Sometimes it is useful to automatically mount a luks encrypted disk. In this post I’m going to describe to do this safely.
- My workstation, a Lenovo Thinkpad W510 has a drive bay, where you either store a hdd or a optical drive. I usually have a hdd placed there but sometimes I need the optical drive. So I don’t want to put the disk into
/etc/crypttab. But I also don’t want to mount it manually evry time.
- On my homeserver I use a SATA hotswap disk to make backups. I have two of those hdd, swap them weekly and always keep one of them at my workplace. These backup disks are encrypted of course. When changing the disk I always have ssh onto the server, find the disk, decrypt it and mount it. Would be great if I just had to plug it in.
- Same ideas also apply to external data or backup disks
Continue reading “Luks automount encrypted disk on linux”
DKIM (DomainKeys Identified Mail) is a mechanism to sign emails cryptographically. It can be used to ensure an email was really sent by the domain it claims to come from. Therefore it is an interesting feature in spam checking.
In this post I’m going to describe how I set up DKIM with amavis to sign all outgoing messages with the key of my domain. This works well in my setup with postfix, dovecot and amavis (amavisd-new), for your own setup you might have to change some things. Continue reading “DKIM with amavis and postfix”
The samba server is THE fileserver solution for linux. It can server linux clients as well as windows or mac clients and provides host, user or group based access control. In this post I’ll describe how I setup up a samba server using accounts stored in my ldap replica.
Note that this howto is referring to debian wheezy.
Continue reading “Creating samba shares”
Sometimes you need mail adresses and postboxes that need to be accessed by multiple persons. In a company for example there could be a mailbox firstname.lastname@example.org and if you are planning for example a wedding it can be a good idea to have an accoutn email@example.com that can be accessed by you and yor (future) wife. It is definitly not the best idea to create a “normal” account and just give the password to all people who might need it. This might leed to confusion (and data loss). In my opnion accounts should always be bound to a person.
The solution for my <bbr title=”Local Delivery Agent”LDA (aka mailserver) dovecot is called “SharedMailboxes”, ie mailboxes that are shared between users and linked to their accounts. It wasn’t that easy to setup but finally I could get it to work in the following way:
Continue reading “Setting up shared mailboxes in dovecot”
After having set up a ldap replica on my home server it seems to be a good idea to use this ldap to manage the user accounts. Or to enable the existing accounts in the ldap to log in the server.
In this post I’m going to describe my setup of ldap user login.
Continue reading “Ldap user login”
In this post I’m going to describe how I use ldap replication to sync user accounts from my web server to my home server.
On my home server I’m going to setup a ldap server as well. As the user accounts on the “web server” are already stored in a ldap it seems logical to use ldap replication to keep both servers in sync. The ldap on the “web server” (my rented server running mail server, web server, onwcloud etc.) will be used as master, the home server will be the slave. It seems now to be common to talk about provider and consumer instead of master and slave. By the way I consider these terms to be more apropriate for the situation they describe.
Continue reading “Ldap replication with syncrepl and ssl”
In the future I want to use user accounts stored in the LDAP on this server from “outside” also. So it’s time to secure outbound connection with SSL before opening the port. Unfortuantly this is a bit tricky. After some trying and googling I got it to work like this:
Continue reading “Encrypt ldap connections with ssl”
My webmail client roundcube can easily be extended by a bunch of plugins. I’ve installed some particularly useful ones to make my webmail client a rich webmail interface. Unfortunatly there is no plugin repository for roundcube. But there is a nice list of existing plugins here.
Continue reading “More features for roundcube webmail”
More security for the server – at least a little bit. A short description how to setup linux to allow root login with ssh key only and why this can be a quite secure solution.
Continue reading “Root login with ssh key only”
memberof overlay is great to query if a certain user in an ldap is member of a certain group. However this ldap-module has to be enabled and configured to work with
groupOfNames which I’m using instead of
posixGroup. Using the dynamic configuration in
cn=config this is not self-explanatory. Continue reading “Enabling the memberof overlay for openldap”