header image
Exim & Dovecot
January 14th, 2021 under Linux, Website Status. [ Comments: none ]

I finally set up my mail server with POP3 access. I just want to host couple of mail addresses which map to users on the (arch-)linux system. So no fancy virtual users or LDAP.

First, set up exim. The configuration is straight forward. Just read through the entire configuration file. It turns out I needed just some adjustments. First the proper primary_homename must be set.

primary_hostname = ganymede.ch

Since I want to use TLS, the certificate and private key must be set. Don’t generate any self-signed key. This just causes problems because the certificate must always be added as an exception wherever it is used. So, generate a Let’s Encrypt certificate. Point exim to Let’s Encrypt files.

tls_certificate = /etc/letsencrypt/live/ganymede.ch/fullchain.pem
tls_privatekey = /etc/letsencyrpt/live/ganymede.ch/privkey.pem

The Let’s Encrypt files can also be used for an Apache webserver. Apache is typically started with root privileges which it later drops. During this phase, the certificate and private key are read by Apache. So the default permission (mostly exclusively root access) of the Let’s Encrypt folder works just fine for Apache. Exim on the other hand read the certificate and key just when a TLS connection should be established. Hence the exim log shows some TLS Error with a message like system library:fopen:Permission denied. An easy fix for this is to set the owner of the folder /etc/letsencrypt/live/ and /etc/letsencrypt/archive/ to the exim user and group. Clearly, this can cause problems if other users, without root privileges, need access to the files. However, this is not the case in my setup.

Next, I don’t want to allow mail delivery to all local users such as the exim or http user. I just want to whitelist certain users. This can be achieved by modifying the localuser router. Simply add local_parts = lsearch;/etc/mail/accepted_local_users. So the router looks like this:

localuser:
driver = accept
local_parts = lsearch;/etc/mail/accepted_local_users
check_local_user
transport = local_delivery
cannout_route_message = Unknown user

This router only routes if check_local_user succeeds and local_parts can be found in the accepted_local_users file. So, create the file accepted_local_users and write every username which is allowed to receive E-Mails into the file. One username per line.

That’s it… Exim with TLS done.

Let’s look at dovecot for the POP3 access. On archlinux the dovecot configuration is split into many file. The config file need to be copied into the /etc folder (see the archlinux wiki). The main config file is /etc/dovecot/dovecot.conf. There it restricted the supported protocols to pop3

protocols = pop3

This main config file loads all config files from the conf.d subdirectory. Here I rely on the system (PAM) authentication by including auth-system.conf.ext

!include auth-system.conf.ext

Again as with exim, I want only whitelisted users to be able to login and not all system users. To achive this it is possible to use the username_filter. Simply give it the username which are allowed to login.

passdb {
driver = pam
username_filter = my_user my_user2
}

Of course we also want the secure the server with SSL. This is just as easy as before. Simply point dovecot to the Let’s Encrypt certificate and private key in 10-ssl.conf

ssl_cert = </etc/letsencrypt/live/ganymede.ch/fullchain.pem
ssl_key = </etc/letsencrypt/live/ganymede.ch/privkey.pem

Since dovecot is run as root we don’t have any permission issues.

The last thing that needs to be done, is to tell dovecot about the mailbox format and the mailbox locations. In the file 10-mail.conf write

mail_location = mbox:~/mail:INBOX=/var/mail/%u

After that we are all done. You can receive email for the given user and access the mails through pop3 with the system password for that user.

You can also send email from you system (for instance through mail or with php) trough exim to any E-Mail address.


ArchLinuxARM Package Downgrading
March 18th, 2020 under Linux. [ Comments: none ]

I’m running ArchLinuxARM on my Odroid C2. After a system upgrade it wouldn’t boot anymore. So after going through some forums I figured out that systemd was the culprit. I had to downgrade to the previous version. However how do I achieve this when I have just x64 system laying around.

My goal was to take the MMC which stores the system of my Odroid C2 and mount it on my x64 so that a have access to the filesystem of the ArchLinuxARM installation. This is pretty straightforward with a memorycard adapter. Now comes the tricky part.

You need to be able to run arm executables (im my case aarch64). So the first step is to get qemu-user-static unto my x64 system. AUR has a package for this. After having built and installed this package copy the executable for your architecture to the mounted mmc. I mounted it to /mnt

1
cp /usr/bin/qemu-aarch64-static /mnt/usr/bin/
cp /usr/bin/qemu-aarch64-static /mnt/usr/bin/

Next you need the arch-install-scripts to get the arch-chroot command. This is a modified chroot command which sets up all ArchLinux specific configurations.

Now we execute pacman to downgrade the package on the mounted mmc.

