Migrating spamassassin to version 4.0
December 27, 2022 Roberto Puzzanghera 0 comments
Install spamassassin
v. 4
SA v.4 DMARC
plugin requires Mail::DMARC::PurePerl
, while DecodeShortURLs
requires DBD::SQLite
( or DBD::MariaDB
or DBD::mysql
), so it's better to install them before the upgrade:
perl -MCPAN -e shell cpan> force notest install Mail::DMARC::PurePerl DBD::SQLite cpan> quit
Stop qmail
and spamd
and then upgrade spamassassin
, run sa-update
and restart the services:
qmailctl stop spamdctl stop perl -MCPAN -e shell cpan> force notest install Mail::SpamAssassin Mail::SpamAssassin::Plugin::Razor2 cpan> quit sa-update spamdctl start qmailctl start
Wrapper scripts for LXC unprivileged containers
December 22, 2022 Roberto Puzzanghera 0 comments
Index
- Part 1: Introduction
- Part 2: Basic configuration files
- Part 3: Creating an unprivileged container on Slackware
- Part 4: Scripts overview
- Part 5: Natting example
- Browse the scripts' folder
A common use of the LXC unprivileged containers is to isolate services like sql, ftp, httpd, mail etc. in an host server where the only user who will ever login is root
. In this case, handling the unprivileged containers can be quite annoying.
In fact, one would like to have all the containers inside the same directory, tipically /lxc
, while LXC
will install them in the $HOME/.local/share/lxc
directory of the container's owner user. In addition, root
has to administer a container as its owner user (i.e. using sudo -u <user>
), by defining the configuration file and other parameters by means of a long command to type and remember. If you have many unprivileged containers and have to perform tasks like start/stop/attach frequently, your patience will come to an end very quickly.
This is the reason why at a certain point I started to write my own wrapper scripts for the most common LXC
commands. Nothing special, but it seems that no one has published any tools to simplify the LXC
common tasks with unprivileged containers, so it may be worth posting here what I have done.
Converting a Linux installation to a Slackware one in an OVH Kimsufi server
November 27, 2022 Roberto Puzzanghera 0 comments
This article explains how to convert a given Linux distribution to a Slackware
one in an OVH kimsufi server.
It is inspired by the Slackware
wiki page Install Slackware on an online.net Dedibox BareMetal Server, which explains the same for a Dedibox BareMetal Server on online.net.
The plan is to
- install a
Linux
of your choice - reboot in rescue mode that
Linux
distro - download the
Slackware
initrd and prepare the install environment - chroot into the
Slackware
initrd image - partition and install
Slackware
over the existingLinux
- configure the fresh installed
Slackware
and reboot
Setting up your firewall with fail2ban
November 20, 2022 Roberto Puzzanghera 19 comments
- Version: 1.0.2
- More info here
- Howto (Wiki)
- Manual
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
I will show shortly how to install and configure fail2ban
to ban malicious IPs, especially those related to the qmail-dnsrbl
patch. This will avoid to be banned ourselves by spamhaus
, which is free up to 100.000 queries per day.
fail2ban
requires that you have a firewall as nftables
or iptables
active.
Changelog
- Nov 20, 2022
- switched all actions tonftables
, as it has now replacediptables
andfail2ban
has support for it. Just replace "iptables" with "nftables" in your jails. - Nov 18, 2022
- fail2ban upgraded to v. 1.0.2
- jails now have a different action's declaration (iptables[type=multiport] instead of iptables-multiport[])
- added a short note on how to configure the server with a network bridge