Enjoy!

I have assisted to several others Ubuntu webminars:

• What’s new in Landscape 1.5:

1. Link to the webinar
2. Link to the documents

• Ubuntu Enterprsie Cloud in your Business:

1. Link to the webinar
2. Link to the documents

• Successful desktop migrations:

1. Link to the webinar
2. Link to the documents

• Managing UEC with Landscape:

1. Link to the webinar
2. Link to the documents

• Top 10 Server questions answered

1. Link to the webinar This one I couldn’t assist  but anyway the webinar is public

Here you are the list with all Canonical webminars.

More or less I already knew all the concepts speakers talked about: Landscape, cloud, computing, monitoring, provisioning etc. But in this one I first hear about something called Service orchestration.

I have previous experience with (as they call in the webinar): Machine-centric configuration management systems as puppet and more or less with Landscape but In the webinar they talk about Service-centric management.

Interesting concept: managing services not machines.

I have learned something new so I can go to sleep now. – Spanish saying

In that email the user was referring to very useful tutorial: Check Point Firewall-1 NG(X). I remembered that link as I used it to configure my first road warrior VPN client. But this document is outdated as the procedure to obtain the private key is not valid anymore. There is a new procedure that I documented in my personal wiki. In this post I am gonna copy & paste the right procedure from it.

This is a almost copy and paste procedure post. I am not going to explain all the “History/Theory” as it has been already well documented in the Check Point Firewall-1 NG(X) tutorial.

Get the needed files from the .pk12 certificate and put them in the right directories:

Retrieving DER-encoded CRL from CheckPoint

wget http://firewall-1:18264/ICA_CRL1.crl

Converting DER-encoded CRL to PEM-encoded and store it in related directory

openssl crl -in ICA_CRL1.crl -inform DER -outform PEM -out /etc/ipsec.d/crls/checkpoint.crl

Convert user certificate generated by Check Point Management from PKCS#12 to X.509

Extract private key of user PKCS#12, you have to specify first the import password (remember: given in GUI) and an export password

openssl pkcs12 -in vpnjuan.p12 -nocerts -out tempkey.pem

Convert private key of user to RSA:

openssl rsa -in tempkey.pem -des3 -out /etc/ipsec.d/private/vpnjuan-key.pem

Copy firewall-1-cert.pem (provided by your network admin) in /etc/ipsec.d/certs/firewall-1-cert.pem

Extract certificates of user from PKCS#12 to X.509 (results in a file containing the CA and the user certificate)

openssl pkcs12 -in vpnjuan.p12 -nokeys -out temp2.pem

Split singe file into different ones, results in e.g. firewall-1-internal-ca.pem (CA certificate is first one in file) and vpnjuan-cert.pem (user certificate is normally the second one in file) The header part of the CA certificate is like:

subject=/O=checkpoint.intranet.example.com..p9bkhs

issuer= /O=checkpoint.intranet.example.com..p9bkhs

The header of the user certificate is like:

subject=/O=checkpoint.intranet.example.com..p9bkhs/OU=users/CN=freeswan

issuer=/O=checkpoint.intranet.example.com..p9bkhs

Copy user X.509 certificate to related Openswan directory

cp vpnjuan-cert.pem /etc/ipsec.d/certs

Copy firewall-1 CA certificate to related Openswan directory

cp firewall-1-internal-ca.pem /etc/ipsec.d/cacerts

Modifying the .conf files:

Add the following line to /etc/ipsec.secrets

: RSA /etc/ipsec.d/private/vpnjuan-key.pem %prompt

Modify the /etc/ipsec.conf depending your own configuration:

# /etc/ipsec/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $
 
# This file:  /usr/share/doc/openswan-2.4.15-r2/ipsec.conf-sample
#
# Manual:     ipsec.conf.5
 
version 2.0     # conforms to second version of ipsec.conf specification
 
# basic configuration
config setup
        # plutodebug / klipsdebug = "all", "none" or a combation from below:
        # "raw crypt parsing emitting control klips pfkey natt x509 private"
        # eg: plutodebug="control parsing"
        #
        # ONLY enable plutodebug=all or klipsdebug=all if you are a developer !!
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=yes
        # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        #
        # enable this if you see "failed to find any available worker"
        nhelpers=0
#       plutodebug=all
        protostack=netkey
# Add connections here
# sample VPN connections, see /etc/ipsec.d/examples/
 