1
arch-chroot /mnt qemu-aarch64-static /bin/pacman -U /var/cache/pacman/pkg/systemd-244.3-1-aarch64.pkg.tar.xz
arch-chroot /mnt qemu-aarch64-static /bin/pacman -U /var/cache/pacman/pkg/systemd-244.3-1-aarch64.pkg.tar.xz


Flashing the ESP-12 with Arduino UNO
April 17th, 2018 under Electronics. [ Comments: none ]

I recently I bought a Webduino-Smart. It’s an easily available ESP-12/ESP8266 chip in my country and it can be powered through a micro USB power supply. However, I’m not fond of the javascript based development methodology. Hence I wanted to move to a different firmware.

For me the ESP8266 Arduino Core was exactly what I was looking for. Especially, because I was already familiar with Arduino development.

Unfortunately, the Webduino-Smart does not feature a USB-TTL adapter. As a consequence, the Webduino Smart cannot be programmed/flashed as easily as I was used to from the Arduino UNO. After doing some research I was able to misuse the Arduino UNO board as an USB-TTL adapter.

So here is how I could upload my sketch from the Arduino IDE through the Arduino UNO to my Webduino-Smart.

  1. Remove the ATMEGA microcontroller from the Arduino UNO. The Arduino is still accessible through the device /dev/ttyACM0.
  2. Then connect the communication channels tx and rx from the Arduino to the Webduino. (TX <-> TX, RX <-> RX)
  3. Connect the grounds of the two boards (GND <-> GND).
  4. Pull the GPIO0 of the Webduino to 0 by connecting it to the ground of the Arduino (GND <-> 00). This puts the ESP-12/ESP8266 into flash mode and lets you flash a new firmware to the device.
  5. Power the Webduino with 3.3V by connecting the 3.3V ouput from the Arduino to the power input VCC of the Webduino (3.3V <-> VCC).
  6. Select the ttyACM0 connection in the Arduino IDE (Menu Tools -> Port).
  7. Choose “Generic ESP8266 Module” as your board in the Arduino IDE (Menu Tools -> Board). This option is only available if you installed the ESP8266 Arduino Core.
  8. Leave all other settings to their default values
  9. Upload the sketch by pressing the upload button in the Arduino IDE.Note: I had to disconnect and reconnect the power of the Webduino before uploading a sketch.

In order to run the sketch I simply removed the (GND <-> 00) connection so that the Webduino boots no longer into flash mode. Then reboot the Webduino by disconnecting and reconnecting the power supply.

I read somewhere that it is not necessary to remove the ATMEGA microcontroller. The entire process should also work with the controller in place. I never tried this since I was fine flashing to Webduino without the controller.

Disclaimer: I know that the Webduino runs on 3.3V but the TX/RX pin of the Arduino are 5V. So, there is a risk of frying the Webduino. It worked for me without problems though. So, just for the record, use this procedure at your own risk!


How The Economic Machine Works by Ray Dalio
May 3rd, 2016 under Economics. [ Comments: none ]


Toggle all Charts between Logarithmic and Linear Scale
September 1st, 2015 under Excel. [ Comments: none ]

I had multiple chart in one Excel Worksheet and wanted to change the scale of the x-axis and y-axis to the logarithmic scale. The following macro toggles between the linear and logarithmic scale for all charts:

1
2
3
4
5
6
7
8
9
10
11
12
13
Sub ChartsToggle()
    For i = 1 To ActiveSheet.ChartObjects.Count      
      Application.DisplayAlerts = False
      If ActiveSheet.ChartObjects(i).Chart.Axes(xlCategory).ScaleType = xlLinear Then
        ActiveSheet.ChartObjects(i).Chart.Axes(xlCategory).ScaleType = xlLogarithmic
        ActiveSheet.ChartObjects(i).Chart.Axes(xlValue).ScaleType = xlLogarithmic
      Else
        ActiveSheet.ChartObjects(i).Chart.Axes(xlCategory).ScaleType = xlLinear
        ActiveSheet.ChartObjects(i).Chart.Axes(xlValue).ScaleType = xlLinear
      End If
    Next i
  Application.DisplayAlerts = True
End Sub
Sub ChartsToggle()
    For i = 1 To ActiveSheet.ChartObjects.Count      
      Application.DisplayAlerts = False
      If ActiveSheet.ChartObjects(i).Chart.Axes(xlCategory).ScaleType = xlLinear Then
        ActiveSheet.ChartObjects(i).Chart.Axes(xlCategory).ScaleType = xlLogarithmic
        ActiveSheet.ChartObjects(i).Chart.Axes(xlValue).ScaleType = xlLogarithmic
      Else
        ActiveSheet.ChartObjects(i).Chart.Axes(xlCategory).ScaleType = xlLinear
        ActiveSheet.ChartObjects(i).Chart.Axes(xlValue).ScaleType = xlLinear
      End If
    Next i
  Application.DisplayAlerts = True
End Sub

Note the

1
Application.DisplayAlerts = False
Application.DisplayAlerts = False
. This prevents Excel from opening a dialog box, for every chart, informing you that negative values cannot be displayed. The dialog is just shown once at the end. I had to put this line inside the for-loop because it got changed back to true after the chart modification.


« Previous entries