diff --git a/DMARC status in Norway.md b/DMARC status in Norway.md new file mode 100644 index 0000000..cbb5e84 --- /dev/null +++ b/DMARC status in Norway.md @@ -0,0 +1,9 @@ +# DMARC status in Norway + +After installing the new mailserver, I configured and started using opendmarc as yet another measure to stop the ever increasing amount of spam. + +I currently have 3 smtp-milters on my setup: DKIM, Spamassassin and DMARC. After a while my wife was complaining that she did not receive expected emails from certain providers. After doing som grepping in the maillog (`cat mail.log | grep opendmarc | grep -v 'socket\|Auth\|localhost' | grep 'fail'`) I found that quite a lot of the norwegian providers did not have DMARC set up. + +So I tried to whitelist them using `DomainWhitelistFile` and `DomainWhitelist`. But as there was a very lacking documentation on these, and I could not find anything about the format on the list, I gave it up, and just used `IgnoreMailFrom`. This way you can just have a comma-separated list of domains you just ignore. It's not a preferable solution, but I had to do it because of still having enough WAF. + +There is a website dedicated to list providers in Norway that does not have proper DMARC setup: [DMARC-status](https://dmarcstatus.no/). \ No newline at end of file diff --git a/Fiddling with Nextcloud.md b/Fiddling with Nextcloud.md new file mode 100644 index 0000000..fe29de6 --- /dev/null +++ b/Fiddling with Nextcloud.md @@ -0,0 +1,75 @@ +# Fiddling with Nextcloud + +Nextcloud seems like a good idea for storing documents, but I think the whole user experience is a bit "meh". All UI-elements are a bit slow, and things seems a bit sluggish. Nevertheless, here I go. + +First of all. I have taken my old work laptop and installed Ubuntu Server 23.01. There is nothing like living on the bleeding edge. After that I installed docker on top of this, and crammed portainer-agent into this mess. Well, it worked quite smoothly, and so I carried on. + +First of all I needed a database on this, and I used `mariadb:latest` and made a short `docker-compose.yaml` to get this up and running: + +``` +version: '3' +volumes: + data: +services: + db: + image: mariadb + environment: + MYSQL_ROOT_PASSWORD: + MYSQL_DATABASE: + MYSQL_USER: + MYSQL_PASSWORD: + volumes: + - data:/var/lib/mysql + ports: + - "3306:3306" +``` + +And, voila, I was up and running with mariadb. Next up was Nextcloud. + +Since this laptop does not have a serious amount of storage (250GB), I decided to mount.nfs my OpenMediaVault-nfs to the server. I made the mountpoint, and edited `/etc/fstab` and did a `mount -a` and all was happy. After that I had to start up the Nextcould-container and dug into it to find where to mount the correct filestorage to get more storagespace in Nextcloud. After a bit of fiddling around, I found that `/var/www/html/data` was the correct sweetspot. Lo and behold, a docker-compose.yaml: + +``` +version: '2' + +volumes: + nextcloud_data: + +services: + nextcloud: + image: nextcloud + restart: always + ports: + - 8080:80 + volumes: + - nextcloud_data:/var/www/html + - /nfs/dockerstation/nextcloud:/var/www/html/data + environment: + - MYSQL_PASSWORD= + - MYSQL_DATABASE= + - MYSQL_USER= + - MYSQL_HOST=example.home.arpa +``` + +Before I forget it; I had to get into mariadb and create the database and the user, and I had to give the user full rights on the database in question. + +Things started as expected, and I did some tweaking and adjusting. After that I needed to put Nextcloud behind a reverse proxy to get https in front of it. I fixed the reverse proxy (HA-Proxy) in my pfSense-fw, and nothing worked.... + +After a bit of googling, I found out that Nextcloud has to be told that it is behind a reverse proxy. The file you have to edit is `/var/www/html/config/config.php` and