kk's blog

How to set up a mail server on a GNU / Linux system

2011-03-27T13:16:00.001+08:00

How to set up a mail server on a GNU / Linux system

Editions
List of different versions of this document.
Introduction
Brief description of this document.
Aim
Research
Donate
Software
Which software packages are we using and why.
Installation
How to install all packages and which ones.
Distrobution
Base Install
Repositories
Packages
Configuration
Post install, what to configure for each section, with full command examples.
Firewall (Shorewall)
MTA (Postfix)
Database (MySQL)
Pop/IMAP (Courier)
Content Checks (amivisd-new)
Anti-Spam(SpamAssassin)
Anti-Virus (ClamAV)
Policy Check (PostGrey)
Authentication (SASL)
Encryption (TLS)
Webmail (SquirrelMail)
Administration (phpMyAdmin)
Data
Creating the basic stub of data, and how to add your own.
Add users and domains
Common SQL
Test
Testing and troubleshooting each element.
Common problems
Test strategy
Switch debug on
Tail, tail and tail again
Telnet is your friend
Can postfix receive?
Can postfix send?
Can courier read?
Initialize
If receiving an already setup machine, a list of actions to do to initialize and configure it.
Extend
Post working system, detailed instructions on optional features to add.
Remote MX mail backup
Relay recipient lookup
Local file backup
Sender ID & SPF
Spam Reporting
White/Black lists
PGP & S/MIME
Relocation notice
Pop-before-SMTP
Auto Reply
Block Addresses
Throttle Output
Mail Lists
Admin software
Google Apps / GMail
Maildrop, spam folder and vacation messaging
Roundcube webmail client
Elastic Compute Cloud (ec2)
Amazons' hosting service. Used as examples for this howto.
Impressions of EC2
ec2 introduction, tips and hwotos
Using EC2 with this howto
Amazon EC2 Images: AMIs
EC2 Links
Appendix
About author
Contact
Why
References
Software Links
Difference between Ubuntu versions
Download
Todo
Change Log
FAQ

Return to top.
Editions
Edition State Started Updated Description
1st Released (outdated) 2004-01 2004-02 Based on Mandrake 9.1.
2nd Released (outdated) 2004-02 2004-07 Based on Mandrake 10.x, but valid for all distributions. Very thorough. Includes package description, where to get the sources and binaries, how to build them or which RPMs to use, includes many refrences, etc etc. Starts off with a basic working server, then advances, extends and tightens it in stages.
3rd Released (outdated) 2005-05 2005-11 Based on Ubuntu 5.04, Hoary Hedgehog. More concise simplified guide to get an advanced server working quickly. Now includes SASL & TLS integration.
4th Released (outdated) 2005-10 2005-12 Based on Breezy Badger, Ubuntu 5.10. Includes Postgrey
5th Released (outdated) 2006-05 2006-11 Based on Dapper Drake, Ubuntu 6.06 LTS.
6th Scrapped 2006-11 2007-10 Was to be based on Edgy Eft, Ubuntu 6.10 or 7.04. include Domain Key signing. include my mail admin or my catchall aliases admin.
7th Released 2008-04 2009-06 Updated, based on Ubuntu 8.04 LTS Hardy Heron. Using Amazon EC2 as example. (Tested with 8.10 & 9.04 as well)
8th Released (superseeded) 2009-05 2009-11 Based on Ubuntu 8.10 (intrepid), then tested with 9.04 (jaunty) & 9.10 (karmic) as well. Using official Ubuntu ec2 as examples.
9th Released (superseeded) 2009-11 2010-05 Based on Ubuntu 9.10 (karmic) using Canonical's cloud images. Added Roundcube webmail option.
10th (this) Released 2009-12 2010-12 Based on Ubuntu 10.04 LTS (lucid) using Canonical's cloud images. Tested on 10.10 (maverick)
11th draft 2010-11 2011-02 Based on Ubuntu 10.10 (maverick) or 11.04 (natty) using Canonical's cloud images.
Further details available in the change log and below in the introduction.
Return to top.
Introduction
Aim
This is a step by step howto guide to set up a mail server on a GNU / Linux system. It is easy to follow, but you end up with a powerfull secure mail server.
The server accepts unlimited domains and users, and all mail can be read via your favourite clients, or via web mail.
It is secure, traffic can encrypted and it will block virtually all spam and viruses.
Return to top.
Research
Dont take my word for it! Research others opinions and methods. Look at my references, look at Postfix.org's howtos, read the excellent books available (E.g. Kyle's or Hildebrandt's), search the web or read the proper documentation.
If you refer to this howto in your own document, or find useful links, then let me know.
Donate
If you found this howto very useful, spread the word and help others?
If this howto was exceptionally useful why not donate me some beer money?
Or buy a postfix book using my amazon affiliate links further down?
Or buy a t-shirt from my t-shirt shop?
Otherwise send me a Thank You note?

UK

US

EU

Return to top.
Software

What software packages have/will I use and why.
OS: Ubuntu Linux
www.ubuntu.com
Ah the age old distro argument... Thankfully this set up should work on most distros. I used to base this howto on Mandrake(now Mandriva), and I started this new edition on a Gentoo box. But I don't have the patience for Gentoo, nor the money to stay with Mandriva Power editions. Why Ubuntu? Its free, simple and slick. As Ubuntu is derived from debian the installations used here will be apt-get based. Please refer to my other editions for details on RPM or source based installations.
MTA: Postfix
www.postfix.org
Simple, free and slick. Yup I am a sucker for anything that works easily. Postfix is powerfull, well established, but not too bloated, and is security concious from the start.
Pop/IMAP: Courier IMAP
www.courier-mta.org/imap/
My first mail server installtion was with Courier. I have not found a reason to change this as again it is simple, and free.
Database: MySQL
www.mysql.com
Although I use Firebird for my application development, (or Hibernate/C-JDBC hybrids), MySQL is well supported for the sort of lookups required in a mail server.
Content Check: Amavisd-new
www.ijs.si/software/amavisd/
Easy plug in solution for spam, virus checking etc.
Anti-Spam: SpamAssassin
spamassassin.apache.org
Powerfull renowned spam fighting tool.
Anti-Virus: ClamAV
www.clamav.net
Free virus scanner that can be trusted and includes update daemon.
Authentication: Cyrus SASL
www.imc.org/ietf-sasl/
Secure and trusted crypthography technology for authentication of SMTP traffic.
PostGrey
isg.ee.ethz.ch/tools/postgrey/
Postgrey is an excellent little script to stop 99% of all spam. All it does is on first contact for specific from-to combinations, tells the sender server to try again in a little while, which most spammers cant afford to do. When proper servers try again after a few minutes it lets it through.
Encryption: TLS
www.ietf.org/html.charters/tls-charter.html
Secure and trusted crypthography technology for encryption of SMTP traffic. Not too be confused with client encryption technology like GnuPG and S/MIME. They are covered in the extend section. Formerly referenced as SSL.
WebMail: SquirrelMail or Roundcube
www.squirrelmail.org
Easy to set up php based web mail client. Extensive plugin selection.
www.roundcube.net
Ajaxified prettier web mail client. Not quite as solid as SquirrelMail.
Platform: Amazon ec2
aws.amazon.com/ec2
This guide can be installed locally, co-located or in the cloud.
My preference is ec2, and I provide ec2 based examples, however it makes no difference where you install your mail server.
Please see software links appendix for further information about these software packages. In that section there is more links to documentation or forums, and viable alternatives, downloadable packages, versions details etc.
Further software and tweaks are discussed in the extension section.
Also review other peoples opinion on these packages via my references.
Return to top.
Installation
Distrobution
Base Install
Repositories
Packages

Distribution
This section is different for every distribution and for every version.
This howto is based on Ubuntu and its base of debian which uses apt-get. Therefor this section uses apt packages to its fullest.
For other installation method please refer to previous edition's software links and your own distribution for the documention for other ways of installing. My 2nd edition(outdated) has instructions for Mandriva, general RPM and tarball compiling.
To follow the rest of this howto with another distrobution, you need to ensure all your packages have been installed with the same modules, E.g MySQL lookup on postfix and sasl, php in apache etc.
I have set up mail servers using the 32bit and 64bit x86 platforms, and if all the packages are available then other, E.g. Mac platforms should work too.
Base Install
With installing Ubuntu you have a choice of which base system to install. You may choose server or desktop image or very basic setups. I will assume a server install, but it should not differ.
Or if you have chosen an ec2 based server, you can:
Base it on a Canonical image
Apply my ec2 Ubuntu server suggestions
Use my prebuilt ec2 public images for this postfix mail server
Ps. Please note that after a while Ill stop specifying the use of sudo, as it is up to yourselves if you use it or use a priviliged user, e.g. root.
Repositories
For assistance with repositories, refer to this article on ubuntu's wiki.
A previous edition discussed repository configuration in more detail.
But basically for this you need main and universe, and I also throw in the other "safe" ones: restricted and multiverse (and partner, when available).
sudo vi /etc/apt/source.list
If main and universe already is listed, this is a quick find and replace to add the others all over:
:%s/main un/main restricted multiverse un/g
As mentioned in the previous edition you also might want to find a repository closer to your server.
Packages
You need to install a whole bunch of packages. We will install them bit by bit. But first check your package sources are correctly pointing to main multiverse restricted universe repositories of your current Ubuntu version.
sudo vi /etc/apt/sources.list
Secondly update your current system:
sudo aptitude update
sudo aptitude safe-upgrade
MySQL
First we'll install MySQL
sudo aptitude install mysql-client mysql-server
This will prompt you for a root password. Choose someting wise and remember it! For purpose of this tutorial I will set it to rootPASSWORD
Postfix
Then we'll install postfix
sudo aptitude install postfix postfix-mysql
This will prompt you to choose type of email server. Select internet site It will also suggest a server name. Correct this if needed.
SASL
sudo aptitude install libsasl2-modules libsasl2-modules-sql libgsasl7\
libauthen-sasl-cyrus-perl sasl2-bin libpam-mysql
ClamAV
sudo aptitude install clamav-base libclamav6 clamav-daemon clamav-freshclam
(Earlier vesions of Ubuntu may use libclamav5)
Amavis, SpamAssassin, postgrey
sudo aptitude install amavisd-new
sudo aptitude install spamassassin spamc
sudo aptitude install postgrey
SquirrelMail
sudo aptitude install squirrelmail squirrelmail-locales php-pear php5-cli
phpMyAdmin
sudo aptitude install phpmyadmin
Enter Yes to set it up, enter root mysql password, enter a phpmyadmin mysql user password twice. Accept apache2 as the web server.
ShoreWall
sudo aptitude install shorewall-common shorewall-perl shorewall-doc
# for earlier ubuntu versions use package shorewall instead
Amazon provides a firewall/ access control for its servers, so not always needed then, but nice to have. And in all others situations; a must have.
Courier
sudo aptitude install courier-base courier-authdaemon courier-authlib-mysql \
courier-imap courier-imap-ssl courier-ssl
will prompt you about webdirectories. You can say no to this. It will also warn you about the certificate location. Ignore it.
Extras
I also install a few other packages that I personally prefer. But nothing todo with the mail server.
sudo aptitude install vim mutt lynx
Package status
To find out which packages you may have installed, you can use for example:
sudo dpkg --list | grep postfix
or
sudo aptitude search postfix
EC2 Bundle
My AMI flurdy-amis/ubuntu-mail-server-clean is based on Canonical's official Ubuntu with these basic mail server packages installed.
Return to top.
Configuration
Core/Simple
Firewall (Shorewall)
MTA (Postfix)
Database (MySQL)
Pop/IMAP (Courier)
Advanced
Content Checks (amivisd-new)
Anti-Spam(SpamAssassin)
Anti-Virus (ClamAV)
Policy Check (PostGrey)
Secure
Authentication (SASL)
Encryption (TLS)
Webmail (SquirrelMail)
Administration (phpMyAdmin)
Simple mail server
Now lets configure a simple mail server using some of the packages installed.
Firewall
Shorewall
Not essential for an EC2 image. It is essential for a normal server. UFW is bundled with recent Ubuntu distributions, but I still prefer Shorewall for servers.
Basically at first you want to only allow SSH. Then SMTP and IMAP from your IP only.
When you are confident that the mail server is secure, you can open SMTP to the world. If you prefer you can also open IMAP to the world, unless you have a very small client IP range.
Later you may open web access to the webmail and admin gui. This you may also restrict to specific IPs.
SSH only
By default Shorewall in Ubuntu has an empty set up. You can find the default values for Shorewall in /usr/share/doc/shorwall-common/default-config. And examples in /usr/share/doc/shorwall-common/examples. We will create a basic set up.
First configure which network adapters we are accessing the net.
cp /usr/share/doc/shorewall-common/default-config/interfaces /etc/shorewall/
vi /etc/shorewall/interfaces
net eth0 detect dhcp,tcpflags,logmartians,nosmurfs
Then we will configure network zones
cp /usr/share/doc/shorewall-common/default-config/zones /etc/shorewall/
vi /etc/shorewall/zones
Add the firewall if not there and the internet as a zone.
fw firewall
# loc ipv4
net ipv4
Then if needed to specify hosts you can do it in this file. E.g. If you wanto specify what is your home IP etc.
cp /usr/share/doc/shorewall-common/default-config/hosts /etc/shorewall/
vi /etc/shorewall/hosts
# loc eth0:192.168.0.0/24
Then set what is the default policy for firewall access.
cp /usr/share/doc/shorewall-common/default-config/policy /etc/shorewall/
vi /etc/shorewall/policy
$FW net ACCEPT
net $FW DROP info
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
For safety in case it goes down.
cp /usr/share/doc/shorewall-common/default-config/routestopped /etc/shorewall/
vi /etc/shorewall/routestopped
eth0 0.0.0.0 routeback
You may put in a netmask of your ip range if you are more concerned.
Now for the main firewall rules. You can find predetermined macro rules for Shorewall in /usr/share/shorewall.
cp /usr/share/doc/shorewall-common/default-config/rules /etc/shorewall/
vi /etc/shorewall/rules
SSH/ACCEPT net $FW
Open for business
Once your server is working come back to this step and open up SMTP and Web access to others.
vi /etc/shorewall/rules
Ping/ACCEPT net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp

# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW

#web
Web/ACCEPT net $FW
Firewall configuring is always risky business, as it is easy to lock yourself out. To test the setup syntax, run
shorewall check
Restart it with
/etc/init.d/shorewall restart
Then to switch it on during boot:
vi /etc/default/shorewall
startup=1
For more details on IP Tables and Shorewall, look up its website.
Return to top.

MTA
Postfix
You should put the name of your server in this file
sudo vi /etc/mailname
Could be something like smtp.domain.name, where domain name obviously is replaced with your domain name.
Now will open the main postfix configuration file:
sudo vi /etc/postfix/main.cf
Debian and Ubuntu already puts in some sensible default values in this file. You may need to comment some of them out if we put the same in as well.
First specify the name of your server.
# This is already done in /etc/mailname
#myhostname= mail.example.com
Next is the origin which is the domain appended to email from this machine, this can be your full servername, or domain name.
# myorigin=/etc/mailname
myorigin=example.com
Then decide what the greeting text will be. Enough info so it is useful, but not divelge everything to potential hackers.
smtpd_banner = $myhostname ESMTP $mail_name
Next you need to decide whether to send all outgoing mail via another SMTP server, or send them yourself. I send via my ISP's server, so it has to worry about the queing etc. If you send it yourself then you are not reliant on 3rd party server. But you may risk more exposure and accidentally be blocked by spam blockers. And it is more work for your server. Also many servers block dynamic dns hosts, so you may find your server gets rejected. However choose whichever you are comfortable with.
# leave blank to do it yourself
relayhost =
# or put it an accessible smtp server
relayhost = smtp.yourisp.com
Next is network details. You will accept connection from anywhere, and you only trust this machine
inet_interfaces = all
mynetworks_style = host
Next you can masquerade some outgoing addresses. Say your machine's name is mail.domain.com. You may not want outgoing mail to come from username@mail.example.com, as you'd prefer username@example.com. You can also state which domain not to masquerade. E.g. if you use a dynamic dns service, then your server address will be a subdomain. You can also specify which users not to masquerade.
# masquerade_domains = mail.example.com www.example.com !sub.dyndomain.com
# masquerade_exceptions = root
As we will be using virtual domains, these need to be empty.
local_recipient_maps =
mydestination =
Then will set a few numbers.
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
Now we can specify some restrictions. Be carefull that each setting is on one line only.
# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining
Further restrictions:
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes
Next we need to set some maps and lookups for the virtual domains.
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf
You can (as in my older editions) use a lookup for the uid and gid of the owner of mail files. But I tend to have one owner(virtual), so instead add this:
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
You need to set up an alias file. This is only used locally, and not by your own mail domains.
sudo cp /etc/aliases /etc/postfix/aliases
# may want to view the file to check if ok.
# especially that the final alias, eg root goes
# to a real person
sudo postalias /etc/postfix/aliases
Next you need to set up the folder where the virtual mail will be stored. This may have already been done by the apt-get. And also create the user whom will own the folders.
# to add if there is not a virtual user
sudo mkdir /var/spool/mail/virtual
sudo groupadd --system virtual -g 5000
sudo useradd --system virtual -u 5000 -g 5000
sudo chown -R virtual:virtual /var/spool/mail/virtual
Note: If using Amazon ec2 you may want to move the mail spool to /mnt or an EBS location. You will need to symlink correctly afterwards.
Return to top.
Postfix's MySQL configuration
Next we need to set up the files to access the lookups via the database. We will only set up a few now, and the rest later when/if needed:
Edit(create) how to find the users mailbox location
sudo vi /etc/postfix/mysql_mailbox.cf
user=mail
password=mailPASSWORD
dbname=maildb
table=users
select_field=maildir
where_field=id
hosts=127.0.0.1
additional_conditions = and enabled = 1
Create how to find the email alias:
sudo vi /etc/postfix/mysql_alias.cf
user=mail
password=mailPASSWORD
dbname=maildb
table=aliases
select_field=destination
where_field=mail
hosts=127.0.0.1
additional_conditions = and enabled = 1
Create how to find the domains:
sudo vi /etc/postfix/mysql_domains.cf
user=mail
password=mailPASSWORD
dbname=maildb
table=domains
select_field=domain
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
If you specify an ip in hosts, (as opposed to 'localhost') then it will communicate over tcp and not the mysql socket. (chroot restriction). Ps. remember to replace the passwords with your chosen mail user password.
Return to top.

Database
MySQL
Now we will need to create the tables for thos lookups just specified. First you need to create a user to use in MySQL for mail only. Then you need to create the database, Take note of your chosen mail username and password. You will need the password you specified for root during MySQL package installation.
# If not already done (in package installation)...
mysqladmin -u root password new_password
# log in as root
mysql -u root -p
# then enter password for the root account when prompted
Enter password:
# then we create the mail database
create database maildb;
# then we create a new user: "mail"
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'localhost' IDENTIFIED by 'mailPASSWORD';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'%' IDENTIFIED by 'mailPASSWORD';
exit;
Obviously replace mailPASSWORD with your chosen password!
Then you will need to create these tables:
aliases
domains
users
We will create more later on for further extensions, but only these are relevant now.
Log in to mysql as the new mail user
mysql -u mail -p maildb
# enter the newly created password
Enter password:
Then run this commands to create the tables:
CREATE TABLE `aliases` (
`pkid` smallint(3) NOT NULL auto_increment,
`mail` varchar(120) NOT NULL default '',
`destination` varchar(120) NOT NULL default '',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`),
UNIQUE KEY `mail` (`mail`)
) ;
CREATE TABLE `domains` (
`pkid` smallint(6) NOT NULL auto_increment,
`domain` varchar(120) NOT NULL default '',
`transport` varchar(120) NOT NULL default 'virtual:',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`)
) ;
CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`)
) ;
The last few fields in the users table are not required, but useful if you extend later.
# To visualise the tables created:
describe aliases; describe domains; describe users;
# then quit mysql
exit;
Next is to edit the MySQL's my.cnf file. In Ubuntu/debian this is created by default. In Mandrake I had to manually create a blank one in /etc. But we need to configure it, so:
sudo vi /etc/mysql/my.cnf
In previous version you needed to comment out this line
#skip-networking
However in todays file the default is to bind the address to localhost, which is fine.
bind-address = 127.0.0.1
It is very useful at the start to log any SQL calls that makes it to MySQL. So enable these lines:
general_log_file = /var/log/mysql/mysql.log
general_log = 1
Then in a few weeks comment it out when everything is working, as it slows mysql down
Restart MySQL to make sure its picking up the new settings.
sudo /etc/init.d/mysql restart
Return to top.

Pop/IMAP
Courier IMAP
Please refer to previous edition for more explanations. But below is the details of what you need to change.
sudo vi /etc/courier/authdaemonrc
Change to mysql mode.
authmodulelist="authmysql"
Further down enable logging.
DEBUG_LOGIN=2
sudo vi /etc/courier/authmysqlrc
Changed user
MYSQL_USERNAME mail
Changed password to whichever you have chosen
MYSQL_PASSWORD mailPASSWORD
Changed database
MYSQL_DATABASE maildb
Changed users table
MYSQL_USER_TABLE users
Keep commented in crypt pw
MYSQL_CRYPT_PWFIELD crypt
Keep commented out clear pw
# MYSQL_CLEAR_PWFIELD clear
Added maildir
MYSQL_MAILDIR_FIELD concat(home,'/',maildir)
Added where clause
MYSQL_WHERE_CLAUSE enabled=1
Lastly you can have a look at the imapd file, but no changes is needed.
vi /etc/courier/imapd
Return to top.
Summary
You now have a basic mail server!
Before continuing to the advanced and secure mail server you must ensure the basic setup works. This will save you from loads of pain further on.
It is very easy to make typos, miss tiny steps, unclear steps or simple actual errors in this howto.
Insert stub data from data section
Apply advice from test section judicously
Ensure the mail server can receive email correctly first, then try sending.
Once you are positive the mail has been received, the mail folders have been automatically created,
only then you should test if you can actually read the emails before proceding
Ive created an EC2 bundle for this stage: flurdy-amis/ubuntu-mail-server-simple.
Return to top.

