1- directadmine admin olarak gir, hangi domaine google apps mx ayari yapilacaksa o domain kullanicisina DNS yetkisi ver
2- domain sahibi kullanici olarak giris yap
3- E-Mail management altinda MX records kismina git
4- MX records altinda var olan mail recordunu sil
5- local mail server altindaki tiki kaldir kaydet
6- sirasi ile google mx kayitlarini gir

ASPMX.L.GOOGLE.COM. MX 10
ALT1.ASPMX.L.GOOGLE.COM. MX 20
ALT2.ASPMX.L.GOOGLE.COM. MX 30
ASPMX2.GOOGLEMAIL.COM. MX 40
ASPMX3.GOOGLEMAIL.COM. MX 50

7- DNS Managemente gir
mail.mxidegistirilendomain.com. CNAME ghs.google.com.
olarak cname ekle

8- islem bitti gule gule kullan.

Guncelleme
ubuntu 10.04 32 bit minimal install icin yeniden duzenledim

1- ubuntu 10.04 vpsimizi hazir edelim -iki adet ip adresi var
2- apt-get install squid3
3- kendi confum hazir o yuzden var olani yedekle lazim olursa
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.yedek
4- nano /etc/squid3/squid.conf

#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access deny all
icp_access deny all
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth

forwarded_for off

acl ip1 myip 178.63.148.7
tcp_outgoing_address 178.63.148.7 ip1

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
save et bitti
5- touch /etc/squid3/squid_passwd
6- htpasswd /etc/squid3/squid_passwd proxykullaniciadi1
7- service squid3 restart

oldu bitti masallah

port 3128 iplerimiz yukaridaki ornekde oldugu gibi 178.63.148.7 bla bla
tabi serverdaki gercek ipleri yaz yerine

————————————-

————————————-

CENTOS 5.x ICIN

yum -y install rpm-build openjade linuxdoc-tools openldap-devel pam-devel openssl-devel httpd rpm-devel

wget http://archives.fedoraproject.org/pub/archive/fedora/linux/releases/10/Fedora/source/SRPMS/squid-3.0.STABLE10-1.fc10.src.rpm

mkdir /usr/src/redhat/

rpm -ivh squid-3.0.STABLE10-1.fc10.src.rpm

cd /usr/src/redhat/SPECS
rpmbuild -bb squid.spec

hata vericek

nano squid.spec diyip

iconv satirini asagidaki sekilde degistir

iconv -f ISO-8859-1 -t UTF-8 ChangeLog > ChangeLog.tmp

sonra yeniden

rpmbuild -bb squid.spec

rpm build olduktan sonra kur

rpm -Uvh /usr/src/redhat/RPMS/x86_64/squid-3.0.STABLE10-1.x86_64.rpm

cd /etc/squid/
mv squid.conf squid.conf.orig
nano squid.conf

YAPISTIR

#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access deny all
icp_access deny all
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320

auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth

forwarded_for off

acl ip1 myip 178.63.148.7
tcp_outgoing_address 178.63.148.7 ip1

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

save et

sonra user pass olusturucaz

5- touch /etc/squid/squid_passwd
6- htpasswd /etc/squid/squid_passwd proxykullaniciadi1
7- service squid restart

oldu bitti masallah

port 3128 iplerimiz yukaridaki ornekde oldugu gibi 178.63.148.7 bla bla
tabi serverdaki gercek ipleri yaz yerine

————————————-

sorun: proxmox ustundeki windows 2003 lerde ki inanilmaz kotu disk performansi
cozum: redhatin en son cikardigi virtio HDD driverlarini windows 2003 guestimize kurmak ve sonra disklerimizi ide degil virtio olarak baglamak
nasil:
1- sifirdan windows 2003 kuruyorsak eger
I have the driver available at http://aye.comp.nus.edu.sg/~trunglt/virtio-setup.iso. The steps you can follow to use the drivers are:

1. Create a virtual machine with hard disk and nic’s drivers set to “virtio”
2. The virtual machine should have a CDROM that points to the file virtio-setup.iso
3. When you run the windows installation, you would not be able to see the hard disk. At this moment, you need to load the driver. You should browse to the specific folder in the CDROM drive (ie amd64…). Then you would see a list of drivers to load.
4. After you load the drivers probably, you can now see the hard disk.
5. Finish the installation

2- eger zaten calisan windowsumuz var ise

I just did the following to move an existing win2003 from IDE to VIRTIO storage driver:

* Poweroff the VM and add a new harddisk with virtio using the hardware tab on the web interface
* Poweron and follow the new hardware wizard using the virtio storage drivers from the ISO – Now windows got the drivers and is ready for the switch
* Poweroff again and remove the IDE boot harddrive and add the unused disk again but now using virtio
* Go to the option tab and configure this virtio disk as the first boot device and start again, done.

