hugo

•  hugo new site blog
• cd blog
• git submodule add https://github.com/athul/archie.git themes/archie/
• echo "theme = 'archie'" >> hugo.toml
• hugo new content content/posts/my-first-post.md
• hugo server --buildDrafts
• hugo server -D
• ssh -L 1313:localhost:1313 user@vps
• open brower at laptop and access 127.0.0.1:1313
• 
  

dovecot configuration

• authentication mechanism and password scheme
• link
• authentication mechanism -> how password is transferred from cilent from server; passwd scheme: how password is stored in server.
• plain and plaintext
• auth_mechanisms = plain
• disable_plaintext_auth = yes
• plain is one protocol of authentication mechanism, password is plaintext; "disable_plaintext_auth=yes"  means ssl/tls is mandatory.
•  service
• service = 一个独立运行的 Dovecot 功能组件
• service imap-login # IMAP 登录 
• service imap # IMAP 邮件操作 
• service pop3-login # POP3 登录 
• service pop3 # POP3 邮件收取 
• service auth # 账号密码验证 
• service lda # 本地邮件投递
• 只有被 Dovecot 启用的协议 / 功能，对应的 service 才会真正运行
• # /etc/dovecot/dovecot.conf
• protocols = imap pop3 lmtp
• 写了 imap → 启动 imap-login + imap, 写了 pop3 → 启动 pop3-login + pop3,没写的协议 → 对应的 service 完全不运行
• namespace
• Dovecot 的 Namespace 是「邮件文件夹的分组 / 容器」，用来划分不同来源、不同权限、不同存储位置的邮件目录，让邮件客户端能清晰区分「私人邮箱」「共享文件夹」「公共邮箱」等。
• 你可以把它理解成电脑里的「文件夹分区」：
• 一个 Namespace = 一个独立的邮件目录分区
• 不同 Namespace 可以存放在不同路径、拥有不同权限、使用不同分隔符
• 同一个名字的 namespace，会自动合并！
• 10-mail.conf 里的 namespace inbox → 定义基础属性（inbox=yes、type、separator 等）
• 15-mailboxes.conf 里的 namespace inbox → 定义里面的文件夹（Drafts、Sent、Trash、Junk 等）
• Dovecot 会把它们合二为一，变成一个完整的 namespace。

namespace inbox {
 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Trash {
    special_use = \Trash
  }

  # For \Sent mailboxes there are two widely used names. We'll mark both of
  # them as \Sent. User typically deletes one of them if duplicates are created.
  mailbox Sent {
    special_use = \Sent
  }

opensmtp configuration

•  hostname hongy19.net is used on listen, not key words in configuration file
• table
• man page
• table could be file or db
• table could be list or mapping
• credential in a relay context
• the credentials are a mapping of labels and username:password pairs, format: label1 user:password
• passwords are not encrypted (smtpctl encrypt subcommand.)
• table examples
• table users   file:/etc/smtpd/users
• table creds   file:/etc/smtpd/creds
• table domainemail  {hongy19 = hongy19@hongy19.net}
• relay
• action "outbound" relay host smtps://smtp2go@mail.smtp2go.com:465 auth <creds> mail-from "@hongy19.net -> doesn't work for smtp2go
• action "outbound" relay host smtps://smtp2go@mail.smtp2go.com:465 pki hongy19.net auth <creds> mail-from "@hongy19.net"   -> work for smtp2go
• action "outbound" relay host smtp+tls://smtp2go@mail.smtp2go.com:587 auth <creds> mail-from "@hongy19.net" -> work for smtp2go

move dovecot, opensmtpd, nginx from Archlinux to Ubuntu

 i plan to move Archlinux at vultr to Ubuntu at Tencent.

