Aici veti gasi detalii tehnice despre cum se pot realiza configurari software+ hardware.
Here you can find tehnical details about software/hardware configuration.
miercuri, 24 septembrie 2008
ipfw shaping sample
without guaranteed bandwidth
fxp3 - router internal interface
#download
/sbin/ipfw add pipe 2174 ip from any to 192.168.5.27/32 xmit fxp3
/sbin/ipfw pipe 2174 config bw 384Kbit/s
#upload
/sbin/ipfw add pipe 2175 ip from 192.168.5.27/32 to any recv fxp3
/sbin/ipfw pipe 2175 config bw 384Kbit/s
if you want to put the limit on the port range
#download
/sbin/ipfw add pipe 2174 ip from any to 192.168.5.27/32 src-port 1-8079 xmit fxp3
/sbin/ipfw add pipe 2174 ip from any to 192.168.5.27/32 src-port 8081-65535 xmit fxp3
/sbin/ipfw pipe 2174 config bw 384Kbit/s
#upload
/sbin/ipfw add pipe 2175 ip from 192.168.5.27/32 to any recv fxp3
/sbin/ipfw pipe 2175 config bw 384Kbit/s
If you want to add guaranteed bandwidth and rules priority
#download
/sbin/ipfw add 2174 queue 30986 ip from any to 192.168.5.27 src-port 1-8079,8081-65535 xmit fxp3
/sbin/ipfw pipe 2174 config bw 6144Kbit/s queue 32Kbit/s
/sbin/ipfw queue 2174 config pipe 30986 weight 30
#upload
/sbin/ipfw add 2175 queue 30987 ip from 192.168.5.27 to any recv fxp3
/sbin/ipfw pipe 2175 config bw 1536Kbit/s queue 8Kbit/s
/sbin/ipfw queue 2175 config pipe 30987 weight 30
luni, 22 septembrie 2008
[Bug 5340] New: sa-compile fails to write to 'compiled/3.00200' dir
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Macintosh
OS/Version: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: sa-compile
AssignedTo: dev@spamassassin.apache.org
ReportedBy: [EMAIL PROTECTED]
i've built up a test-instance of,
% spamassassin --version
SpamAssassin version 3.2.0-pre1-r499012
running on Perl version 5.8.8
on,
% uname -a
Darwin snowcrash 8.8.0 Darwin Kernel Version 8.8.0: Fri Sep 8
17:18:57 PDT
2006; root:xnu-792.12.6.obj~1/RELEASE_PPC Power Macintosh powerpc
currently, on launch of sa, i see @ console,
[21402] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_0.pm
in @INC
(@INC ...
/var/mail/spamassassin/updates/compiled/3.002000
/var/mail/spamassassin/updates/compiled/3.002000/auto) at (eval 536) line 1.
this is with,
loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
in init.pre
if i disable the compile plugin, on restart i get no errors.
i was informed on-list that,
> that's to be expected until you actually run "sa-compile" to compile
> the ruleset...
now,
% /usr/local/spamassassin/bin/sa-compile --sudo -D
[21503] dbg: logger: adding facilities: all
[21503] dbg: logger: logging level is DBG
[21503] dbg: generic: SpamAssassin version 3.2.0-pre1-r499012
[21503] dbg: config: score set 0 chosen.
[21503] dbg: dns: is Net::DNS::Resolver available? yes
[21503] dbg: dns: Net::DNS version: 0.59
sa-compile: cannot write to
/var/mail/spamassassin/updates/compiled/3.002000, aborting
checking,
% ls -ald /var/mail/spamassassin/updates/compiled/3.002000
/usr/local/bin/ls: cannot access
/var/mail/spamassassin/updates/compiled/3.002000: No such file
or
directory
then,
% mkdir -p /var/mail/spamassassin/updates/compiled/3.002000
% chown -R spam:spam /var/mail/spamassassin/updates/compiled/3.002000
and again,
% /usr/local/spamassassin/bin/sa-compile --sudo -D
still reports,
[21503] dbg: logger: adding facilities: all
[21503] dbg: logger: logging level is DBG
[21503] dbg: generic: SpamAssassin version 3.2.0-pre1-r499012
[21503] dbg: config: score set 0 chosen.
[21503] dbg: dns: is Net::DNS::Resolver available? yes
[21503] dbg: dns: Net::DNS version: 0.59
sa-compile: cannot write to
/var/mail/spamassassin/updates/compiled/3.002000, aborting
thanks.
vineri, 19 septembrie 2008
qmail SMTP Authentication
http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.30.tar.gz
2- Read the README.auth to patch qmail with smtp-auth patch
3- Compile qmail normaly
4- Compile vpopmail as you need
5- # chmod 4755 ~vpopmail/bin/vchkpw
# chown root.root ~vpopmail/bin/vchkpw
6- You can run qmail-smtpd from inetd or tcpserver
I recommend you to use tcpserver,
If you are using tcpserver, use following command to start qmail-smtpd (Note!! all of them are in a single line !)
exec /usr/local/bin/softlimit -m 4000000 tcpserver -H -l0 -R -c 512 -x /home/vpopmail/etc/tcp.smtp.cdb -u VPOPMAILUID -g VPOPMAILGUID 0 smtp /var/qmail/bin/qmail-smtpd your.qmail.server.name /home/vpopmail/bin/vchkpw /bin/true &
change following parameters depend of your system configuration
-x /home/vpopmail/etc/tcp.smtp.cdb //change this with your tcp.smtpd.cdb file path
VPOPMAILUID is your vpopmail user id
VPOPMAILGUID is your vpopmail group id
your.qmail.server.name is your fully qualified server name
/home/vpopmail/bin/vchkpw is your vchkpw file path
/bin/true is your true command path (this is /usr/bin/true in FreeBSD)
if you do NOT add your .qmail.server.name parameter after /var/qmail/bin/qmail-smtpd , your smtp-auth gives fake authentication. It returns true for any username and password
if you are using inetd, add following lines to inetd.conf and send kill -HUP to inetd
smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env \
/var/qmail/bin/qmail-smtpd your.qmail.server.name /home/vpopmail/bin/vchkpw /bin/true
that's all
Regards
marți, 16 septembrie 2008
How do you enable .mkv subs in mplayer?
