apache2+fcgi+redmine

### apache2+fcgi+redmine ###

refer earlier post for redmine installation

apt-get install libapache2-mod-fcgid

### install fast-cgi (for ruby) ###

wget http://www.fastcgi.com/dist/fcgi-2.4.0.tar.gz
tar -xzvf fcgi-2.4.0.tar.gz
cd fcgi-2.4.0.
./configure
make
make install
gem install fcgi

### apache-configuration ###
in /etc/apache2/conf.d create a file redmine with content

Alias /redmine /var/www/redmine/public ##optional

SetEnV RAILS_ENV production
AllowOverride all
Options +ExecCGI FollowSymLinks
AddHandler fcgid-script .fcgi
#AddHandler cgi-script .cgi
Order allow,deny
Allow from all


In /var/www/redmine/public/.htaccess
a. make suitable changes for fcgi
b. enable rewritebase (if needed)
c. restart apache /etc/init.d/apache2 restart

chown -R www-data:www-data /var/www/redmine

now point your browser to your.server.com/redmine Hope thats it

Nagios with oreon ???? --on fly

apt-get install apache2
apt-get install build-essential
apt-get install libgd2-xpm-dev
apt-get install php5-common php5 libapache2-mod-php5
apt-get install upgrade distro
apt-get install nagios2 :(



is it nagios-php, phpnagios or lilac..? http://www.lilacplatform.com/trac/wiki

http://www.ubuntugeek.com/nagios-configuration-tools-web-frontends-or-gui.html

Lilac ..?

apt-get install mysql-server
apt-get install php-pear
apt-get install curl
apt-get install php5-mysql
chown -R www-data:www-data /var/www/directory
apt-get install php5-curl
/etc/init.d/apache2 restart
apt-get install nmap

http://localhost/directory/install.php

Failed to import database schema. Make sure the mysql binary is in the search path for the web user.
...?

.. to be continued nale nodona

Oracle migration tips

[15:53:36] ۩۞۩๑日満主๑۩۞۩: To implement the solution, please execute the following steps:

1. Check which Unix user owns the ORACLE_HOME:

% echo $ORACLE_HOME
/u01/app/oracle/product/9.2.0

% ls -ld $ORACLE_HOME
drwxr-xr-x 58 oramigts dba 1024 Jan 2 2004 9.2.0

The ORACLE_HOME is owned by Unix user "oramigts" and Unix group "dba"

2. Check the $ORACLE_HOME/rdbms/lib/config.s file

[If your platform has config.c: Due to the way different compilers under different architectures generate assembler code, it's not possible to give a universal rule.]

It shows OSDBA group as "g680" (whereas the output from step 1 shows the Unix group "dba")

3. Modifiy the config.s so that it references the correct group. Change the line:

.ascii "g680\0"

to

.ascii "dba\0"

4. Rename the config.o file:

mv config.o config.o.bak

5. Regenerate the config.o file and the 'oracle' binary

make -f ins_rdbms.mk config.o ioracle

6. Check the file config.o is created at $ORACLE_HOME/rdbms/lib

ls -al $ORACLE_HOME/rdbms/lib/config.o

7. Verify that you can now connect to the database as SYSDBA using SQL*Plus

8. Try to upgrade the database again using DBUA

logical volume creation

lvdisplay
lvcreate -n /var/www/sw -size 500g my
lvcreate -n var-www-sw --size 500g my
mkfs.ext3 /dev/my/var-www-sw
mkdir /var/www/sw
mount /dev/my/var/www/sw /var/www/sw

check /etc/fstab
add entry as follows if not exists
/dev/mapper/my-var-www-sw /var/www/sw ext3 defaults 0 2

server migration -Tips and notes

April 15th 7:04
ssh into the computer
apt-get install apache2
apt-get install mysql-server-5.0
apt-get install php5
apt-get install php5-mysql
--