## RoadWarrior to Net behind Gateway: FreeS/WAN X.509 <-> Check Point - Net
conn MYCOMPANYCONNECTION
    # Right side is FreeS/WAN RoadWarrior
    right=%defaultroute
    rightrsasigkey=%cert
    rightcert=vpnjuan-cert.pem
    # Left side is Check Point
    left=X.X.X.X          ### put here your firewall's IP address
    leftsubnet=10.0.0.0/8 ### put here your company's network range
    leftcert=firewall-1-cert.pem
    leftid=X.X.X.X        ### put here your firewall's IP address
    # config
    type=tunnel
    keyingtries=3
    disablearrivalcheck=no
    authby=rsasig
    auth=esp
    keyexchange=ike
    auto=route

Procedure to connect:

Restart ipsec daemon to reread configuration:

mediacenter:/etc/ipsec.d/certs# service ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: stop ordered, but IPsec appears to be already stopped!
ipsec_setup: doing cleanup anyway...
ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.38-2-amd64...

Insert the passphrase of yout private key:

mediacenter:/etc/ipsec.d/certs# ipsec auto --rereadsecrets
040 need passphrase for '/etc/ipsec.d/private/vpnjuan-key.pem'
Enter passphrase:

Start the VPN:

mediacenter:/etc/ipsec.d/certs# ipsec auto –up MYCOMPANYCONNECTION

104 "MYCOMPANYCONNECTION" #1: STATE_MAIN_I1: initiate
003 "MYCOMPANYCONNECTION" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
106 "MYCOMPANYCONNECTION" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "MYCOMPANYCONNECTION" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
108 "MYCOMPANYCONNECTION" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "MYCOMPANYCONNECTION" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
117 "MYCOMPANYCONNECTION" #2: STATE_QUICK_I1: initiate
003 "MYCOMPANYCONNECTION" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=1a0f153c
004 "MYCOMPANYCONNECTION" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x6ae22f40 <0x4bca9ef5 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}

Launch the rdesktop (terminal server client for linux) against your Pc’s IP address and have fun!

mediacenter:/etc/ipsec.d/certs# rdesktop X.X.X.X

Bluehost allows to download a daily, weekly and monthly backup from your Cpanel control panel, but manual intervention is needed:

1. Logon in the control panel
2. Navigate to the backup page
3. Perform the backup
4. Download it to your local computer.

This is a manually/time consuming task and of course you should not forget it!!

In this post I gonna show my automatic method to backup files and databases using:

1. Crontab for automatic backups.
2. Public/private keys for passwordless ssh connections.
3. Mysqldump for dumping the MySQL databases to a local file.
4. Rsync command for synchronizing directories between remote and local servers. This way bandwidth is reduced as if a file has already been copied to the local server no data transfer is needed.
5. SpiderOak for data deduplication and remote backup.

Some previous knowledge is needed to understand how it works, anyway there are some useful links to understand it.

Let’s have a look to the script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

#!/bin/bash
 
# Defining some variables
MAILTO="your@domain.tld"
USERDB="yourlogin"
PASSDB="YourDBPASS"
SSHUSER="yoursshuser"
DOMAIN="domain.tld" # This is your main domain
LOCAL_MYSQL_PATH_BACKUP="$HOME/domain.tld/BackupDDBB/"
LOCAL_PATH_BACKUP="/home/login/domain.tld/"
DB_NAME_BACKUP="BackupDDBB_`date +%Y-%m-%d`.sql"
REMOTE_PATH_BACKUP="/home/$SSHUSER/"
 
## Checking ssh-agent is running and have valid identities already loaded
ssh-add -l
if [ $? = 1 ]
        then echo "Please add private key identities to the authentication agent and run it again"|mail -s "error in backup sc
ript" $MAILTO
        exit 1
fi ## no identities were loaded, so the script finished here as private/public ssh-keys are needed to remote logon
 
# Loading ssh-agent variables for private/public passwordless logon
/usr/bin/keychain
source  $HOME/.keychain/${HOSTNAME}-sh
 