Somewhere, something went terribly wrong
Advanced mail server
Now lets extend this setup with more useful content checks , security and user interfaces.
Content Checks (Anti spam & anti virus)
Amavisd-new
Amavisd ties together all the different ways of checking email content for spam and viruses.
The defaults are pretty good and also the ubuntu documentation is pretty clear, and recommended.
Here is a tweaked version of it:
Initially we will not enable spam or virus detection! This is so we can get amavis set up to receive, check and pass on emails before we go on and over-complicate it.
All of amavis' configuration files are in /etc/amavisd. They are now spread across several files in conf.d. Debian and Ubuntu defaults are now very sensible and spread into seperate files.
cd /etc/amavis/conf.d
01-debian defaults are fine.
Have a look at
less 05-domain_id
but dont change anything in it.
Have a look at
less 05-node_id
but dont change anything in it.
Have a look at
less 15-av_scanners
but dont change anything in it.
Edit content check file
sudo vi 15-content_filter_mode
Comment out both virus and spam scans. (Default).
# #@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
# @bypass_spam_checks_maps = (
# \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
Have a look at
less 20-debian_defaults
and
less 21-ubuntu_defaults
but dont change anything in them.
25-amavis_helpers defaults are fine.
30-template-localization defaults are fine.
Edit user file
sudo vi 50-user
In the middle insert:
@local_domains_acl = qw(.);
$log_level = 2;
$syslog_priority = 'debug';
# $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
# $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 8.0; # triggers spam evasive actions
# $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$final_spam_destiny = D_PASS;
# $final_spam_destiny = D_REJECT; # default
# $final_spam_destiny = D_BOUNCE; # debian default
# $final_spam_destiny = D_DISCARD; # ubuntu default, recommended as sender is usually faked
We have now setup amavis to scan and pass along incomming email. Next we will setup postfix to talk to amavis.
vi /etc/postfix/master.cf
Append these lines to the end of the file (make sure they are not already present). (Note the -o lines have spaces in front of them.
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Also add the following two lines immediately below the "pickup" transport service:
-o content_filter=
-o receive_override_options=no_header_body_checks
and then added to main.cf
sudo vi /etc/postfix/main.cf
content_filter = amavis:[127.0.0.1]:10024
Enable scanning by ClamAV of amavis' temporary files.
sudo adduser clamav amavis
This should be it to get amavis working. If emails are picked up by amavis and passed back to postfix then it looks okay. Only when finished testing do you proced to uncomment the anti virus and anti spam lines in
sudo vi 15-content_filter_mode
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
But do that after the next section (SpamAssassin).
When things are working we will turn down logging level, and start bouncing/discarding spam.
sudo vi /etc/amavis/conf.d/50-user
@local_domains_acl = qw(.);
$log_level = 1;
$syslog_priority = 'info';
# $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
# $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 8.0; # triggers spam evasive actions
# $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
# $final_spam_destiny = D_PASS;
# $final_spam_destiny = D_REJECT; # default
# $final_spam_destiny = D_BOUNCE; # debian default
$final_spam_destiny = D_DISCARD; # ubuntu default, recommended as sender is usually faked
Return to top.
Anti-Spam
SpamAssassin
The default config of spam assassin is okay. You could refer to previous edition for more configuration options.
You do need to tell SpamAssassin to start smapd on boot.
vi /etc/default/spamassassin
ENABLED=1
One configuration option you could tweak is to enable Bayes and auto learning.
vi /etc/spamassassin/local.cf

I read your email
Return to top.

Anti Virus
ClamAV
ClamAV does not need setting up. Configuration files are in /etc/clamav, but they are automatically generated, so do not edit.
By default freshclam, the daemon that updates the virus definition database, is run 24 times a day. That seems a little excessive, so I tend to set that to once a day.
sudo dpkg-reconfigure clamav-freshclam
It will also ask if you want it to be daemon (yes) and which server is closest to you.
If needed, the command below will redefine the configuration with a lot of questions. Not needed unless you need to configure.
sudo dpkg-reconfigure clamav-base
Return to top.
Postgrey
The default config of postgrey is okay. However you need to tell Postfix to use it.
sudo vi /etc/postfix/main.cf
And then edit the recipient restrictions:
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023, permit
You can tweak whitelisting in /etc/postgrey. You can tweak postgrey configuration by tweaking /etc/default/postgrey. E.g. delay, auto whitelisting, or reject message.
POSTGREY_OPTS="--inet=10023 --max-age=365"
Return to top.
You know have an advanced mail server. You can use this, but Id recommend continuing. However this is a good point to test the set up so far and to insert some data in the db.
Ive created an EC2 bundle for this stage: flurdy-amis/ubuntu-mail-server-spam.
Return to top.

No, I will not fix your computer
Secure mail server
Stopping hackers, phishers, spammers, your boss and your neighbour from accessing your server or the traffic in between is important, and easily done.
Authentication
Normal email traffic between clients and servers are in open plain text. That includes passwords and content of emails.
SASL
SASL secures the actual authentication (login), by encoding the passwords so that it can not be easily intercepted. The rest of the emails are however in clear plain text.
SASL can be a royal pain to set up, especially as it does not support storing encrypted passwords by default in Ubuntu.
Therefor my previous editions described how to configure SASL using plain text passwords in the database.
Obviously this is not ideal, so there are ways to combine SASL and storing encrypted passwords. In the future the packages that comes with Ubuntu may support the password_format configuration option for SASL. But until then you can configure SASL to ask PAM to compare the passwords:
Install packages if not all installed already:
sudo aptitude install sasl2-bin libpam-mysql libsasl2-modules libsasl2-modules-sql
Enable postfix to access SASL files:
sudo adduser postfix sasl
Create sasl files accessibly even by chrooted Postfix:
sudo mkdir -p /var/spool/postfix/var/run/saslauthd
Add SASL configurations to Postfix:
sudo vi /etc/postfix/main.cf
# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
Modify these existing configurations:
# Add permit_sasl_authenticated to you existing smtpd_sender_restrictions
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_pipelining, permit
# Add permit_sasl_authenticated to you existing smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
Change how SASLAUTHD is run:
sudo vi /etc/default/saslauthd
# Toggle this to yes
START=yes
# Switch this to be under postfix's spool
# And add -r so that the realm(domain) is part of the username
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
Tell postfix how to interact with SASL:
sudo vi /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: mailPASSWORD
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1
(When SASL is working you can remove the log_level line.)
Tell the pam how to to authenticate smtp via mysql:
sudo vi /etc/pam.d/smtp
These must be on 2 lines only, but I have broken them up for easier to read.
auth required pam_mysql.so user=mail passwd=aPASSWORD
host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
account sufficient pam_mysql.so user=mail passwd=aPASSWORD
host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
In addition to tailing var/log/mail.log and /var/log/mysql/mysql.log it is quite usefull to tail the auth.log as well when testing SASL.
tail -f /var/log/auth.log
Restart postfix and saslauthd to enable SASL for sending emails.
sudo /etc/init.d/saslauthd restart
sudo /etc/init.d/postfix restart
Imap SASL / Courier
I tend not to have SASL for my courier authentication, as I enforce TLS for all my clients.
However if you have a more lenient access policy which is wise if you have many users, then you may want SASL in Courier as well:
sudo vi /etc/courier/imapd
This may already be avaiable as a commented out line. If not replace the current line by adding UTH=CRAM-MD5 AUTH=CRAM-SHA1 so it resembles something like this: (Again on one line)
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
sudo /etc/init.d/courier-authdaemon restart;
sudo /etc/init.d/courier-imap restart
Return to top.

Encryption
TLS
Encrypting the traffic stops anyone else listening in on your email communications. And is very recommended. There are different types of communication to encrypt: The data traffic between your email applications and the server when you read emails or when you send emails, and communication between other email servers and your server.
For the encryption of reading emails, it is Courier you need to configure. For sending, and beetwen server encryption it is Postfix.
TLS in Postfix
To encrypt you need certificates. Ubuntu creates some for you for which you can use while setting up the server. However before you go live, it is recommended to create your own with your proper domain name etc. Please refer to previous edition for more detail.
vi /etc/postfix/main.cf
There are already some TLS settings in the default debian/ubuntu version of this file. I moved these to the end, for clarity, but that is up to you.
# TLS parameters
# smtp_use_tls = no
smtp_tls_security_level = may
# smtpd_use_tls=yes
smtpd_tls_security_level = may
# smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Next we have a look at the master.cf file.
vi /etc/postfix/master.cf
By default only the normal smtp service is enabled, which is fine. But I prefer to enable submission (port 587), so that clients can use it, and I can restrict them to TLS only. Also enabled smtps service (port 465), for some compatebility with some older clients (outlook express etc).
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
# if you do not want to restrict it encryption only, comment out next line<
-o smtpd_tls_auth_only=yes
# -o smtpd_tls_security_level=encrypt
# -o header_checks=
# -o body_checks=<
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING<
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
TLS in Courier
Again Ubuntu has created a certificate for you, but if you want to create your own, especially for a properly named server, then do this.
cd /etc/courier
openssl req -x509 -newkey rsa:1024 -keyout imapd.pem \
-out imapd.pem -nodes -days 999
For more details review an earlier edition.
Then you need to edit
vi /etc/courier/imapd-ssl
By default Ubuntu already points to you certificate
TLS_CERTFILE=/etc/courier/imapd.pem
Modify this if needed.
Also you if want to restrict IMAP users to SSL/TLS only toggle this setting to 1.
IMAP_TLS_REQUIRED=1

For maximum compatability it is not wise to restrict to TLS only for the traffic between servers. As this means not all valid emails sent by others can reach your server. However enabling them the option to encrypt is a good idea.
Be aware that the emails are not encrypted on your machine, nor on the server. For this type of client encryption, please refer to previous edition for more on GnuPG.
In some situations SASL and TLS do not play well together. Those situations are in combinations of storing encrypted passwords, using MD5 authentication over encrypted traffic. I recommend, insisting on TLS traffic with your authenticating clients, which then negates the need for SASL.
You know have an advanced secure mail server. Now is another good point to test the set up so far and to insert some data in the db.
Ive created an EC2 bundle for this stage: flurdy-amis/ubuntu-mail-server-secure.
Return to top.

Webmail
Using among others the https://help.ubuntu.com/community/Squirrelmail as an updated reference.
Alternative
If you prefer the prettier Roundcube, but less powerfull (at the moment), the follow the Roundcube section in the extention section.
Enable web access
You may need to enable web access in the firewall. Check the firewall configuration if this neccessary.
You need to copy a SquirrelMail configuration to apache.
sudo cp /etc/squirrelmail/apache.conf /etc/apache2/sites-available/squirrelmail
And enable with this:
sudo ln -s /etc/apache2/sites-available/squirrelmail /etc/apache2/sites-enabled/500-squirrelmail
Or as Florent recommends, use:
sudo a2ensite squirrelmail
You may accept the default apache configuration where squirrelmail is folder in all sites. But I prefer virtual hosting. But you dont need to do these next steps.
sudo vi /etc/apache2/sites-available/squirrelmail
Comment out the alias.
# alias /squirrelmail /usr/share/squirrelmail
Uncomment the virtual settings., and insert your servers name.
# users will prefer a simple URL like http://webmail.example.com

DocumentRoot /usr/share/squirrelmail
ServerName webmail.example.com
If you have apache SSL enabled in apache, then you can also uncomment the mod_rewrite section for further security.
Reload apache to activate changes. First test if ok.
sudo apache2ctl -t
Then reload it.
sudo /etc/init.d/apache2 reload
You can now go toyourdomain.com/squirrelmail/ or mail.yourdomain.com if you chose virtual host. This should show a squirrel mail page. Log in wont work yet though.
Start configuring squirrel mail.
sudo squirrelmail-configure
Initially change nothing. You can customize more afterwards. You can browse, and exit sub menues by typing R.
Type 2 to edit server settings. Type A to edit IMAP settings.
Type 8 to edit server software. Enter courier.
courier
Now they say using TLS over localhost is a waste of time. But I do anyway. Type 7 to edit secure IMAP. Type
Y
to enable it.
Type 5 to edit IMAP port. Enter
993
Type S to save your changes. Hit Enter.
Type Q to exit.
You can now go to yourdomain.com/squirrelmail/ or mail.yourdomain.com if you chose virtual host. This should show a squirrel mail page. Log in will now work. (Except you may not have defined users, check data section. And they may not have received an email which also means you can not view any IMAP info.)
Please refer to previous edition for more detail. E.g. creating address books and user preferences.
Return to top.
Administration
Enable web access
You may need to enable web access in the firewall. Check the firewall configuration if this neccessary.
You may choose to restrict phpMyAdmin to a spefic virtual host. If so you need to, edit
sudo vi /etc/apache2/conf.d/phpmyadmin.conf
and comment out the alias.
#Alias /phpmyadmin /usr/share/phpmyadmin
And insert the alias instead into a virtual host configuration in /etc/apache2/sites-available/. For this example we are not, and for testing we keep the Alias uncommented.
Reload apache to activate changes. First test if ok.
sudo apache2ctl -t
Then reload it.
sudo /etc/init.d/apache2 reload
You can now go to http://yourdomain.com/phpmyadmin/, and login with the mail user. You can use it as it is, but I recommend securing it a bit more.
One simple way is adding apache's .htaccess login requirement.
Further restrictions can be restricting to a specific virtual host. Or renaming the folder. Purely ubfuscating, but simple.
Or using the example in the webmail section, and adding SSL requirement to the connection. Or disabel mysql root's access via phpMyAdmin.
Please refer to previous edition for example on htaccess, and mysql user restriction.
You know have a finished mail server. This is as far as the main guide goes. Hope it was clear enough to follow.
Now it is time to insert data, and to test how it works.
Feel free to extend it with my suggestions further down.
Ive created an EC2 bundle for this stage: flurdy-amis/ubuntu-mail-server-webmail.

Return to top.
Data
Add users and domains
Required domains and users
Example domains and users
Adding template
Common SQL
Add users and domains
So we got a fully set up mail server... Well no, there is no users, domains, no nothing!
Okay, first you need add some default data, some which are required, some which make sense.
Then we'll add your own users and domains.
Required domains and users
First the required domains for local mail
# Use phpMyAdmin or command line mysql
INSERT INTO domains (domain) VALUES
('localhost'),
('localhost.localdomain');
Then some default aliases. Some people say these are not needed, but I'd include them.
INSERT INTO aliases (mail,destination) VALUES
('postmaster@localhost','root@localhost'),
('sysadmin@localhost','root@localhost'),
('webmaster@localhost','root@localhost'),
('abuse@localhost','root@localhost'),
('root@localhost','root@localhost'),
('@localhost','root@localhost'),
('@localhost.localdomain','@localhost');
Then a root user.
INSERT INTO users (id,name,maildir,crypt) VALUES
('root@localhost','root','root/', encrypt('apassword') );

Domains and users
Now lets add some proper data.
Say you want this machine to handle data for the fictional domains of "blobber.org", "whopper.nu" and "lala.com".
Then say this machine's name is "mail.blobber.org".
All email to lala.com is to be forwarded to whupper.nu.
INSERT INTO domains (domain) VALUES
('blobber.org'),
('mail.blobber.org'),
('whopper.nu'),
('lala.com');

INSERT INTO aliases (mail,destination) VALUES
('@lala.com','@whupper.nu'),
('@mail.blobber.org','@blobber.org'),
('postmaster@whopper.nu','postmaster@localhost'),
('abuse@whopper.nu','abuse@localhost'),
('postmaster@blobber.org','postmaster@localhost'),
('abuse@blobber.org','abuse@localhost');
You also have two users called "Xandros" and "Vivita".
INSERT INTO users (id,name,maildir,crypt) VALUES
('xandros@blobber.org','xandros','xandros/', encrypt('apassword') ),
('vivita@blobber.org','vivita','vivita/', encrypt('anotherpassword') );

INSERT INTO aliases (mail,destination) VALUES
('xandros@blobber.org','xandros@blobber.org'),
('vivita@blobber.org','vivita@blobber.org');
You want all mail for whooper.nu to go to xandros (catchall).
INSERT INTO aliases (mail,destination) VALUES
('@whopper.nu','xandros@blobber.org');
There is also a "Karl" user, but he does want all mail forwarded to an external account.
INSERT INTO aliases (mail,destination) VALUES
('karl@blobber.org','karl.vovianda@gmail.com');
So what does each of these lines actually do? Well the domains are pretty straight forward.
The users are as well, it requires four fields. ID is the email address of the user, and also its username when loggin in, described later on. NAME is optional description of the user. MAILDIR is the name of the folder inside /var/spool/mail/virtual. It must end in a /, otherwise it wont be used as a unix maildir format. CRYPT is the encrypted text password to use.
The alises are the interesting part. Lets start from a top down view to see how emails get delivered:
Say an email arrives addressed to "john@whopper.nu".
Postfix looks up domains and say whopper.nu is an domain it listens to.
Postfix then looks up aliases and searches for a row where the mail field matches "john@whopper.nu".
None does so it next searches for "@whopper.nu", which is the way to specify catch all others for that domain.
It finds one row and its destination is "xandros@blobber.org".
It then searches for "xandros@blobber.org" and finds one, which destination is the same as the mail, therefor it is the final destination.
It then tries to deliver this mail. The look up says blobber.org is a local mail so it looks up users for a matching id and delivers it to its maildir.
Lets try "julian.whippit@lala.com".
Postfix looks up domains and it is an domain it listens to.
First lookup does not find this user, but the next finds the catchall "@lala.com". But its destination is another catchall, "@blobber.org".
This means Postfix will look for "julian.whippit@blobber.org". This address is not found either, nor is a catchall for blobber.org. Therefor this address is not valid and the message will be bounced.
Any mail arriving for "karl@blobber.org" or "karl@lala.com", gets forward to an external address of "karl.vovianda@gmail.com". So forwarding is simple. I tend to use a subdomain for all my friends addresses as easily I forget what their real addresses are, and I use different email clients all the time.
I also added the required aliases of postmaster and abuse to blobber.org and whopper.nu. The catchall for lala.com means they are not required for that domain.
Another useful alias to add is root, as often you get admin mail from e.g cron jobs within those domains etc. Other often used aliases are info, sysadmin, support, sales, webmaster, mail, contact and all. But they are also honeypots for spam, so just include the ones you think you will need.
Adding template
So to add a new domain to the system, You do this, replacing the italics with relevant data:
INSERT INTO domains (domain) VALUES ('domain.tld');
INSERT INTO aliases (mail,destination) VALUES
('@domain.tld','email@address'),
('postmaster@domain.tld','email@address'),
('abuse@domain.tld','email@address');
And to add a new user to the system, do this:
INSERT INTO users (id,name,maildir,clear) VALUES
('email@address','short description','foldername/',encrypt('password') );
INSERT INTO aliases (mail,destination) VALUES
('email@address','email@address');
Return to top.
Common SQL
A selection of useful sql statements, if you are not using an admin/manager program to maintain your email domains and users.
Find domains without a catchall
#Remember some might be disabled
SELECT dom.domain
FROM domains dom
LEFT JOIN aliases al
ON CONCAT( '@', dom.domain ) = al.mail
WHERE al.mail is null
OR al.enabled = 0
ORDER BY dom.domain ASC
Find aliases for an invalid domain
SELECT al.*
FROM aliases al
LEFT JOIN domains dom
ON dom.domain = SUBSTRING(al.mail,LOCATE('@',al.mail)+1)
WHERE dom.domain is null
OR dom.enabled = 0
ORDER BY al.mail ASC
Find all non local destination aliases
SELECT al.*
FROM aliases al
LEFT JOIN domains dom
ON dom.domain = SUBSTRING(al.destination,LOCATE('@',al.destination)+1)
WHERE dom.domain is null
ORDER BY al.enabled, al.destination ASC, al.mail ASC
Find all aliases for a certain domain
SELECT al.*
FROM aliases al
WHERE SUBSTRING(al.mail,LOCATE('@',al.mail)+1) = 'domain.tld'
ORDER BY al.enabled, al.mail ASC
Find all aliases for a certain domains, checking if enabled for both domain and alias
select *
from domains d
join aliases a
on a.mail like concat( '%','@',d.domain)
and a.enabled = 1
where d.enabled = 1
and d.domain like '%foobar%'
order by d.domain,a.mail
Return to top.
Test

Common problems
Test strategy
Tail, tail and tail again
Switch off services
Switch debug on
Telnet is your friend
Can postfix receive?
Can postfix send?
Can courier read?
Common problems
Missed a step
If you mistakenly or intentially skipped past sections, you may have missed an important step in your configuration, which my guide pressumes you have followed.
Typo
99% of all problems is spelling errors or typos you entered while following this guide. Sorry, but it just happens. Often it can be trivial, such as a space at the end of the configuration line which was not expected etc. Or not understanding my example where it is a multi line entry.
Typo by me
Yes, I make a lot of mistakes. Nothing wrong in that, but I hope I have corrected most over time. Any new sections are however at risk... :)
Different application or configurations
It is obviously entirely up to you how you set up your system. But the more you deviate from this guide, the more likely incompatibilties or confusion will arrise.
Distrobution/version differences
If you run a different version or even distrobution to this guide, then some things will be different. Small issues, such as default values and significant things such as path differences etc. Some sections in this guide are not always thouroughly tested with every new release of Ubuntu, but these differences gets pointed out by people for me.
Walking before crawling
Don't try the full blown mail server before the basics are working.
Gamma rays and little goblins
Got to blame it on something or someone.
Return to top.

Test strategy
What steps to think of when testing.
Test early and frequently
It is very helpfull to test early in this set up, to establish if the first sections are working as expected.
So when you only have your very basic postfix and mysql up: Test it!
That way you know that bit worked and can rule it out of any future problems.
Don't wait till you complicated and mudded the water after amavis, courier etc is added.
By constantly testing if you can send and receive you can tick off and black box each section as working, and immidietly spot issues.
Isolate the problem
Testing how things work is often about isolating the problem first. So by using the steps of testing early above, you can see which step caused the problem.
Also if you can't log into your webmail it is often nothing to do with the webmail section that is causing the problem. Often postfix itself is broken etc.
Test in order
As part of the isolating the problem rule, you most of the time test in order, and test each section thus isolating the problem. This would then quickly isolate the problem when e.g. such as above issues of reading emails via the webmail. This would be in order:
Access: Can I get(ssh) to the box, and is there a firewall issue?
Database: Is the database up, do my application reach it?
Postfix: Can I send email by command line, do I receive emails via telnet?
Content checks: Do they cause a problem?
Courier: Can I read emails?
Webmail: And last but not least does the web integration work?
Simplify the system
Assisting in isolating the problem, you often have to disable options and applications. Such as turn of postgrey or content checks to make sure emails to get delivered.
Previous editions do have some more detail on how to achieve this
Return to top.

Tail, tail and tail again
Essential to monitor what actually happens, and tailing specifically the mail and mysql log.
/var/log/system.log
/var/log/mail.log
/var/log/mysql.log
/var/log/apache2/access.log
In one window:
tail -f /var/log/mail.log
And in another window:
tail -f /var/log/mysql.log
In a third or more do your actual configuration or testing.
Return to top.

Switch off services
previous edition 1
previous edition 2
The previous editions has detail on switching services off untill time to test them.
It also details locking down your server from spammers untill finished testing.
Return to top.

Switch debug on
Shorewall
You can also switch on more messages for when the firewall is rejecting connections. Add info to all REJECT, BOUNCE and DROP policies.
sudo vi /etc/shorewall/policy
such as:
net all DROP info
MySQL
There is no point in tailing the mysql log if query debugging is not turned one.
By default it is not. However in this guide I do switch it on, in case that was missed switch it on now:
sudo vi /etc/mysql/my.cnf
Make sure this is not commented out
log = /var/log/mysql/mysql.log
Courier
As mentioned in the setup , switching on debugging for Courier is easy:
sudo vi /etc/courier/authdaemonrc
DEBUG_LOGIN=2
Amavis
You can also debug amavis:
sudo vi /etc/amavis/conf.d/50-user
And perhaps bump it up if already debugging:
$log_level = 2;
Return to top.

Telnet is your friend
When testing a mail server, telnet is alpha & omega. You use it to simulate real mail servers to test responses by your mail server.
First you test it on the server to exclude firewall and network issues.
Then you test it from another machine to simulate an actual other mail server.
Once these are working you can use proper email clients, however 99% I just use mutt locally when I need to test if a server is working.
Return to top.

