Posts tagged with “mail”

Notes

Written by Simone

I'll update this post whenever I see fits, A.K.A. when I have other bits of information which don't require a whole post.

Operations on files and directories

Move files to the current/parent directory in Linux

Current dir

find . -type f -exec mv {} . \;

Parent dir

find . -type f -exec mv {} .. \;

Recursive chmod on files and dirs

To change all the directories to 755 (-rwxr-xr-x):

find /var/www/blog -type d -exec chmod 755 {} \;

To change all the files to 644 (-rw-r--r--):

find /var/www/blog -type f -exec chmod 644 {} \;

Certbot

Certbot cli

/etc/letsencrypt/cli.ini

When renewing, use the same private key as the existing certificate. (default: False):

reuse-key = True

Common commands

Register single domain:

certbot certonly --standalone -d domain.tld --dry-run
  • Remove “–dry-run” when ok.

Renew single domain:

certbot renew --cert-name domain.tld --dry-run
  • Remove “–dry-run” when ok.

Delete single domain:

certbot delete --cert-name domain.tld
  • Cannot use "--dry-run" in this case.

Revoke certificate:

certbot revoke --cert-path /etc/letsencrypt/archive/${YOUR_DOMAIN}/cert1.pem

Check certificate's expiry date:

cat /etc/letsencrypt/live/domain.tld/cert.pem | openssl x509 -noout -enddate

GIT

To reset your git repository to given commit id, do:

git reset --hard <commit-id>
git push origin master --force

Ignoring files that are already tracked

git update-index --assume-unchanged <your file here>

Delta Chat Mail sieve

require ["fileinto"];
# rule:[DeltaChat]
if header :contains "Chat-Version" "1.0"
{
	fileinto "DeltaChat";
	stop;
}

Postfix mail queue

To view postfix mail queue in case of problems and remove a particular message from it, do as follows:

# mailq

-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
6DCF32201B*    4824 Thu Oct 19 22:54:44  roughnecks@woodpeckersnest.eu
                                         debian@spacenet.it

-- 4 Kbytes in 1 Request.

# postsuper -d 6DCF32201B

postsuper: 6DCF32201B: removed
postsuper: Deleted: 1 message

To delete all emails in the queue, use this command:

# postsuper -d ALL

Check Preferred Outgoing IP (when multiple are set on <interface>)

curl ifconfig.me

The correct command to add a new Linux user (in this case without a shell)

adduser --shell /usr/sbin/nologin <username>

I always forget which command is the complete one, useradd or adduser

Packages management with apt and aptitude

Finding currently installed "external" packages (not from stable repo)

# aptitude search "?narrow(?installed,?not(?archive(stable)))"

i   containerd.io              - An open and reliable container runtime
i   docker-buildx-plugin       - Docker Buildx cli plugin.
i   docker-ce                  - Docker: the open-source application container engine
i   docker-ce-cli              - Docker CLI: the open-source application container engine
i A docker-ce-rootless-extras  - Rootless support for Docker.
i   docker-compose-plugin      - Docker Compose (V2) plugin for the Docker CLI.

In the above example, "i" means installed and "A" means it was automatically installed, such as a dependency. I'm running upstream docker.

This is another package that I have installed from sid and set on "hold":

# apt-cache policy toot

toot:
  Installed: 0.45.0-1
  Candidate: 0.45.0-1
  Version table:
 *** 0.45.0-1 100
        100 /var/lib/dpkg/status
     0.34.1-1 500
        500 http://deb.debian.org/debian bookworm/main amd64 Packages
        500 http://deb.debian.org/debian bookworm/main i386 Packages

bookworm version of toot is rather old, as you can see.

re: CardDAV Plugin for Roundcube Installed

Written by Simone

Continuing from the previous article..

Today while trying to install yet another plugin (Calendar this time), I had a lil incident and destroyed everything 😃

Some hours later I restored a backup and we're up again. BUT! In the process I discovered some SQL errors which I believe were there since a lot ago, always gone unseen.

To make a long story short, I had to disable the standard "Personal Address Book" for everyone, because it was impossible to save any contact in there anyway.. And we are now relying on CardDAV, which is way better.

At one point I had the Calendar plugin working too, alongside CardDAV, but I had (wrongfully) installed it as a local one, so no sync to the cloud with CalDAV; it was later that I tried the CalDAV way by changing the config and shit got me.

