Christophs outsourced brain https://www.hackerbruecke.net/ Sun, 12 Apr 2026 15:01:23 +0000 FeedCreator 1.8 https://www.hackerbruecke.net/_media/wiki/favicon.ico https://www.hackerbruecke.net/ https://www.hackerbruecke.net/linux/commserv/ldap/slapd_conf?rev=1293466843&do=diff /etc/openldap/slapd.conf <http://www.stanford.edu/services/directory/openldap/configuration/bdb-config.html> # The database configuration parameters must appear *after* the "database" # directive, as DB_CONFIG files are 'per backend'. dbconfig set_cachesize 4 0 1 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_lg_dir /var/log # Automatically remove log files that are no longer needed. dbconfig set_flags DB_LOG_AUTOREMOVE # # Setting set_tas_spins reduces resour… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/commserv/ca/openssl_ca?rev=1293466844&do=diff simple OpenSSL Certficate Authority Create Certificate Authority station7:/etc # station7:/usr/share/ssl/misc # ./CA.sh -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .....++++++ .....................................++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your c… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:44 +0000 https://www.hackerbruecke.net/linux/email/postfix/config?rev=1712422579&do=diff Postfix smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver Edit /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix smtpd_banner = mail.example.org myhostname = mail.example.org myorigin = example.org mydestination = mail.example.org mynetworks = 127.0.0.0/8, 10.0.0.0/8 alias_maps = hash:/etc/aliases, ldap:virtualaliases… anonymous@undisclosed.example.com (Anonymous) Sat, 06 Apr 2024 16:56:19 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/ldap_secure?rev=1293466843&do=diff TLS and LDAP over SSL (ldaps) Modifying /etc/openldap/ldap.conf Modify / append the TLS-settings: #--- SSL/TLS setting ---# TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP TLS_CACERT /etc/ssl/certs/ca_cert.pem TLS_CERT /etc/ssl/certs/station7_cert.pem TLS_KEY /etc/ssl/private/station7_key.pem TLS_REQCERT demand anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/debian/hardware?rev=1493131617&do=diff 2014-06-17 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! zusaetzlich „auf dem Blech“: ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy="http://proxy01.ukbw.de:3128/" ### LiHAS GPG-Key importieren: anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:57 +0000 https://www.hackerbruecke.net/linux/commserv/egroupware/config?rev=1293466841&do=diff eGroupWare Version 1.4.001 pre-requisites: * required PHP version 4.3+ (recommended 5+) * php.ini: safe_mode = Off * php.ini: magic_quotes_runtime = Off * php.ini: register_globals = Off * php.ini: memory_limit >= 16M * php.ini: max_execution_time >= 30 anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/email/amavisd/amavisd?rev=1493132275&do=diff AmaVisd-new /etc/amavis/amavisd.conf: use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # uncomment to DI… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:57:55 +0000 https://www.hackerbruecke.net/wiki/syntax?rev=1712421931&do=diff Formatting Syntax DokuWiki supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing anonymous@undisclosed.example.com (Anonymous) Sat, 06 Apr 2024 16:45:31 +0000 https://www.hackerbruecke.net/linux/email/postfix/relayhost?rev=1493132193&do=diff Postfix configuration for a relayhost (MX) / Anti-SPAM-/UCE-settings smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver used Ports: 10023/tcp: postgrey 10024/tcp: amavisd-new 10025/tcp: policyd-weight anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:33 +0000 https://www.hackerbruecke.net/linux/commserv/apache2/config?rev=1293466841&do=diff Apache SSL (https) A special thing for getting Apache2 starting withaut user-interaction is also to store a decrypted key, since without Apache will ask at every start for the password... mv /etc/ssl/private/station7_key.pem /etc/ssl/apache2/private/station7_secure-key.pem openssl rsa -in /etc/ssl/private/station7_secure-key.pem -out /etc/ssl/apache2/private/station7_decrypted-key.pem anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/email/postfix/postfix_secure?rev=1493132183&do=diff Postfix with TLS and SSL (smtps) Use a portscanner like „nmap“: station7:/etc/init.d # nmap localhost | grep smtp 25/tcp open smtp -> smtp is only running at port 25! TLS Modify the TLS-settings in /etc/postfix/main.cf #--- SSL/TLS setting ---# smtpd_client_restrictions= permit_tls_clientcerts, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access hash:/etc/… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:23 +0000 https://www.hackerbruecke.net/linux/email/cyrus/config?rev=1493131953&do=diff Cyrus imapd / popd <http://www.opensuse.org>Modify /etc/cyrus.conf to: START { recover cmd="ctl_cyrusdb -r" deliver cmd="ctl_deliver -r" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=2 # entry must be the same as in th… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:33 +0000 https://www.hackerbruecke.net/linux/email/greylisting/postgrey?rev=1493136147&do=diff Greylisting For a overview what greylisting does, have