AWG Blogs

Monday, May 23, 2011

Squid Proxy Quick Start Guide

First install dependency: yum install gcc-c++

Download squid, e.g. the file squid-3.X.STABLEXX.tar.gz
tar xvzf squid-3.X.STABLEXX.tar.gz
change dirs
./configure --enable-icap-client
make
make install

Comment out the allow from local network:
sed -rie '/http_access allow localnet/ s/^/#/' /usr/local/squid/etc/squid.conf
Start up squid in interactive mode:
/usr/local/squid/sbin/squid -N -d1

Add the squid IP and port (3128) to the browser proxy configuration.
Try surfing to a website; you will see:


ERROR

The requested URL could not be retrieved

--------------------------------------------------------------------------------

The following error was encountered while trying to retrieve the URL: http://www.awgtek.com/


Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.


Do:
Ctl-C
sed -rie '/http_access allow localnet/ s/^#//' squid.conf

/usr/local/squid/sbin/squid -N -d1

Browse to a site.

To check the access
do: tail /usr/local/squid/var/logs/access.log

Sunday, May 15, 2011

DLP "Forwarding agent unavailable" error

If this error is appearing in the /var/log/mail.log of your upstream MTA, when initially setting up a DLP Network Prevent for Email in Forwarding mode, try recycling the new smtp prevent server, before trying anything else.

e.g. errors like (host #.#.#.51[#.#.#.51]
refused to talk to me: 421 4.4.1 Fatal: Forwarding agent unavailable. Closing connection.


Recycling the DLP email prevent server got the following architecture to finally start working:

Outlook --> (port 25) Ubuntu Postfix MTA --> (port 10025) DLP SMTP Prevent --> (port 25) Ubuntu Postfix MTA --> (port 587, TLS) GMail

The upstream MTA's main.cf was configured with smtp_use_tls=no, smtp_sasl_auth_enable=no; and with relayhost=(DLP_IP):10025

The DLP server's advanced configuration had RequestProcessor.MTAResubmitPort=25 (changed from default 10026). Next Hop Configuration was set to Forward with Disable MX lookup, and downstream local MTA's IP set in Hostnames.

Setup Postfix Ubuntu Gmail SMTP Relay

Refer to http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-smtpgmailcom/

On clean Ubuntu (natty) 11.04 (with ssh and aptitude installed, and as root)

aptitude install postfix libsasl2 ca-certificate libsasl2-modules

During Postfix Configuration Package configuration wizard
On first page, choose "Internet with smarthost"
For SMTP relay host enter: [smtp.gmail.com]:587
(brackets are to avoid mx lookups)

paste in /etc/postfix/main.cf:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/Equifax_Secure_CA.pem
smtp_use_tls = yes

while still in main.cf, add your local IP network to the mynetworks variable

create /etc/postfix/sasl_passwd with the following contents:

[smtp.gmail.com]:587 user.name@gmail.com:password

do:

chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd

/etc/init.d/postfix reload

Now test:

telnet postfixserverip 25
ehlo anything.com
mail from:me@whatever.com
rcpt to:someone@somewhere.com notify=success,failure
data
subject:Test from awgtek

This is a test message

.
quit

check someone@somewhere.com's email to see if message arrived
check for errors in /var/log/mail.log