resend mails vom dovecot maildir via sendmail
Wednesday, January 25, 2012hi
here some simple bash snippet to get this done.
cd /path/to/maildir/new
for x in *; do cat "$x" | sed -e "/Delivered-To: mail@reviever.at/"d | sendmail -G -i gywho@wantsmail.at ; done
Have fun!
simple sogo backup in perl with mysql
Hi
Need to export(backup) your sogo users contacts calendar etc?
Here some simple approach to get this done.
#!/usr/bin/perl
use warnings;
use DBI;
my $db ="databasename";
my $user = "username";
my $pass = "mypassword";
my $host = "localhost";
my $query = "SELECT mail FROM sogo_users";
my $bkppath = "/path/to/backup";
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
my $dbh = DBI->connect("DBI:mysql:$db", "$user", "$pass")
or die "Could not connect to database: " . DBI->errstr;
my $sth = $dbh->prepare("$query")
or die "Couldn't prepare statement: " . $dbh->errstr;
$sth->execute()
or die "Couldn't execute statement: " . $sth->errstr;
while ($data = $sth->fetchrow_array()) {
my $mail = $data;
my $bkp = `/usr/sbin/sogo-tool backup $bkppath $mail > /dev/null`;
sleep 2;
my $mv = `/bin/mv $bkppath/$mail $bkppath/$mail.$wday`;
}
$sth->finish;
$dbh->disconnect;
Have fun!
boys like toys :-)
Monday, January 23, 2012
*no comment*
wow were grown up
jep this could happen too :-)
apache2 reverseproxy for single virtualhost
Hi
need to reverseproxy a webite with apache?
following config for following scenario:
your webserver A is running on ip 1.1.1.1 with bla.com
but you want that webserver B 2.2.2.2 running bla.com proxying to webserver A
then put the following config in your configuration file of webserver B:
<VirtualHost *:80> ServerName bla.com ServerAlias www.bla.com ServerAdmin webmaster@bla.com ProxyPreserveHost On ProxyPass / http://1.1.1.1/ ProxyPassReverse / http://1.1.1.1/ </VirtualHost>
If you are wondering what the option “ProxyPreserveHost” is read here:
http://httpd.apache. … ml#proxypreservehost
don’t forget to change dns settings.
Have fun!
diaspora pot online
Tuesday, January 3, 2012Hi there
My brand new diaspora pot is online :-)
https://diaspora.paranoids.at
Just add me from any other pod or ask for invite:
markus@diaspora.paranoids.at
Have fun!
Fekter zur Vorratsdatenspeicherung im Justizausschuss
Saturday, November 5, 2011Hi Leute!
Vorratsdatenspeicherung = Überwachungsstaat
Lasst uns nicht zurückfallen ins Jahr 1938!
Diese Dinge geschehen jetzt. Und betreffen schlussendlich jeden von uns!
http://www.youtube.c … /watch?v=usiqSiDy4a0
Bitte stellt euch gegen unsere “Politiker”! Eine Stimme alleine genügt nicht um das zu stoppen!
http://www.stopp-vorratsdaten.at/
Viel Spass !
running tor with optimal configuration
Wednesday, November 2, 2011I just didn’t know what to do with my 8Mbit/s symetric fibre flat internet connection
I decided to run a tor middleman node.
So I tried to set it up with best conscience, using a webserver to serve the tor-exit-notice.html , using a reverse dns entry which is forward resolveable and using the offical tor debian repositorys for the tor binary.
