matze/docs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
docs/journals/2023_02_20.md
Matthias Eckert 547acad9fc Auto saved by Logseq
2023-05-08 08:27:48 +02:00

317 lines
11 KiB
Markdown
Raw Permalink Blame History

- [[English Lesson]]
- https://www.reuters.com/world/china/china-warns-us-suffer-consequences-if-it-escalates-balloon-incident-2023-02-19/
- https://uk.news.yahoo.com/ohio-derailment-live-train-broke-091235747.html
- https://www.truthorfiction.com/trump-ohio-train-breaks-and-deregulation/
- I find it quite disturbing that news about the "weather" balloon seem to be more important then the toxic train crash catastrophe in Ohio. Animals dropping dead as this ecological disaster unfolds really makes you feel sad. Regarding the train infrastructure in the U.S. the build back plan should be imposed and the reverted legaslation regarding brakes reinstated.
- Spotify #Software
- Patching for Windows: https://github.com/amd64fox/SpotX
- Android: https://github.com/xManager-App/xManager
- https://github.com/alex/what-happens-when
- Interview Frage zu was passiert wenn man google.com in den Browser eingibt.
- Frage wird auf mehreren Leveln beantwortet.
- Simplelogin
- Use to create temporary email adresses
- Open port in firewall
``` bash
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 25 -j ACCEPT
sudo netfilter-persistent save
```
- https://github.com/simple-login/app
- ``` bash
# generate a private and public key for DKIM:
openssl genrsa -out dkim.key 1024
openssl rsa -in dkim.key -pubout -out dkim.pub.key
```
- Set A-Record to IP of Oracle Instance ``152.67.72.128`` [[Cloud]]
- Create MX-Record simplelogin.mexl.de
- ![image.png](../assets/image_1676897492484_0.png)
- ```bash
dig mexl.de mx
```
```
;; ANSWER SECTION:
mexl.de. 18 IN MX 10 simplelogin.mexl.de.
```
- DKIM - TXT Record
- ``` bash
sed "s/-----BEGIN PUBLIC KEY-----/v=DKIM1; k=rsa; p=/g" $(pwd)/dkim.pub.key | sed 's/-----END PUBLIC KEY-----//g' |tr -d '\n' | awk 1
```
```
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKMSgDGFeKXZgLyUI/paUXvWNhFywntJov4xR1bATzY35Ys1OX2yVPhAkGzAbMW3t792gw3RqfMDXsj7nydaz2zPzoW7w7qMGOJKpg/NFTdM2FUm0UZNeL+EazJqcgRthwqBYpebYbpUaKYK/ZtpQeN1HMKQqBs7RI+i4Hwp3+zQIDAQAB
```
- ![image.png](../assets/image_1676897892931_0.png)
- ``` bash
dig @1.1.1.1 dkim._domainkey.mexl.de txt
```
```
;; ANSWER SECTION:
dkim._domainkey.mexl.de. 150 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKMSgDGFeKXZgLyUI/paUXvWNhFywntJov4xR1bATzY35Ys1OX2yVPhAkGzAbMW3t792gw3RqfMDXsj7nydaz2zPzoW7w7qMGOJKpg/NFTdM2FUm0UZNeL+EazJqcgRthwqBYpebYbpUaKYK/ZtpQeN1HMKQqBs7RI+i4Hwp3+zQIDAQAB"
```
- SPF - TXT Record
- ```
mexl.de
v=spf1 mx ~all
```
- DMARC - TXT Record
- ```
_dmarc.mexl.de
v=DMARC1; p=quarantine; adkim=r; aspf=r
```
- Create Docker network
- ``` bash
sudo docker network create -d bridge \
--subnet=10.0.0.0/24 \
--gateway=10.0.0.1 \
sl-network
```
- Postgress
- docker-compose.yml
``` yml
version: "3"
services:
sl-db:
image: postgres:15.2
container_name: sl-db
ports:
- "127.0.0.1:5432:5432"
volumes:
- ./sl/db:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=!oG3^fx!UMnbazokfs9MSJoiD
- POSTGRES_USER=simplelogin
- POSTGRES_DB=simplelogin
restart: unless-stopped
networks:
default:
name: sl-network
external: true
```
- Test postgres
- ``docker compose up -d``
- ``docker compose run sl-db psql -U simplelogin simplelogin``
- ``sudo apt-get install -y postfix postfix-pgsql -y``
- ``/etc/postfix/main.cf``
```
# POSTFIX config file, adapted for SimpleLogin
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtpd_tls_security_level = may
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
alias_maps = hash:/etc/aliases
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/24
# Set your domain here
mydestination =
myhostname = simplelogin.mexl.de
mydomain = mexl.de
myorigin = mexl.de
relay_domains = pgsql:/etc/postfix/pgsql-relay-domains.cf
transport_maps = pgsql:/etc/postfix/pgsql-transport-maps.cf
# HELO restrictions
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
# Sender restrictions:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
# Recipient restrictions:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permit
```
- ``/etc/postfix/pgsql-relay-domains.cf``
```
# postgres config
hosts = localhost
user = simplelogin
password = !oG3^fx!UMn%bazokfs9MSJoiD
dbname = simplelogin
query = SELECT domain FROM custom_domain WHERE domain='%s' AND verified=true
UNION SELECT '%s' WHERE '%s' = 'mydomain.com' LIMIT 1;
```^
- ``/etc/postfix/pgsql-transport-maps.cf``
```
# postgres config
hosts = localhost
user = simplelogin
password = !oG3^fx!UMn%bazokfs9MSJoiD
dbname = simplelogin
# forward to smtp:127.0.0.1:20381 for custom domain AND email domain
query = SELECT 'smtp:127.0.0.1:20381' FROM custom_domain WHERE domain = '%s' AND verified=true
UNION SELECT 'smtp:127.0.0.1:20381' WHERE '%s' = 'mydomain.com' LIMIT 1;
```
``sudo systemctl restart postfix``
- ``simplelogin.env``
```
# WebApp URL
URL=http://simplelogin.mexl.de
# domain used to create alias
EMAIL_DOMAIN=mexl.de
# transactional email is sent from this email address
SUPPORT_EMAIL=support@mexl.de
# custom domain needs to point to these MX servers
EMAIL_SERVERS_WITH_PRIORITY=[(10, "simplelogin.mexl.de")]
