My system is using postfix with amavisd-new. I need to have a copy of all valid incoming mail so I have a recipient_bcc_maps statement with a regexp in main.cf that does the job without having to maintain a long list of addresses. The problem is that this also bcc's for unknown recipients. Where would be a better place to put the recipient_bcc_maps statement (for example, in master.cf) so it only operates for known receipients?
I solved this by using a different approach. I used check_recipient_access on the server holding the email copies and set smtpd_recipient_restrictions so that the action for 'restrictive' was REJECT. In the recipient_access hash table I set all the address I wanted to reject to restrictive. That way I kept all the historical emails for certain addresses but preventied new emails being added.
Related
This seems like a very easy thing to me but I cannot get it to work.
The Problem:
I have several groups in my inventory that have hosts with different passwords in them and I want the passwords encrypted via Vault. For one group that has only one host in it, I encrypted the password string, named it "ansible_password" and put it into group_vars/groupName.yml. It gets recognized automatically and works fine but how would I add another encrypted password for another host in that group, naming it ansible_password again to have it automatically recognized wont work. So how to assign an encrypted password to one specific host and not a group.
Thanks in Advance
You can add host specific vaults like so:
# group_vars/all/vars.yml
ansible_password: "{{ vaul_ansible_password }}"
# host_vars/host1/vault.yml (decrypted)
vault_ansible_password: "secret123"
# host_vars/host2/vault.yml (decrypted)
vault_ansible_password: "123secret"
Can the voicemail message path be specified in voicemail.conf?
I tried and ended up in VM_MESSAGEFILE.
I want to know whether _XXXX can be used in voicemail.conf.
I need to store all of the registered sip users.
through static we can give one by one. what if i want to create 100 plus mailbox users?
You can use database-driven list of users.
http://www.voip-info.org/wiki/view/Asterisk+voicemail+database
In database you can use view and/or function to create dummy list of users.
Is it possible to make the send port change output location based on a promoted property?
We have an interface that needs to send it to a different port based on the client. But we add clients on a regular basis, so adding a new send port (both in the administrator and orchestration) will require a lot of maintenance, while the only thing that happens is a directory change
The folders are like this ...
\\server\SO\client1\Out
\\server\SO\client2\Out
\\server\SO\client3\Out
I tried using the SourceFilename to create a file name like client1\Out\filename.xml but this doesn't work.
Is there any way to do this with a single send port?
It is possible to set the OutboundTransportLocation property in context. This property contains the full path/name of the file that will be output by the file adapter. So in your case I guess you could do something along the line (if it had to be done in a pipeline component):
message.Context.Write(
OutboundTransportLocation.Name,
OutboundTransportLocation.Namespace,
string.format(#"\\server\SO\{0}\Out", client));
Of course you can do a similar thing in your orchestration.
No need of a dynamic port...
Currently our process consists of logging into each *nix server and manually changing the password for each. My question is, what is a good way to automate this? I'm thinking of possibly a couple different ways to do this and would like input from others on what they recommend, use, etc.
One way I was thinking is a text file with a list of servers that need the password change and a script that prompts the user for the new password, stores it temporarily in the script and then remote connects into each server and runs the commands. Having a check to make sure the server is reachable or a timeout on the remote connection would be a good idea. Then have output to the console so the person running the script can see what servers were successful and which ones were not.
I was trying to think of another fully automated solution, but couldn't think of a good way to securely store the new password. Plus it is not a huge deal to me to have some user interaction and have to manually start the script as we only would need to do this 6 times a year.
Any thoughts, help, ideas would be greatly appeciated.
openssl passwd -1 $rootpw
Where $rootpw holds the string that will be your root password.
This will output a crypted string that you can just put in the file or whatever. I use this on a script that sets up virtual server instances that are provisioned from a database. I compute this hash before sending it over the network so the script that sets up the server can just use this hash instead of having to send it plain text.
To answer your question, each server would compute the hash slightly differently and result in a different hash, but all of those hashes would equate to the same password. You could use any one of these hashes and they would be functionally equivalent when used on any server, even though the actual content of the hash is different.
For example, I hashed foobar and these are the results:
rootpw=foobar
openssl passwd -1 $rootpw
$1$6pXamKGD$TKQqON1prArop7DpLOyAk1
openssl passwd -1 $rootpw
$1$4A4Mn16f$P7ap2AqNMRK8m72bG/Bve0
openssl passwd -1 $rootpw
$1$DyhsWEMX$i2wH6JpAqoHNFZ0YOBVHj/
openssl passwd -1 $rootpw
$1$m27FIj5e$LZPxVniAeUoZcuUoNHK8c/
openssl passwd -1 $rootpw
$1$qdX0NKm1$45rzxUj..LCJwWB/.fwGH0
Each of those hashes are different even when computed on the same machine but any of them can be used to equate to the password 'foobar' on any machine.
So just open /etc/shadow and paste that in there where you find the line:
root:$1$qdX0NKm1$45rzxUj..LCJwWB/.fwGH0:14415:0:99999:7:::
In my script I explode it at the :'s and update element [1] then concatenate the array back to a string and replace the string in the file. You can do it differently if you want, especially if you know the old value (which you can get by exploding it into an array).
I know this question is a few months old so you probably figured it out, but I'm putting this out there for any future googler's coming along and finding this.
You should compute whatever hash are your servers computing on a password and send passwords in this secured, hashed form, ready to put into /etc/shadow.
I do not know however how to do that in practice.
I am writing an web-application which needs to receive e-mail messages to users' internal email addresses, let administrators approve them, and then forward to corresponding user's external mailbox.
I have installed and configured postfix for message receiving task. It uses virtual e-mail addresses, and my existing database where user email addresses are stored. Local email storage is maildir and I use postfix's virtual MDA.
Basically, I would like to execute a script every time a new message is received, and for which user (maildir message id would be very helpful too). Then I could read the message from python code (python had a module for maildir messageboxes) and insert it in database.
I can think of three ways to do this:
iterate user maildirs and check
if there are any new messages, but it would be ineffective for large number of users.
use dbmail and then check if there are any new messages in database (this would be quicker, but I'd have to configure everything from scratch). Besides, existing user data tables cannot be used.
write a wrapper around maildrop/virtual to save message in db and in maildir as well, but I'd need a way to check if received message is valid and successfully saved by the real MDA.
Any suggestions appreciated!
In the /etc/aliases file you can specifiy a program which gets executed everytime a user recieves a mail. This program gets the mail on stdin. So you dont have to poll and your program gets run instantly.
In response to my own question, I used postfix content_filter with X flag set in pipe and process receiving address and message manually. Since I didn't need to access messages in maildir, this approach works fine for me.