Can postfix receive?
Lets assume:
You have followed my guide up to basic configuration at least
You have entered data into the database
The services MySQL and Postfix are running.
If testing a fuller stack, then amavis, postgrey, clamav-daemon, spamassassin etc must also be running.
Try this locally on the server first, then try from another machine once it is working locally.
Lets try and send a message to xandros@example.org (replace with your own user in this setup, or use postmaster@localhost) from you@example.com (again replace with a real email address you use that is not associated with this server.)
telnet localhost 25
# Open the hand shake with ehlo and the server name you are connecting from...
# Change mail.example.com to something valid eg your servername
EHLO mail.example.com
# The mail server will then dump out some details about its capabilities, e.g.
>250-mail.flurdy.net
>250-PIPELINING
>....
>....
# then say who is the sender of this email
MAIL FROM:
> 250 Ok
# then say who the mail is for
RCPT TO:
> 250 Ok
# then enter the keyword data
data
> 354 End data with .
# enter message bodyand end with a line with only a full stop.
blah blah blah
more blah
.
> 250 Ok; queued as QWKJDKASAS
# end the connection with
quit
> 221 BYE
If while you were doing this you were tailing the /var/log/mail.log you would see some activities and if any errors occured. (You should probably get some complaints about missing headers as we skipped most...)
If while you were doing this you were tailing the /var/log/mysql.log as well you really should have seen some activity otherwise you have a problem.
If you see any errors (or worse no activity) in these log files, this is what you need to fix! For common problems and solutions check the previous edition.

However if no errors popped up, and the folder /var/mail/virtual/xandros now exists then your server can receive emails!
Return to top.

Can postfix send?
You need to make sure you can first receive emails as above
The services MySQL and Postfix are running.
Basically you just tested that above, but we need double check if it can send out to other servers. Again we will first test locally, which should work, then remotely which introduces many possible problems.
telnet localhost 25
# Open the hand shake with ehlo and the server name you are connecting from...
# This time it has to be the name of your server
EHLO mail.example.org
# The mail server will then dump out some details about its capabilities, e.g.
>250-mail.flurdy.net
>250-PIPELINING
>....
>....
# then say who is the sender of this email, which is a local user
MAIL FROM:
> 250 Ok
# then say who the mail is for which is an external address e.g. gmail etc.
RCPT TO:
> 250 Ok
# then enter the keyword data
data
> 354 End data with .
# enter message bodyand end with a line with only a full stop.
blah blah blah
more blah
.
> 250 Ok; queued as QWKJDKASAS
# end the connection with
quit
> 221 BYE
We have to assume receiving works above so no need to tail mysql's logs. However if any rejection errors occured in the mail.log then you have an error.
However if no errors occured and you see in the log something like this:
Dec 17 10:25:45 servername postfix/smtp[12345]: 12345678: to=, relay=127.0.0.1[127.0.0.1]:10024,
delay=15, delays=15/0.01/0.02/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=12345-09, from MTA([127.0.0.1]:10025):
250 2.0.0 Ok: queued as 1234567)
Then the sending emails work!
Return to top.

Can courier read emails
You need to make sure you can first receive emails as above
You need to make sure you can send emails as above
You need to make sure you have received an email and the folder /var/mail/virtual/xandros exists
The services MySQL, courier-authdaemon and courier-imap are running.
There is not too much you can test via telnet for courier. But you can check if it is up and you can connect to it.
telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT
QUOTA IDLE ACL ACL2=UNION STARTTLS LOGINDISABLED] Courier-IMAP ready. Copyright 1998-2008
Double Precision, Inc. See COPYING for distribution information.
The rest you would have to test via a proper email IMAP client.
Can amavis check and pass emails along?
You need to make sure you can first receive emails as above
You need to make sure you can send emails as above
You need to make sure you have received an email and the folder /var/mail/virtual/xandros exists
You can check if the service is responding:
telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
Then just tail /var/log/mail.log for any problems.
Return to top.
Initialize
Brief hints if you receive a ready setup machine (or EC2 AMI), and what then to check and to customize it to your setup.
Stop services
Restrict firewall
Change passwords
Check configurations
Set machine name
Certificates
Start and test services
Insert data
Reload postfix
Open firewall
Test
Stop services
First stop services so they wont accidentally do something.
sudo /etc/init.d/postfix stop
sudo /etc/init.d/courier-imap-ssl stop
sudo /etc/init.d/courier-imap stop
sudo /etc/init.d/courier-authdaemon stop
sudo /etc/init.d/mysql stop
sudo /etc/init.d/amavisd stop
sudo /etc/init.d/spamassassin stop
sudo /etc/init.d/clamav stop
Restrict firewall
Check what the firewall rules are.
vi /etc/shorewall/rules
Refer to the firewall settings. Restrict to just SSH access for now.
Change passwords
Next the passwords needs to be changed. For both the system and mysql.
System passwords
Check which users are defined on the system.
cat /etc/passwd
Apart from all the system ones, there should probably be none (if EC2 AMI) or just your user if it is a standard Ubuntu install. If there are some users, you need to change their passwords.
SSH Access
Next we check whom got SSH access. If there was any users defined, check their home folders for ssh keys.
cat /home/username/.ssh/auth*
Remove any you do not expect to be there. Next check if and which specific users has been defined for SSH access in
vi /etc/ssh/sshd
Usually this is fine.
MySQL passwords
First you need to change the root mysql user. If none has been set do this
mysqladmin -u root password new_password
Otherwise do this and you will be prompted for the old password
mysqladmin -u root password new_password -p
Then the default mail user as well. If you know the old password
mysqladmin -u mail password new_password -p
Otherwise log into mysql as root:
mysql -u root -p
Enter new root password specified above, then:
update mysql.user set password=password('apassword') where user='mail';
flush privileges;
You may need to revisit the top of MySQL section to re-grant the mail use rights on the database.
If you do not know the old root password, you have to restart mysql without grant rights. Google it... :)
Update postfix mysql configuration files with the new password.
sudo vi /etc/postfix/mysql*
password=apassword
Update courier's authmysql file with the new password as well.
sudo vi /etc/courier/authmysqlrc
MYSQL_PASSWORD apassword
If SASL is set up, then you need to update its passwords. First in postfix SASL file:
sudo vi /etc/postfix/sasl/smtpd.conf
sql_passw: aPASSWORD
Then on both lines in:
sudo vi /etc/pam.d/smtp
passwd=aPASSWORD
Check configurations
You should scan the postfix, courier, etc. configurations to check if they match what you expect.
Set machine name
Now you need to define your machine name, e.g. something like smtp.yourdomain.com. You need to define it in
sudo vi /etc/mailname
And then your domain name in
sudo vi /etc/postfix/main.cf
under the mydomain setting
myorigin=yourdomain.com
It could also be smart to check what the unix hostname is specified as
hostname
This can be reset by
sudo hostname smtp.yourdomain.com.
All though this does not have to be the same as your postfix mail server name. You may want to speficiy some hosts in hosts file as well,
sudo vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
127.0.0.1 smtp.yourdomain.com smtp
Certificates
You could go along with the generated certificates (if they are there, default for Ubuntu). Or if you could create new ones with the correct machine name in them. Especially if this a mail server used by many, and authenticiy is important. Follow the TLS certificate instructions for Postfix and Courier.
Start and test services.
Next you need to start your mail services and test them.
sudo /etc/init.d/mysql start
sudo /etc/init.d/spamassassin start
sudo /etc/init.d/clamav start
sudo /etc/init.d/amavisd start
sudo /etc/init.d/postfix start
sudo /etc/init.d/courier-imap-ssl start
sudo /etc/init.d/courier-imap start
sudo /etc/init.d/courier-authdaemon start
So test tjenestene via testing section.
Insert data
Insert your mail domains, aliases and users using the data section.
Some times there are test data already in the database. Remove them. E.g.;
mysql -u mail -papassword maildb
delete from domains where domain = 'bar.com';
delete from aliases where mail = 'foo@bar.com';
Open firewall
Then open up the firewall, follow the world access bit in the firewall configuration. Voila. Up and running. Well we hope.
Return to top.
Extend

Please refer to previous edition for how and why you can extend this mail server.
By now you should have a fully working system. No point extending and complicating it untill then. What next? There are many ways to extend the server, to create your own powerfull customized version.
Remote MX mail backup
Relay recipient lookup
Local file backup
Sender ID & SPF
Spam reporting
White/Black lists
PGP & S/MIME
Relocation notice
Pop-before-SMTP
Admin Software
Auto Reply
Block Addresses
Throttle Output
Mail Lists
Google Apps / GMail
Roundcube webmail
Sugestions?
Some of these sections can be brief as they are not core to this howto.
Remote MX mail backup
With MX backup loosing emails are unlikely.
Normally if someone sends an email destined for you, their server will try and connect to your server. If it can't reach your server for whatever reason ( it is down, dns issues, there is network problems, or just too busy ), the other server will back off and try again in a bit. How many and for how long it will try again is determined by the sending server. Some of them are not very patience, and it will report undelivered after only a few attempts. So you would have lost that email.
If you had specified a backup MX, this email may not have been lost. Upon first failure to connect to your server, the sender would see if there is any alternative server to send to. So it connects to your backup mx server. This server spools and queues your message and will try at intervals to send the message to you. It too will though eventually give up.
What is the difference? Simple, you (or whoever controls the backup mx ) is in control how long and often to try connecting to your machine. So if you have a reasonable values and your server is not down for weeks, no mail is lost.
How to implement it? First edit the DNS records again, and add a backup mx with a higher value.
# your server details
domain.tld IN MX 10 your.mailserver.name.tld
# new backup server
domain.tld IN MX 20 your.backupserver.name.tld
Now presuming the other backup mx is a postfix server identical to this, or you are backuing up someone else's server; Go into mysql and create this tables:
CREATE TABLE `backups` (
`pkid` smallint(6) NOT NULL auto_increment,
`domain` varchar(128) NOT NULL default '',
`transport` varchar(128) NOT NULL default ':[]',
`enabled` smallint(6) NOT NULL default '1',
PRIMARY KEY (`pkid`),
UNIQUE KEY `domain` (`domain`)
);
Then still on the backup server, edit main.cf and add these:
relay_domains = mysql:/etc/postfix/mysql_backups.cf
transport_maps = mysql:/etc/postfix/mysql_transport.cf
You may choose to have this as the last line in the file, as you may use small cron jobs to modify this ip address, if you don't have a permanent static address. It should contain your IP addres, hence if you do not have a very static IP address, that you need to automatic editing if the postfix file.
proxy_interfaces = 1.2.3.4
If someone comes with a better way, then let me know.
Next create this file /etc/postfix/mysql_backups.cf
user=mail
password=apassword
dbname=maildb
table=backups
select_field=domain
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
Next create this file /etc/postfix/mysql_transport.cf
user=mail
password=apassword
dbname=maildb
table=backups
select_field=transport
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
You noticed I added a transport lookup. This is a field in both the domain and the backup tables. In domains it is used to determine how to deliver the email, ie either virtual (correct) or local (not used in this howto). When backing up servers, your also need to specify in the transport field how to connect to the correct servers.
Say you are backiup for a friends server, mail.friend.com, for the domains of friend1.com and friend2.com. So you should insert this into your backup table.
INSERT INTO backups (domain,transport)
VALUES ('friend1.com' , ':[mail.friend.com]' ),
('friend2.com' , ':[mail.friend.com]' );
The :[] tells to connect directly to this server, not doing any more look ups for valid MX servers.
This shouls now work fine. Further tweaking of the queue values, review these and modify as appropiate. Shorter warning times are good for the sender, so that they realise the email has not arrived yet, but may also be annoying. Tradeoffs.. Look in the first main.cf configurations for ways to do so.
Relay recipient lookup
Unfortunetly spammers are using backup mx as a way to saturate the networks with invalid emails, known as backscatter mail.
They simply lookup a domain's MX servers and connect directly to one of the lower priority servers whom may be just a backup mx. This server if configured as above will not check for valid addresses aliases but will accept and queue all emails for the domain's it is configured as a backup mx for. These will then be delivered by the server later to the primary MX server, whom will then maybe reject them as the aliases are not valid. However the sender addresses are often invalid and a long trail of reject messages to and forth around the net follows...
To avoid this you can enable relay recipient lookup in Postfix.
Edit /etc/postfix/main.cf and add:
relay_recipient_maps = mysql:/etc/postfix/mysql_relays.cf
Then create a new file /etc/postfix/mysql_relays.cf
user=mail
password=apassword
dbname=maildb
table=relays
select_field=recipient
where_field=recipient
hosts=127.0.0.1
additional_conditions = and enabled = 1
Then add the following MySQL table:
CREATE TABLE `relays` (
`pkid` smallint(6) NOT NULL auto_increment,
`recipient` varchar(120) NOT NULL default '',
`enabled` tinyint(1) NOT NULL default '1',
`status` varchar(10) NOT NULL default 'OK',
PRIMARY KEY (`pkid`),
UNIQUE KEY `recipient` (`recipient`)
);
If the relay_recipient_maps setting is set, then postfix will reject all email addresses not specificed in this table. As with many postfix lookups, it will recursively search for a match from the full address.
In the following examples, emails to john@example.com are the only emails that will be accepted for the whole example.com domain.
However for @example.org all emails will be accepted for backup, except any for support@example.org which will be rejected.
insert into relays (recipient,status) values
('john@example.com','OK'),
('support@example.org','REJECT'),
('@example.org','OK');
Return to top.
Local file backup
Here is rough backup script to backup your configurations and mail folders. You may want to backup the folders seperatly as they can quickly grow to GBs. Adding this to a cronjob automates this process. Be aware that you should stop postfix and courier while backing up the mail folders. And that if they have grown large, that this may take some time.
tar czf mail-config.xxxxx.tgz /etc/postfic /etc/courier /etc/spamassassin /etc/clamav /etc/amavis /etc/mysql/my.cnf
tar czf mail-fold.xxxx.tgz /var/spool/mail/virtual
mysqldump -u mail -papassword -t maildb > data.sql
mysqldump -u mail -papassword -d maildb > schema.sql
tar czf mail-data.xxx.tgz schema.sql data.sql
tar cf mail.xxxxx.tar mail-*.xxxxx.tgz
You may combine a full backup with a intermediate update of what has changed recently only.
tar --newer-mtime "2005-01-01"
Return to top.
Sender ID & SPF
Further security features is using Microsoft's Sender ID or Pobox's SPF. I'd use SPF as there is much argument over Sender ID.
spf.pobox.com
www.microsoft.com/mscorp/safety/technologies/senderid/
SPF should limit who can send mail on behalf of your domains, and is an open design. I do recommend SPF, with some reservations, detailed below.
While Microsoft is not always entirely evil, as sometimes they do nice things and make some useful software, I would prefer not to be locked into their Sender ID technology.
SPF configuration
The pobox site has some nice SPF generation tools to setup your SPF configuration. Probably best to use theirs.
But the way I have my setup, is generally one domain with detailed SPF, then all other domains just with an SPF alias to it. e.g:
Main domain DNS TXT field:
"v=spf1 a mx a:myserver.example.com include:aspmx.googlemail.com include:gmail.com ~all"
The important elements are:
I list the mail servers and websites associated with this domain (the a and mx bit).
I then specifically list the name of a server I may send mail from applications automatically using addresses within this domain.
As you can see I also use Google Apps with this domain, thus tell SPF to also allow all mail servers associated with google mail.
Then for most of the other domains I would use this DNS TXT field:
"v=spf1 a mx include:example.com ~all"
The important elements are:
I list the mail servers and websites associated with this domain
Then I tell SPF to also allow all mail servers associated with my main domain (example.com).
And for all these I use ~all!
Ps. Some domains I have added an even stricter SPF, as these are domains that will never send an email.
SPF problem
It is worth noting about SPF, that you should leave the decision to whether to reject or allow the email to the mail servers. Therefor using -all instead of ~all is not a good choice. Leave it to the SPAM scoring by the receiving server, like SpamAssasin does it. You then minimise the risk of false positives.
One of the reason I do discourage -all use, is that SPF has a distinct problem:
It does not like email forwarding or use of backup MX!
Consider this: Your address of lulu@hoopa.com sends a joke email to a few friends. One of these is trixie@bellbell.org.
Trixie's email address is actually an alias and forwards the email to her private webmail account on hotmailnot.com.
Now if your domain, hoopa.com, have a strict SPF set up, which only allows emails to be sent by its mail server. And you/the mail admin has added -all to the SPF, which tells other server to reject emails not from your server. This you think makes sense, spammers can not use your domain for spoof emails.
So what happens: bellbell.org receives the email from lulu, and possible checks the SPF, which is OK, and forwards it on to hotmailnot.com.
However if hotmailnot.com also checks SPF, it will receive the email from bellbell.org, check the SPF to see bellbell.org's mail server is allowed to send emails on behalf hoopa.com. SPF will say No!, and with the -all, hotmailnot.com email server will reject the email!
2nd scenario if lulu email trixie directly at hotmailnot.com, but hotmailnot.com main mail server was down, and email was sent to the backup mx server. When the main server came online again, and the backup spooled the email back to it, the SPF would again fail as the hoopa.com's SPF would not mention hotmailnot.com backup mx as an allowed mail server.
Solution:
Of course you can not list all possible forwarding / backup mx email server that your domain's users might at some point email!
I simple just use the ~all option. Which simple say it is not the expected server, but probably ok.
And if this is added to a scoring by the receiver, then the accumulated spam score might be enough to reject dodgy emails.
Return to top.
Spam reporting
todo
Reporting spam to Pyzor, Razor and SpamCop, for collaboration in spam fighting.
More detail on SpamCop is here.
pyzor.sourceforge.net
razor.sourceforge.net
Return to top.
White/Black Lists
todo
You can implement white and black lists to explicitly allow or block domains and users.
You have already visited the option of a blackhole list of known open relays in the postfix configuration.
You can implement further lists inside Postfix or SpamAssassin. Amavisd-new already has a few well known white/black listed items in its config files. SpamAssissin also as a feture to automaticly learn white lists.
Return to top.
PGP & S/MIME
Adding support for GnuPG and S/MIME increases indiviual security.
This is not implemented on the postfix server side, as this totally a client side option.
However SquirrelMail has a GnuPG option. It is a plugin that can be downloaded from their website. Which can then be enabled via SquirrelMail's config script.
Here is how to create a GnuPG key pair.
# check you have not already got a key
gpg --list-keys
# then create one
gpg --gen-key
To import GnuPG into Evolution; in your settings/preferences edit your account settings and add you private key under the security tab. The private key is found via listing the GnuPG keys as above, then it is the 8 characters after the "sub 1024g/" bit of you key.
To use GnuPG with Thunderbird you need to install EnigMail.
S/MIME is another way to encrypt and/or sign messages. You can create you own certificate or use known organizations like Thawte. (Thawte was originally set up by the Ubuntu founder)
Return to top.
Relocation notice
If people change addresses, a bounced message stating so if people send email to the old address is quite useful. To implement this in postfix, frst create a lookup table in the database.
CREATE TABLE `relocated` (
`pkid` smallint(6) NOT NULL auto_increment,
`oldadr` varchar(128) NOT NULL default '',
`newadr` varchar(128) NOT NULL default '',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`),
UNIQUE KEY `oldadr` (`oldadr`)
) ;
Then add this to /etc/postfix/main.cf
relocated_maps = mysql:/etc/postfix/mysql_relocated.cf
The create this file /etc/postfix/mysql_relocated.cf
user=mail
password=apassword
dbname=maildb
table=relocated
select_field=newadr
where_field=oldadr
hosts=127.0.0.1
Then if pete@domain1.com has changed address to pete.jones@another.org:
INSERT INTO relocated (oldadr,newadr)VALUES
('pete@domain1.com','pete.jones@another.org');
If anyone sends an email to pete@domain.com, they will get a message back stating he has changed address to pete.jones@another.org.
Return to top.
Pop-before-SMTP
If SASL didn't work, or you are using clients which dont support it, the Pop-Before-SMTP is an easy way around that issue, so that people externally can still securly send mail via your server.
Refer to my 2nd edition on Pop-before-SMTP setup.
Return to top.
Admin software
todo
Trying out a few admin software might make you life easier, if phpMyAdmin gets to crude. Quick search
More to come later.
Return to top.
Auto Reply
todo
Postfix have now features to auto reply to an email, while still delivering it to its alias.
Return to top.
Block Addresses
If you use catch alls, which are useful for some domains, then eventually some addresses will be target for spam. You can then either stop the catch all, or stop indivdual addresses.
By implementing a lookup and adding this restriction to smtpd_recipient_restrictions accomplises this.
check_recipient_access mysql:/etc/postfix/mysql_block_recip.cf,
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, \
check_recipient_access mysql:/etc/postfix/mysql_block_recip.cf, \
reject_non_fqdn_recipient, reject_unauth_destination, \
check_relay_domains
Beware of the order is important here, if any options says ok before check_recipient_access it will ignore it.
Next create mysql_block_recip.cf to lookup addresses. Either create a another table, or add a blocked field to aliases table.
Return to top.
Throttle Output
todo
For some users with restrictions on bandwidth, you may wish to control how much mail is sendt out. Postfix has long refused to implement these features, out of ideolocial beliefs that mail servers should not be restricted. However there are some ways around this. More to come later.
Return to top.
Mail Lists
Rich Brown has written a howto on adding Mailman, a mail list program, to my howto. Click here to read it.
Do note it is not part of my howto, so do not contact me regarding it. And although I think it is fine, I can't guarantee it will work.
If you do need assistance or need to talk about it, contact Rich via his howto or use the forums for this howto.
If you want a simple mailling list, it can be implemented by simply seperating aliases in the destination field in the aliases table with a comma.
INSERT INTO aliases (mail,destination) VALUES
( 'listof@domain.com' , 'john@ppp.com,vic@domain.com,jj@somewhere.tld' );
Return to top.
Google Apps / GMail
I have for various reasons integrated some Google Apps hosted domains into my mail server. And you can still have good control over the addresses by using your server with Google Apps.
More information on Google Apps.
Why
Some already have their domain's email hosted with Google.
Some people prefer Google's web based interface.
Temporary Migrations.
Include Google's security features on top of yours.
How
Options
The easiest and simples solution is not to have a domain MXed to your server, and simply alias email to those domains. eg All email to joeblogs.co.uk hosted on your server are forwarded to joeblogs.com hosted with google.
You may set up your own server to simple be a mail server backup (mx) for a domain hosted with google. If you are the first priority in the MX details of the DNS, you still have some control, but not all will obey the priority listing. E.g. spammers, but some valid senders as well.
However the one I use and the option where you are most in control is to keep you server as the only MX server in the DNS. And only forward certain aliases onto Google after all your servers checks. Other aliases and user can just use your mail server if you prefer. I will explain how to do this in the next steps.
DNS
You only put your mail server as the mx for the domain in question. Google will complain about this, as it will not be able to verify that email is setup correctly. Ignore this as it will still accept emails.
MySQL tables
You setup you aliases as normal. However you domain table needs tweaking. This is because otherwise your server will just forward the email to itself. You can actually specify aliases in the domain table.
Example
If for example:joe@bloggs.com wants to use gmail. mary@bloggs.com does not.
If not already configured as a backup mx:
Add a transport lookup to your /etc/postfix/main.cf file:
transport_maps = mysql:/etc/postfix/mysql_transport.cf
Then create /etc/postfix/mysql_transport.cf file:
user=mail
password=apassword
dbname=maildb
table=backups
select_field=transport
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
Assuming there are no bloggs.com data in any tables (domain,alias,users,relays,backups):
insert into domains (domain,transport) values
('joe@bloggs.com','smtp:[aspmx.l.google.com]:587'),
('bloggs.com','virtual:');
insert into aliases (mail,destination) values
('joe@bloggs.com','joe@bloggs.com'),
('mary@bloggs.com','mary@bloggs.com');
insert into users (id,name,maildir,crypt) values
('mary@bloggs.com','mary','bloggs.com/mary',encrypt('maryspassword') );
The domains insert is the interesting one. The transport map lookup checks recursively for an alias match and will first look for user@domain before it looks at the general bloggs.com for which transport to use. The square brackets around aspmx.l.google.com indicates that this server will not lookup for mx settings for this domains DNS, but instead connect directly. (This can avoid never ending recursive lookups/relays)
Note if you have backup mx configured and chosen to enable relay recipient lookup to avoid backscatter mail spam, then you need to add your Google Apps users to the relays table:
insert into relays (recipient,status) values ('joe@bloggs.com','OK');
Refer to backup mx section for creation of this table.
TLS certificate
If you have set your server up to prefer TLS then you should add Google's signing authority to your server's root certificate list. Google used to use Thawte but now use Equifax.
Download the Equifax Secure Certificate Authority certificate from their website (the base-64 encoded):
wget http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer;
You need to fix the line endings in this file by either using sed:
sed -i 's/.$//' Equifax_Secure_Certificate_Authority.cer;
Or install a tiny util:
sudo aptitude install tofrodos;
fromdos Equifax_Secure_Certificate_Authority.cer;
Put it into your certificate root folder:
sudo chown root:root Equifax_Secure_Certificate_Authority.cer;
sudo mv Equifax_Secure_Certificate_Authority.cer /usr/share/ca-certificates/mozilla/;
cd /etc/ssl/certs;
sudo ln -s /usr/share/ca-certificates/mozilla/Equifax_Secure_Certificate_Authority.cer .;
And then append it to the root list that postfix knows about:
sudo su;
cat Equifax_Secure_Certificate_Authority.cer >> ca-certificates;
exit;
sudo service postfix restart;
Issues
There are some items you should consider when integrating Google Apps.
Privacy
First there is the privacy issue. This is the same as if you were using Google Apps only or GMail. Google can and will read your email. However probably not a person, but they will use it for commercial reasons, E.g. showing relevant ads. Some people really hate this part and refuse to use Google's mail products. However I trust them a little bit, and do use it.
Spam
If you forward spam, then consider your own servers reputation. Should be okay though.
SPF
If you use SPF for your domain, consider that both your server and google will receive and send mail on behalf of that domin. Adding
include:_spf.google.com
should cover it.
Google internally
Be aware Google think they host you domain. So if others inside google, or using google hosted apps or GMail, if they email you, the email may not go via your email server, but directly to the Google Apps for your domain. That could be an issue if not all aliases you have use Google Apps. This needs to be tested more though. Especially as it may only be an issue if Google's servers are part of you domains MXs. It may be worth adding aliases in your Google Apps admin for the non google apps adresses to some user whom can handle these?
Return to top.
Maildrop, spam folder and vacation messaging
Villu have documented swapping in Maildrop for virtual transport and automatically deliverin spam to a spam folder. (And links to a post about vacation messaging)
Please read his post here.
Return to top.
Roundcube webmail client
As an alternative to SquirrelMail, Roundcube has a more modern feel to it. It is however not got the long testing track record of SquirrelMail, and is not yet a 1.0 release version. However if you prefer its very much more appealing interface then follow these easy steps:
You may optionally want to uninstall SquirrelMail:
sudo aptitude remove squirrelmail squirrelmail-locales
Then install Roundcube
sudo aptitude install roundcube roundcube-mysql
It will ask you if you want to configure its database access, answer yes, then select mysql. Then it will ask for the root mysql uses password, which it will create a roundcube mysql user and ask for its desired password.
This will create a symblink in /etc/apache2/conf.d/ to /etc/roundcube/apache.conf. Edit this file.
sudo vi /etc/roundcube/apache.conf
Depending on your setup you may want to move those Alias commands at the top to your virtual hosts configuration, or for this example enable them here for all hosts.
# Uncomment them to use it or adapt them to your configuration
Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
Alias /roundcube /var/lib/roundcube
Next edit the configuration file
sudo vi /etc/roundcube/main.inc.php
Modify these lines for added security and ease of log in:
$rcmail_config['default_host'] = 'ssl://localhost:993';

