Tag: Linux

Debian SID Opendkim Installation and Configuration Woes

November 19, 2016
LinuxOpendkim
0 Comment

TL;DR Opendkim. Hats off the to folk who do marvelous packing 99.99999% percent of the time.

But sometimes they just get it wrong or at least all documentation regarding the package, does not match up with the behavior the packager intended.
That said, hopefully i will help solve some of these issues here.

I assume you have postfix already working and you are just looking to add dkim support.

Install opendkim

apt-get install opendkim opendkim-tools

Configure systemd service file

cat > /lib/systemd/system/opendkim.service <<EOT
[Unit]
Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target nss-lookup.target 

[Service]
EnvironmentFile=/etc/default/opendkim
Type=forking
PIDFile=/var/run/opendkim/opendkim.pid
User=opendkim
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p $SOCKET
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target
EOT

The specific changes here are lines #9 EnvironmentFile #13 -p $SOCKET

Defaults File

cat > /etc/default/opendkim <<EOT
SOCKET="inet:12301@localhost"
EOT

Opendkim Config file

cat > /etc/opendkim <<EOT
Mode                sv
Syslog              yes
SyslogSuccess       yes
LogWhy              yes
#Socket              inet:12301@localhost
Umask               002
SendReports         yes
SoftwareHeader      yes
Canonicalization    relaxed/relaxed
Selector            default
MinimumKeyBits      1024
KeyTable            refile:/etc/dkimkeys/KeyTable
SigningTable        refile:/etc/dkimkeys/SigningTable
ExternalIgnoreList  refile:/etc/dkimkeys/TrustedHosts
OversignHeaders     From
TrustAnchorFile     /usr/share/dns/root.key
EOT

Specific changes here are lines #7 hashed out socket file,  it simply does not work.
The only way to get opendkim to honour this setting is passing it to the command line #13 of the service file.

Modify /etc/postfix/main.cf and add/edit the following lines

smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Create referenced folders for your open dkim keys

mkdir -vp /etc/dkimkeys/keys

TrustedHosts

cat > /etc/dkimkeys/TrustHosts <<EOT
127.0.0.1
::1
localhost
example.com
*.exmaple.com
EOT

SingingTable

cat > /etc/dkimkeys/SigningTable <<EOT
*@exmaple.com default._domainkey.example.com
EOT

KeyTable

cat> /etc/dkimkeys/KeyTable <<EOT
default._domainkey.example.com example.com:default:/etc/dkimkeys/keys/default.private
EOT

Create private/public key for signing

cd /etc/dkimkeys/keys
opendkim-genkey -s default

Your directory should now look like this

Opendkim Treeview of files

Tell systemd to reload the the daemon files and restart

systemctl daemon-reload
systemctl restart opendkim
systemctl restart postfix

DNS

Now go modify your DNS, adding a TXT record ‘default._domainkey‘.
Copy and paste everything between the parenthesis. ( everything here ) into the value field of the TXT record

cat keys/default.txt 
default._dkim   IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIGNA....BIG LONG DIRTY HASH ....ciaxOhS24T4MFwIDAQAB" )  ; ----- DKIM key default for com

Enjoy

Other resources
https://www.google.com/search?q=opendkim+setup

BIND9 with DDNS updates on Debian Sid

November 17, 2016
BindLinux
0 Comment

As part of some work to resolve a kubernetes application deployment.
The particular application i’m working with has hard dependencies on DNS, particularity, A, TXT and SRV records.
For each kubernetes pod that spins up, i need it to register itself into DNS.
Then the other services can discover themselves.

Here is a basic excerpt of enabling DDNs updates on example.com

Install the basics

apt-get install bind bind9utils dnsutils

Forward Lookup Zone

cat > /etc/named/db.example.com.conf <
Reverse Lookup Zone
cat > /etc/named/db.10.1.1.conf <
Named local config (should be included from named.conf)
cat > /etc/named/named.conf.local <
Key file
cat > /etc/named/rndc-key <
Fix any permissions issues and restart the server
chown root:bind /etc/bind/*
chmod g+w /etc/bind
systemctl restart bind9.service

Test the DDNS updates works
(
  echo "server 127.0.0.1"
  echo "zone example.com"

  echo "update delete xyz.example.com A"
  echo "update add xyz.example.com 120 A 192.0.2.1"
  echo "send"
) | /usr/bin/nsupdate -k "/etc/bind/rndc.key"

Nslookup for good measure
nslookup xyz.example.com 127.0.0.1

Debian Sid Intel I217-V Not Working

November 15, 2016
BashCodeLinux
0 Comment

After scouring for ages looking for this fix. I’ve decided to document it.
It comes form a number of sources. Kudos to the individual people.

