Easy Install cbpolicyd On CentOS 7

I have encountered the situation when users have weak passwords and are guessed by spammers so valid accounts are used for SPAM. The solution they choose in case is the limitation of mails sent over a period of time.

1. Install dependencies on the application

yum install -y mariadb mariadb-server perl-Cache-FastMmap perl-Config-IniFiles

2. Download and install policyd rpm package and source files for setting up db.

wget https://download.policyd.org/v2.0.14/cluebringer-2.0.14-1.noarch.rpm
rpm -Uvh cluebringer-2.0.14-1.noarch.rpm
wget https://download.policyd.org/v2.0.14/cluebringer-v2.0.14.zip

3. Settings database.

unzip cluebringer-v2.0.14.zip
cd cluebringer-v2.0.14/database/

Prepare sql file

vim run.sh
for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql;
./convert-tsql mysql $i
done > policyd.sql

Change in file
sed -i 's/TYPE=InnoDB CHARACTER SET latin1 COLLATE latin1_bin//' policyd.sql

4. Create database and populate.
mysql -u root -p
create database policyd;
GRANT all on policyd.* to ‘policyd’@’localhost’ identified by ‘Your-password’;
mysql -u root -p policyd < policyd.sql

5. Configure cbpolicyd database on webui.conf

vim /etc/policyd/cluebringer.conf
config line like this

vim /etc/policyd/webui.conf
config line like this

6. Setup in your page policyd and postfix.
Access for config file
cd /var/www/html/
ln -s /usr/share/cluebringer/webui/ policyd

Now you need to create your apache access with vhosts.

Modify postfix
Add the following Postfix config setting in BOTH smtpd_recipient_restrictions and

smtpd_end_of_data_restrictions: check_policy_service inet:

It’s recommended to add these parameters first, i.e.:

smtpd_recipient_restrictions = check_policy_service inet:, permit_mynetworks, ..

You can check logs on /var/log/cbpolicyd.log and /var/log/maillog
Start service /etc/init.d/cbpolicyd start
[root@mail html]# systemctl enable cbpolicyd
cbpolicyd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig cbpolicyd on

How to install Shrew Cisco VPN client in Ubuntu 16.04

Source of inspiration  for this page: https://github.com/lmmx/devnotes/wiki/Installing-Shrew-Soft-VPN-on-Linux

First Step: prepare for instalation!

apt-get install g++
apt-get install build-essential linux-headers-$(uname -r)
apt-get install flex
apt-get install libedit2 libedit-dev
apt-get install bison
apt-get install cmake
apt-get install openssl
apt-get install qt-sdk

Second step: Download and install ike from Shrew.
Go to page https://www.shrew.net/download/ike and download last version !

Unpacking the package

tar -zxvf ike-2.2.1-release.tgz
cd ike
make install

Now finish
### Start IKE daemon
## /home/$user/Documents/Lucian/Linux/ike/script/linux/iked start

You need to start ike daemon.
Now start client:
qikea &

Enjoy !

Setup Vacation on Postfixadmin 3.2 Centos 7.x

This year we set up a new server with Postfixadmin 3.2 and I recently also had to set the vacation module.
I want to outline how I’ve solved the problem that appears on setup.

1. Install perl library dependancies:

yum install perl-Email-Valid perl-Email-Sender perl-Email-Simple perl-Test-Email perl-Try-Tiny perl-MIME-Charset perl-MIME-EncWords perl-Log-Log4perl perl-Log-Dispatch perl-Test-mysqld

For Debian:

apt-get installlibmail-sender-perl
libdbd-mysql-perl libemail-valid-perl libmime-perl liblog-log4perl-perl
liblog-dispatch-perl libgetopt-argvfile-perl libmime-charset-perl

2.  Add user and group, crete folder.
groupadd -r -g 65501 vacation
useradd -r -u 65501 -g vacation -d /var/spool/vacation -s /sbin/nologin vacation

mkdir /var/spool/vacation
cp /var/www/html/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation
chown -R vacation:vacation /var/spool/vacation

chmod -R 750 /var/spool/vacation/vacation.pl

3. Setup script.

vim /var/spool/vacation/vacation.pl

our $db_type = ‘mysql’;
our $db_username = ‘postfix’;
our $db_password = ‘yourdbpasswd’;
our $db_name = ‘postfix’;

our $vacation_domain = ‘autoreply.yourdomain.com’;

close file with :wq

Setup config.local.php
vim /var/www/html/postfixadmin/config.local.php

$CONF[‘vacation’] = ‘YES’;
$CONF[‘vacation_domain’] = ‘autoreply.yourdomain.com’;

4. Config vacation in postfix

vim /etc/postfix/master.cf


vacation unix – n n – – pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} — ${recipient}

( do not forget to add some space in front  “flags=….. ” )

Make sure you have this line in /etc/postfix/main.cf

transport_maps = hash:/etc/postfix/transport

vim /etc/postfix/transport

autoreply.domain.org    vacation:

Save file and close. After this:

postmap /etc/postfix/transport

Restart Postfix

systemctl restart postfix.service.