$rcmail_config['smtp_server'] = 'ssl://localhost';

$rcmail_config['smtp_port'] = 465;

# keep as default or change to your mail server name
$rcmail_config['smtp_helo_host'] = 'mail.example.com';

$rcmail_config['create_default_folders'] = TRUE;
There are other tweaks and security features you can enable such as:
$rcmail_config['sendmail_delay'] = 1;
But perhaps concentrate on getting the basics working firtst...
Save, exit and reload Apache to enable these aliases for Roundcube to work
sudo /etc/init.d/apache2 reload
Then go to your roundcube installation depending where and how you modified those Aliases, e.g. at http://mail.example.com/roundcube.
That should be it
You can obviously modify and tweak further. One thing that may be usefull is to have the Roundcube Apache Alias on different virtual hosts, and configure username_domain in main.inc.php to append different email addresses, or configure the default_host to different mail server depending on virtual host... More details on the Roundcube Wiki.
Return to top.
Suggestions?
If you have any suggestions to other ways of extending a postfix server, then fire off a mail to me via the contact form further down.
(Or rather, Id prefer that you write down the extension, and let me know the link! :))
Return to top.

mencoder commands

2011-02-25T22:02:00.000+08:00

//To DIVX

mencoder -oac mp3lame -lameopts aq=7:cbr:br=128 -srate 44100 -vf scale=width:height,harddup -ovc lavc -ffourcc DX50 -lavcopts vcodec=mpeg4:vbitrate=320 InputFile -o OutputFile

//To DIVX(2pss)

mencoder -nosound -vf scale=width:height,harddup -ovc lavc -ffourcc DX50 -lavcopts vcodec=mpeg4:vbitrate=320:vpass=1 InputFile -o OutputFile

mencoder -oac mp3lame -lameopts aq=7:cbr:br=128 -srate 44100 -vf scale=width:height,harddup -ovc lavc -ffourcc DX50 -lavcopts vcodec=mpeg4:vbitrate=320:vpass=2 InputFile -o OutputFile

//To XVID

mencoder -oac mp3lame -lameopts aq=7:cbr:br=128 -srate 44100 -vf scale=width:height,harddup -ovc xvid -xvidencopts bitrate=320 InputFile -o OutputFile

//To XVID(2pss)

mencoder -nosound -vf scale=width:height,harddup -ovc xvid -xvidencopts bitrate=320:pass=1 InputFile -o OutputFile

mencoder -oac mp3lame -lameopts aq=7:cbr:br=128 -srate 44100 -vf scale=width:height,harddup -ovc xvid -xvidencopts bitrate=320:pass=2 InputFile -o OutputFile

//To x264

mencoder -oac mp3lame -lameopts aq=7:cbr:br=128 -srate 44100 -vf scale=width:height,harddup -ovc x264 -x264encopts bitrate=320 InputFile -o OutputFile

//To x264(2pss)

mencoder -nosound -vf scale=width:height,harddup -ovc x264 -x264encopts bitrate=320:pass=1 InputFile -o OutputFile

mencoder -oac mp3lame -lameopts aq=7:cbr:br=128 -srate 44100 -vf scale=width:height,harddup -ovc x264 -x264encopts bitrate=320:pass=2 InputFile -o OutputFile

//视频滤镜

... -vf ...,eq=B:C,...harddup ... B=亮度，C=对比度
... -vf ...,rotate=R,...harddup ... R=旋转方式（0，逆时针90度。1，顺时针90度。）
... -vf ...,mirror,...harddup ... 水平翻转
... -vf ...flip,...harddup ... 垂直翻转
.. .-vf ...,crop=W:H:X:Y,...harddup ...
... -vf ...,expand=W:H:::1,...harddup ... 加黑边将画面扩展到W:H
... -vf...-ofps F ... F=帧速率
... -ss H:M:S:MS -endpos H:M:S:MS ... 时间分割（H=小时，M＝分钟，S＝秒，MS＝毫秒）

//MP3音频控制
-oac mp3lame -lameopts aq=Q:[mode=M:][vol=V:]cbr:br=B [-delay D] -srate H Q=精度，M=模式（3为单声道），V=音量，B=比特率，D=延迟，H=采样频率

//字幕控制
-sid [MKV字幕号] -sub [字幕文件路径] -font [字体文件路径] -subfont-text-scale [字体尺寸] -subfont-outline [字体边框尺寸（px）] -subfont-blur [字体模糊（%）] -subpos [字幕位置（%）] -subdelay [延迟] -subcp CP936 -unicode

//To PAL DVD

mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=9000:vbitrate=5001:keyint=15:vstrict=0:acodec=ac3:abitrate=224[:aspect=16/9|:aspect=4/3] -ofps 25 -o OutputFile InputFile

//To NTSC DVD

mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:480,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=9000:vbitrate=5001:keyint=18:vstrict=0:acodec=ac3:abitrate=224[:aspect=16/9|:aspect=4/3] -ofps 23.976 -o OutputFile InputFile

//To PAL AVI Containing AC-3 Audio to DVD

mencoder -oac copy -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -ofps 25 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=9000:vbitrate=5001:keyint=15:vstrict=0[:aspect=16/9|:aspect=4/3] -o OutputFile InputFile

//To NTSC AVI Containing AC-3 Audio to DVD

mencoder -oac copy -ovc lavc -of mpeg -mpegopts format=dvd:tsaf:telecine -vf scale=720:480,harddup -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=9000:vbitrate=5001:keyint=18:vstrict=0[:aspect=16/9|:aspect=4/3] -ofps 23.976 -o OutputFile InputFile

//To PAL SVCD

mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=xsvcd -vf scale=480:576,harddup -srate 44100 -af lavcresample=44100 -lavcopts vcodec=mpeg2video:mbd=2:keyint=15:vrc_buf_size=917:vrc_minrate=600:vbitrate=2001:vrc_maxrate=2500:acodec=mp2:abitrate=224 -ofps 25 -o OutputFile InputFile

//To NTSC SVCD

mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=xsvcd -vf scale=480:480,harddup -srate 44100 -af lavcresample=44100 -lavcopts vcodec=mpeg2video:mbd=2:keyint=18:vrc_buf_size=917:vrc_minrate=600:vbitrate=2001:vrc_maxrate=2500:acodec=mp2:abitrate=224 -ofps 23.976 -o OutputFile InputFile

//To PAL VCD

mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=xvcd -vf scale=352:288,harddup -srate 44100 -af lavcresample=44100 -lavcopts vcodec=mpeg1video:keyint=15:vrc_buf_size=327:vrc_minrate=1152:vbitrate=1152:vrc_maxrate=1152:acodec=mp2:abitrate=224 -ofps 25 -o OutputFile InputFile

//To NTSC VCD

mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=xvcd -vf scale=352:240,harddup -srate 44100 -af lavcresample=44100 -lavcopts vcodec=mpeg1video:keyint=18:vrc_buf_size=327:vrc_minrate=1152:vbitrate=1152:vrc_maxrate=1152:acodec=mp2:abitrate=224 -ofps 23.976 -o OutputFile InputFile

comicchangeWithoutSizechange

2010-10-25T22:26:00.003+08:00

#!/bin/bash -
#===============================================================================
#
# FILE: compresszip.sh
#
# USAGE: ./compresszip.sh
#
# DESCRIPTION: for decompress the comic change the size and quality and compress it back
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: YOUR fullname (),
# COMPANY:
# CREATED: 08/26/2010 09:00:26 PM CST
# REVISION: ---
#===============================================================================

set -o nounset # Treat unset variables as an error
set -x

# [ "$#" -lt 2 ] && echo "comicchange 80 comicfile" && exit 4

convert_zip_comic ()
{

if [ -d "$tmpfolder" ] ; then
#find $tmpfolder $ -iname \*jpg -o -iname \*png -o -iname tiff $ -exec convert -resize ${para}% -quality 80% "{}" "{}" \;
#zip -rqjm "$filename".zip $tmpfolder && rm -rf $tmpfolder
cd $tmpfolder && tar cf $workdir/"$filename".tar * && cd $workdir && rm -r $tmpfolder
fi

} # ---------- end of function decompress ----------

unzipcomic ()
{
if [ -n "${fullname}" ] ; then
unzip -nLqa "$fullname" -d $tmpfolder && rm "$fullname"
fi

} # ---------- end of function unzipcomic ----------

unrarcomic ()
{
if [ -n "${fullname}" ] ; then
mkdir "$tmpfolder" -p
unrar x -cl "$fullname" "$tmpfolder" && rm -rf "$fullname"
fi

} # ---------- end of function unrarcomic ----------

untarcomic ()
{
if [ -n "${fullname}" ] ; then
mkdir "$tmpfolder" -p
cd $tmpfolder; tar xpf $workdir/"$fullname"; cd $workdir; rm -rf "$fullname"
fi

} # ---------- end of function unrarcomic ----------

check_origFile ()
{
unzip -l tmp.zip | awk '{print $4}' | grep "\/$"
} # ---------- end of function check_origFile ----------

check_ext ()
{
case $extname in
zip)
unzipcomic $fullname
;;

rar)
unrarcomic $fullname
;;

tar)
untarcomic $fullname
;;
*)
echo "file not found"
;;

esac # --- end of case ---

#(([ "$extname" == "zip" ] && unzipcomic $fullname) || ( [ "$extname" == "rar" ] && unrarcomic $fullname )) || ([ "$extname" == "zip" ] && unzipcomic $fullname) || echo "file not found"
} # ---------- end of function check_ext ----------
extname=""
fullname=""
filename=""
tmpfolder=""
#para=$1
workdir=`pwd`
extname="${*##*.}"
filename="${*%%.*}"
fullname=$*
tmpfolder=/tmp/comicChange$RANDOM
check_ext
convert_zip_comic

comicchange

2010-10-25T22:26:00.001+08:00

#!/bin/bash -
#===============================================================================
#
# FILE: compresszip.sh
#
# USAGE: ./compresszip.sh
#
# DESCRIPTION: for decompress the comic change the size and quality and compress it back
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: YOUR fullname (),
# COMPANY:
# CREATED: 08/26/2010 09:00:26 PM CST
# REVISION: ---
#===============================================================================

set -o nounset # Treat unset variables as an error
set -x

[ "$#" -lt 2 ] && echo "comicchange 80 comicfile" && exit 4

convert_zip_comic ()
{

if [ -d "$tmpfolder" ] ; then
find $tmpfolder $ -iname \*jpg -o -iname \*png -o -iname tiff $ -exec convert -resize ${para}% -quality 80% "{}" "{}" \;
#zip -rqjm "$filename".zip $tmpfolder && rm -rf $tmpfolder
cd $tmpfolder && tar cf $workdir/"$filename".tar * && cd $workdir && rm -r $tmpfolder
fi

} # ---------- end of function decompress ----------

unzipcomic ()
{
if [ -n "${fullname}" ] ; then
unzip -nLqa "$fullname" -d $tmpfolder && rm "$fullname"
fi

} # ---------- end of function unzipcomic ----------

unrarcomic ()
{
if [ -n "${fullname}" ] ; then
mkdir "$tmpfolder" -p
unrar x -cl "$fullname" "$tmpfolder" && rm -rf "$fullname"
fi

} # ---------- end of function unrarcomic ----------

untarcomic ()
{
if [ -n "${fullname}" ] ; then
mkdir "$tmpfolder" -p
cd $tmpfolder; tar xpf $workdir/"$fullname"; cd $workdir; rm -rf "$fullname"
fi

} # ---------- end of function unrarcomic ----------

check_origFile ()
{
unzip -l tmp.zip | awk '{print $4}' | grep "\/$"
} # ---------- end of function check_origFile ----------

check_ext ()
{
case $extname in
zip)
unzipcomic $fullname
;;

rar)
unrarcomic $fullname
;;

tar)
untarcomic $fullname
;;
*)
echo "file not found"
;;

esac # --- end of case ---

#(([ "$extname" == "zip" ] && unzipcomic $fullname) || ( [ "$extname" == "rar" ] && unrarcomic $fullname )) || ([ "$extname" == "zip" ] && unzipcomic $fullname) || echo "file not found"
} # ---------- end of function check_ext ----------
extname=""
fullname=""
filename=""
tmpfolder=""
para=$1
workdir=`pwd`
extname="${2##*.}"
filename="${2%%.*}"
fullname=$2
tmpfolder=/tmp/comicChange$RANDOM
check_ext
convert_zip_comic

sshtunnel

2010-09-19T00:17:00.001+08:00

#!/bin/bash -
#===============================================================================
#
# FILE: sshtunnel.sh
#
# USAGE: ./sshtunnel.sh
#
# DESCRIPTION: for ssh link the blockcn file server.
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: kk (Kingkong Mok), kingkongmok@gmail.com
# COMPANY:
# CREATED: 09/18/2010 11:26:11 PM CST
# REVISION: ---
#===============================================================================

set -o nounset # Treat unset variables as an error

if [ `whoami` = root ] ; then
su kk -c "ssh -qTfnN -D 7070 kingkongmok@ssh201.blockcn.com"
else
exit 3;
fi

wget

2010-09-18T23:59:00.001+08:00

wget 使用技巧

2007-10-14 Toy Posted in TipsRSSTrackback

wget 是一个命令行的下载工具。对于我们这些 Linux 用户来说，几乎每天都在使用它。下面为大家介绍几个有用的 wget 小技巧，可以让你更加高效而灵活的使用 wget。

* $ wget -r -np -nd http://example.com/packages/

这条命令可以下载 http://example.com 网站上 packages 目录中的所有文件。其中，-np 的作用是不遍历父目录，-nd 表示不在本机重新创建目录结构。

* $ wget -r -np -nd --accept=iso http://example.com/centos-5/i386/

与上一条命令相似，但多加了一个 --accept=iso 选项，这指示 wget 仅下载 i386 目录中所有扩展名为 iso 的文件。你也可以指定多个扩展名，只需用逗号分隔即可。

* $ wget -i filename.txt

此命令常用于批量下载的情形，把所有需要下载文件的地址放到 filename.txt 中，然后 wget 就会自动为你下载所有文件了。

* $ wget -c http://example.com/really-big-file.iso

这里所指定的 -c 选项的作用为断点续传。

* $ wget -m -k (-H) http://www.example.com/

该命令可用来镜像一个网站，wget 将对链接进行转换。如果网站中的图像是放在另外的站点，那么可以使用 -H 选项。

============================================================================================

转自http://linux.ccidnet.com/art/1101/20051128/628467_1.html

A。使用wget工具

linux所以的主要版本都自带了wget这个下载工具.

bash$ wget http://place.your.url/here

它还能控制ftp来下载整个web站点的各级目录,当然,如果你不小心,可能会把整个网站以及其他和他做链接的网站全部下载下来.

bash$ wget -m http://target.web.site/subdirectory

由于这个工具具有很将的下载能力,所以可以在服务器上把它用作镜像网站的工具.让它按照"robots.txt"的规定来执行.
有很多参数用来控制它如何正确地做镜像,可以限制链接的类型和下载文件的类型等等.例如:只下载有联系的链接并且忽略GIF图片:

bash$ wget -m -L --reject=gif http://target.web.site/subdirectory

wget也能够实现端点续传(-c参数),当然,这种操作是需要远程服务器支持的.

bash$ wget -c http://the.url.of/incomplete/file

可以把端点续传和镜像功能结合起来,这样可以在以前断过多次的情况下继续镜像一个有大量选择性文件的站点.如何自动实现这个目的我们在后面会讨论得更多.
如果你觉得下载时老是断线会影响你办公的话,你可以限制wget重试的次数.
bash$ wget -t 5 http://place.your.url/here
这样重试五次后就放弃了.用"-t inf"参数表示永远不放弃.不停地重试.

B．那对于代理服务该怎么办呢?
可以使用http代理的参数或者在.wgetrc配置文件里指定一个如何通过代理去下载的途径.但是有这么一个问题,
如果通过代理来进行端点续传的话可能会有几次失败.如果有一次通过代理下载的过程发生中断,那么代理服务器上缓存里保存是那个完整的
文件拷贝.所以当你用"wget -c"来下载剩余部分的时候代理服务器查看它的缓存,并错误地认为你已经下载了整个文件.于是就发出了错误的信号.
这个时候你可以用添加一个特定的请求参数来促使代理服务器清除他们的缓存:

bash$ wget -c --header="Pragma: no-cache" http://place.your.url/here

这个"--header"参数能够以各种数字，各种方式添加。通过它我们可以更改
web服务器或者代理服务器的某些属性。有些站点不提供外部连接的文件服务，只有通过同一个站点上其他的一些页面时内容
才会被提交。这个时候你可以用加上"Referer:"
参数：
bash$ wget --header="Referer: http://coming.from.this/page" http://surfing.to.this/page
有些特殊的网站只支持某种特定的浏览器，这个时候可以用"User-Agent:"参数
bash$ wget --header="User-Agent: Mozilla/4.0 (compatible; MSIE 5.0;Windows NT; DigExt)" http://msie.only.url/here

C．那我怎么设定下载时间呢？
如果你需要在你的办公电脑上通过和其他同事共享的一个连接来下载一些很大的文件，而且你希望你的同事不会因为网络速度的减慢而收到影响，
那你就应该尽量避开高峰时段。当然,不需要在办公室里等到所以人都走掉，也不需要在家里用完晚饭后还惦记着要上网下载一次。
用at来就可以很好的定制工作时间：
bash$ at 2300
warning: commands will be executed using /bin/sh
at> wget http://place.your.url/here
at> press Ctrl-D
这样，我们设定了下载工作在晚上11点进行。为了使这个安排能够正常进行，请确
认atd这个后台程序正在运行。

D．下载要花很多时间？
当你需要下载大量的数据，而且你又没有享有足够的带宽,这个时候你会经常发现在你安排的下载任务还没有完成，一天的工作却又要开始了。
作为一个好同事，你只能停掉了这些任务，而开始另外的工作。然后你又需要反复地重复使用"wget -c"来完成你的下载。这样肯定太繁琐了，
所以最好是用crontab来自动执行。创建一个纯文本文件，叫做"crontab.txt",包含下面的内容：
0 23 * * 1-5 wget -c -N http://place.your.url/here
0 6 * * 1-5 killall wget
这个crontab文件指定某些任务定期地执行。前五列声明是什么时候执行这个命令，而每行的剩余部分则告诉crontab执行什么内容。
前两列指定了每天一到晚上11点就开始用wget下载，一到早上6点就停止一切wget
下载。第三四列的*表示每个月的每一天都执行这个任务。第五列则指定了一个星期的哪几天来执行这个程序。 --"1-5"表示从星期一
到星期五。

这样在每个工作日的晚上11点，下载工作开始，到了上午的6点，任何的wget任务
就被停掉了。你可以用下面的命令来执行crontab：
bash$ crontab crontab.txt
wget的这个"-N"参数将会检查目标文件的时间戳，如果匹配了，下载程序就会停止，因为它说明整个文件已经下载完全了。
用"crontab -r"可以删除这个计划安排。我已经多次采用这种方法，通过共享的电话拨号来下载过很多的ISO镜像文件,还是
比较实用的。

E．如何下载动态变化的网页
有些网页每天都要根据要求变化好几次.所以从技术上讲,目标不再是一个文件,它没有文件长度.因此"-c"这个参数也就失去了意义.
例如:一个PHP写的并且经常变动的linux周末新闻网页:
bash$ wget http://lwn.net/bigpage.php3

我办公室里的网络条件经常很差,给我的下载带了很大的麻烦,所以我写了个简单的脚本来检测动态页面是否已经完全更新了.
#!/bin/bash

#create it if absent
touch bigpage.php3

#check if we got the whole thing
while ! grep -qi bigpage.php3
do
rm -f bigpage.php3

#download LWN in one big page
wget http://lwn.net/bigpage.php3

done
这个脚本能够保证持续的下载该网页,直到网页里面出现了"",这就表示该文件已经完全更新了.