Press V to toggle the subs on and off, and press J to cycle languages. You can cycle the audio by pressing #
duminică, 14 septembrie 2008
How To Patch / Upgrade BIND 9.x Under FreeBSD Operating Syste
How To Patch / Upgrade BIND 9.x Under FreeBSD Operating Syste
To fix this issue under FreeBSD 6.3, download patch:# cd /tmp
# fetch -o bind.patch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch
If you are using FreeBSD 7.0, enter:# cd /tmp
# fetch -o bind.patch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch
Type the following commands to compile and install bind 9 patch:# cd /usr/src
# patch < /tmp/bind.patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
Restart bind 9:# /etc/rc.d/named restart
# tail -f /var/log/messages
vineri, 12 septembrie 2008
FreeBSD geli encryption
configuration
My installation testserver has the following hardware configuration:
ar0: IDE-RAID controller (RAID 5)
..with four SATA harddisks ad4, ad6, ad8 and ad10
ad14: SATA harddisk containing the system installation
da0: USB Stick - will contain the boot files and geli decryption key
As the operating system I am using the FreeBSD 6.1-RELEASE version. We will encrypt the ar0 RAID and use it as our main working system. In order to set it up we need a standard system which I installed on the single harddisk ad14. It won't be needed afterwards. As the final encrypted operating system will not be able to boot up by itself we need a memory-stick da0 containing the files which are needed for the booting process. The stick also contains the geli key which will be necessary for decrypting the filesystem.
The goal is to have an encrypted RAID-5 system which can only be booted up using a memory stick with a key and a password.
installation
First of all we clear all previous data we have on the ar0 harddisk.
# dd if=/dev/random of=/dev/ar0
WARNING: This will delete your entire data on the harddisk! Depending on the size of the disk this may take a while.
As we would like to use a key-file for the geli encryption we need to create this file first before initializing the geli container:
# mkdir /boot/keys
# dd if=/dev/random of=/boot/keys/ar0.key bs=128k count=1
The dd command creates a new file (ar0.key) of 128Kb filled with random data (/dev/random).
In a next step we initialize the geli container on the ar0 harddisk:
# geli init -b -K /boot/keys/ar0.key -s 4096 -l 256 /dev/ar0
The -b parameter specifies that a password is needed on bootup. The second parameter -K specifies the key which is used for encryption - the one we have just created. The -s 4096 increases the sector size which really boosts up encrypting/decrypting performance. The -l 256 parameter tells geli to use an AES 256 encryption - which is the strongest currently supported. And finally /dev/ar0 is our RAID device. Type in your secret password and the initialization is completed.
Next, the device will be attached which creates the decrypted device with which we will work.
# geli attach -K /boot/keys/ar0.key /dev/ar0
We specify the location to the encryption key for attaching. Enter the password you chose during initialization and a new device /dev/ar0.eli will be created for you.
Ok, as we now have the decrypted device its time to partition it:
# bsdlabel -w /dev/ar0.eli
# bsdlabel -e /dev/ar0.eli
The first commands creates a standard label and the second one is used to specify the single partitions to create. It will bring up an editor. The first column contains a single character. This is the partitions label. "c" is reserved for the complete disk and may not be changed. "b" is usually the swap partition. The second column specifies the size of the partition (in sectors). Note: We told geli during initialization to use 4096 bytes per sector. The offset needs to be calculated manually and is simply the sum of the sizes of the predecessing partitions. In the fstype column you need to write 4.2BSD for all partitions except the swap partition (and the c partition of course!). The next two columns can be filled with a 0 in each one and on the last one we do not write anything. This will be completed by FreeBSD. Here is my configuration:
# /dev/ar0.eli
8 partitions:
# size offset fstype [fsize bsize bps/cpg]
a: 512M 0 4.2BSD 0 0
b: 2048M * swap
c: 19544356 0 unused 0 0
d: 4096M * 4.2BSD 0 0
e: 2048M * 4.2BSD 0 0
f: * * 4.2BSD 0 0
Note the * at the partition f: this will cause FreeBSD to use the rest of the available disk space for the final partition. The * at the offset column tells FreeBSD to calculate the offsets by itself based on the predecessing partitions.
Now that we have the partitions it's time to create the filesystems:
# newfs /dev/ar0.elia
# newfs /dev/ar0.elid
# newfs /dev/ar0.elie
# newfs /dev/ar0.elif
installing operating system
The target harddisk is now partitioned and the filesystems have been
created. Let's put the operating system on it. First we create a new
directory:
# mkdir /fixed
This
creates a new directory called "fixed" on the root directory. This
directory will contain the target filesystem structure. Next, we mount
the target root partition on fixed:
# mount /dev/ar0.elia /fixed
Then we create the following directories to create the desired structure:
# mkdir /fixed/var
# mkdir /fixed/tmp
# mkdir /fixed/usr
Now mount the previously created partitions to the new directories:
# mount /dev/ar0.elid /fixed/var
# mount /dev/ar0.elie /fixed/tmp
# mount /dev/ar0.elif /fixed/usr
It's
time to copy the operating system files to the target filesystem. To do
so we need to set an environment variable which is used by the install
script to determine where to extract the OS files. Switch to the
bash-shell and export the variable and switch back:
# /bin/sh
# export DESTDIR=/fixed/
# /bin/csh
Ok we are ready to install the files. Mount the CD-ROM drive (yes insert your FreeBSD CD 1 now) and install!
# mount /cdrom
# cd /cdrom/6.1-RELEASE/base
# ./install.sh
FreeBSD 6.1 does not install automatically the kernel. So let's do it manually:
# cd /cdrom/6.1-RELEASE/kernels
# ./install.sh GENERIC
This will install the generic kernel on the encrypted geli device. If you have a multi-processor system you can use the SMP instead of the GENERIC kernel in the command above.
kbdmux and geli are enemies!
In the current version (FreeBSD 6.1-RELEASE) there is a major problem with the kbdmux keyboard multiplexer driver and geli. Either the keyboard or geli worked, but never both at the same time. Tomas Snackerstrom pointed out that problem in one of his precious comments. This brought me to the solution of removing the kbdmux driver from the generic kernel by compiling a custom one.
