Banner day for scamming.

August 3rd, 2018

Two scams that are in the news hit our household today.

The first was a sextortion email. This one was a copycat though, since it had an an email address that was obviously found through a hack (vendorname@wellgolly.com), but they didn’t have the password to prove that they’d been monitoring the webcam.

And then I got to talk to a “Microsoft Security Team” member that was informing me that the internet on my computer was illegal. I tried to get him to clarify what he meant by expressing confusion about how the internet was on my computer, since as far as I know, it is outside my house, but I wasn’t able to string him along. And just for a point of reference, we only use Macs, iPads, and iPhones here, so there was no way that they detected “Illegal internet activity on my Windows”.

Getting Exim4 running on a new server

July 6th, 2018

We’ve always kept our virtual domains in /etc/mail/virtuals and I was under the impression it was the default location. It isn’t.

I don’t remember adding this code when I set up Exim4 on my Linode server, but it is missing on my Digital Ocean server. I needed to add the folowing lines to exim4.conf.template, just above the line system_aliases: in the router section.


virtual_domains:
  driver = redirect
  domains = dsearch;/etc/mail/virtuals
  data = ${lookup{$local_part}wildlsearch{/etc/mail/virtuals/$domain}}
  allow_fail
  allow_defer
  file_transport = address_file

I also missed the step of creating the self-signed key and cert, so make sure you do that as well.

The documents have lots of special cases for handling email that I never used, but one could come in handy. An attempt to deliver to a particular local part can be deferred or forced to fail by aliasing the local part to
:defer:
or
:fail:

So you could do something like this, since spammers use this address all the time.
support: :fail:

One thing we never did in the virtuals file is to send a comment for addresses that bounce, but it could come in handy. e.g

X.Employee: :fail: Gone away, no forwarding address
support: :fail: Please use the contact form on our website if you have support questions.

RIGHT OUTER JOIN example

July 5th, 2018

Another simple query. I have a list of vocabulary words with their definitions. I found a usage that clearly expressed the meaning of the word and put it in a different table. When I was nearly done I wanted to make sure that all of the words had at least one usage example. This is the code that does it.


SELECT words.word, words_usage.word
FROM words_usage 
RIGHT OUTER JOIN words 
ON words_usage.word = words.word 
WHERE words_usage.word IS NULL 
ORDER BY `words_usage`.`word` ASC

Getting Dovecot running on a new server.

June 24th, 2018

I followed these Dovecot installation instructions and everything appeared to work, but I couldn’t get mail. I went into my mail client and retyped the password. I got an error message when it tried to verify the server saying that I had an invalid certificate.

I tried getting a standalone certificate using certbot, but my attempt failed. It turns out that you need to stop apache before running certbot with the standalone command. Then run:


sudo certbot certonly --standalone --preferred-challenges http -d mail.mymaildomain.com <code>

This puts a new certificate just for mail in the /etc/letsencrypt/live/mail.mymaildomain.com directory. You need to tell Dovecot where to find the certificate by editing the SSL file.

Look for these lines near the top of the file.


#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem

Configure Dovecot

Dovecot’s SSL configuration is done in an auxiliary file located at /etc/dovecot/conf.d/10-ssl.conf. In here you’ll find two parameters that need to be changed: ssl_cert and ssl_key. Like postfix, dovecot will need the full certificate chain to present to clients for validation.

Edit the configuration file to point to the new certificates. Be sure to include the leading < before the file path, this is what tells dovecot to read from a file rather than use the value literally.


ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem

The only other issue I had was with the mail_location. I must have picked mbox format when the messages are in Maildir format. I changed this line in 10-mail.conf.


mail_location = maildir:~/Maildir

Notes on testing domains while migrating to a new server.

June 18th, 2018

When moving sites to a new server, you can test each one by replacing the DocumentRoot in the 000-default.conf file with the directory containing each site. You might want to do some site tweaking and changing the location for each site can get tedious after a while. The solution is to set up Apache to test virtual servers without domain names. The first step is to edit the /etc/hosts file on the computer that you will be using to visit the sites. Add the sites you wish to test and the IP address at the end of the file.


142.255.228.33 firstsitetotest.com
142.255.228.33 secondsitetotest.com
...
142.255.228.33 lastsitetotest.com

You don’t need to reboot your computer or reload the file to get it to work.

Next, edit the 000-default.conf file in /etc/apache2/sites-available/
I keep my site files in the /www directory.


 <VirtualHost firstsitetotest.com:80>
    ServerName www. firstsitetotest.com
    DocumentRoot /www/firstsitetotest

 </VirtualHost>

<VirtualHost secondsitetotest.com:80>
    ServerName www.secondsitetotest.com
    DocumentRoot /www/secondsitetotest

 </VirtualHost>
...
 <VirtualHost lastsitetotest.com:80>
    ServerName www. lastsitetotest.com
    DocumentRoot /www/lastsitetotest

 </VirtualHost>

Reload Apache with sudo systemctl reload apache2 and test your config with sudo systemctl status apache2

If the sites currently exist, you should make a small change in the main file to make sure you are being redirected to the new site.

Well Golly


Atheism Plus

Buy from Amazon