfix and pf:</span><br /><span style="font-style: italic;">##requires spamd</span><br /><br /><span style="font-style: italic; color: rgb(0, 102, 0);">#Add line to /etc/fstab</span><br /><span style="color: rgb(0, 0, 0);"># Device Mountpoint FStype Options Dump Pass</span><br /><span style="color: rgb(0, 0, 0);">fdescfs /dev/fd fdecfs rw 0 0<br /><br /><span style="color: rgb(0, 102, 0);"># mount it</span><br /></span><span style="font-weight: bold;">sudo mount -a</span><br /><br /><span style="font-style: italic; color: rgb(0, 102, 0);">## build spamd</span><br /><span style="font-weight: bold;">cd /usr/ports/mail/spamd &&amp; sudo make install<br /><br /></span><span style="font-style: italic; color: rgb(0, 102, 0);">#answer yes</span><br /><span style="font-style: italic;">This system has no entry for spamd in /etc/services</span><br /><span style="font-style: italic;">Would you like to add it automatically? (y/n) [y]?</span><span style="font-weight: bold;"> y<br /></span><span style="font-style: italic;">This system has no entry for spamd-cfg in /etc/services</span><br /><span style="font-style: italic;">Would you like to add it automatically? (y/n) [y]?</span><span style="font-weight: bold;"> y<br /></span><span style="font-style: italic;"><br /></span><span style="font-style: italic;"><span style="color: rgb(0, 102, 0);"><br /># setup spamd.conf</span><br /></span><span style="color: rgb(0, 0, 0);">all:\</span><br /><span style="color: rgb(0, 0, 0);"> :spamhaus:spamhausDROP:whitelist:spews1:spews2:china:korea:becks:blacklist:</span><br /><br /><span style="color: rgb(0, 0, 0);"># Mirrored from http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2</span><br /><span style="color: rgb(0, 0, 0);">spamhaus:\</span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg="SPAM. Your address %A is in the Spamhaus Block List\n\</span><br /><span style="color: rgb(0, 0, 0);"> See http://www.spamhaus.org/sbl and\</span><br /><span style="color: rgb(0, 0, 0);"> http://www.abuse.net/sbl.phtml?IP=%A for more details":\</span><br /><span style="color: rgb(0, 0, 0);"> :method=http:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=www.openbsd.org/spamd/SBL.cidr.gz:</span><br /><br /><span style="color: rgb(0, 0, 0);">spamhausDROP:\</span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg="SPAM. Your address %A is in the Spamhaus DROP List\n\</span><br /><span style="color: rgb(0, 0, 0);"> See http://www.spamhaus.org/sbl and\</span><br /><span style="color: rgb(0, 0, 0);"> http://www.abuse.net/sbl.phtml?IP=%A for more details":\</span><br /><span style="color: rgb(0, 0, 0);"> :method=http:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=www.spamhaus.org/DROP/drop.lasso:</span><br /><br /><span style="color: rgb(0, 0, 0);">becks:\ <span style="color: rgb(255, 0, 0); font-style: italic;"># experimental, probably blocks some good ips </span></span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg="SPAM. Your address %A has sent spam within the last 24 hours":\</span><br /><span style="color: rgb(0, 0, 0);"> :method=http:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=www.openbsd.org/spamd/traplist.gz</span><br /><br /><br /><span style="color: rgb(0, 0, 0);"># Mirrored from http://www.spews.org/spews_list_level1.txt</span><br /><span style="color: rgb(0, 0, 0);">spews1:\</span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg="SPAM. Your address %A is in the spews level 1 database\n\</span><br /><span style="color: rgb(0, 0, 0);"> See http://www.spews.org/ask.cgi?x=%A for more details":\</span><br /><span style="color: rgb(0, 0, 0);"> :method=http:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=www.openbsd.org/spamd/spews_list_level1.txt.gz:</span><br /><br /><span style="color: rgb(0, 0, 0);"># Mirrored from http://www.spews.org/spews_list_level2.txt</span><br /><span style="color: rgb(0, 0, 0);">spews2:\</span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg="SPAM. Your address %A is in the spews level 2 database\n\</span><br /><span style="color: rgb(0, 0, 0);"> See http://www.spews.org/ask.cgi?x=%A for more details":\</span><br /><span style="color: rgb(0, 0, 0);"> :method=http:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=www.openbsd.org/spamd/spews_list_level2.txt.gz:</span><br /><br /><span style="color: rgb(0, 0, 0);"># Mirrored from http://www.okean.com/chinacidr.txt</span><br /><span style="color: rgb(0, 0, 0);">china:\</span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg="SPAM. Your address %A appears to be from China\n\</span><br /><span style="color: rgb(0, 0, 0);"> See http://www.okean.com/asianspamblocks.html for more details":\</span><br /><span style="color: rgb(0, 0, 0);"> :method=http:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=www.openbsd.org/spamd/chinacidr.txt.gz:</span><br /><br /><span style="color: rgb(0, 0, 0);"># Mirrored from http://www.okean.com/koreacidr.txt</span><br /><span style="color: rgb(0, 0, 0);">korea:\</span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg="SPAM. Your address %A appears to be from Korea\n\</span><br /><span style="color: rgb(0, 0, 0);"> See http://www.okean.com/asianspamblocks.html for more details":\</span><br /><span style="color: rgb(0, 0, 0);"> :method=http:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=www.openbsd.org/spamd/koreacidr.txt.gz:</span><br /><br /><br /><span style="color: rgb(0, 0, 0);"># Whitelists are done like this, and must be added to "all" after each</span><br /><span style="color: rgb(0, 0, 0);"># blacklist from which you want the addresses in the whitelist removed.</span><br /><span style="color: rgb(0, 0, 0);">#</span><br /><span style="color: rgb(0, 0, 0);">whitelist:\</span><br /><span style="color: rgb(0, 0, 0);"> :white:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=/var/mail/whitelist.txt:</span><br /><br /><span style="color: rgb(0, 0, 0);">blacklist:\</span><br /><span style="color: rgb(0, 0, 0);"> :black:\</span><br /><span style="color: rgb(0, 0, 0);"> :msg=/var/mail/blackmsg.txt:\</span><br /><span style="color: rgb(0, 0, 0);"> :method=file:\</span><br /><span style="color: rgb(0, 0, 0);"> :file=/var/mail/blacklist.txt:</span><br /><span style="font-weight: bold;"><br /></span><span style="color: rgb(0, 102, 0);"># touch the spamd and chown it<span style="font-weight: bold;"></span></span><span style="font-weight: bold;"><br />sudo touch /var/db/spamd &&amp; sudo chown nobody:wheel /var/db/spamd<br /></span><br /><span style="color: rgb(0, 102, 0);">#create the inital log file<br /><span style="font-weight: bold;"><span style="color: rgb(0, 0, 0);">sudo touch /var/log/spamd</span></span><br /><br /># make spamd log in it's own log in /etc/syslog.conf<br /><span style="color: rgb(0, 0, 0);">!spamd</span><br /><span style="color: rgb(0, 0, 0);">*.* /var/log/spamd<br /><br /><br /><span style="color: rgb(0, 102, 0);">#restart it<br /><span style="color: rgb(0, 0, 0); font-weight: bold;">sudo /etc/rc.d/syslogd restart</span><br /><br /><br /># make it rotate IN /etc/newsyslog.conf</span><br /></span></span><span style="font-style: italic; color: rgb(0, 0, 0);"></span><span style="font-weight: bold; color: rgb(0, 0, 0);"></span>/var/log/spamd 640 1000 * @T00 JC<br /><br /><span style="color: rgb(0, 102, 0);">#edit pf.conf</span><br /><span style="color: rgb(0, 0, 0);"># macros<br />nic = "xl0"<br /><br />tcp_services = "{ 22, 25, 8080}"<br />icmp_types = "echoreq"<br />udp_services = "{ 123, 53 }"<br />web_service = "{ 80 }"<br />mail_host = "127.0.0.1"<br /><br />priv_nets = "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }"<br />my_nets = "{ 192.168.68.0/24}"<br /><br /># options<br />set block-policy return<br />set loginterface $nic<br />set skip on lo0<br /><br /># scrub<br />scrub in all<br /><br />#########<br />## Spamd<br />#########<br /><br /># grey host list<br />table <spamd> persist<br /><br />#white host list<br />table <spamd-white> persist<br />table <spamd-mywhite> persist file "/var/mail/whitelist.txt"<br /><br /># forward white listed ips<br />rdr pass on $nic inet proto tcp from <spamd> to $nic port smtp -> 127.0.0.1 port 8025<br /><br />rdr pass on $nic proto tcp from <spamd-mywhite> to $nic port smtp -> $mail_host port smtp<br /><br />rdr pass on $nic proto tcp from <spamd-white> to $nic port smtp -> $mail_host port smtp<br /><br /># send all suspects to the spamd daemon<br /><br />rdr pass on $nic inet proto tcp from !<spamd-white> to $nic port smtp -> 127.0.0.1 port 8025<br /><br />rdr pass on $nic inet proto tcp from any to $nic port smtp -> $mail_host port smtp<br /><br /># filter rules<br />block all<br /><br />block drop in quick on $nic from $priv_nets to any<br />block drop out quick on $nic from any to $priv_nets<br /><br />pass in on $nic inet proto tcp from any to $nic port smtp flags S/SA keep state<br /><br />pass in on $nic inet proto tcp from $my_nets to $nic port $tcp_services flags S/SA keep state<br /><br />pass in on $nic inet proto tcp from any to $nic port $web_service flags S/SA keep state<br /><br />pass in on $nic inet proto udp from any to $nic port $udp_services<br /><br />pass in on $nic inet proto udp from any to $nic port 123<br /><br />pass in inet proto icmp all icmp-type $icmp_types keep state<br /><br />pass out on $nic proto tcp all modulate state flags S/SA<br />pass out on $nic proto { udp, icmp } all keep state<br /><br />#make /var/mail/whitelist.txt<br />#FDS<br />192.251.225.192/26<br />#apple<br />17.0.0.0/8<br />#aol.com<br />152.163.225.0/24<br />205.188.139.0/24<br />205.188.144.0/24<br />205.188.156.0/23<br />205.188.159.0/24<br />64.12.136.0/23<br />64.12.138.0/24<br />152.163.225.0/24<br />205.188.139.0/24<br />205.188.144.0/24<br />205.188.156.0/23<br />205.188.159.0/24<br />64.12.136.0/23<br />64.12.138.0/24<br />#amazon.com<br />207.171.160.0/19<br />87.238.80.0/21<br />72.21.196.0/24<br />72.21.208.0/24<br />207.171.160.32/28<br />207.171.180.176/28<br />207.171.164.32/28<br />207.171.190.0/28<br />87.238.80.24/29<br />87.238.84.24/29<br />72.21.196.0/24<br />72.21.208.0/24<br />#_spf.google.com<br />216.239.56.0/23<br />64.233.160.0/19<br />66.249.80.0/20<br />72.14.192.0/18<br />#spf-a.hotmail.com<br />209.240.192.0/19<br />65.52.0.0/14<br />131.107.0.0/16<br />157.54.0.0/15<br />157.56.0.0/14<br />157.60.0.0/16<br />167.220.0.0/16<br />204.79.135.0/24<br />204.79.188.0/24<br />204.79.252.0/24<br />207.46.0.0/16<br />199.2.137.0/24<br />#spf-b.hotmail.com<br />199.103.90.0/23<br />204.182.144.0/24<br />204.255.244.0/23<br />206.138.168.0/21<br />64.4.0.0/18<br />65.54.128.0/17<br />207.68.128.0/18<br />207.68.192.0/20<br />207.82.250.0/23<br />207.82.252.0/23<br />209.1.112.0/23<br />#spf-c.hotmail.com<br />209.185.128.0/23<br />209.185.130.0/23<br />209.185.240.0/22<br />216.32.180.0/22<br />216.32.240.0/22<br />216.33.148.0/22<br />216.33.151.0/24<br />216.33.236.0/22<br />216.33.240.0/22<br />216.200.206.0/24<br />204.95.96.0/20<br />#spf-d.hotmail.com<br />65.59.232.0/23<br />65.59.234.0/24<br />209.1.15.0/24<br />64.41.193.0/24<br />216.34.51.0/24<br />#_spf-a.microsoft.com<br />213.199.128.139<br />213.199.128.145<br />207.46.50.72<br />207.46.50.82<br />#_spf-b.microsoft.com<br />131.107.65.22<br />131.107.65.131<br />131.107.1.101<br />131.107.1.102<br />217.77.141.52<br />217.77.141.59<br />#_spf-c.microsoft.com<br />131.107.1.18<br />131.107.1.19<br />131.107.1.20<br />131.107.70.12<br />131.107.70.16<br />#s._spf.ebay.com.