Now I asked the people of libera.chat about the plugin, to see if it really supports any CalDAV implementation or not - and then I'll try again :) Feel free to check it out and leave a comment if you know better than me..

https://git.kolab.org/diffusion/RPK/browse/master/plugins/calendar/

and here's the configuration: https://git.kolab.org/diffusion/RPK/browse/master/plugins/calendar/config.inc.php.dist$28

I believe I'm done for today tho.. Looked like a full day's job. Ooh, yes.. Was already forgetting. I also updated the services blob in my website with all the new stuff.

CardDAV Plugin for Roundcube Installed

Written by Simone

Hello o/

Just completed a new software installment for the "woodpeckers" webmail, powered by roundcube. It's a plugin to manage CardDAV address books, so you can import them in your web contacts; I've tested it with "Radicale Cal/CardDAV" server and the import to roundcube was fast and easy peasy; hopefully it'll be the same for every other compatible server 😎

https://webmail.woodpeckersnest.space/

Yeah, that was all for your local news! Until next.

chatmail recap Giugno 2024

Written by Simone

Statistiche

$ uptime
 03:54:18 up 34 days,  8:19,  4 users,  load average: 0.00, 0.00, 0.00

$ free -m
               total        used        free      shared  buff/cache   available
Mem:             877         503         159           8         377         374
Swap:            499          87         412

$ df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            428M     0  428M   0% /dev
tmpfs            88M  8.4M   80M  10% /run
/dev/vda1       9.7G  2.8G  6.6G  30% /
tmpfs           439M     0  439M   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
/dev/vda15      124M   12M  113M  10% /boot/efi
tmpfs            88M     0   88M   0% /run/user/1000

$ ip -s link
2: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    RX:   bytes  packets errors dropped  missed   mcast
     1444308867 14871375      0   32828       0       0
    TX:   bytes  packets errors dropped carrier collsns
    18414348377 21921709      0       0       0       0

$ curl https://chatmail.woodpeckersnest.space/metrics
accounts 83 1719367201634

Sharing big files with Thunderbird filelink on self-hosted webdav

Written by Simone

Thunderbird filelink with self-hosted webdav

Me and friends on xmpp:lozibaldone@conference.xmpp-it.net?join had a discussion about big attachments in Thunderbird and one person ("idice"), which I thank, suggested to use (long forgotten by me) Thunderbird's "filelink" functionality.

filelink lets you upload your big attachments to the cloud and send a link to download them, to your email contact. For it to work, you have to download an extension for Thunderbird and choose a cloud instance.

There are a few in the community, ranging from Dropbox, to Nectcloud and webdav. I chose webdav, because I already have a docker container with a running instance.

The tricky part in setting the extension up and working with my server was to have a private and a public URLs: you have credentials for webdav, so the private one is easily accomplished, while I had never thought about having a public site to share stuff without authentication; and in the end it was really straightforward.

What I did was basically: mount a volume in docker where I want to publish stuff to be shared. So at first when uploading I'm asked for credentials and everything just works.. files go to the volume.

Then, to have people access those files, I simlinked (ln -s) the docker volume dir to a path under my main site's virtualhost in nginx. Like:

My site is in /var/www/html/, so I changed dir to that location and:

ln -s /path/to/public-docker-volume/ public

Now I have a /public/ dir in my website with all the files that I publish in webdav and since index is off in nginx, you can't just browse it - you have to know the exact file name to access it.

And that's it.

Now for the Thunderbird setup, I'll show a few shots. For starters, this is the extension I used: https://addons.thunderbird.net/it/thunderbird/addon/filelink-provider-for-webdav/

This is the "attachments" settings in Thunderbird, the only place where you configure the extension:

As you can see it asks for a private and a public URLs, as explained before.

When you compose a new message, go to the attachments menu as always and you'll find a new item, called Filelink - WebDAV:

Click it and select your attachment from disk. It will ask for a username and password (those you set up for webdav in docker) and will begin uploading the file.

Then you'll see the message being populated like this:

It says:

I have linked 1 file to this email:

  • mibunny.png

    Size: 408 KB

    Link: the link

If you keep uploading files, the number in the first row will be automatically incremented and there will be another file section with new info about it.

And.. we're done!? 😀

If you got any question, leave a comment down below.

Grand Opening: Istanza Italiana Chatmail per DeltaChat

Written by Simone

Istanza Italiana Chatmail per DeltaChat

Annunciazione, annunciazione! [cit. per i diversamente giovani]

Da qualche giorno è nata l'istanza Italiana Chatmail per DeltaChat.. Arabo?