• firewall at Tencent, 
• no need to convert iptables to ufw since Tencent cloud has firewall
• "在轻量数据库中，支持配置防火墙规则来控制访问权限，进行网络隔离以增强安全性。如果不配置防火墙规则，则表示不限制访问数据库的来源，未经授权的访问也可连接数据库。如果配置防火墙规则，限制了来源、协议以及端口，例如：配置来源为172.1.4.12、协议为TCP、端口为45，访问策略为允许，则表示仅允许来源为172.1.4.12，来自 TCP 协议且端口号为45的应用访问轻量数据库。"
• open Tencent firewall port: 80, 443; 25,465,587; 993
• Tencent not support send smtp email but it is Ok to receive email, see link 
• letsencrypt;
• sudo tar -cpzvf letsencrypt_archive.tar.gz -C /etc letsencrypt
• -C /etc: Change directory to /etc first (so the archive contains letsencrypt/ instead of full /etc/letsencrypt/ path)
• sudo tar -xzvpf letsencrypt_archive.tar.gz -C /etc
• sudo apt install certbot python3-certbot-nginx
• dpkg -L certbot
• sudo vim /usr/lib/systemd/system/certbot.service
• add "ExecStartPost=/bin/systemctl reload nginx.service ; /bin/systemctl restart smtpd ; /bin/systemctl restart dovecot" and sudo systemctl daemon-reload
• nginx
• sudo apt install nginx
• sudo scp  vultr:/etc/nginx/nginx.conf .
• sudo scp  vultr:/etc/nginx/httpasswd .
• sudo scp  vultr:/etc/nginx/mime.types .
• sudo scp  vultr:/etc/nginx/ssl/RSA2048.pem .
• on vultr
• cd /srv/http
• sudo rm -rf .local/
• in pyblog and pymoney: sudo rm -rf __pycache__/ .venv/
• sudo tar -cpzvf http.tar.gz -C /srv http
• sudo scp  vultr:/srv/http.tar.gz .
• sudo tar -xzvpf http.tar.gz -C /sr
• update DNS record with new IP
• opensmtpd
• sudo apt install opensmtpd opensmtpd-extras opensmtpd-filter-dkimsign
• on vultr
• sudo chmod o+r myselector.*
• mkdir /etc/smtpd
• sudo scp  vultr:/etc/smtpd/smtpd.conf /etc/smtpd
• sudo ln -s /etc/smtpd/smtpd.conf /etc/smtpd.conf
• sudo scp  vultr:/etc/smtpd/myselector.* .
• sudo chown opensmtpd:opensmtpd myselector.*
• sudo scp  vultr:/etc/smtpd/aliases /etc/smtpd
• sudo scp  vultr:/etc/smtpd/users /etc/smtpd
• update smtpd.conf from "enp1s0" to "eth0"
• sudo scp vultr:/var/mail/hongy19 . ; cd /var/mail/; sudo chown hong19:hongy19 hongy19
• sudo apt isntall mutt; sudo scp vultr:/home/hongy19/.mutt/* .
• not possible to send email due to tencent policy.
• dovecot
• sudo apt install dovecot-pop3d dovecot-imapd
• sudo scp  vultr:/etc/dovecot/dovecot.conf .
• sudo scp  vultr:/etc/dovecot/dh.pem .
• cd /etc/dovecot/conf.d
• sudo mv 10-auth.conf 10-auth.conf.orig; sudo scp  vultr:/etc/dovecot/conf.d/10-auth.conf .
• sudo scp  vultr:/etc/dovecot/conf.d/20-mailbox.conf .; sudo mv 20-mailbox.conf 10-mail.conf
• sudo scp  vultr:/etc/dovecot/conf.d/30-ssl.conf .;sudo mv 30-ssl.conf 10-ssl.conf
• sudo scp  vultr:/etc/dovecot/conf.d/40-service.conf .
• ubuntu dovecot still 2.3.2, not use new configuraiton file
• dovecot_config_version = 2.4.2
• auth_allow_cleartext = no
• passdb_driver=pam
• mail_driver = mbox
• mail_path = ~/mail
• mail_inbox_path = /var/mail/%{user}
• service_restart_request_count = 1
• ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
• ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
• ssl_server_dh_file = /etc/dovecot/dh.pem
• service_restart_request_count = 1
• driver = passwd
• add  following in  "10-mail.conf" according to link1 and link2
• namespace inbox {inbox = yes}
• 
  
