2009 – KutuKupret colorful website

Postfix Selective Sender Addresss Verification

The idea is selectively probe valid email sender for certain domain that frequently forged by spammer, we should use sender access verification carefully. Much better if we noticing postmaster/admin that we conducting SAv/probing their server for valid user, or otherwise we’ll end up in backscatterer.org list hehehe…

Create smtpd_restriction_class call verify_sender

smtpd_restriction_classes = verify_sender

Define verify_sender so it should reject all unverified email sender, verified one will be permit/pass

verify_sender = reject_unverified_sender, permit

Create has table called frequently_forged_senders to define sender domain that going to be in verification list

check_sender_access hash:/etc/postfix/frequently_forged_senders

frequently_forged_senders contains

domain1.tld		verify_sender
domain2.tld		verify_sender
domain3.tld		verify_sender

admin December 28, 2009postfix, savNo Comments

postfix

Compiling postfix snapshot (postfix-2.7-20091209) on FreeBSD 6.1

Compiling postfix snapshot (postfix-2.7-20091209) on FreeBSD 6.1 FreeBSD 6.1 only has postfix 2.2.9 in package ports default stock, if i recall correctly. we need downloading source from www.postfix.org FIrst install all dependencies, In FreeBSD i actually just locate package,cd to package ports directory and then make install clean e.g :…

admin December 25, 2009postfixNo Comments

fedora postfix tls

Postfix TLS Support On Fedora 12

It’s time to make our SMTP transactions encrypted using TLS. TLS itself stands for Transport Layer Security. it encrypts the communication between two hosts.

As usual when building postfix RPM package, i recommended using tutorial on how to compile postfix rpm source at Simon J Mudd’s website

When you’ve done with compiling postyfix with TLS support, continue to these how to create self signed postfix tls certificates

Certificates part

# cd /etc/postfix
# mkdir ssl
# cd ssl
# mkdir certs crl newcerts private
# echo "01" > serial
# cp /dev/null index.txt
# cat /etc/pki/tls/openssl.cnf | sed -e 's/\/etc\/pki\/CA/\./' | sed -e 's/\.\/demoCA/\./' > openssl.cnf

# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
# openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 3650 -config openssl.cnf
# openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem

# openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem

# cp cacert.pem /etc/postfix
# grep -B 100 "END PRIVATE KEY" newreq.pem > /etc/postfix/key.pem
# chmod 400 /etc/postfix/key.pem
# cp newcert.pem /etc/postfix/cert.pem

admin December 11, 2009fedora, postfix, tls1

fedora mysql pam

Postfix Smtp Auth using pam_mysql On Fedora 12

First of all, of course we need to compile postfix for supporting sasl.the easiest way is read tutorial how to compile postfix rpm source at Simon J Mudd’s website

Since i’m using mysql database for storing username/password, i’m gonna show you how to create smtp authentication/SASL.

Install pam_mysql:

# yum -y install pam_mysql

Edit /etc/pam.d/smtp file :

auth required pam_mysql.so user=postfix passwd=password host=localhost db=postfixdb table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0
account sufficient pam_mysql.so user=postfix passwd=password host=localhost db=postfixdb table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0

admin December 10, 2009fedora, mysql, pam, postfixNo Comments

mysql programing

How To Use LIKE In MYSQL Stored Procedure Select Statement?

I write a stored procedure as below but always result nothing/incorect. [text] DELIMITER // DROP PROCEDURE IF EXISTS get_domain // CREATE PROCEDURE get_domain (IN domin VARCHAR(64)) BEGIN SELECT * FROM domain_senders WHERE domain LIKE '%domin%'; END// DELIMITER ; [/text] The procedure itself is successfully created.After looking around with google i've…

admin December 9, 2009mysql, programing3

postfix

Postfix Create Blackhole For Authenticated User’s Outgoing Submission (revised)

There's weakness in previous article.if i sent message to two or more recipients, it will be also discarded. The solution is just simply route domain to discard service in transport_maps ;-) [text] auth.domain.net discard:silently [/text] Log shows: [text] Dec 7 17:23:05 smtp postfix/smtpd[1178]: AFDB72503B: client=tebet.domain.net.id[202.xxx.xx.xxx], sasl_method=PLAIN, sasl_username=hari.h@auth.domain.net Dec 7 17:23:05…

admin December 7, 2009postfixNo Comments

postfix

Postfix Create Blackhole For Authenticated User’s Outgoing Submission

I don’t know what is the right subject for this topic, the idea is, i just want my outgoing smtp for sending email only, authenticated user not supposed send(or accidentally) to his/her smtp authentication account.which are in my configuration stored in virtual mailbox maps table. In normal case can delivering email to maildir.

I’m using postfixadmin to generate username/password, saslauthd with pam_mysql for querying username/password to mysql virtual mailbox table.Everything is okay with authentication things, except i don’t want username receiving email

In postfix access 5 manual there is actions called DISCARD

       DISCARD optional text...
              Claim successful delivery and silently discard  the
              message.   Log the optional text if specified, oth-
              erwise log a generic message.

              Note: this action currently affects all  recipients
              of  the  message.   To  discard  only one recipient
              without discarding  the  entire  message,  use  the
              transport(5) table to direct mail to the discard(8)
              service.

              This feature is available in Postfix 2.0 and later.

admin December 7, 2009postfixNo Comments

k800i

Installing Self Signed smtp/imapd/pop3 Certificate on K800i Sony Ericsson

I own this beautiful K800i phonecell about 3 years more or less. The great things is K800i’s email client support for smtp authentication, imap, pop3, ssl, tls, port customization. I will show you how to plant my self signed smtp server certificate into K800i

First of all we need to copy the certificate to have a .cer extension. The phone uses this as the clue that the file is a certificate and will ask if it is to be installed.

Self signed cert for ougoing SMTP

# cd /etc/postfix
# cp cacert.pem smtp.cer
# more smtp.pem   
-----BEGIN CERTIFICATE-----
MIIDvzCCAyigAwIBAgIJAK6WD/vgjFZcMA0GCSqGSIb3DQEBBAUAMIGcMQswCQYD
VQQGEwJJRDEUMBIGA1UECBMLREtJIEpha2FydGExEDAOBgNVBAcTB0pha2FydGEx
---- snip ----
---- snip ----
---- snip ----
jUSsVnNPHYewsKdKRfzoivMqQgI+IIzw5NXiE78lpmAsZOdMfkR4U+dpTr87mCmE
wcBi07++mqLhDvYvcGw4ol1Yp7sX4NgMbTrZ6APpaI8l4Rx4jb2p7UXU0YGx7aPV
idZr
-----END CERTIFICATE-----

admin December 4, 2009k800i, openssl, sonnyericsson, ssl2

fedora xtables

Install xtables-addons on fedora 12

i’m not gonna wasting time, here’s how to do it

Download xtables-addons

# wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/1.20/xtables-addons-1.20.tar.bz2?use_mirror=waix

install kernel-devel kernel-headers iptables-devel gcc

# yum -y install kernel-devel kernel-headers iptables-devel gcc

extract xtables-addons-1.20.tar.bz2

# tar xjf xtables-addons-1.20.tar.bz2

cd to xtables-addons-1.20 directory

# cd xtables-addons-1.20

admin December 3, 2009fedora, xtablesNo Comments

Uncategorized

My Daughter’s Masterpiece

She sketched me, more like patrick, friend of spongebob squarepants, a hen or closer like aliens...bwahahaha [text] AYAH = DADDY [/text]

admin December 1, 2009No Comments