how to manage qmail queue

Salah satu software yg dapat menghandle antrian message email yaitu qmhandle. untuk mendownload versi terbaru di sini. versi terbaru qmhandle 1.3.2.

#wget http://nchc.dl.sourceforge.net/sourceforge/qmhandle/qmhandle-1.3.2.tar.gz
#tar -zxvf qmhandle-1.3.2.tar.gz
edit qmhandle directory file untuk menyesuaikan letak direktori qmail: my ($queue) = ‘/var/qmail/queue/’;
my ($stopqmail) = ‘/etc/init.d/qmail stop’;
my ($startqmail) = “/etc/init.d/qmail start”;
my ($pidcmd) = ‘pidof qmail-send’;

cara menggunakan qmHandle :
-a : mecoba mengirimkan antrian pesan sekarang (qmail service harus running)
-l : daftar antrian email
-L : daftar antrian email dilokal
-R : daftar antrian email remote
-s : show statatistik
-vN : display email nomor N
-dN : delete email nomon N
-Stext : delete semua email mengandung kata2 sbg subject
-D : delete semua email dalam antrian(lokal&remote)

contoh:
melihat list antrian email :
#qmHandle -l
delete semua pesan yang mengandung kata2/sebagai subject:
#qmHandle -l -S yahoo.com.tw

cacti machine very slow

very intersting to find what’s wrong with my cacti machine. it’s very slow to view graph traffic. after i try to clear user_log tables and also delete cacti.log file, it’s faster than before.

# mysql -u cactidb -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 211685 to server version: 4.0.24_Debian-10ubuntu2.3-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use cacti ;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+---------------------------+
| Tables_in_cacti           |
+---------------------------+
| cdef                      |
| cdef_items                |
| colors                    |
| data_input                |
| data_input_data           |
| data_input_fields         |
| data_local                |
| data_template             |
| data_template_data        |
| data_template_data_rra    |
| data_template_rrd         |
| graph_local               |
| graph_template_input      |
| graph_template_input_defs |
| graph_templates           |
| graph_templates_gprint    |
| graph_templates_graph     |
| graph_templates_item      |
| graph_tree                |
| graph_tree_items          |
| host                      |
| host_graph                |
| host_snmp_cache           |
| host_snmp_query           |
| host_template             |
| host_template_graph       |
| host_template_snmp_query  |
| poller                    |
| poller_command            |
| poller_item               |
| poller_output             |
| poller_reindex            |
| poller_time               |
| rra                       |
| rra_cf                    |
| settings                  |
| settings_graphs           |
| settings_tree             |
| snmp_query                |
| snmp_query_graph          |
| snmp_query_graph_rrd      |
| snmp_query_graph_rrd_sv   |
| snmp_query_graph_sv       |
| user_auth                 |
| user_auth_perms           |
| user_auth_realm           |
| user_log                  |
| version                   |
+---------------------------+
48 rows in set (0.51 sec)

mysql> delete from user_log;

mrtg:/var/www/cacti/log# rm cacti.log

upgrading cacti

This is how to  from cacti website how to upgrade cacti version. cacti is opensource software for monitoring traffic data.

Backup the old Cacti database.

shell> mysqldump -l --add-drop-table cacti > mysql.cacti

Note: You will probably have to specify the -u and -p flags for the MySQL username and password. This user must have permission to read from Cacti's database or you will end up with an empty backup.

Backup the old Cacti directory.

shell> mv cacti cacti_old

Extract the distribution tarball.

shell> tar xzvf cacti-version.tar.gz

Rename the new Cacti directory to match the old one.

shell> mv cacti-version cacti

Edit include/config.php and specify the MySQL user, password and database for your Cacti configuration.

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cacti";

Copy the *.rrd files from the old Cacti directory.

shell> cp cacti_old/rra/* cacti/rra/

Copy any relevant custom scripts from the old Cacti directory. Some script are updated between versions. Therefore, make sure you only over write if the scripts either don't exist or are newer than the distribution's.

shell> cp -u cacti_old/scripts/* cacti/scripts/

Copy any relevant custom resource XML files from the old Cacti directory. Some resource XML files are updated between versions. Therefore, make sure you only over write if the XML files either don't exist or are newer than the distribution's.

shell> cp -u -R cacti_old/resource/* cacti/resource/

Set the appropriate permissions on Cacti's directories for graph/log generation. You should execute these commands from inside Cacti's directory to change the permissions.

shell> chown -R cactiuser rra/ log/

(Enter a valid username for cactiuser, this user will also be used in the next step for data gathering.)

