The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,527 other followers

Archive for the ‘Linux’ Category

« Previous Entries

Default OpenSuSE Postfix main.cf forgets to configure SASL for cyrus…

Posted by jpluimers on 2019/04/15

If you see the below in your Postfix log when trying to test your config, then the SASL configuration is empty. Oddly that seems the default on OpenSuSE for a while now, despite it providing cyrus SASL out of the box.

Sep 15 14:30:07 katrien postfix/smtpd[12719]: fatal: bad string length 0 < 1: smtpd_sasl_path =
Sep 15 14:30:08 katrien postfix/master[12400]: warning: process /usr/lib/postfix/smtpd pid 12719 exit status 1
Sep 15 14:30:08 katrien postfix/master[12400]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Prior OpenSuSE versions had this in /etc/postfix/main.cf:

# SASL stuff
############################################################
smtp_sasl_auth_enable = no
smtp_sasl_security_options =
smtp_sasl_password_maps =
smtpd_sasl_auth_enable = no
#smtpd_sasl_path = private/auth
#smtpd_sasl_type = dovecot

Newer OpenSuSE versions have this:

# SASL stuff
############################################################
smtp_sasl_auth_enable = no
smtp_sasl_security_options =
smtp_sasl_password_maps =
smtpd_sasl_auth_enable = no
# cyrus : smtpd_sasl_type = cyrus, smtpd_sasl_path = smtpd
# dovecot : smtpd_sasl_type = dovecot, smtpd_sasl_path = private/auth
smtpd_sasl_path =
smtpd_sasl_type = 

Despite the newer having these installed:

# rpm -qa | grep cyrus
cyrus-sasl-crammd5-2.1.26-14.2.aarch64
cyrus-sasl-2.1.26-14.2.aarch64
cyrus-sasl-plain-2.1.26-14.2.aarch64
cyrus-sasl-digestmd5-2.1.26-14.2.aarch64
cyrus-sasl-gssapi-2.1.26-14.2.aarch64

Solution:

smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus

Since the values for both lines are default, you could even comment them out; see the documentation:

–jeroen

Via: [WayBackpostfix IRC logs [July 26 – 2007]

Posted in *nix, *nix-tools, Linux, openSuSE, postfix, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

crontab.guru – the cron schedule expression editor

Posted by jpluimers on 2019/04/12

Confused by crontab expressions? Me too, so I was happy to find: At minute 3 past every 12th hourcrontab.guru – the cron schedule expression editor.

It has a [WayBack] truckload of common crontab expressions, but more importantly allows you to live edit one, then explains in human terms what it means and when the schedule runs next.

If you like a step by step cron configurator, then you can try [WayBackCron Job Generator by GenerateIt.net but need to note it cannot interpret a cron expression.

–jeroen

Posted in *nix, *nix-tools, cron, Linux, Power User | Leave a Comment »

Passwordless SSH

Posted by jpluimers on 2019/01/22

Note: if the system you SSH from is ever compromised, then assume the passwordless targets are also compromised!

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP, Tumbleweed | Leave a Comment »

National Cyber Security Centre publish Ubuntu 18.04 LTS Security Guide | Ubuntu blog

Posted by jpluimers on 2019/01/18

For my link archive: [WayBack] National Cyber Security Centre publish Ubuntu 18.04 LTS Security Guide | Ubuntu blog

Via: [WayBack] A new best practice guide for hardening #Ubuntu Desktop 18.04 from the National Cyber Security Centre (part of UK gov): https://blog.ubuntu.com/2018/07… – Will Cooke – Google+

–jeroen

Posted in *nix, Linux, Power User, Ubuntu | Leave a Comment »

Testing SMTP from the console on Linux, BSD and Mac OS: swaks and smtp-cli Perl script clients

Posted by jpluimers on 2019/01/03

Testing SMTP using telnet is tedious as you have to remember the commands and responses in the SMTP protocol. It gets even harder when doing SMTP AUTH, as then you have to base encode a bunch of strings [WayBackHow to Test SMTP AUTH using Telnet [Wiki] | NDCHost

Luckily there is a Perl script swaks: [WayBackSwaks – Swiss Army Knife for SMTP which does ESMTP and LMTP as well as TLS.

