From 48f41f7f216ca795838c4ad598f0d662437fa16b Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 23 Feb 2016 17:22:04 +0100 Subject: [PATCH] Current state --- aliases | 49 ++++++++- aliases.db | Bin 12288 -> 12288 bytes alternatives/Mail | 1 + alternatives/Mail.1.gz | 1 + alternatives/editor | 2 +- alternatives/editor.1.gz | 2 +- alternatives/editor.fr.1.gz | 1 + alternatives/editor.it.1.gz | 1 + alternatives/editor.ja.1.gz | 1 + alternatives/editor.pl.1.gz | 1 + alternatives/editor.ru.1.gz | 1 + alternatives/figlet | 1 + alternatives/figlet.6.gz | 1 + alternatives/mail | 1 + alternatives/mail.1.gz | 1 + alternatives/mailx | 1 + alternatives/mailx.1.gz | 1 + default/haveged | 5 + dhcp/dhclient-enter-hooks.d/nodnsupdate | 6 ++ init.d/haveged | 100 ++++++++++++++++++ motd.tail | 6 ++ nail.rc | 66 ++++++++++++ postfix/main.cf | 32 ++++-- postfix/mkpostfixcert | 40 +++++++ postfix/postfix-cert.cnf | 23 ++++ postfix/postfix.pem | 38 +++++++ postfix/smtp_auth | 2 + postfix/smtp_auth.db | Bin 0 -> 12288 bytes rc0.d/K01haveged | 1 + rc1.d/K01haveged | 1 + rc2.d/S02haveged | 1 + rc3.d/S02haveged | 1 + rc4.d/S02haveged | 1 + rc5.d/S02haveged | 1 + rc6.d/K01haveged | 1 + .../default.target.wants/haveged.service | 1 + 36 files changed, 381 insertions(+), 11 deletions(-) create mode 120000 alternatives/Mail create mode 120000 alternatives/Mail.1.gz create mode 120000 alternatives/editor.fr.1.gz create mode 120000 alternatives/editor.it.1.gz create mode 120000 alternatives/editor.ja.1.gz create mode 120000 alternatives/editor.pl.1.gz create mode 120000 alternatives/editor.ru.1.gz create mode 120000 alternatives/figlet create mode 120000 alternatives/figlet.6.gz create mode 120000 alternatives/mail create mode 120000 alternatives/mail.1.gz create mode 120000 alternatives/mailx create mode 120000 alternatives/mailx.1.gz create mode 100644 default/haveged create mode 100644 dhcp/dhclient-enter-hooks.d/nodnsupdate create mode 100755 init.d/haveged create mode 100644 motd.tail create mode 100644 nail.rc create mode 100755 postfix/mkpostfixcert create mode 100644 postfix/postfix-cert.cnf create mode 100644 postfix/postfix.pem create mode 100644 postfix/smtp_auth create mode 100644 postfix/smtp_auth.db create mode 120000 rc0.d/K01haveged create mode 120000 rc1.d/K01haveged create mode 120000 rc2.d/S02haveged create mode 120000 rc3.d/S02haveged create mode 120000 rc4.d/S02haveged create mode 120000 rc5.d/S02haveged create mode 120000 rc6.d/K01haveged create mode 120000 systemd/system/default.target.wants/haveged.service diff --git a/aliases b/aliases index 93a3249..a0f99a5 100644 --- a/aliases +++ b/aliases @@ -1,2 +1,49 @@ # See man 5 aliases for format -postmaster: root +MAILER-DAEMON: postmaster +postmaster: root +root: frank + +# General redirections for pseudo accounts. +adm: root +bin: root +daemon: root +exim: root +lp: root +mail: root +named: root +nobody: root +postfix: root + +# Well-known aliases -- these should be filled in! +# root: +# operator: + +# Standard RFC2142 aliases +abuse: postmaster +ftp: root +hostmaster: root +news: usenet +noc: root +security: root +usenet: root +uucp: root +webmaster: root +www: webmaster + +# trap decode to catch security attacks +# decode: /dev/null + +# Persönliche Aliase + +# Frank Brehm +frank: frank@brehm-online.com +fbr: frank +brehm: frank +fbrehm: frank +f.brehm: frank +f-brehm: frank +frank.brehm: frank +frank-brehm: frank + + + diff --git a/aliases.db b/aliases.db index f4498e9413b450dd4237477a3fb348aae1a834fc..049d72760a19d703bbe9b3bf68aa4076a703976c 100644 GIT binary patch literal 12288 zcmeI2KZp}S6vk&o7fkKK(qwX_nk zuu?3vx<>m0;lxH85k#;NL9`Mp3$aj9oXKW#NyOGdz9Bn1`@Z)cyT5L}i4a0~=CZ@z zvQccZi_PX5vkM{C<+q`^G;eB*9vWyu2e)t?*Kh?XG!{_B z863xc?8Z)P$2LfeVLg7yZ}N-$C_l)z^0j;}pUPFaA|FcAm4gIGfCNZ@1W14cNPq-L zfCNZ@1pZFIOX4^aUPlEjKh0DkdVzMTv@$|2r>fRYqU^Hp>WQx}x^ONo#%VTOtmB$X zX)d}|855{G`5(U+Bg@9f-TY!446FGWc>nVM;(y71kN-UXUjB{ztNAw; tHu6t?C?`C5pS(JYse!5G /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +do_stop() +{ + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/motd.tail b/motd.tail new file mode 100644 index 0000000..11f994a --- /dev/null +++ b/motd.tail @@ -0,0 +1,6 @@ + _ _ _____ +| \ | |___|___ / +| \| / __| |_ \ +| |\ \__ \___) | +|_| \_|___/____/ + diff --git a/nail.rc b/nail.rc new file mode 100644 index 0000000..c74862c --- /dev/null +++ b/nail.rc @@ -0,0 +1,66 @@ +# This is the configuration file for Heirloom mailx (formerly +# known under the name "nail". +# See mailx(1) for further options. +# This file is not overwritten when 'make install' is run in +# the mailx build process again. + +# Sccsid @(#)nail.rc 2.11 (gritter) 8/2/08 + +# Do not forward to mbox by default since this is likely to be +# irritating for most users today. +set hold + +# Append rather than prepend when writing to mbox automatically. +# This has no effect unless 'hold' is unset again. +set append + +# Ask for a message subject. +set ask + +# Assume a CRT-like terminal and invoke a pager. +set crt + +# Messages may be terminated by a dot. +set dot + +# Do not remove empty mail folders in the spool directory. +# This may be relevant for privacy since other users could +# otherwise create them with different permissions. +set keep + +# Do not remove empty private mail folders. +set emptybox + +# Quote the original message in replies by "> " as usual on the Internet. +set indentprefix="> " + +# Automatically quote the text of the message that is responded to. +set quote + +# Outgoing messages are sent in ISO-8859-1 if all their characters are +# representable in it, otherwise in UTF-8. +set sendcharsets=iso-8859-1,utf-8 + +# Display sender's real names in header summaries. +set showname + +# Display the recipients of messages sent by the user himself in +# header summaries. +set showto + +# Automatically check for new messages at each prompt, but avoid polling +# of IMAP servers or maildir folders. +set newmail=nopoll + +# If threaded mode is activated, automatically collapse thread. +set autocollapse + +# Mark messages that have been answered. +set markanswered + +# Hide some header fields which are uninteresting for most human readers. +ignore received in-reply-to message-id references +ignore mime-version content-transfer-encoding + +# Only include selected header fields when forwarding messages. +fwdretain subject date from to diff --git a/postfix/main.cf b/postfix/main.cf index 88d36ac..9c72183 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -10,7 +10,7 @@ smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. -append_dot_mydomain = no +append_dot_mydomain = yes # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h @@ -18,8 +18,8 @@ append_dot_mydomain = no readme_directory = no # TLS parameters -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_tls_cert_file = /etc/postfix/postfix.pem +smtpd_tls_key_file = /etc/postfix/postfix.