OpenBSD and smtpd

Publicerad: 30 januari 2012 | Kategori: General, Hints, Security | Etiketter: , , | Snabblänk » | Bli först att kommentera! »

Finally there is a secure and easy-to-configurate substitute for ”Sendmail”, ”OpenSMTPD”!

OpenSMTPD (smtpd) first appeared in OpenBSD 4.6 and will probably replace sendmail as the default mail daemon in OpenBSD 5.1. With this in mind, I replased sendmail with smtpd when I upgraded my OpenBSD (4.8 to 5.0) routers/gateways a few weeks ago. Since they only send ”cron” emails there are not much traffic to talk about but it still feels great to finally replace the old dusty Sendmail.

Here are the steps I went through to get started with smtpd. For a reference see the maual pages at OpenSMTPD.org.

smtpd is not enabled by default. In order to use it as the system
mailer, ensure the mail queue is empty, then stop sendmail(8):

# pkill sendmail

Modify the current mailwrapper(8) settings by editing /etc/mailer.conf:

# cat /etc/mailer.conf
sendmail /usr/sbin/smtpctl
send-mail /usr/sbin/smtpctl
mailq /usr/sbin/smtpctl
makemap /usr/libexec/smtpd/makemap
newaliases /usr/libexec/smtpd/makemap

Rebuild the aliases database, and enable the daemon to run at boot:

# newaliases

# echo ”sendmail_flags=NO” >> /etc/rc.conf.local
# echo ”smtpd_flags=” >> /etc/rc.conf.local

The above parts was all taken from the manuals so here comes the parts that differs depending on the purpose with smtpd. My purpose is to accept outgoing mail from localhost (lo0) only and relay them through my Loopia email account using TLS authentication on port 587. More examples and informations can be found at calomel.org.

# cat /etc/mail/smtpd.conf
listen on 127.0.0.1 port 25
expire 4h
hostname my.local.domain
map ”aliases” { source db ”/etc/mail/aliases.db” }
map ”secrets” { source db ”/etc/mail/secrets.db” }
accept from local for local alias aliases deliver to mbox
accept from local for all relay via mailcluster.loopia.se port 587 tls auth ”secrets”

Since the mailserver uses authentication the username and password is saved in a separate file with restricted permissions.

# cat /etc/mail/secrets
mailcluster.loopia.se LOOPIA_USERNAME@mydomain.tld:LOOPIA_PASSWORD

# chmod 640 /etc/mail/secrets
# chown root:_smtpd /etc/mail/secrets

# cd /etc/mail
# makemap /etc/mail/secrets

Check the config for errors and start smtpd in the background.

# smtpd -n
configuration OK

# smtpd

See so it is working by sending an email to a local user or root depending on your  /etc/mail/aliases setup.

# smtpctl show stats | grep ‘mta.sessions=’

# echo ”A test message” | mail -s ”Subject” root

# smtpctl show stats | grep ‘mta.sessions=’

Email on successful login

Publicerad: 17 december 2011 | Kategori: Hints, Security | Etiketter: , , | Snabblänk » | Bli först att kommentera! »

If you have a server that you know nobody really should login to, it can be a good idea to track the few logins the server gets. I have done this on my OpenBSD router by telling /etc/profile (who runs on every login) to send me an email about every successful login. The line I added to /etc/profile looks like this:

echo -e ”Login on `hostname` `date` \n\n# w $(whoami)\n`w $(whoami)` \n\n# who -HTu\n`who -HTu`” | mail -s ”Login on `hostname` as (`whoami`)” root

What this do is that it collect some useful information about the user that has just logged in and sends an email to the root user. If you do not have set up an alias for the user it is possible to change ”root” in the command above to an email address. The email will look like:

Subject: Login on gw.localdomain as (username)

Login on gw.localdomain Sat Dec 17 12:04:17 CET 2011

# w username
12:04PM  up  2:37, 1 user, load averages: 0.40, 0.77, 0.90
USER    TTY FROM              LOGIN@  IDLE WHAT
username   p0 192.168.0.22    12:04PM     0 w username

# who -HTu
USER     S LINE     WHEN         IDLE    FROM
username   + ttyp0    Dec 17 12:04   .     (192.168.0.22)

Unboxing: white iPhone 4S

Publicerad: 31 oktober 2011 | Kategori: General | Etiketter: , | Snabblänk » | Bli först att kommentera! »

Here is my version of iPhone 4S unboxing! All images are taken with a iPhone 3G, hope the new images will be better!?

Image 1

Image 1

Image 2

Image 2

Image 3

Image 3

Image 4

Image 4

In English, please!

Publicerad: 16 augusti 2011 | Kategori: General | Etiketter: | Snabblänk » | Bli först att kommentera! »

From now on I will write the articles in English. This is based on the visitors statistics and also requests from some visitors.

First out will be some articles about OpenBSD and how to use it to create a fully functional router or gateway. If everything goes as planned the first article will be publiced this week.

Pingdom Notifier for Mac

Publicerad: 10 juni 2011 | Kategori: Development | Etiketter: , , , , , | Snabblänk » | 2 Kommentarer »

English version below

Som jag skrev i tidigare inlägg är jag i full gång med att lära mig Cocoa och Objective-C. Första programmet som är värt att släppa är Pingdom Notifier for Mac (och gjordes på ungefär sex timmar). Från min sida är det ett experiment där jag testar hur det är att arbeta med Growl, Apple Keychain, REST och Sparkle (automatisk uppdatering). Buggar och förslag på förbättringar får ni gärna skicka till mig! Som sagt, testa gärna programmet och om ni inte har något konto hos Pingdom går det att skaffa ett gratiskonto på deras hemsida.

Läs mer och ladda hem Pingdom Notifier for Mac här.

English version

As I wrote in previous posts, I am in the process of learning Cocoa and Objective-C. The first program that is worth releasing is Pingdom Notifier for Mac. From my side it is an experiment where I test how it is to work with Growl, Apple Keychain, REST and Sparkle (automatic updater). Feel free to send me bug reports and suggestions! That said, please try the program and if you do not have an account at Pingdom is possible to obtain a free account on their website.

Read more and download Pingdom Notifier for Mac here.

« Äldre inlägg