a look at www.greylisting.org/ There are several greylisting daemons for Postfix available. I stick to David Schweikert's Postgrey or to Lionel Bouton's SQLgrey in combination with it's web-interface http://www.vanheusden.com/sgwi/ Postgrey Postgrey greylisting daemon anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 16:02:27 +0000 https://www.hackerbruecke.net/linux/email/postfix/sasl?rev=1493132202&do=diff SASL A very conveniant way of configuring the Simple Authentication and Security Layer (SASL) is to use the Pluggable Authentication Modules (PAM), since it can use diffrent authentication sources like ldap or /etc/passwd - thus SASL is everything but simple anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:42 +0000 https://www.hackerbruecke.net/linux/email/spf?rev=1713236572&do=diff SPF Standards für das „Sender Policy Framework (SPF)“: RFC 7208 und RFC 7372 v SPF-Version Kennzeichen das einen TXT-Eintrag als SPF-Eintrag identifiziert. z.B. v=spf1 Mechanismen (immer am Ende des Eintrags aufführen!) a: DNS-A-Eintrag z.B. a:example.com ptr: DNS-PTR-Eintrag (reverse Zone) z.B. ptr:example.com all alle zur Domain gehörigen Hostst z.B. -all mx: abweichender Mailexchanger z.B. mx:mail.example-abc.com ip4: Angabe einer oder mehrerer IPv4-Adressen z.B. ip4:192.100.1… anonymous@undisclosed.example.com (Anonymous) Tue, 16 Apr 2024 03:02:52 +0000 https://www.hackerbruecke.net/linux/email/postfix/smtp-authentication?rev=1493132210&do=diff SMTPd- / SMTP-authentication SMTPd-authentication SASL must be configured! in /etc/postfix/main.cf: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = ... permit_sasl_authenticated anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:50 +0000 https://www.hackerbruecke.net/linux/commserv?rev=1493132445&do=diff This documentation is work in progress, no liability for correctness can be given! Communications-Server Motivation Because I had to look for a log time around the Internet, asking a lot of questions on mailing-lists, reading books and talking to friends for configuring my commserv, thus having quite a bit of hassle getting things working, I'd like give my experiences back to the comunity. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 15:00:45 +0000 https://www.hackerbruecke.net/linux/debian/all?rev=1493131598&do=diff 2014-08-08 zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!! auf allen Server-Instanzen („Blech“, Linux VServer, LXC): ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy=„<http://proxy01.ukbw.de:3128/>“ ### LiHAS GPG-Key importieren: wget -O - anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:38 +0000 https://www.hackerbruecke.net/linux/email/dmarc?rev=1713236674&do=diff DMARC Standards für „Domain-based Message Authentication, Reporting and Conformance (DMARC)“: RFC 7489 DMARC dient dem Reporting von E-Mail-Kommunikation und ist eine ergänzende Maßnahme zu den Verfahren DKIM und SPF. Im Folgenden sind die gängigen Tags aufgeführt, die in DMARC (TXT)-Records verwendet werden: anonymous@undisclosed.example.com (Anonymous) Tue, 16 Apr 2024 03:04:34 +0000 https://www.hackerbruecke.net/linux/email/gnarwl?rev=1493131823&do=diff Gnarwl Download GNARWL software from <http://www.home.unix-ag.org/patrick/index.php?gnarwl> and download package named gnarwl-3.3.tgz Compile GNARWL for LDAP vacations # tar xzvf gnarwl-3.3.tgz # cd gnarwl-3.3 # ./configure # make # make install # make perm Adjust File /usr/local/etc/gnarwl.conf map_sender $sender map_receiver $recepient map_subject $subject map_field $fullname cn map_field $deputy mail server localhost port 389 scope sub login cn=admin,dc=example,dc=org password IveGotASe… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:50:23 +0000 https://www.hackerbruecke.net/linux/commserv/gosa/gosa_secure?rev=1293466843&do=diff force GOsa using ldaps Change the server-configuration in the „location“-section of /etc/gosa.conf from: server="ldap://localhost:389" to: server="ldaps://localhost:636" tls="true" <referral url="ldaps://localhost:636/dc=example,dc=com" admin="cn=ldapadmin,dc=example,dc=com" password="verysecretpassword" /> anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/pam?rev=1293466843&do=diff /etc/ldap.conf (for PAM) # # This is the configuration file for the LDAP nameservice # switch library, the LDAP PAM module and the shadow package. # # Your LDAP server. Must be resolvable without using LDAP. host 127.0.0.1 # The distinguished name of the search base. base dc=example,dc=com # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # Hash password locally; required for University of # Michigan LDAP server, and works with Netscape # Directory Ser… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/email/cyrus/cyrus_secure?rev=1493131964&do=diff TLS, IMAP over SSL (imaps) and pop3 over SSL (pop3s) TLS Modify / append the TLS-settings in /etc/imap.conf: #--- SSL/TLS setting ---# tls_ca_path: /etc/ssl/certs tls_ca_file: /etc/ssl/certs/ca_cert.pem tls_cert_file: /etc/ssl/certs/station7_cert.pem tls_key_file: /etc/ssl/private/station7_key.pem anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:44 +0000 https://www.hackerbruecke.net/linux/email/monitoring/pflogsum?rev=1493132162&do=diff Postfix-Reporting mit Pflogsum apt-get install pflogsum /usr/local/bin/postfix_report.sh #!