move dovecot, opensmtpd, nginx from Archlinux to Ubuntu

 i plan to move Archlinux at vultr to Ubuntu at Tencent.

• firewall at Tencent, 
• no need to convert iptables to ufw since Tencent cloud has firewall
• "在轻量数据库中，支持配置防火墙规则来控制访问权限，进行网络隔离以增强安全性。如果不配置防火墙规则，则表示不限制访问数据库的来源，未经授权的访问也可连接数据库。如果配置防火墙规则，限制了来源、协议以及端口，例如：配置来源为172.1.4.12、协议为TCP、端口为45，访问策略为允许，则表示仅允许来源为172.1.4.12，来自 TCP 协议且端口号为45的应用访问轻量数据库。"
• open Tencent firewall port: 80, 443; 25,465,587; 993
• Tencent cloud not allow to use port 25 for outcoming email but port 465 is OK,
• letsencrypt;
• sudo tar -cpzvf letsencrypt_archive.tar.gz -C /etc letsencrypt
• -C /etc: Change directory to /etc first (so the archive contains letsencrypt/ instead of full /etc/letsencrypt/ path)
• sudo tar -xzvpf letsencrypt_archive.tar.gz -C /etc
• sudo apt install certbot python3-certbot-nginx
• dpkg -L certbot
• sudo vim /usr/lib/systemd/system/certbot.service
• add "ExecStartPost=/bin/systemctl reload nginx.service ; /bin/systemctl restart smtpd ; /bin/systemctl restart dovecot" and sudo systemctl daemon-reload
• nginx
• sudo apt install nginx
• sudo scp  vultr:/etc/nginx/nginx.conf .
• sudo scp  vultr:/etc/nginx/httpasswd .
• sudo scp  vultr:/etc/nginx/mime.types .
• sudo scp  vultr:/etc/nginx/ssl/RSA2048.pem .
• on vultr
• cd /srv/http
• sudo rm -rf .local/
• in pyblog and pymoney: sudo rm -rf __pycache__/ .venv/
• sudo tar -cpzvf http.tar.gz -C /srv http
• sudo scp  vultr:/srv/http.tar.gz .
• sudo tar -xzvpf http.tar.gz -C /sr
• update DNS record with new IP
• opensmtpd
• sudo apt install opensmtpd opensmtpd-extras opensmtpd-filter-dkimsign
• on vultr
• sudo chmod o+r myselector.*
• mkdir /etc/smtpd
• sudo scp  vultr:/etc/smtpd/smtpd.conf /etc/smtpd
• sudo ln -s /etc/smtpd/smtpd.conf /etc/smtpd.conf
• sudo scp  vultr:/etc/smtpd/myselector.* .
• sudo chown opensmtpd:opensmtpd myselector.*
• sudo scp  vultr:/etc/smtpd/aliases /etc/smtpd
• sudo scp  vultr:/etc/smtpd/users /etc/smtpd
• update smtpd.conf from "enp1s0" to "eth0"
• sudo scp vultr:/var/mail/hongy19 . ; cd /var/mail/; sudo chown hong19:hongy19 hongy19
• sudo apt isntall mutt; sudo scp vultr:/home/hongy19/.mutt/* .
• 
  
• dovecot
• sudo apt install dovecot-pop3d dovecot-imapd
• sudo scp  vultr:/etc/dovecot/dovecot.conf .
• sudo scp  vultr:/etc/dovecot/dh.pem .
• cd /etc/dovecot/conf.d
• sudo mv 10-auth.conf 10-auth.conf.orig; sudo scp  vultr:/etc/dovecot/conf.d/10-auth.conf .
• sudo scp  vultr:/etc/dovecot/conf.d/20-mailbox.conf .; sudo mv 20-mailbox.conf 10-mail.conf
• sudo scp  vultr:/etc/dovecot/conf.d/30-ssl.conf .;sudo mv 30-ssl.conf 10-ssl.conf
• sudo scp  vultr:/etc/dovecot/conf.d/40-service.conf .
• ubuntu dovecot still 2.3.2, not use new configuraiton file
• dovecot_config_version = 2.4.2
• auth_allow_cleartext = no
• passdb_driver=pam
• mail_driver = mbox
• mail_path = ~/mail
• mail_inbox_path = /var/mail/%{user}
• service_restart_request_count = 1
• ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
• ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
• ssl_server_dh_file = /etc/dovecot/dh.pem
• service_restart_request_count = 1
• driver = passwd
• 
  
• fail2ban
• sshguard
• uwsgi
• vnstat.service
• others
• cd /home/hongy19
• scp vultr:/home/hongy19/.rtorrent.rc .
• scp vultr:/home/hongy19/.vimrc .
• scp  vultr:/home/hongy19/.mailrc .
• mkdir bin; scp vultr:/home/hongy19/bin/* .
• 
  

Openclaw installation and configuration

 