### Remote msyqldump to local file
ssh $SSHUSER@$DOMAIN "mysqldump -u$USERDB -p$PASSDB --all-databases" > $LOCAL_MYSQL_PATH_BACKUP$DB_NAME_BACKUP
 
### Rsync between remote and local server
### We don't want to backup cache, session, mail and others directories,  so I "--exclude" them from the rsync command
###
 
rsync -avr --exclude 'mail/' \
           --exclude '.cpanel' \
           --exclude 'tmp' \
$SSHUSER@$DOMAIN:$REMOTE_PATH_BACKUP $LOCAL_PATH_BACKUP
 
# Run SpiderOak for deduplication and folder synchronization
SpiderOak --batchmode

And now let’s explain how it works:

1. Some variables must to be defined depending your own configuration. MAILTO, USERDB, etc. These depends on your login name, ssh user, etc
2. The script checks if the ssh-agent have valid identities already loaded. If not an email is send to MAILTO informing about the error and the script returns a 1 as a returning code.
3. Runs the keychain and read some variables from $HOME/.keychain/${HOSTNAME}-sh file. Please read the Passwordless connections via OpenSSH using public key authentication, keychain and AgentForward. web page for more information.
4. As at this moment passwordless ssh connections can be made between your computer and the remote server. So remote commands can be launched. Now a backup using msyqldump is made in a LOCAL_PATH_BACKUP in your local computer with all your mysql databases. Note: I don’t have any postgresql database. If you have any you will have to deal with it by yourself. But the same procedure can be applied with some modifications.
5. At this moment databases are already copied to the local server so we can proceed with the raw data in your remote /home/login directory. The rsync command is launched excluding some directories which contains no interesting data to be copied. When rsync finished all the files are copied to our local computer
6. Now is turn run the SpiderOak command (SpiderOak needs to be previously installed and configured). This will copy (using data deduplication) your pre-defined directories to the SpiderOak cloud. This way you will have at least 2 remote copies: your local PC and the SpiderOak cloud.
   

 Installing SpiderOak in your computer (the debian way)

1. Create your SpiderOak account. They provide a 2 GBlifetime free account.
2. install the client depending your O.S (They have clients for many O.S. windows, linux, MAC OS). For Debian add the following to your sources.list:                             deb http://apt.spideroak.com/debian/ stable non-free
3. apt-get update && apt-get install SpiderOak
4. Run SpiderOak from a console to start the configuration GUI and customize it to adjust your needs: defining the directories you want to backup, you want to share, you want to sync with others computers, etc.

FAQs:

I don’t see any deduplication benefits here   Can you put an example?

Imagine you have 3 Joomla, 4 Mediawiki and 6 WordPress installations in your Bluehost account.

The benefits can be seen when the SpiderOak software copies the data between your server and its cloud network as all the installation files must be the same (if your are using same versions) and even if they are different versions as they must look similar. Data is transfered onces for same files and partially for similar files. This saves you a lot of bandwidth and space on your SpiderOak account.

“SpiderOak uses de-duplication in a very advantageous way as it relates to your SpiderOak account“

Today my SpiderOak account has 21.515 GB

Size of all stored files (without compression or deduplication): 107.638 GB

Also SpiderOak keep multiple versions of files:

“If a file is ever damaged or deleted or accidentally overwritten, you will always have the option of downloading an earlier undamaged version.”

I am a little bit concerned/paranoid with my backups. How can I have more security in my backups?

If for more security you understand more copies of your data in distant places…. you can use the SpiderOak’s SYNC feature.

In a standard configuration you can have several directories synchronized in severals server across multiple location using the standard SpiderOak’s client. Learn howto

This procedure tries to generalize the template. While working with disk cloned images many elements need to be “generalized” before capturing and deploying a disk image to multiple computers. Some of these elements include:

1. ssh keys
2. /etc/apt/sources.list

The more “generalized” is a template, the less manual work is needed after deploying it.

This method must work in others virtualization systems: vmware, virtualbox, etc. As it is “virtualizator/hypervisor/emulator independent” as it is focused only in the disk image.

