sendmail & dovecot: how do you work…

Matthew Heick Leave a comment

So, I currently have the following on my VPS so that I can properly run my own mail server:

  • sendmail: for SMTP mail
  • dovecot: for POP3 mail

When I set them up, I made it so that I could emulate what I originally had through phpwebhosting.com, which was basically “all mail gets forwarded to one mail box, then that mail box is downloaded.”

So, since I use an internet service that prevents Port 25 connection, it renders my sendmail ability null and void.

I do know that I need to get TLS up and running so I can use that to connect to instead of standard SMTP to relay mail. I just need to figure out how to setup the mail servers again and how to configure it up so I don’t interrupt my production setup already. Sooo….

Lets get things installed:

As usual, I use a minimal-installed Centos 6.8 system, yum upgraded, and no additional users. According to my documentation, i’ll need 3 things to yum install:

  • dovecot – a secure and highly configurable IMAP and POP3 server
  • sendmail – an electronic mail transport agent
  • saslauthd – sasl authentication server

We need dovecot as the retrieval mechanism, and it won’t be configured just yet.

We need sendmail to …. send email.

We need saslauthd so that we can AUTH our sendmail instance, which allows us to not mail-proxy the world.

[root@mailboy ~]# yum install sendmail sendmail-cf cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain dovecot
Package cyrus-sasl-2.1.23-15.el6_6.2.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package sendmail.x86_64 0:8.14.4-9.el6_8.1 will be installed
--> Processing Dependency: procmail for package: sendmail-8.14.4-9.el6_8.1.x86_64
--> Processing Dependency: libhesiod.so.0()(64bit) for package: sendmail-8.14.4-9.el6_8.1.x86_64
--> Running transaction check
---> Package sendmail-cf.noarch 0:8.14.4-9.el6_8.1 will be installed
--> Running transaction check
---> Package hesiod.x86_64 0:3.1.0-19.el6 will be installed
---> Package procmail.x86_64 0:3.22-25.1.el6_5.1 will be installed
--> Running transaction check
---> Package cyrus-sasl-devel.x86_64 0:2.1.23-15.el6_6.2 will be installed
---> Package cyrus-sasl-gssapi.x86_64 0:2.1.23-15.el6_6.2 will be installed
---> Package cyrus-sasl-md5.x86_64 0:2.1.23-15.el6_6.2 will be installed
---> Package cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2 will be installed
---> Package dovecot.x86_64 1:2.0.9-22.el6 will be installed
--> Processing Dependency: portreserve for package: 1:dovecot-2.0.9-22.el6.x86_64
--> Running transaction check
---> Package portreserve.x86_64 0:0.0.4-11.el6 will be installed
--> Finished Dependency Resolution

Installed: sendmail.x86_64 0:8.14.4-9.el6_8.1 cyrus-sasl-devel.x86_64 0:2.1.23-15.el6_6.2 cyrus-sasl-gssapi.x86_64 0:2.1.23-15.el6_6.2 cyrus-sasl-md5.x86_64 0:2.1.23-15.el6_6.2 cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2 dovecot.x86_64 1:2.0.9-22.el6

Dependency Installed:
 hesiod.x86_64 0:3.1.0-19.el6 procmail.x86_64 0:3.22-25.1.el6_5.1 portreserve.x86_64 0:0.0.4-11.el6

Complete!

And that takes care of 99% of everything we need! Just need to make sure we have our services:

[root@mailboy ~]# service sendmail status
sendmail is stopped
sm-client is stopped
[root@mailboy ~]# service dovecot status
dovecot is stopped
[root@mailboy ~]# service saslauthd status
saslauthd is stopped
[root@mailboy ~]#

Bingo!

Configuring Sendmail:

This…this is a pain in the ass. Get to /etc/mail, which is where sendmail claims its territory.

So, the first thing we need to do is /know/ what we need to do. This can be pretty hard and daunting at the start, but i’ve seemed to break this down to a couple steps.

Some configuration files are easy, plain-texty-types. Others are “learn M4, make, compile, pray”.

local-host-names: Easy plain-text list of all domains you are accepting mail from. There shouldn’t really be much aside from “Edit with favorite editor, then edit more and more”. A sample entry is as easy as derpydoodles.com

virtusertable: This is the “who gets what mail, and where mail can go to” configuration. Before digging into this, I created a linux postyman user to have all domains listed in the local-host-names dump their mail to. Seemed pretty easy. The configuration to place into this file ended up being:

# http://www.yolinux.com/TUTORIALS/Sendmail.html
# File /etc/mail/virtusertable (Optional) Allows the separation of emails by domain. i.e. greg@domain1.com and greg@domain2.com go to two different users greg1 and greg2.
# webmaster@domain-1.com dave
# webmaster@domain-2.com john
# john@domain-2.com john
# @domain-2.com error:nouser User unknown
# @domain3.com mathew
# The second column is the local user, a remote forwarding email address or a mailing list entry in /etc/aliases.
########################################
# NOTE: Check /etc/aliases to make sure that you dont use one there before putting it here
########################################
# Make all email to all domains below go to postmaster.