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache @@ -28,14 +28,30 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myhostname = ns3.gridserver.io +myhostname = ns3.uhu-banane.de alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname -mydestination = ns3.uhu-banane.de, ns3.gridserver.io, localhost.gridserver.io, localhost -relayhost = mail.brehm-online.com -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mydestination = ns3.uhu-banane.de, ns3.brehm-online.com, localhost.uhu-banane.de, localhost +relayhost = [mail.brehm-online.com] +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 185.102.95.107/32 2a06:2380:0:1::3a/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + -inet_interfaces = loopback-only +# inet_interfaces = loopback-only +inet_protocols = all +mydomain = uhu-banane.de +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth +smtp_sasl_security_options = noanonymous +smtp_tls_cert_file = /etc/postfix/postfix.pem +smtp_tls_enforce_peername = no +smtp_tls_key_file = /etc/postfix/postfix.pem +smtp_use_tls = yes +smtpd_sasl_auth_enable = yes +smtpd_sasl_local_domain = $myhostname +smtpd_sasl_security_options = noanonymous +smtpd_tls_loglevel = 1 +smtpd_tls_received_header = yes +smtpd_tls_session_cache_timeout = 3600s +unknown_local_recipient_reject_code = 550 diff --git a/postfix/mkpostfixcert b/postfix/mkpostfixcert new file mode 100755 index 0000000..9a2522b --- /dev/null +++ b/postfix/mkpostfixcert @@ -0,0 +1,40 @@ +#! /bin/sh +# +# This is a short script to quickly generate a self-signed X.509 key for +# Postfix over SSL. Normally this script would get called by an automatic +# package installation routine. + +test -x /usr/bin/openssl || exit 0 + +prefix="/usr" +pemfile="/etc/postfix/postfix.pem" +randfile="/etc/postfix/postfix.rand" +conffile="/etc/postfix/postfix-cert.cnf" + +if [ -f $pemfile ]; then + echo "$pemfile already exists." + exit 1 +fi + +if [ ! -f $conffile ] ; then + echo "$conffile does not exists!" + exit 2 +fi + +cp /dev/null $pemfile +chmod 600 $pemfile +chown root $pemfile + +cleanup() { + rm -f $pemfile + rm -f $randfile + exit 1 +} + +dd if=/dev/urandom of=$randfile count=1 2>/dev/null +/usr/bin/openssl req -new -x509 -days 3650 -nodes \ + -config $conffile -out $pemfile -keyout $pemfile || cleanup +/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup +/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup +rm -f $randfile + diff --git a/postfix/postfix-cert.cnf b/postfix/postfix-cert.cnf new file mode 100644 index 0000000..c0f0cfc --- /dev/null +++ b/postfix/postfix-cert.cnf @@ -0,0 +1,23 @@ + +RANDFILE = /usr/share/postfix.rand + +[ req ] +default_bits = 1024 +encrypt_key = yes +distinguished_name = req_dn +x509_extensions = cert_type +prompt = no + +[ req_dn ] +C=DE +ST=Berlin +L=Berlin +O=Frank Brehm +OU=Mail Server Postfix SSL key +CN=ns3.uhu-banane.de +emailAddress=postmaster@brehm-online.com + + +[ cert_type ] +nsCertType = server + diff --git a/postfix/postfix.pem b/postfix/postfix.pem new file mode 100644 index 0000000..50075a9 --- /dev/null +++ b/postfix/postfix.pem @@ -0,0 +1,38 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMKacWkkXUoNw8me +nKBn7yta5j1hIihGkodHInxWm/NrcseF/kIke8Q8mIokaloIfhl8mLkMXkluifya +sC7k3BbI8UGkfU0B9Q+xDr1LftYdPTouLTt/ViRwtvnIKZRmwA9qp4DADzM6v1ZU +KTolcqOAoYTLi/jqeLEaxCQtIxwVAgMBAAECgYEAsQTKS0k/7yAMTDgS47sHjZmX +PJhB+P8RRSsJDK/AFrJT63lQqxwC1aQFYgv0DkgRZN+5EQNWNVfu/zA7Ob0HEcDP +McmVfdS+E3g21t7+oIHAouoeQSoI1IKsSPIpBowdgCnaSosn/gugLu7nkVB9hHTc +90DDlE3ayY7x6aZ+WdUCQQDgHJC6eGFRHeIJjm+LbkbT57mpSlRMcaJDlr1typ6d +NFGhG3BrEv/Y+Ksw15f4VWPAUnNmpXtlM/g8dsBomaWfAkEA3ksECc/76LekAqhX +uN6mbkFNrkyQxaXMMql8KK/aAvwzltJjeHCzurDzQk/6snI9kFYXwUqO6iOp2BLb +X3fZywJBALnqGIoIWTrwnlYtKg2yAuHBpvxwY/QyhFirkSOmZeSlxV3wJFc/IK1+ +xI01HKXvOFwQShmKCA6RiUmnfcCITaMCQC6vipWU/M8PYn68ZFALUuDtDieBJRad +j5lERzM0W5Es7pjKbuGoqdaXuz8+FOTNYWii7DJIOmOqQc2DiFcwkKkCQQDfHrGW +dPsJoELtiUi6vO874/JH2xkmocDo7V6JvYWwPZE27ElDqwpizVzaM9oJUL9Ljm1r +LREfGAWKHFWqY7eR +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIC+zCCAmSgAwIBAgIJANcwFtzgJkZ4MA0GCSqGSIb3DQEBCwUAMIGzMQswCQYD +VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xFDASBgNV +BAoMC0ZyYW5rIEJyZWhtMSQwIgYDVQQLDBtNYWlsIFNlcnZlciBQb3N0Zml4IFNT +TCBrZXkxGjAYBgNVBAMMEW5zMy51aHUtYmFuYW5lLmRlMSowKAYJKoZIhvcNAQkB +Fhtwb3N0bWFzdGVyQGJyZWhtLW9ubGluZS5jb20wHhcNMTYwMjIzMTQxMjA1WhcN +MjYwMjIwMTQxMjA1WjCBszELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEP +MA0GA1UEBwwGQmVybGluMRQwEgYDVQQKDAtGcmFuayBCcmVobTEkMCIGA1UECwwb +TWFpbCBTZXJ2ZXIgUG9zdGZpeCBTU0wga2V5MRowGAYDVQQDDBFuczMudWh1LWJh +bmFuZS5kZTEqMCgGCSqGSIb3DQEJARYbcG9zdG1hc3RlckBicmVobS1vbmxpbmUu +Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCmnFpJF1KDcPJnpygZ+8r +WuY9YSIoRpKHRyJ8Vpvza3LHhf5CJHvEPJiKJGpaCH4ZfJi5DF5Jbon8mrAu5NwW +yPFBpH1NAfUPsQ69S37WHT06Li07f1YkcLb5yCmUZsAPaqeAwA8zOr9WVCk6JXKj +gKGEy4v46nixGsQkLSMcFQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ +KoZIhvcNAQELBQADgYEAJQxNsyzNw34aE/kiIAJuumRPyRacICQkv1CQWU2yqcbk +b2ALb7HMY/Lb1VLKumIwQ5VSvlVF/581FI1a2jrUr9P3g48hbRtvgkdE6b2WSO8c +EQHbRlh+NxFImjNfymTf+lMUhdHMQEtBV8aPpKuKTmoDC8luS937d3zT0Sq3JR8= +-----END CERTIFICATE----- +-----BEGIN DH PARAMETERS----- +MEYCQQCNGvWurAMo3wZ1Ct3yZhQGWz3dHN2RRebBp7BbBNMt0Bk6tSnR7DNgDsxz +uBLV0cJAaqK9ocL0vA/z23fv8kHTAgEC +-----END DH PARAMETERS----- diff --git a/postfix/smtp_auth b/postfix/smtp_auth new file mode 100644 index 0000000..8d104f5 --- /dev/null +++ b/postfix/smtp_auth @@ -0,0 +1,2 @@ +mail.brehm-online.com vmail:uhu +helga-six.brehm-online.com vmail:uhu diff --git a/postfix/smtp_auth.db b/postfix/smtp_auth.db new file mode 100644 index 0000000000000000000000000000000000000000..76e88dcc341a8dc2bc8587c8b05fdd8e4aa20811 GIT binary patch literal 12288 zcmeI&y$ZrG5Ww+E2GK$4;^0HHtKj652vv$L^aB*7FX6Me_#isEIJx*1<}8J_E-s40 zKak6jl!N@XBNY)bZt4ifJsD^+a}ZJWi|_cV3>R!FgUCX^py$?pRmja)=k* z{pxEX0tg_000IagfB*srAbe>0+oM~#c`|%>E;0~6009ILKmY**5I_I{1Q0;r z?*+_03zKxVi+5r)3znNG&io=zlROGmMfSRZ_W#Xyek)hk|KB|qTl@8OKY9Pxe+YR0 muf