In the following few steps we will compile a custom kernel. If you have not installed the kernel sources do this now. You can find detailed explanations here.
First, we create a copy of the GENERIC kernel configuration file and alter it:
# cd /usr/src/sys/i386/conf
# mkdir /root/kernels
# cp GENERIC /root/kernels/PROPORTION
# ln -s /root/kernels/PROPORTION
This creates a new kernel configuration file called PROPORTION in the roots home directory. Of course you can name the file whatever you like. Now alter the PROPORTION kernel configuration file with your favorite editor:
# vi PROPORTION
Put your kernels name in the "ident" line, so you will recognize your custom kernel during boot-up. And most important: remove the line "device kbdmux". Close and save the file.
Now build and install the kernel:
# cd /usr/src
# make buildkernel KERNCONF=PROPORTION
# make installkernel KERNCONF=PROPORTION
This will take a while - especially builing the kernel. Now, as the kernel is built and installed we will copy it to the geli encrypted harddisk:
# cp -Rpv /boot/kernel /fixed/boot
configuring removable device
It's time to take care of the removable device which plays an important role in the whole installation. It contains the files which are essential for booting.
First of all we create a new slice on the device:
# fdisk -BI /dev/da0
WARNING: This will remove all data on the device. Make sure no important data is stored on it.
Next, we create the partition on the slice:
# bsdlabel -Brw /dev/da0s1
# bsdlabel -e /dev/da0s1
Again this will bring up an editor in where you can specify the desired partitions. This time we only create one single partition:
# size offset fstype [fsize bsize bps/cpg]
a: 528600 0 4.2BSD 0 0
c: 528600 0 unused 0 0
Create a new filesystem on the previously created partition and mount the filesystem so we can start putting the required files on it.
# newfs /dev/da0s1
# mount /dev/da0s1 /mnt
A couple of minutes ago we installed the base distribution on the encrypted target harddisk. As we are not able to boot from that disk we need to put the boot files on the removable (non-encrypted) medium:
# cp -Rpv /fixed/boot /mnt
Done. Now let's speed up the booting process by zipping the kernel and the two needed modules. Switch to the kernel's directory and zip it:
# cd /mnt/boot/kernel
# gzip kernel geom_eli.ko acpi.ko
To make sure we will be asked for the password at boottime we need to add the needed module to the /boot/loader.conf file:
# echo geom_eli_load="YES" >> /mnt/boot/loader.conf
Now we also need to specify where to load the encryption key from during startup. First copy the keyfile to the USB stick:
# mkdir /mnt/boot/keys
# cp /boot/keys/ar0.key /mnt/boot/keys/
Second, specify the corresponding geli commands to load the key from the stick. This is also defined in the /boot/loader.conf file. Open it and add the following lines to it:
geli_ar0_keyfile0_load="YES"
geli_ar0_keyfile0_type="ar0:geli_keyfile0"
geli_ar0_keyfile0_name="/boot/keys/ar0.key"
We are almost there. The final step is to tell the kernel which filesystem to load. By creating the directory etc and putting the file fstab into it we can achieve this:
# mkdir /mnt/etc
# vi fstab
This opens up the editor and we can start specifying the filesystems. This needs to be the same structure we created on our target harddisk (see the similarities?):
# Device Mountpoint FStype Options Dump Pass#
/dev/ar0.elib none swap sw 0 0
/dev/ar0.elia / ufs rw 1 1
/dev/ar0.elie /tmp ufs rw 2 2
/dev/ar0.elif /usr ufs rw 2 2
/dev/ar0.elid /var ufs rw 2 2
/dev/acd0 /cdrom cd9660 ro,noauto 0 0
I additionally added the cdrom. It is not mandatory but quite handy. Finally copy the fstab file to the target harddisk:
# cp /mnt/etc/fstab /fixed/etc/
Congratulations. Let's see if it works!
testing
Now it's time to bring Frankenstein alive! Remove the installation CD and shutdown the computer. Remove the operating systems harddisk (ad14), plug in the removable device and switch it on. If everything runs smooth you will be promted for the password during boot and afterwards the system will be booted.
Here are some problems I encountered afterwards:
Problem: The bios tells you that the operating system cannot be found.
Solution: Make sure your bios is capable of booting from removable devices such as USB sticks and check the bios boot-order settings.
Problem: I get multiple password prompts during bootup.
Solution: I played around with the geli init command before and initialized some other disks. You can kill those initializations by typing:
# geli kill /dev/adX
Where /dev/adX is the concerning device. This will kill the encryption keys! WARNING: Do not try this on the correct disk you've just created! (Well, unless the FBI is knocking on your door and you have a good reason doing so).
miercuri, 23 iulie 2008
FreeBSD Raid 1
Configuring the Mirror/Duplex During the Install
If you're going to use RAID 1, make your life easy and purchase two identical disks (of the same model and size). You can complicate things by insisting on different disks with different sizes, but in the end you just end up with a harder configuration that wastes the extra disk space on the larger disk. Cable the identical drives so that one is the primary master and the other is the secondary master. Before installing the operating system, double-check that your CMOS recognizes both disks.
Using your favorite installation method, start a FreeBSD install of any version (5.3 or higher). When you get to the Select Drives menu, it should show ad0 and ad2. Select ad0, as you will be installing the operating system on the primary master.
Within the fdisk
utility, remove any existing partitions and then select "Use entire disk." When asked about the boot menu, choose "Standard MBR."
In the disklabel editor, set up the partitions on ad0 according to your requirements. If in doubt, choose a
for automatic. Then choose your install sets and your install media, and let the operating system install as usual.
When finished, go through the postinstall configurations and set your time zone, create a user account, set the root password, and so on.
However, don't reboot when you end up back at the sysinstall
main menu. Instead, press Alt-F4, which will take you to a command prompt. The first command I type is csh
so I can get a shell with history (the default shell is Bourne).
Creating a mirror/duplex is as simple as typing:
# gmirror label -v -b round-robin gm0 /dev/ad0
where gmirror label
creates the mirror; -v
enables verbose mode; -b round-robin
chooses a balance algorithm (at the moment, round-robin is the algorithm with the best performance); gm0
is the name of mirror/duplex (this name represents the first GEOM mirror); and /dev/ad0
represents the disk containing the data to mirror.
