Controlling Exim SMTP behaviour from Dovecot password data

Wednesday, 09. 3. 2014  –  Category: stash

Given this Dovecot PasswdFile with a homegrown smtp ExtraField: $ head -1 /data/example.org/etc/passwd foo@example.org:{MD5-CRYPT}$1$HASH-U-LIKE::::::updated=1409712878 smtp=no Then this Exim ACL snippet forbids the user from sending mail. Dovecot will allow them to login (allowing them receive the mail asking them to change their password) and so will ancillary systems that authenticate with the same data (eg: […]

Heartbleed OpenSSL vulnerability

Tuesday, 04. 8. 2014  –  Category: stash, sw

OpenSSL advisory CVE-2014-0160 Heartbleed Here’s a oneliner to check if a remote server might be vulnerable by checking if it advertises the Heartbeat TLS extention during connection negotiation. $ openssl version OpenSSL 1.0.1e-freebsd 11 Feb 2013 $ < /dev/null openssl s_client -connect example.com:443 -tlsextdebug 2>&1 | grep -i heartbeat TLS server extension "heartbeat" (id=15), len=1 […]

freebsd-update and custom kernels

Saturday, 03. 16. 2013  –  Category: stash, sw

This post is search fodder, mostly. If you’re using freebsd-update to upgrade FreeBSD and you run a custom kernel and temporarily using the generic kernel isn’t an option and it’s been ages since you’ve done this, then welcome! $ sudo freebsd-update upgrade -r 9.1-RELEASE [ warnings about custom kernel ] $ sudo freebsd-update install [ […]

« Older Entries