Mail https://tech.feedyourhead.at/ en Postfix: verified TLS with DANE https://tech.feedyourhead.at/content/postfix-verified-tls-with-dane <span class="field field--name-title field--type-string field--label-hidden">Postfix: verified TLS with DANE</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>TLS via SMTP is <a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic</a> which makes connections vulnerable to man-in-the-middle-attacks. In order to prevent mitm-attacks, <a href="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">DANE</a> could be used. The sender-server will first check the domain-records if dnssec is in use(and valid) and if a TLSA-record is published(and valid). If a TLSA-record is valid and matches with the certificate of the recipient-server the connection could be encrypted and the encryption is verified. Postfix was one of the first smtp-servers that implemented DANE since the <a href="https://tools.ietf.org/id/draft-dukhovni-smtp-opportunistic-tls-00.html">author of the DANE protocol is a postfix-developer</a>. This article describes how to enable DANE in postfix.</p> <h3>Preconditions</h3> <p>It's very easy to enable DANE in postfix. First we have to ensure that postfix can resolve DNSsec queries. I recommend to install the dns-resolver "<a href="https://unbound.net/">unbound</a>" on the postfix-server. Unbound does DNSsec pretty well. It also automatically manages the trust-anchors for DNSsec. We can check if DNSsec works, if the "ad"-flag is set. So lets use dig to test it:</p> <pre> <code>&gt; DiG 9.9.5-9+deb8u15-Debian &lt;&lt;&gt;&gt; gov. +dnssec ;; global options: +cmd ;; Got answer: ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 35764 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;gov. IN A </code></pre> <p>As we can see, the "ad"-flag was set. If we use a resolver without dnssec-support it would look like that:</p> <pre> <code> % dig gov. +dnssec ; &lt;&lt;&gt;&gt; DiG 9.8.4-rpz2+rl005.12-P1 &lt;&lt;&gt;&gt; gov. +dnssec ;; global options: +cmd ;; Got answer: ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: SERVFAIL, id: 25074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4000 ;; QUESTION SECTION: ;gov. IN A </code></pre> <p>As you can see, there is no "ad"-flag in this example. That indicates that DNSsec is not supported by the resolver.</p> <h3>Postfix-config</h3> <p>As soon as we set up a resolver with dnssec-support, we can easily enable DANE in postfix:</p> <pre> <code> # DANE-Settings smtp_dns_support_level=dnssec smtp_host_lookup=dns smtp_tls_security_level = dane smtp_tls_loglevel=1 </code></pre> <p>Now postfix will always try to verify the TLS-connection using DANE. If you just want to enable DANE for specific domains, I'll recommend have a look at the <a href="http://www.postfix.org/TLS_README.html#client_tls">example in the postfix-documentation</a>.</p> <h3>Test</h3> <p>We can test DANE by sending Emails to a server that has TLSA-Records. There is a list of domains with TLSA-records at the end of <a href="https://static.ptbl.co/static/attachments/169319/1520904692.pdf?1520904692">this pdf</a>. I just tested DANE by sending an email to a gmx.net-address:</p> <pre> <code> May 12 21:26:59 mymailserver postfix/smtp[3064]: Verified TLS connection established to mx01.emig.gmx.net[212.227.17.5]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) </code></pre> <p>The keyword "Verified" indicates that the TLS-connection could be verified.