However, you'll be disappointed if you try the command now:
# gmirror label -v -b round-robin gm0 /dev/ad0
Can't store metadata on /dev/ad0: Operation not permitted
This is a security feature that indicates that the disk is currently mounted for writing and therefore is unavailable. However, you can get around this chicken-and-egg problem and temporarily force gmirror
to bypass this measure in order to create the mirror/duplex by setting a sysctl
MIB:
# sysctl kern.geom.debugflags=16
kern.geom.debugflags: 0 -> 16
Don't worry; this MIB will return to 0 when you reboot (which I'll have you do in just a few minutes). Try again:
# gmirror label -v -b round-robin gm0 /dev/ad0
Metadata value stored on /dev/ad0
That's it; you now have a RAID 1 system.
It is, however, useful to tell the operating system to load it whenever you boot. This requires edits to two files. The first one is currently empty, so just echo
over the required line:
# echo geom_mirror_load="YES" > /boot/loader.conf
However, /etc/fstab is not empty, so I recommend making a backup copy before editing it:
# cp /etc/fstab /etc/fstab.orig
# vi /etc/fstab
Change each ad
to a gm
, and insert a mirror
after /dev
. For example, /dev/ad0s1a
becomes /dev/mirror/gm0s1a
. Unless you've made extra partitions, you'll have ad0s1
devices ending in a
, b
, d
, e
, and f
and will need to edit each of those lines.
When finished, triple-check your changes to both /etc/fstab and /boot/loader.conf. While it is fixable, it sucks not being able to boot into a new system because of a typo.
Note: some tutorials indicate you also need to add a swapoff
option to /etc/rc.conf. This is no longer necessary, and neither is using shutdown -r now
instead of reboot
.
Once you're sure you don't have any typos, return to Alt-F1 and exit the installation menu after removing your installation media.
|
Booting into the Mirror/Duplex
If you watch your boot-up messages, you should see this in bold white text right after the disks are probed:
GEOM_MIRROR: Device gm0 created (id=2125638583).
GEOM_MIRROR: Device gm0: provider ad0 detected.
GEOM_MIRROR: Device gm0: provider ad0 activated.
GEOM_MIRROR: Device gm0: provider mirror/gm0 launched.
GEOM_MIRROR: Device gm0 already configured.
Mounting root from ufs:/dev/mirror/gm0s1a
and the system will continue to boot. However, if you have a typo in /etc/fstab, the boot will stop at this point and wait for you to type something meaningful. In this example, I forgot to insert mirror
when I edited /etc/fstab, meaning /dev/gm0s1a
should have been /dev/mirror/gm0s1a
so that FreeBSD could find my root filesystem:
Mounting root from ufs:/dev/gm0s1a
setrootbyname failed
ffs_mountroot: can't find rootvp
Root mount failed: 6
Manual root filesystem specification:
<fstype>:<device> Mount <device> using filesystem <fstype>
e.g. ufs:da0s1a
? List valid disk boot devices
<empty line> Abort manual input
mountroot>
Fortunately, that's not as scary as it looks. Start by listing your valid disk boot devices:
mountroot> ?
List of GEOM managed disk devices:
mirror/gm0s1f mirror/gm0s1e mirror/gm0s1d mirror/gm0s1c mirror/gm0s1b
mirror/gm0s1a mirror/gm0s1 ad2s1 mirror/gm0 ad0s1 ad2 acd0 ad0 fd0
If you type in the correct location of the / filesystem, the system will continue to reboot:
mountroot> ufs:/dev/mirror/gm0s1a
Mounting root from /dev/mirror/gm0s1a
After logging in, be sure to edit the offending line in /etc/fstab and try rebooting again. When you can boot up and log in successfully, verify that each partition on the mirror mounted successfully with:
% df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/mirror/gm0s1a 248M 35M 193M 15% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/mirror/gm0s1e 248M 12K 228M 0% /tmp
/dev/mirror/gm0s1f 7.3G 99M 6.7G 1% /usr
/dev/mirror/gm0s1d 248M 196K 228M 0% /var
df
won't show your swap partition; you can verify it with:
% swapinfo
Device 1K-blocks Used Avail Capacity
/dev/mirror/gm0s1b 629544 0 629544 0%
Synchronizing the Mirror/Duplex
The only thing left to do is to synchronize the data on both hard drives. This will happen automatically as soon as you issue the command to insert the second drive into the mirror:
# gmirror insert gm0 /dev/ad2
GEOM_MIRROR: Device gm0: provider ad2 detected.
GEOM_MIRROR: Device gm0: rebuilding provider ad2.
To see what's happening:
# gmirror list | more
Geom name: gm0
State: DEGRADED
Components: 2
Balance: round-robin
Slice: 4096
Flags: NONE
GenID: 0
SyncID: 1
ID: 2125638583
Providers:
1. Name: mirror/gm0
Mediasize: 10262568448 (9.6G)
Sectorsize: 512
Mode: r6w5e2
Consumers:
1. Name: ad0
Mediasize: 10262568448 (9.6G)
Sectorsize: 512
Mode: r1w1e1
State: ACTIVE
Priority: 0
Flags: DIRTY
GenID: 0
SyncID: 1
ID: 3986018406
2. Name: ad2
Mediasize: 10262568448 (9.6G)
Sectorsize: 512
Mode: r1w1e1
State: SYNCHRONIZING
Priority: 0
Flags: DIRTY, SYNCHRONIZING
GenID: 0
SyncID: 1
Synchronized: 1%
ID: 1946262342
Note the SYNCHRONIZING
on the Flags
line. It will take a while for these two drives to synchronize, as it is currently at 1 percent. I've seen times ranging from about 30 minutes for a 10GB drive to about two and a half hours for a 75GB drive. If you're curious, check the progress with:
# gmirror status
Name Status Components
mirror/gm0 DEGRADED ad0
ad2 (2%)
You'll see a status message in bold white text when the synchronization finishes:
GEOM_MIRROR: Device gm0: rebuilding provider ad2 finished.