April 16th 2:58

apt-get update
apt-get upgrade
wget http://downloads.sourceforge.net/project/typo3/TYPO3%20Source%20and%20Dummy/TYPO3%204.3.3/typo3_src-4.3.3.tar.gz?use_mirror=space

wget http://downloads.sourceforge.net/project/typo3/TYPO3%20Source%20and%20Dummy/TYPO3%204.3.3/typo3_src%2Bdummy-4.3.3.zip?use_mirror=nchc

apt-get install zip
apt-get install imagemagick
unzip typo3+dummy....zip

April 27th

mv typo3_dumm.. yourname
cd prion/typo3conf

admin/adminpass

chown -R www-data:www-data typo3temp/
chown -R www-data:www-data typo3conf
chown -R www-data:www-data uploads
chown -R www-data:www-data fileadmin
chown -R www-data:www-data typo3/ext/

### for suhosin patch for php5
apt-get install php5-suhosin
/etc/init.d/apache2 restart

apt-get install php5-gd

vim /etc/php5/apache2/php.ini
vim /etc/php5/conf.d/suhosin.ini
/etc/init.d/apache2 restart


# not needed below
apt-get install dpkg-dev build-essential
cd /usr/src
apt-get source php5
wget http://www.hardened-php.net/hardened-php-signature-key.asc
gpg --import < hardened-php-signature-key.asc
wget http://www.hardened-php.net/suhosin/_media/suhosin-patch-5.2.0-0.9.6.2.patch.gz
gunzip suhosin-patch-5.2.0-0.9.6.2.patch.gz
cd php5-5.2.0
patch -p 1 -i ../suhosin-patch-5.2.0-0.9.6.2.patch
dpkg-buildpackage
### Till here


May 10th

Generating SSL
http://www.akadia.com/services/ssh_test_certificate.html

openssl genrsa -des3 -out server.key 1024
************

openssl req -new -key server.key -out server.csr


cp server.key server.key.org
cp server.key server.key.orig

openssl rsa -in server.key.org -out server.key

mkdir /etc/apache2/ssl
cp server.crt /etc/apache2/ssl/
cp server.key /etc/apache2/ssl/

a2enmod rewrite
a2enmod ssl

add the following lines in virtual host entry

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://your.domain.com$1 [L,R]
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

rsync from *nx machine to windows machine

This document describes how to setup a ssh+rsync on windows such that a *nx machine can backup/copy files using rsync


Install cygwin you need opnessh and rsync components
once it is installed
add CYGWIN=ntsec tty as system variable
add path of cygwin in PATH varialble (usally it is c:\cygwin\bin)
Open a cygwin terminal and type
ssh-host-config
(manually answer Yes to all questions except)
If the script says "This script plans to use cyg_server, Do you want to use a different name? Answer no.
now type
cyglsa-config
Restart
You can add the system users by typing
mkgroup -l >> ../etc/group
mkpasswd -l >> ../etc/passwd

You can add keys (consider your security environment)

Now you are ready to use rsync from your *nx backup server to the windows machine.

References:
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
http://sysblogd.wordpress.com/2008/01/07/ubuntu-connect-to-your-windows-machine-securely-using-vnc-and-ssh-with-little-installation/
http://blog.myownserver.info/2010/04/how-to-install-cwrsync-for-windows-vista7-tutorial/

Notes: To allow port 22 in windows firewall the following commands are useful.

netsh advfirewall firewall add rule name=”Opensshd” dir=in action=allow protocol=TCP localport=22

netsh firewall add portopening tcp 22 "opensshd"

sieve filtering Howto

STEP 1 Write a script as follows:

## test script to work on folders
require "fileinto";
if header :contains ["Received"] ["gmail.com"] {discard;} This line is to block gmail
if header :contains ["Received"] ["FALSE"] [".domain.A","Domain.B","Domain.C","Domain.D"] {discard;} ### this is supposedly block all the mails apart from our domain.A/B/C/D
save this as a file block_gmail

STEP 2

Login to seive shell and put the script

sieveshell --auth=manager --user=manager localhost
put scriptname
quit


STEP 3
cyradm -u manager localhost
mboxconfig shared/test_seive seive block_gmail

