Sidenotes for a mail migration

I’ve decided to migrate my emails to another host. It includes a postfix sandwich config with a spam filter in the middle. By the way, I use dovecot as the virtual transport to let my emails sorted to different folder, including spam to the Junk folder.

So far so good (even though there was hell of a troubleshooting why the spam filter became terribly slow. It’s fixed by now, anyway). Then I tested with some emails, and found that I got a mail loops back for my@email. Wtf?

The culprit was the already existing Delivered-To: header in the emails. So I’ve fixed master.cf like

dovecot unix – n n – – pipe
flags=Rhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} -e

and it started to work propely.

However, I just couldn’t let it go that it was working properly with DRhu flags.

Then I’ve fixed the email, and removed any additional header that was added by either the local postfix or the content filter, and reverted the flags to DRhu, and it worked!

dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} -e

The moral of the story: test with new emails. Or at least remove any locally added headers 🙂

Docker vs. systemd

I’ve decided to setup a few docker hosts. I needed to access them remotely, so I deployed the necessary CA and server keys and certs (see https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl for more). So far, so good.

I knew that docker should have been instructed to use these files, also to listen on 0.0.0.0. So I edited /etc/default/docker (on Ubuntu Bionic), restarted the docker daemon, and nothing happened.

I rushed to the docker site to figure out what da heck, and end up at https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file  telling me that unfortunately it wouldn’t work with systemd, you must use /etc/docker/daemon.json.

I’ve created the file:

{
“hosts”: [“0.0.0.0:2376”],
“tlsverify”: true,
“tlscacert”: “/etc/docker/ca.pem”,
“tlscert”: “/etc/docker/server-cert.pem”,
“tlskey”: “/etc/docker/server-key.pem”
}

 

then restarted docker, and still nothing. The -H fd:// option in /lib/systemd/system/docker.service file caused trouble preventing docker to listen on 0.0.0.0:

ExecStart=/usr/bin/dockerd -H fd://

Fear not, the fix is to remove -H fd:// as follows:

ExecStart=/usr/bin/dockerd

Then run systemctl daemon-reload && systemctl restart docker, and you should be able to connect to docker on the remote host.

Disable udp ports for Jenkins

I’ve noticed that Jenkins has an unpleasant habit to listen on two UDP ports (5353 and 33848) on all interfaces even if it was told to listen on 127.0.0.1:8080.

These ports are for UDP multicast broadcast. You may not need either of them, and you can disable them by adding the following options:

-Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1

eg.

java -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -jar jenkins.war –httpListenAddress=127.0.0.1 –httpPort=8080 –daemon –logfile=/home/jenkins/jenkins.log

See the Jenkins docs for more https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties

Secure your pendrive

Pendrives often contain customer, personal or other sensitive data. Now that GDPR is on us, it’s high time to protect those pendrives. The following example assumes that your pendrive is /dev/sdb, and you have a Linux partition on it (/dev/sdb1).

Format the device:
cryptsetup luksFormat /dev/sdb1

Open it:
cryptsetup luksOpen /dev/sdb1 pendrive

Create a filesystem:
mkfs.ext4 /dev/mapper/pendrive

Create a directory where we can mount it:
mkdir /mnt/pendrive

And finally mount the pendrive:
mount /dev/mapper/pendrive /mnt/pendrive

Chicken invaders 64-bites Linuxon

Még 1012 körül megvettem a Chicken Invaders (CI) the Ultimate Omlette editon-t valami 10 EUR körüli összegért. Pár évvel ezelőtt játszottam is vele nagyban.

Menet közben azonban 64-bites Slackware Linux-ra váltottam, és mivel a CI csak 32-bites csomagban érhető el Linux alatt, így bizony nem indult el, úgyhogy hagytam is mérgemben.

Tegnap azonban úgy döntöttem, megint játszani akarok vele. Szerencsére azóta Android-ra is kijött a játék. Az egy dolog, hogy nem szívesen vettem volna meg 2x (az androidos verzió ~279 Ft körül van), ennél nagyobb gond, hogy a kezemmel / ujjammal mindig takarom valahol a kijelzőt, ami sok elveszett életbe került. Ezért hát nekiduráltam magam, és eldöntöttem: márpedig futni fog ez 64-bit alatt is.

Ez 1. próbálkozás Virtualbox volt, mind windows, mind Linux alatt. A wines verzió elindult, de rögtön elhasalt, amint kattintani akartam. OK, legyen akkor 32-bites Ubuntu 16. A már jó 5éves kicsi notebook-om azonban CPU-ban elég gyengusz, így mire a Unity-ben egy Xterm megjelent beleőszültem.