F．对于ssl和Cookies怎么办？
如果你要通过ssl来上网,那么网站地址应该是以"https://"来开头的.在这样的情况下你就需要另外一种下载工具,叫做curl，它能够
很容易获得.有些网站迫使网友在浏览的时候必须使用cookie.所以你必须从在网站上得到的那个Cookie里面得到"Cookie:"这个参数.这样才
能保证下载的参数正确.对于lynx和Mozilla的Cookie的文件格式,用下面的:
bash$ cookie=$( grep nytimes ~/.lynx_cookies |awk {printf("%s=%s;",$6,$7)} )
就可以构造一个请求Cookie来下载http://www.nytimes.com上的内容.当然,你要已经用这个浏览器在该网站上完成注册.
w3m使用了一种不同的,更小巧的Cookie文件格式:
bash$ cookie=$( grep nytimes ~/.w3m/cookie |awk {printf("%s=%s;",$2,$3)} )
现在就可以用这种方法来下载了:
bash$ wget --header="Cookie: $cookie" http://www.nytimes.com/reuters/technology/tech-tech-supercomput.html
或者用curl工具:
bash$ curl -v -b $cookie -o supercomp.html http://www.nytimes.com/reuters/technology/tech-tech-supercomput.htm

G．如何建立地址列表？
到现在为止我们下载的都是单个文件或者是整个网站.有的时候我们需要下载某个网页上链接的大量文件,但没有必要把它整个网站
都镜像下来.比如说我们想从一个依次排列的100首歌里面下载前20首.注意,这里"--accept"和"--reject"参数是不会
起作用的,因为他们只对文件操作起作用.所以一定要用"lynx -dump"参数来代替.
bash$ lynx -dump ftp://ftp.ssc.com/pub/lg/ |grep gz$ |tail -10 |awk {print $2} > urllist.txt
lynx的输出结果可以被各种GNU文本处理工具过虑.在上面的例子里,我们的链接地址是以"gz"结尾的,并且把最后10个文件地址放到
urllist.txt文件里.然后我们可以写一个简单的bash脚本来自动下载这个文件里的目标文件:

bash$ for x in $(cat urllist.txt)
> do
> wget $x
> done
这样我们就能够成功下载Linux Gazette网站(ftp://ftp.ssc.com/pub/lg/)上的最新10个论题.

H．扩大使用的带宽
如果你选择下载一个受带宽限制的文件,那你的下载会因为服务器端的限制而变得很慢.下面这个技巧会大大缩短下载的过程.但这个技巧
需要你使用curl并且远程服务器有多个镜像可以供你下载.例如,假设你想从下面的三个地址下载Mandrake 8.0:
url1=http://ftp.eecs.umich.edu/pub/linux/mandrake/iso/Mandrake80-inst.iso
url2=http://ftp.rpmfind.net/linux/Mandrake/iso/Mandrake80-inst.iso
url3=http://ftp.wayne.edu/linux/mandrake/iso/Mandrake80-inst.iso
这个文件的长度是677281792个字节,所以用curl程序加"--range"参数来建立三个同时进行的下载:
bash$ curl -r 0-199999999 -o mdk-iso.part1 $url1 &
bash$ curl -r 200000000-399999999 -o mdk-iso.part2 $url2 &
bash$ curl -r 400000000- -o mdk-iso.part3 $url3 &
这样就创建了三个后台进程.每个进程从不同的服务器传输这个ISO文件的不同部分.这个"-r"参数指定目标文件的字节范围.当这三个
进程结束后,用一个简单的cat命令来把这三个文件衔接起来-- cat mdk-iso.part? > mdk-80.iso.(强烈建议在刻盘之前先检查md5)
你也可以用"--verbose"参数来使每个curl进程都有自己的窗口来显示传输的过程.

结束语
不用担心使用非交互式的下载方式会影响你的下载效果.无论网站设计者如何绞尽脑汁想阻止我们从他们的网站下载,我们都可以得到
免费的工具来自动完成下载任务.这会大大丰富我们的网络经历.

pick_by_random

2010-09-17T20:19:00.001+08:00

#!/bin/bash -
#===============================================================================
#
# FILE:
#
# USAGE:
#
# DESCRIPTION: pick up a parameter arguments for ${array[@]}
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: kk (kingkongmok@grail.com),
# COMPANY:
# CREATED: 09/14/2010 03:57:51 PM CST
# REVISION: ---
#===============================================================================

set -o nounset # Treat unset variables as an error

arrays=($@)
NUMB=${#arrays[@]}
echo "$NUMB"

while true ; do
read kick;

RANDOMNUMB=$((RANDOM%$NUMB))
echo "$RANDOMNUMB"
echo "it's ${arrays[RANDOMNUMB]}"
done

lockcomputer

2010-09-17T20:16:00.003+08:00

#!/bin/bash -
#===============================================================================
#
# FILE: lockcomputer.sh
#
# USAGE: ./lockcomputer.sh
#
# DESCRIPTION: lock the computer with screensaver and turn off the dpms
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: kk (kingkongmok@gmail.com),
# COMPANY:
# CREATED: 09/03/2010 05:17:53 PM CST
# REVISION: ---
#===============================================================================

set -o nounset # Treat unset variables as an error

gnome-screensaver-command -l
while true ; do xset dpms force off ; sleep 10; done

voa_online

2010-09-17T20:16:00.001+08:00

#!/bin/bash

while true ; do
mplayer -cache 100 rtsp://a1702.l211048984.c2110.g.lr.akamaistream.net:554/live/D/1702/2110/v0001/reflector:48984;
sleep 2;
done

change_name

2010-09-17T20:15:00.001+08:00

#!/bin/bash -
#===============================================================================
#
# FILE: change_name.sh
#
# USAGE: ./change_name.sh
#
# DESCRIPTION: for change files name.
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: kk (kingkongmok@gmail.com),
# COMPANY:
# CREATED: 09/17/2010 08:48:39 AM CST
# REVISION: ---
#===============================================================================

set -o nounset # Treat unset variables as an error

WORKDIRECTORY=""
if [ $# -lt 1 ] ; then
WORKDIRECTORY=`pwd`
else
if [ -n $1 ] ; then
if [ -d $1 ]; then
WORKDIRECTORY=$1
else
echo "$1 not exists"
fi
fi
fi

FILES=""
FILES=($WORKDIRECTORY/*)

echo "WORKDIRECTORY is ${WORKDIRECTORY}"

echo "files' numb is ${#FILES[@]}"
NUMB=${#FILES[@]}
FILES_LENGTH=${#NUMB}
echo "the file numb's digit length is ${FILES_LENGTH}"
FILES_ITERATOR=""

for (( FILES_ITERATOR=0; FILES_ITERATOR<${#FILES[@]}; FILES_ITERATOR+=1 )); do
FILE_ITERATOR_LENGTH_TEMP=$((FILES_ITERATOR+1))
FILES_ITERATOR_LENGTH=${#FILE_ITERATOR_LENGTH_TEMP}
echo "FILES_ITERATOR_LENGTH is $FILES_ITERATOR_LENGTH"
ZERO_NUMB=$(( $((FILES_LENGTH)) - $((FILES_ITERATOR_LENGTH)) ))
for (( CNTR=0; CNTR<$ZERO_NUMB; CNTR+=1 )); do
echo -n "0"
done
echo "$((FILES_ITERATOR+1))${FILES[FILES_ITERATOR]##*/} "
echo
done

最牛bash

2010-09-11T11:06:00.001+08:00

注转载来自于 http://www.isspy.com/most_useful_linux_commands_1/的”最牛B的 Linux Shell 命令系列连载”文章。
个人认为作为 Linux 用户，熟练掌握 CLI 命令是一个比较基本的能力，而这篇连载文章提供了更深层次的内容，可以帮助大家学习到更多有用的内容。

编者按

本文编译自commandlinefu.com ( 应该是 Catonmat ) 的系列文章 Top Ten One-Liners from CommandLineFu Explained 。作为一个由用户推荐最有用shell命令的网站，其记录了数以万计的各色shell命令，其中不乏相当实用和有趣的，本文就要细数当中获投票最高的一些命令，从其中取材并加以细释，希望读者能从中受益。

引言

Shell作为Unix系操作系统当中最有魅力且不可或缺的组件，经过数十载的洗礼不仅没有被淘汰，而且愈加变得成熟稳健，究其原因，大概因为它是个非常稳固的粘合剂，能够把大量功能强大的组件任意配搭，总能很好很快地完成用户的任务。

本文的一些命令很可能看起来是”雕虫小技”，我们只好仰慕一下Shell大牛了，但是有些细节我会稍加发掘加以说明，遇到有趣的地方希望能博您一笑了。

1.以SUDO运行上条命令

$ sudo !!

大家应该都知sudo，不解释。但通常出现的情况是，敲完命令执行后报错才发现忘了sudo。这时候，新手用户就会：按上箭头，按左箭头，盯着光标回到开始处，输入sudo，回车；高手用户就蛋定多了，按Ctrl-p，按Ctrl-a，输入sudo，回车。
这里介绍这个是天外飞仙级别的，对，就直接sudo !!。
当然这几种解决方式效果是完全一样的，只是款不一样，嗯，不解释。
两个感叹号其实是bash的一个特性，称为事件引用符（event designators）。!!其实相当于!-1，引用前一条命令，当然也可以!-2，!-50。默认情况下bash会在~/.bash_history 文件内记录用户执行的最近500条命令，history命令可以显示这些命令。
关于事件引用符的更多用法可以深入阅读 The Definitive Guide to Bash Command Line History。

2.以HTTP方式共享当前文件夹的文件

$ python -m SimpleHTTPServer

这命令启动了Python的SimpleHTTPServer模块，考虑到Python在绝大多数的Linux发行版当中都默认安装，所以这个命令很可能是最简单的跨平台传文件的方法。
命令执行后将在本机8000端口开放HTTP服务，在其他能访问本机的机器的浏览器打开ttp://ip:8000即打开一个目录列表，点击即可下载。

3.在以普通用户打开的VIM当中保存一个ROOT用户文件

:w !sudo tee %

这题目读起来纠结，其实是很常见的，常常忘记了sudo就直接用vim编辑/etc内的文件，（不过也不一定，vim发现保存的文件无法保存时候会提示）等编辑好了，保存时候才发现没权限。曲线方法是先保存个临时文件，退出后再sudo cp回去。不过实际上在vim里面可以直接完成这个过程的，命令就是如此。
查阅vim的文档（输入:help :w），会提到命令:w!{cmd}，让vim执行一个外部命令{cmd}，然后把当前缓冲区的内容从stdin传入。
tee是一个把stdin保存到文件的小工具。
而%，是vim当中一个只读寄存器的名字，总保存着当前编辑文件的文件路径。
所以执行这个命令，就相当于从vim外部修改了当前编辑的文件，好完工。

4.切换回上一个目录

$ cd -

应该不少人都知道这个，横杆-代表上一个目录的路径。
实际上cd -就是cd $OLDPWD的简写，bash的固定变量$OLDPWD总保存着之前一个目录的路径。
相对地，$PWD总保存着当前目录的路径。这些变量在编写shell脚本时候相当有用。

5.替换上一条命令中的一个短语

$ ^foo^bar^

又是另外一个事件引用符（event designator），可以把上一条命令当中的foo替换成bar。
在需要重复运行调试一道长长的命令，需要测试某个参数时候，用这个命令会比较实用；但多数人会首先选择按上箭头提出上道命令，再移动光标去修改某参数，这样更直观，但效率上就不够使用引用符高，而且在脚本中用这个方法可以简化很多。
这道命令的原始样式应该是这样的:

!!:s/foo/bar/

本文一开始介绍过!!，后面的一段大家应该很熟悉，vim、sed的替换操作都是这样的语法。

关于事件引用符的更多用法可以深入阅读The Definitive Guide to Bash Command Line History

6.快速备份一个文件

$ cp filename{,.bak}

这道命令把filename文件拷贝成filename.bak，大家应该在一些比较复杂的安装教程里面见过这样的用法。其原理就在于bash对大括号的展开操作，filename{,.bak}这一段会被展开成filename filename.bak再传给cp，于是就有了备份的命令了。

大括号在bash里面是一个排列的意义，可以试试这个

$ echo {a,b,c}{a,b,c}{a,b,c}

将输出三个集合的全排列:

aaa aab aac aba abb abc aca acb acc
baa bab bac bba bbb bbc bca bcb bcc
caa cab cac cba cbb cbc cca ccb ccc
关于shell当中的集合操作，可深入阅读”Set Operations in the Unix Shell”

7.免密码SSH登录主机

$ ssh-copy-id remote-machine

这个命令把当前用户的公钥串写入到远程主机的~/.ssh/authorized_keys内，这样下次使用ssh登录的时候，远程主机就直接根据这串密钥完成身份校验，不再询问密码了。前提是你当前用户有生成了公钥，默认是没有的，先执行ssh-keygen试试吧！
这个命令如果用手工完成，是这样的

your-machine$ scp ~/.ssh/identity.pub remote-machine:
your-machine$ ssh remote-machine
remote-machine$ cat identity.pub >> ~/.ssh/authorized_keys

如果你想删掉远程主机上的密钥，直接打开authorized_keys，搜索你的用户名，删除那行，即可。

8.抓取LINUX桌面的视频

$ ffmpeg -f x11grab -s wxga -r 25 -i :0.0 -sameq /tmp/out.mpg

我们在一些视频网站上看到别人的3D桌面怎么怎么酷的视频，通常就是这么来的，ffmpeg可以直接解码X11的图形，并转换到相应输出格式。
ffmpeg的通常用法是，根据一堆参数，输出一个文件，输出文件通常放最后，下面解析下几个参数：
-f x11grab 指定输入类型。因为x11的缓冲区不是普通的视频文件可以侦测格式，必须指定后ffmpeg才知道如何获得输入。
-s wxga 设置抓取区域的大小。wxga是1366*768的标准说法，也可以换成-s 800×600的写法。
-r 25 设置帧率，即每秒抓取的画面数。
-i :0.0 设置输入源，本地X默认在0.0
-sameq 保持跟输入流一样的图像质量，以用来后期处理。
至于其他ffmpeg的用法，可以参考下面两篇文章：

How to Extract Audio Tracks from YouTube Videos
Converting YouTube Flash Videos to a Better Format with ffmpeg

后记

说 Shell是一种编程语言，可能有些尴尬，虽然很多人每天都在用Shell，但从来没见它荣登TIOBE编程语言排行榜之类的，可以说毫无名分，因为很多用户没意识到它是一种语言，只当做这是一个能够很好完成任务的工具，基本得理所当然，就好像GUI程序的菜单、按钮一样。

掌握 Shell，通常能够让任务在数秒钟内完成，这就让Shell跟C、Perl、Python这些语言区别开来，没人否认后者更能胜任更多的任务，但是他们是在不同的层面上去做，Shell依赖大量的系统组件黏合调用，而后者依赖各种库，各所擅长不同的应用领域，比喻就是，Shell是混凝土，可以很方便地粘合一些建筑组件而成为稳固的高楼大厦；但同样是粘合剂，粘玻璃窗、粘书报、粘皮鞋，混凝土是绝对不合适的，Shell并不擅长一些细致操作，比如它连浮点运算都不支持，更别提什么图形运算什么的。但这并不妨碍Shell来帮我们完成很多粗重任务。

Shell的工作方式，大多数入门用户会觉得枯燥难学，而所谓的经典教材也离不开《Advanced Bash-Scripting》、《Bash Guide for Beginners》，但类似本文这样的一些”雕虫小技”因为难登大雅之堂绝不会收录进去。这情况如果象国外一些unix用户比较多的地方会有很好改善，即使是新手，偶尔看看别人的操作都能”偷师”一手，我编译本系列文章其实也就希望稍微改善一下这个状况。

qemu

2010-09-09T23:52:00.001+08:00

http://www.crazysquirrel.com/computing/debian/applications/xp-under-debian-with-qemu.jspx
QEMU

QEMU is a fairly complete x86 emulator that lets you run one operating system under another. Currently it is best supported under Linux where it can host numerous other OSes. This guide looks are running Windows XP under QEMU on Debian Linux. Note: although Debian is free you must have a license for the copy of Windows XP you will be running.
Installing QEMU

the first thing to do is install QEMU. Simply use apt-get or any one of the other package managers around.

apt-get -u install qemu

Create a Virtual Hard Disk

QEMU uses a large file rather than a real partition to run the guest perating system. This means that it is very easy to create multiple guest systems on the same machine. I have chosen to install Windows XP under /var/qemu for two reasons. Firstly, my home directory is NFS shared off a server - QEMU is quite slow when performing disk access and the network delays would make this worse. Secondly, my home directory is backed up nightly and I don't want to place an undue load on the back up. Apart from these two reasons I would have created the file in my home directory.

The command below will create a file of around 3.5 GB which should be ample for XP + SP2 and a few applications. Note that you won't be working on XP under QEMU. While it's useable it is to slow to work on. I use this set up mainly to check websites in IE.

cd /var/qemu
dd of=xp.img bs=1024 seek=3500000 count=0
0+0 records in
0+0 records out
0 bytes transferred in 1*10-9 seconds (0 bytes/sec)

or

qemu-img xp.img 3.5G

I used the first version but a fair number of people claim the second is better. The main reason given is that dd will allocate the whole 3.5GB in one shot wasting space on the drive. This is actually not the case because of the use of the seek argument. I don't think there is any real difference betwen the two commands.
Install XP

Now that the virtual drive has been created it's time to install XP on it. The command below tells QEMU to boot from the "d" drive and use the /dev/cdrom device as the cdrom and the virtual drive as the first hard disk (hda). Place the XP install cd in /dev/cdrom and start QEMU. You should see a new window pop up and display the XP install sequence.

qemu -boot d -cdrom /dev/cdrom -hda xp.img
QEMU 0.6.0 monitor - type 'help' for more information

Wait...

Wait. Then wait some more while the XP install process takes place. For some reason it takes hours even on a very fast machine. Many people have pointed this out but no one seems to know why. After the install was complete my copy of XP hung on the first boot (no progress and no CPU useage). This has been reported by some people who have waited more than a day for the system to boot with no effect. I got fed up of waiting and shut the virtual machine down and restarted it. I have had this happen with real XP installs as well so I can only assume there is a bug.
Image Backups

Nows quite a good time to take a back up of the install. If something goes wrong you can then simply copy the backup over the dead version and have a fresh install.

cp xp.img clean-xp.img

Set up the Vitrual Network

In order to talk to the outside world you need to set up a virtual network card for QEMU. By default it will try and use tun. The tun device on Debian can't be accessed to by anyone but root by default which isn't very helpful so use the following commands to change that. The first two change permissions the last two load the tun module into the kernel so that tun actually works. Note that the group used here is staff. It might be users on your system.

chgrp staff /dev/net/tun
chmod g+rw /dev/net/tun
modprobe tun
echo 'tun' >> /etc/modules

I found that the group setting on the tun device was reset after a reboot but the permissions weren't. To get round this I set the permissions to 666 (rw for everyone) on the run device. Your mileage may vary of course.

chmod 666 /dev/net/tun

QEMU tries to run the /etc/qemu-ifup script with uses /sbin/ifconfig when it starts a virtual machine. In order to run this you need to give the user running the script the ability to execute ifconfig. This is done using sudo. A very basic example sudo file is shown below.

# Cmnd alias specification
Cmnd_Alias QEMU=/sbin/ifconfig

# User privilege specification
root ALL=(ALL) ALL
%staff ALL=NOPASSWD: QEMU

Note that the default Debain install of QEMU puts the tun device on 172.20.0.1 which means XP should be put on 172.20.0.2 and use 172.20.0.1 as a gateway. If your network doesn't use this block of non-routable addresses it might be worth your time changing this so that the guest OS is in your locak network IP space. I quite like it like this as it makes the virtual machine easy to seperate out on the network.

Once the settings in XP are correct you should be able to ping back and forth between host and guest machine. Setting it up so that the guest can access the Internet is a little harder and I will come to that later. If the machines can't talk to each other make sure that there isn't a firewall blocking communication. XP with SP2 has the firewall switched on by default and my Linux box blocked all non-local traffic.
Boot XP

Now it's time to boot XP. The following command should do it.

qemu -hda xp.img -boot c

I hit a bit of a snag at this point. When I tried to log in I got a message about not being able to activate Windows. Reading around I found out that this is something to do with the virtual network device. The solution, which requires some sneakyness, is given below.
Error code 0x800703e6 on Product Activation - Installing Service Pack 2

Download Windows XP Service Pack 2 while this is a big download it does mean that you won't need to use the network to install it.

Create an iso image of the file with "mkisofs -o sp2.iso "

Mount the iso image as the cdrom under qemu by using the "-cdrom " argument.

Run Service Pack 2 from the virtual CD drive. I got an error message about an "Invalid Access to Memory Location" at one point during the install but it seemed to continue without a problem.
References

* Running Microsoft Windows inside Debian: qemu
* QEMU - Debian - Linux - TUN/TAP - Network Bridge
* SP2 Reference

Other Virtual Machines
VMware
Plex86
Bochs

googlecl examplescripts

2010-09-03T20:48:00.001+08:00

ExampleScripts
Example commands and tasks GoogleCL can do.

Also see the Manual and the SystemRequirements. Note that (only) the first time you use each service, you'll need to grant authorization from a web browser.
Blogger¶

* google blogger post --tags "GoogleCL, awesome" --title "Test Post" "I'm posting from the command line"
* google blogger post blogpost.txt
* google blogger list title,url-site # List posts
* google blogger delete --title "Test Post"
* google delete --title "Silly post number [0-9]*" # Delete posts matching regex
* google tag --title "Dev post" --tags "Python, software" # label an existing post

Calendar¶

* google calendar add "Dinner party with George today at 6pm" # add event to calendar
* google calendar today # List events for today only.
* google calendar list --date 2010-06-01,2010-06-30 # List events.
* google calendar delete --title "Dinner party with George" # Delete an event.
* google calendar today list --cal .* | egrep '\[.*\]' # List all calendars

Contacts¶

* google contacts add "J. Random Hacker, jrandom@example.com"
* google contacts list name,email --title "J. Random Hacker"
* google contacts delete --title "J. Random Hacker"

Docs¶

* google docs delete --title "Evidence"
* google docs list title,url-direct --delimiter ": " # list docs
* google docs upload the_bobs.csv ~/work/docs_to_share/*

gdata-python-client >= 1.3.0 ONLY

* google docs edit --title "Shopping list" --editor vim
* google docs get --title "Homework [0-9]*"

Picasa¶

* google picasa create --title "Vermont Test" --tags Vermont vermont.jpg
* google picasa get --title "Vermont Test" /path/to/download/folder
* google picasa list title,url-direct --query "A tag"
* google picasa post --title "Vermont Test" ~/old_photos/*.jpg # Add to an album
* google picasa tag --title "Vermont Test" --tags "places"
* google picasa delete --title "Vermont Test" # delete entire album

Youtube¶

* google youtube post --category Education --devtags GoogleCL killer_robots.avi
* google youtube delete --title "killer_robots.avi"
* google youtube list # list my videos
* google youtube tag -n ".*robot.*" --tags robot

Search, Buzz, Gmail, etc.¶

We'd love to support more Google services with GoogleCL, but we're currently limited by the availability of gdata APIs.