(for all shared folder)
mboxconfig shared/* seive block_gmail

info shared.somefolder

sources:
http://wiki.kolab.org/index.php/Filtering_Emails_on_the_Server
http://www.cmu.edu/computing/doc/email/sieve/developing.html
http://www.cs.cmu.edu/~help/mail_news/corvid/sieve_intro.html
http://wiki.bath.ac.uk/display/bucstech/Sieve+scripts


Currently stuck at :(
localhost> mboxcfg shared/test_seive seive block_gmail
mboxconfig: Permission denied

rm to mp3 conversion using lame

Converting rm to mp3 in ubuntu.. from the link http://ubuntu-virginia.ubuntuforums.org/showthread.php?t=1110872

#!/bin/sh
inputfile=$1
inputfilename=`basename $1 rm`
ext='mp3'
outputfilename=$inputfilename$ext

echo 'CONVERTING TO WAV FORMAT'
mplayer $inputfile -ao pcm

echo 'CONVERTING WAV FORMAT TO MP3'
lame -h -b 256 audiodump.wav $outputfilename

rm -f audiodump.wav

echo 'DONE...!'

you can use ffmpeg too

ffmpeg -i pancharangi.rm -b 128k pancharangi.mp3

openvpn how to

1. apt-get install openvpn

The default directory for easy-rsa certificates is "/usr/share/doc/openvpn/examples/easy-rsa/2.0/". So we change theworking directory:

#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/

2. Now we will create the certificate for CA

#. ./vars

#./clean-all

#./build-ca

3. Then we will create the certificate for server

#./build-key-server server

4. Then we will create the certificate for client

#./build-key client

5. We will build diffie hellman

#./build-dh

6. Now if you wonder about the place of keys which you already created just change your directory to /keys

#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/

#ls -al

ca.key ca.crt server.key server.csr server.crt client.key client.crt client.csr

7. Now we have the keys and certificates. So we will send them to our clients who want to connect OPENVPN Server. Just be sure that:

ca.key-> only,must be in CA Server

client.crt-> only,must be in Client

client.key-> only,must be in Client

server.crt-> only,must be in OPENVPN Server

server.key-> only,must be in OPENVPN Server

ca.crt-> must be in CA Server and all of the clients.

8. After you transfered the files above safely, you must modify your main configuration file on OPENVPN Server, which is "server.conf".

#cd /usr/share/doc/openvpn/examples/sample-config-files/

#vim server.conf

port 1194
proto udp
dev tun
ca /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.key
dh /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3

9. After you typed the configuration above inside your "server.conf" file, copy it to "/etc/openvpn" directory

#cp server.conf /etc/openvpn/

10. Restart your server.

http://cihan.me/how-to-setup-openvpn-server-on-debian-lenny/

Multigateway routing in debian

Multigateway routing in debian

Enable forwarding by echoing to ip_forward

echo "1" >> /proc/sys/net/ipv4/ip_forward

create the table entries in rt_table by typing following

echo "10 chitti" >> /etc/iproute2/rt_table
echo "20 bhitti" >> /etc/iproute2/rt_table


You can add the routing table by following snippet


ip r show | grep -Ev ^default | while read ROUTE; \
do; \
ip r a $ROUTE table chitti;\
ip r a $ROUTE table bhitti;\
done;

Now set the default gateways for each table

ip r a default via chittigw table chitti
ip r a default via bhittigw table bhitti


Need to mark the packets coming from the proper source networks

iptables -t mangle -A PREROUTING -s ip.of.chitti.network/netmask -d 0.0.0.0/0 -j MARK --set-MARK 10
iptables -t mangle -A PREROUTING -s ip.of.bhitti.network/netmask -d 0.0.0.0/0 -j MARK --set-MARK 20

NAT them with whatever interface

iptables -t nat -A POSTROUTING -s ip.of.chitti.network/netmask -d 0.0.0.0/0 -j SNAT --to ip.of.chittii.interface
iptables -t nat -A POSTROUTING -s ip.of.bhitti.network/netmask -d 0.0.0.0/0 -j SNAT --to ip.of.bhittii.interface

Add the fwmark from the table in route

ip rule add from fwmark 10 table chitti
ip rule add from fwmark 20 table bhitti

Bingo..

