Postfix user sender resctriction

Hello all !

Today we want to restrict local user to send mail to more destinations!

1 First step

postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders'
postconf -e 'smtpd_restriction_classes = local_only'
postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'

2. Step 2 Then create the file /etc/postfix/restricted_senders which looks similar to this one:

user@ceae.info        local_only
lucian@ceae.info       local_only

3. Final step Afterwards create /etc/postfix/local_domains which should look similar to this:

ceae.info                  OK
domain.com                 OK
otherdomain.de             OK

After this restart your server postfix! Enjoy!
(Source https://www.howtoforge.com/community/threads/postfix-users-restriction.3947/ Thanks falko )

How to add repository to your Edge Router Lite!

Hello in new year 2018 !

Today we add repository to Edge router lite for install more apps used in cli mode.

Log with ssh to your edge router lite or with cli:

type

sudo bash

and paste next commands

set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy password ''
set system package repository wheezy url 'http://ftp.us.debian.org/debian/'
set system package repository wheezy username ''
set system package repository wheezy-backports components main
set system package repository wheezy-backports distribution wheezy-backports
set system package repository wheezy-backports password ''
set system package repository wheezy-backports url 'http://http.us.debian.org/debian'
set system package repository wheezy-backports username ''
set system package repository wheezy-updates components 'main contrib'
set system package repository wheezy-updates distribution wheezy/updates
set system package repository wheezy-updates password ''
set system package repository wheezy-updates url 'http://security.debian.org/'
set system package repository wheezy-updates username ''

after this type

apt-get update

Now you can install nmap.

apt-get install nmap

Enjoy !

Update Centos 6.x to 6.9 and fail connect to Openvpn!

This week update to last vesion of centos 6.9 and find Openvpn do not work.

Error: ERROR: depth=0, error=certificate signature failure:
OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

RHEL 6.9 / Centos 6.9 remove Deprecated Insecure Algorithms and Protocols link.

More info: CentOS 6.9 Release Notes

Solution 1:  Remove old keys from your Openvpn server and create new key.
Solution 2: Add exception for keys you have now but don’t forget to change keys in soon as posible.

Exception:

echo -e “LegacySigningMDs md2 md5\nMinimumDHBits 512\n” >> /etc/pki/tls/legacy-settings
service openvpn restart

Enjoy for today !

Adding the new MySQL user with access in database and just one table!

Q: I would like to know how to give permission to the database user logged in to access only one table and not whole database?
A: 1. Create user:
CREATE USER 'userlimit'@'%' IDENTIFIED BY 'NewPassword';
2. Now run the following to grant the SELECT privilage to the table and database selected ( where you wish ).
GRANT SELECT ON database_name.table_name TO 'userlimit'@'%';
Enjoy!

Test:
MariaDB [database_name]> select * from loturi;
ERROR 1142 (42000): SELECT command denied to user 'userlimit'@'localhost' for table 'loturi'

How remove a lot of mail from mailq with few cli comands.

Hello,

We have a lot of mail with errors like:

D7AF9121256 34341 Tue Nov 21 11:19:27 MAILER-DAEMON ……….

We want to remove them.

First commands:

mailq | grep MAILER-DAEMON | awk ‘{ print $1 }’ > /root/mailq-201711.txt

Here we catch the ID like D7AF9121256 each mail and save in file /root/mailq-201711.txt.

cat /root/mailq-201711.txt

F0DFF124FDB*
D79941257D6*
75668125191*
5879A1256F4*
4A9DB124CA3*
489E6124A01*
C7DC9124A8A*
3EE891252EC*
7E956125735*
69B0E124DAA*
58F9E12535D*
8DBF71255A0*
8D633125035*
08A411254DE*
549C9124902*
8144B12537B*
D927512497A*
6606C125774*
E09BA125439*
538091259BD*
1F749125973*
8A9CB1255DC*
1D949124DD7*
13B1812546E*

Now we have to remove caracacter * from each ID because we get error to next commands.
Open file /root/mailq-201711.txt with vim and execute commands :1,$ s/*/<space>/g   where 1 it’s first line and $ last line.   Save file and exit ( :wq )

And now delete mails form mailq with:

while read i; do postsuper -d $i; done </root/mailq-201711.txt

After read each line I delete ID with postsuper -d $i and read next line.   Enjoy!

