Here are some helpful hints on exim administration. All of the commands are formated for debian (exim4) but are also tested on centos (exim).

List message count in message queue:
# exim4 -bpc

List all messages in the queue, sorted by date:
# exim4 -bp

Print message headers:
# exim4 -Mvh 1NY1cq-0003jb-Qh

Print message body:
# exim4 -Mvb 1NY1cq-0003jb-Qh

Print message logs:
# exim4 -Mvl 1NY1cq-0003jb-Qh

Remove message from queue:
# exim4 -Mrm 1NY1cq-0003jb-Qh

Force message delivery:
# exim4 -M 1NY1cq-0003jb-Qh

Print count of all messages
- from specified sender (From:):
# exiqgrep -f "user@domain.com" -c

- from specified sender domain:
# exiqgrep -f "domain.com" -c

- for specified recipient:
# exiqgrep -r "user@domain.com" -c

Print message IDs for all messages from specified sender and pipe them to exim for deletion:
# exiqgrep -f "user@domain.com" -i | xargs exim4 -Mrm

Sometimes exiqgrep throws an error for nonexistent message or so, commonly caused by frequent server restarts or out of disk space conditions. This is easily fixed by deleting the printed message ID. But sometimes these errors are too many to fix one by one. To get around the problem I use a simple bash script (tested on debian and centos):

while [ -n "`exiqgrep -r 'president' 2>&1 | awk '{if($3 != "id")print $4}' | xargs exim4 -Mrm`" ]; do echo Deleting erroneous message...; done


It is always useful to collect some statistics on any running service. For exim you can do it like this:
# tail -20000 /var/log/exim4/mainlog | eximstats -nr | less
Depending on your exim configuration it could be meaningful or not :)

Hope the above would help anyone.

As simple as this:


lsof -n -u^65534,^`cat /etc/passwd | awk -F':' '{if($3 < 32000) print $3}' | xargs | sed -e 's/ /,\^/g'` -i | awk '{if ($2 ~ /[0-9]*/) print $3, $1}' | sort | uniq -c | sort -n


The awk part is for excluding the system users ids < 32000.

tcpdump

# tcpdump -ne dst port 80 and 'tcp[13] & 2 == 2'

This way effectively filtering only SYN packets on port 80.


# tcpdump -c 30000 -ne dst port 80 and 'tcp[13] & 2 == 2' | awk '{print $11}' | cut -d. -f1|sort | uniq -c | sort -n

Dumping 30K packets,cutting the first octet from the IPs and sorting by number of packets originating from this A class net.

A bit more complicated:

# for i in `tcpdump -c 30000 -ne dst port 80 and 'tcp[13] & 2 == 2' | awk '{print $11} | cut -d. -f1|sort | uniq -c | awk '{if ($1 > 4000) print $2}'`; do \
iptables -I INPUT -s $i.0.0.0/8 -j DROP; \
done

Dumping 30K packets and if more than 4000 packets originate from the same A class net - block the net via iptables.

It is a bit tricky (took me almost two days :), but basically this is the procedure:

- configure your wireless card
(using ndiswrapper is described in another article)
in case your wifi card is identified as wlan0 add the following to /etc/network/interfaces

auto wlan0
iface wlan0 inet dhcp
pre-up wpa_supplicant -Bw -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
post-down killall -q wpa_supplicant


- install and configure wpasupplicant
# apt-get install wpasupplicant

create /etc/wpa_supplicant.conf with simular content

network={
ssid="testwlan"
psk="7cHBV294H_something_long_and complicate"
scan_ssid=1
key_mgmt=WPA-PSK
proto=WPA
pairwise=CCMP TKIP
group=CCMP TKIP
}


This would automatically engage/shutdown wpasupplicant on up/down of the wlan0 interface.
Works nice for me :)

~/.bash_profile

This code would do the trick:

if [ "$TERM" = "xterm" ] ; then
    export PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}\007"'
else
    unset PROMPT_COMMAND
fi

After logon the terminal title would be updated in the form 'jack@server' and after logout the old value will be restored.