Multiple gateways should be working now.

PS : If you have setup the WANs on a single interface with aliases the case is much easier..

Reference : http://linux-ip.net/html/adv-multi-internet.html

Sample TC config for BW control using HTB

tc qdisc add dev eth0 root handle 1: htb default 12
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 512kbit ceil 1024kbit
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 256kbit ceil 512kbit


tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.20.10.80 flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.20.10.85 flowid 1:20

### egress

tc qdisc add dev eth1 root handle 1: htb default 12
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 512kbit ceil 1024kbit
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 256kbit ceil 512kbit

tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip src 10.20.10.80 flowid 1:10
tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip src 10.20.10.85 flowid 1:20

disk copy with dd

dd if=/dev/sda of=/dev/sdb &

Adding hours in M$ excel

Some time you need to convert AM to PM in excel.
Then the following formula can come handy

If cell e5 contains time as 4:00 AM  Then

=e5+Time(12,0,0)  will return  16:00 hrs

similary you can do add and subtract operations on the time format in cell

A text modifier script

The task was to
1. get the first letter of the second column and complete third column of a text file
2. convert everything to lower case
3. Combine them to form a single word

So I did the following

cat file1 | awk '{print $2}' | cut -c1 | tr '[A-Z]' '[a-z]' > first
cat file1 | awk '{print $3}' | tr '[A-Z]' '[a-z]' > second
paste first second | awk '{print $1$2} > merged

nested if example in excel

=IF(OR(A1="missing",B1="missing"),IF(OR(G1<>"",H1<>""),"TP","TRUE"),"FALSE")

Backdating VMWare guest system

with vmware workstation, the guest Machine always takes the time from host.

In cases where you want to backdate the guest, and host should have the correct time and date settings,

one can try the following settings in .VMX file.

tools.syncTime = 0
time.synchronize.continue = 0
time.synchronize.restore = 0
time.synchronize.resume.disk = 0
time.synchronize.shrink = 0
time.synchronize.tools.startup = 0

and if the guest is rebooted then also the backdated settings will remain.

VMWare guest OS :- memory access violation error

Vmware guest gives an error while booting when the RAM allocated for guest is more and shared between guest and host.

Also while increasing the RAM VMware workstation gives a warning that the ram will be shared and performance may vary.

If you ignore this and still boot the guest machine,  once booted it will throw an error as access right violation and powersdown the virtual machine.

To avoid this, I added the following two lines into .VMX file.

MemTrimRate=0
sched.mem.pshare.enable = "FALSE"

Now the guest is booted and working fine.

Batch migration using imap sync

The following script reads the variables id and pass, which are in passtest.txt file in single line with a whitespace to separate,

and
sync the mailboxes from google app mail server to a zimbra mail server

while IFS=" " read id pass;
do
imapsync --syncinternaldates --useheader 'Message-Id' \
--host1 imap.googlemail.com --user1 $id@zimbraserver.in \
--password1 $pass --ssl1 \
--host2 mail.zimbraserver.in \
--port2 993 --user2 $id@zimbraserver.in \
--password2 $pass --ssl2 \
--authmech1 LOGIN --authmech2 LOGIN
done < passtest.txt

Batch migration using imap sync

The following script reads the variables id and pass, which are in passtest.txt file in single line with a whitespace to separate,

and
sync the mailboxes from google app mail server to a zimbra mail server

while IFS=" " read id pass;
do
imapsync --syncinternaldates --useheader 'Message-Id' \
--host1 imap.googlemail.com --user1 $id@zimbraserver.in \
--password1 $pass --ssl1 \
--host2 mail.zimbraserver.in \
--port2 993 --user2 $id@zimbraserver.in \
--password2 $pass --ssl2 \
--authmech1 LOGIN --authmech2 LOGIN
done < passtest.txt

Increasing the swap size of the machine

Increasing the swap size of the machine

dd if=/dev/zero of=/.swapfile bs=1M count=1024
mkswap -v1 /.swapfile
swapon /.swapfile

Disable Oracle's password expiry

ALTER PROFILE DEFAULT LIMIT
  FAILED_LOGIN_ATTEMPTS UNLIMITED
  PASSWORD_LIFE_TIME UNLIMITED;

To turn off the auditing.
 