</p> <p>&nbsp;</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 14 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/crypto" hreflang="en">Crypto</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/email" hreflang="en">Email</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/mail" hreflang="en">Mail</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=265&amp;2=comment&amp;3=comment" token="oDTTj6SHpFvGYUI319oXvKTZNvcKlQalAHTJrUNU044"></drupal-render-placeholder> </section> Mon, 14 May 2018 12:11:10 +0000 Hoti 265 at https://tech.feedyourhead.at Fixing "postscreen_cache.db: No such file or directory" https://tech.feedyourhead.at/content/postscreen_cache_db_no_such_file <span class="field field--name-title field--type-string field--label-hidden">Fixing &quot;postscreen_cache.db: No such file or directory&quot;</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>If I enable postscreen on a Debian-Host I'll get this strange message in my mail.log:</p> <pre> <code> Feb 13 08:38:37 tardis postfix/postscreen[17453]: close database /var/lib/postfix/postscreen_cache.db: No such file or directory (possible Berkeley DB bug) </code></pre> <p>It looks like the postscreen_cache.db-file is located in /var/lib/postfix instead of the postfix-jail /var/spool/postfix/var/lib/postfix. So we can fix it by moving the file into the jail:</p> <pre> <code> root@tardis:~# service postfix stop root@tardis:~# mkdir -p /var/spool/postfix/var/lib/postfix root@tardis:~# mv /var/lib/postfix/postscreen_cache.db /var/spool/postfix/var/lib/postfix root@tardis:~# ln -s /var/spool/postfix/var/lib/postfix/postscreen_cache.db /var/lib/postfix/postscreen_cache.db root@tardis:~# service postfix start </code></pre> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Feb 13 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/email" hreflang="en">Email</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/mail" hreflang="en">Mail</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <div class="node__links"> <ul class="links inline"><li class="comment-add"><a href="/content/postscreen_cache_db_no_such_file#comment-form" title="Share your thoughts and opinions." hreflang="en">Add new comment</a></li></ul> </div> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class="title">Comments</h2> <article data-comment-user-id="0" id="comment-94" about="/comment/94" typeof="schema:Comment" class="comment js-comment by-anonymous"> <mark class="hidden" data-comment-timestamp="1530798812"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/user/0" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" typeof="schema:Person" property="schema:name" datatype="">AlexJ (not verified)</span> on Jul 05 2018</span> <span property="schema:dateCreated" content="2018-07-04T22:49:32+00:00" class="rdf-meta hidden"></span> </p> <a href="/comment/94#comment-94" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/94#comment-94" class="permalink" rel="bookmark" hreflang="en">Ownership</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item"><p>I think you need to add after mkdir:</p> <p>chown -c postfix:postfix /var/spool/postfix/var/lib/postfix</p> </div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=94&amp;1=default&amp;2=en&amp;3=" token="ol1xzV6aqwLVHhjNWHhqXfrwgOyPTLPi6CWI9X3RYVE"></drupal-render-placeholder> </div> </article> <div class="indented"> <article data-comment-user-id="1" id="comment-95" about="/comment/95" typeof="schema:Comment" class="comment js-comment by-node-author"> <mark class="hidden" data-comment-timestamp="1530798837"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/users/hoti" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span> on Jul 05 2018</span> <span property="schema:dateCreated" content="2018-07-05T13:53:57+00:00" class="rdf-meta hidden"></span> </p> <p class="parent visually-hidden">In reply to <a href="/comment/94#comment-94" class="permalink" rel="bookmark" hreflang="en">Ownership</a> by <span lang="" typeof="schema:Person" property="schema:name" datatype="">AlexJ (not verified)</span></p> <a href="/comment/95#comment-95" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/95#comment-95" class="permalink" rel="bookmark" hreflang="en">You are right. Thank you</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item">You are right. Thank