Before hacking in our own services, it's probably best if we encourage the gdata teams to add new services (and python interfaces to those new APIs) first.

vim

2010-09-03T20:41:00.001+08:00

高效率的使用VIM

虽然从很久前就开始用 VIM 了，但一直都是半调吊子，翻来覆去只用自己会的命令。最近为了提高书写代码的效率，还有 coding 时候的乐趣，又重新钻研了一下 VIM，发现了一篇很好的 VIM 入门的文章，原文是英文版的，我觉得非常适合 VIM 使用入门，所以翻译了过来。这里是简单的介绍了 VIM 的操作方式，并没有说为什么要用 VIM，如果你想知道答案可以去 Google，VIM 被誉为编辑器之神。

这篇教程写了在不同工作模式下使用 VIM 的一些基本技巧——即插入模式（insert mode），命令模式（command mode），存取文件等。目的是帮助刚刚接触 VIM 的新手更加有效率的使用这个出色的编辑器。

说明：在这篇文章里面，代表 Ctrl + X——就是按住 Ctrl 键然后再按 X。而且你可以在很多情况下使用 :help command 来获得大部分命令的帮助，这个是 VIM 的内部帮助文件命令。

高效率移动

在插入模式之外

基本上来说，你应该尽可能少的呆在插入模式里面，因为在插入模式里面 VIM 就像一个“哑巴”编辑器一样。很多新手都会一直呆在插入模式里面，因为这样易于使用。但 VIM 的强大之处在于他的命令行模式！你会发现，在你越来越了解 VIM 之后，你就会花越来越少的时间使用插入模式了。

使用 h、j、k、l

使用 VIM 高效率编辑的第一步，就是放弃使用箭头键。使用 VIM，你就不用频繁的在箭头键和字母键之间移来移去了，这会节省你很多时间。当你在命令模式时，你可以用 h、j、k、l 来分别实现左、下、上、右箭头的功能。一开始可能需要适应一下，但一旦习惯这种方式，你就会发现这样操作的高效之处了。

在你编辑你的电子邮件或者其他有段落的文本时，你可能会发现使用方向键和你预期的效果不一样，有时候可能会一次跳过了很多行。这是因为你的段落在 VIM 看来是一个大的长长的行。这时你可以在按 h、j、k 或者 l 之前键入一个 g，这样 VIM 就会按屏幕上面的行如你所愿的移动了。

在当前行里面有效的移动光标

很多编辑器只提供了简单的命令来控制光标的移动（比如左、上、右、下、到行首/尾等）。VIM 则提供了很多强大的命令来满足你控制光标的欲望。当光标从一点移动到另外一点，在这两点之间的文本（包括这两个点）称作被“跨过”，这里的命令也被称作是 motion。（简单说明一下，后面会用到这个重要的概念）

这里是常用到的一些命令（motion）：

* fx：移动光标到当前行的下一个 x 处。很明显，x 可以是任意一个字母，而且你可以使用 ; 来重复你的上一个 f 命令。
* tx：和上面的命令类似，但是是移动到 x 的左边一个位置。（这真的很有用）
* Fx：和 fx 类似，不过是往回找。
* w：光标往前移动一个词。
* b：光标往后移动一个词。
* 0：移动光标到当前行首。
* ^：移动光标到当前行的第一个字母位置。
* $：移动光标到行尾。
* )：移动光标到下一个句子。
* ( ：移动光标到上一个句子。

在整个文件里面有效移动光标

VIM 有很多命令，可以用来到达文件里面你想到达的地方。下面是一些在文件里面移动的命令：

* ：向下移动一屏。
* ：向上移动一屏。
* G：到文件尾
* numG：移动光标到指定的行（num）。（比如 10G 就是到第 10 行）
* gg：到文件首
* H：移动光标到屏幕上面
* M：移动光标到屏幕中间
* L：移动光标到屏幕下面
* *：读取光标处的字符串，并且移动光标到它再次出现的地方。
* #：和上面的类似，但是是往反方向寻找。
* /text：从当前光标处开始搜索字符串 text，并且到达 text 出现的地方。必须使用回车来开始这个搜索命令。如果想重复上次的搜索的话，按 n。
* ？text：和上面类似，但是是反方向。
* ma：在当前光标的位置标记一个书签，名字为 a。书签名只能是小写字母。你看不见书签的存在，但它确实已经在那里了。
* `a：到书签 a 处。注意这个不是单引号，它一般位于大部分键盘的 1 的左边。
* `.：到你上次编辑文件的地方。这个命令很有用，而且你不用自己去标记它。

高效的输入

使用关键词自动完成

VIM 有一个非常漂亮的关键词自动完成系统。这表示，你可以输入一个长词的一部分，然后按一下某个键，然后 VIM 就替你完成了这个长词的输入了。举个例子：你有一个变量名为 iAmALongAndAwkwardVarName 在你写的代码的某个地方。也许你不想每回都自己一个一个字母的去输入它。

使用关键词自动完成功能，你只需要输入开始几个字母（比如 iAmAL），然后按（按住 Ctrl，再按 N）或者。如果 VIM 没有给出你想要的词，继续按，直到你满意为止，VIM 会一直循环它找到的匹配的字符串。

聪明的进入插入模式

很多新手进入插入模式都只是用 i。这样当然可以进入插入模式，但通常不是那么合适，因为 VIM 提供了很多进入插入模式的命令。下面是最常用的一些：

* i：在当前字符的左边插入
* I：在当前行首插入
* a：在当前字符的右边插入
* A：在当前行尾插入
* o：在当前行下面插入一个新行
* O：在当前行上面插入一个新行
* c{motion}：删除 motion 命令跨过的字符，并且进入插入模式。比如：c$，这将会删除从光标位置到行尾的字符并且进入插入模式。ct！，这会删除从光标位置到下一个叹号（但不包括），然后进入插入模式。被删除的字符被存在了剪贴板里面，并且可以再粘贴出来。
* d{motion}：和上面差不多，但是不进入插入模式。

有效的移动大段的文本

使用可视选择（visual selections）和合适的选择模式

不像最初的 VI，VIM 允许你高亮（选择）一些文本，并且进行操作。这里有三种可视选择模式：

* v：按字符选择。经常使用的模式，所以亲自尝试一下它。
* V：按行选择。这在你想拷贝或者移动很多行的文本的时候特别有用。
* ：按块选择。非常强大，只在很少的编辑器中才有这样的功能。你可以选择一个矩形块，并且在这个矩形里面的文本会被高亮。

在选择模式的时候使用上面所述的方向键和命令（motion）。比如，vwww，会高亮光标前面的三个词。Vjj 将会高亮当前行以及下面两行。

在可视选择模式下剪切和拷贝

一旦你高亮了选区，你或许想进行一些操作：

* d：剪贴选择的内容到剪贴板。
* y：拷贝选择的内容到剪贴板。
* c：剪贴选择的内容到剪贴板并且进入插入模式。

在非可视选择模式下剪切和拷贝

如果你很清楚的知道你想拷贝或者剪切什么，那你根本就不需要进入可视选择模式。这样也会节省时间：

* d{motion}：剪切 motion 命令跨过的字符到剪贴板。比如，dw 会剪切一个词而 dfS 会将从当前光标到下一个 S 之间的字符剪切至剪贴板。
* y{motion}：和上面类似，不过是拷贝。
* c{motion}：和 d{motion} 类似，不过最后进入插入模式。
* dd：剪切当前行。
* yy：拷贝当前行。
* cc：剪切当前行并且进入插入模式。
* D：剪切从光标位置到行尾到剪贴板。
* Y：拷贝当前行。
* C：和 D 类似，最后进入插入模式。
* x：剪切当前字符到剪贴板。
* s：和x类似，不过最后进入插入模式。

粘贴

粘贴很简单，按 p。

使用多重剪贴板

很多编辑器都只提供了一个剪贴板。VIM 有很多。剪贴板在 VIM 里面被称为寄存器（Registers）。你可以列出当前定义的所有寄存器名和它们的内容，命令为“:reg”。最好使用小写字母来作为寄存器的名称，因为大写的有些被 VIM 占用了。

使用寄存器的命令为双引号 “。

比如：我们要拷贝当前行到寄存器 k。你应该按 “kyy。（你也可以使用 V”ky。为什么这样也可以呢？）现在当前行应该已经存在了寄存器 k 里面直到你又拷贝了一些东西进入寄存器 k。现在你可以使用命令 “kp 来粘贴寄存器 k 里面的内容到你想要的位置。

避免重复

令人惊奇的 . 命令

在 VI 里面，输入 . (小数点符号），将会重复你输入的上一个命令。比如，你上个命令为“dw”（删除一个词），VI 将会接着再删除一个词。

使用数字

使用数字也是 VIM 强大的而且很节省时间的重要特性之一。在很多 VIM 的命令之前都可以使用一个数字，这个数字将会告诉 VIM 这个命令需要执行几次。比如：

* 3j 将会把光标向下移动三行。
* 10dd 将会删除十行。
* y3″ 将会拷贝从当前光标到第三个出现的引号之间的内容到剪贴板。

数字是扩展 motion 命令作用域非常有效的方法。

记录宏

有时候，你会发现你自己在文章的每段或者每行都重复相同的一系列动作。VIM 允许你记录一个宏来完成你的特殊需要。

* qregister：记录宏到寄存器 register，这里 register 是任意的你的寄存器的名字。比如 qa，将会记录并且把宏存在寄存器 a 里面。
* q：结束宏的记录。
* @register：使用存在寄存器 register 的宏。比如 @a，将会使用存在寄存器 a 里面的宏。

必须要记住的是，宏只记录了你的系列按键并且重复执行它们。它们不是魔法。因为在 VIM 里面完成目的的方法有很多，所以有时候你要小心选择命令来记录你的宏。因为它们会在所有你要执行它的地方执行。

用 VIM 写代码

VIM 是一个用来写代码的绝好编辑器，因为它有一些特性是专门为程序员而设计的。这里是一些常用的：

* ]p：和 p 的功能差不多，但是它会自动调整被粘贴的文本的缩进去适应当前代码的位置。试一下！
* %：匹配花括号、方括号、括号等。在一个括号的上面，然后按 %，鼠标就会出现在匹配的另外一半括号处。
* >>：缩进所有选择的代码
* <<：和上面类似，但是反缩进
* gd：到达光标所在处函数或者变量的定义处。
* K：在 Man 里面查找光标当前所在处的词

移动光标
上:k nk:向上移动n行 9999k或gg可以移到第一行 G移到最后一行
下:j nj:向下移动n行
左:h nh:向左移动n列
右:l nl:向右移动n列

w：光标以单词向前移动 nw：光标向前移动n个单词光标到单词的第一个字母上
b：与w相反
e: 光标以单词向前移动 ne：光标向前移动n个单词光标到单词的最后一个字母上
ge:与e相反

$:移动光标到行尾 n$:移动到第n行的行尾
0（Num）：移动光标到行首
^:移动光标到行首第一个非空字符上去

f:移动光标到当前行的字符a上，nf 移动光标到当前行的第n个a字符上
F:相反

%:移动到与制匹配的括号上去（），{}，[]，<>等。

nG:移动到第n行上 G:到最后一行

CTRL＋G 得到当前光标在文件中的位置

向前翻页：CTRL+F
向下移动半屏：CTRL＋G
向后翻页：CTRL+B

存盘：
:q! :不存盘退出
:e! :放弃修改文件内容，重新载入该文件编辑
:wq ：存盘退出

dw：删除一个单词,需将光标移到单词的第一个字母上，按dw，如果光标在单词任意位置，用daw
dnw:删除n个单词
dne:也可，只是删除到单词尾
dnl:向右删除n个字母
dnh:向左删除n个字母
dnj:向下删除n行
dnk:向上删除n行
d$：删除当前光标到改行的行尾的字母
dd：删除一行
cnw[word]:将n个word改变为word
cc:改变整行
C$:改变到行尾

J: 删除换行符，将光标移到改行，按shift+j删除行尾的换行符，下一行接上来了.
u: 撤销前一次的操作
shif+u(U):撤销对该行的所有操作。

:set showmode :设置显示工作模式

o：在当前行的下面另起一行
O（shift+o)：在当前行的上面另起一行

nk或nj：光标向上或向下移n行，n为数字
an!【ESC】：在行后面加n个感叹号(!)
nx:执行n次x(删除)操作

ZZ：保存当前文档并退出VIM

:help ：查看帮助文档，在这之中，按CTRL+] 进入超连接，按CTRL＋O 返回。
:help subject :看某一主题的帮助，ZZ 退出帮助

:set number / set nonumber :显示/不显示行号
:set ruler /set noruler:显示/不显示标尺

/pattern 正方向搜索一个字符模式
?pattern 反方向搜索一个字符模式
然后按n 继续向下找

把光标放到某个单词上面，然后按×号键，表示查找这个单词
查找整个单词：/\

:set hlsearch 高亮显示查找到的单词
:set nohlsearch 关闭改功能

m[a-z]:在文中做标记，标记号可为a-z的26个字母，用`a可以移动到标记a处

r:替换当前字符
nr字符：替换当前n个字符

查找替换：
way1:
/【word】 :查找某个word
cw【newword】:替换为新word
n: 继续查找
.: 执行替换

way2:
:s/string1/string2/g:在一行中将string1替换为string2,g表示执行用c表示需要确认
:num1,num2 s/string1/string2/g:在行num1至num2中间将string1替换为string2
:1,$ s/string1/string2/g:在全文中将string1替换为string2

v:进入visual 模式
【ESC】退出
V:shift+v 进入行的visual 模式
CTRL+V:进如块操作模式用o和O改变选择的边的大小。

粘贴：p，这是粘贴用x或d删除的文本
复制：
ynw：复制n个单词
yy：复制一行
ynl:复制n个字符
y$:复制当前光标至行尾处
nyy:拷贝n行
完了用p粘贴

:split:分割一个窗口
:split file.c ：为另一个文件file.c分隔窗口
:nsplit file.c: 为另一个文件file.c分隔窗口，并指定其行数
CTRL＋W在窗口中切换
:close：关闭当前窗口

在所有行插入相同的内容如include<，操作方法如下：
将光标移到开始插入的位置，按CTRL+V进入VISUAL模式，选择好模块后
按I（shift+i)，后插入要插入的文本，按[ESC]完成。

:read file.c 将文件file.c的内容插入到当前光标所在的下面
:0read file.c 将文件file.c的内容插入到当前文件的开始处(第0行）
:nread file.c 将文件file.c的内容插入到当前文件的第n行后面
:read !cmd :将外部命令cmd的输出插如到当前光标所在的下面

:n1,n2 write temp.c 将本文件中的n1,到n2行写入temp.c这个文件中去

CTRL＋L刷新屏幕
shift + < 左移一行
shift + > 右移一行

u: undo
CTRL+R: re-do
J: 合并一行
CTRL+p 自动完成功能
CTRL+g 查看当前文件全路径

q[a-z] 开始记录但前开始的操作为宏，名称可为【a-z】，然后用q终止录制宏。
用reg显示当前定义的所有的宏，用@[a-z]来在当前光标处执行宏[a-z].

Copyright by abnerchai, 2005.

option, options, optionsCollection

2008-12-09T15:26:00.000+08:00

http://zhidao.baidu.com/question/13087595.html

jsp通过logic:iterate或html:optionsCollection循环显示action中传过来的对象List

2008-12-08T14:27:00.000+08:00

http://www.blogjava.net/ec2008/archive/2007/09/15/145440.html

action中代码如下：

List allUser=this.getLoginServiceImpl().find();
request.setAttribute("user", allUser);
return mapping.findForward("listUser");

注：其中User对象有id和name属性

jsp显示：法一

<html:select property="school">
<html:option value="">
<bean:message key="login.select" />
html:option>
<logic:present name="user">
<logic:iterate id="user" name="user" offset="0">
<option value=""user" property="id" />">
<bean:write name="user" property="name" />
option>
logic:iterate>
logic:present>
html:select>

jsp显示：法二

<html:select property="school">
<html:optionsCollection name="user" value="id" label="name"/>
html:select>

optionsCollection标签用法：
与options标签一样，optionsCollection标签可以从集合或者是包含集合的对象里获得选项的标签/值对。在这两种情况里，集合或包含集合的对象必须是一个作用域对象，否则定制标签将无法访问它。

1.与包含集合的对象配合使用
举例：userForm动作表单有一个如下所示的ArrayList类型的userList属性，相应的set，get方法，通过在action中设置好userForm后，request.setAttribute("userForm",userForm)；
在jsp页面：

<html:select property="school">
<html:optionsCollection name="userForm"
property="userList"/>
html:select>

2.与集合配合使用
action中

ArrayList userList=new ArrayList();
userList.add(new LabelValueBean("1","haha"));
userList.add(new LabelValueBean("2","dada"));
userList.add(new LabelValueBean("3","xiaoxiao"));
request.setAttribute("userList",userList);

jsp页面

<html:select property="school">
<html:optionsCollection name="userList"
label="label" value="value"/>
html:select>

实战：Ubuntu Dapper下架设Tomcat5+MySQL5+JSP

2008-11-27T17:10:00.000+08:00

http://forum.ubuntu.org.cn/viewtopic.php?f=43&t=24111

最近正在制作一个jsp的Web应用项目，项目组内一共是四个成员，其它成员都是在Windows下工作，只有我在Linux下工作。我的工作就是进行后期的页面布局和服务器的架设，以及编码的统一（GB2312->UTF-8）。一周前在Windows下tomcat+mysql测试好的几份后台代码交到了我这里，本来没有在意服务器的架设，以为很简单，没想到怎么安装都是出错。前前后后用了一周多的时间，昨天夜里总算把服务器架起来了。在这里分享一下经验。

首先确认已经安照新手设置指南里的方法安装好了jdk，然后在系统中填加JAVA环境变量
sudo gedit /etc/bash.bashrc
在结尾处增加
export JAVA_HOME=/usr/jvm/java-1.5.0-sun
export JRE=$JAVA_HOME/jre

一、Tomcat
1、安装
sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps
2、设置
Tomcat默认的admin和manager帐号是没有启用的，可以编辑/usr/share/tomcat5/conf/tomcat-users.xml文件来启用

cd /usr/share/tomcat5/conf
sudo gedit tomcat-users.xml

在里面新增两个角色admin和manager，增加一个用户root，密码为123456(这里只是例子，用户名和密码可以自己设)，编辑后的文件为：

引用:

保存退出,重启tomcat
sudo /etc/init.d/tomcat5 restart
3、测试
这时在浏览器里打开http://127.0.0.1:8180，看见页面就说明Tomcat已经安装成功了。然后可以点击左侧的Tomcat Administration和Tomcat Manager进行管理员和站点管理页面。运行首页里左侧的Examples里面的实例可以测试一下jsp运行情况。
其实我个人觉得添加这个管理用户没有多大必要，由于权限，在管理页面进行的更改重启后又会消失。因此如果一定要在管理页面进行更改，请设定Tomcat目录的权限为所有用户可写。即sudo chmod 777 -R /usr/share/tomcat5。个人不推荐这和作法，因为这样会破坏安全性。推荐使用文本进行配置，会在后面谈到。

二、MySQL
1、安装
sudo aptitude install mysql mysql-admin mysql-client-5.0 mysql-navigator mysql-query-browser mysql-server-5.0
2、测试并建立测试帐号
安装后进入终端输入
sudo mysql -uroot
新建一个测试帐号javatest，密码为javadude,并指定可从任意主机登录，授权这个用户拥有数据库javatest的所有权限。添加一个数据库javatest

引用:

mysql>GRANT ALL PRIVILEGES ON javatest.* TO javauser@"%" IDENTIFIED BY "javadude";
mysql>create database javatest;

三、安装JDBC驱动
到http://dev.mysql.com/downloads/connector/j/5.0.html 下载驱动，仅仅解压其中的mysql-connector-java-5.0.3-bin.jar的文件，复制到/usr/share/tomcat5 /common/lib下即可。
教育网速度慢的话可以到http://mysql.mirror.edu.cn下载。
四、测试Tomcat+MySQL
添加一个虚拟目录
cd /usr/share/tomcat5/conf/Catalina/localhost
sudo gedit javatest.xml
添加如下信息：

引用:

然后进入tomcat5的webapps目录，添加一个javatest目录，并在其中添加一个文件test.jsp
cd /usr/share/tomcat5/webapps
sudo mkdir javatest
sudo gedit test.jsp
编辑里面的内容为

引用:

<%@ page contentType="text/html; charset=utf-8" %>
<%@ page language="java" %>
<%@ page import="com.mysql.jdbc.Driver" %>
<%@ page import="java.sql.*" %>
<% Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection conn=DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/javatest?user=javauser&password=javadude"); Statement stmt=conn.createStatement(); %>

建议使用这种方法进行测试，当然还有两种方法可以添加虚拟目录，一个是编辑conf下的server.xml把先前javatest.xml中的内容填加server.xml中最末页的前面。另一种方法是不必创建javatest目录，而是将test.jsp打包建立归档文件，并选择war类型，放到webapps下面，Tomcat会自动安装名为javatest的虚拟目录。

注：到目前为止可能会出现几个问题，一会儿会谈到。

接下来重启Tomcat
sudo /etc/init.d/tomcat5 restart
通常情况的话，这时便已经可以了。打开浏览器，输入http://127.0.0.1:8180，然后进入Tomcat Manager，可以看到一个名为javatest的目录，点击后会看到一个文件列表，点击其中的test.jsp。如果看到一个空白页面，说明正常。这时可以从终端登录mysql，通过命令show processlist;查看当前连接到的用户信息。

什么？打开test.jsp时只看到一片错误信息？别急，我说了，这里可能会遇到几个问题，如果是通常情况下上面的配置是正确的，就可以看到空白页面和MySQL下的连接信息了。不过目前Ubuntu自带的MySQL和Tomcat存在两个问题（我不知道算不算是BUG），因此连不上很正常。

*问题一：有可能MySQL没有使用locahost:3306，即127.0.0.1:3306，而是使用的本机IP或其它地址作为连接地址。可以通过telnet 127.0.0.1 3306来测试一下，如果是拒绝连接，就是存在这个问题了，这个和打开test.jsp里面的access denied很像。
*问题二：通过/etc/init.d/tomcat启动tomcat服务时跟本无法连接数据库，而要通过/usr/share/tomcat/bin/startup.sh来启动。