I installed debian squeeze on a alix2c1 using debootstrap:
Here my tor config
vim /etc/tor/torrc
# # this should force tor to avoid disk writes because of the cf flash card AvoidDiskWrites 1 #because (i love centralized syslogging) Log notice syslog #start tor as daemon RunAsDaemon 1 # data dir DataDirectory /var/lib/tor # i like to graph some tor statistik for debugging with munin (nice to have it) ControlPort 9051 ControlListenAddress 192.168.1.8:9051 # needed for authentification for the munin plugins HashedControlPassword 16:blablablabla # Required: what port to advertise for incoming Tor connections. ORPort 9001 # A handle for your relay, so people don't have to refer to it by key. Nickname TorTorToriweanarisch # Define these to limit how much relayed traffic you will allow. RelayBandwidthRate 600 KB RelayBandwidthBurst 650 KB # the next two options say that tor is allowed to use only 10GB per day starting from 00:00 localtime AccountingMax 5 GB AccountingStart day 21:00 # this info is very useful, tor will contact you if something is misconfigured or that youre generating ther errors on the network ContactInfo Tor Ture <paranoid dot brume AT gmail dot com> #This setting means that your relay will be used for relaying traffic inside the Tor network, but not for connections to external websites or other services ExitPolicy reject *:*
Here some references (please read):
https://blog.torproj … rg/running-exit-node
http://wiki.debianforum.de/Debootstrap
https://trac.torproj … oc/ReducedExitPolicy
https://www.torproject.org/docs/debian
https://www.torproje … html.en#ExitPolicies
Generate your password hash for control connection:
tor --hash-password password
That’s it
Have fun!
funambol sogo cacert.org ssl cerificate apache proxy
Wednesday, September 7, 2011Hi
I’m using my funambol server to sync my android phone with sogo.
The problem was that I got from the funambol android client an connection error when using ssl with cacert.org certificates (https://sogo.bla.at/funambol)
First of all here my apache proxy config:
root@sogo:/etc/apache2/conf.d# cat funambol.conf ProxyPass /funambol http://127.0.0.1:8080/funambol <Proxy http://127.0.0.1:8080/*> Order allow,deny Allow from all </Proxy>
Next you need to install the cacert.org root certs on your android device using this howtos:
http://silkemeyer.ne … -android-importieren
http://wiki.cacert.o … tCert#Android_Phones
This worked like a charm for me :-)
Have fun
iptables firewall ipv4-ipv6 for loop generated
Thursday, August 25, 2011hi there
your’re looking for iptables firewall?
here is my suggestion to do this :-)
#!/bin/bash
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: IPTABLES Firewall
# Description: Used to Firewall a computer
### END INIT INFO
# Author: Paranoids <markus(at)paranoids(dot)at>
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
IPT="/sbin/iptables"
IPT6="/sbin/ip6tables"
ETH0="eth0"
TUN6TO4="tun6to4"
LOCAL="lo"
ALLOWEDTCPPORTS="80"
ALLOWEDUDPPORTS="53"
ALLOWEDTCPPORTS6="80"
ALLOWEDUDPPORTS6="53"
ALLOWEDIPS="192.168.1.1 192.168.2.0/24"
ALLOWEDIPS6="dead:beef:dead::/48"
case "$1" in
start)
echo "Starting Firewall"
if [ -r /proc/sys/net/ipv4/ip_forward ]; then
echo "Disabling ipv4 forwarding"; echo "0" > /proc/sys/net/ipv4/ip_forward
