Welcome 
to Orb Designs

Home

Graffiti

About

Sitemap

Visual

DevWork


Email Brian Bilbrey

Email Brian

GPG Key

GRAFFITI -- May 17, 2004 thru May 23, 2004

>> Link to the Current Week <<

Last Week << Mon   Tues   Wed   Thu   Fri   Sat   Sun >> Next Week


Search this site :

Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable.     About eMail - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message.

Ron Paul in 2008

Creative Commons License

Read LinuxGazette, get a clue.

MONDAY    Tues    Wed    Thu    Fri    Sat    Sun   
May 17, 2004


Warning: Undefined variable $myhostname in /usr/local/www/apache24/data/legacy.orbdesigns.com/bpages/2004/z20040517.php on line 98

Warning: Undefined variable $mail_name in /usr/local/www/apache24/data/legacy.orbdesigns.com/bpages/2004/z20040517.php on line 98

Warning: Undefined variable $EXTENSION in /usr/local/www/apache24/data/legacy.orbdesigns.com/bpages/2004/z20040517.php on line 111

Warning: Undefined variable $EXTENSION in /usr/local/www/apache24/data/legacy.orbdesigns.com/bpages/2004/z20040517.php on line 165

0659 - Good morning. I failed miserably at having a lazy day, yesterday...

Tomatoes rampant Corn starting up The squash again...

I re-tilled the rows that were not occupied yet. Then Marcia and I covered the rows with blocking fabric. We added a layer of burlap over the tomatoes row to keep the soil temps down a little bit. It was a lot of work, but will make maintenance much easier going forward. Above you can see the tomatoes are doing quite well. There's a currently pathetic patch of beans and peas at the foot of that row - we'll see what comes of them one day soon. Also above, the seedling corn coming up in the distance, and another shot of the squash. After all that, I reseeded for peppers (jalapeño and green), as well as cucumber and more corn. But that was 6 hours of yardwork again, and a sunburnt forehead to boot, as I forgot to hat up. So to relax, I came in and did some work on the mailbox article series... don't be disappointed, but I ran into a wall and just sort of stopped. There's more to come, though, I'm tenacious.

But first, go back to Sunday. I posted a fairly good explanation of routers and firewalls, from a different perspective than Scott and Mark's. Bob liked it and wrote to say so. I'm always pleased when I manage to get past Bob's technical mumbo-jumbo filters. After all, he's written more than one book on the topic. Mark also wrote to note that people can/should look at GNAT Box firewalls (http://www.gta.com/), he has, and says they're faster than blazes (or wirespeed, or something). I know nothing about them yet, YMMV.

Now on to the Mailbox ...

Building a Mailbox using Postfix with AV and UCE controls, Part Three.

Last time we were here, I got as far as installing the Postfix documentation, then asking you to read it.

Did you? At least one person emailed to say, "Yes, now get on with it."

Okay, let's have some fun. We'll test some initial configuration settings, and send email through the server to some outside host.

Is Postfix listening right now?

mailbox:~# !netstat
netstat -an | grep tcp | grep -i listen
tcp        0      0 0.0.0.0:22          0.0.0.0:*       LISTEN     
tcp        0      0 0.0.0.0:25          0.0.0.0:*       LISTEN  

That's validation enough for me. Here's another way to tell. From either the box itself (or preferably some outside source, as here), telnet to the mailserver port (that's 25, corresponding to the second line in the listing above. You may recall that 22 is SSH):

bash-2.05b$ telnet 192.168.1.53 25
Trying 192.168.1.53...
Connected to 192.168.1.53.
Escape character is '^]'.
220 mailbox.orbdesigns.com ESMTP Postfix (Debian/GNU)
helo goldfinger.orbdesigns.com
250 mailbox.orbdesigns.com
quit
221 Bye
Connection closed by foreign host.

That worked nicely. I didn't do more with this connection, it's time to look at the configuration and see what's what. Here's the contents of /etc/postfix/main.cf. There's also master.cf, but we'll return to that later...

# see /usr/share/postfix/main.cf.dist for a commented, fuller
# version of this file.

# Do not change these directory settings - they are critical to Postfix
# operation.
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
setgid_group = postdrop

# appending .domain is the MUA's job.
append_dot_mydomain = yes

smtpd_banner =  ESMTP  (Debian/GNU)
biff = no

# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h

myhostname = mailbox.orbdesigns.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mailbox.orbdesigns.com, localhost.orbdesigns.com,
localhost
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a ""
mailbox_size_limit = 0
recipient_delimiter = +

That's a nice short config. I should be able to send mail to my user account on that box. Here's a sample run:

bash-2.05b$ telnet 192.168.1.53 25
Trying 192.168.1.53...
Connected to 192.168.1.53.
Escape character is '^]'.
220 mailbox.orbdesigns.com ESMTP Postfix (Debian/GNU)
helo goldfinger.orbdesigns.com
250 mailbox.orbdesigns.com
mail from: [email protected]
250 Ok
rcpt to: [email protected]
250 Ok
data
354 End data with .
Subject: A test message.