OK, akkor 64-bites Slackware alatt kell mennie. Ehhez az alábbi 32-bites compat csomagokat telepítettem a http://www.slackware.com/~alien/multilib/14.2 cím alól:

aaa_elflibs-compat32-14.2-x86_64-23compat32
alsa-lib-compat32-1.1.1-x86_64-2compat32
alsa-oss-compat32-1.0.28-x86_64-1compat32
alsa-plugins-compat32-1.1.1-x86_64-1compat32
audiofile-compat32-0.3.6-x86_64-1compat32
compat32-tools-3.7-noarch-11alien
compat32pkg-1.6.131213-noarch-6_SeB
esound-compat32-0.2.41-x86_64-2compat32
expat-compat32-2.2.2-x86_64-1_slack14.2compat32
fontconfig-compat32-2.11.1-x86_64-2compat32
freeglut-compat32-2.8.1-x86_64-1compat32
glew-compat32-1.13.0-x86_64-1compat32
glu-compat32-9.0.0-x86_64-1compat32
libFS-compat32-1.0.7-x86_64-1compat32
libICE-compat32-1.0.9-x86_64-2compat32
libSM-compat32-1.2.2-x86_64-2compat32
libX11-compat32-1.6.4-x86_64-1_slack14.2compat32
libXScrnSaver-compat32-1.2.2-x86_64-2compat32
libXau-compat32-1.0.8-x86_64-2compat32
libXaw-compat32-1.0.13-x86_64-1compat32
libXcomposite-compat32-0.4.4-x86_64-2compat32
libXcursor-compat32-1.1.14-x86_64-2compat32
libXdamage-compat32-1.1.4-x86_64-2compat32
libXdmcp-compat32-1.1.2-x86_64-2compat32
libXevie-compat32-1.0.3-x86_64-2compat32
libXext-compat32-1.3.3-x86_64-2compat32
libXfixes-compat32-5.0.3-x86_64-1_slack14.2compat32
libXfont-compat32-1.5.1-x86_64-2compat32
libXfontcache-compat32-1.0.5-x86_64-2compat32
libXft-compat32-2.3.2-x86_64-3compat32
libXi-compat32-1.7.8-x86_64-1_slack14.2compat32
libXinerama-compat32-1.1.3-x86_64-2compat32
libXmu-compat32-1.1.2-x86_64-2compat32
libXp-compat32-1.0.3-x86_64-2compat32
libXpm-compat32-3.5.11-x86_64-2compat32
libXrandr-compat32-1.5.1-x86_64-1_slack14.2compat32
libXrender-compat32-0.9.10-x86_64-1_slack14.2compat32
libXres-compat32-1.0.7-x86_64-2compat32
libXt-compat32-1.1.5-x86_64-1compat32
libXtst-compat32-1.2.3-x86_64-1_slack14.2compat32
libXv-compat32-1.0.11-x86_64-1_slack14.2compat32
libXvMC-compat32-1.0.10-x86_64-1_slack14.2compat32
libXxf86dga-compat32-1.1.4-x86_64-2compat32
libXxf86misc-compat32-1.0.3-x86_64-2compat32
libXxf86vm-compat32-1.1.4-x86_64-2compat32
libdmx-compat32-1.1.3-x86_64-2compat32
libdrm-compat32-2.4.68-x86_64-1compat32
libepoxy-compat32-1.3.1-x86_64-1compat32
libfontenc-compat32-1.1.3-x86_64-1compat32
libpciaccess-compat32-0.13.4-x86_64-1compat32
libusb-compat-0.1.5-x86_64-2
libva-compat32-1.6.2-x86_64-1compat32
libva-intel-driver-compat32-1.6.2-x86_64-1compat32
libvdpau-compat32-1.1.1-x86_64-1compat32
libxcb-compat32-1.11.1-x86_64-1compat32
libxshmfence-compat32-1.2-x86_64-2compat32
mesa-compat32-11.2.2-x86_64-1compat32
nettle-compat32-3.2-x86_64-1compat32
pixman-compat32-0.34.0-x86_64-1compat32
sdl-compat32-1.2.15-x86_64-5_slack14.2compat32
xcb-util-compat32-0.4.0-x86_64-2compat32

Ezután kellett egy reboot a glibc miatt. Ja, el ne felejtsem, a glibc* csomagokat a slackpkg konfigban blacklist-re tenni, nehogy egy frissítés simán felülírja az alienbob-féle compat csomagokat.

Indítom a játékot: ./Game_launcher, ill. nem is ez kell neki, elég az is, ha  a game/CI4.exe (igen, exe kiterjesztés Linuxon) programot indítom.

Ekkor viszont valamilyen PCM gubanc miatt nem indult el. OK, barátunk a strace, amivel kiderítettem, hogy a ~/.asoundrc kéne neki. Adjunk neki:

touch ~/.asoundrc

152. indítás: ugyanazzal a PCM gubanccal lép ki. Rákerestem google barátunknál, hogy mi ez a file, ill. mi kéne legyen benne.

$ cat /proc/asound/cards
0 [PCH ]: HDA-Intel – HDA Intel PCH
HDA Intel PCH at 0xe1600000 irq 26

Így végül az alábbi sorokat tettem bele google barátunk tippje alapján:

pcm.!default {
type hw
card 0
}

ctl.!default {
type hw
card 0
}

Szóval vagy 187 db indítás után végre elindult a cucc SDL grafika, valami régi (alsa?) hang, és jöhet a warp-olás!