Articles

This walkthrough tells you how to provide an email service to daemons on a home server so that it can send emails to a server admin's Gmail account.

Key: Actions look like this, results look like this and commands you enter on a terminal look like this. Replace [my_username] with your login on this server e.g. andrew. Replace [external_FQDN] with the domain name that you use to access your server from outside your local network. (FQDN is Fully Qualified Domain Name.) Replace [gmail address] with your normal email address. This should work just as well for non-gmail addresses, but it's a useful distinction to show we'll be sending mail outside our local network.

Pre-requisites:

• Computer running Ubuntu (This was done on 10.04, but it's fairly standard stuff)
• Domain name and DNS provider who can make this work - e.g. dyn.com

sudo aptitude install postfix

Postfix installs
Postfix starts its configuration gui

Select defaults for:

• General type of mail configuration
• System mail name

sudo dpkg-reconfigure postfix
Postfix starts its configuration gui

Select the following options:

• General type of mail configuration: Internet Site
• System mail name: [external_FQDN]
• Root and postmaster mail recipient: [my_username]
• Other destinations to accept mail for (blank for none): localhost.[external_FQDN], localhost
• Force synchronous updates on mail queue?: No
• Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [internal CIDR block, e.g. 192.168.0.0/24]
• Mailbox size limit (bytes): 0
• Local address extension character: +
• Internet protocols to use: all

Configure Postfix for SMTP-AUTH using Dovecot SASL

sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth-client'
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'


Postfix is configured silently - there is no output from these commands unless there's a problem.

Generate the keys for the Certificate Signing Request (CSR)

openssl genrsa -des3 -out server.key 1024
Enter passphrase when prompted
server.key file is created in your current working directory.

Now create the insecure key (no passphrase):
openssl rsa -in server.key -out server.key.insecure
Enter passphrase when prompted
server.key.insecure file is created in your current working directory.

Name the key files appropriately:
mv server.key server.key.secure
mv server.key.insecure server.key
server.key.secure and server.key files are present in your current working directory.

Create the CSR using the insecure key:
openssl req -new -key server.key -out server.csr
In the next step, you'll fill in some details. The only important option is the Common Name, which should be the FQDN of the server. This is slightly different to the advice on Wikipedia which indicates that the CN(Common Name) is used as part of the DN(Distinguished Name).
Fill in some details about: Country Name; State or Province Name; Locality Name; Organization Name; Organizational Unit Name; Common Name; Email address.
When prompted for the following optional attributes, leave them blank: A challenge password; An optional company name.
server.csr file is create in your current working directory.

Create a self-signed certificate and install it

Note that this certificate will be valid from now until an end date determined by the number after the -days option.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Configure Postfix to provide TLS encryption for incoming and outgoing mail

sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = [external_FQDN]'
Now restart postfix:
sudo /etc/init.d/postfix restart
Postfix should restart with no errors

Configuring SASL

sudo apt-get install dovecot-common
Dovecot will install.

Edit /etc/dovecot/dovecot.conf as root (e.g. sudoedit /etc/dovecot/dovecot.conf)
On line 1116, or thereabouts, uncomment the socket listen option and modify the section so it looks like this:

 socket listen {
    #master {
      # Master socket provides access to userdb information. It's typically
      # used to give Dovecot's local delivery agent access to userdb so it
      # can find mailbox locations.
      #path = /var/run/dovecot/auth-master
      #mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      #user = 
      #group = 
    #}
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }

Now restart Dovecot
sudo /etc/init.d/dovecot restart

Setting up Aliases

Edit /etc/aliases as root (e.g. sudoedit /etc/aliases) to add your gmail address. Once you've finished, it should look like this:

    # See man 5 aliases for format
    postmaster:    root
    root:          [gmail address]
    [my_username]: [gmail address]

Testing

Lets see if we can connect to our postfix instance with telnet.
telnet localhost 25
... results in the following:

    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    220 [external_FQDN] ESMTP Postfix (Ubuntu)

Type the following command into the telnet session:
ehlo [external_FQDN]
The output should include the following lines (and probably a bunch of others):

    250-[external_FQDN]
    250-STARTTLS
    250-AUTH PLAIN
    250-AUTH=PLAIN
    250-8BITMIME

Let's follow that up by sending an email directly from the telnet session.
Type the following commands into the telnet session:
mail from: root@localhost
rcpt to: [my_username]@localhost
data
Subject: My first mail on Postfix

Hello,
Are you there, Charlie Bear?
regards,
Me
. (Type the .[dot] in a new Line and press Enter )
quit
Postfix will acknowledge each command with a message ending in 'Ok' (except when you type the message contents). The output should look a bit like this:

    250 2.0.0 Ok: queued as 402DA9FCD4
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.

Wait for it... Okay - now check your email. If all has gone well, you've got an email from yourself sitting in your inbox.