you</div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=95&amp;1=default&amp;2=en&amp;3=" token="Hbydflre5-H5wZvoxxhvJbrTbsUKOlJdx2g9Q62aN00"></drupal-render-placeholder> </div> </article> </div> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=230&amp;2=comment&amp;3=comment" token="pPqoLsWIjKkqcyirAGN6Yxo6XV_4ZmeucW8SVWKFH-0"></drupal-render-placeholder> </section> Mon, 13 Feb 2017 07:44:03 +0000 Hoti 230 at https://tech.feedyourhead.at Let's Encrypt https://tech.feedyourhead.at/content/lets-encrypt <span class="field field--name-title field--type-string field--label-hidden">Let&#039;s Encrypt</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><img alt="Letsenrypt" data-entity-type="file" data-entity-uuid="ab8fc64a-a62f-4e17-8d48-729a45365e04" src="/sites/default/files/inline-images/letsencrypt.jpg" /></p> <p><a href="https://letsencrypt.org">Lets Encrypt </a>was lately quite often in the media. Letsencrypt is a very easy to use tool which provides certificates for free. Those certificates are valid on most common browsers.  I never understood why certificates are expensive that's why I tried out letsencrypt(and I like it!).</p> <p>In this article, I will replace all <a href="https://www.cacert.org/">cacert-certificates</a> on a <a href="https://kolab.org/">kolab-server</a>. Therefore I will install the letsencrypt-certificate on: apache2, cyrus-imapd and postfix.</p> <h3>Installing letsencrypt</h3> <p>I just used git to obtain the letsencrypt-script:</p> <pre> <code> git clone https://github.com/letsencrypt/letsencrypt </code></pre> <p>Whenever letsencrypt is started it will search for dependencies and automatically install it using the package-manager of the Linux-distribution. So it's wise to open the help-page first:</p> <pre> <code> root@kolab:~/letsencrypt# ./letsencrypt-auto --help Updating letsencrypt and virtual environment dependencies...... Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --help letsencrypt-auto [SUBCOMMAND] [options] [-d domain] [-d domain] ... The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. Major SUBCOMMANDS are: (default) run Obtain &amp; install a cert in your current webserver certonly Obtain cert, but do not install it (aka "auth") install Install a previously obtained cert in a server revoke Revoke a previously obtained certificate rollback Rollback server configuration changes made during install config_changes Show changes made to server config during installation plugins Display information about installed plugins Choice of server plugins for obtaining and installing cert: --apache Use the Apache plugin for authentication &amp; installation --standalone Run a standalone webserver for authentication (nginx support is experimental, buggy, and not installed by default) --webroot Place files in a server's webroot folder for authentication OR use different plugins to obtain (authenticate) the cert and then install it: --authenticator standalone --installer apache More detailed help: -h, --help [topic] print this message, or detailed help on a topic; the available topics are: all, automation, paths, security, testing, or any of the subcommands or plugins (certonly, install, nginx, apache, standalone, webroot, etc) </code></pre> <h3>Different Modes</h3> <p>Letsencrypt can just create and download a certificate(certonly) or it can create the certificate and install it on different services( at the moment only nginx and apache seems to be supported for this).  There is a <a href="http://letsencrypt.readthedocs.org/en/latest/using.html#plugins">list in the letsencrypt-documentation</a> which option just creates the certificate and which option also installs it.</p> <h3>How to authenticate the host</h3> <p>Every certification-authority has to validate if you are really the owner of the domain where you want to install the certificate. Sometimes you have to set an entry in your dns-zone, or you just get an email to one of the mail-addresses of this dns-zone. Letsencrypt is a script executed on the targethost. It will just call home using HTTPS. But then the letsencrypt-server has to call back to your host to validate if it is really yours. If you don't  have a webserver on your host, letsencrypt can create a temporary <strong>standalone</strong> webserver for you and does the authentication automatically. I already have a webserver installed, so I can use my apache-Installation. Letsencrypt has an option called <strong>webroot.