Regenerating the Cobalt RAQ550 stats

Had to rebuild the webstats for a client on a RAQ550 as for some reason the stats had been corrupted.

The URL to view the stats was: http://www.site.com/stats/

Checking the crontabs showed that there was a script that ran nightly: /etc/cron.daily/webalizer.pl

The script ran through all the sites and built the stats pages for them along with various other things.  The bit we were interested in was:

/usr/local/bin/webalizer -D /home/log/dns.cache -p -n $asite -s $asite -r $asite -q -Q -T -o $thepath $prefix/$asite/logs/web.log

Made a backup of the stats and logs directories with:

mkdir /root/sitestats_backup
tar -cf /root/sitestats_backup /home/sites/www.site.com/logs
tar -cf /root/sitestats_backup /home/sites/www.site.com/web/stats

There were .gz files in the log directory and an empty web.log.  Obviously the web.log file is not populated until the stats program runs later in the day.  Created a combined web.log file in the sites logs directory with:

zcat web.log.3.gz web.log.2.gz web.log.1.gz > web.log.combined

Then, running webalizer:

cd /home/sites/www.site.com/web/stats

/usr/local/bin/webalizer -D /home/log/dns.cache -p -n www.site.com -s www.site.com -r www.site.com -q -Q -T -o /home/sites/www.site.com/web/stats /home/sites/www.site.com/logs/web.log.combined

However, webalizer skipped a lot of entries… so, deleted all the entries in the stats directory (rm *) and then re-ran the command above.  This generated all the stats again without issue.

Adding RBL checks on RAQ550/sendmail

Needed to add RBL checking into sendmail as the machine was under attack by some smtp botnet.  RAQ550s had no inbuilt RBL support so had to update the sendmail.cf manually.

URL: http://www.cobaltuserslist.com/CobaltUsersList/Sun-Cobalt-Users-List-76800.html

The example is a bit old… the RBLs I used are: cbl.abuseat.org , bl.spamcop.net, sbl.spamhaus.org

Cobalt list post:

RBL (Realtime Blackhole List) filtering allows your sendmail installation
to block spammers from sending email to your users. If you desire to learn
more on RBL, visit http://www.mail-abuse.org/rbl/.

Below are two RBLs which I've included in the RBL installation; there are
many other database blacklists, but for the purpose of this document, only
ORDB and Spamcop are specifically discussed.

I encourage that you use Spamcop and ORDB, because Spamcop maintains a
catalog of the servers which are consistently sending out spam, while ORDB
keeps a database of mail servers with open relays.

Ensure that you backup your existing sendmail.cf to avoid damage to your
server. By reading this document, you agree to indemnify and hold me
harmless; I am not liable for your actions.

If you want to make these changes with the sendmail configuration
compiler, view this post:
http://list.cobalt.com/pipermail/cobalt-users/2002-February/063883.html
(After the compilation of your configuration file, you should look for
important changes you should amend to the new file. Use Scooter Software
Beyond Compare to look for changes.)

All changes to your configuration must be done with root privileges:

1. Backup your existing sendmail.cf:

su -
cd /etc/mail # or where your sendmail.cf is located
cp /etc/mail/sendmail.cf /etc/mail/sendmail.backup.cf

2. Search your sendmail.cf for the text below:

###################################################################### ###
 check_relay -- check hostname/address on SMTP startup
######################################################################

SLocal_check_relay
Scheck_relay
R$*			$: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$*	$#$3
R$* $| $* $| $*		[email protected] $>"Basic_check_relay" $1 $| $2

SBasic_check_relay
# check for deferred delivery mode
R$*			$: < ${deliveryMode} > $1
R< d > $*		[email protected] deferred
R< $* > $*		$: $2

R$+ $| $+		$: $>LookUpDomain < $1 > <?> < $2 > <+Connect>
R<?> <$+>		$: $>LookUpAddress < $1 > <?> < $1 > <+Connect>	no: another
lookup R<?> < $+ >		$: $1					found nothing
R<$={Accept}> < $* >	[email protected] $1				return value of lookup
R<REJECT> $*		$#error [email protected] 5.7.1 $: "550 Access denied"
R<DISCARD> $*		$#discard $: discard
R<ERROR:$-.$-.$-:$+> <$*>	$#error [email protected] $1.$2.$3 $: $4
R<ERROR:$+> <$*>		$#error $: $1
R<$+> <$*>		$#error $: $1

2. Directly below it, insert the following text:

# DNS based IP address spam list bl.spamcop.net
R$*			$: $&{client_addr}
R::ffff:$-.$-.$-.$-	$: <?> $(host $4.$3.$2.$1.bl.spamcop.net. $: OK $)
R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1.bl.spamcop.net. $: OK $)
R<?>OK			$: OKSOFAR
R<?>$+			$#error [email protected] 5.7.1 $: "Spam blocked see:
http://spamcop.net/bl.shtml?"$&{client_addr}

# DNS based IP address spam list relays.ordb.org
R$*			$: $&{client_addr}
R::ffff:$-.$-.$-.$-	$: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
R<?>OK			$: OKSOFAR
R<?>$+			$#error [email protected] 5.7.1 $: "Email blocked using ORDB.org - see
<http://ORDB.org/lookup/?host="$&{client_addr}";>"

3. Keep in mind that:

R<?>$+			$#error [email protected] 5.7.1 $: "Spam blocked see:
http://spamcop.net/bl.shtml?"$&{client_addr}

and...

R<?>$+			$#error [email protected] 5.7.1 $: "Email blocked using ORDB.org - see
<http://ORDB.org/lookup/?host="$&{client_addr}";>"

need to be on one line (your mail client may have brought it to the next
line). Each line that you add should begin with a R or a R$.

4. Save your sendmail.cf file.
5. Restart your sendmail server:

su
/etc/rc.d/init.d/sendmail restart

6. If you wish to include other RBLs to your configuration, append this to
what has already been added:

# DNS based IP address spam list another.rbl.com
R$*			$: $&{client_addr}
R::ffff:$-.$-.$-.$-	$: <?> $(host $4.$3.$2.$1.another.rbl.com. $: OK $)
R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1.another.rbl.com. $: OK $)
R<?>OK			$: OKSOFAR
R<?>$+			$#error [email protected] 5.7.1 $: "Email blocked using another.rbl.com - see
<http://another.rbl.com/lookup/?host="$&{client_addr}";>"

Replace "another.rbl.com" with the RBL of your choice and add this to the
bottom of your SpamCop and/or ORDB configuration. Each line should begin
with a R or R$.

You may also wish to use Mailscanner
(http://www.sng.ecs.soton.ac.uk/mailscanner) which scans and filters your
email for viruses and spam. It uses an optional SpamAssassin module
(http://www.spamassassin.org/), which is very effective. Mailscanner acts
as the final barrier before your mail reaches your box; if alse else fails
(ORDB and Spamcop don't stop it), Mailscanner with Spamassassin will probe
the email in question. You can also use Procmail to move e-mail marked as
spam to another folder.

Jason