• Install the Debian image using you usual procedure, LVM, packages, virtio, etc.

• Set Debian repositories

cat <<EOF > /etc/apt/sources.list
deb http://ftp.rediris.es/debian/ squeeze main
deb-src http://ftp.rediris.es/debian/ squeeze main
 
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
 
# squeeze-updates, previously known as 'volatile'
deb http://ftp.rediris.es/debian/ squeeze-updates main
deb-src http://ftp.rediris.es/debian/ squeeze-updates main
EOF

• Install some more packages

apt-get install ssh quota less acpid bash-completion sudo vim facter

• Remove some unneeded packages

dpkg --purge ppp pppoeconf pppoe pppconfig

• Upgrade system

apt-get upgrade

• Clean packages

After installing packages, you’ll have some junk packages laying around in your cache. Since you don’t want your template to have those, this command will wipe them out.

apt-get --purge clean

• Reconfigure your desired locales

dpkg-reconfigure locales

• Change timezone

dpkg-reconfigure tzdata

• Disable all but one tty in /etc/inittab as in a VM you don’t usually need 6 tty working, even in real servers…

# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
#
1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6

• Disable sync() for syslog

Turn off doing sync() on every write for syslog’s log files, to improve I/O performance:

sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/*syslog.conf

• Copy your public key to the template (for passwordless ssh logins)

ssh-copy-id root@IPADDRESS

• Delete the udev rule related to your NIC

This is important or when you clone your first VM you will see that it doesn’t have any NIC… This is caused by the rule /etc/udev/rules.d/70-persistent-net.rules as it has your current MAC configured on it. Cloned VM will have different MAC so this rule will fail and VM will not have any eth0 configured.

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
 
# PCI device 0x1af4:0x1000 (virtio_net)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="<strong>52:54:00:18:d9:5f</strong>", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERN
EL=="eth*", NAME="eth0"

It’s safe to delete it as a new file will be generated on boot time

rm /etc/udev/rules.d/70-persistent-net.rules

• Fix SSH host keys.

rm -f /etc/ssh/ssh_host_*

This is only useful if you installed SSH. Each individual VM should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created VE to create new SSH keys on first boot.

cat << EOF > /etc/init.d/ssh_gen_host_keys
#!/bin/sh
### BEGIN INIT INFO
# Provides:          Generates new ssh host keys on first boot
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Generates new ssh host keys on first boot
# Description:       Generates new ssh host keys on first boot
### END INIT INFO
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""
insserv -r /etc/init.d/ssh_gen_host_keys
rm -f \$0
EOF

chmod a+x /etc/init.d/ssh_gen_host_keys
insserv /etc/init.d/ssh_gen_host_keys

Finally stop the VM make a backup and label it as a Template.

In next posts I am gonna configure all the cloned servers “automagically” using puppet.

Have a look to the Installing Puppet master and client in the same host. The Debian way previous post for more info.

I took the main ideas from Splitting puppetd from puppetmaster from madduck‘s blog. But using this method you don’t have to create 2 differents ssl directories. Both installations (client and server) will share the same directory. I think it’s easier to implement and maintain.

The golden rule is to create all the SSL stuff (CA, keys, certificates,etc) in the right moment. And you may ask… When is the right moment? After the file /etc/puppet/puppet.conf is created with the certname directive properly updated. As by default puppet create all the SSL stuff using the hostname instead of the alias you want.

This tutorial assume you are using Debian (but should work on its derivatives: Ubuntu, Mint, etc) and have one server with two aliases replying to the same host (via /etc/hosts or DNS) In my case: puppet (server) and mediacenter (client).