Point your web browser to:

http://your-server/cacti/

freebsd install packet using port

To begin, change to the directory for the port you want to install:
# cd /usr/ports/sysutils/lsof

Once inside the lsof directory, you will see the port skeleton. The next step is to compile, or “build”, the port. This is done by simply typing make at the prompt. Once you have done so, you should see something like this:
# make
>> lsof_4.57D.freebsd.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
>> Attempting to fetch from ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/.
===>  Extracting for lsof-4.57
...
[extraction output snipped]
...
>> Checksum OK for lsof_4.57D.freebsd.tar.gz.
===>  Patching for lsof-4.57
===>  Applying FreeBSD patches for lsof-4.57
===>  Configuring for lsof-4.57
...
[configure output snipped]
...
===>  Building for lsof-4.57
...
[compilation output snipped]
...
#

Notice that once the compile is complete you are returned to your prompt. The next step is to install the port. In order to install it, you simply need to tack one word onto the make command, and that word is install:
# make install
===>  Installing for lsof-4.57
...
[installation output snipped]
...
===>   Generating temporary packing list
===>   Compressing manual pages for lsof-4.57
===>   Registering installation for lsof-4.57
===>  SECURITY NOTE:
      This port has installed the following binaries which execute with
      increased privileges.
#

Once you are returned to your prompt, you should be able to run the application you just installed. Since lsof is a program that runs with increased privileges, a security warning is shown. During the building and installation of ports, you should take heed of any other warnings that may appear.

It is a good idea to delete the working subdirectory, which contains all the temporary files used during compilation. Not only does it consume valuable disk space, but it would also cause problems later when upgrading to the newer version of the port.