Linkler:
1- proxmox forum

2- linux-kvm sayfasindaki resimli aciklamalar

en basit isler icin kafa kalmiyor
nedir nasil diye
iyiki shukko.com var
utanmadan bunu bile yaziyorum.
——–
olay: debian 5 yedek sistemine ntfs formatli 1 TB usb diskimi takmam lazim

cozum:
1- diski taktiktan sonra dmesg diyip yeni disin nerede oldugunu bul


[ 1504.632862] usb 2-3: new high speed USB device using ehci_hcd and address 2
[ 1504.765986] usb 2-3: configuration #1 chosen from 1 choice
[ 1504.766700] usb 2-3: New USB device found, idVendor=1058, idProduct=1003
[ 1504.766703] usb 2-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1504.766706] usb 2-3: Product: External HDD
[ 1504.766708] usb 2-3: Manufacturer: Western Digital
[ 1504.766710] usb 2-3: SerialNumber: 57442D574341553434313536343634
[ 1504.884993] Initializing USB Mass Storage driver...
[ 1504.886073] scsi4 : SCSI emulation for USB Mass Storage devices
[ 1504.886170] usbcore: registered new interface driver usb-storage
[ 1504.886174] USB Mass Storage support registered.
[ 1504.888348] usb-storage: device found at 2
[ 1504.888352] usb-storage: waiting for device to settle before scanning
[ 1509.888205] usb-storage: device scan complete
[ 1509.890431] scsi 4:0:0:0: Direct-Access WD 10EAVS External 1.75 PQ: 0 ANSI: 4
[ 1509.894437] sd 4:0:0:0: [sde] 1953525168 512-byte hardware sectors (1000205 MB)
[ 1509.897298] sd 4:0:0:0: [sde] Write Protect is off
[ 1509.897301] sd 4:0:0:0: [sde] Mode Sense: 23 00 00 00
[ 1509.897304] sd 4:0:0:0: [sde] Assuming drive cache: write through
[ 1509.901424] sd 4:0:0:0: [sde] 1953525168 512-byte hardware sectors (1000205 MB)
[ 1509.904304] sd 4:0:0:0: [sde] Write Protect is off
[ 1509.904308] sd 4:0:0:0: [sde] Mode Sense: 23 00 00 00
[ 1509.904311] sd 4:0:0:0: [sde] Assuming drive cache: write through
[ 1509.904354] sde: sde1
[ 1509.914939] sd 4:0:0:0: [sde] Attached SCSI disk
[ 1863.015542] FAT: bogus number of reserved sectors
[ 1863.015563] VFS: Can't find a valid FAT filesystem on dev sde1.
[ 1869.948234] FAT: invalid media value (0xb9)
[ 1869.948234] VFS: Can't find a valid FAT filesystem on dev sde.
[ 1960.708501] fuse init (API version 7.9)



Disk /dev/sde: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xe8900690

2- diskin sde oldugunu ogrendik debian icin ntfs okuyup yazmak icin paketlerimizi kuralim

apt-get install libfuse2
apt-get install ntfs-3g

3- diskimizi mount edelim

mkdir /usbdisk
mount –t ntfs-3g /dev/sde1 /usbdisk


oldu bitti masallah

When dealing with mem-leaks in my mod_perl-apps I ran into a curious apache-problem. After a while apache could not be started but failed with strange errors like: [emerg] (28)No space left on device: Couldn’t create accept lock or [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock Configuration Failed or [Wed Dec 07 00:00:09 2005] [error] (28)No space left on device: Cannot create SSLMutex There was definitely enough space on the device where the locks are stored (default /usr/local/apache2/logs/). I tried to explicetely different Lockfiles using the LockFile-directive but this did not help. I also tried a non-default AcceptMutex (flock) which then solved the acceptlock-issue and ended in the rewrite_log_lock-issue. Only reboot of the system helped out of my crisis.

Solution: There were myriads of semaphore-arrays left, owned by my apache-user.

