Luks automount encrypted disk on linux

Sometimes it is useful to automatically mount a luks encrypted disk. In this post I’m going to describe to do this safely.

  • My workstation, a Lenovo Thinkpad W510 has a drive bay, where you either store a hdd or a optical drive. I usually have a hdd placed there but sometimes I need the optical drive. So I don’t want to put the disk into /etc/fstab or /etc/crypttab. But I also don’t want to mount it manually evry time.
  • On my homeserver I use a SATA hotswap disk to make backups. I have two of those hdd, swap them weekly and always keep one of them at my workplace. These backup disks are encrypted of course. When changing the disk I always have ssh onto the server, find the disk, decrypt it and mount it. Would be great if I just had to plug it in.
  • Same ideas also apply to external data or backup disks

Continue reading “Luks automount encrypted disk on linux”

DKIM with amavis and postfix

DKIM (DomainKeys Identified Mail) is a mechanism to sign emails cryptographically. It can be used to ensure an email was really sent by the domain it claims to come from. Therefore it is an interesting feature in spam checking.

In this post I’m going to describe how I set up DKIM with amavis to sign all outgoing messages with the key of my domain. This works well in my setup with postfix, dovecot and amavis (amavisd-new), for your own setup you might have to change some things. Continue reading “DKIM with amavis and postfix”

Setting up shared mailboxes in dovecot

[edited 28.06.2013]
Sometimes you need mail adresses and postboxes that need to be accessed by multiple persons. In a company for example there could be a mailbox and if you are planning for example a wedding it can be a good idea to have an accoutn wedding@yourdomain.tld that can be accessed by you and yor (future) wife. It is definitly not the best idea to create a “normal” account and just give the password to all people who might need it. This might leed to confusion (and data loss). In my opnion accounts should always be bound to a person.
The solution for my <bbr title=”Local Delivery Agent”LDA (aka mailserver) dovecot is called “SharedMailboxes”, ie mailboxes that are shared between users and linked to their accounts. It wasn’t that easy to setup but finally I could get it to work in the following way:
Continue reading “Setting up shared mailboxes in dovecot”

Ldap replication with syncrepl and ssl

In this post I’m going to describe how I use ldap replication to sync user accounts from my web server to my home server.
On my home server I’m going to setup a ldap server as well. As the user accounts on the “web server” are already stored in a ldap it seems logical to use ldap replication to keep both servers in sync. The ldap on the “web server” (my rented server running mail server, web server, onwcloud etc.) will be used as master, the home server will be the slave. It seems now to be common to talk about provider and consumer instead of master and slave. By the way I consider these terms to be more apropriate for the situation they describe.
Continue reading “Ldap replication with syncrepl and ssl”