</strong> If you use this option for authentication, you will have to provider the path to your webroot and letsencrypt will then just create a temporary and hidden directory(.well-known) in this webroot. Be aware that letsencrypt only uses HTTP for validation. So if your server just listens on port 443 it won't work. Another option for authentication is <strong>manual</strong>. Using manual, one has to do the authentication by hand(I never tried that).</p> <h3>So let's encrypt</h3> <pre> <code> ./letsencrypt-auto certonly --rsa-key-size 4096 --webroot -w /var/www/html/ -d kolab.example.com </code></pre> <p>This command will create a certificate for kolab.example.com using the webroot /var/www/html for authentication. This certificate is stored in /etc/letsencrypt/live/kolab.example.com:</p> <pre> <code> root@kolab:~/letsencrypt# ls -l /etc/letsencrypt/live/kolab.example.com/ total 0 lrwxrwxrwx 1 root root 42 Jan 28 15:34 cert.pem -&gt; ../../archive/kolab.example.com/cert1.pem lrwxrwxrwx 1 root root 43 Jan 28 15:34 chain.pem -&gt; ../../archive/kolab.example.com/chain1.pem lrwxrwxrwx 1 root root 47 Jan 28 15:34 fullchain.pem -&gt; ../../archive/kolab.example.com/fullchain1.pem lrwxrwxrwx 1 root root 45 Jan 28 15:34 privkey.pem -&gt; ../../archive/kolab.example.com/privkey1.pem </code></pre> <h3>Configuring the services</h3> <h4>Apache2( &gt;= 2.4.8 )</h4> <pre> <code> SSLCertificateFile /etc/letsencrypt/live/kolab.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/kolab.example.com/privkey.pem </code></pre> <h4>Apache2( &lt; 2.4.8 )</h4> <pre> <code> SSLCertificateFile /etc/letsencrypt/live/kolab.example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/kolab.example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/kolab.example.com/chain.pem </code></pre> <h4>Nginx</h4> <pre> <code> ssl_certificate /etc/letsencrypt/live/kolab.example.com/fullchain.pem ssl_certificate_key /etc/letsencrypt/live/kolab.example.com/privkey.pem </code></pre> <h4>Postfix</h4> <pre> <code> smtpd_tls_cert_file=/etc/letsencrypt/live/kolab.example.com/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/kolab.example.com/privkey.pem smtp_tls_cert_file=/etc/letsencrypt/live/kolab.example.com/fullchain.pem smtp_tls_key_file=/etc/letsencrypt/live/kolab.example.com/privkey.pem </code></pre> <h4>Cyrus Imapd</h4> <pre> <code> tls_server_cert: /etc/letsencrypt/live/kolab.example.com/cert.pem tls_server_key: /etc/letsencrypt/live/kolab.example.com/privkey.pem tls_server_ca_file: /etc/letsencrypt/live/kolab.example.com/chain.pem </code></pre> <p>DEBIAN-USERS: This won't work out of the box. Cyrus needs to have set the group-permissions for the certificate-files correctly:</p> <pre> <code> 403119 4 drwxr-x--- 3 root ssl-cert 4096 Jan 28 15:34 /etc/letsencrypt/archive 403129 4 -rw-r--r-- 1 root ssl-cert 3272 Jan 28 15:34 /etc/letsencrypt/archive/kolab.example.com/privkey1.pem 403130 4 -rw-r--r-- 1 root ssl-cert 1675 Jan 28 15:34 /etc/letsencrypt/archive/kolab.example.com/chain1.pem 403128 4 -rw-r--r-- 1 root ssl-cert 2151 Jan 28 15:34 /etc/letsencrypt/archive/kolab.example.com/cert1.pem 403131 4 -rw-r--r-- 1 root ssl-cert 3826 Jan 28 15:34 /etc/letsencrypt/archive/kolab.example.com/fullchain1.pem 403120 4 drwxr-x--- 3 root ssl-cert 4096 Jan 28 15:34 /etc/letsencrypt/live </code></pre> <h3>Renewal</h3> <p><a href="http://letsencrypt.readthedocs.org/en/latest/using.html#renewal">Letsencrypt says on it's page</a>:</p> <blockquote> <p>Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.</p> </blockquote> <p>Let's create a renewal-script(/opt/letsrenew.sh):</p> <pre> <code> #!