Problem
Rebooting from windows into Linux renders the NIC unusable. the classic “lights are on but no one is home”
Some people advice disabling PXE etc in the bios. There is a better solution

Identify the NIC

root@dave-pc:/lib/systemd/system# lspci | grep Ether
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-V (rev 04)

Create a systemd oneshot service file

cat <> /lib/systemd/system/intelnicreset.service
[Unit]
Description=Reset Intel Nic on Boot before it comes up
Before=NetworkManager.service
Wants=NetworkManager.service

[Service]
Type=oneshot
ExecStart=/usr/bin/resetintelnic
RemainAfterExit=no

[Install]
WantedBy=multi-user.target
EOT

Reset NIC bash file

cat <> /usr/bin/resetintelnic
#!/bin/bash

#Get the PCI-Address of network card (Caution: This works ONLY with ONE NIC)
PCI=`/usr/bin/lspci | /bin/egrep -i 'network|ethernet' | /usr/bin/cut -d' ' -f1`
PCIPATH=`/usr/bin/find /sys -name *\${PCI} | /bin/egrep -i *pci0000*`
/usr/bin/logger -t "ResetNIC" "Resetting PCI NIC ${PCIPATH}"

#Reset the PCI Device completely (like Power-ON/Off)
echo 1 >${PCIPATH}/reset
EOT

Make it executable

chmod +x /usr/bin/resetintelnic

Fancy Screen .screenrc config

November 14, 2016
Linux
0 Comment

Not quite sure of the original source of this one! But handy config for screen 🙂

untitled

vi ~/.screenrc

# the following two lines give a two-line status, with the current window highlighted
hardstatus alwayslastline
hardstatus string '%{= kG}[%{G}%H%? %1`%?%{g}][%= %{= kw}%-w%{+b yk} %n*%t%?(%u)%? %{-}%+w %=%{g}][%{B}%m/%d %{W}%C%A%{g}]'

# huge scrollback buffer
defscrollback 5000

# no welcome message
startup_message off

# 256 colors
attrcolor b ".I"
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
defbce on

# mouse tracking allows to switch region focus by clicking
mousetrack on

# default windows
screen -t Shell1  1 bash
screen -t Shell2  2 bash
screen -t Python  3 python
screen -t Media   4 bash
select 0
bind c screen 1 # window numbering starts at 1 not 0
bind 0 select 10

# get rid of silly xoff stuff
bind s split

# layouts
layout autosave on
layout new one
select 1
layout new two
select 1
split
resize -v +8
focus down
select 4
focus up
layout new three
select 1
split
resize -v +7
focus down
select 3
split -v
resize -h +10
focus right
select 4
focus up

layout attach one
layout select one

# navigating regions with Ctrl-arrows
bindkey "^[[1;5D" focus left
bindkey "^[[1;5C" focus right
bindkey "^[[1;5A" focus up
bindkey "^[[1;5B" focus down

# switch windows with F3 (prev) and F4 (next)
bindkey "^[OR" prev
bindkey "^[OS" next

# switch layouts with Ctrl+F3 (prev layout) and Ctrl+F4 (next)
bindkey "^[O1;5R" layout prev
bindkey "^[O1;5S" layout next

# F2 puts Screen into resize mode. Resize regions using hjkl keys.
bindkey "^[OQ" eval "command -c rsz" # enter resize mode

# use hjkl keys to resize regions
bind -c rsz h eval "resize -h -5" "command -c rsz"
bind -c rsz j eval "resize -v -5" "command -c rsz"
bind -c rsz k eval "resize -v +5" "command -c rsz"
bind -c rsz l eval "resize -h +5" "command -c rsz"

# quickly switch between regions using tab and arrows
bind -c rsz \t    eval "focus"       "command -c rsz" # Tab
bind -c rsz -k kl eval "focus left"  "command -c rsz" # Left
bind -c rsz -k kr eval "focus right" "command -c rsz" # Right
bind -c rsz -k ku eval "focus up"    "command -c rsz" # Up
bind -c rsz -k kd eval "focus down"  "command -c rsz" # Down

Linux Bash One Liners

April 19, 2016
BashLinux
0 Comment

I’m going to keep adding a number of one liners here. Mainly for my own personal usage.

Find duplicate filenames with different extensions

find . -type f -print | rev | cut -f 2- -d '.' | rev | sort | uniq -d

Mail War

Randomly spams someones with number of domains and random user.
This particular guy mark.silberman78@gmail.com thought i needed some extra mail.  I sent some back 😉

export de1=fio.ie
export de2=feeditout.com
export de3=feeditout.com

while true; 
  do export rand=$((1 + RANDOM % 3)); 
  export var=de$rand; 
  echo "fuck off with your spam" | mailx -r `tr -dc A-Za-z0-9 </dev/urandom | head -c 10`@$(eval echo \$$var) -s "fuck you, stop spamming my email address" mark.silberman78@gmail.com; 
  sleep 1; 
done