Let’s have fun:

• Install puppetmaster:

apt-get install puppetmaster

• Stop puppetmaster:

/etc/init.d/puppetmaster stop

• kill puppet master processes

root@mediacenter:/etc/puppet# ps -ef|grep puppet
puppet    3610     1  0 08:09 ?        00:00:01 /usr/bin/ruby1.8 /usr/bin/puppet master --masterport=8140
root      4053  3035  0 08:28 pts/0    00:00:00 grep puppet
kill 3610

• Remove ssl directory: (as it has the ssl data related to the hostname instead of the alias you want)

rm -rf /etc/puppet/ssl/

• create /etc/puppet/puppet.conf

[main]
 
[master]
certname=puppet.vnet
 
[agent]
server=puppet.vnet

• Start puppetmaster:

/etc/init.d/puppetmaster start

• Check ssl logs on /var/log/daemon.log (ans check ssl directory and certificates have been created using puppet as server name)

mediacenter puppet-master[3758]: Signed certificate request for ca
mediacenter puppet-master[3758]: Rebuilding inventory file
mediacenter puppet-master[3758]: puppet.vnet has a waiting certificate request
mediacenter puppet-master[3758]: Signed certificate request for puppet.vnet
mediacenter puppet-master[3758]: Removing file Puppet::SSL::CertificateRequest puppet.vnet at '/etc/puppet/ssl/ca/requests/puppetmaster.vnet.pem'
mediacenter puppet-master[3758]: Removing file Puppet::SSL::CertificateRequest puppet.vnet at '/etc/puppet/ssl/certificate_requests/puppetmaster.vnet.pem'
mediacenter puppet-master[3815]: Reopening log files
mediacenter puppet-master[3815]: Starting Puppet master version 2.7.1

• Check ssl directory has been re-created on /etc/puppet:

ls /etc/puppet/ssl

• Install puppet client:

apt-get install puppet

• Create a SSL certificate for mediacenter.vnet. In order for the two systems to communicate securely we need to create signed SSL certificates.

root@mediacenter:/etc/puppet# puppetd --no-daemonize --onetime --verbose --waitforcert 30
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for mediacenter.vnet
info: Certificate Request fingerprint (md5): 93:7C:65:BD:77:39:2C:90:F3:15:99:D1:46:18:F1:40
warning: peer certificate won't be verified in this SSL session

• Check all certificates:

root@mediacenter:/etc/puppet# puppetca --list --all
mediacenter.vnet (93:7C:65:BD:77:39:2C:90:F3:15:99:D1:46:18:F1:40)
+ puppet.vnet (7A:5B:E1:42:00:B3:C9:EE:38:10:47:9E:D2:ED:C2:8C)

• Check pending certificates (to be signed by the server)

root@mediacenter:/etc/puppet# puppetca --list
mediacenter.vnet

• Sign mediacenter.vnet certificate

root@mediacenter:/etc/puppet# puppetca --sign mediacenter.vnet
notice: Signed certificate request for mediacenter.vnet

• Now all certificates are signed. Pay attention to the plus (+) symbol

root@mediacenter:/etc/puppet# puppetca --list --all
+ mediacenter.vnet (B3:87:0C:F5:05:00:29:76:07:B5:1C:D1:2B:DA:20:12)
+ puppet.vnet (7A:5B:E1:42:00:B3:C9:EE:38:10:47:9E:D2:ED:C2:8C)

• At this moment some test can be performed. from: Installing Puppet On Ubuntu.

• Create the file /etc/puppet/manifests/site.pp

1. Create “/tmp/testfile” if it doesn’t exist.

class test_class {
   file { "/tmp/testfile":
      ensure => present,
      mode   => 644,
      owner  => root,
      group  => root
    }
}
 
# tell puppet on which client to run the class
node mediacenter {
    include test_class
}

• On the client run puppetd in verbose mode (-v) and only once (-o).

puppetd -v -o

• Then you will see in the logs the following:

mediacenter puppet-master[4620]: Compiled catalog for mediacenter.vnet in environment production in 0.02 seconds
mediacenter puppet-agent[5271]: Caching catalog for mediacenter.vnet
mediacenter puppet-agent[5271]: Applying configuration version '1313132026'
mediacenter puppet-agent[5271]: (/Stage[main]/Test_class/File[/tmp/testfile]/ensure) created
mediacenter puppet-agent[5271]: Finished catalog run in 0.06 seconds

• Check is the file has been created:

ls -l /tmp/testfile
-rw-r--r-- 1 root root 0 ago 13 18:53 /tmp/testfile

• Now that all is running OK, configure the puppet agent to start on boot by modifying /etc/default/puppet

# Defaults for puppet - sourced by /etc/init.d/puppet
 
# Start puppet on boot?
START=yes
 
# Startup options
DAEMON_OPTS=""

• Start puppet client

/etc/init.d/puppet start

Now, you can start playing with puppet master and client in the same host. Have fun!