Delta Chat è un’app di messaggistica che funziona tramite e-mail

Chatmail è un server di posta "particolare", progettato per l'utilizzo con DeltaChat

Il nostro amico Federico, in arte Fede 😀 ha deciso di sponsorizzare il progetto con un VPS dedicato, sul quale Io ho poi provveduto ad installare il servizio Chatmail, la cui componente web può essere visitata al seguente indirizzo: https://chatmail.woodpeckersnest.space/

Tramite l'appena citato sito web potete registrare il vostro account mail anonimo "chatmail" da usare in DeltaChat: è sufficiente scansionare il QR code con l'app di DeltaChat e sarete immediatamente loggati sul server. Tutte le future conversazioni saranno esclusivamente cifrate e2ee.

A questo punto dovrete aggiungere qualche amico o unirvi ad un gruppo di altre persone. Il QR è sempre la via per fare tutto ciò.. Ed a questo proposito lascio qui il link del QR ed il QR stesso, utili per entrare nel gruppo (più o meno) ufficiale dell'istanza, dove troverete me, Fede, Andrea, darhma, ndo, Mario etc..

https://i.delta.chat/#6FE1642916908F1AC9CC7557CC99CF5DDB92043C&a=groupsbot@testrun.org&g=Amici Delta Cchino δ🦃️&x=g9GMUqKwvgB&i=0qBMdsGrq7n&s=_tiLU2IcUrs

Ah, e non dimenticate di leggere anche la pagina sulla privacy Tutto il sito verrà a breve tradotto in Italiano (grazie Andrea).. Soon Done!!

Guida

Si riportano qui i comandi base per installare il proprio server chatmail autogestito. Per tutte le altre specifiche, comandi, suggerimenti e dettagli vari si prega di far riferimento alla guida ufficiale https://github.com/deltachat/chatmail/blob/main/README.md

Installazione del tuo server chatmail

Usiamo chat.esempio.org come dominio chatmail nei passi seguenti. Sostituiscilo col tuo dominio.

  1. Installa il comando cmdeploy in virtualenv:
 git clone https://github.com/deltachat/chatmail
 cd chatmail
 scripts/initenv.sh
  1. Crea il file di configurazione chatmail.ini:

scripts/cmdeploy init chat.esempio.org # <-- usa il tuo dominio

  1. Imposta prima i record DNS per il tuo dominio chatmail, secondo i suggerimenti proposti da cmdeploy init

Verifica che l'accesso SSH come root funzioni:

ssh root@chat.esempio.org # <-- usa il tuo dominio

  1. Installalo sul tuo server remoto:

scripts/cmdeploy run

Questo script inoltre ti mostrerà dei record DNS aggiuntivi che dovresti configurare sul tuo provider (potrebbe passare del tempo perché siamo resi pubblici).

Le porte da aprire sul server sono: 25, 80, 143, 443, 465, 587, 993.

Consigli per l'installazione

Bene, per finire vorrei lasciare qualche consiglio sull'installazione di Chatmail, sperando che qualcun altro decida di creare un'altra istanza in futuro.

La guida nel README del repository Github è già sufficiente, ma un paio di appunti vorrei farli:

  • Innanzi tutto in caso la cosa risultasse poco chiara, per installare Chatmail su un VPS remoto, avremo bisogno di una macchina locale dalla quale fare il "deploy".

Io ho usato una Virtual Machine Debian 12 installata in Windows 10 tramite WSL, e come destinazione per il server Chatmail abbiamo di nuovo scelto una Debian 12.. Debian rocks!

  • Seconda nota: quando comincerete a lanciare i vari script/cmdeploy verso il server remoto vi verrà chiesta una password.. e qui casca l'asino.

La password che il servizio si aspetta è la "passphrase" della chiave SSH dell'utente root sul VPS remoto E NON la password dell'utente root. Va da sè che dovrete aggiungere una chiave SSH prima di cominciare il deploy.

Ultima cosa da sapere, anche se è accennata anche nel README, è che dopo il comando scripts/cmdeploy run verranno stampati a schermo tutti i record DNS, necessari al server di posta, che andranno inseriti nel pannello di controllo del vostro registrar. Niente di nuovo direi, visto che per cominciare l'installazione viene già chiesto di registrare il dominio principale.. Tuttavia preparatevi a configurare record TXT, SRV, CAA, MX.