<br />66.135.209.192/27<br />66.135.197.0/27<br />64.4.240.64/27<br />64.4.244.64/27<br />#m._spf.ebay.com<br />66.135.215.224/27<br />216.33.244.96/27<br />216.33.244.84<br />#p._spf.ebay.com<br />67.72.99.26<br />206.165.246.83<br />206.165.246.84<br />206.165.246.85<br />206.165.246.86<br />64.127.115.252<br />194.64.234.129/27<br />#c._spf.ebay.com<br />12.155.144.75<br />62.22.61.131<br />63.104.149.126<br />64.68.79.253<br />64.94.204.222<br />66.135.215.134<br />67.72.12.29<br /><br /><span style="color: rgb(0, 102, 0);">#make /var/mail/blacklist.txt<br /><span style="color: rgb(0, 0, 0);">1.2.3.4 My-black</span><br /><br /></span></spamd-white></spamd-white></spamd-mywhite></spamd></spamd-mywhite></spamd-white></spamd></span><span style="color: rgb(0, 102, 0);">#make /var/mail/blackmsg.txt<br /></span>SPAM. Your address %A is in my blacklist<br /><br /><span style="color: rgb(0, 102, 0);"># in postfix main.cf</span><br />strict_rfc821_envelopes = yes<br />smtpd_helo_required = yes<br />smtpd_delay_reject = yes<br /><br />smtpd_recipient_restrictions =<br /> warn_if_reject reject_unknown_client,<br /> reject_invalid_hostname,<br /> reject_non_fqdn_hostname,<br /> reject_non_fqdn_sender,<br /> reject_non_fqdn_recipient,<br /> reject_unknown_sender_domain,<br /> reject_unknown_recipient_domain,<br /> permit_mynetworks,<br /> reject_unauth_destination,<br /> reject_rhsbl_sender dsn.rfc-ignorant.org<br /> reject_rhsbl_sender bogusmx.rfc-ignorant.org,<br /> reject_rbl_client bl.spamcop.net,<br /> reject_rbl_client sbl-xbl.spamhaus.org,<br /> reject_rbl_client dnsbl.sorbs.net,<br /> reject_rbl_client list.dsbl.org<br /> reject_rbl_client relays.ordb.org,<br /> permit<br /><br />smtpd_data_restrictions =<br /> reject_unauth_pipelining,<br /> permit<br /><br /><br />relay_domains = $mydestination /usr/local/etc/postfix/relay_domains.txt<br />smtp_recipient_restrictions = permit_mynetworks reject_unauth_destination<br />relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients<br />transport_maps = hash:/usr/local/etc/postfix/transport<br /><br /><br /><br /><br /><span style="color: rgb(0, 102, 0);">#/usr/local/etc/postfix/relay_domains.txt</span><br />example.com<br />another.net<br />three.org<br /><br /><span style="color: rgb(0, 102, 0);">#/usr/local/etc/postfix/relay_recipients</span><br />@example.com x<br />@another.net x<br />justme@three.org x<br /><br /><span style="color: rgb(0, 102, 0);">#/usr/local/etc/postfix/transport</span><br />example.com relay:[mail.example.com]<br />another.net relay:[mail.example.com]<br />three.org relay:[mail.three.org]<br /><br /><br /><span style="color: rgb(0, 102, 0);">#do</span><br />sudo postmap /usr/local/etc/postfix/relay_recipients<br />sudo postmap /usr/local/etc/postfix/transports<br /><br /><span style="color: rgb(0, 102, 0);">#put spamd into rc.conf</span><br />pfspamd_enable="YES"<br />pfspamd_flags="-v -4 -g -G25:4:864 -s10"<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-116613815272485568?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0tag:blogger.com,1999:blog-33763744.post-1157225074829749922006-09-02T15:23:00.000-04:002006-09-02T15:25:31.950-04:00Great more data smog.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/33763744-115722507482974992?l=reedobrien.blogspot.com' alt='' /></div>reedobrienhttp://www.blogger.com/profile/15835081896608317143noreply@blogger.com0