@derpydoodles.com postyman

After this configuration is done, we have to “build the database!”. This is sort-of easy:

makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable

sendmail.mc: This is a son-of-a-doggie.

So, the first thing is to get Authentication rolling up. I’ve copy/pasted the changes necessary to get “AUTH LOGIN” working for sendmail:

Uncomment:

dnl #
 dnl # The following allows relaying if the user authenticates, and disallows
 dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
 dnl #
 define(`confAUTH_OPTIONS', `A p')dnl
 define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
 TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

Comment and Add:

dnl # TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 dnl # define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 define(`confAUTH_OPTIONS', `A')dnl
 define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
 TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
 dnl #

Comment and Modify:

dnl # The following causes sendmail to only listen on the IPv4 loopback address
 dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
 dnl # address restriction to accept email from the internet or intranet.
 dnl #
 dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
 DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl
 dnl #

And finally, allow the extra port for funsies:

DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl

And then we need to “compile” this out…

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Start some services:

[root@mailboy mail]# service saslauthd start
Starting saslauthd: [ OK ]
[root@mailboy mail]# service sendmail start
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@mailboy mail]#

And testing:

 

How to build an RPM from scratch with Centos 6.8

Matthew Heick Leave a comment

I’ve been completely curious on how to actually build an RPM for Redhat/Centos from since…well, I knew they existed. There are many articles out there on the interwebs, but I felt it necessary to dig on out and get it going from conception to death.

Virtual Hardware and Software:

To start, i’m gonna use Oracle VM Virtualbox (currently at 5.0.26 r108824) and a Centos 6.8 Minimal install. What better way to start this than from nothing.

I created the VM with 1GB of RAM and the standard 8GB Virtual Hard Drive. Made some minor modifications to the VM such as:

  • Disabled the Audio
  • Enabled NIC1 and bridged it to my Ethernet Adapter
  • Disabled the USB Controller

I mounted the ISO and booted it up for the install.

Operating System Installation:

Clicking Start >, I skipped media testing and sailed into Anaconda. I accepted all default options except for allowing my Network Interface to be configured On and DHCP enabled. This saves me configuration options later on for /etc/sysconfig/networking-scripts and /etc/resolv.conf. Made roots password, well, password, since i’ll be sudo’ing a user for good measure. 205 packages later I have my system ready to be SSH’d into.

First Boot:

Once everything was installed and configured from Anaconda there was a bit of cleanup I like to do. It’s not required on every installation, but it helps me do things in my development environments without issues later on.

More updates:

At the time of this writing, with a fresh ISO you still need to belt out a yum upgrade. There exists 1 package to install, 27 to upgrade, and 76M of data to download. Best to get this out of the way before changing system configurations and having them reset back to basics. shutdown -r now, and we’re back in business.

Disabling selinux:

Fairly easy to do, and there is a plethora of documents on the interwebs to do it. All done as root:

vi /etc/selinux/config
SELINUX=permissive

Firing the firewall:

Cleanly shutting off iptables just helps in debugging local and remote connection issues. Good thing we won’t come into this with making our RPMs, but I might want to use this development machine later on and I don’t want to have to assume I did it when debugging issues. All done as root:

service iptables save
service iptables stop
chkconfig iptables off

Making myself useful:

Still have to do the basic administration, and create my user and give it some god-like sudo permissions:

adduser mheick
passwd mheick
visudo
mheick ALL=(ALL) ALL

Finally, we do some minor shell-related things like setting our TERM=xterm-256color and finding out our ip address so we can SSH into it to get this party started.

Finding and following instructions:

So, we need a couple things that do not come with the minimum install to prepare for this journey:

1 – We need a user that we will /use/ to build things with. We’re gonna create one called builder:

sudo adduser robertbuilder
sudo passwd robertbuilder

2 – We are going to need rpm-build, devtools and their dependencies:

sudo yum install rpm-build rpmdevrools

Our data:

We’re gonna be a good sport and create some test data, and go ahead and tar it up:

mkdir data
chdir data
touch main
touch final
touch one
tar -czf myfirstrpm.tar.gz

This creates myfirstrpm.tar.gz, which we will use to extract these junky files somewhere.

Before making a .spec file, we must be prepared:

The heart and soul of an RPM is this specific file. It contains all the instructions on /what/ to do with the contents of the RPM, where to install things, what to say, etc. We’re going to start off getting our RPM over in robertbuilder‘s home folder, passing along ownership, and then becoming robertbuilder to continue on.

sudo cp myfirstrpm.tar.gz /home/robertbuilder/
sudo chown robertbuilder:robertbuilder /home/robertbuilder/myfirstrpm.tar.gz
sudo su robertbuilder

Our builder user needs a folder structure in order to store our files, test out our RPMs, store our other files, and do testing and funsies. We use what we’re given.

rpmdev-setuptree

This creates the ~/rpmbuild/(BUILD|RPMS|SOURCES|SPECS|SRPMS) folders so that we can actually make this build happen.