# make clean
===>  Cleaning for lsof-4.57
#

How to install Quagga on Debian linux

quaqqa is one of the routing software support dynamic protocol like OSPF,RIP and BGP. quaqqa is fork of GNU zebra. in fact name of zebra more familiar than quagga, but quagga more powerfull,both of name take from name of animals…it seem great. (about guagga).
1. QUAGGA DAEMONS:
You have to activate the Quagga daemons matching the routing protocols you want to set on your router.
zebra:
bgpd:
ospfd:
ospf6d:
ripd:
ripngd: Interface declaration and static routing
BGP routing protocol
OSPF routing protocol
OSPF IPv6 routing protocol
RIP v2 routing protocol
RIP Ipv6 routing protocol
In the example below, the zebra and IPv4 OSPF daemon have been activated.
#vim /etc/quagga/daemons
zebra=yes
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
Restart the Quagga service:
#/etc/init.d/quagga restart
Stopping Quagga daemons (prio:0): ospfd zebra (bgpd) (ripd) (ripngd) (ospf6d) (isisd).
Removing all routes made by zebra.
Nothing to flush.
Loading capability module if not yet done.
Starting Quagga daemons (prio:10): zebra ospfd.
You can check the Quagga daemons status:
#ps -ef | grep quagga
UID PID PPID C STIME TTY TIME CMD
quagga 4632 1 0 22:25 ? 00:00:00 /usr/lib/quagga/ospfd --daemon
quagga 4636 1 0 22:25 ? 00:00:00 /usr/lib/quagga/zebra --daemon
If a Quagga daemon doesn't stop properly, you can kill it manually and start the quagga service:
#kill -9 "UID number"
#/etc/init.d/quagga start
2. CONFIGURATION FILES: (/etc/quagga/*.conf files)
You must create a configuration file (even if it is empty) each time you activate a Quagga daemon.
Each daemon is associated with a specific file name:
zebra:
bgpd:
ospfd:
ospf6d:
ripd:
ripngd: zebra.conf
bgpd.conf
ospfd.conf
ospf6d.conf
ripd.conf
ripngd.conf
To create the config files, copy the sample config files as follows:
In our example, as we activated the zebra and ospfd daemons; we need to create the zebra.conf and ospfd.conf files.
#cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf
#cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf
Another way to do it is to create two empty files called /etc/quagga/ospfd.conf and /etc/quagga/zebra.conf. But in this case you cannot telnet a daemon, you need to configure the telnet permissions with vtsh (see below).
Finally, give user and group ownership to respectively quagga and quaggavty to the files inside the /etc/quagga directory:
#chown quagga.quaggavty /etc/quagga/*.conf
#chmod 640 /etc/quagga/*.conf
Restart the Quagga service:
#/etc/init.d/quagga restart
3. DEBIAN.CONF FILE
By default, the Quagga daemons are listening only to the loopback interface 127.0.0.1. It means that you can telnet a daemon only on its loopback address 127.0.0.1 and thus cannot access it remotely.
If you want to telnet a Quagga daemon remotely you can, in the /etc/quagga/debian.conf file. Either indicate one or several IP addresses or remove the -A option meaning that you can telnet a daemon on any of its IP addresses.
Here are two examples:
The ospfd daemon is listening to the 127.0.0.1 and 192.168.1.104 IP addresses.
ospfd_options=" --daemon -A 127.0.0.1 192.168.1.104"
The zebra daemon is listening to all the Linux interfaces IP addresses. We recommend using this setting. If you want to filter who can access to your router, configure access lists on the router software.
zebra_options=" --daemon "
Here is the recommended debian.conf file:
#vim /etc/quagga/debian.conf
# If this option is set the /etc/init.d/quagga script automatically loads
# the config via "vtysh -b" when the servers are started.
# Check /etc/pam.d/quagga if you intend to use "vtysh"!
#
vtysh_enable=yes
zebra_options=" --daemon -A "
bgpd_options=" --daemon -A "
ospfd_options=" --daemon -A "
ospf6d_options="--daemon -A "
ripd_options=" --daemon -A "
ripngd_options="--daemon -A "
isisd_options=" --daemon -A "
The "vtysh_enable=yes" setting is required to access the Quaggga router via vtysh. (see vtysh section).
Restart the Quagga service
#/etc/init.d/quagga restart
4. VTYSH
As indicated in the Quagga introduction, you can access the daemons by telnetting their port number because each daemon has its own configuration file and terminal interface.
zebra:
ripd:
ripng:
ospfd:
bgpd:
ospf6d: 2601
2602
2603
2604
2605
2606
By instance, to access the ospfd daemon:
#telnet localhost 2604
As it's not very practical to configure your router by telnetting its daemons separately, vtysh has been created to configure everything in one single interface.
To use vtysh, you must first create its configuration file as follows:
#cp /usr/share/doc/quagga/examples/vtysh.conf.sample /etc/quagga/vtysh.conf
/etc/quagga/vtysh.conf
!
! Sample
!
! service integrated-vtysh-config
hostname quagga-router
username root nopassword
!
Apply correct permissions and restart Quagga:
#chown quagga.quaggavty /etc/quagga/*.conf
#chmod 640 /etc/quagga/*.conf
#/etc/init.d/quagga restart
In the example above the "service integrated-vtysh-config" setting has been disabled (recommended). In this case, when you save the config under vtysh, it will be stored in separate files depending on the protocols you activated.
Below, an example where the Quagga configuration is saved under vtysh. (The zebra and ospfd daemons have been enabled.)
#vtysh
quagga-router#write
Configuration saved to /etc/quagga/zebra.conf
Configuration saved to /etc/quagga/ospfd.conf
If you activate "service integrated-vtysh-config", the configuration under vtysh will be saved in one file called Quagga.conf in the /etc/quagga/ directory.
With this setting, when you access a daemon via telnet, the daemon will look first to the Quagga.conf file before looking for its own file. This means that, when you telnet a device, there can be a difference between what you see after the "show run" command and the content of the associated file, for example zebra.conf.
#vtysh
quagga-router#write
Configuration saved to /etc/quagga/Quagga.conf
It is recommended to disable "service integrated-vtysh-config" because if this setting is enabled and in case of a syntax error in the Quagga.conf file, this can lead to all your daemons being unable to start up. This will not be case when "service integrated-vtysh-config" is disabled because the configurations are stored in separate files.
Check that the default "vtysh_enable=yes" setting are configured in your /etc/quagga/debian.conf file. You can read the previous paragraph about the debian.conf file to get more information.
Then it's useful to add the "VTYSH_PAGER=more" setting in your /etc/environment file, otherwise you will see an unfriendly "(END)" blinking in the left-down corner of the screen each time your enter a command and will need to press the "q" key to continue.
#echo VTYSH_PAGER=more > /etc/environnement
Log off and log on to enable the environment setting. You can now access the Quagga router with the vtysh command:
#vtysh
Hello, this is Quagga (version 0.99.6).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
quagga-router#
If you want to run a Quagga command from the Linux shell:
#vtysh -c "command"
For instance, vtysh -c "show ip route" will display the Quagga routing table.
You can use ping and traceroute to perform connectivity checks from the vtysh prompt. Of course, these two programs need to be installed on the Linux machine. Ping is generally installed by default but traceroute often not.
To install traceroute:
#apt-get install traceroute
5. IP FORWARDING:
IP forwarding is required to transfer packets between the network interfaces of a Linux system.
See a picture of the Linux kernel routing.
#echo "1" > /proc/sys/net/ipv4/ip_forward
The command above will add the "1" value inside the /proc/sys/net/ipv4/ip_forward file and thus activate the IP forwarding.
If you want to keep the IP forwarding after a Linux reboot:
#echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
It is possible to check the ip_forwarding status under the Quagga router:
#show ip forwarding
IP forwarding is on
In this case the IP forwarding is activated.

