Managing Your EXIM Queue

Have you ever had a hard time with spammers or recently logged in to one of your Linux servers only to find 10-20+ exim processes hogging all of your resources? Check out the commands below to help you manage your queue.

 
Count The Messages

Count the number of messages in your queue. If this number is abnormally large; it’s usually a good indication of some malicious activity on your server.
# exim -bpc

 

View The Messages

After finding out you have 1000’s of messages in your exim queue it might be a good idea to stop the exim service.
# service exim stop

 

After stopping the service run this command to see what’s in the queue:
# exim -bp | less

 

This will pipe the results to the less command to enable you to page through and search the results. Find one of the message ID’s that seem to be duplicates (spam) and copy it to your clipboard.
A message ID looks like this: 1KBB28-0006UC-Fl

 

Run this command to view the header of the suspect message:
# find /var/spool/exim/input -name "1KBB28-0006UC-Fl-H" -exec cat {} \;

or this method with exim
# exim -Mvh 1KBB28-0006UC-Fl

 

The header can show you exactly where the message is originating as well as the recipient. If the spammer is connecting directly to your SMTP server you can also gather the IP address here.

 

Removing The Messages

Let’s get the messages out of the queue. For our example, we’ll use the address [email protected] as the sending address. To remove all emails in the queue for [email protected] run this command:

# exim -bp | awk ‘$4[email protected] { print $3 }’ | xargs exim -Mrm

e2label: Label Your Disks

With cheaper storage you might find yourself literally submersed in storage devices. It is possible to have your block devices change (from sdc to sde) when using multiple controllers of the same model (I’ve experienced this with 3Ware controllers). So how do you know where to mount your devices after a reboot? Use e2label to label your disks (much like NTFS labels in Windows).

 

Labeling Your Device

To label your device follow these steps:

# e2label /dev/sdb1 awesomedisk

 

Modifying Your fstab

Now you can modify your fstab to reflect your label changes. Instead of using the path to the block device (/dev/sdb1) you can use this syntax: (LABEL=awesomedisk)

Example:

LABEL=awesomedisk                 /mnt/awesomedisk                       ext3    defaults        1 1

 

Check Current Label

To check the label currently set for a block device use this command:
# tune2fs -l /dev/sdb1 | grep "Filesystem volume name:"

Funny support call

Sometimes I honestly feel like this when I call tech support and I get "John" (who’s real name is "Habeeb")

Jing Project: Simple “MindShare”

It’s not common for me to find a tool that’s really useful these days. Especially with the advent of spyware, software has just become too cumbersome for something free to spark my interest. Sure, I’ve used many a screen capture utility but nothing has really stuck out. Co-workers always ask for explanations on how to do things and it can be nice to write up a handy document for repeatable tasks but it’s never really as easy as it should be; until now.

 

So, What is it?

The application I spoke about was Jing. This application is a spin-off free product of Camtasia (TechSmith) and allows you to capture screenshots and allows you to easily upload them to a specified FTP server for sharing. I really enjoy this concept because it closes the gap between screen capture and presentation. Previously I would have to capture what I was thinking and then open the FTP program, then upload it, then copy and paste the URL… then send it to the person in need. With Jing I just capture, and press one button. The Image/Video (yes, VIDEO) is now on my clipboard and ready for presentation.

 

imageWhat Can It Do?

Jing can capture images and video (up to 5 minutes) and automagically FTP them to your server. Other transport mechanisms are available like Screencast.com, Flickr and simple saving to a file on local storage. The interface is very straight forward and easy to use. On the right you can see how the FTP configuration page looks.

 

Check out Jing today and see how easy sharing your mind can be!

Time Warner Cable: 2.8Mbit Upstream

Hey- Apparently Time Warner Cable doesn’t rate-limit UDP packets (as far as I can tell).

 

Here is the scenario:

Time Warner Turbo (15Mbit down / 1Mbit up) connected to OpenVPN (10mbit limit) at a local data center.

 

Here is what the connection path looks like:

Time Warner Cable –> OpenVPN –> Squid Proxy –> Website

 

At first I didn’t know what to think – I can normally achieve around 1Mbps up but I was getting over 2.8Mbit/sec upstream! I thought to myself “This has to be Squid caching the upload test data” so I altered the Squid configuration to explicitly NOT cache the data from SpeakEasy’s test site.

 

Here’s what I found:

 

Before
image
After (10Mbit limited by OpenVPN)
image

 

How can this be? Well it might have to do with the fact that Time Warner doesn’t monitor UDP traffic (at least to OpenVPN UDP 1194). After reading many documents, it’s evident that traffic shaping TCP is easy and TCP comes with traffic shaping mechanisms and UDP does not. My speculation is that Time Warner simply drops packets when rates are too high, causing TCP to (inherently) re-send data that is lost.

 

Quick HowTo

The first thing you should do is grab a copy of Untangle. It’s quick and easy to set up OpenVPN out of the box.

  1. Obtain OpenVPN
  2. Bring OpenVPN online at a Data Center or as a VM on your leased server at a Data Center.
  3. Connect to OpenVPN from your Time Warner connection.
  4. Start a VM with Squid caching proxy running. Make sure that you have access to this VM from your VPN client (configured in Untangle)
  5. Start Squid
  6. Open your favorite browser and point it to the squid proxy (private IP address via OpenVPN)
  7. Access speed test sites (all OpenVPN traffic is UDP so you should be able to achieve speeds without using Squid)