找到这个原因非常困难，一直以为问题出在jdbc驱动上，随即下载添加mysql-connnect，调试，用了一周多的时间，也没有解决问题。
好了，现在可以解决了。
首先编辑MySQL的配置文件/etc/mysql/my.cnf，将其中bind-address的默认值由本机IP换成127.0.0.1。
然后停止tomcat
sudo /etc/init.d/tomcat stop
再通过startup.sh启动tomcat
sudo /usr/share/tomcat5/bin/startup.sh
OK,这时打开浏览器，输入http://127.0.0.1:8180/javatest/test.jsp，按下回车，界面空白。终端下登录mysql，使用show processlist;查看，可以看到一个User为javauser的用户已经登录。
不过开机会自动运行/etc/init.d下的tomcat5，我一直想找到这个文件的问题所在并进行修正，不过我对shell编程不是很了解。目前的解决方法，只能是开机时禁止这个文件的运行，并使用usr/share/tomcat5/bin下的startup.sh启动服务器。

至此，大功告成！

在Ubuntu Linux下安装Tomcat

2008-11-27T15:24:00.000+08:00

http://unix-cd.com/vc/www/22/2008-07/10220.html

对Linux还不是非常熟悉，昨天摸索了一下午，发现在Ubuntu下安装Tomcat并不是很困难，几乎只用apt-get就可以搞定。写在这里记录一下。

首先要确定软件源的设置，打开“System”－“Administration”－“Software Sources”，把它调整成下面这个样子：

把那几项全部选中是个好习惯，省得在apt-get install过程中出现“无法找到软件包”的错误。

接着安装Java环境，直接sudo apt-get install sun-java6-jre sun-java6-jdk就行了，安装完成后建议用

sudo update-alternatives --config java
sudo update-alternatives --config javac

来设置一下默认的Java解释器和编译器，Linux下可能有多个Java环境，我认为还是选择SUN的比较保险。

然后就是Tomcat了：

sudo apt-get install tomcat5.5

完成之后tomcat会自动启动。如果要手工启动/重启/停止Tomcat，建议使用sudo /etc/init.d/tomcat5.5 start | restart | stop，我发现这样并不用像很多网上说的那样需要设置JAVA_HOME之类的环境变量。

Ubuntu下的Tomcat默认端口是8180，而不是Windows下通常的8080。Tomcat启动后，打开 http://localhost:8180/什么都不会看到，因为Ubuntu下的Tomcat并不带示例，当然如果你想安装示例应用，只要安装 tomcat5.5-webapps这个软件包就行了。

打开/etc/tomcat5.5/server.xml，找到

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />

这一堆，把port="8180"改成port="8080"，重启Tomcat，就会使用8080端口了，这样会习惯一些。

最后还需要设定一下Web根目录。我为了平时的方便，把它指定到了我的用户目录下。在/etc/tomcat5.5/Catalina/localhost/下创建一个xml文件，比如说是ROOT.xml，在里面加上如下的内容：

重启Tomcat，在/home/albert/Programs/JavaEE中写一个test.jsp文件，打开http://localhost:8080/test.jsp测试一下，应该就没问题了。

smbclient share printer

2007-07-17T21:49:00.000+08:00

keywords: smbclient printer howto

http://www.google.cn/search?complete=1&hl=zh-CN&newwindow=1&q=smbclient+printer+howto&meta=

http://man.chinaunix.net/linux/how/SMB-HOWTO-7.html

share virtual ip in hostonly setting in vmware standalone

2007-03-06T19:21:00.000+08:00

vmware share connection via standalone host PC

2007-03-06T19:18:00.000+08:00

the sample of vmware host setting
http://www.chinaunix.net/jh/4/374483.html

xmame's parameter

2007-02-25T20:53:00.000+08:00

http://my.opera.com/kliz/blog/xmame

### File I/O-related ###
rompath                 /media/hdb8/Emulation/mame100/roms #rom的位置
samplepath              /media/hdb8/Emulation/mame100/samples #sample声音采样的位置
inipath                 $HOME/.xmame/ini
cfg_directory           $HOME/.xmame/cfg
nvram_directory         $HOME/.xmame/nvram
memcard_directory       $HOME/.xmame/memcard
input_directory         $HOME/.xmame/inp
hiscore_directory       $HOME/.xmame/hi
state_directory         $HOME/.xmame/sta
artwork_directory       /media/hdb8/Emulation/mame100/artwork
snapshot_directory      /media/hdb8/Emulation/mame100/snap
diff_directory          $HOME/.xmame/diff
ctrlr_directory         /media/hdb8/Emulation/mame100/ctrlr
cheat_file              /home/kliz/.xmame/cheat.dat
hiscore_file            /media/hdb8/Emulation/mame100/hiscore.dat
# record                 (not set)
# playback               (not set)
log                     0
### MAME Related ###
defaultgame             dino #默认游戏，如果不指定游戏名称会使用这个
language                english
fuzzycmp                1 #模糊游戏名称匹配，会自动载入名字最相近的游戏
cheat                   1 #开启作弊
skip_gameinfo           1 #跳过游戏信息
bios                    default #
# state                  (not set)
autosave                0 #自动存档

how to ignore case in vim

2007-02-24T05:06:00.000+08:00

to make case insensitive matching in vim , just type :set ignorecase in vim command mode or set vimrc in home.
the vim also have the very useful function, syntax on, which can highlight the syntax by default
the compatible in vimrc is not recommended to check, for we only get the totally vi editing style after we confirm it. e.g. we will got A if we press up in editing mode; the u button only works at the first hit. That's not good at all.

cursor didn't show

2007-02-20T18:28:00.000+08:00

after my shutting down my X, I restart X and found the curse doesn't shown anymore. and I found this to handle it:
in the file /etc/X11/xorg.conf
join in Section "Device"
Option "HWCursor" "false"

bash script practice

2007-02-15T16:29:00.000+08:00

while (( i<100 a="1" b="2" style="display: block; padding-left: 6em; text-indent: -1em;">for f in *
do i=`echo $f|iconv -f gbk -t utf-8 -c`
`mv $f $i`
done

grep mailto dispuser$5* | sed '1,$s/.*mailto:\(.*$\".*/\1/g'

gdesklets

2007-02-13T23:35:00.000+08:00

http://www.gnome-look.org/content/show.php?content=13548
http://blog.guoshuang.com/showlog.asp?cat_id=40&log_id=3821
http://blog.vetcafe.net/2005/04/

make icewm look better

2007-02-12T21:41:00.000+08:00

kk@kk-desktop:~$ grep ^[^#] .icewm/preferences
UseMouseWheel=1 # 0/1
TaskBarShowWorkspaces=0 # 0/1
WorkspaceNames=" 1 ", " 2 ", " 3 ", " 4 "
DesktopBackgroundImage="/home/kk/Firefox_wallpaper.png"

kk@kk-desktop:~$ grep ^[^#] .icewm/startup
/usr/bin/rox -p=wd &

kk@kk-desktop:~$ ll .icewm/startup
-rwxr-xr-x 1 kk kk 34 2007-02-12 21:14 .icewm/startup

plug Section "Monitor" to enable the dpms(...? I supposed the default option is on, it doesn't need emphasize)
Option "DPMS"

then change the standby time in the Section "ServerLayout" . I've no idea about the suspend and offtime, but the standby time works.

 Option "StandbyTime"    "20"    # Turn off screen in 20 minutes
Option "SuspendTime"    "30"    # Full hibernation in 30 minutes
Option "OffTime"        "40"    # Turn off DPMS monitor

I've to admit that I made a big mistake. Last time I read the manual in icewm it mention about the gnome-look setting icewm-gnome-config is recommended to install. But I tried and failed.
This time I use startx instead of gdm to start icewm, the gnome-config works!

~/.gtkrc-2.0 for icewm

2007-02-12T21:26:00.000+08:00

other not-gnome windows-manager may has font problem while using gtk user interface. saying ICEWM.
to avoid this problem we should config some issue, :
1. build a file ~/.gtkrc-2.0:

    style "user-font"
{
#   font_name="Tahoma,SimSun 9"
font_name="Bitstream Vera Sans, WenQuanYi Bitmap Song 12"
}
widget_class "*" style "user-font"

gtk-font-name = "Bitstream Vera Sans, WenQuanYi Bitmap Song 12"
#    gtk-theme-name = "Clearlooks-DeepSky"
#    gtk-icon-theme-name = "Sude"

make sure the follow parameter works, and we can write this in ./Xsession

 export GTK2_RC_FILES="~/.gtkrc-2.0:$GTK2_RC_FILES"

and also, if we found that file doesn't work, we have to plug some sentence in it:

  # create temp file for X resources
XRESOURCES=`mktemp /tmp/xrdb.XXXXXX`

# Has to go prior to merging Xft.xrdb, as its the "Defaults" file
#test -r $HOME/.Xdefaults && cat $HOME/.Xdefaults >> $XRESOURCES

cat >> $XRESOURCES <<>> $XRESOURCES

# load all X resources
xrdb -nocpp -merge $XRESOURCES
rm -f $XRESOURCES


    #注：这段代码是从 xfce 的启动脚本里提取出来的。(/etc/xdg/xfce4/xinitrc)


and if you are a left-hand and want the left and right key to be reserved, try this:
xmodmap -e "pointer = 3 2 1" # 设置为惯用左手鼠标

how to play xmame with joystick

2007-02-11T13:59:00.000+08:00

put this parameter in to the xmame config file
jt 1
jdev /dev/input/js0
usbpspad 1

echo -n "jt 1
jdev /dev/input/js0
usbpspad 1" >> ~/.xmame/xmamerc

what the hell is cp -a?

2007-02-11T03:12:00.000+08:00

cp -a, the parameter -a include 3 parameter below
-R, -r, --recursive
copy directories recursively
-P, --no-dereference
never follow symbolic links
--preserve[=ATTR_LIST]
preserve the specified attributes (default: mode,owner‐
ship,timestamps) and security contexts, if possible additional
attributes: links, all

light GUI icewm+rox-filer

2007-02-11T02:50:00.000+08:00

http://www.gnome-cn.org/documents/howto/set-default-gtk-font-theme/?searchterm=gtk%20%E5%AD%97%E4%BD%93%20%E5%B0%8F

IceWm is a Window Manager for X Window System. It is fast and
memory-efficient, and it provides many different looks including Windows'95,
OS/2 Warp 3,4, Motif. It tries to take the best features of the above
systems. Additional features include multiple workspaces, opaque move/resize,
task bar, window list, mailbox status, digital clock.
ROX-Filer is a simple and easy to use graphical file manager
for X11 based on the GTK2 library. It uses a uniform
drag-and-drop approach for every operation.
dpkg -L icewm and you should read the config file in /etc/X11/icewm location. Take these out of the folder and put it in home's corresponded position..
About the file manager's file double clicking function, we can refer it from right click-set key function. .

backup your apt deb packages for local source

2007-02-05T09:13:00.000+08:00

http://forum.ubuntu.org.cn/viewtopic.php?t=32554

create a packages index:

sudo apt-get install dpkg-dev
sudo dpkg-scanpackages packs /dev/null |gzip > packs/Packages.gz

the source includes 4 kinds of different packages called main/restricted/universe/multiverse, we can find these in each site like this:

main “.....DIR”/packs/dists/edgy/main/binary-i386/
restricted “.....DIR”/packs/dists/edgy/restricted/binary-i386/
universe “.....DIR”/packs/dists/edgy/universe/binary-i386/
multiverse “.....DIR”/packs/dists/edgy/multiverse/binary-i386/

we have make sure the packages index "Packages.gz" in the right position,
put the packages.gz under the binary-i386 document and change the /etc/apt/source.list setting.

link all your own packages to /var/cache/apt/archives/

conflict between scim and wine

2007-02-03T23:11:00.000+08:00

scim 1.4.4-4ubuntu6
wine 0.9.29-0ubuntu1~edgy1

http://forum.ubuntu.org.cn/viewtopic.php?t=36322&highlight=scim+easy+wine

a shell script for rename

2007-02-02T16:08:00.000+08:00

i=1; for f in *; do mv $f ${i}.zip; (( i++ )); done

perl -le' $i = 1;foreach (@ARGV) { rename $_, $i++ }' *

Advanced Bash-Scripting Guide
http://www.linuxsir.org/main/doc/abs/abs3.7cnhtm/

and for change the character code from gb2312 to utf-8:

for f in *
do i=`echo $f|iconv -f gbk -t utf-8 -c`
`mv $f $i`
done

Improve your chinese viewing

2007-02-01T23:42:00.000+08:00

Almost all the guideline for chinese support must have this.

sudo fontconfig-voodoo -f -s zh_CN

This step is not trivial to correctly display your characters of other language such as chinese, korean, japanese. In order to configure correctly, you must have the locale support. Like for example above, you must have zh_CN locale installed.
List all fontconfig that you can configure.

sudo fontconfig-voodoo -l

Check you current fontconfig,

sudo fontconfig-voodoo -c

It's equal to following:

sudo ln -sf /usr/share/language-selector/fontconfig/zh_CN /etc/fonts/language-selector.conf

check the /etc/font/fonts.conf, the below sentance explain the job of the /etc/fonts/language-selector.conf

language-selector.conf

Vim Commands Cheat Sheet

2007-01-30T10:08:00.000+08:00

How to Exit

:q[uit]	Quit Vim. This fails when changes have been made.
:q[uit]!	Quit without writing.
:cq[uit]	Quit always, without writing.
:wq	Write the current file and exit.
:wq!	Write the current file and exit always.
:wq {file}	Write to {file}. Exit if not editing the last
:wq! {file}	Write to {file} and exit always.
:[range]wq[!]	[file] Same as above, but only write the lines in [range].
ZZ	Write current file, if modified, and exit.
ZQ	Quit current file and exit (same as ":q!").

Editing a File

:e[dit]	Edit the current file. This is useful to re-edit the current file, when it has been changed outside of Vim.
:e[dit]!	Edit the current file always. Discard any changes to the current buffer. This is useful if you want to start all over again.
:e[dit] {file}	Edit {file}.
:e[dit]! {file}	Edit {file} always. Discard any changes to the current buffer.
gf	Edit the file whose name is under or after the cursor. Mnemonic: "goto file".

Inserting Text

a	Append text after the cursor [count] times.
A	Append text at the end of the line [count] times.
i	Insert text before the cursor [count] times.
I	Insert text before the first non-blank in the line [count] times.
gI	Insert text in column 1 [count] times.
o	Begin a new line below the cursor and insert text, repeat [count] times.
O	Begin a new line above the cursor and insert text, repeat [count] times.

Inserting a file

:r[ead] [name]	Insert the file [name] below the cursor.
:r[ead] !{cmd}	Execute {cmd} and insert its standard output below the cursor.

Deleting Text

<> or x	Delete [count] characters under and after the cursor
X	Delete [count] characters before the cursor
d{motion}	Delete text that {motion} moves over
dd	Delete [count] lines
D	Delete the characters under the cursor until the end of the line
{Visual}x or {Visual}d	Delete the highlighted text (for {Visual} see Selecting Text).
{Visual}CTRL-H or {Visual}	When in Select mode: Delete the highlighted text
{Visual}X or {Visual}D	Delete the highlighted lines
:[range]d[elete]	Delete [range] lines (default: current line)
:[range]d[elete] {count}	Delete {count} lines, starting with [range]

Changing (or Replacing) Text

r{char}	replace the character under the cursor with {char}.
R	Enter Insert mode, replacing characters rather than inserting
~	Switch case of the character under the cursor and move the cursor to the right. If a [count] is given, do that many characters.
~{motion}	switch case of {motion} text.
{Visual}~	Switch case of highlighted text

Substituting

:[range]s[ubstitute]/{pattern}/{string}/[c][e][g][p][r][i][I] [count]	For each line in [range] replace a match of {pattern} with {string}.
:[range]s[ubstitute] [c][e][g][r][i][I] [count] :[range]&[c][e][g][r][i][I] [count]	Repeat last :substitute with same search pattern and substitute string, but without the same flags. You may add extra flags

The arguments that you can use for the substitute commands:
[c]  Confirm each substitution.  Vim positions the cursor on the matching
 string.  You can type:
     'y'      to substitute this match
     'n'      to skip this match
        to skip this match
     'a'      to substitute this and all remaining matches {not in Vi}
     'q'      to quit substituting {not in Vi}
     CTRL-E  to scroll the screen up {not in Vi}
     CTRL-Y  to scroll the screen down {not in Vi}.
[e]     When the search pattern fails, do not issue an error message and, in
 particular, continue in maps as if no error occurred. 
[g]  Replace all occurrences in the line.  Without this argument,
 replacement occurs only for the first occurrence in each line.
[i]  Ignore case for the pattern. 
[I]  Don't ignore case for the pattern. 
[p]  Print the line containing the last substitute.

Copying and Moving Text

"{a-zA-Z0-9.%#:-"}	Use register {a-zA-Z0-9.%#:-"} for next delete, yank or put (use uppercase character to append with delete and yank) ({.%#:} only work with put).
:reg[isters]	Display the contents of all numbered and named registers.
:reg[isters] {arg}	Display the contents of the numbered and named registers that are mentioned in {arg}.
:di[splay] [arg]	Same as :registers.
["x]y{motion}	Yank {motion} text [into register x].
["x]yy	Yank [count] lines [into register x]
["x]Y	yank [count] lines [into register x] (synonym for yy).
{Visual}["x]y	Yank the highlighted text [into register x] (for {Visual} see Selecting Text).
{Visual}["x]Y	Yank the highlighted lines [into register x]
:[range]y[ank] [x]	Yank [range] lines [into register x].
:[range]y[ank] [x] {count}	Yank {count} lines, starting with last line number in [range] (default: current line), [into register x].
["x]p	Put the text [from register x] after the cursor [count] times.
["x]P	Put the text [from register x] before the cursor [count] times.
["x]gp	Just like "p", but leave the cursor just after the new text.
["x]gP	Just like "P", but leave the cursor just after the new text.
:[line]pu[t] [x]	Put the text [from register x] after [line] (default current line).
:[line]pu[t]! [x]	Put the text [from register x] before [line] (default current line).

Undo/Redo/Repeat

u	Undo [count] changes.
:u[ndo]	Undo one change.
CTRL-R	Redo [count] changes which were undone.
:red[o]	Redo one change which was undone.
U	Undo all latest changes on one line. {Vi: while not moved off of it}
.	Repeat last change, with count replaced with [count].

Moving Around

Basic motion commands:

       k              
     h   l          
       j

h or	[count] characters to the left (exclusive).
l or or	[count] characters to the right (exclusive).
k or or CTRL-P	[count] lines upward
j or or CTRL-J or or CTRL-N	[count] lines downward (linewise).
0	To the first character of the line (exclusive).
	To the first character of the line (exclusive).
^	To the first non-blank character of the line
$ or	To the end of the line and [count - 1] lines downward
g0 or g	When lines wrap ('wrap on): To the first character of the screen line (exclusive). Differs from "0" when a line is wider than the screen. When lines don't wrap ('wrap' off): To the leftmost character of the current line that is on the screen. Differs from "0" when the first character of the line is not on the screen.
g^	When lines wrap ('wrap' on): To the first non-blank character of the screen line (exclusive). Differs from "^" when a line is wider than the screen. When lines don't wrap ('wrap' off): To the leftmost non-blank character of the current line that is on the screen. Differs from "^" when the first non-blank character of the line is not on the screen.
g$ or g< end&gr;	When lines wrap ('wrap' on): To the last character of the screen line and [count - 1] screen lines downward (inclusive). Differs from "$" when a line is wider than the screen. When lines don't wrap ('wrap' off): To the rightmost character of the current line that is visible on the screen. Differs from "$" when the last character of the line is not on the screen or when a count is used.
f{char}	To [count]'th occurrence of {char} to the right. The cursor is placed on {char} (inclusive).
F{char}	To the [count]'th occurrence of {char} to the left. The cursor is placed on {char} (inclusive).
t{char}	Till before [count]'th occurrence of {char} to the right. The cursor is placed on the character left of {char} (inclusive).
T{char}	Till after [count]'th occurrence of {char} to the left. The cursor is placed on the character right of {char} (inclusive).
;	Repeat latest f, t, F or T [count] times.
,	Repeat latest f, t, F or T in opposite direction [count] times.
-	[count] lines upward, on the first non-blank character (linewise).
+ or CTRL-M or	[count] lines downward, on the first non-blank character (linewise).
_	[count] - 1 lines downward, on the first non-blank character (linewise).
or G	Goto line [count], default last line, on the first non-blank character.
or gg	Goto line [count], default first line, on the first non-blank character.
or w	[count] words forward
or W	[count] WORDS forward
e	Forward to the end of word [count]
E	Forward to the end of WORD [count]
or b	[count] words backward
or B	[count] WORDS backward
ge	Backward to the end of word [count]
gE	Backward to the end of WORD [count]

These commands move over words or WORDS.

A word consists of a sequence of letters, digits and underscores, or a sequence of other non-blank characters, separated with white space (spaces, tabs, ). This can be changed with the 'iskeyword' option.

A WORD consists of a sequence of non-blank characters, separated with white space. An empty line is also considered to be a word and a WORD.

(	[count] sentences backward
)	[count] sentences forward
{	[count] paragraphs backward
}	[count] paragraphs forward
]]	[count] sections forward or to the next '{' in the first column. When used after an operator, then the '}' in the first column.
][	[count] sections forward or to the next '}' in the first column
[[	[count] sections backward or to the previous '{' in the first column
[]	[count] sections backward or to the previous '}' in the first column

Marks

m{a-zA-Z}	Set mark {a-zA-Z} at cursor position (does not move the cursor, this is not a motion command).
m' or m`	Set the previous context mark. This can be jumped to with the "''" or "``" command (does not move the cursor, this is not a motion command).
:[range]ma[rk] {a-zA-Z}	Set mark {a-zA-Z} at last line number in [range], column 0. Default is cursor line.
:[range]k{a-zA-Z}	Same as :mark, but the space before the mark name can be omitted.
'{a-z}	To the first non-blank character on the line with mark {a-z} (linewise).
'{A-Z0-9}	To the first non-blank character on the line with mark {A-Z0-9} in the correct file
`{a-z}	To the mark {a-z}
`{A-Z0-9}	To the mark {A-Z0-9} in the correct file
:marks	List all the current marks (not a motion command).
:marks {arg}	List the marks that are mentioned in {arg} (not a motion command). For example:

Searching

/{pattern}[/]	Search forward for the [count]'th occurrence of {pattern}
/{pattern}/{offset}	Search forward for the [count]'th occurrence of {pattern} and go {offset} lines up or down.
/	Search forward for the [count]'th latest used pattern
//{offset}	Search forward for the [count]'th latest used pattern with new. If {offset} is empty no offset is used.
?{pattern}[?]	Search backward for the [count]'th previous occurrence of {pattern}
?{pattern}?{offset}	Search backward for the [count]'th previous occurrence of {pattern} and go {offset} lines up or down
?	Search backward for the [count]'th latest used pattern
??{offset}	Search backward for the [count]'th latest used pattern with new {offset}. If {offset} is empty no offset is used.
n	Repeat the latest "/" or "?" [count] times.
N	Repeat the latest "/" or "?" [count] times in opposite direction.

Selecting Text (Visual Mode)

To select text, enter visual mode with one of the commands below, and use motion commands to highlight the text you are interested in. Then, use some command on the text.