# By default, new aliases must end with ".{random_word}". This is to avoid a person taking all "nice" aliases.
# this option doesn't make sense in self-hosted. Set this variable to disable this option.
DISABLE_ALIAS_SUFFIX=1
# the DKIM private key used to compute DKIM-Signature
DKIM_PRIVATE_KEY_PATH=/dkim.key
# DB Connection
DB_URI=postgresql://simplelogin:!oG3^fx!UMnbazokfs9MSJoiD@sl-db:5432/simplelogin
FLASK_SECRET=5VcvmjG3ayzAZ9mTN&mAUqPpyc
GNUPGHOME=/sl/pgp
LOCAL_FILE_UPLOAD=1
```
- ```
docker run --rm \
--name sl-migration \
-v $(pwd)/sl:/sl \
-v $(pwd)/sl/upload:/code/static/upload \
-v $(pwd)/dkim.key:/dkim.key \
-v $(pwd)/dkim.pub.key:/dkim.pub.key \
-v $(pwd)/simplelogin.env:/code/.env \
--network="sl-network" \
simplelogin/app:3.4.0 flask db upgrade
```
- ```
docker run --rm \
--name sl-init \
-v $(pwd)/sl:/sl \
-v $(pwd)/simplelogin.env:/code/.env \
-v $(pwd)/dkim.key:/dkim.key \
-v $(pwd)/dkim.pub.key:/dkim.pub.key \
--network="sl-network" \
simplelogin/app:3.4.0 python init_app.py
```
- Update docker-compose.yml
``` yml
version: "3"
services:
sl-db:
image: postgres:15
container_name: sl-db
ports:
- "127.0.0.1:5432:5432"
volumes:
- ./sl/db:/var/lib/postgresql/data
- /etc/passwd:/etc/passwd:ro
environment:
- POSTGRES_PASSWORD=!oG3^fx!UMnbazokfs9MSJoiD
- POSTGRES_USER=simplelogin
- POSTGRES_DB=simplelogin
restart: unless-stopped
user: "1001:1001"
sl-app:
image: simplelogin/app:3.4.0
ports:
- "127.0.0.1:7777:7777"
restart: unless-stopped
user: "1001:1001"
depends_on:
- sl-db
volumes:
- ./sl:/sl
- ./sl/upload:/code/static/upload
- ./simplelogin.env:/code/.env
- ./dkim.key:/dkim.key
- ./dkim.pub.key:/dkim.pub.key
sl-email:
image: simplelogin/app:3.4.0
command: python email_handler.py
ports:
- "127.0.0.1:20381:20381"
restart: unless-stopped
user: "1001:1001"
depends_on:
- sl-app
volumes:
- ./sl:/sl
- ./sl/upload:/code/static/upload
- ./simplelogin.env:/code/.env
- ./dkim.key:/dkim.key
- ./dkim.pub.key:/dkim.pub.key
sl-job-runner:
image: simplelogin/app:3.4.0
command: python job_runner.py
restart: unless-stopped
user: "1001:1001"
depends_on:
- sl-email
volumes:
- ./sl:/sl
- ./sl/upload:/code/static/upload
- ./simplelogin.env:/code/.env
- ./dkim.key:/dkim.key
- ./dkim.pub.key:/dkim.pub.key
networks:
default:
name: sl-network
external: true
```
- ``/etc/postfix/main.cf``
```
smtpd_tls_cert_file=/home/ubuntu/deployment/nginx-certbot/proxy/certbot/conf/live/simplelogin.mexl.de/fullchain.pem
smtpd_tls_key_file=/home/ubuntu/deployment/nginx-certbot/proxy/certbot/conf/live/simplelogin.mexl.de/privkey.pem
```
- `` simplelogin.env``
```
URL=https://simplelogin.mexl.de
```
-
- https://desec.io/
Reference in New Issue View Git Blame Copy Permalink