• fail2ban
• sshguard
• uwsgi
• vnstat.service
• others
• cd /home/hongy19
• scp vultr:/home/hongy19/.rtorrent.rc .
• scp vultr:/home/hongy19/.vimrc .
• scp  vultr:/home/hongy19/.mailrc .
• mkdir bin; scp vultr:/home/hongy19/bin/* .
• 
  

Openclaw installation and configuration

 

• openclaw: 
• 2026.3.24 change plugin interface and many old plugin doesn't work
• openclaw update
• Weibo official plugin: 
• get appID and appSecret from 微博小龙虾
• dingtalk-connector for 钉钉: 
• follow guideline.
• get useID from 钉钉管理后台
• get groupid from "openclaw logs", @ robot at group and get following logs
• 2026-03-26T11:20:54.327Z warn [DingTalk:__default__] 群聊被拦截: conversationId=cidxxxxxxxxxxxxxxxxxxxxxxxx= 不在 groupAllowFrom 白名单中
• pinned version plugin upgrade
• backup openclaw.json
• openclaw plugins uninstall weibo-openclaw-plugin
• remove weibo in openclaw.json
• openclaw plugins install @wecode-ai/weibo-openclaw-plugin@2.0.1-beta.1
• add weibo in openclaw.json
• openclaw cron
• openclaw cron add --name "每周记忆整理" --cron "0 7 * * 1" --tz "Asia/Shanghai" --session isolated --message "整理最近 7 天的日志，提炼到长期记忆" --announce --channel weibo --to "1000000009"
• openclaw logs 
• timestamp is UTC by default, openclaw logs --local-time
• 
  

"weibo": { "enabled": true, "appId": "11111111111", "appSecret": "786aaxxxxxxxxxxxxxxxxxxxxx522" },

"dingtalk-connector": { "enabled": true, "clientId": "dingxxxxxxxxxxxxxxxxxxx", "clientSecret": "CDxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXjA", "dmPolicy": "allowlist", "allowFrom": ["000000000000000000000000000003"], "groupPolicy": "allowlist", "groupAllowFrom": ["cidxxxxxxxxxxxxxxxxxxxxxxxx="], "requireMention": true }

epub bookmark update

• rename sample.epub to sample.zip
• unzip sample.zip
• update OEBPS/toc.ncx
• in the folder which include "OEBPS", "META-INF" and "mimetype". not the folder which include folder sample
• zip -D -rX9 sample.epub * -x mimetype

Dovecot upgrade from 2.3 to 2.4

•  see link for detail guideline, Archlinux provide dovecot23 as alternative
• add two new configuration, see link
• dovecot_config_version = 2.4.2
• dovecot_storage_version = 2.4.2
• delete empy dict

#dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
#}

• change "disable_plaintext_auth = yes" to "auth_allow_cleartext = no", see link
• rename userdb and passdb. 
• passdb authenticated the user. 
• userdb lookup then retrieves post-login information specific to the authenticated user

userdb passwd {
          #driver = passwd
}
passdb pam {
          #driver = pam
          passdb_driver=pam
}

• update mail location, see example on link.

#mail_location = mbox:~/mail:INBOX=/var/mail/%u
#mail_location = mbox:~/mail:INBOX=/var/mail/%{user}

mail_driver = mbox
mail_path = ~/mail
mail_inbox_path = /var/mail/%{user}

• update ssl, see linklink.

#ssl_cert = </etc/letsencrypt/live/hongy19.net/fullchain.pem
#ssl_key =  </etc/letsencrypt/live/hongy19.net/privkey.pem
#ssl_dh =   </etc/dovecot/dh.pem
ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
ssl_server_dh_file = /etc/dovecot/dh.pem

• rename "service_count = 1" to "service_restart_request_count = 1", see link.

/var/permission

 

from link, /var/mail should have correct permissions 2775 root:mail

The first digit "2" represents the setgid (Set Group ID) special permission:

• 2 = setgid bit enabled
• When set on a directory, new files created within inherit the directory's group ownership
• This ensures all mail files created in /var/mail automatically belong to the mail group

The s represents the setgid bit. It appears in the group execute position:

• Normal group permissions: rwx (read, write, execute)
• With setgid: rws (read, write, setgid)
• With setgid but no execute: rwS (capital S)