Config for Samba to allow login Windows XP

Today I found a solution for Samba 4.6.2 in Centos 7.4 for all versions of Windows from 7 upwards are able to connect less Windows XP.

Word in smb.conf

lanman auth = yes
ntlm auth = yes

That’s how the config looks:

[global]
workgroup = SAMBA
server string = Samba
netbios name = Samba
interfaces = 192.168.22.250/24 192.168.0.250/24
hosts allow = 127. 192.168.22. 192.168.0.
max protocol = SMB2
socket options = TCP_NODELAY
read raw = no
log file = /var/log/samba/log.%m
max log size = 500

lanman auth = yes
ntlm auth = yes

security = user
map to guest = bad user

passdb backend = tdbsam

local master = yes
os level = 255
preferred master = yes
printing = cups
printcap name = cups
load printers = no
cups options = bsd

I think this information will help you if you have Windows XP computers on your network.

Imapsync script or How to move more email account easy.

Today I will post a script that show you how to move easy more email account from old mail server to new server.
The story: We have have many account and we now details about every account ( user and password ).

The script

#!/bin/bash
# Example for imapsync massive migration on Unix systems.
# 
# Data is supposed to be in file.txt in the following format
# user001_1;password001_1;user001_2;password001_2
#
# Do not forget to put absolute path
#
# Separator is character semi-colon ; it can be changed
# by any character changing IFS=';'
# Each data line contains 4 columns, columns are 
# parameters for --user1 --password1 --user2 --password2
#
# Replace "imap.server1.org" and "imap.server2.org" 
# with your own hostname values. 
 
# This loop will also create a log file called 
# LOG/log_${u2}_$NOW.txt for each account transfer
# where u2 is just a variable containing the user2 
# account name, and NOW is the current date_time

mkdir -p LOG
 
{ while IFS=';' read  u1 p1 u2 p2
    do 
         { echo "$u1" | egrep "^#" ; } > /dev/null && continue
         NOW=`date +%Y_%m_%d_%H_%M_%S` 
         echo syncing to user "$u2"
         imapsync --host1 imap.server1.org -addheader  --user1 "$u1" --password1 "$p1" \
                  --host2 imap.server2.org --user2 "$u2" --password2 "$p2" \
                  > LOG/log_${u2}_$NOW.txt 2>&1
    done 
} < /etc/rc.d/file.txt
### Do not forget to put absolute path to your file "file.txt" or what ever you name it.

Example for file.txt. ( I put diferent example of user and password )

user001_1;password001_1;user001_2;password001_2
user011_1;password011_1;user022_3;password003_4
sales;passwSals34;sales@ceae.info;passSale7634 

Hope will help you this page!

How to Change WebUI Port on Edge Router – Ubiquiti EdgeRouter

Today we show you how to change default WebUI port for Ubiquiti EdgeRouter.

1. Log into router via ssh

# ssh  ubnt@192.168.0.1

2. Enter configure mode

ubnt@Edge-ROUTER:~$ configure
[edit]
ubnt@Edge-ROUTER#

3. Set the Web UI port; change 7443 to whatever you would like

set service gui https-port 7443

4. Commit and save your change

 commit
save

If you require access to the Web GUI from an external location, you will need to create a firewall rule to allow the traffic.
5. Create the firewall rule to allow inbound traffic

edit firewall name WAN_LOCAL rule 55
set description "Inbound traffic to WEB GUI"
set action  accept
set log disable
set protocol tcp_udp
set destination port 7443

And do not forget to commit and save !