Special thanks to madduck for sharing his time and knowledge!.

Finally I decided to move on with WordPress and with the help of Misterpah‘s Mambo Importer plug-in at least half of the work was already done. Although some manual work has to be done (recreating path’s, images, etc)

Special thanks to Misterpah for sharing his knowledge and time!

P.S.: Starting from today all (or at least almost) news posts/pages will be written in English.

One week doing Yoga, meditation,enjoying Jose’s vegetarian food, learning and practicing. And a very important thing: One week without computers.

And… of course I got my diploma

El comando a usar es el ffmpeg y según los parámetros lo podremos usar para convertir de unos ficheros a otros:

• Convertir ogg a mp3 (ogg2mp3/oggtomp3)

ffmpeg -i nombre.ogg nombre.mp3

• Convertir m4a a mp3 (m4a2mp3/m4atomp3)

ffmpeg -i nombre.m4a nombre.mp3

Si queremos convertir todos los ficheros que hay en un directorio podremos usar el siguiente script:

for i in * ; do ffmpeg -i $i $i.mp3 ; done

Luego para normalizar el nombre usaremos el comando rename:

rename 's/.m4a//' *.m4a.mp3

Esto significa que con un solo script se añade la funcionalidad de “Marcar como Spam”  o bien “No es Spam”  que tienen algunos de los mas famosos webmails gratuitos Gmail, Yahoo, etc . Y por supuesto que SpamAssasin aprenda de ello  para todas las cuentas de todos los dominios que tengamos alojados. Eso si, siempre que la empresa de alojamiento este basada en cPanel.

El script lo hice en la lengua de Benny Hill pero es auto explicativo:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

#!/bin/sh
# InstruirSpamAssassin.sh
# TEACH YOUR SPAMASSASSIN script for cpanel (www.bluehost.com in this case) hosting accounts
# This script teach your SPAMASSASIN daemon with HAM and SPAMUNCAUGTH from all the emails accounts of all your domains
 
#"THE BEER-WARE LICENSE" (Revision 42):
#Juan Sierra Pons wrote this file. As long as you retain this notice you
#can do whatever you want with this stuff. If we meet some day, and you
#think this stuff is worth it, you can buy me a beer in return.
#Juan Sierra Pons - juan [at} elsotanillo {dot] net
#http://www.elsotanillo.net/
#Original beerware license is due to Poul-Henning Kamp.
 
#SPAMASSASSIN CONFIGURATION
#1.- Turn On Spamassasin: cPanel->Email Manager->Spam Assassin-> "Enable Spam Assassin"
#2.- Turn on Bayes (auto learning for SA) "Configure Spam Assassin" -> check the box for "use-bayes".
 
#HOW TO SET UP USERS' EMAIL ACCOUNT
#### always use the same name for HAM and UnCaughtSpam for all yours users
# 1.- Create one folder for SPAMHAM
# 2.- Create one folder for SPAMUNCAUGTH
 
#USERS' INSTRUCTIONS
# 1.- Move all your UnCaughtSpam messages to your UnCaughtSpam folder
# 2.- Move all your HAM messages to your HAM folder
 
#HOW TO USE THIS SCRIPT:
# 1.- Fill the LOGIN variable
# 2.- Fill the SPAMHAMDIRECTORY variable
# 3.- Fill the SPAMUNCAUGTH variable
# 4.- Run this script using the crontab daemon once a day for example
# 5.- After you check all is running ok for you, you can comment LOGSALEARN and LOGDEBUG lines
 
