Inroduction: Because of the module mcrypt for PHP neot being maintained since a bout 10 years the PHP team has decided to drop it from the PHP version 7.2 on. For PHP applications that need this module here are the instructions to compile and install it for PHP 7.2. Reference: https://lukasmestan.com/install-mcrypt-extension-in-php7-2/ STEPS: We need to …
Author: admin
Listing all subscribers in mailman mailing list
Intro: As far as my experience with mailman is concerned, if I create a list of all subscribers of a mailing list using the web interface I get the list with the word ‘at’ instead of ‘@’ in each email address. In order to get a normal list of all addresses of subscribers a mailing …
Changing the mailman subscribers ‘moderation’ bit on the command line
Intro: In my mailman installation with over 3K subscribers I could not find why the web interface didn’t allow me to change the ‘moderation’ bit of subscribers, or any other property. So I found this tool which allows me to the ‘moderation’ bit for any subscriber using the command line. Sinc ethe Python module for …
Install CERTBOT in Ubuntu-16-04-xenial and Debian Stretch
Intro: Here is a 1-to-1 copy of the article on how to install certbot in Ubuntu 16.04 and Debian Stretch Ubuntu 16.04 HOWTO: Install On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages. $ sudo apt-get …
Configuring Letsencrypt in ISPConfig 3.1
Intro: Since a while now the wonderful idea of creating the service Letsencrypt has made lots of admins happy. Here is how we can also use Letsencrypt with ISPConfig 3.1. Ref: https://www.howtoforge.com/community/threads/ssl-how-to-for-ispconfig-3-with-letsencrypt.74738/ STEPS: Define ISPconfig to use the new SSL certificate with symbolic links. (If you don’t know how to use symbolic links this how-to …
Rectify mailman URLs after a hostname change
Intro: I had to change the server name of my mailman server. I changed it in /etc/mailman/mm_cfg.py as follows: # Default domain for email addresses of newly created MLs DEFAULT_EMAIL_HOST = ‘mailman.myserver.com’ #————————————————————- # Default host for web interface of newly created MLs DEFAULT_URL_HOST = ‘mailman.myserver.com’ BUT! Some links in the mailman site were OK …
Blocking hosts blacklist and iptables
Intro: I happen to have sone attacks coming from specific hosts which I decided to block access to the server. Here is how I did it using a script which deletes and reload a full iptables CHAIN based on a file containing a list of IPs/Ranges. STEPS: Create a file called blacklist.txt with one IP/Range …
Blocking reception of full TLDs
Intro: Lately I was receiving a lot of spam from a ‘.date’ TLD sources and wanted to block all these emails using Postfix. Here is a solution found at: https://serverfault.com/questions/728641/blacklisting-tld-in-postfix/728658 Steps: Install the Postfix PCRE dictionary apt-get install postfix-pcre Configure postfix postconf -e smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains postconf -e reject_unauth_destinations=pcre:/etc/postfix/rejected_domains Edit the new file /etc/postfix/rejected_domains with the following …
OpenDKIM doesn’t start after Upgrade from Jessie to Stretch
Introduction: After having done a dist-upgrade fo Jessie to Stretch OpenDKIM didn’t start any more. After research I found the answer which worked for me in this site: https://serverfault.com/questions/847435/cant-change-opendkim-socket-in-debian-stretch-in-etc-default-opendkim INFO: I’m using the ‘inet’ socket for the communication between Postfix and OpenDKIM at port 12345. eg. My config in of OpenDKIM in Postfix: milter_default_action = …
Verifying PHP syntax.
After an upgrade from php 5.6 to 7.0/7.1 many php scripts gave me trouble. So I looked for a way to test the php syntax before errors showed up later when the sites are live. I found this one which is quite helpful: find . -name “*.php” -exec php -l {} \; 1>/dev/null
Some Zabbix tools
Introduction: In order to debug some Zabbix problems here are some tools I gathered to help. Requirements: Installation of the package zabbix-get in the monitoring server apt-get install zabbix-get Installation of the package zabbix-agent in the monitored hosts. apt-get install zabbix-agent TIP: In order to programmatically (using bash for example) create scripts that monitor anything …
piwik: Could not open input file: ./console
Introduction: In order to know the location of the visits your website received before you started using Piwik with GeoIP you need to run a command. The reference to this command is at: https://piwik.org/faq/how-to/faq_167/ Problem: Unfortunately after having logged in as root in the server this command gave me the following error: Could not open …
Prepare Debian Stretch for Installing GlusterFS 3.12
In order to install this version of GlusterFS we need to add the repositories: Ref: https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/ echo deb [arch=amd64] http://download.gluster.org/pub/gluster/glusterfs/3.12/LATEST/Debian/stretch/apt stretch main > /etc/apt/sources.list.d/gluster.list wget -O – http://download.gluster.org/pub/gluster/glusterfs/3.12/rsa.pub | apt-key add – apt-get update apt-get install glusterfs-server xfsprogs Format the dedicated partition for GlusterFS synchronized data: eg. /dev/xvda3 mkfs.xfs -f -i size=512 /dev/xvda3 Example of …
Transferring IMAP account mails and folders to another IMAP account on another server … or locally.
Introduction: The other day I was asked to install a completely new email server and transfer all the email accounts from the old mail server to the new one. I noticed that since the new mail server was using a different mail INBOX format I had to do some research and found this really good …
Installing Filebeat, Logstash, ElasticSearch and Kibana in Ubuntu 14.04
PREPARATIONS #Ref: https://www.elastic.co/guide/en/logstash/current/installing-logstash.html First install Java 8 in Ubuntu 14.04 # Ref: https://www.liquidweb.com/kb/how-to-install-oracle-java-8-on-ubuntu-14-04-lts/ apt-get install python-software-properties software-properties-common apt-add-repository ppa:webupd8team/java apt-get update apt-get install oracle-java8-installer java -version Result: java version “1.8.0_144” Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) Facilitate updating of all packages via APT repositories apt-get install …
TCP Proxying using socat
Introduction: Lately I’ve had to create a pure bidirectional TCP Proxy for a project. For this there are lots of alternatives like haproxy, nginx, cat and socat and others. Because of the simplicity of the command I decided to use socat but will also show the command for cat as well. The NCAT method: The …
Disabling the admin security password confirmation in Jira and Confluence
Introduction: Although in Jira and Confluence the WebSudo, requesting the confirmation of the administrator’s password, are neat security features if you are working in a company where the chances of someone fiddling around with your computer are high. BUT in a very small company, where this risk is almost none, this feature has proven very …
Hardening the SSL security in Apache, Dovecot and Postfix
Introduction: After having gotten a report from OpenVAS that my SSL security level of the mail server were medium, I looked for ways to improve this. I found very good sites which helps me making these improvements: https://weakdh.org/sysadmin.html https://wiki.dovecot.org/SSL/DovecotConfiguration Click to access applied-crypto-hardening.pdf Based on this site and extending to cover dovecot mail service here …
Whitelisting Hosts in Postfix/Amavis
Introduction: I have an email server with very strong spam filtering and every now and then it does see the emails that I send from our own networks as SPAM. In order to bypass the SPAM scanner for those networks without bypassing the virus scanning of Amavis I found these instructions in Internet at: http://verchick.com/mecham/public_html/spam/bypassing.html#1 …
Mounting a remote directory using SSHFS in Debian Jessie
Introduction: If you want to mount a directory on a remote server via Internet NFS can be quite a challenge to protect. A good solution would then be to use SSHFS. Here is a shot Howto for Debian Jessie. Note: In Wheezy and in Jessie before I did an upgrade to the kernel 3.16.0-4-amd64, the …