GEOM_MIRROR: Device gm0: provider ad2 activated.
If you repeat gmirror list
, you'll note that the State
has changed from DEGRADED
to COMPLETE
and the Synchronized
line is now gone. Don't worry if you see DIRTY
on the Flags
line, as it simply indicates that the system has written new data to the disk but hasn't mirrored it yet. If you were to wait a few seconds on a quiet disk, you would see the Flags
line change to NONE
.
For the final test, reboot
the system.
This time your startup messages should include:
GEOM_MIRROR: Device gm0 created (id=2125638583).
GEOM_MIRROR: Device gm0: provider ad0 detected.
GEOM_MIRROR: Device gm0: provider ad2 detected.
GEOM_MIRROR: Device gm0: provider ad0 activated.
GEOM_MIRROR: Device gm0: provider ad2 activated.
GEOM_MIRROR: Device gm0: provider mirror/gm0 launched.
Mounting root from ufs:/dev/mirror/gm0s1a
Final Notes
GEOM utilities are works in progress, and the developers constantly add new features and updates to the man pages. It's well worth your while to keep your favorite version of FreeBSD up-to-date using cvsup
or to choose a newer release when deciding which version of FreeBSD to install.
If you wish to gather performance statistics on your mirror/duplex, try gstat(8)
. A good read through gmirror(8)
is also in order, especially if you want an overview of the procedure for replacing a failed disk.
Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.
miercuri, 16 iulie 2008
FreeBSD recovery root password
Step # 1: Start FreeBSD server/workstation
Step # 2: Press Enter key at boot loader
At Welcome to FreeBSD! boot menu press spacebar key to pause default booting
Type number 4 key (type 4 number) to boot into single user mode
(click to enlarge)
Next you will see following prompt from system:When prompted Enter full pathname of shell or RETURN for /bin/sh:
Press Enter key to boot into single user mode. Next, you will be immediately dropped into a single user mode without a root password.
You need to remount / (root) file system in read and write mode with mount command, type following two commands:# mount -u /
# mount -a
Setup a new password with passwd command:# passwd
Next type exit command to boot FreeBSD into multi-user mode environment:# exit
OR You can just reboot the system:
OPenBSD Recovery root password
Procedure to reset root password
At boot> prompt type boot -s to boot into single user mode:boot> boot -s
Next you will see a message as follows:
Enter pathname of shell or RETURN for sh:
Just hit [Enter] key to load sh shell.
Next mount / and /usr file system in read-write mode:# mount -uw /
# mount /usr
Finally set or change the password for root user, enter:# passwd
Press CTRL+D to boot into multiuser mode or just reboot server:# reboot
duminică, 6 iulie 2008
FreeBSD Upgrade
FreeBSD install portsnap (for older system version <6 .0="" h2="">
On FreeBSD 6.0+, portsnap is contained in the FreeBSD base (core) system. You only need to to install portsanp as follows for older FreeBSD system:
# cd /usr/ports/ports-mgmt/portsnap
# make install clean
6>
# make install clean
FreeBSD install portmanager
Simply type the following command:
# cd /usr/ports/ports-mgmt/portmanager
# make install clean
Upgrade FreeBSD ports collection
Run portsnap as follows:
# portsnap fetch extract
OR
# portsnap fetch
# portsnap extract
Output:
Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found. Fetching public key from portsnap3.FreeBSD.org... done. Fetching snapshot tag from portsnap3.FreeBSD.org... done. Fetching snapshot metadata... done. Fetching snapshot generated at Sun Aug 5 19:38:18 CDT 2007: b73e908500446b6593a4f763b8b2128490e733547cdaa7100% of 49 MB 195 kBps 00m00s Extracting snapshot... done. Verifying snapshot integrity... done. Fetching snapshot tag from portsnap3.FreeBSD.org... done. Fetching snapshot metadata... done. Updating from Sun Aug 5 19:38:18 CDT 2007 to Mon Aug 6 05:58:34 CDT 2007. Fetching 4 metadata patches... done. Applying metadata patches... done. Fetching 0 metadata files... done. Fetching 18 patches.....10.... done. Applying patches... done. Fetching 0 new ports or files... done. .... .. ...
Display outdated ports list
You can list outdated ports list with pkg_version command:
# pkg_version -vIL=
OR
# pkg_version -vIL'<'
Output:
bash-3.1.17 < needs updating (index has 3.2.17_2) gettext-0.14.5_2 < needs updating (index has 0.16.1_3) libtool-1.5.22_2 < needs updating (index has 1.5.22_4) linux_base-fc-4_9 < needs updating (index has 4_10) .... ...... .
Where,
- v : Enable verbose output.
- I : Use only the index file for determining if a package is out of date (faster result)
- L= : Limit the output to those packages whose status flag does not match = (the installed version of the package is current.)
- L'<' : Limit the output to those packages whose status flag does not match < (the installed version of the package is older than the current version.)
Update FreeBSD packages / software
Now run portmanager to upgrade installed ports:
# portmanager -u
It will updates ports in the correct order based on their dependencies. If a port fails to "make" during update it is marked as ignored. Portmanager will continue updating any ports not marked as "ignored" so long as they are not dependent on the ignored port. Also note that it may take some time if you have large number of application installed.
If you need to upgrade all installed ports with logging, enter:
# portmanager -u -l
How do I upgrade a single software only?
portmanager allows you to update a single port and all of its dependencies. For example update port called bash i.e. bash shell (shells/bash), enter:
# portmanager shells/bash -l -u -f
How do I apply update again?
In order to update system again just type the following command:
# portsnap fetch
# portsnap update
# portmanager -u -l
How do I apply binary security updates for FreeBSD?
Latest version includes a tool called freebsd-update (thanks to Bok for pointing out this tool). The freebsd-update tool is used to fetch, install, and rollback binary updates to the FreeBSD base system.
Fetch updates
Use fetch option to get all available binary updates:
# freebsd-update fetch
Output:
Looking up update.FreeBSD.org mirrors... 1 mirrors found. Fetching public key from update1.FreeBSD.org... done. Fetching metadata signature from update1.FreeBSD.org... done. Fetching metadata index... done. Fetching 2 metadata files... done. Inspecting system... done. Preparing to download files... done. Fetching 18 patches.....10.... done. Applying patches... done. The following files will be updated as part of updating to 6.2-RELEASE-p7: /boot/kernel/kernel /etc/rc.d/jail .... ..... /usr/lib/libmagic.so.2 /usr/sbin/dnssec-signzone /usr/sbin/freebsd-update /usr/sbin/lwresd /usr/sbin/named /usr/sbin/named-checkconf /usr/sbin/named-checkzone /usr/sbin/tcpdump WARNING: FreeBSD 6.2-RELEASE is approaching its End-of-Life date. It is strongly recommended that you upgrade to a newer release within the next 5 months.
Install updates
Install the most recently fetched updates:
# freebsd-update install
Output:
Installing updates... done.
Rollback updates
Optional: You can uninstall most recently installed updates:
# freebsd-update rollback
Reboot system
You must reboot FreeBSD to take advntage of newly patched kernel:
$ uname -a
Output:
FreeBSD vip-1.freebsd.nixcraft.com 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
$ sudo reboot
After reboot verify system:
$ uname -a
Output:
FreeBSD vip-1.freebsd.nixcraft.com 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:40:53 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
To repair package database run ' pkgdb -F'.
duminică, 22 iunie 2008
FreeBSD + sendmail + ClamAV + SpamAssassin
Setting Up SpamAssassin and ClamAV with Sendmail on FreeBSD
This document covers setting up a mail server on FreeBSD 5.4 RELEASE using Sendmail 8.13.3, SpamAssassin 3.1.0 and ClamAV 0.87. Combining these altogether results in a mail server with strong protection against spam and virus-infected mails.
Below are the procedures to setup the MTA (Mailer Transfer Agent) Sendmail. Configuration for other MTAs will be different so please be aware of this.
NB: All the following operations are performed as the root user.
Install FreeBSD
Fetch and burn the FreeBSD ISO images available at: (just disc1 should be sufficient)
ftp://ftp.jp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/5.4/
Don't install the ports collection from the CD as it's an old version. Download the latest from:
ftp://ftp.jp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
and untar it in /usr after the OS has installed such that /usr/ports/* will be created.
After installation is done, run the sysinstall command and goto Configure (Do post-install configuration of FreeBSD ) -> Networking (Configure additional network services) -> Mail (This machine wants to run a Mail Transfer Agent) and select Sendmail (Use sendmail). See the following picture:
The line sendmail_enable="YES" will be automatically added to /etc/rc.conf so Sendmail will be run at boottime. If the line doesn't get added just add it yourself using your favourite editor.
Now would be a good time for you to update your system to the latest release of FreeBSD. Instructions for these procedures are out of the scope of this document but check here for info on how to do so. Use cvsup.
Get The Latest Perl 5.8
The default version of Perl in FreeBSD 5.4 is 5.8.6 but version 5.8.7 was the latest at the time of writing this article and I often found that having only 5.8.6 installed prevented various ports from installing properly so we'll upgrade Perl:
cd /usr/ports/lang/perl5.8
make deinstall
make install
It's necessary to upgrade Perl before going ahead and doing the SpamAssassin and ClamAV installs as the locations of libraries and such change.
Install SpamAssassin
Compile and install SpamAssassin:
cd /usr/ports/mail/p5-Mail-SpamAssassin
make install
The following dialogue will appear (this will not appear again after the first installation):
From experience here on RBL.JP we know DOMAINKEYS and RAZOR are worthwhile having so leave them selected. I chose SPF_QUERY because it's becoming more and more popular. I'm not sure exactly what TOOLS and RELAY_COUNTRY are but I included them anyway :-)
At this point there should be the following startup script:
# ls -l /usr/local/etc/rc.d
total 2
-r-xr-xr-x 1 root wheel 696 Sep 2 18:01 sa-spamd.sh
Install spamassassin-milter
spamassassin-milter is the software that bridges SpamAssassin and Sendmail.
cd /usr/ports/mail/spamass-milter
make install
Now there should be the following two startup scripts:
# ls -l /usr/local/etc/rc.d
total 4
-r-xr-xr-x 1 root wheel 696 Sep 2 18:01 sa-spamd.sh
-r-xr-xr-x 1 root wheel 1013 Sep 2 18:04 spamass-milter.sh
Install ClamAV
ClamAV is free anti-virus software which can scan mails for virii.
cd /usr/ports/mail/p5-Mail-ClamAV
make install
After a while the above dialog screen will appear. Check MILTER.
A permission error saying clamd.log cannot be read/write accessed when executing clamav-milter can be solved by creating an empty file in advance:
touch /var/log/clamav/clamd.log
chown clamav /var/log/clamav/clamd.log
Now you should have all the following startup scripts:
# ls -l /usr/local/etc/rc.d
total 10
-r-xr-xr-x 1 root wheel 687 Sep 2 18:17 clamav-clamd.sh
-r-xr-xr-x 1 root wheel 722 Sep 2 18:17 clamav-freshclam.sh
-r-xr-xr-x 1 root wheel 1066 Sep 2 18:17 clamav-milter.sh
-r-xr-xr-x 1 root wheel 696 Sep 2 18:01 sa-spamd.sh
-r-xr-xr-x 1 root wheel 1013 Sep 2 18:04 spamass-milter.sh
Configure Sendmail
Sendmail is software for handling mail delivery (MTA). When installing FreeBSD the other two MTAs you can choose from are PostFix and Exim but I chose Sendmail as that's the one I'm most familiar with. The following procedures can only be used for Sendmail.
In order to use SpamAssassin and ClamAV with Sendmail there are various mechanisms which need to be defined in sendmail.cf (the configuration file). Also, definitions must be added to use RBLs (Real-time Black Lists - lists of hostnames, domains, mail addresses etc. found to be used by spammers that can be used to reject spam from these spammers).
Usually you do not directly modify sendmail.cf but rather modify the macro file (m4's .mc file format) which when parsed by m4 will generate sendmail.cf.