configuring bandwidth management netenforcer via hyperterminal

NetEnforcer is a network policy enforcement device that enables you to monitor, categorize and optimize network traffic by assigning Quality of Service (QoS) to specified classes of traffic. QoS is the ability to define a level of performance in a data communications system.

you can use a standard terminal /PC running terminal emulation software connected to the Console port, or Telnet via the internet to configure a NetEnforcer. If you choose to connect via the Console port, most standard windows-based PC systems have a terminal emulation program called HyperTerminal that can be used for this purpose. Configure the terminal to run VT100 terminal emulation with the following parameters:

· Baud rate 19200

· 8 bits

· Stop bits 1

· No flow control

· No parity

CISCO CATALYST stp BLOCKING

Today, i had problem wtih my trunking cisco catalyst c2950. one of my access port to fibre optic interconnection was problem. after one hour i try to find solution for this matter.

this is log problem show:

%SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/1 VLAN2.
004964: May  4 00:01:17.302: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0/1 on VLAN0002. Inconsistent port type.

status of the port show that operational mode change into trunk (before access).
#sh int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 2 (VLAN0002)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

After i change to static access it’s running again

#sh int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 2 (VLAN0002)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

In the majority of cases, the reason for detection of STP inconsistency on the port is apparent:

Access port receives an IEEE 802.1Q-tagged SSTP BPDU.

In this scenario, access port on bridge A receives, from bridge B, a tagged PVST+ BPDU from STP of a VLAN other than 1. The port on A will be put into type-inconsistent state.

Note: The switches need not be connected directly; if they are connected through one or more IEEE 802.1D or IEEE 802.1Q switches—or even hubs—then the effect is the same.

IEEE 802.1Q trunking port receives an untagged SSTP BPDU with a VLAN type, length, value (TLV) that does not match the VLAN where the BPDU was received.

 

 

 

 

• In this scenario, the trunk port on A receives a PVST+ BPDU from STP of VLAN 2 with a tag of VLAN 2. This triggers the port on A to be blocked in both VLAN 1 and VLAN 2.

If devices on both ends of a point-to-point link are Cisco Catalyst switches, an examination of the local and remote port configuration typically reveals the configuration mismatch:

• The port is configured for IEEE 802.1Q trunking on one side but the other side is access port.

• IEEE 802.1Q trunks are on both sides, but the Native VLANs are different.

In these cases, fix the configuration mismatch to resolve the STP inconsistency.