Follow these steps if you get an error in logs like this:

Aug 20 14:25:01 mail postfix/pipe[24086]: 43AF03E0B63: to=<lucian#domain.ro@autoreply.domain.ro>, orig_to=<lucian@domain.ro>, relay=vacation, delay=2, delays=1.4/0.01/0/0.56, dsn=5.3.0, status
=bounced (Command died with status 255: “/var/spool/vacation/vacation.pl”. Command output: Attribute (ssl) does not pass the type constraint because: Validation failed for ‘Bool’ with value “starttls” at
constructor Email::Sender::Transport::SMTP::new (defined at /usr/share/perl5/vendor_perl/Email/Sender/Transport/SMTP.pm line 200) line 98, <STDIN> line 38. Email::Sender::Transport::SMTP::new(‘Email::Sen
der::Transport::SMTP’, ‘HASH(0x433e128)’) called at /var/spool/vacation/vacation.pl line 474 main::send_vacation_email(‘lucian@domain.ro’, ‘lucian@domainsender.com’, ‘lucian@domain.ro’, ‘<b2f160c
a41b1e4773765ad634564ff1a@domainsender.com>’, 456, 0) called at /var/spool/vacation/vacation.pl line 657 )


vim /var/spool/vacation/vacation.pl

and change

our $smtp_ssl = ‘ssl’
our $smtp_ssl = ‘0’

Free SSL for web, easy way !

I want say very short steps to make you page secure SSL with “Let’s Encrypt


Our case, we consider a server where we have ssh access, and we can modify configuration files from apache and restart services.

First step, install certbot.
yum install certbot

Second, request key for you webpage:
certbot certonly –webroot -w /var/www/html/roundcubemail/ -d webmail.your-domain.com

If you run for the first time here, you will get some questions:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): postmaster@your-domain.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
(A)gree/(C)ancel: A

Next step you will get the key !

– Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2018-10-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Final step create you own VHOST config in web server.

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/webmail.your-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.your-domain.com/privkey.pem
ServerAdmin postmaster@your-domain.com
ServerName webmail.your-domain.com
DocumentRoot /var/www/html/roundcubemail
CustomLog /var/log/httpd/webmailssl_access.log common
ErrorLog /var/log/httpd/webmailssl_error.log

and restart you apache server:  systemctl restart httpd

Frecvente utilizate în Romania de operatorii de telefonie mobila!

Care sunt frecvențele utilizate de Orange România pentru retelele 2G, 3G si 4G ?

2G = 900 Mhz / 1800 Mhz
3G = 2100 Mhz / 900 Mhz
4G = 800 Mhz / 1800 Mhz / 2600 Mhz. Sursa

Care sunt frecventele pentru Vodafone ?
3G:900 si in orasele mari 2100
4G:800 și 1800 (mai ales 1800 ) [ 4G/LTE in benzile 3 si 20 (1800/800 Mhz). ]

Care sunt frecventele pentru Telekom ?
2G = 900 si 1800
3G = 900 și 2100
4G = 800, 900 și 1800

Care sunt pentru Digi ?
3G = 900Mhz si 2100Mhz
4G = banda 1 2100 Mhz FDD, banda 38 2600 Mhz TDD

O poza cu benzile în 4G în Romania, update 24.05.2018.

Network 4G Romania
Network 4G Romania

Redirect your visitors to SSL webpage!


After we’ve been able to get a free SSL certificate for our page now, we need to redirect to the SSL page.
According to Apache, the best way is to avoid using mod_rewrite !

< VirtualHost *:80 >
ServerName webmail.biotree.tk
Redirect "/" "https://webmail.biotree.tk/"
< /VirtualHost >

< VirtualHost *:443 >
    ServerName webmail.biotree.tk
    # ... SSL configuration goes here
< /VirtualHost >

I think this is the easiest way to redirect SSL from a non-SSL page.

How to activate Steempress plugin in WordPress !

A week ago, I posted on steemit.com a story about how to integrate wordpress with Blockchain steem. Here link!

Now I post from my blog that built with CMS wordpress where I installed and activated the stempress!

Let’s start with activating the steempres plugin.

As you can see in the picture you have to click on the “Activate” button and it should look like Stempress!

Now click on the settings and go to the activation menu.
Here we have to connect with the user and “Posting key” from the steem.
The “Posting key” is taken from our account on steemit.com.
Click on “SHOW PRIBATE KEY” to show your real key for login.  What you see at first time it’s not your real key.

Once you log in, it should look like this!
That’s all, when you post, you have the option of posting what you write on the blog or not on steem Blockchain. See picture!

I think this is the first wordpress written post that also appears on Steem blockchain.

I wish you an excellent day!

Postfix user sender resctriction

Hello all !

Today we want to restrict local user to send mail to more destinations!

1 First step

postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders'
postconf -e 'smtpd_restriction_classes = local_only'
postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'

2. Step 2 Then create the file /etc/postfix/restricted_senders which looks similar to this one:

user@ceae.info        local_only
lucian@ceae.info       local_only

3. Final step Afterwards create /etc/postfix/local_domains which should look similar to this:

ceae.info                  OK
domain.com                 OK
otherdomain.de             OK

After this restart your server postfix! Enjoy!
(Source https://www.howtoforge.com/community/threads/postfix-users-restriction.3947/ Thanks falko )

How to add repository to your Edge Router Lite!

Hello in new year 2018 !

Today we add repository to Edge router lite for install more apps used in cli mode.

Log with ssh to your edge router lite or with cli:


sudo bash

and paste next commands

set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy password ''
set system package repository wheezy url 'http://ftp.us.debian.org/debian/'
set system package repository wheezy username ''
set system package repository wheezy-backports components main
set system package repository wheezy-backports distribution wheezy-backports
set system package repository wheezy-backports password ''
set system package repository wheezy-backports url 'http://http.us.debian.org/debian'
set system package repository wheezy-backports username ''
set system package repository wheezy-updates components 'main contrib'
set system package repository wheezy-updates distribution wheezy/updates
set system package repository wheezy-updates password ''
set system package repository wheezy-updates url 'http://security.debian.org/'
set system package repository wheezy-updates username ''

after this type

apt-get update

Now you can install nmap.

apt-get install nmap

Enjoy !