The funny thing is that the repository at jetmore/swaks: Swaks – Swiss Army Knife for SMTP only has the readme, but the not the script which you can get from [WayBack] swaks.pl.

Despite that, most Linux distributions have an installation package.

[WayBackswaks for OpenSuse is in the [WayBacknetwork repository, so for Tumbleweed (actually: Factory) on Raspberry Pi you need to perform this:

zypper addrepo http://download.opensuse.org/repositories/network/openSUSE_Factory_ARM/network.repo
zypper refresh
zypper install swaks

On Mac OS X it is even easier: if you have the homebrew package manager installed, you just install the [WayBackswaks formula using the [WayBack] swaks.rb script:

brew install swaks

Note there is also the smtp-cli Perl script which I mentioned before at Fake/Mock SMTP servers and services for use during development, which also does TLS, but few environments have ready built packages for them. If you still want to try it out:

For SMTP AUTH:

swaks -tls --to jeroen.wiert.me@pluimers.com --from jeroen.wiert.me@pluimers.com --server smtp.xs4all.nl --auth-user username

Which prompts for the password, then outputs like this:

=== Trying smtp.xs4all.nl:25...
=== Connected to smtp.xs4all.nl.
<- 220 smtp-cloud3.xs4all.net ESMTP ESMTP server ready -> EHLO rmbpro1tbjwp
<-  250-smtp-cloud3.xs4all.net hello [188.206.68.219], pleased to meet you
<-  250-HELP
<-  250-AUTH LOGIN PLAIN
<-  250-SIZE 157286400
<-  250-8BITMIME
<-  250-STARTTLS
<- 250 OK -> STARTTLS
<- 220 Ready to start TLS === TLS started with cipher TLSv1:DHE-RSA-AES256-SHA:256 === TLS no local certificate set === TLS peer DN="/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.xs4all.nl" ~> EHLO rmbpro1tbjwp
<~  250-smtp-cloud3.xs4all.net hello [188.206.68.219], pleased to meet you
<~  250-HELP
<~  250-AUTH LOGIN PLAIN
<~  250-SIZE 157286400
<~  250-8BITMIME
<~ 250 OK ~> AUTH LOGIN
<~ 334 ############ ~> anA=
<~ 334 ############ ~> ############################
<~ 235 ... authentication succeeded ~> MAIL FROM:<jeroen.wiert.me@pluimers.com>
<~  250 <jeroen.wiert.me@pluimers.com> sender ok
 ~> RCPT TO:<jeroen.wiert.me@pluimers.com>
<~  250 <jeroen.wiert.me@pluimers.com> recipient ok
 ~> DATA
<~ 354 enter mail, end with "." on a line by itself ~> Date: Wed, 19 Jul 2017 09:09:57 +0200
 ~> To: jeroen.wiert.me@pluimers.com
 ~> From: jeroen.wiert.me@pluimers.com
 ~> Subject: test Wed, 19 Jul 2017 09:09:57 +0200
 ~> Message-Id: <20170719090957.052207@rmbpro1tbjwp>
 ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
 ~> 
 ~> This is a test mailing
 ~> 
 ~> .
<~ 250 smtp-cloud3.xs4all.net accepted mail mXA71v00C4jr6ac01XA9Bo for delivery ~> QUIT
<~  221 smtp-cloud3.xs4all.net ESMTP closing connection
=== Connection closed with remote host.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Hardware Development, Internet protocol suite, Linux, openSuSE, Power User, Raspberry Pi, SMTP, SuSE Linux, Tumbleweed | Leave a Comment »

« Previous Entries
 
%d bloggers like this: