How to setup Postfix relay with authentication in CentOS 7

To configure postfix to relay mail using another MTA, you may do the following steps:

postconf -e 'relayhost = smtp.to.relay.com'
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options='

Replace smtp.to.relay.com with the original MTA hostname that you going to use for relaying. Now, create the sasl_passwd file in /etc/postfix with the following inside:

smtp.to.relay.com smtp_username:smtp_password

Now, use postmap to generate postfix hash db:

postmap /etc/postfix/sasl_passwd

You can verify if it’s working with the following:

postmap -q smtp.to.relay.com /etc/postfix/sasl_passwd

This will return the username and password for your smtp relay host.

Now all you need to do is to restart the postfix

service postfix restart

How to Stop Redirecting All Traffic Trough OpenVPN

There are cases, where you might want to use OpenVPN to redirect only a fraction of traffic, but not all. By default, after you connect to OpenVPN, server would push the call 'redirect-gateway' to the client to make the client divert all the traffic through tun network.

This behavior can be override with the following command line argument:

--pull-filter ignore redirect-gateway

You can add it in the openvpn command line as following:

openvpn --pull-filter ignore redirect-gateway --config "your_file.ovpn"

Once this is done, remember that, you have to route the targetted traffic using either the route command or 'ip route' command, otherwise no traffic will route through your openvpn tunnel network.

How to Save OpenVPN Username & Password

If you are using OpenVPN in a Linux platform through command line, it is always handy to be able to save the authentication information in a file and let openvpn use them. There are two ways you can do it.

First Method

First save the password in a file e.g auth.txt with two lines:

username
password

First line is for username and the second line is for password.

If you are using .ovpn files for configuration, open the .ovpn file and simply add the following:

auth-user-pass auth.txt

Now, your authentication would use the authentication given in that file

Second Method

You may add the auth-user-pass in the openvpn command line argument, but you have to make sure, this is passed after the --config. Here is an example

openvpn --config "your_file.ovpn" --auth-user-pass "auth.txt"

That should be enough.

Troubleshoot: -bash: fuser: command not found

If you are trying to use a command, fuser, that is used to identify process using lock file or socket file, and having the following error:

-bash: fuser: command not found

that means, your system doesn’t have the psmisc package installed. Usually, killall, fuser type of commands are under this package. CentOS 7 sometimes, do not install the package by default. To install it, run the following:

yum install psmisc -y

Once done, you should be able to use fuser command.

How To: Use SSH Password in a Script

You can obviously use RSA public/private keypair to access servers without password, although, sometimes, it may be desirable to use ssh password on a command line and run a remote command on another server. This can be done using a tool called ‘sshpass’. You can create a simple bash script using sshpass, that can help you monitor and control multiple servers from a single location.

How to use ssh password in script

First install sshpass:

# yum install sshpass -y

Once done, you can use sshpass command as following:

# sshpass -p "SSH_Password" ssh -o StrictHostKeyChecking=no SSH_Username@remote-ssh-server "yourcommand"

Just replace, the password, username, remote-ssh-server and your command with your desired setup, and viola!

Note: If yum says, the following:

No package sshpass* available.

then you would need to install epel repository to install sshpass. To install epel, run the following:

# yum install epel* -y

Programming: How To Check if an IP is Available or Not in Bash

How To Check if an IP is Available or Not in Bash

A quick trick I use is ‘ping’ command. PING will return 0 on success and 1 or above on failure while using it with -c 1 (Means only one ICMP packet). That makes it useful to use with a if condition shell code as following:

if ping -c 1 -w 5 192.168.2.1 >/dev/null
then
echo "IP Available"
else
echo "IP Not Available"

Programming: How to Check If A File Exists or Not in Bash Script

How to Check If A File Exists or Not in Bash Script

You can use if condition in bash script to do that. If conditions takes ‘-f’ to test if a file exists or not. Syntax would be the following:

$FILE = $1
if [ -f $FILE ]; then
echo "File Exists"
else
echo "File Do Not Exist"
endif

Now, if your script only demands to check if the file do not exist, you can use a unary operator for negate the boolean value as following:

$FILE = $1
if[ ! -f $FILE ]; then
echo "File Do Not Exist"
endif

 

How To: Restrict a Folder to Your IP Only

Sometimes, for development purposes, you may want to restrict access to the folder, only to your IP, and deny others from accessing that folder. One way to do that is to use htaccess rules. A common rule, could be denying all the users and allowing your IP. To find out, your IP, you may visit the following:

http://ifconfig.co

Note the IP it has reported. Open the folder that you want to protect. Find the .htaccess file under the folder (If no file available, create one) and add the following:

order deny,allow
deny from all
allow from <your IP goes here>

Replace the <your IP goes here> from the snippets with the IP you have noted from ifconfig.co. Now, your folder should be accessible only from your IP.

How To: Start a Screen Session and Run a Command at a Time

Sometimes, you may want to run a screen command in a remote server. That makes it necessary to run the command inside the screen session while starting it.

How to start a screen session and run a command in one line

# screen -d -m sh -c "yourcommand"

From the man page of Screen:

-d -m : Start screen in “detached” mode. This creates a new session but doesn’t attach to it. This is useful for system startup scripts.

sh -c: Starts a shell and runs a command for you.

 

How To: Install AutoSSL for Server Hostname – Cpanel Server

Starting from Cpanel 11.58, Cpanel is offering Free SSL, issued by ‘Cpanel INC’ for free of charge to the valid cpanel license owner. If you are using cpanel, login to your WHM >> Providers >> Enable Cpanel & from Options >> Check Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.

Now, running upcp should automatically install the free SSL for your cpanel server hostname. If it doesn’t, it is probably because your server IP and the hostname IP are resolving to wrong address. To understand and troubleshoot the problem, run the following script from command line:

# /usr/local/cpanel/bin/checkallsslcerts

This script checks and installs certificate for expired, invalid and self signed certificates for the server services. If you are seeing an error like the following:

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID 62hp6x) The system queried for a temporary file at “http://server91.mellowhost.com/.well-known/pki-validation/D92868E512FB02354F2498B94E67430B.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.

It means, your hostname is resolving to the wrong IP. You would need to check if the hostname is resolving to an IP which has first virtualhost pointed to /var/www/html or not under /etc/apache2/conf/httpd.conf