When you configure Sendmail on FreeBSD as described below, a macro file with its name as the server's hostname will be automatically created. Do the following:
cd /etc/mail
make
then, for example, if your machine is called mail.example.jp then a file called mail.example.jp.mc will be created in that directory. From here on I will use mail.example.jp.mc to refer to the sendmail.mc macro file as we add various configurations below, eventually leading up to the creation of the final Sendmail configuration file, sendmail.cf.
Once mail.example.jp.mc has been created it'll not be overwritten if you run make again so when you want to add/modify some configuration, edit the file directly.
0) Basic configuration
First we define what kind of e-mail address formats your mail server will receive.
The e-mail address formats mail.example.jp will receive are:
test@example.jp
test@mail.example.jp
We create a file called /etc/mail/local-host-names and add the following:
example.jp
mail.example.jp
mail.example.jp is optional because it has the same domain as the first entry (example.jp). Please make sure that there are no inconsistencies between this file and the DNS MX settings for example.jp. Regardless of which e-mail address format is used, all mail will be delivered to mail.example.jp.
Next, create /etc/mail/relay-domains and add the following to define who is allowed to send mail from this server:
example.jp
192.168.0
The second line allows any machines on the local 192.168.0.0/24 network (assuming the mail server has global and local network interfaces) to relay e-mail through this server. Change this value according to your local network.
With the above configuration basic mail delivery can now be performed.
1) Add SpamAssassin and ClamAV settings
cd /etc/mail
vi mail.example.jp.mc
and add the following:
INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin')dnl
2) Settings related to reverse DNS lookups
Here we configure Sendmail to reject mail sent from hosts with no reverse DNS lookup. By doing this we're able to avoid most spam from Chinese and Korean servers which don't have reverse DNS lookup entries.
A side effect of this setting though is that mail from legit hosts maybe rejected due to bad server configuration. There are some people who are against setting their SMTP to use this mechanism. Do some research on Google yourself first before deciding if you want to set this on your mail server.
Add these settings to mail.example.jp if you want to ONLY reject hosts with no reverse DNS lookup.
OR if you want to reject both the above and hosts whose reverse DNS lookup and normal DNS lookup do not match then add these settings.
The tab characters must be preserved so be careful when copy/pasting.
If you want to be able to receive mail from hosts which do not have a reverse DNS lookup entry then you must not use these settings. Likewise, if you're likely to receive lots of legit mail from China and/or Korea (which have many such mail servers) you should avoid using these settings.
3) Setting up Sendmail RBLs
If an incoming mail is marked as spam by SpamAssassin the mail will still be delivered (and left for something else to filter it) but if you enable the RBL features in Sendmail, as we do below, then mail from a host that is rejected because of some RBL policy will not be delivered. Please keep this in mind when deciding whether to use the following.
There are various RBLs out there, we chose to use the following 4. Add this to mail.example.jp.mc:
FEATURE(dnsbl,`bl.spamcop.net')dnl
FEATURE(dnsbl,`sbl-xbl.spamhaus.org')dnl
FEATURE(dnsbl,`list.dsbl.org')dnl
FEATURE(dnsbl,`all.rbl.jp')dnl
Make sure the above lines come before MAILER(smtp) and MAILER(local) lines in mail.example.jp.mc.
There are many stories in Japanese mailing lists that too many legit addresses get registered in spamcop.net so if you are thinking on the safe side it would be okay to leave this line out.
The following 3 RBLs have not so good reputations , we don't recommend to use them.
BLARS
JAMM
SORBS
Sendmail's requests to the RBLs are done in the order listed in the configuration file. Even if all RBLs had exactly the same data, a culprit host would be rejected by the first RBL and the rejection would stop there. So only the rejection from the first RBL would be recorded in the Sendmail log file.
Just because you have a high number of RBLs configured it does not mean your server will be effective in avoiding spam. Unnecessary amounts of traffic and server load will be generated if you have too many RBLs defined so please choose an amount suitable for your mail server's purpose and intended use. Once all your configuration is done, run your server for a while, look at the mail log and see if there are one or more configured RBLs which don't appear much (or at all). This would indicate that they're not doing much in the way of contributing to rejecting hosts, most probably because they've got data in their databases similar (or the same) as one of the RBLs you've configured higher up in the list which do the rejecting first. Determine which one(s) are so and delete them.
So far, the updates we've added to mail.example.jp.mc are here. The tab characters must be preserved so make sure your browser doesn't break them if you copy/paste.
MAILER(local) and MAILER(smtp) were already in mail.example.jp.mc before we started changing it. It's important that the RBL definitions (FEATURE(...) etc) come before the MAILER(...) definitions. The order is critical. The stuff below LOCAL_RULESETS are the definitions to only reject mail from hosts which don't have a reverse DNS lookup and not when the normal and reverse DNS entries do not match.
4) Generating sendmail.cf
After the above configuration steps have been completed:
cd /etc/mail
make
and a file called mail.example.jp.cf will be made. This will now become our new Sendmail configuration file. Copy the file as follows:
cp mail.example.jp.cf sendmail.cf
Configure Autoboot
Add the following to /etc/rc.conf:
spamass_milter_enable="YES"
spamd_enable="YES"
clamav_clamd_enable="YES"
clamav_milter_enable="YES"
clamav_freshclam_enable="YES"
There we have it, Sendmail with SpamAssassin and ClamAV support running on FreeBSD configured to use some RBLs. However, please also install the packages below to make your mail server even more efficient in stamping out spam. Look at Running and Checking below for executing everything.
Other Software to Install
1) procmail
cd /usr/ports/mail/procmail
make install
Procmail is installed by default on Linux but on FreeBSD you need to install it manually.
Procmail allows you to manipulate mails marked as spam, for example placing them in a different folder, making them unreadable etc. As is out of the scope of this document, please Google to find more info on how to use it.
2) portupgrade
cd /usr/ports/sysutils/portupgrade
make install
portupgrade will make updating your installed ports to the newest versions easy. So, seeing as we installed SpamAssassin and ClamAV from ports we can use the following commands to update them to their latest versions.
