利用postfwd限制postfix的user每天的寄件數量

1.安裝postfwd

sudo apt-get update

sudo apt-get install postfwd

2.配置 postfwd規則

設定檔是/etc/postfix/postfwd.cf，若不存在，直接新增一個，並編寫內容如下：

# 限制每個帳號每日寄件總數為 500 封，並記錄日誌，sender 是內定參數

id=sender_rate

        action=rate(sender/500/86400/REJECT 550 User $$sender reached daily sending limit)

3.修改postfix的main.cf檔案內容，找到 "smtpd_recipient_restrictions ="，並將 "check_policy_service inet:127.0.0.1:10040"加在這個項目的最上方！

smtpd_recipient_restrictions =

#postfwd

        check_policy_service inet:127.0.0.1:10040

        ..............................

        ..............................

4.將postfwd設為開機啟動，並啟動！

sudo systemctl enable postfwd

sudo systemctl start postfwd

5.重新啟動postfix

sudo systemctl restart postfix

Recipient address rejected: Message rejected due to: SPF fail - not authorized.

 當內部設備（Firewall，Switch）寄通知信到你自架的Mail Server時，可能因為SPF設定內容，而出現

Recipient address rejected: Message rejected due to: SPF fail - not authorized.

解決方式：

修改  /etc/postfix-policyd-spf-python/policyd-spf.conf ，修改  skip_addresses 的值，將要發信的設備ip加入，例如：

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128,10.2.3.3/32

ubuntu20.04 bind9 log設定

1.編輯 /etc/bind/named.conf，新增以下這行：

include "/etc/bind/named.conf.log";

2.    創建 /etc/bind/named.conf.log，並新增以下內容：

logging {

  channel bind_log {

    file "/var/log/bind/bind.log" versions 3 size 5m;

    severity info;

    print-category yes;

    print-severity yes;

    print-time yes;

  };

  category default { bind_log; };

  category update { bind_log; };

  category update-security { bind_log; };

  category security { bind_log; };

  category queries { bind_log; };

  category lame-servers { null; };

};

3.新增log檔所需的資料夾，並變更擁有者

mkdir /var/log/bind

chown -R bind:bind /var/log/bind

4.編輯 /etc/apparmor.d/usr.sbin.named，註解下面兩行：

/var/log/named/** rw,

/var/log/named/ rw,

並新增下面兩行

/var/log/bind/** rw,

/var/log/bind/ rw,

5.重新啟動 app armor

/etc/init.d/apparmor restart

6.重新啟動bind9

service named restart

Configuring SNMP Agents on Ubuntu Linux Servers

安裝代理程式  

sudo apt update

sudo apt install snmpd

編輯設定檔 /etc/snmp/snmpd.conf

添加下行，啟動SNMP v1 Read-Only，public可改為你自己的名稱

rocommunity public

註解掉下面這行

＃agentAddress udp:127.0.0.1:161

新增下列這行，意思是SNMP接受系統上所有的IP請求，使用udp 161 port，含ipv6

agentAddress udp:161,udp6:[::1]:161

存檔後離開，重新啟動snmp service

sudo service snmpd restart

觀看snmp運作狀態

sudo service snmpd status

接著，到你的snmp 接收端加入這台伺服器......

利用完整的email登入postfix

 修改 /etc/dovecot/conf.d/10-auth.conf，加上以下這行

auth_username_format = %n

用途如下：

%n would drop away the domain if it was given

存檔離開後重新啟動dovecot！

重置 Drupal 使用者密碼

 在 Drupal的安裝目錄內，scripts目錄下，找到password-hash.sh這支程式，執行

php 路徑/password-hash.sh '新密碼' > newpassword.txt

用 Hash 產生的 的密碼，會寫入 newpassword.txt，打開 newpassword.txt 即可看到如下內容：

password: '新密碼'

hash: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

將hash密碼，直接利用資料庫工具，貼入使用者的 密碼 欄位 即可！

Using a load balancer or reverse proxy in drupal

 修改 settings.php

<?php # global settings.php

/**
 * Tell all Drupal sites that we're running behind an HTTPS proxy.
 */

// Drupal 7 configuration.
if (explode('.', VERSION)[0] == 7) {
  $conf['reverse_proxy'] = TRUE;
  $conf['reverse_proxy_addresses'] = ['1.2.3.4', ...];

  // Force the protocol provided by the proxy. This isn't always done
  // automatically in Drupal 7. Otherwise, you'll get mixed content warnings
  // and/or some assets will be blocked by the browser.
  if (php_sapi_name() != 'cli') {
    if (isset($_SERVER['SITE_SUBDIR']) && isset($_SERVER['RAW_HOST'])) {
      // Handle subdirectory mode (e.g. example.com/site1).
      $base_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . '://' . $_SERVER['RAW_HOST'] . '/' . $_SERVER['SITE_SUBDIR'];
    }   
    else {
      $base_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . '://' . $_SERVER['SERVER_NAME'];
    }   
  }
}
// Drupal 8 configuration.
else {
  $settings['reverse_proxy'] = TRUE;
  $settings['reverse_proxy_addresses'] = ['1.2.3.4', ...];
  // See https://symfony.com/doc/current/deployment/proxies.html.
  $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
}

資料來源：

https://www.drupal.org/node/425990