Hi, Brian. This is Brian. Did this test work?

.b

.
250 Ok: queued as B1B54345B
quit
221 Bye
Connection closed by foreign host.

Things to observe. There's a distinct order to the commands when talking to any MTA, and Postfix is no different. First a HELO to get the attention of the MTA. Then a MAIL FROM: followed by a RCPT TO: then DATA. Following the DATA line, you can put as much text as you want, then close with a '.' on a blank line (as directed, neh?).

Now, what happened to that email over on mailbox:

mailbox:/etc/postfix# tail /var/log/mail.info

May 16 19:00:19 mailbox postfix/smtpd[550]: B1B54345B:
client=unknown[192.168.1.11]

May 16 19:02:09 mailbox postfix/cleanup[559]: B1B54345B:
message-id=<[email protected]>

May 16 19:02:09 mailbox postfix/qmgr[557]: B1B54345B:
from=, size=455, nrcpt=1 (queue active)

May 16 19:02:10 mailbox postfix/local[562]: B1B54345B:
to=, relay=local, delay=111, status=sent
("|procmail -a """)

May 16 19:02:13 mailbox postfix/smtpd[550]: disconnect from
unknown[192.168.1.11]

I inserted some linefeeds into that tail output, so that each log line shows properly. In the file itself, those are one long line each. Now, was the message delivered to the local mailbox for the "bilbrey" user? I'll log in with another ssh session and check that using the mail command.

bilbrey@mailbox:~$ mail
Mail version 8.1.2 01/15/2001.  Type ? for help.
"/var/mail/bilbrey": 1 message
>   1 bilbrey@speakeasy  Sun May 16 19:02   20/662   A test message.
& t 1
Message 1:
From [email protected]  Sun May 16 19:02:09 2004
X-Original-To: [email protected]
Subject: A test message.
Date: Sun, 16 May 2004 19:00:19 -0400 (EDT)
From: [email protected]
To: undisclosed-recipients:;
Content-Length: 49
Lines: 3

Hi, Brian. This is Brian. Did this test work?

b

& d 1
& q

That all looks good, so I deleted the message and quit. Local delivery is good, from an outside source. Now, how to send messages from this machine to an address in the real world is the next task.

There are a couple of factors to consider here. Is the connection to the Internet on a Dynamic DSL or Cable address? If so, it's likely that most connections to outside servers will be rejected because of that address. If it's a business class static IP address (thus unlikely to be listed as a questionable source under normal circumstances), then you'll want to list that IP address as an MX under your DNS record. Here's an example of how to tell if you've got your MX setup right:

bilbrey@mailbox:~$ host -t mx orbdesigns.com
orbdesigns.com mail is handled by 10 zidane.mazin.net

In this case, zidane is indeed the machine that handles email officially for the orbdesigns.com domain. Now, I could configure mailbox to handle mail destined for Orb in place of zidane, but I'm on one of those cable modems. My own servers would reject my mail when I am done securing the box. That won't do.

So here's the drill - configurations are less complex if you're a real MX with a real IP that's accepted around the 'net. So I'll configure for the complex setup - for a machine that's on a dynamic IP and note (to the best of my meagre skills) where that diverges from a public MX box.

To send email through Mailbox, I'm going to have to relay my mail through a publicly acceptable mail server. I'll use Zidane, of course. You'll probably use your ISP's mail servers as a smarthost for the same purpose.

Now I'll add the following lines to main.cf (shown above):

relayhost = zidane.mazin.net
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=

And I'll create that sasl_passwd file, putting the following fictional data in it. (Well, duh, why in Dog's name would I put my real username and password into a file I publish on the Internet?)

mailbox:/etc/postfix# cat > sasl_passwd
zidane.mazin.net har0ld:P0tt!he4d
 [note - terminate input with a ^D == Control + D]
 
mailbox:/etc/postfix# chown root:root /etc/postfix/sasl_passwd \   
> && chmod 600 /etc/postfix/sasl_passwd

mailbox:/etc/postfix# postmap hash:/etc/postfix/sasl_passwd

Now that all the config stuff is in place, I'll monitor the error log in one terminal while refreshing Postfix's configuration in another:

mailbox:/etc/postfix# tail -f /var/log/mail.err

... and ...

mailbox:~# postfix reload
postfix/postfix-script: refreshing the Postfix mail system

No problems visible yet. Did anything show up unusual in the mail.info file?

mailbox:/etc/postfix# tail /var/log/mail.info
 . . .
May 16 19:29:56 mailbox postfix/postfix-script: refreshing the Postfix
mail system

May 16 19:29:56 mailbox postfix/master[500]: reload configuration

That looks good. Now let's try to send a message to me on my Speakeasy account. Again, I'll monitor the mail.info logfile while I do the work:

mailbox:~# mail [email protected]
Subject: test message
Hello, brian. Did this work? [^D terminates input again.]
Cc: 

That's that from this side. What happened in the logfile?