These instructions were pieced together from Postfix: Ubuntu server guide and Certificates: Ubuntu server guide.

Call it what you like – the hymn re-write movement; re-imaginings and adaptations of old hymns or simply putting old hymns to new music. This is a trend that’s here to stay. The only surprise, really, is that it went away for a few years. Here is a little introduction to some of the groups making great music. There are also lots of free tracks, which doesn’t hurt.

Indelible Grace

This is a kind of super-group – albums are composed of hymns sung by various artists. The production quality is excellent – this is hymns done right.

• Get the full picture by visiting the Indelible Grace website
• Listen to one of their live concert albums, The Hymn Sing: Live In Nashville
• Get Arise My Soul: An Indelible Grace Sampler free

Red Mountain Music

RMM is a music group formed by members and friends of Red Mountain Church in Birmingham, Alabama.

• Here’s Red Mountain Music’s website
• Download the B-side collection – a bunch of songs that aren’t on their albums.
• Get Help my unbelief free

The Gospel Coalition

Now, the Gospel Coalition do a lot more than music, but nevertheless, this is well worth a listen.

• Sing Them Again: The Gospel Coalition Hymn Sing Sampler
• Zac Hicks has released Lord, I Believe for free, as a communion hymn, via Justin Taylor

Matthew Smith

Matthew Smith, of Indelible Grace, has released a lot of his own albums of hymns, available to listen to on Bandcamp

Sojourn Music

Sojourn Music have also released some lovely work on Bandcamp including their album, The water and the blood

Sandra McCracken

Sandra McCracken, of Indelible Grace, has a sampler of her New old hymns on Noisetrade and plenty of her own music.

Page CXVI

Page CXVI are dedicated to making hymns accessible and known again. Their work doesn’t seem to have the production finesse of some of other groups here (is it the vocals that feel flat?) but they’re worth checking out.

Ordinary Time

From their website: Ordinary Time is an independent folk acoustic trio rooted in the Christian tradition. The band’s oeuvre seamlessly weaves the hymns of generations past with their own new songs – often indistinguishably – producing a sound that ranges from bluegrass-tinged Americana to sacred harp hymn arrangements.

I recently updated my Sandisk Sansa Clip firmware and found that the volume was dramatically reduced.

One of the key reasons for leaving behind my iPod Nano was that it was rather quiet. Now, before you tell me how I should be looking after my ears, I should say that playing music was just fine. However, I listen to a lot of podcasts and the audio level is often rather low — hence the need to pump up the volume.

Now, it seems that the E.U. have called for a limit of 80dB on the volume of mp3 players. The only sensible way to implement this is to limit the volume scale on the device so that the normal volume of music is restricted to 80dB. This makes my podcasts really quiet!

The solution, for the Sansa Clip, is very easy:

1. Turn on your Sansa Clip
2. Make a note of any settings you would like to keep (we're going to reset them in a minute)
3. Select 'Settings' from the main menu
4. Select 'Reset All'
5. Select 'Yes'
6. Select your language of choice (English for me)
7. Select 'Rest of World' as your region
8. Optionally:
   • Scroll through the settings menu to 'Volume'
   • Select 'High'
9. Set the volume as you normally would - you should have lots more oomph now

Just remember to mind your ears when you listen to music after you've finished that quiet podcast!

Dropbox is a really useful file sharing, syncing, backup tool that quietly syncs my Dropbox folder with my other computers and with the online Dropbox website.

I use it to send my parents movies of my daughter; I use it to share my documents with my other computer and I get peace of mind knowing that right now there is a valid, complete backup of all my important stuff.

Here's the awesome feature

If I put a file in my dropbox that is the same as a file in anybody's dropbox (that's anybody in the world) then the upload is instant. For example, I've just purchased a download of MS Office 2010. It's 665MB big. When I put it in my dropbox, The Little Dropbox Elf (LDE) says,

Oh, that one? I've already got one of them. No need to upload another one, I'll just make a note of that.

Just so that you know — I don't actually hear the LDE. That would be annoying, and Dropbox is anything but annoying.

If you'd like to try Dropbox, you can sign up for a 2GB free account. If you sign up with this referral code, you’ll get an extra 250MB. So will I. Thanks.

“Why don’t my regular expressions work with the ‘find’ utility in Linux/Ubuntu/Unix/Cygwin/Posix-environment?”

You need -regextype posix-extended
E.g. To find files with either of two file extensions, use: find . -regextype posix-extended -regex '.*\.(xsd|java)'

Want to know the differences between POSIX Extended Regular Expressions and basic ones? Read this excellent resource about regular expressions. Want to test your regular expressions, live, in the browser? Try Regexpal

Similarly, use egrep instead of grep to enable extended regex functionality and use sed -r instead of sed.