NOAUDIT ALL;
DELETE FROM SYS.AUD$;

cert7 file generation

cert7 file generation

It is tricky sometime as the latest nss tools will generate cert8.db
If you need cert7 only because of some reason like ldap auth, or solaris lesser than 10 auth then you might be in need of generating cert7.db files only.

Here is a how you can do it with windows.

Download NSS with version  3.2.2 from ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases
you can go to command prompt and set path as

set path=%PATH%;C:\path\to\nssfolder\lib
also you might need nspr 4.6 for missing dll and library files.

You can download it from http://ftp.mozilla.org/pub/mozilla.org/nspr/releases/

also from the same command prompt set the path to the lib directory of nspr

set path=%PATH%;c:\path\to\nsprfolder\lib

Now you can execute

certutil -A -n "certificateName" -t "C,C,C" -a -i certFile -d path




Where certificate Name is optional
certfile is the .pem certificate file and
path is the path where you want your cert7.db files to be stored.


Read more to understand what each of these functions do  here.

Six skills for CIOs

CIOs are cerebellum of  corporate world.  Techtarget survey reveals that the following are the most required skills for CEO in the below order.

The numbers in the bracket depicts the percentage of the people who voted for the skill.

No. 1: IT security and compliance expertise take top billing for CIOs(47.4%)

No. 2: IT project management expertise deemed a necessity for CIOs (31%)

No. 3: Partner management and IT vendor management crucial to success( (27%)

No. 4: Enterprise data management skills increasingly vital for CIOs (23.1%)

No. 5: Corporate financial skills a must for CIOs(19.1%)

No. 6: Legal expertise a sought-after skill in CIOs(11.9%)

Any comments ..?

Batch Script for editing something in a file in DOS

The below Batch script will find something inside a file and replace it with something of your wish 

@echo off
setlocal enabledelayedexpansion

if not exist "%1" (echo this file does not exist...)&goto :eof

set  /p findthis=Enter here what you want to find:
set  /p replacewith=Enter here what you want to replace:
for /f "delims= tokens=* eol=^ " %%a in (%1) do (
   set write=%%a
   if %%a==!findthis! set write=!replacewith!
   echo !write!
   echo !write!>>%~n1.replaced%~x1
)

donot add a space after the varialbe in the last line.. this will add a space after the line in your output.  I took three hours to find and fix this bug.

Tweaking ssmtp to rewrite the sender address

The below guide quickly showed how to rewrite the sender address using ssmtp
There are only two files to edit, /etc/ssmtp/ssmtp.conf and /etc/ssmtp/revaliases

in /etc/ssmtp/ssmtp.conf set
root=authenticuser
or
www-data=authenticuser
assuming other parameters correctly.

Also you need to set
FromLineOverride=NO
This is important as this will not allow users to set their from address and it will be rewritten by ssmtp.

In revaliases file add the line
root:authenticuser@domain.com
or
www-data:authenticuser@domain.com
Thats all,
for more information you can refer here http://www.scottro.net/qnd/qnd-ssmtp.html

Setting up a Relay host with debian6 and exim

The need of the day was to set up a kind of store and forward server, which receives mails from different applications and devices on the network, and sends out using a smart host. 
smart host is microsoft exchange, which requires authentication, and will send out if and only if the sender and authenticated users are same.