add/adjust this: + +``` + 'trusted_domains' => + array ( + 0 => '', + ), + 'trusted_proxies' => + array ( + 0 => '', + ), + 'overwrite.cli.url' => 'https://', + 'overwriteprotocol' => 'https', + 'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'], +``` + +After this, everything seems OK. + +I tried to integrate calendar, mail and contacts with Google, but those things worked like a glued rat. Things where awfully slow and buggy. So I ended up disabling all those apps, and decided to test Nextcloud as a Document storage, and editor-on-the-go. Wish me luck, and I will be making updates about the progress in later posts. \ No newline at end of file diff --git a/Mail (OLD).md b/Mail (OLD).md new file mode 100644 index 0000000..e4534d9 --- /dev/null +++ b/Mail (OLD).md @@ -0,0 +1,15 @@ +# Mail + +Last night i migrated mailservers for my private domains. It was a pretty straightforward process. First of all I used these guides on the internet to setup a mailserver with virtual mailboxes, DKIM, DMARC, AMAVIS, Spamassassin and so on. +- https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf +- https://www.linuxbabe.com/mail-server/create-dmarc-record +- https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto +- https://www.linuxbabe.com/mail-server/postfixadmin-ubuntu +- https://www.linuxbabe.com/mail-server/postfix-amavis-spamassassin-clamav-ubuntu + +Then I had to rsync the mail over to the new server `rsync -azv -e 'ssh -p22' --progress /var/vmail/// root@:/var/vmail///Maildir` for all ``s and ``s. I ran this on the old server. +And I ran this in cron every 10 minutes while fixing DNS. The way I did it in DNS was to setup the new sever as a backup MX, and wait for the DNS change to propagate out to the internet. + +When the change had propagated I stopped postfix and dovecot on the old server, and stopped the rsync job in cron. I ignored the risk that I might loose a couple of mail messages. It should not happen, but anyways. + +After a short while the mails started arriving on the new server, but the old server is not shut down, since there might be stuff there which I might want to keep. \ No newline at end of file diff --git a/My equipment.md b/My equipment.md new file mode 100644 index 0000000..fe89f68 --- /dev/null +++ b/My equipment.md @@ -0,0 +1,39 @@ +# My equipment + +### The list :smiley: + +- **An old gaming PC which is refurbished as a ProxMox-server** + - CPU: Intel(R) Core(TM) i7-4790 + - RAM: 4 sticks of DDR3 Synchronous 1600 MHz. Total 32GB + - HDD: ADATA SU630 223GiB - WDC WD10EZRX-00L 931GiB - ST1000DM003-1CH1 931GiB - WDC WD10EZRX-00L 931GiB +- **An old NUC (Hp prodesk 600 g1 dm i5) running Home Assistant** + - CPU: Intel core i5 4570t + - RAM: 16GB + - HDD: 128GB SSD +- **An old thin client (HP thin client t620) running Unifi Network Controller** + - CPU: AMD GX-217GA + - RAM: 8GB + - HDD: 128GB M.2 +- **My workstation.** + - CPU: 11th Gen Intel(R) Core(TM) i7-11700K + - RAM: 2 sticks of KHX3200C16D4/16GX. Total 32GB + - GPU: ASUS GeForce RTX 3070 Ti TUF OC + - HDD: Corsair MP600 CORE NVMe 931GiB - KINGSTON SV300S3 223GiB +- **Work laptop (Dell XPS 13 Plus 9320)** + - CPU: Intel Core I7 I7-1260P + - RAM: 32GB + - HDD: NVMe disk 1000GiB +- **Old work laptop (HP EliteBook 830 G5)** + - CPU: i7-8550U + - RAM: 16GB + - HDD: SSD 256GiB +- **Even older work laptop (HP Elitebook 820 G2)** + - CPU: i5-5300U + - RAM: 16 GB + - HDD: SSD 128GB +- **3 Raspberry pi 3B+ running different kinds of testing software** +- **1 Raspberry pi Zero W running Node Red for my brewing software** +- **1 Raspberry pi 3B+ with ClusterHAT + 4 * Raspberry pi Zero** +- ~~1 Raspberry pi 2B (Retired)~~ +- ~~1 Raspberry pi 1B+ (Retired)~~ +- **A bunch of ESP32 and ESP8266 running different kinds of firmware related to Home Assistant functions and sensors.** \ No newline at end of file