Source: https://blog.laslabs.com/2013/04/change-webui-port-ubiquiti-edge-router-lite/

How to setup PureFTPD with mysql user.

Now we setup pure-ftpd with mysqld user.
1. Install packet:

# yum install epel-release
# yum install pure-ftpd

2. Now we create user and group for Pure-FTPD

# groupadd -g 3800 grupftp 
# useradd -u 3800 -s /bin/false -d /bin/null -c "User Purefptd" -g grupftp userftp

3. Create database

CREATE DATABASE pureftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
FLUSH PRIVILEGES;

USE pureftpd;

CREATE TABLE ftpd (
User varchar(16) NOT NULL default '',
status enum('0','1') NOT NULL default '0',
Password varchar(64) NOT NULL default '',
Uid varchar(11) NOT NULL default '-1',
Gid varchar(11) NOT NULL default '-1',
Dir varchar(128) NOT NULL default '',
ULBandwidth smallint(5) NOT NULL default '0',
DLBandwidth smallint(5) NOT NULL default '0',
comment tinytext NOT NULL,
ipaccess varchar(15) NOT NULL default '*',
QuotaSize smallint(5) NOT NULL default '0',
QuotaFiles int(11) NOT NULL default 0,
vizibil enum('0','1') NOT NULL DEFAULT '1',
parola varchar(255) NOT NULL,
PRIMARY KEY (User),
UNIQUE KEY User (User)
) TYPE=MyISAM;

If you use mariadb database:

CREATE TABLE ftpd ( User varchar(16) NOT NULL default '', status enum('0','1') NOT NULL default '0', Password varchar(64) NOT NULL default '', Uid varchar(11) NOT NULL default '-1', Gid varchar(11) NOT NULL default '-1', Dir varchar(128) NOT NULL default '', ULBandwidth smallint(5) NOT NULL default '0', DLBandwidth smallint(5) NOT NULL default '0', comment tinytext NOT NULL, ipaccess varchar(15) NOT NULL default '*', QuotaSize smallint(5) NOT NULL default '0', QuotaFiles int(11) NOT NULL default 0, vizibil enum('0','1') NOT NULL DEFAULT '1', parola varchar(255) NOT NULL, PRIMARY KEY (User), UNIQUE KEY User (User) ) ENGINE = MyISAM;

4. Edit /etc/pure-ftpd/pure-ftpd.conf

# vim /etc/pure-ftpd/pure-ftpd.conf
 [...]
ChrootEveryone              yes
[...]
MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf
[...]
CreateHomeDir               yes
[...]

5. Next step you have to edit /etc/pure-ftpd/pureftpd-mysql.conf

 MYSQLSocket      /var/lib/mysql/mysql.sock
MYSQLUser       pureftpd
MYSQLPassword   ftpdpass
MYSQLDatabase   pureftpd
MYSQLCrypt      md5
MYSQLGetPW      SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetUID     SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetGID     SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetDir     SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTASZ   SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTAFS   SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

6. Add user to database:

 INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`,`vizibil`,`parola`) VALUES ('usertest', '1', MD5('newparola'), '3800', '3800', '/srv/ftp/testuser', '100', '100', '', '*', '50', '0','1','newparola');

Add user without limit quota:

 INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`,`vizibil`,`parola`) VALUES ('userboss', '1', MD5('bosspass'), '3800', '3800', '/srv/ftp', '0', '0', '', '*', '0', '0','1','bosspass');

7. Few tips.
How we change password one user already exist

 update ftpd set password=MD5('NewPass8634word') where User='USERFTP';

8. Start and enable service

# systemctl status pure-ftpd.service 
# systemctl enable pure-ftpd.service
# systemctl start pure-ftpd.service

For centos 6

# chkconfig on pure-ftpd 
# service pure-ftpd start
# service pure-ftpd status 

Enjoy, that it is!