Christophs outsourced brain https://www.hackerbruecke.net/ Sun, 12 Apr 2026 20:24:03 +0000 FeedCreator 1.8 https://www.hackerbruecke.net/_media/wiki/favicon.ico https://www.hackerbruecke.net/ https://www.hackerbruecke.net/linux/linux?rev=1715428233&do=diff Debian-Installation * Installation von GNU/Debian auf Hardware oder virtueller Instanz * zweite Netzwerkkarte mit wechselnder Konfiguration securing DNS and Mail * Domain Name System Security Extensions (DNSSEC) mit Bind9 * DNS-based Authentication of Named Entities (DANE) und TLS Authentication record (TLSA) * Sender Policy Framework (SPF) * DomainKeys Identified Mail (DKIM) * Domain-based Message Authentication, Reporting and Conformance (DMARC) * Authenticated Received… anonymous@undisclosed.example.com (Anonymous) Sat, 11 May 2024 11:50:33 +0000 https://www.hackerbruecke.net/linux/email/email?rev=1493137617&do=diff email Mailserver, Mailgateway, Anti-Spam [AMaVISd-new, SpamAssassin, dSpam, rspamd], SPF, DKIM, PFS etc. \\}} Postfix smtpd Postfix ist ein sehr mächtiger Mail Transport Agent, entwickelt von Wietse Venema. * Postfix Konfiguration für einen Mailserver * use of LDAP lookup maps * Postfix' Postscreen Modul anstatt policyd-weight oder postfwd * Postfix Anti-SPAM/UCE settings * Postfix SASL Konfiguraton * SMTP-authentication * TLS and SSL configuration (smtps) * anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 16:26:57 +0000 https://www.hackerbruecke.net/linux/fully_encrypted_debian?rev=1506205530&do=diff Full disk encryption with LUKS (inklusive /boot) Referenzen: * <http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/> * <http://www.pavelkogan.com/2015/01/25/linux-mint-encryption/> * <https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system> * <http://www.schmidp.com/2014/12/12/full-disk-encryption-with-grub-2-+-luks-+-lvm-+-swraid-on-debian/> * <https://unix.stackexchange.com/questions/160504/lvm-ontop-of-luks-using-grub> * <https://systemausfall.org/w… anonymous@undisclosed.example.com (Anonymous) Sat, 23 Sep 2017 22:25:30 +0000 https://www.hackerbruecke.net/linux/xmpp?rev=1505486607&do=diff XMPP ejabberd * Neues Certificate für ejabberd installieren Prosody * Prosody anonymous@undisclosed.example.com (Anonymous) Fri, 15 Sep 2017 14:43:27 +0000 https://www.hackerbruecke.net/linux/debian/desktop?rev=1493131583&do=diff 2013-12-27 fuer Desktops zusaetzlich: kde-full lightdm-kde-greeter alsamixergui amarok audacity audacity-data bc chromium-browser / chromium chromium-browser-l10n / chromium-l10n chromium-codecs-ffmpeg-extra cifs-utils clusterssh cryptsetup cryptsetup-bin cups cups-browsed cups-bsd cups-client cups-common cups-daemon cups-filters cups-ppdc dnsmasq duplicity ethtool fuse gnupg gnupg-agent gnupg2 gpgsm gpgv hplip hplip-data hplip-gui htop ifupdown / ifupdown-scripts-zg2 keepassx kgpg libre… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:46:23 +0000 https://www.hackerbruecke.net/linux/email/cyrus/config?rev=1493131953&do=diff Cyrus imapd / popd <http://www.opensuse.org>Modify /etc/cyrus.conf to: START { recover cmd="ctl_cyrusdb -r" deliver cmd="ctl_deliver -r" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=2 # entry must be the same as in th… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:33 +0000 https://www.hackerbruecke.net/linux/email/monitoring/monitoring?rev=1493132284&do=diff Monitoring email-monitoring * create „/var/lib/rrd“ Mailgraph mailgraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily, weekly, monthly and yearly graphs of received/sent and bounced/rejected mail (SMTP traffic). anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:58:04 +0000 https://www.hackerbruecke.net/linux/commserv?rev=1493132445&do=diff This documentation is work in progress, no liability for correctness can be given! Communications-Server Motivation Because I had to look for a log time around the Internet, asking a lot of questions on mailing-lists, reading books and talking to friends for configuring my commserv, thus having quite a bit of hassle getting things working, I'd like give my experiences back to the comunity. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 15:00:45 +0000 https://www.hackerbruecke.net/linux/email-server?rev=1505485138&do=diff email * MTA/SMTPd Postfix (Mailserver, Mailgateway, Anti-Spam [AMaVISd-new, SpamAssassin, dSpam], SPF, DKIM, PFS etc.) * MDA/IMAPd Cyrus * MDA/IMAPd Dovecot anonymous@undisclosed.example.com (Anonymous) Fri, 15 Sep 2017 14:18:58 +0000 https://www.hackerbruecke.net/linux/commserv/installation?rev=1408110705&do=diff Installation of the Linux OS SuSE 10.0 Professional Because of problems with the 64-bit-version of the CAPI-driver for the AVM B1-Cards used in my commserv, only the 32-bit-version of SUSE 10.0 can be used. Maybe with later versions of openSUSE this changes anonymous@undisclosed.example.com (Anonymous) Fri, 15 Aug 2014 13:51:45 +0000 https://www.hackerbruecke.net/linux/debian/nics?rev=1493131630&do=diff zweite Netzwerkkarte mit wechselnder Konfiguration Manchmal ist es praktisch im Rechner eine zweite Netzwerkkarte zu haben, der man mit einfachen Mitteln eine wechselnde (vordefinierte) Konfiguration zuweisen kann. z.B. wenn die NIC einmal das 192.168.0.0/24-Netz, dann aber das 192.168.1.0/24-Netz (beim flashen von D-Link-Routern mit OpenWRT), oder das 192.168.2.0/24-Netz (Vodafone Easybox) besitzen soll. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:47:10 +0000 https://www.hackerbruecke.net/linux/ejabberd/neues_certificate?rev=1493131703&do=diff Neues Zertifikat für ejabberd installieren neues PEM-File erzeugen: * in CA Certificate und private-Key erzeugen und nach /etc/ejabberd auf jabber-Server kopieren * auf ejabberd-Server in cat jabber@ukbw.de-key.pem > ejabberd.pem cat jabber@ukbw.de-cert.pem >> ejabberd.pem anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:48:23 +0000 https://www.hackerbruecke.net/linux/email/cyrus?rev=1493131782&do=diff Cyrus imapd * Cyrus configuration (IMAP4/POP3) * TLS and SSL configuration (imaps) * Cyrus SIEVE configuration <- zurück anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:49:42 +0000 https://www.hackerbruecke.net/linux/openwrt/custom-image?rev=1493132396&do=diff OpenWRT Custom Image erzeugen <http://wiki.openwrt.org/doc/howto/obtain.firmware.generate> Für D-Link 825 B1/C1: Barrier Breaker for ar71xx architecture cd ~ mkdir openwrt && cd openwrt wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2 tar -xvjf OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2 cd OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64 anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:59:56 +0000 https://www.hackerbruecke.net/linux/commserv/egroupware/config?rev=1293466841&do=diff eGroupWare Version 1.4.001 pre-requisites: * required PHP version 4.3+ (recommended 5+) * php.ini: safe_mode = Off * php.ini: magic_quotes_runtime = Off * php.ini: register_globals = Off * php.ini: memory_limit >= 16M * php.ini: max_execution_time >= 30 anonymous@undisclosed.example.com (Anonymous) Mon, 27 Dec 2010 16:20:41 +0000 https://www.hackerbruecke.net/linux/email/cyrus/cyrus_secure?rev=1493131964&do=diff TLS, IMAP over SSL (imaps) and pop3 over SSL (pop3s) TLS Modify / append the TLS-settings in /etc/imap.conf: #--- SSL/TLS setting ---# tls_ca_path: /etc/ssl/certs tls_ca_file: /etc/ssl/certs/ca_cert.pem tls_cert_file: /etc/ssl/certs/station7_cert.pem tls_key_file: /etc/ssl/private/station7_key.pem anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:52:44 +0000 https://www.hackerbruecke.net/linux/email/monitoring/pflogsum?rev=1493132162&do=diff Postfix-Reporting mit Pflogsum apt-get install pflogsum /usr/local/bin/postfix_report.sh #!