Vi lascio con un paio di comandi utili a fine installazione:

journalctl -u postfix.service (leggere i log del server di posta)

Sostituite il servizio per leggere ad esempio i log degli accessi SSH

journalctl -u ssh.service

mailq (leggere la coda dei messaggi non ancora recapitati - per qualsiasi motivo)

La configurazione del webserver sta dentro /etc/nginx/nginx.conf La directory dove sono ospitati i file veri e proprio è la classica /var/www/html/

Ultima cosa: verificate che il vostro gestore VPS lasci aperta la porta 25, o se vada richiesto espressamente, come ad esempio succede per IONOS e Digital Oceans.

Si ringraziano tutti i DeltaCchini 😘

FIN!

Thunderbird Autoconfiguration

Written by Simone

Set up Thunderbird autoconfiguration for my lil mail server. Working good.

nginx config:

server {
        listen [::]:443 ssl http2;
        server_name woodpeckersnest.eu;

        ssl_certificate /etc/letsencrypt/live/woodpeckersnest.eu/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/woodpeckersnest.eu/privkey.pem;

        root /var/www/mail/;
        location / {
                try_files /.well-known/autoconfig/mail/config-v1.1.xml =404;
        }

    access_log /var/log/nginx/autoconfig.log;
    error_log /var/log/nginx/autoconfig_error.log;
}

config-v1.1.xml

<?xml version="1.0"?>
<clientConfig version="1.1">
    <emailProvider id="woodpeckersnest.eu">
      <domain>woodpeckersnest.eu</domain>

      <displayName>Woodpeckers Mail</displayName>
      <displayShortName>woodpeckers</displayShortName>

      <!-- type=
           "imap": IMAP
           "pop3": POP3
           -->

      <incomingServer type="imap">
         <hostname>woodpeckersnest.eu</hostname>
         <port>993</port>
           <!-- "plain": no encryption
                "SSL": SSL 3 or TLS 1 on SSL-specific port
                "STARTTLS": on normal plain port and mandatory upgrade to TLS via STARTTLS
                -->
         <socketType>SSL</socketType>
         <username>%EMAILLOCALPART%</username>
            <!-- Authentication methods:
                 "password-cleartext",
                          Send password in the clear
                          (dangerous, if SSL isn't used either).
                          AUTH PLAIN, LOGIN or protocol-native login.
                 "password-encrypted",
                           A secure encrypted password mechanism.
                           Can be CRAM-MD5 or DIGEST-MD5. Not NTLM.
                 "NTLM":
                           Use NTLM (or NTLMv2 or successors),
                           the Windows login mechanism.
                 "GSSAPI":
                           Use Kerberos / GSSAPI,
                           a single-signon mechanism used for big sites.
                 "client-IP-address":
                           The server recognizes this user based on the IP address.
                           No authentication needed, the server will require no username nor password.
                 "TLS-client-cert":
                           On the SSL/TLS layer, the server requests a client certificate and the client sends one (possibly after letting the user select/confirm one), if available. (Not yet supported by Thunderbird)
                 "OAuth2":
                           OAuth2. Works only on specific hardcoded servers, please see below. Should be added only as second alternative.
                 "none":
                           No authentication
                 -->
         <authentication>password-cleartext</authentication>
      </incomingServer>


		   
      <outgoingServer type="smtp">
         <hostname>woodpeckersnest.eu</hostname>
         <port>587</port>
         <socketType>STARTTLS</socketType> <!-- see <incomingServer> -->
         <username>%EMAILLOCALPART%</username> <!-- if smtp-auth -->
            <!-- smtp-auth (RFC 2554, 4954) or other auth mechanism.
                 For values, see incoming.
                 Additional options here:
                 "SMTP-after-POP":
                     authenticate to incoming mail server first
                     before contacting the smtp server.
                  Compatibility note: Thunderbird 3.0 accepts only "plain",
                  "secure", "none", and "smtp-after-pop".
                  It will ignore the whole XML file, if other values are given.
            -->
         <authentication>password-cleartext</authentication>
            <!-- If the server makes some additional requirements beyond
                 <authentication>.
                 "client-IP-address": The server is only reachable or works,
                     if the user is in a certain IP network, e.g.
                     the dialed into the ISP's network (DSL, cable, modem) or
                     connected to a company network.
                     Note: <authentication>client-IP-address</>
                     means that you may use the server without any auth.
                     <authentication>password-cleartext</> *and*
                     <restriction>client-IP-address</> means that you need to
                     be in the correct IP network *and* (should) authenticate.
                     Servers which do that are highly discouraged and
                     should be avoided, see {{bug|556267}}.
                Not yet implemented. Spec (element name?) up to change.
            -->
         <!-- remove the following and leave to client/user? -->
         <addThisServer>true</addThisServer>
         <useGlobalPreferredServer>true</useGlobalPreferredServer>
      </outgoingServer>

