November 27, 2022 Roberto Puzzanghera 0 comments
This article explains how to convert a given Linux distribution to a Slackware one in an OVH kimsufi server.
It is based on the Slackware wiki page Install Slackware on an online.net Dedibox BareMetal Server, which explains the same for a Dedibox BareMetal Server on online.net.
The plan is to
- install a Linux of your choice
- reboot in rescue mode that Linux distro
- chroot into the Slackware initrd image and run setup from there
- partition and install Slackware over the existing Linux
- configure the fresh installed Slackware and reboot
November 20, 2022 Roberto Puzzanghera 19 comments
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
I will show shortly how to install and configure
fail2ban to ban malicious IPs, especially those related to the
qmail-dnsrbl patch. This will avoid to be banned ourselves by
spamhaus, which is free up to 100.000 queries per day.
fail2ban requires that you have a firewall as
- Nov 20, 2022
- switched all actions to
nftables, as it has now replaced
fail2banhas support for it. Just replace "iptables" with "nftables" in your jails.
- Nov 18, 2022
- fail2ban upgraded to v. 1.0.2
- jails now have a different action's declaration (iptables[type=multiport] instead of iptables-multiport)
- added a short note on how to configure the server with a network bridge
November 2, 2022 Roberto Puzzanghera 73 comments
- Download my dovecot's config files
- Nov 2, 2022
mailbox_list_index = yesand
mail_always_cache_fields = date.saveto 10-mail.conf (tx JonTDW, more info here)
- Aug 9, 2022
-improved the sql stuff in case of --disable-many-domains (tx kengheng)
- Apr 21, 2022
-Solr support added
- Apr 17, 2022
-auth-sql.conf.ext: changed the userdb lookup for LDA from static to sql, as the home dir was not retrieved correctly if positioned in a subfolder (i.e. domains/0/domainname).
- June 20, 2021
-15-mailboxes.conf: added Junk.TeachSpam and Junk.TeachNotSpam mailboxes to store messages for the learning and reporting systems (more info here)
- March 17, 2021
- 90-quota.conf: quota definition adjusted in this way
quota = maildir::as the GETQUOTA command was not returning the quota (thanks a.key)
- March 2, 2021
- "one table per domain" support added (--disable-many-domains)
- added domains limits support to password_query (you have to compile vpopmail --enable-mysql-limits)
- January 29, 2021
- auth-sql.conf.ext now uses the userdb's prefetch driver in order to perform one single query when doing the auth
- dovecot-sql.conf.ext has been modified to allow authentication both with real and alias domains, provided that you patched vpopmail accordingly. More info in this page.
- the iterate_query in the sql driver now extracts the "user" field (was "username") as required by the docs.
- Info: http://www.dovecot.org/
- Documentation: http://wiki2.dovecot.org
- Mail Server overview: http://wiki2.dovecot.org/MailServerOverview
- Download: http://www.dovecot.org/releases/2.3/
- Version: dovecot-2.3.18
Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.
October 28, 2022 Roberto Puzzanghera 20 comments
- Download qmail-dnsbl patch (local copy)
- Code and logic from rblsmtpd and qmail-dnsbl patch by Fabio Busatto
- Added support for whitelists, TXT and A queries, configurable return codes 451 or 553 with custom messages (by Luca Franceschini)
This patch replaces the djb's rblsmtpd program. It incorporates into qmail-smtpd the rbl stuff with the advantage that you can see the envelope in the logs. Registering the envelope as well as the sender ip is important to always know what happened to not received messages.