fi
if [ -r /proc/sys/net/ipv4/tcp_syncookies ]; then
echo "Enabling ipv4 tcp_syncookies"; echo "1" > /proc/sys/net/ipv4/tcp_syncookies
fi
#flushing firewall
$IPT -F
$IPT -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT6 -F
$IPT6 -X
$IPT6 -P INPUT ACCEPT
$IPT6 -P OUTPUT ACCEPT
$IPT6 -P FORWARD ACCEPT
#set input chain
$IPT -N IN_ETH0
$IPT -A IN_ETH0 -p tcp --syn -m state --state NEW -m connlimit --connlimit-above 50 --connlimit-mask 32 -m recent --set --name firewall
$IPT -A IN_ETH0 -p tcp -m recent --update --seconds 60 --hitcount 2 --name firewall -j DROP
$IPT -A IN_ETH0 -p tcp -m state --state INVALID -j DROP
for PORT in $ALLOWEDTCPPORTS
do $IPT -A IN_ETH0 -p tcp --dport $PORT -j ACCEPT
done
for PORT in $ALLOWEDUDPPORTS
do $IPT -A IN_ETH0 -p udp --dport $PORT -j ACCEPT
done
for PORT in $ALLOWEDIPS
do $IPT -A IN_ETH0 -s $PORT -j ACCEPT
done
$IPT -A IN_ETH0 -p icmp --icmp-type echo-request -j ACCEPT
$IPT -A IN_ETH0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#$IPT -A IN_ETH0 -j LOG --log-prefix "iptables: "
$IPT -A IN_ETH0 -j DROP
$IPT6 -N IN_TUN6TO4
$IPT6 -A IN_TUN6TO4 -p tcp --syn -m state --state NEW -m connlimit --connlimit-above 50 --connlimit-mask 32 -m recent --set --name firewall6
$IPT6 -A IN_TUN6TO4 -p tcp -m recent --rttl --update --seconds 60 --hitcount 1 --name firewall6 -j DROP
$IPT6 -A IN_TUN6TO4 -p tcp -m state --state INVALID -j DROP
for PORT in $ALLOWEDTCPPORTS6
do $IPT6 -A IN_TUN6TO4 -p tcp --dport $PORT -j ACCEPT
done
for PORT in $ALLOWEDUDPPORTS6
do $IPT6 -A IN_TUN6TO4 -p udp --dport $PORT -j ACCEPT
done
for PORT in $ALLOWEDIPS6
do $IPT6 -A IN_TUN6TO4 -s $PORT -j ACCEPT
done
$IPT6 -A IN_TUN6TO4 -p icmpv6 -j ACCEPT
$IPT6 -A IN_TUN6TO4 -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT6 -A IN_TUN6TO4 -j LOG --log-prefix "iptables: "
$IPT6 -A IN_TUN6TO4 -j DROP
$IPT -A INPUT -i $ETH0 -j IN_ETH0
$IPT -A INPUT -i $LOCAL -j ACCEPT
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -j LOG --log-prefix "iptables: "
$IPT -A INPUT -j DROP
$IPT6 -A INPUT -i $TUN6TO4 -j IN_TUN6TO4
$IPT6 -A INPUT -i $LOCAL -j ACCEPT
$IPT6 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT6 -A INPUT -j LOG --log-prefix "iptables: "
$IPT6 -A INPUT -j DROP
$IPT -A FORWARD -j LOG --log-prefix "iptables: "
$IPT -A FORWARD -j DROP
$IPT6 -A FORWARD -j LOG --log-prefix "iptables: "
$IPT6 -A FORWARD -j DROP
$IPT -N OUT_ETH0
for PORT in $ALLOWEDTCPPORTS
do $IPT -A OUT_ETH0 -p tcp --sport $PORT -j ACCEPT
done
for PORT in $ALLOWEDUDPPORTS
do $IPT -A OUT_ETH0 -p udp --sport $PORT -j ACCEPT
done
for PORT in $ALLOWEDIPS
do $IPT -A OUT_ETH0 -d $PORT -j ACCEPT
done
$IPT -A OUT_ETH0 -p udp --dport 53 -j ACCEPT
$IPT -A OUT_ETH0 -p tcp --dport 53 -j ACCEPT
$IPT -A OUT_ETH0 -p udp --dport 123 -j ACCEPT
#antiwebspamming(hacking)
$IPT -A OUT_ETH0 -m owner --uid-owner 0 -j ACCEPT
$IPT -A OUT_ETH0 -m owner --gid-owner 0 -j ACCEPT
$IPT -A OUT_ETH0 -m owner --uid-owner 1004 -j ACCEPT
$IPT -A OUT_ETH0 -m owner --gid-owner 1004 -j ACCEPT
$IPT -A OUT_ETH0 -m state --state NEW -p udp -j LOG --log-uid --log-prefix "iptables: "
$IPT -A OUT_ETH0 -m state --state NEW -p udp -j DROP
$IPT -A OUT_ETH0 -p tcp --dport 25 -m owner --uid-owner 1000:50000 -j LOG --log-uid --log-prefix "iptables: "