This task was achieved by setting up a exim4 SMTP server and rewriting the address.  as follows:

First install package exim4
apt-get install exim4

You have to configure it
dpkg-reconfigure exim4-config

Our need is to receive mail from many clients and sent it using smart host.
screen 1 : Mail sent by smarthost/received via SMTP or fetchmail

I did not understand this but still writing domain part has worked fr me.
screen 2 : Give a mail name (domain part)

This is to notify the server on which interfaces it should be listening for incoming mails.
screen 3 : Write down the interfaces on which the system has to listen separated by semicolons (;)

This is mail receiving destination domains,  and we donot need this
screen 4 : Leave blank

These are the networks on which the server accepts the incoming mails.  Provide all your networks,  also care has to be taken that outsiders should not be able to use these networks.
screen 5 : Add the networks to listen for separated by semicolons

Enter your smart host, which is used for sending out the mail
screen 6 : Put the outgoing mail server address with port ( ip.address.of.server:port )
This option is enabled as the smarthost sends out if and only if authenticated user and sender address are same.
screen 7 : Yes

So put your domain, from where the mail has to go out.
screen 8 : Put your domain name

If you are on a low bandwidth you can minimise DNS querries, otherwise
screen 9 : No

Remaining screens just choose default.  This will include configuration in single file as "yes"

This will complete the setup of the mail server.

Now we have to give the password to authenticate againist the smart host.  This taks is acheived by editing the file /etc/exim4/passwd.client to look as follows
target.mail.server.example:login:password

now edit /etc/exim4/exim4.conf.template
go to line

begin rewrite

and below you can add your configuration

example

*  "someone@someaddress.com Ffs

will change
envelop From, from, sender fields

The flages are important as they do specific functions  as below.

E       rewrite all envelope fields
F       rewrite the envelope From field
T       rewrite the envelope To field
b       rewrite the Bcc: header
c       rewrite the Cc: header
f       rewrite the From: header
h       rewrite all headers
r       rewrite the Reply-To: header
s       rewrite the Sender: header
t       rewrite the To: header

You should be particularly careful about rewriting Sender: headers, and restrict this to special known cases in your own domains.

Also it is possible to write scripts, which do more complex jobs, and use the list from a file.
you can find them from exim documentation at http://www.exim.org/exim-html-3.30/doc/html/spec_34.html

Now restart exim
/etc/init.d/exim4 restart

It is all set to go,

You can verify how redirecting is working by  issuing

/etc/exim4# exim -brw dingo
 sender: someone@someaddress.com
 from: someone@someaddress.com
 to: dingo@someaddress.com
 cc: dingo@someaddress.com
 bcc: dingo@someaddress.com
 reply-to: dingo@someaddress.com
 env-from: someone@someaddress.com
 env-to: dingo@someaddress.com
 
 Now you see which fields are actually rewritten.

Thats all,  Bingo,  your store and forward server is working now .

MailScanner Tweakings

MailScanner is a good tool, which integrates antivirus, spam control with SMTP servers,

The workflow is simple mails received will go to hold state, then Mailscanner scans through them in batch mode, and re-Que it for delivery, if everything is OK. If spam is observed suitable defined action will be taken.

This was working quite fine without any problem, but one day it is observed that we had a big que pending, and Mailscanner was taking more than 30 minutes to scan a batch of 30 mails. It is a kind of serious issue, because users started complaining that they have sent the mail, but the addressee has not received them yet. (Unfortunately no one remembers the old snail mail working days, or even the days when trunk call was taking more than couple of hours to get connected.)

We had no option but to wait till the Mailscanner runs through all that big que, so that mails will get delivered.

So I was just wondering about someways to speed up the Mailscanner, which starts from investigation on finding out what might be the things that takes up longer time. It could be I/O speed of disk, as mails are written twice into disk, big mail size as MailScanner scans the whole message, big batch, as the batch processing takes longer time, Many RBL lists, contacting each one of them, non cached Spam list, Restrictions to use resources on part of applications, DNS server non-functionality and many more.

Little googling revealed some tips and tricks to overcome quite these problems, as listed below

In Mailscanner.conf set

Clamd Use Threads = yes

This will use  multiple thread from avaialble multiple cpu cores. so that scanning will become faster

log speed =yes

Will log the speed of message scanning so that you will know it, and benchmark

Reduce the number of RBL lists

Reduce the batch size from 30 to a lower number

These will speed up Mailscanner a bit. Also a speedy filesystem would help much.