ucspi-ssl - TLS encryption for Client/Server IPv6/IPv4 communication

May 9, 2022 Roberto Puzzanghera 0 comments

sslserver, sslclient, and sslhandle are command-line tools for building SSL client-server applications. 

sslserver listens for IPv6 and/or IPv4 connections, and runs a program for each connection it accepts. The program environment includes variables that hold the local and remote host names, IP addresses, and port numbers. sslserver offers a concurrency limit on acceptance of new connections, and selective handling of connections based on client identity supporting CIDR IP address notation. sslserver supports STARTTLS and STLS.

sslclient requests a connection to either a IPv6 or IPv4 TCP sockets, and runs a program. The program environment includes the same variables as for sslserver.

sslhandle is a pre-forking sslserver; though without STARTTLS/STLS capabilities.

With sslserver we can have a secure connection on port 465 to receive our emails.

You already installed fehQlibs, which are supplementary C libraries needed for ucspi-ssl.

tar xzf /usr/local/src/ucspi-ssl-0.12.3.tgz
cd host/superscript.com/net/ucspi-ssl-0.12.3
./package/install

The configuration of the supervise script for qmail-smtps is inside the configuration page.

e-mail indexing with Solr FTS Engine

April 21, 2022 Roberto Puzzanghera 0 comments

Solr is a Lucene indexing server. Dovecot communicates to it using HTTP/XML queries. With this indexing server, you can do text searches in your emails.

Installing

Solr is a java servlet which requires openjdk v. 8 or later. Be sure that you have the java binary in you path, for example

PATH=$PATH:/usr/lib64/java/bin/

Download the binary version of Solr and install

cd /usr/local/src
wget https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.tgz?action=download -O solr-8.11.1.tgz

Extract the installer from the archive and run it. The installer will work for most Linux distributions based on systemd.

tar xzf solr-8.11.1.tgz solr-8.11.1/bin/install_solr_service.sh --strip-components=2
sudo bash ./install_solr_service.sh solr-8.11.1.tgz

The server will be launched by systemd at boot time.

LXC scripts for unprivileged containers

April 12, 2022 Roberto Puzzanghera 0 comments

Handling LXC unprivileged containers as root is not possible with the default LXC programs, because they must be called by the user who owns them and sometime is also necessary to specify the container's configuration file. For example, running lxc-ls as root shows all the unprivileged containers as stopped even when they are running, while lxc-start aborts the containers' startup sequence due to id mapping issues.

Since I prefer to run/stop/create/destroy/etc. my containers just typing my commands as root, not after the usual su - owner each time, I wrote my own wrapper scripts collection for the main LXC commands, just to simplify my tasks. In addition, all the containers will be created in the same directory, say /usr/local/lxc.

I use them both for privileged (owned by root itself) and unprivileged containers. In the latter case the owner of the container is determined dinamically.

These scripts allow an administrator to use LXC running his applications in separate containers, each one (or group of them) runned by a different user and id map.

I wrote them for my Slackware linux distro, but I think that they remain valid for any other Linux flavor.

If you are a Slackware user and you are looking for unprivileged containers documentation, you should take a look to Chris Willings' guide, which was my starting point on this topic. Also the Stéphane Graber's article is a suitable reading at the beginning.

qmailadmin

April 9, 2022 Roberto Puzzanghera 85 comments

qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.

Combined patch details

  • qmailadmin-skin, a patch that I created during covid-19 spare time, provides a new responsive skin to the control panel. It modifies everything under the html dir and many .c files in order to adjust the html embedded into the source files. Added a stylesheet style.css in the images folder and a couple of png files for the qmail logo. It should be much easier to modify the qmailadmin's skin from now on.
  • patch to call cracklib in order to check for the password strenght. This should avoid unsafe accounts created by domain administrators such as "test 123456".
  • A nice patch (thanks to Tony, original author unknown) which gets qmailadmin to have authentication failures logged. This makes possible to ban malicious IPs via fail2ban. It is required to create the log file /var/log/qma-auth.log initially and assign write priviledges to apache.
  • ezmlm-idx 7 compatibility patch (author unknown), which restores the compatibility with ezmlm-idx-7 (thanks to J.D. Trolinger for the advice).
  • a fix to the catchall account (thanks to Luca Franceschini).
  • another fix to autorespond.c to correct the way .qmail files are modified

Changelog

  • Apr 09, 2022
    --enable-imageurl=/files is now --enable-imageurl=/qmailadmin/files (no need to have an alias on apache config). Added --disable-catchall, which is bad for spam. Tx Gabriel Torres
  • 2022.04.01
    -qmailadmin now logs to stderr when qma-auth.log can't be opened in write mode. It was returning a white screen without any error message nor on screen, nor on stderr.
  • 2021.03.12
    -patch cleanup
  • 2020.09.02
    -mod_user.html: cleaned the html as it was printing unneeded strings
  • 2020.08.10
    - mod_user.html: added the "value" attribute to the name/gecos input tag
    - Makefile.in: added a line to install the css, as already done for Makefile.am
    (tx Pablo Murillo)
  • 2020.05.22
    - mod_user.html: removed the "required" attribute on password field, to allow modifications in case of no password change