May 16 19:34:01 mailbox postfix/pickup[624]: EE21F346D: uid=0 from=

May 16 19:34:01 mailbox postfix/cleanup[633]: EE21F346D:
message-id=<[email protected]>

May 16 19:34:02 mailbox postfix/qmgr[625]: EE21F346D:
from=, size=340, nrcpt=1 (queue active)

May 16 19:34:02 mailbox postfix/smtp[635]: warning: smtp_sasl_auth_enable
is true, but SASL support is not compiled in

May 16 19:34:03 mailbox postfix/smtp[635]: EE21F346D:
to=, relay=zidane.mazin.net[207.44.178.102],
delay=2, status=bounced (host zidane.mazin.net[207.44.178.102] said: 554
: Relay access denied (in reply to RCPT TO
command))

May 16 19:34:04 mailbox postfix/cleanup[633]: 6C5D33476:
message-id=<[email protected]>

May 16 19:34:04 mailbox postfix/qmgr[625]: 6C5D33476: from=<>, size=2151,
nrcpt=1 (queue active)

May 16 19:34:04 mailbox postfix/smtp[635]: 6C5D33476:
to=, relay=zidane.mazin.net[207.44.178.102], delay=0,
status=sent (250 Ok: queued as D9E2C45C070)

Wow. Okay, so that didn't go so well. At least I "own" both ends of the conversation. Note that the message to [email protected] on Zidane got through. But then, that isn't a relay, is it?

mailbox:/etc/postfix# apt-cache search postfix
 . . .
postfix-tls - TLS and SASL support for Postfix
 . . .

mailbox:/etc/postfix# dpkg -l postfix-tls
 . . .
un  postfix-tls

Ah, that's because I haven't installed the postfix-tls package yet. One moment please:

mailbox:~# apt-get install postfix-tls
 . . .
Starting mail transport agent: Postfix.

Now let's try that message again...

Okay, it's failed again. There are more complexities here than I remember. I could just cheat and go with the config for a real Internet mail host... Let me think about that.

More when I know more!

Have fun experimenting.

Top  /  Email Brian


Mon    TUESDAY    Wed    Thu    Fri    Sat    Sun   
May 18, 2004

Storm warning...0621 - Good morning. Last night, I straggled in the door a few minutes before 6. I put out the trash for the next morning, fed the dog and went upstairs to plow though the mail, pay bills, rip up credit card adverts and the like. Looking out the window, there was sun on the lawn, a few clouds in the sky. Minutes later, the room lit with a bright flash, thunder boomed through the house and the storm was upon us. The local news website gave me a link to the NWS-Sterling warning about this storm, moving at 35 miles per hour, gusts up to 50, rain and nickel size hail.

Wowser! I snapped a few quick shots out the window, only the one above left came out okay. The others focused on the rain drops that quickly accumulated on the window pane, or suffered from reflection problems. But you can see, the trees are really whipping. I finished up the bills, made another phone call to opt out AGAIN from the marketing arm of a financial house we deal with. I won't say which Wachovia it was ... oops, grin ... but I really shouldn't have to opt out each time they feel like sending out a revised privacy notice. I just know the bastards would reenter me into their lists if I didn't reply to the mailing. When I finally got to a customer disservice rep, she actually couldn't help me, as my account is with a different department than the bank proper, and those folks have gone home. So I went and filled out the online form, and opted out of everything. Oh, and that idea that I should give them a list of email addresses (up to 4) to which I do not want email adverts sent is really over the top. Then, when the form is finally submitted, they have the gall to say that they'll require 90 days to ensure that their records match my preferences. It sure didn't take 90 days for them to start billing me to pay for the car, matching their preferences. Bastards.

By the time all that was done, all the paperwork filed away in the proper folders, a stack of envelopes awaiting transit and stamps sitting on my bag for tomorrow, another storm front rolled in from the west-southwest, across the district and into our backyard. More lightning, less vigorous and slower moving, this one was.


Can we save a shell full of Sarin gas for the Alexis de Tocqueville Institution (AdTI). I'm sure that even after it was released into the building, that the expert researchers and top drawer minds would find a way to weasel-word things so that it couldn't possibly be a weapon of mass destruction. This is just a little dream I have... A conspiracy theorist might start to think that the Canopy Group had kicked into the AdTI kitty, joining Microsoft at the paid-for studies trough. If you don't know what I'm talking about, then you missed the news that AdTI is claiming that Linus isn't the father of Linux, but instead implies that he's just a collector and organizer of stolen IP. There's a good article about it all on Groklaw. Ever the self-deprecating soul, Linus admits that he was just the front man for Santa Claus and the Tooth Fairy.