The operators that can be used are:
 ~  switch case
 d  delete
 c  change
 y  yank
 >  shift right
 <  shift left
 !  filter through external command
 =  filter through 'equalprg' option command
 gq  format lines to 'textwidth' length

v	start Visual mode per character.
V	start Visual mode linewise.
	exit Visual mode without making any changes

How to Suspend

CTRL-Z	Suspend Vim, like ":stop". Works in Normal and in Visual mode. In Insert and Command-line mode, the CTRL-Z is inserted as a normal character.
:sus[pend][!] or :st[op][!]	Suspend Vim. If the '!' is not given and 'autowrite' is set, every buffer with changes and a file name is written out. If the '!' is given or 'autowrite' is not set, changed buffers are not written, don't forget to bring Vim back to the foreground later!

easywine

2007-01-29T22:41:00.000+08:00

deb package for ubuntu
deb http://archive.ubuntu.org.cn/ubuntu-cn edgy main universe multiverse restricted

Beryl @ Edgy with nVIDIA Driver

2007-01-28T01:26:00.001+08:00

http://my.opera.com/anguste/blog/index.dml/tag/Edgy
Monday, 25. December 2006, 09:23:37

Driver, Edgy, ubuntu, Linux ...
有这样几篇文章可以参考：
http://wiki.beryl-project.org/index.php/Install/Ubuntu/Edgy/nVIDIA
http://www.ubuntuforums.org/showthread.php?t=263851
http://doc.gwos.org/index.php/BerylOnEdgy

略简单概括：

添加sources

sudo gedit /etc/apt/sources.list

加入如下两个

deb http://ubuntu.beryl-project.org edgy main
deb http://nvidia.limitless.lupine.me.uk/ubuntu edgy stable

运行命令获取key

wget http://ubuntu.beryl-project.org/root@lupine.me.uk.gpg -O- | sudo apt-key add -

完成以后还是老规矩

sudo apt-get update

下载安装nVIDIA驱动

sudo apt-get install nvidia-glx

过程中会提示同时更新linux-restricted-modules和linux-restricted-modules-common的包，反正也不大。

由于restricted modules的变更，在完成后需要再次升级一下

sudo apt-get upgrade

然后可以配置X

sudo nvidia-xconfig

需要开启Composite

sudo gedit /etc/X11/xorg.conf

在Screen模块下添加一行

Option "AddARGBGLXVisuals" "True"

在Device模块下添加一行

Option "TripleBuffer" "True"

完成之后重启，驱动就算装好了。

随后安装Beryl

sudo apt-get install beryl-core beryl-plugins beryl-plugins-data emerald beryl-settings beryl-manager beryl beryl-dev emerald-themes

在System-Preferences-Sessions的Startup项中加入beryl-manager就可以在每次启动时运行Beryl了。

remove the "update-manager"

2007-01-28T00:32:00.000+08:00

rm -f /root/etc/xdg/autostart/update-notifier.desktop
rm -f /root/usr/share/autostart/adept_notifier_auto.desktop

colourshell.sh

2007-01-25T08:57:00.000+08:00

# colourshell.sh

# Please copy these into a file named .colourshell.sh at home. Then plus ". .colourshell.sh"
# to the the .bashrc.

# In an interactive Bash shell, cycles through a sequence of colours,
# one per command, so that you can more easily see where one finishes
# and the next starts.

# (C) 2006 Philip Endecott
# See http://chezphil.org/colourshell/ for more information.

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.


# As far as I'm aware this won't work in any shells other than bash
# because it uses bash-specific features.

# To try it out, source this file into an interactive shell:
# source /path/to/colourshell.sh

# For permanent use this file should be sourced from your bash startup
# script(s).
#
# Bash may execute various different startup scripts; see the
# INVOCATION section of the bash man page for details.  To have this
# script called for both login shells (e.g. virtual consoles) and
# non-login shells (e.g. xterms) you need to call it from both
# .bash_profile and .bashrc.  .bashrc may also be called for
# non-interactive shells; to avoid running this in that case you can
# enclose the source command in an if block that tests for
# interactivity by checking for PS1:
#
# if [ "$PS1" ]
# then
#   source /path/to/colourshell.sh
# fi

# Source this from somewhere near the end of those files.  In
# particular, source it from after any code that sets the prompt
# variables (PS1 etc.) since this code adds its stuff to the existing
# PS1 setting.

# If your startup scripts don't set PS1 to PS4, things could get
# interesting if you start one shell inside another: this code will be
# called twice!  It should still work, but ideally this script would
# scrub any existing colour-setting codes from the prompts before
# adding its own.

# This code generates colour-changing escape sequences using the tput
# program.  This is a simple utility that uses the termcap database to
# look up escape sequences for the current terminal.  It seems to be
# included in the major Linux distributions.  For details, see "man
# tput" and "man 5 terminfo".  In particular see the "Color Handling"
# section of "man 5 terminfo".

# Most terminals with colour support have 8 colours.  An exception is
# rxvt-unicode (and other rxvts?) which claims to have 88.  This script
# doesn't know what to do with any other cases, so gives up immediately
# without error.

ncolours=`tput colors`
case $ncolours in
8) ;;
88) ;;
*) return 0 ;;
esac

# The following are the standard colour codes; see "man 5 terminfo".

setaf_black=`tput setaf 0`
setaf_blue=`tput setaf 1`
setaf_green=`tput setaf 2`
setaf_cyan=`tput setaf 3`
setaf_red=`tput setaf 4`
setaf_magenta=`tput setaf 5`
setaf_yellow=`tput setaf 6`
setaf_white=`tput setaf 7`

# For 88-colour rxvt-unicode these 8 colours are near-enough right.
# Try something like this to see the available colours:
#
# i=0
# while true
# do
#   tput setaf $i
#   echo "$i: Hello World"
#   i=$(($i+1))
# done

# Define the colours to use.
# Set prompt_colour to the escape sequence for the colour to use for
# the prompt, and cmd_colours (an array) to the escape sequences for
# the colours to use for the commands, in turn.

declare -a cmd_colours

# A complicating factor is that we don't know whether this terminal
# has a white / light-coloured background or a black / dark-coloured
# background.  This should influence our choice of colours.

# Here is a heuristic: virtual consoles have TERM=linux and are
# white-on-black, while X terminals and similar have TERM=xterm and
# are black-on-white.

case $TERM in
linux)   background=dark ;;
*xterm*) background=light ;;
*)       background=light ;;
esac

# Choose colours, based on the guessed background colour:

case $background in
dark)  prompt_colour=$setaf_white
      cmd_colours=($setaf_cyan $setaf_magenta $setaf_yellow) ;;
light) prompt_colour=$setaf_black
      cmd_colours=($setaf_blue $setaf_green $setaf_red) ;;
esac

# This variable tracks which command colour is currently in use:

declare -i cmd_colour_index=-1

# This function increments cmd_colour_index modulo the number of
# command colours:

function next_colour() {
 cmd_colour_index=$(( ($cmd_colour_index+1) % (${#cmd_colours[*]}) ))
}

# PROMPT_COMMAND is a bash builtin variable that names a command to
# run before each prompt.  (This will override any existing use of
# this variable; how can multiple commands be chained together?)

PROMPT_COMMAND=next_colour

# This function returns the escape sequence for the current command
# colour, from the array defined above:

function cmd_colour() {
 echo ${cmd_colours[$cmd_colour_index]}
}

# Define the prompt variables.  For each one we encapsulate the
# current setting between a prefix and a suffix; the prefix sets the
# colour for the prompt and the suffix sets the colour for the
# command.

# \[ ... \] are used around non-printing characters and are needed so
# that Bash correctly calculates the screen position.  Functions can
# be called using `...`, as long as the promptvars option is enabled:

shopt -s promptvars

prompt_prefix="\\[${prompt_colour}\\]"
prompt_suffix='\[`cmd_colour`\]'

PS1="${prompt_prefix}${PS1}${prompt_suffix}"
PS2="${prompt_prefix}${PS2}${prompt_suffix}"
PS3="${prompt_prefix}${PS3}${prompt_suffix}"
PS4="${prompt_prefix}${PS4}${prompt_suffix}"

remove the volumn icon on desktop

2007-01-22T17:26:00.000+08:00

gconf-editor

apps->nautilus->desktop->volumes_visible
3:03 PM 我给你找找最简单的

sudo perl -pi -e 's/=.*/=GNOME;Applications;Settings/ if /^Categories/; s/^/#/ if /^NoDisplay/' /usr/share/applications/gconf-editor.desktop

new im tool for qq protocol

2007-01-10T10:17:00.000+08:00

http://planet.time.net.my/TechnologyPark/evadeb/
Eva apt 存档 (非官方)
Eva 是一个可以与腾讯 QQ 互通的、基于 KDE 的自由软件即时通信工具。详情请参阅:
http://sourceforge.net/projects/evaq

本网站为 Eva 的 Debian apt 存档。目前只提供 Debian sid 包。

使用方法:
1. 将下面的行添加到您的 /etc/apt/sources.list 文件中:
deb http://planet.time.net.my/TechnologyPark/evadeb ./
2. 运行: apt-get update
3. 运行: apt-get install eva 或使用 aptitude 安装 "eva" 包

setup chinese input methon in en_US local

2007-01-09T08:41:00.000+08:00

- fullfil the file as follow
kk:/home/kk# cat /etc/locale.gen
en_US.UTF-8 UTF-8
zh_CN.UTF-8 UTF-8

- use locale-gen command to create a new locale

- install scim, scim-pinyin, imswitch.

- copy the documentation from /etc/X11/xinit/xinput.d/scim to /etc/X11/Xsession.d/90im-switch
don't forget use "export" in front of each line declare.

in ubuntu's fcitx:

sudo apt-get install im-switch

make sure the fcitx file in /etc/X11/xinit/xinput.d/, and the file have some declare, or even copy this declare into the /ect/X11/Xsession.d/90im-switch.
http://forum.ubuntu.org.cn/viewtopic.php?t=33401&highlight=fcitx
Force the IM modules can works in en locale.

"/usr/lib/gtk-2.0/2.4.0/immodules/im-xim.so"
"xim" "X Input Method" "gtk20" "/usr/share/locale" "en:ko:ja:th:zh"

firefox加速

2006-11-01T17:24:00.000+08:00

firefox 加速具体方法如下：
启动FireFox，在地址栏中输入“about:config”，页面中找出以下选项（如果没有就新建一个）： “nglayout.initialpaint.delay”（默认值为250，更改为0）；“network.http.pipelining”（默认值为false，更改为true）；“network.http.proxy.pipelining”（默认值为false，更改为true）； “network.http.pipelining.maxrequests”（默认值为4，更改为8）完成设置后保存退出。

似乎还可以修改/usr/bin/firefox
export MOZ_DISABLE_PANGO=1

重新打开FireFox，这时候就会发现浏览网页的速度比修改之前要快多了。

virtual host in apache2

2006-10-20T01:56:00.000+08:00

1, declare/unify all the virtual host with IP in /etc/hosts file or DNS.
2, plus the content as follow in the /etc/apache2/sites-enabled/000-default:

DocumentRoot /tmp/test
ServerName kk.org

# as least your must declare to parameter, the documentroot and servername.
be mind that all the servername you want to display must be declare in hosts or DNS.

ftpd

2006-10-18T21:51:00.000+08:00

edit the /etc/vsftpd as follow:
local_enable=YES
write_enable=YES
chroot_local_user=YES
then restart vsftpd, the local user is enable now.
plus the follow inside the file mentioned upsite:
user_config_dir=/etc/vsftpd/vsftpd_user_conf
then we make the directory as clue
mkdir -p /etc/vsftpd/vsftpd_user_conf , be mind that it must be a dir.
then create the file and modify your user:
echo XXX > ftpuser
local_root=PATH to directory就可以更改用户的home directory
local_max_rate=XXXX就可以限制此用户的带宽.
cmds_allowed=XXXXX, 此用户可以使用的指令

authentication for http

2006-10-09T23:51:00.000+08:00

step 1: edit /etc/apache2/site-enable/000-default:
DocumentRoot /var/www/

Options FollowSymLinks
AllowOverride authconfig
#none for default, authconfig make authen enable
authtype basic
authname 'testing'
authuserfile /etc/apache2/password
#mark the password file location
require user htpass
#"Require valid-user #all valid user" require valid user is default,

step 2: create a password file "password" with a user "htpass":
htpasswd -c /etc/apache2/password htpass

more apache setting in :
http://debian.ha.cn/htmldata/5/2005_10/article_176_1.html

pure-ftpd-mysql setting

2006-09-19T23:17:00.000+08:00

http://www.linuxsky.net/html/200604/2948.html
首先必须确定本地用户能登录，否则的话
#cp /usr/sbin/pure-ftpd-mysql /usr/sbin/pure-ftpd 。
使用mysql的root帐号比较方便，所以是
grant all privileges on FTP.* to localhost identified by '123456'
最后PureFTP User Management能使用的话而虚拟用户不能使用的话就是pureftpd的设置问题了，注意ftp根目录和ftp用户的所属关系。
必须在系统里面建立一个名为ftp的用户，当然也要把/etc/pure-ftpd/conf/NoAnonymous 改为no。
我是这个做的：useradd ftp -g ftpgroup -d /yourftpdir -s /etc

remind

2006-09-07T16:25:00.000+08:00

在哪里能找到免费的域名
forum.prayaya.com中这个forum代表什么，怎么能实现
vsftpd的3种登陆方式：
http://www.linuxsir.org/bbs/showthread.php?t=270044
http://linux.chinaunix.net/docs/2006-08-29/2589.shtml
正则表达式 Regular Expression
ssh对于内网的应用
http://linuxsir.org/bbs/showthread.php?t=37295
http://linuxsir.org/bbs/showthread.php?t=274449

make cloop tool

2006-09-07T10:12:00.000+08:00

#!/bin/bash
#引导程序
BOOTLOADER=""
#制作ISO
MKBOOTISO=""
#制作CLOOP文件
MKCLOOP=""
#源
SOURCE=""
#是否使用日期结尾的文件名？
USEDATE=""
#程序名
PROGRAMNAME=$0
#压缩算法
COMPRESS="9"
#清空临时文件
FLUSH=""
#帮助
usage()
{
echo "使用方法:$PROGRAMNAME [选项]
选项：
-h 本页
-7 使用7zip压缩，压缩率比默认的gzip略高，但所花时间会多很多
-b 指定引导程序(小写grub或isolinux，缺省为isolinux)
-c 目标cloop文件名
-d 在目标ISO文件名加上日期、时间
-f 清除制作时的一些临时文件
-i 目标ISO文件名
-s 源目录/cloop文件名"
return 1
}
while [ -n "$1" ]; do
case $1 in
-h) usage;shift 1;; # 帮助
-b) shift 1;BOOTLOADER=$1;shift 1;;
-i) shift 1;MKBOOTISO=$1;shift 1;;
-c) shift 1;MKCLOOP=$1;shift 1;;
-s) shift 1;SOURCE=$1;shift 1;;
-d) shift 1;USEDATE="yes";;
-7) shift 1;COMPRESS="-1";shift 1;;
-f) shift 1;FLUSH="yes";;
--) shift;break;; # 已经没有选项
-*) echo "错误：没有$1选项. $0 -h查看帮助";;
*) break;;
esac
done
make_cloop()
{
TYPE=$(file $SOURCE |cut -f 2 -d " ")
if [ "$TYPE" == "ISO" ];then
/usr/bin/create_compressed_fs -B 65536 -L $COMPRESS -r $SOURCE $MKCLOOP
return 0
else
mkisofs -R -U -V "inlsd.org filesystem" -publisher "INLSD www.inlsd.org" -hide-rr-moved -cache-inodes -no-bak -pad $SOURCE |/usr/bin/create_compressed_fs -L $COMPRESS -B 65536 -r - $MKCLOOP
return 0
fi
return 1
}
make_boot_iso()
{
if [ -z "$BOOTLOADER" ] -o [ "$BOOTLOADER" == "isolinux" ];then
mkisofs -pad -l -r -J -v -V "INLSD SYSTEM" -no-emul-boot -boot-load-size 4 -boot-info-table -b boot/isolinux/isolinux.bin -c boot/isolinux/boot.cat -hide-rr-moved -o $MKBOOTISO $SOURCE
return 0
elif [ "$BOOTLOADER" == "grub" ];then
mkisofs -pad -l -r -J -v -V "INLSD SYSTEM" -no-emul-boot -boot-load-size 4 -boot-info-table -b boot/grub/stage2_eltorito -hide-rr-moved -o $MKBOOTISO $SOURCE
return 0
else
echo "错误！-b参数不是grub或isolinux！"
fi
return 1
}
if [ ! -x /usr/bin/create_compressed_fs ];then
echo "错误，没有cloop工具。"
exit 1
fi
if [ ! -x /usr/bin/mkisofs ];then
echo "错误，没有mkisofs工具。"
exit 1
fi
if [ -n "$USEDATE" ];then
MKBOOTISO=$(echo $MKBOOTISO|sed 's/\.[iI][Ss][Oo]$//g')$(date +%Y%m%d-%H%M%S).iso
fi
if [ -n "$MKBOOTISO" -a -n "$MKCLOOP" ];then
echo "错误！-i参数不能与-c或-d参数同时使用！"
exit 1
fi
if [ -n "$FLUSH" -a -n "$MKCLOOP" ];then
rm -rf $SOURCE/.??* $SOURCE/home/* $SOURCE/home/.??* $SOURCE/root/* $SOURCE/root/.??* $SOURCE/etc/sysconfig/* $SOURCE/var/cache/apt/*cache.bin $SOURCE/var/tmp/* $SOURCE/var/tmp/.??* $SOURCE/tmp/* $SOURCE/tmp/.??* $SOURCE/var/lib/apt/lists/debian.cn99.com*
rm $SOURCE/mnt/*
rmdir $SOURCE/media/*
touch $SOURCE/etc/sysconfig/xsession-commands
fi
if [ -n "$MKBOOTISO" ];then
make_boot_iso
elif [ -n "$MKCLOOP" ];then
make_cloop
else
usage
fi

小李的blog

2006-09-07T00:14:00.000+08:00

http://huanff.blog.sohu.com/

the minimun required for X launch

2006-09-07T00:01:00.000+08:00

xserver-xorg, xbase-clients, xfonts-base

shell for debmirror

2006-09-06T23:59:00.000+08:00

#cat /mnt/hdd11/debmirror.etch.sh
#debmirror debmirror.sarge/ -host 221.6.69.11 -arch i386 --progress --dist sarge --ignore-release-gpg --nosource --exclude=potato
#debmirror debmirror.security/ -host security.debian.org -arch i386 --progress -r /debian-security --dist sarge/updates --section=main,contrib,non-free --ignore-release-gpg --nosource --exclude=potato
#debmirror debmirror.etch/ -host debian.cn99.com -e http -arch i386 --progress --dist etch --ignore-release-gpg --nosource --exclude=potato
debmirror debmirror.etch/ -host debian.inlsd.com -e http -arch i386 --progress --dist etch --ignore-release-gpg --nosource --exclude=potato
#debmirror debmirror.sid/ -host 221.6.69.11 -arch i386 --progress --dist sid --ignore-release-gpg --nosource --exclude=potato
#halt

mplayer for debian

2006-09-06T23:56:00.000+08:00

echo "deb http://www.debian-multimedia.org etch main" >> /etc/apt/source.list

VOA radio

2006-09-06T23:55:00.000+08:00

mplayer -cache 100 rtsp://a1702.l211048984.c2110.g.lr.akamaistream.net:554/live/D/1702/2110/v0001/reflector:48984

Knoppix's file systme cloop

2006-09-06T23:51:00.000+08:00

mount -o loop xxx.iso /cdrom
extract_compressed_fs /cdrom/KNOPPIX/KNOPPIX > cloop.iso
umount /cdrom
mount -o loop cloop.iso /cdrom
cp -av /cdrom/* /xxx
用這個方法解開，不要安裝
解開後chroot方法安裝軟件

disk's R&R

2006-09-06T23:49:00.000+08:00

backup:
dd if=/dev/hda of= backup-hda.mbr count=1 bs=512
sfdisk -d /dev/hda > backup-hda.sf

restore
dd if=backup-hda.mbr of=/dev/hda
sfdisk /dev/hda < backup-hda.sf

qemu boot an ISO

2006-09-06T23:47:00.000+08:00

qemu -cdrom prayaya-linux-en-20060825.iso -hda /dev/sda -boot d

xmms' font setting for zh_CN

2006-09-06T23:39:00.000+08:00

-*-*-medium-r-normal--16-*-*-*-*-*-gb2312.1980-0,*-r-*

DNS 3322.org＇s auto config

2006-09-06T23:36:00.000+08:00

lynx -mime_header -auth=username:password "http://www.3322.org/dyndns/update?system=dyndns&hostname=myhost.3322.org"

dhcpd.conf

2006-09-06T11:02:00.000+08:00

option domain-name-servers 192.168.1.22;
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.30 192.168.1.100;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
}

Speeding up work at Linux command line part # 1

2006-09-06T10:21:00.000+08:00

http://www.cyberciti.biz/nixcraft/vivek/blogger/2005/08/speeding-up-work-at-linux-command-line.html

Working at shell prompt is an essential task for any Linux system administration. However many newcomers find it difficult to work at bash prompt. Here are some tricks to speed up your work.

(A) Shortcut keys for command editing:
CTRL+L : Clear the screen

CTRL+R : To search for a command in command history. For example yesterday or few hourse back you typed 'a very very long command' and you need same command again. Then hit CTRL+R and type first few letters of command.

CTRL+C : Cancel command

CTRL+Z : Suspend command

CTRL+T : transpose characters. For example by misspelled command date:
＄ daet
Sure you can rub the last two character and retype it again, but wait just hist CTRL+T and you are done:
＄ daet [CTRL+T]
Result into character transpose:
＄ date

ALT+T OR ESC+T: transpose words. For example you typed:
＄ filename rm
To correct it just hit ALT+T
＄ filename rm [ALT+T]
And you have correct command to remove a file.
＄ rm filename

CTRL+U : Deletes entire line

CTRL+K : Deletes to end of line from current cursor position

HOME OR CTRL+A : Moves cursor to beginning of line

END OR CTRL+E : Moves cursor to end of line

(B)Recall last argument from previous command – to save time
ALT+. (hold down ALT key and press period/dot)
For example first you typed the mkdir command as follows:
＄ mkdir -p /tmp/demo/software/qtapp
Now you would like change directory to /tmp/demo/software/qtapp, then type cd and press ALT+.:
＄ cd [PRESS alt+.]

(C) Command completion
Most of the Linux admin uses TAB key to complete command names and files names. So let us say you would like to mount something then:
i) Type word mo:
＄ mo
ii) Hit TAB key to complete word
＄ mo [TAB]
iii) And end result should be:
＄ mount

(D) List the possible completions
BASH also supports the possible completions of commands or text (file). For example you would like to list all the possible command starts with ls command:
＄ ls [ESC]
Will display following text (above the current command line)

ls lsmod lsmod.modutils lspci lsusblsattr lsmod.Lmodutils lsof

Next time I will discuss more about advanced command line completions and other cool features.
*** If you enjoyed this article, grab our Feed OR Subscribe to the nixCraft email newsletter OR use Technorati to track all updates. ***