## ipcs -s | grep apache

Removing this semaphores immediately solved the problem.


ipcs -s | grep apache | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'


directadmin kurulu sunucuda. daha once default spamassassin kurulumu yapilmis. yukselticez.. su sekilde:

not: toptan kopy paste yapma. satirlari tek tek yapistir. aksi takdirde sicma egilimi gosteriyor 😀

ISLEM BITINCE

sa-update komutunu calistir !!! calistirmazsan baslamiyor yeni spamassassin

NOT: centos 5.4 64 bit de sa-update can’t find LWP vs hata verirse:

yum install perl-libwww-perl

sonra sa-update

ty ty..

Abstract

The following is a Quick n’ Dirty method at implementing a very simple firewall. This HOWTO is a general compilation of suggested tips for a firewall.

Let’s Get Dirty

Locate IPTables

Depending on your VPS, first locate iptables:

[root@vps /]# which iptables

Create IP Based Accept/Deny

Create a whitelist (IP passes through firewall) or blacklist (packets from IP always dropped) if you wish:

[root@vps /]# vi /usr/local/etc/whitelist.txt

And/Or…

[root@vps /]# vi /usr/local/etc/blacklist.txt

In each file, add each IP per line, for instance:

4.2.2.2
66.35.15.20

firewall.sh Script

Then put the following in /etc/init.d/firewall.sh, and edit to fit your needs:

#!/bin/sh
#
## Quick n Dirty Firewall
#
## List Locations
#

WHITELIST=/usr/local/etc/whitelist.txt
BLACKLIST=/usr/local/etc/blacklist.txt

#
## Specify ports you wish to use.
#

ALLOWED="22 25 53 80 443 465 587 993"

#
## Specify where IP Tables is located
#

IPTABLES=/sbin/iptables

#
## Clear current rules
#

$IPTABLES -F
echo 'Clearing Tables F'
$IPTABLES -X
echo 'Clearing Tables X'
$IPTABLES -Z
echo 'Clearing Tables Z'

echo 'Allowing Localhost'
#Allow localhost.
$IPTABLES -A INPUT -t filter -s 127.0.0.1 -j ACCEPT

#
## Whitelist
#

for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
        echo "Permitting $x..."
        $IPTABLES -A INPUT -t filter -s $x -j ACCEPT
done

#
## Blacklist
#

for x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do
        echo "Denying $x..."
        $IPTABLES -A INPUT -t filter -s $x -j DROP
done

#
## Permitted Ports
#

for port in $ALLOWED; do
        echo "Accepting port TCP $port..."
        $IPTABLES -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done

for port in $ALLOWED; do
        echo "Accepting port UDP $port..."
        $IPTABLES -A INPUT -t filter -p udp --dport $port -j ACCEPT
done

$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p udp -j DROP
$IPTABLES -A INPUT -p tcp --syn -j DROP

Start Firewall

[root@vps /]# chmod 700 /etc/init.d/firewall.sh
[root@vps /]# /etc/init.d/firewall.sh

olay: acil olarak server , lokasyon ve ip degistirmek gerekti.

durum: eski serverda calisan pek cok domain, web , mail var – aktarim kolay – ancak kisa surede yeni serverda yeni ipde devam etmek istiyoruz

normal prosedur : eski serverdaki servisleri durdur. Yedek al – Yedekleri yeni servera aktar – yukle – calistigindan emin olunca nameserver iplerini degistir yeni server ipleri ile – bekle – 24 saat icinde hersey yoluna girer

sorun: vakit dar – tum islemin 2 3 saat icinde olmasi gerek – ancak yedekleme tek basina 10 saat suruyor –

10 saat yedekle – yedekleri aktar – 50GB 🙂 – yukle – calistir et – 12 saat oldu . bizim 2 – 3 saatimiz var

dnsler degisti ancak guncellenene kadar hersey eski iplerde resolve ediyor. basa bela durumu…

cozum: rinetd !

rinetd redirects TCP connections from one IP address and port to another, with basic IP-based access control.rinetd is a single-process server which handles any number of connections to the address/port pairs specified in the file /etc/rinetd.conf. Since rinetd runs as a single process using nonblocking I/O, it is able to redirect a large number of connections without a severe impact on the machine. This makes it practical to run services on machines inside an IP masquerading firewall.

install rinetd in ubuntu

apt-get install rinetd

install rinetd in centos

http://www.boutell.com/rinetd/

wget http://www.boutell.com/rinetd/http/rinetd.tar.gz

tar zxvf rinetd.tar.gz , cd rinetd  , make install

config dosyasi yapisi cok kolay

nano /etc/rinetd.conf


#
# forwarding rules come here
#
# you may specify allow and deny rules after a specific forwarding rule
# to apply to only that forwarding rule
#
# bindadress bindport connectaddress connectport

# logging information
logfile /var/log/rinetd.log

# uncomment the following line if you want web-server style logfile format
# logcommon

rinetd example
Assume that you have a machine with the IP address 192.168.2.1 which has been running Apache, and that you’d like to move that to the IP address 192.168.2.3

You’ve already updated DNS to point visitors to the new IP address, but you want to ensure that people connecting to the old IP still continue to receive service.