Remember, you must download and untar the latest version of ports.tar.gz into /usr/ports yourself beforehand.
portupgrade -vr p5-Mail-ClamAV
portupgrade -vr p5-Mail-SpamAssassin
portupgrade -vr clamav
Extra
If you decide to upgrade ClamAV without using portupgrade do it the following way:cd /usr/ports/security/clamav
make WITH_MILTER=yes
make deinstall
make WITH_MILTER=yes install
If you've updated SpamAssassin and/or ClamAV and it's not the first time (ie. the programs are already running) then you need to restart them:
/usr/local/etc/rc.d/clamav-clamd.sh restart
/usr/local/etc/rc.d/clamav-freshclam.sh restart
/usr/local/etc/rc.d/clamav-milter.sh restart
/usr/local/etc/rc.d/sa-spamd.sh restart
Beefing up SpamAssassin
Add RBL.JP settings to SpamAssassin
By default, SpamAssassin is not configured to use RBL.JP so please look here to see how and what to add to SpamAssassin's configuration file (/usr/local/etc/mail/spamassassin/local.cf). If this is a fresh install of SpamAssassin then you'll need to copy local.cf.sample to local.cf. RBL.JP is an RBL with a focus on spam written in Japanese and offers excellent protection against fighting Japanese spam but also against English spam.
Below are the basic settings you'll need to add to local.cf in order to use RBL.JP but please read the link above beforehand to get an understanding of how it all works.
urirhssub URLBL_RBLJP url.rbl.jp. A 2
body URLBL_RBLJP eval:check_uridnsbl('URLBL_RBLJP')
describe URLBL_RBLJP Has URI in url.rbl.jp
tflags URLBL_RBLJP net
score URLBL_RBLJP 2.0
uridnsbl URLBL_IP_RBLJP url.rbl.jp. TXT
body URLBL_IP_RBLJP eval:check_uridnsbl('URLBL_IP_RBLJP')
describe URLBL_IP_RBLJP Has IP URL in url.rbl.jp
tflags URLBL_IP_RBLJP net
score URLBL_IP_RBLJP 2.0
header RCVD_IN_ALL_RBL_JP eval:check_rbl_txt('rbl.jp', 'all.rbl.jp.')
describe RCVD_IN_ALL_RBL_JP Received via a relay in all.rbl.jp
tflags RCVD_IN_ALL_RBL_JP net
score RCVD_IN_ALL_RBL_JP 1.5
Running and Checking
Reboot the server and check by making sure the following processes are running:
# ps -axw | grep -e clam -e spam
480 ?? Is 0:09.97 /usr/local/sbin/clamd
487 ?? Is 0:00.13 /usr/local/bin/freshclam --daemon
494 ?? Ss 2:57.21 /usr/local/sbin/clamav-milter --pidfile /var/run/clamav/clamav-milter.pid --postmaster-only --local --pos
522 ?? Ss 0:45.65 /usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock
5314 ?? Is 0:03.04 /usr/local/bin/spamd -c -d -r /var/run/spamd/spamd.pid (perl5.8.7)
28621 ?? I 2:44.87 spamd child (perl5.8.7)
28632 ?? I 2:43.92 spamd child (perl5.8.7)
After confirming this, try sending a mail to yourself on the server and look at the header, checking for the word SpamAssassin on the X-Spam-Checker-Version line and ClamAV on the X-Virus-Scanned line.
Post-config Changes
/usr/local/etc/rc.d/sa-spamd.sh restart
will restart spamd (the SpamAssassin daemon). Then check the following processes are running:
# ps -ax | grep spam
522 ?? Ss 0:46.57 /usr/local/sbin/spamass-milter -f -p /var/run/spamass
46349 ?? Ss 0:02.89 /usr/local/bin/spamd -c -d -r /var/run/spamd/spamd.pi
46356 ?? S 0:00.71 spamd child (perl5.8.7)
46360 ?? S 0:00.01 spamd child (perl5.8.7)
The following might or might not be running:
46347 ?? S 0:00.03 /usr/local/bin/spamc
depending on whether SpamAssassin is processing anything at that time.
cd /etc/mail
make restart
will restart Sendmail. Then check the following processes are running:
# ps -ax | grep sendmail
16383 ?? Is 0:01.10 sendmail: Queue runner@00:30:00 for /var/spool/client
16385 ?? Ss 1:57.27 sendmail: accepting connections (sendmail)
Having a Local Reject List
Using /etc/mail/access it is possible for you to have your own reject list. In this file you can specify e-mail address, domain names, hostnames and/or IP addresses.
Edit the file:
cd /etc/mail
vi access
and create your list based on the following format. The format is simply the address, hostname or IP followed by a TAB or space character and then the word REJECT. You may have as many lines as you like with one address per line but you must not have repeated lines.
privatefun@usa.net REJECT
mta163060.savings1friend.com REJECT
69.63.161.83 REJECT
72.26.220 REJECT
exrim.net REJECT
In the case of all the lines above, mails will also not be able to be sent to the corresponding hostname/domain/IP/address. Usually if you're rejecting from you won't have the need to send to the same place, but in case you do, to enable only rejection from but allow sending to add "From: " at the beginning of the line, for example:
From:exrim.net REJECT
to reject all mails from exrim.net but still allow sending to this domain.
When you've finished making the reject list:
cd /etc/mail
make
and then the changes will become immediately effective. There is no need to restart Sendmail.
Troubleshooting
spamassassin --lint
to find out where the problem is that needs fixing. There will be no output if there are no errors.
/usr/local/etc/rc.d/sa-spamd.sh start
will manually start SpamAssassin. Other valid arguments are usually stop and restart. If something's wrong a message will likely be displayed after running the script (if not also in the log files mentioned above).
Miscellaneous
The FreeBSD OS and ports packages are constantly evolving. If the packages being used are old there is a chance the virus definition data etc will be unusable. Please make sure you keep your server updated with the most recent versions.
There are a ton of possible configurations in Sendmail's local.cf. We've only covered some of them in this document. Check the Spam Rejection Diary Hart Computer often updates with tips and tricks to further beef up SpamAssassin, you can find it here (sorry but it's only available in Japanese).
Disclaimer: We take no responsibility for whatever happens as a result of you following the instructions in this document. It's your choice, thus the consequences are your responsibility. Be warned! Also, we're busy with work so we won't reply to any e-mails. This document comes with no support.
RBL.JP