$IPT -A OUT_ETH0 -p tcp --dport 25 -m owner --uid-owner 1000:50000 -j DROP
$IPT -A OUT_ETH0 -p tcp --dport 25 -m owner --gid-owner 1000:50000 -j LOG --log-uid --log-prefix "iptables: "
$IPT -A OUT_ETH0 -p tcp --dport 25 -m owner --gid-owner 1000:50000 -j DROP
$IPT -A OUT_ETH0 -m state --state NEW -p tcp --dport 1024: -j LOG --log-uid --log-prefix "iptables: "
$IPT -A OUT_ETH0 -m state --state NEW -p tcp --dport 1024: -j DROP
$IPT -A OUT_ETH0 -j ACCEPT
$IPT6 -N OUT_TUN6TO4
for PORT in $ALLOWEDTCPPORTS
do $IPT6 -A OUT_TUN6TO4 -p tcp --sport $PORT -j ACCEPT
done
for PORT in $ALLOWEDUDPPORTS
do $IPT6 -A OUT_TUN6TO4 -p udp --sport $PORT -j ACCEPT
done
for PORT in $ALLOWEDIPS6
do $IPT6 -A OUT_TUN6TO4 -d $PORT -j ACCEPT
done
#antiwebspamming(hacking)
$IPT6 -A OUT_TUN6TO4 -p udp --dport 53 -j ACCEPT
$IPT6 -A OUT_TUN6TO4 -p tcp --dport 53 -j ACCEPT
$IPT6 -A OUT_TUN6TO4 -p udp --dport 123 -j ACCEPT
$IPT6 -A OUT_TUN6TO4 -m owner --uid-owner 0 -j ACCEPT
$IPT6 -A OUT_TUN6TO4 -m owner --gid-owner 0 -j ACCEPT
$IPT6 -A OUT_TUN6TO4 -m owner --uid-owner 1004 -j ACCEPT
$IPT6 -A OUT_TUN6TO4 -m owner --gid-owner 1004 -j ACCEPT
$IPT6 -A OUT_TUN6TO4 -m state --state NEW -p udp -j LOG --log-uid --log-prefix "iptables: "
$IPT6 -A OUT_TUN6TO4 -m state --state NEW -p udp -j DROP
$IPT6 -A OUT_TUN6TO4 -p tcp --dport 25 -m owner --uid-owner 1000:50000 -j LOG --log-uid --log-prefix "iptables: "
$IPT6 -A OUT_TUN6TO4 -p tcp --dport 25 -m owner --uid-owner 1000:50000 -j DROP
$IPT6 -A OUT_TUN6TO4 -p tcp --dport 25 -m owner --gid-owner 1000:50000 -j LOG --log-uid --log-prefix "iptables: "
$IPT6 -A OUT_TUN6TO4 -p tcp --dport 25 -m owner --gid-owner 1000:50000 -j DROP
$IPT6 -A OUT_TUN6TO4 -m state --state NEW -p tcp --dport 1024: -j LOG --log-uid --log-prefix "iptables: "
$IPT6 -A OUT_TUN6TO4 -m state --state NEW -p tcp --dport 1024: -j DROP
$IPT6 -A OUT_TUN6TO4 -j ACCEPT
$IPT -A OUTPUT -o $ETH0 -j OUT_ETH0
$IPT -A OUTPUT -o $LOCAL -j ACCEPT
$IPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -j LOG --log-prefix "iptables: "
$IPT -A OUTPUT -j DROP
$IPT6 -A OUTPUT -o $TUN6TO4 -j OUT_TUN6TO4
$IPT6 -A OUTPUT -o $LOCAL -j ACCEPT
$IPT6 -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT6 -A OUTPUT -j LOG --log-prefix "iptables: "
$IPT6 -A OUTPUT -j DROP
;;
stop)
echo "Shutting down Firewall"
$IPT -F
$IPT -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT6 -F
$IPT6 -X
$IPT6 -P INPUT ACCEPT
$IPT6 -P OUTPUT ACCEPT
$IPT6 -P FORWARD ACCEPT
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
;;
status)
$IPT -L -v -n --line-numbers
;;
status6)
$IPT6 -L -v -n --line-numbers
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
have fun!
ubuntu 11.04 nokia n900 modem networkmanager
Monday, May 16, 2011Hi there!
Youre wondering why you cant use your n900 in ubuntu 11.04 as modem?
Here is a quick and dirty fix to get GSM only connection:
rmmod cdc_acm modprobe cdc_acm
or you can use wvdial; here my config:
[Dialer Defaults] Init1 = ATZ Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 Init3 = AT+CGDCONT=1,"IP","business.gprsinternet" Modem Type = USB Modem Baud = 460800 New PPPD = yes Modem = /dev/ttyACM0 ISDN = 0 Phone = *99***1# Password = t-mobile Username = tm
Have fun!