Top  /  Email Brian


Mon    Tues    WEDNESDAY    Thu    Fri    Sat    Sun   
May 19, 2004

0726 - Good morning. No time this morning, I've got to go visit the client I missed yesterday morning since I was confused about what day it was. Sigh. Last night I de-clogged a drain, got four loads of laundry done ... and that's about it. Lucy and I are really looking forward to Marcia getting home. Now you go have a good day and I'll try to do the same.

Top  /  Email Brian


Mon    Tues    Wed    THURSDAY    Fri    Sat    Sun   
May 20, 2004

0617 - Good morning. Yay! Marcia's home. Lucy danced. I danced. Lucy danced some more while I took advantage of a break in the weather to mow the front lawn. Additionally, it was a quietly frantic day, with stops at three customer sites. Today, more of the same. So I need to be gone already. I have some more snaps to share, but no time to get them posted now. Maybe later... Have a great day!

Top  /  Email Brian


Mon    Tues    Wed    Thu    FRIDAY    Sat    Sun   
May 21, 2004

The first blooming bulbs0714 - Good morning. Happy Friday. I'm doing a little dance for just that reason, someplace inside my head. It seems to have been a longer week than normal, probably because of the prior weekend's exertions. Today is going to be a short day, with just a couple of tasks to be accomplished before I call it, and come home to do some other chores... grin. Yeah, I know. But I still like the feeling of home ownership, even though the bank holds most of it. And the backyard is getting brighter still. The first of the bulbs from Marcia's birthday present from Pat are blooming. Summer Daffodils, I think.

A plant with flowersThe flower on the plantI don't recognize this plant. It sprung up from nothing, out of the middle of a bunch of Hastas, we didn't plant it. Does anyone recognize it - the flowers are a lovely pink. I also pruned out a nearly dead rose that's adjacent to this bed, and we'll see if I can bring it back over the next few months. I need to spray and feed it, yet.

Lucy guarding the back yard

One of Lucy's favorite activities, when she's not barking at people in her extended backyard (that stretch of the planet she can see, smell or hear, to the horizon or possibly beyond), is to sit and guard the backyard. She doesn't just stare fixedly at a blank point in space a few feet away, the way Sally used to. But Sally was pretty blind. Lucy slowly scans the yard, keeping an eye out for miscreants like birds, cats and the like. Either there at the edge of the concrete pad, or at the top of the deck steps, she's perfectly happy in her domain. That's a good thing.

Now, in order to finish my day, I'll have to start it. Again, happy Friday, and enjoy your weekend!

Top  /  Email Brian


Mon    Tues    Wed    Thu    Fri    SATURDAY    Sun   
May 22, 2004

0837 - Good morning. Sometimes I feel like such a moron.l Last night, I started up the Mailbox Debian install, to start mucking around with the Postfix smtpd authentication stuff that had me stumped last week. I did some direct testing against Zidane using the mimencoded data and was getting the same authentication errors that Postfix was throwing on Mailbox. Hmmm. Okay. Since my email client works fine, I decided it was time to look at packets and see what was different... About halfway through building Ethereal (a really nice packet capture and inspection tool - you should try it), I realized what my problem was. I'd put the email sending account name and password into a file ... um, wait. Which account name? The one I used on Rocket, or the one I use now on Zidane? Sigh. I changed the data in /etc/postfix/sasl_password, then ran postmap sasl_password to build the .db version of the file that Postfix uses. Finally I reloaded the configuration: postfix reload. Boom, everything started working, and once I issued a postfix flush, the deferred messages from last week's testing went, too. Happiness, joy and light. Now I'm unstuck and can make progress again. Stay tuned...

Yesterday, I was done with work by noon. So I came home and did chores that were even more work than work itself. I cleaned the master shower stall, de-caulked and recaulked it, and did a fair bit of dandelion patrolling in the front and back yards. Today I'm going to pick up some sand to fill in the problem areas at the base of the farm, then mow the back yard. Then it's back inside for more cleaning and such. Marcia's taken Lucy to Petsco for a grooming, and gone on to other errands. I'd best be rolling myself. Have a great day!

Top  /  Email Brian


Mon    Tues    Wed    Thu    Fri    Sat    SUNDAY  
May 23, 2004

0930 - Good morning. I slept nearly 11 hours last night and I have nothing intelligible to contribute at this time, so I'll just pass. Have a great day!

Top  /  Email Brian


Last Week << Mon   Tues   Wed   Thu   Fri   Sat   Sun >> Next Week


Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.

All Content Copyright © 1999-2011 Brian P. Bilbrey.

Creative Commons License
Except where otherwise noted, this site is licensed under the
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.