########################## Variables ###########################
LOGIN="logincpanel"
SPAMHAMDIRECTORY="SpamHam"
SPAMUNCAUGTH="SpamNoCogido"
### uncoment next line if you want to run sa-learn in verbose mode
#LOGSALEARN="-D"
### LOGDEBUG=0 if you wan to see which accounts are being checked - only for debugging pourposes
LOGDEBUG=0
### MOVESPAMHAMMESSAGES=0 if you want to move SPAMHAM messages to each INBOX directory after teach your spamassasin
MOVESPAMHAMMESSAGES=1
### CLEANSPAMUNCAUGTHMESSAGES=0 if you want clean SPAMUNCAUGTH directory after teach your spamassassin
CLEANSPAMUNCAUGTHMESSAGES=1
################################################## ##############
for i in /home/$LOGIN/mail/*/*
do
##### Teach SpamAssassin with HAM messages from SPAMHAM directory
if [ $LOGDEBUG = 0 ] ;then echo ===== Checking $i/.$SPAMHAMDIRECTORY ========================== ; fi
if test -d $i/.$SPAMHAMDIRECTORY/new; then nice -n 19 sa-learn $LOGSALEARN --ham --dir $i/.$SPAMHAMDIRECTORY/new; fi
if test -d $i/.$SPAMHAMDIRECTORY/cur; then nice -n 19 sa-learn $LOGSALEARN --ham --dir $i/.$SPAMHAMDIRECTORY/cur; fi
##### move SPAMHAM messages to each INBOX directory
if [ $MOVESPAMHAMMESSAGES = 0 ]
then mv $i/.$SPAMHAMDIRECTORY/new/* $i/new ;mv $i/.$SPAMHAMDIRECTORY/cur/* $i/cur
fi
##### Teach SpamAssassin from SPAMUNCAUGTH directory
if [ $LOGDEBUG = 0 ] ;then echo ===== Checking $i/.$SPAMUNCAUGTH ========================== ; fi
if test -d $i/.$SPAMUNCAUGTH/new; then nice -n 19 sa-learn $LOGSALEARN --spam --dir $i/.$SPAMUNCAUGTH/new; fi
if test -d $i/.$SPAMUNCAUGTH/cur; then nice -n 19 sa-learn $LOGSALEARN --spam --dir $i/.$SPAMUNCAUGTH/cur; fi
##### Clean SPAMUNCAUGTH directory
if [ $CLEANSPAMUNCAUGTHMESSAGES = 0 ]
then rm $i/.$SPAMUNCAUGTH/new/*;rm $i/.$SPAMUNCAUGTH/cur/*
fi
done

Si el LOGDEBUG esta activado, el script devolvera algo asi:

===== Checking /home/bluehostlogin/mail/elsotanillo.net/user1/.SpamHam ==========================
===== Checking /home/bluehostlogin/mail/elsotanillo.net/user1/.SpamNoCogido ==========================
===== Checking /home/bluehostlogin/mail/elsotanillo.net/user2/.SpamHam ==========================
Learned tokens from 0 message(s) (0 message(s) examined)
Learned tokens from 0 message(s) (0 message(s) examined)
===== Checking /home/bluehostlogin/mail/elsotanillo.net/user2/.SpamNoCogido ==========================
Learned tokens from 0 message(s) (0 message(s) examined)
Learned tokens from 3 message(s) (3 message(s) examined)
===== Checking /home/bluehostlogin/mail/elsotanillo.net/user3/.SpamHam ==========================
===== Checking /home/bluehostlogin/mail/elsotanillo.net/user3/.SpamNoCogido ==========================
===== Checking /home/bluehostlogin/mail/elsotanillo.net/user4/.SpamHam ==========================
===== Checking /home/bluehostlogin/mail/elsotanillo.net/user4/.SpamNoCogido ==========================
===== Checking /home/bluehostlogin/mail/the10thfloor.net/user1/.SpamHam ==========================
===== Checking /home/bluehostlogin/mail/the10thfloor.net/user1/.SpamNoCogido ==========================

Una vez que este todo funcionando ya puedes desactivar el modo DEBUG.

Recuerda el tipo de licencia!

¿Te importa que fume?

Cuando hice la fiesta de inauguración de la casa prepare un cartel. Se puede poner en la puerta de la galería o del balcón y por ahora tiene un 100% de efectividad. 

El modelo del cartel lo saque de www.openclipart.org un fantástico repositorio de imágenes y editandolo un poco  con inkscape quedo algo así:

Cartel domestico para sala de fumadores.

• Cartel Domestico Para Sala De Fumadores en formato PDF
• Cartel Domestico Para Sala De Fumadores en formato editable SVG.