Getting the .spec into it

We need to hope into the ~/rpmbuild/SPECS folder and execute our spec-template creator

rpmdev-newspec myfirstrpm

This creates a basic .spec:

Name: myfirstrpm
Version:
Release: 1%{?dist}
Summary:

Group:
License:
URL:
Source0:

BuildRequires:
Requires:

%description


%prep
%setup -q


%build
%configure
make %{?_smp_mflags}


%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT


%clean
rm -rf $RPM_BUILD_ROOT


%files
%defattr(-,root,root,-)
%doc

%changelog

We’re going to modify lines in that so that we can properly install our myfirstrpm.tar.gz

Now, we need HAAAALP!:

No worries. We have centos.org documentation!

New Years Resolutions!

Matthew Heick Leave a comment

Another year, 2015, has gone by!

I have therefore created my LONG, LONG list of new years resolutions:

  1. Get a bit of a daily workout. Specifically, moving arms and legs.
  2. Oral Hygiene needs improvement from once a day to twice a day.
  3. Learn to sing “In Tune”.
  4. Clearing my credit report.
  5. Digitally Archive my memories, pictures, documents, etc, so I can feel comfortable in forgetting.
  6. Try to take over the world.

 

And much like last year, I’m hoping to accomplish most if not all this list.

Cluster-Fk’n-Headaches

Matthew Heick Leave a comment

Yes, Cluster Headaches.

This morning my alarm goes off at 6:09am of which I could feel the approaching of the common pain in the left hemisphere. I naturally hit the alarm, downstairs, grabbed some water and drank some, ran back upstairs and passed back out, mumbling that I needed to sleep a bit more.

I fiercely woke again at 8:20am with a roaring scream, the pain storming the entire left side of my cranium. I stumbled downstairs and made it into the bathroom, the light piercing my left eyelid and causing me to tilt to port. I threw the hot water on in the shower, stripped down to nothing, and proceeded to sit in the tub while the water beat my hair over my face. I sit for what I felt was an hour in the rushing water, nothing disorientation and water. I managed to gain a moment of reprieve, standing out of the shower enough to dry off and get a new set of clothing on before grabbing some water and bumbling back upstairs.

Lying in bed again, my stomach started to feel. It was a wierd feel, too, and the water I had consumed ended up making it into a bucket beside my bed. Throughout all the pain, stumbling, moving, vomiting, I had passed back out.

WebMD gives it the following helpfulness:

The term “cluster headache” refers to a type of headache that recurs over a period of time. People who have cluster headaches experience an episode one to three times per day during a period of time (the cluster period), which may last from two weeks to three months. People who suffer from cluster headaches get them at the same time each year, such as the spring or fall.

A cluster headache typically awakens a person from sleep one to two hours after going to bed. These nocturnal attacks can be more severe than the daytime attacks. Attacks appear to be linked to the circadian rhythm (or “biological” clock). Cluster headaches can be more intense than a migraine attack but fortunately do not last as long as a migraine headache.

The headaches may disappear completely (go into “remission”) for months or years, only to recur without any warning.

So, that’s it. My “remission” period is gone and my term has started again. I used to track this on a spreadsheet to track the frequency and guesstimate when the next episode was going to be. I had since lost that, which was unfortunate when I went to look for it and found a MOUNTAIN of old google documents that I never remembered.

I had originally blamed my old cigarette smoking habit on the cause of this, but after my 12 April “Stop” date I haven’t consumed any nicotine and have significantly cut down my caffeine intake to the point of “no cream, no sugar, black coffee”.

I even found my injections of Sumavel Dosepro, which should have been discarded on 16 August 2015 after being filled a year before when these Cluster Headaches last came to light. I have 2 full injections of them, and I bought them at $50 each (that’s without copays cause insurance doesn’t cover), and I finally needed them and…..ugh….

Cluster fk’n headaches.

Sethbling, Sethbling, wherefore art thou Mario

Matthew Heick Leave a comment

This has been quite an interesting series of Youtube videos. Allow me to explain:

It started off with a Fark article lovingly entitled Guy creates an artificial intelligence that learns how to play and beat a Super Mario Bros. level, of which the guy was the one and only Sethbling. Sethbling has been an amazing staple in the Minecraft community, and previously unknown to me is also a Super Mario Brothers speed runner.

He explains MarI/O (Mar + I/O, for those keeping up), in which he uses an emulator, some LUA, and a method of artificial intelligence to play and finish the first level of Super Mario Brothers.

The actual article from the University of Texas and the subsequently linked Wikipedia Pages (NeuroevolutionEvolutionary Algorithm, and Artificial Neural Network) are excellent readings.

This led me to the Credits Warp method. For speed runners, their goal is to finish the game as soon as possible, and with the Credits Warp this method is now the fastest.

The whole “Credits Warp” got me thinking about how this was actually done, so I found an amazing explanatory video on this specifically.

Rewriting a SNES using the console controller sounded amazing, and led to the next video on the list from tasvideos (the explanation) and the tasvideo where arbitrary code was executed for an amazing result (Starts at 32:00):

So, now i’m chilling with an amazing TAS execution of Super Mario World being fully run, and it’s pretty cool to see how people could just let computers do their thing.

https://www.youtube.com/watch?v=C9Y2voAvVz4