Linux tips and tricks 
If you have a site, there is a need to control the validity of the certificate. I already use Nagios for monitoring, so let them control the certificates.
StegHide hides data in picture and sound files, where not all bits in the byte are used. Since the data is encrypted, it is very difficult to prove its presence. The only problem with sizes - to hide megabyte of encrypted data, you will need audio or picture file sizes of several megabytes.
Support plus addressing for mail server
If there is a need to support the plus addressing on the mail server, then it will be necessary to customize our system.
In the Postfix configuration file - /etc/postfix/main.cf you must add a line
recipient_delimiter = +
if we have Dovecot in the role of LDA, we need to make additional settings. First in the file /etc/dovecot/conf.d/15-lda.conf should add or uncomment the line:
recipient_delimiter = +
And in the /etc/postfix/master.cf file, we need to modify our dovecot filter.
It should look like this:
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a $original_recipient} -d ${user}@${nexthop}
To manage messages in Dovecot enabled Sieve.
Sieve — this is a language for describing filtering rules for messages. It was created by Cyrusoft International, Inc./ISAMET while working on the mail server Cyrus. By writing scripts with mail processing it is possible to:
Email processing should take place before the email gets into the user's mailbox. In our previous settings, In our previous settings, the local delivery agent (LDA) is Postfix itself. To connect the Sieve extension, you need to translate this function into Dovecot.
When typing texts is often necessary to use characters that are not present in your layout, or not presen on keyboard at all. For example, typing something like ¼ or ‰ is a non-trivial task. Of course, you can use a character table and just copy everything from there. But it is good when the desired character is entered 1-2 times. And what to do if you need it constantly? This is where the Compose key comes to the rescue.
The compose key is also known as "Multi_key" at the X Window System. In X.Org Server, many keyboard layouts provide different options for the location Multi_key, commonly used in PC-compatible architectures.
You can assign this key in different way. For example, using XkbOptions ("compose: rwin"). In my Kubuntu it can be done in Kmenu-Computer-System Settings-country/region/language. I assigned a button to the Compose key that I never use - CapsLock.
Now let's go through the settings step by step
For correct operation of the mail server requires correct DNS configuration.
In our domain zone, at least, we must have MX records. It is also desirable to create the reverse record, SPF, DKIM and DMARC
Basic DNS settings
In order for other servers to know that our server is accepting mail for our domain, the following settings must be created in the zone description:
The work of gray lists is based on the fact that spammers in case of sending errors often do not send the letter a second time, and legitimate mail servers will try to send a letter for at least two days.
When the message is received for the first time our server returns an error 450 (message not accepted due to a temporary error) and terminates the session,
After a specified timeout (default 300 seconds) the message will be accepted and address of the sender server will be temporary whitelisted. The server will stay in this list for 35 days since the last successful session by default
Let’s install the necessary software
# apt install postgrey
SpamAssassin installing
To install anti-spam, execute the command:
# apt install spamassassin
The program will not work after installation. It is disabled by default. To activate it, it is necessary to change the value enable to 1 in /etc/default/spamassassin file.
Install the antivirus system for the mail server:
#apt install clamsmtp
After we have configure the mail server, it is necessary to check its work. Of course this can be done using a mail client, but sometimes easier and faster to do it with the utility telnet.
It's quite dangerous to use unencrypted traffic on the mail server.This is not due to the interception of emails, but to the fact that an attacker can intercept a user's login and password from a user and use this information to send spam messages.
Encryption uses SSL certificates. If we can buy a certificate from a certification authority - then buy, if not, generate self-signed certificate. This is done by the command:
openssl req -new -nodes -x509 -out smtpd.pem -keyout smtpd.pem -days 3650
OpenLDAP is an open implementation of LDAP, developed by the OpenLDAP project, distributed under its own free OpenLDAP Public License.
OpenLDAP consists of three main components:
In large organizations, mail servers and other services are often integrated with the Windows AD
Assume that we have Windows domain named the study.local and there is a special user mailadmin with the password mailadmin. And he has permissions to read from the LDAP tree. The domain controller has the address 192.168.0.10. Domain users must have aт attribute “mail” filled in. It should contain the mailing address of the user. Domain groups are created to work with mail aliases. They also fill in the attribute “mail”. Letters that arrive to such groups must be forwarded to all users who are their members.
User accounts can also be stored in the database. You can use PostgreSQL or Mysql for it.
Let’s use MySQL as a more popular option
Mysql configuring
Typically, you do not need to configure mail traffic routing. All messages will be routed automatically, according to MX records in the DNS of the recipient domain. But there are exceptions to this rule. Using the transport_maps option, you can explicitly specify the server to which the mail will be sent for the specific domain.
Sometimes it is necessary to create copies of messages and send them to another address. For this purpose, Postfix has a mechanism for creating hidden copies (bcc – blind carbon copy)
You can create these copies based on the sender or recipient addresses. To do this, you can use the sender_bcc_maps or recipient_bcc_maps parameters in the main.cf file.
RoundCube Webmail is a web-based IMAP email client. Roundcube's most prominent feature is the pervasive use of Ajax technology. After about two years of development, the first stable release of Roundcube was announced in early 2008. Roundcube is written in PHP and can be employed in conjunction with a LAMP "stack", or any other operating system that supports PHP are supported as well.
Roundcube is free and open-source software subject to the terms of the GNU General Public License (GPL) with exceptions for skins and plugins.
It is the second article from the "Mail Server Settings" cycle.
I'm starting to publish a series articles about Postfix and Dovecot mail server configuring.
Today will be the first part - Installation and basic configuration of Postfix and Dovecot.
I have a postfix-based mail server and SpamAssassin as an antispam. There was a task to view statistics to analyze the effectiveness of antispam and the mail server settings.
Sometimes when configuring servers you must configure RAID.
On branded servers they are often harware, but nonetheless, they often have to deal with a software raid.
Some ISPs provide get access to the Internet only for a specific MAC address.
You can manually change the MAC address and do not communicate with the provider for the change settings.
I know that it is possible to make an access point from a wi-fi card. Now I tried to set it up. Here is a description of my actions step by step.
I have old laptop Acer Aspire 5315.
OS— Kubuntu 11.10
Wi-Fi-card— Atheros. That's what lspci says about it
Ethernet controller: Atheros Communications Inc. AR242x / AR542x Wireless Network Adapter (PCI-Express) (rev 01)
Of course it have ethernet card too.
Let`s go...