/bin/bash /usr/sbin/pflogsumm -d yesterday --problems_first /var/log/mail.log.1 > /tmp/pflogsumm /usr/bin/mailx -s "Automatischer Postfix-Report von $(hostname)" -r postfix-admin@station7.example.de postfix-admin@station7.example.de < /tmp/pflogsumm anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:02 +0000 https://www.hackerbruecke.net/linux/email/postfix/tipps?rev=1493132245&do=diff Postfix Tipps und Tricks Mails aus Mailqueue löschen alle Mails des Benutzers station7@example.com aus der Mailqueue löschen: mail:~# mailq | tail -n +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } { if ($7 == "station7@example.com") print $1 }' | tr -d '*!' | postsuper -d - anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:57:25 +0000 https://www.hackerbruecke.net/dokuwiki/sidebar?rev=1492720201&do=diff Sidebar in Dokuwiki erstellen * Das Template muss eine Sidebar unterstützen! Z.B. dokuwiki * die Konfiguration des Sidebar-Namens erfolgt in den Einstellngen unter <http://dokuwiki.example.org/start?do=admin&page=config#_basic> und heisst z.B. sidebar (siehe -> <http://www.dokuwiki.org/config:sidebar>) * Datei für Sidebar erzeugen: mit der Syntax anonymous@undisclosed.example.com (Anonymous) Thu, 20 Apr 2017 20:30:01 +0000 https://www.hackerbruecke.net/linux/fully_encrypted_debian?rev=1506205530&do=diff Full disk encryption with LUKS (inklusive /boot) Referenzen: * <http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/> * <http://www.pavelkogan.com/2015/01/25/linux-mint-encryption/> * <https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system> * <http://www.schmidp.com/2014/12/12/full-disk-encryption-with-grub-2-+-luks-+-lvm-+-swraid-on-debian/> * <https://unix.stackexchange.com/questions/160504/lvm-ontop-of-luks-using-grub> * <https://systemausfall.org/w… anonymous@undisclosed.example.com (Anonymous) Sat, 23 Sep 2017 22:25:30 +0000 https://www.hackerbruecke.net/linux/commserv/gosa/config?rev=1293466843&do=diff GOsa GOsa is a GPL'ed PHP based administration tool for managing accounts and systems in LDAP databases. It administers users and groups, mail distribution lists, thin clients, applications, phones and faxes. Get GOsa from: <http://oss.gonicus.de/pub/gosa/> Project homepage: <http://www.gosa-project.org/> anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/commserv/ldap/ldap_conf?rev=1293466843&do=diff /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. # 21.07.2006, chhaas BASE dc=example,dc=com URI ldap://127.0.0.1 ### #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never #--- SSL/TLS setting ---# TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP #TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP TLS_CACERT /etc/ssl/certs/ca_cert.pem TLS_CERT /etc/ssl/certs/station7_cert.pem TLS_KEY /e… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:43 +0000 https://www.hackerbruecke.net/linux/commserv/other/cpan2rpm?rev=1293466841&do=diff cpan2rpm At <http://sourceforge.net/project/showfiles.php?group_id=74018> you can download a RPM-builder for CPAN-Perl-modules. The man-page stats: cpan2rpm [options] <distribution> The syntax for cpan2rpm requires a single distribution name, which can take one of four different forms: * a CPAN module name (e.g. XML::Simple) - When a module name is passed, the script will ``walk'' search.cpan.org to determine the latest distribution. If an exact match is not found, the CPAN module i… anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/email/monitoring/monitoring?rev=1493132284&do=diff Monitoring email-monitoring * create „/var/lib/rrd“ Mailgraph mailgraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily, weekly, monthly and yearly graphs of received/sent and bounced/rejected mail (SMTP traffic). anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:58:04 +0000 https://www.hackerbruecke.net/linux/email/postfix/ldap?rev=1493132150&do=diff using LDAP /etc/postfix/ldap-aliases.cf: server_host= ldaps://localhost:636 server_port= 636 start_tls = no tls_ca_cert_file = /etc/ssl/postfix/certs/ca_cert.pem tls_ca_cert_dir = /etc/ssl/postfix/certs/ tls_cert = /etc/ssl/postfix/certs/station7_cert.pem tls_key = /etc/ssl/postfix/private/station7_key.pem #tls_random_file = dev:/dev/urandom tls_cipher_suite = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP version= 3 bind= no timeout= 120 search_base= dc=example,dc=com query_filter = (&(object… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:55:50 +0000 https://www.hackerbruecke.net/linux/email/postfix/pfs?rev=1493132175&do=diff Postfix Perfect Forwarding Secrecy (PFS) openssl gendh -out /etc/postfix/dh_512.pem -2 512 openssl gendh -out /etc/postfix/dh_1024.pem -2 1024 postconf -e "smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem" postconf -e "smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem" postconf -e "smtpd_tls_eecdh_grade = strong" postconf -e "tls_preempt_cipherlist = yes" postconf -e "smtpd_tls_loglevel = 1" postconf -e "smtp_tls_loglevel = 1" postfix reload anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:15 +0000