Monthly Archives: July 2007

squid + squidGuard + SARG

> squid install options
Enable delay pools + // позволяет распределяем ширину канала между пользователями
Enable SNMP support + // MRTG чтоб можно было прицепить
Enable ident (RFC 931) lookups –
Enable ACLs based on ethernet address + // наверно может пригодиться для ужесточения безопасности
Enable transp. proxying with IPFilter +
Enable the aufs storage scheme +

> parts of squid.conf

/* вопрос анонимности squid’a */
http_port :3128 // для локального использования только

via off
forwarded_for off

header_access Cache-Control deny all

/*проверить можно здесь: www.proxyjudge.com */

> rebuild_squidGuard_base.sh
#!/bin/sh
/usr/local/bin/squidGuard -C all
chown -R squid /var/db/squidGuard/
killall -HUP squid

> rc.ipfw
/* Don’t let them bypass the proxy (with exception of lan) */
$fw 30 deny tcp from any to not $int_net dst-port 80 via $int_if
$fw 31 deny udp from any to not $int_net dst-port 80 via $int_if

> sarg_report.sh

#!/usr/local/bin/bash

DATE_END=$(date +%d/%m/%Y)

case “$1” in
daily )
DATE_START=$(date -v-1d +%d/%m/%Y)
;;
weekly )
DATE_START=$(date -v-1w +%d/%m/%Y)
;;
monthly )
DATE_START=$(date -v-1m +01/%m/%Y)
DATE_END=$(date -v-1m +31/%m/%Y)
;;
* )
exit 1
;;
esac

/usr/local/bin/sarg -l /var/log/squid/access.log -o /www/proxy/reports/$1 -d $DATE_START-$DATE_END

if [ $1 = monthly ]
then
/usr/local/sbin/squid -k rotate
fi

exit 0

> crontab
00 00 * * * /root/sarg/sarg-report.sh daily
00 01 * * 1 /root/sarg/sarg-report.sh weekly
30 02 1 * * /root/sarg/sarg-report.sh monthly

cyrus management

su -l cyrus -c “/usr/lib/cyrus-imapd/ipurge -f -b 0 user.tmp” // cleaning mailbox
su -l cyrus -c ‘/usr/lib/cyrus-imapd/reconstruct -r user.tmp’ // mailbox recovery

cyradm –user cyrus –auth login localhost
…> dm user.tmp
deletemailbox: Permission denied
…> sam user.tmp cyrus c // here we set permission on mailbox user.tmp to user cyrus

su -l cyrus -c ‘/usr/cyrus/bin/ctl_cyrusdb -rx’ // db recovery attempt
su -l cyrus -c ‘/usr/cyrus/bin/ctl_cyrusdb -r’ // db recreation
su -l cyrus -c ‘/usr/cyrus/bin/ctl_mboxlist -d’ > /usr/cyrus/bin/dump // creating dump
su -l cyrus -c ‘/usr/cyrus/bin/ctl_mboxlist -u < /usr/cyrus/bin/dump’ // db recovery from dump
su -l cyrus -c ‘/usr/cyrus/bin/reconstruct -r user’ // reindexing

1)
> to make a dump of all mailboxes to the text file:
su – cyrus -c “ctl_mboxlist -d” > /var/lib/imap/mailboxlist.txt
> to restore it:
su – cyrus -c “ctl_mboxlist -u” < /var/lib/imap/mailboxlist.txt
2)
to make a regular backups /var/spool/imap/ and /var/lib/imap/, without stopping cyrus,
in this case there’s a danger of some data inconsistency and maybe some e-mails lost.
3)
In case of disaster just copy mail directly from the backup to the mail store directory (/var/spool/imap/user/%username%),
And run:
/usr/lib/cyrus/bin/reconstruct -rf user/username
4)
all quotas (in /var/lib/imap/quota/%firstletter of username%/)will not be reconstructed, so it should be done manually.
5)
all subscription and seen info (in /var/lib/imap/user/%firstletter of username%/) will not be reconstructed, but it can be restored from the regular backup.