/bin/bash /usr/sbin/pflogsumm -d yesterday --problems_first /var/log/mail.log.1 > /tmp/pflogsumm /usr/bin/mailx -s "Automatischer Postfix-Report von $(hostname)" -r postfix-admin@station7.example.de postfix-admin@station7.example.de < /tmp/pflogsumm anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:02 +0000 https://www.hackerbruecke.net/linux/email/postfix/config?rev=1712422579&do=diff Postfix smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver Edit /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix smtpd_banner = mail.example.org myhostname = mail.example.org myorigin = example.org mydestination = mail.example.org mynetworks = 127.0.0.0/8, 10.0.0.0/8 alias_maps = hash:/etc/aliases, ldap:virtualaliases… anonymous@undisclosed.example.com (Anonymous) Sat, 06 Apr 2024 16:56:19 +0000 https://www.hackerbruecke.net/linux/email/postfix/postfix_secure?rev=1493132183&do=diff Postfix with TLS and SSL (smtps) Use a portscanner like „nmap“: station7:/etc/init.d # nmap localhost | grep smtp 25/tcp open smtp -> smtp is only running at port 25! TLS Modify the TLS-settings in /etc/postfix/main.cf #--- SSL/TLS setting ---# smtpd_client_restrictions= permit_tls_clientcerts, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access hash:/etc/… anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:23 +0000 https://www.hackerbruecke.net/linux/email/postfix/relayhost?rev=1493132193&do=diff Postfix configuration for a relayhost (MX) / Anti-SPAM-/UCE-settings smtpd (smtp + daemon) = server = Postfix receives mail from a client smtp = client = Postfix sends mail to another mailserver used Ports: 10023/tcp: postgrey 10024/tcp: amavisd-new 10025/tcp: policyd-weight anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:33 +0000 https://www.hackerbruecke.net/linux/email/postfix/sasl?rev=1493132202&do=diff SASL A very conveniant way of configuring the Simple Authentication and Security Layer (SASL) is to use the Pluggable Authentication Modules (PAM), since it can use diffrent authentication sources like ldap or /etc/passwd - thus SASL is everything but simple anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:56:42 +0000 https://www.hackerbruecke.net/linux/email/amavisd/dkim/sign?rev=1493132019&do=diff Domain Key Identified Mail outbound - ORIGINATING - signieren DKIM basiert auf asymetrischer Verschlüsselung mit public- und private-Key. Das Key-Paar wird mit folgender Syntax erzeugt: amavisd genrsa <Dateiname> [Anzahl der Bits für den Schlüssel] anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:53:39 +0000 https://www.hackerbruecke.net/linux/email/amavisd/dkim/verify?rev=1493132031&do=diff Domain Key Identified Mail inbound verifizieren vim /etc/amavis/conf.d/50-user # DKIM-Ueberpruefung: $enable_dkim_verification = 1; $allowed_added_header_fields{lc('Authentication-Results')} = 1; service amavis restart AMaViS kann nun mit Hilfe des Public-Keys der in der anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:53:51 +0000 https://www.hackerbruecke.net/linux/monitoring/icinga/hardware/temper1?rev=1493132385&do=diff Temperaturmessungen mit dem TEMPer1 USB sensor Vor einiger Zeit begann ich zuhause mir einen kleinen Serverraum einzurichten - mein Datenklo ;-). In diesem Serverraum sollte natürlich auch die Raumtemperatur mit Icinga oder Nagios überwacht werden. - Natürlich gibt es verschiedene quasi out-of-the-box Lösungen, wie z.B. anonymous@undisclosed.example.com (Anonymous) Tue, 25 Apr 2017 14:59:45 +0000