To handle this example you should update the /etc/rinetd.conf file to read:

# bindadress bindport connectaddress connectport
192.168.2.1 80 192.168.2.3 80
192.168.2.1 443 192.168.2.3 443

Once you restart rinetd all incoming connections on port 80 and 443 will be seamlessly redirected from the old IP to the new one – although you will need to restart rinetd after making the change to your configuration file.

sonre restart et inetd yi oldu bitti..

sitesi burada

http://www.boutell.com/rinetd/

yeni bir seedbox kurmam gerekiyordu. Dokumanlari okudum vs vs hic birisi isime gelmedi. Bende kendi yolum ile kurdum seedboxumu.

Ubuntu 9.10 server karmic +Xfce4 + vnc + utorrent.

Basitce soyle yaptim:

1- Box config:

e7500 core2duo cpu + 2gb ram + 2x500gb sata II HDD

Ubuntu karmic server kurulur. /boot icin 200 mb ayrilir, swap icin 4Gb ayrilir kalan disk alani / altina software raid1 yapilir. 864Gb NET kullanilabilir hizli disk alanina kavusulur.

2- ubuntu da gerekenler kurulur.

apt-get install tightvncserver wine xterm fluxbox vsftpd firefox vnstat xfce4-goodies xfce4 htop mc flashplugin-nonfree

baska bisi kaldiysa sonra kurarim lazim diil 🙂 – vnstat – munin vs vs ..

3- bi tane user acalim

useradd -m shukko

4- user olarak login edelim ( su – shukko ) vncserver icin islemleri yapalim

$ mkdir .vnc

$ nano .vnc/xstartup

icine sunu yaz : startxfce4             – kaydet cik

5- vncserveri baslat

$vncserver :1

6- uzaktan baglan vncclient ile oldu bitti masallah 🙂

ahada screenshot 🙂

Not: utorrent icin guzel ayarlar var

onlarida yazim sirayla buraya

– Use Speed Guide and set your connection to “xx/100Mbps” or “xx/10Mbps” depending on what you have
– Choose any port above 45,000
– Enable Encryption
– Disable DHT, Local Peer Discovery, Peer Exchange
– No randomize ports, disable UPnP port mapping & NAT-PMP port mapping
– Enable WebUI Interface, insert WebUI’s un & pw
– In Advanced Options, set gui.delete_to_trash to FALSE
– Un-check Minimize to tray & Close to tray

160gb onemli kullanici datasi iceren bir /home dizinini yeni bir diske kopyalamam gerekti.

ilk komut su idi:

$cp -Rp /home/* /home2/

yani

cp -R – dizinleri recursive olarak kopyala-  p – same as –preserve=mode,ownership,timestamps

———-

/home altina o an icin okuma yazma islemleri devam ettiginden ve disklerde oldukca yavas oldugundan 7 8 saat sonra islem tamamlaninca 7 8 saat icinde /home altina yazilan yeni verileri cabucacik yeni yerine kopyalamaliydim.

bunun icin su komutu kullandim

$cp -Rpuv  — yani

R= recursive , p=preserve u=update v=verbose

iste tam bu noktada bir sorun cikti 🙂

sorun su ki bu komut ile update edilmesi gereken her dosya icin benden onay bekliyordu. yani sanki ben girmedigim halde cp komutu -i –interactive switchini almis gibi davraniyordu.

ufak bir arastirma redhat tabanli sistemlerde konsoldan direk yazilan cp nin aslinda cp olmadigini ve cp -i nin aliasi oldugu meydana cikardi.

bu sorunu 2 sekilde cozebilirdim – ya unalias cp -i gibi birsey yazacaktim yada cp yi direk /bin/cp diye calistiracaktim.

sonuc olarak bu komut isimi gordu…

$/bin/cp -Rpuv /home/* /home2/

…