/bin/bash /opt/letsencrypt/letsencrypt-auto certonly --config /opt/letsencrypt/cli.ini --webroot -w /var/www/html/ -d kolab.example.com service apache2 restart service postfix restart service cyrus-imapd restart </code></pre> <p>So we can just create a cronjob(At 00:00 on the 1st in Jan, Mar, May, Jul, Sep and Nov):</p> <pre> <code> 0 0 1 */2 * /opt/letsrenew.sh &gt; /dev/null </code></pre> <p>Our /opt/letsencrypt/cli.ini looks like this:</p> <pre> <code> agree-tos renew-by-default = True </code></pre> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jan 30 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/crypto" hreflang="en">Crypto</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kolab" hreflang="en">Kolab</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/mail" hreflang="en">Mail</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/apache" hreflang="en">apache</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <div class="node__links"> <ul class="links inline"><li class="comment-add"><a href="/content/lets-encrypt#comment-form" title="Share your thoughts and opinions." hreflang="en">Add new comment</a></li></ul> </div> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class="title">Comments</h2> <article data-comment-user-id="0" id="comment-43" about="/comment/43" typeof="schema:Comment" class="comment js-comment by-anonymous"> <mark class="hidden" data-comment-timestamp="1465486717"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/user/0" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" typeof="schema:Person" property="schema:name" datatype="">DoktorBen (not verified)</span> on May 26 2016</span> <span property="schema:dateCreated" content="2016-05-26T08:21:35+00:00" class="rdf-meta hidden"></span> </p> <a href="/comment/43#comment-43" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/43#comment-43" class="permalink" rel="bookmark" hreflang="en">not working</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item"><p>Hello,</p> <p>I followed your steps but cyrus cant access the certs<br /> May 26 10:20:37 post imaps[13762]: unable to get certificate from &#039;/etc/letsencrypt/live/post.example.com/cert.pem&#039;<br /> May 26 10:20:37 post imaps[13762]: TLS server engine: cannot load cert/key data, may be a cert/key mismatch?<br /> May 26 10:20:37 post imaps[13762]: error initializing TLS</p> </div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=43&amp;1=default&amp;2=en&amp;3=" token="0CBfscSMVhEtdl-7xNrRgPHHetR-E1pufZ6nBV81nNA"></drupal-render-placeholder> </div> </article> <div class="indented"> <article data-comment-user-id="1" id="comment-56" about="/comment/56" typeof="schema:Comment" class="comment js-comment by-node-author"> <mark class="hidden" data-comment-timestamp="1465486795"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/users/hoti" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span> on Jun 09 2016</span> <span property="schema:dateCreated" content="2016-06-09T15:39:55+00:00" class="rdf-meta hidden"></span> </p> <p class="parent visually-hidden">In reply to <a href="/comment/43#comment-43" class="permalink" rel="bookmark" hreflang="en">not working</a> by <span lang="" typeof="schema:Person" property="schema:name" datatype="">DoktorBen (not verified)</span></p> <a href="/comment/56#comment-56" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/56#comment-56" class="permalink" rel="bookmark" hreflang="en">I had a similar problem, and…</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item">I had a similar problem, and it turned out that the permissions of the keys/directories were wrong. Make sure that cyrus is able to read the files.</div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=56&amp;1=default&amp;2=en&amp;3=" token="V1Qu_29upv6yDqy15gnEIfgDsb3NNBTcwTZyVhh4JBc"></drupal-render-placeholder> </div> </article> </div> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=153&amp;2=comment&amp;3=comment" token="pc1RY_oYvkTBR6bosei7Urkg8_WX0lhDhQcvRdTyBG4"></drupal-render-placeholder> </section> Sat, 30 Jan 2016 10:04:41 +0000 Hoti 153 at https://tech.feedyourhead.at Kolab 3.2 on debian jessie: filters don't work https://tech.feedyourhead.at/content/kolab-32-debian-jessie-filters-dont-work <span class="field field--name-title field--type-string field--label-hidden">Kolab 3.2 on debian jessie: filters don&#039;t work</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>If you have installed Kolab 3.2 on Debian Jessie and if you are using SSL, you might have problems with sieve-filters. If I click on Filters(in webmail), I'll recieve the following error: "Unable to connect to server".&nbsp; <em>/var/log/mail.log</em> shows me:</p> <pre> <code> Sep 18 11:45:35 kolab sieve[3936]: STARTTLS failed: localhost [::1] </code></pre> <p>I solved that problem by adding the following lines to /etc/roundcubemail/managesieve.inc.php:</p> <pre> <code> $config['managesieve_conn_options']=array( 'ssl'=&gt;array( 'verify_peer_name'=&gt;false, 'verify_peer'=&gt;false, 'allow_self_signed'=&gt;true)); </code></pre> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Sep 18 2015</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kolab" hreflang="en">Kolab</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/mail" hreflang="en">Mail</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/email" hreflang="en">Email</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=106&amp;2=comment&amp;3=comment" token="EaHgcjlI8ZFeDvgXtE-AeMHOuxtkBvHscvUH7uWWCkI"></drupal-render-placeholder> </section> Fri, 18 Sep 2015 12:02:40 +0000 Hoti 106 at https://tech.feedyourhead.at Colorful Postfix-mail.log https://tech.feedyourhead.at/content/colorful-postfix-maillog <span class="field field--name-title field--type-string field--label-hidden">Colorful Postfix-mail.log</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>With nice colors logfiles get more readable. I like the postfix-format of "multitail".&nbsp;&nbsp;</p> <p>multitail -CS postfix -f /var/log/mail.log:</p> <p><img alt="" src="http://tech.feedyourhead.at/sites/tech.feedyourhead.at/files/pictures/multitail_mail_log.jpg" style="height:298px; width:846px" /><br /> &nbsp;</p> <p>If i wanted to edit a mail.log with vim, i always have missed the colours. so i just created a color-scheme for vim:</p> <p>Vim:</p> <p><img alt="" src="http://tech.feedyourhead.at/sites/tech.feedyourhead.at/files/pictures/vim_mail_log.jpg" /></p> <p>~/.vim/syntax/maillog.vim:</p> <pre> <code> " Vim syntax file " Language: mail.log files " Maintainer: Hoti " Last Change: 2011-09-06 " Filenames: mail.log " Version: 0.1 if version < 600 syntax clear elseif exists("b:current_syntax") finish endif syntax match maillogDate /^.* \d\{1,2} \d\d:\d\d:\d\d / syntax match maillogToMail /to=<.*@.*>/ syntax match maillogFromMail /from=<.*@.*>/ syntax match maillogStatus /status=\a* / syntax match maillogNoSpam / Passed CLEAN/ syntax match maillogBlockedSpam / Blocked SPAM/ syntax match maillogBlockedRBL /blocked using.*$/ highlight default link maillogDate Comment highlight default link maillogToMail Constant highlight default link maillogFromMail Type highlight default link maillogStatus Statement highlight default link maillogNoSpam Type highlight default link maillogBlockedSpam Constant highlight default link maillogBlockedRBL Constant let b:current_syntax = "maillog" </code></pre> <p>we need to edit our ~/.vimrc and add the following line:</p> <pre> <code> autocmd BufRead,BufNewFile mail.log set syntax=maillog </code></pre> <p><a href="http://tech.feedyourhead.at/content/vimaillog">Download full source</a></p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Nov 10 2014</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/vim" hreflang="en">vim</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/mail" hreflang="en">Mail</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=7&amp;2=comment&amp;3=comment" token="XclDo4EBJ-co3K9OihriJH27UPGfd4KD5wbKh9JYH34"></drupal-render-placeholder> </section> Mon, 10 Nov 2014 12:58:15 +0000 Hoti 7 at https://tech.feedyourhead.at