betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

18 September 2007

Daily Shell Fun

Know your tools

One thing I dislike a lot about the GUI admin tools from Mac OS X Server is that they are quick to turn around and make changes to config files you edited by hand. Sometimes those changes are a real pain, like when on one server I administrate it switched on apache's proxy - despite the "enable proxy" check box being distinctly off. The result was that spammers hit the server pretty hard. On Monday morning when the mess was noticed I had some cleaning up to do. Amongst others the (external) firewall had sent the previous administrator some "attack notification" mails. Some 33000+ such mails to be exact...


Monday morning (I had already plugged the hole) the previous admin called me, telling me about the notifications and asking me if it wouldn't be better to change them to go to my address. Sure, no problem, changed in a minute. An hour later he called again: "Did you make the change? You didn't, the mails are still coming in my mailbox." I suspected some mails to still be in some mail server queue.

Jump into the shell on the server, a quick mailq and... output. A lot of output. It doesn't stop pouring out. All of those mails are destined for him. Time to hit Control-C and clean up.

My first step was to redirect the output from mailq into a file, passing it through grep, searching for his email address. That took forever. I took a line count with wc -l from time to time, just to find out where we were heading. We passed 16000, 20000, 40000, ... It took a lot of time too. Each mail was listed with two lines. Something like this:

B3A1E2002948*     4563 Fri Sep 14 17:10:35  xy@example.org
                                         xy@example.org
Should have been more careful with that grep line there. Instead of running the command again, I decided to use sed. sed is fast. My command was something like this:
sed -n '/^[1-9]/p' in.txt > out.txt
which resulted in a file that contained only the lines with the queue ID at the start. This sed command ran so fast that I would have been tempted to believe it didn't work - had I not had some previous experience with sed.

I could have isolated that with sed too, but again I was in a hurry (all those mails were on their way to his mailbox, which likely wouldn't be happy to get filled with thousands of alerts). I started vim and hit it with the following command:

:%s/^\([0-9A-F]*\).*/\1/
This searches in all of the file and puts the distinct hexadecimal ID into a regex group, then replaces only that group. Quick and fast. After saving that file came the last step, running this command as root (Mac OS X uses postfix by default.):
# postsuper -d - < out.txt
postsuper: Deleted: 33222 messages
Say what? There were 33222 alert messages in the queue and some more would already have been saved. Deleting all those messages took a long time by the way. But if the recipient would have had to delete them one-by-one (or a screenful at a time) on his GUI client, it would have taken much longer. All in all it was a nice exercise in the usage of simple Unix shell tools. I could have done it much more elegant and direct, but to my defense I tried to get running before I was thinking.

Posted by betabug at 21:39 | Comments (1) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Zwiki 0.60 Released! | Main | Still... >>
Comments
Re: Daily Shell Fun

sweet hax0ring!

Posted by: w0lfshade at September 19,2007 18:44
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/679/tbping
There are no trackbacks.
Leave a comment