    </emailProvider>

    <!-- This allows to access the webmail service of the provider.
         The URLs are loaded into a standard webbrowser for the user.
         Specifying this is optional. -->
    <webMail>
      <!-- Webpage where the user has to log in manually by entering username
           and password himself.
           HTTPS required. -->
      <loginPage url="https://webmail.woodpeckersnest.space/" />

      <!-- Same as loginAutomaticDOM, but the website makes checks that
           the user comes from the login page. So, open the login page
           in the browser, get the page's DOM, fill out name and password
           fields for the user, and trigger the login button.
           The login button might not be an HTML button, just a div, so
           to trigger it, send a click event to it.
           HTTPS is required for the URL. -->
      <loginPageInfo url="https://webmail.woodpeckersnest.space">
        <!-- What to fill into the usernameField.
             Format is the same as for <username> within <incomingServer>,
             including placeholders. See below for valid placeholders. -->
        <username>%EMAILLOCALPART%</username>
      </loginPageInfo>
    </webMail>

    <clientConfigUpdate url="https://woodpeckersnest.eu/.well-known/autoconfig/mail/config-v1.1.xml" />

</clientConfig>

Mailing List for Delta Chat with mlmmj

Written by Simone

These days I am tinkering with a Mailing List for Delta Chat powered by mlmmj

I was able to create the list and set up Postfix correctly - instructions are quite clear even if on a couple settings I had to do some troubleshooting looking at logs.. Now I have this Mailing List called deltachat@woodpeckersnest.eu which you can subscribe to by sending an email to deltachat+subscribe@woodpeckersnest.eu and following further instructions.

Initially Delta Chat would create groups of people with the ML's address inside of it, thus splitting every conversation by users participating in it. This was later fixed by adding the following lines in list-dir/control/customheaders file:

X-Mailinglist: deltachat
Reply-To: deltachat@woodpeckersnest.space
List-ID: DC Mailing List <deltachat.woodpeckersnest.eu>
List-Post: <mailto:deltachat@woodpeckersnest.eu>

Now a proper Super Group is created and everyone¹ is able to message in it.

¹ Well, not actually everyone since a member still has issues but I'm positive that can be fixed by chatting again with the ML's address and removing all weird groups created earlier.

This ^ is how the supergroup looks in my chat window - the avatar is only local, it can't be set for every member but the name is the same for everyone.

Then someone "complained" for the lack of anonymity for users email addresses, like it's done in the "official" Delta Chat's MLs.. So I asked on codeberg but it seems to be a missing feature (I'm still waiting for replies 😬).

This is it for now, will keep you posted when/if I have news.

Thunderbird sieve extension

Written by Simone

Little OT, but not so much 😀

To manage your sieve scripts from Thunderbird 115 there's this nightly build, until developer will code a proper release with fixes.

You can read the issue at https://github.com/thsmi/sieve/issues/893 and I've uploaded the file for convenience here.

My server comes with a default sieve to filter spam messages and another one to move Delta Chat emails:

require ["fileinto"];
# rule:[DeltaChat]
if header :contains "Chat-Version" "1.0"
{
	fileinto "DeltaChat";
	stop;
}
# rule:[SPAM Check]
if header :contains "X-Spam-Flag" "YES"
{
	fileinto "Junk";
	stop;
}

File attachment:

xpi---thunderbird-webextension.zip (897.1 KB)

Special characters in DBs are a no-go

Written by Simone

Remember: don't ever use special characters in your DB's users password!!

I have been troubleshooting a migration from mariadbd to pgsql for several hours, until I tried changing my password, which, weirdly enough, was working to connect roundcube but gave errors with pgloader. Once I successfully migrated using the same password with those special characters, roundcube wouldn't connect with pgsql, so I made another fighting round! Finally changed my pgsql password to some letters and numbers only and BAM!, it worked.

Then I stopped mariadbd and disabled the service; now I have more than 200MB RAM freed¹.

¹ See previous post.