• openclaw: 
• 2026.3.24 change plugin interface and many old plugin doesn't work
• openclaw update
• Weibo official plugin: 
• get appID and appSecret from 微博小龙虾
• dingtalk-connector for 钉钉: 
• follow guideline.
• get useID from 钉钉管理后台
• get groupid from "openclaw logs", @ robot at group and get following logs
• 2026-03-26T11:20:54.327Z warn [DingTalk:__default__] 群聊被拦截: conversationId=cidxxxxxxxxxxxxxxxxxxxxxxxx= 不在 groupAllowFrom 白名单中
• pinned version plugin upgrade
• backup openclaw.json
• openclaw plugins uninstall weibo-openclaw-plugin
• remove weibo in openclaw.json
• openclaw plugins install @wecode-ai/weibo-openclaw-plugin@2.0.1-beta.1
• add weibo in openclaw.json
• openclaw cron
• openclaw cron add --name "每周记忆整理" --cron "0 7 * * 1" --tz "Asia/Shanghai" --session isolated --message "整理最近 7 天的日志，提炼到长期记忆" --announce --channel weibo --to "1000000009"
• openclaw logs 
• timestamp is UTC by default, openclaw logs --local-time
• 
  

"weibo": { "enabled": true, "appId": "11111111111", "appSecret": "786aaxxxxxxxxxxxxxxxxxxxxx522" },

"dingtalk-connector": { "enabled": true, "clientId": "dingxxxxxxxxxxxxxxxxxxx", "clientSecret": "CDxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXjA", "dmPolicy": "allowlist", "allowFrom": ["000000000000000000000000000003"], "groupPolicy": "allowlist", "groupAllowFrom": ["cidxxxxxxxxxxxxxxxxxxxxxxxx="], "requireMention": true }

epub bookmark update

• rename sample.epub to sample.zip
• unzip sample.zip
• update OEBPS/toc.ncx
• in the folder which include "OEBPS", "META-INF" and "mimetype". not the folder which include folder sample
• zip -D -rX9 sample.epub * -x mimetype

Dovecot upgrade from 2.3 to 2.4

•  see link for detail guideline, Archlinux provide dovecot23 as alternative
• add two new configuration, see link
• dovecot_config_version = 2.4.2
• dovecot_storage_version = 2.4.2
• delete empy dict

#dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
#}

• change "disable_plaintext_auth = yes" to "auth_allow_cleartext = no", see link
• rename userdb and passdb. 
• passdb authenticated the user. 
• userdb lookup then retrieves post-login information specific to the authenticated user

userdb passwd {
          #driver = passwd
}
passdb pam {
          #driver = pam
          passdb_driver=pam
}

• update mail location, see example on link.

#mail_location = mbox:~/mail:INBOX=/var/mail/%u
#mail_location = mbox:~/mail:INBOX=/var/mail/%{user}

mail_driver = mbox
mail_path = ~/mail
mail_inbox_path = /var/mail/%{user}

• update ssl, see linklink.

#ssl_cert = </etc/letsencrypt/live/hongy19.net/fullchain.pem
#ssl_key =  </etc/letsencrypt/live/hongy19.net/privkey.pem
#ssl_dh =   </etc/dovecot/dh.pem
ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
ssl_server_dh_file = /etc/dovecot/dh.pem

• rename "service_count = 1" to "service_restart_request_count = 1", see link.

/var/permission

 

from link, /var/mail should have correct permissions 2775 root:mail

The first digit "2" represents the setgid (Set Group ID) special permission:

• 2 = setgid bit enabled
• When set on a directory, new files created within inherit the directory's group ownership
• This ensures all mail files created in /var/mail automatically belong to the mail group

The s represents the setgid bit. It appears in the group execute position:

• Normal group permissions: rwx (read, write, execute)
• With setgid: rws (read, write, setgid)
• With setgid but no execute: rwS (capital S)

pdflatex + ctex support Chinese font

•  Xelatex could support Chinese with ctex + Truetype/OpenType font. you could search web for detail.
• latex could support Chinese with ctex + tfm/pk font.
• pdflatex need type1 font, so tfm/pk and Truetype/OpenType font doesn't work. But there are three ways to support Chinese for pdflatex
• ctex + simsum.ttc
• \documentclass[fontset=windows]{ctexart} 
• zhmetrics provide tfm file for simsun.
• zhmetrics provide mapping file to map tfm back to simsun.ttf (Truetype), but not for other Chinese ttf font,  see /usr/share/texmf-dist/tex/generic/zhmetrics/zhwinfonts.tex
• it embedded Trutype font into pdf.

• ctex + CJKutf8 + gbsn. 
• it embedded type1 font into pdf, you could use "pdffonts" to check.

\documentclass[fontset=none]{ctexart}

\usepackage{CJKutf8}
\begin{document}
\begin{CJK*}{UTF8}{gbsn}
你好，世界！
\end{CJK*}
\end{document}

• CJK + gbsn

\documentclass{article}
\usepackage{CJK}
\begin{document}
\begin{CJK}{UTF8}{gbsn}
这是一个CJKutf8的例子，使用的字体是gbsn。
\end{CJK}
\end{document}

wifi error for raspberry: brcmfmac: brcmf_set_channel: set chanspec 0x100e fail, reason -52

 

I couldn't connect to my raspberry pi for several days. Today I conducted a trouble shooting. 

At beginning, I think system is down due to flashcard broken but later I found raspyberry still has ipv4/ipv6 address from home router. I tried to ssh but not successful. I ping the server first, ping is Ok. Then I could ssh server successfully.

it seems i am not the only guy who has this issue, see 

https://forums.raspberrypi.com/viewtopic.php?t=367466

https://askubuntu.com/questions/1508490/ubuntu-server-on-raspberry-pi-5-is-not-connecting-to-the-internet

python typing check

• Docstring Linter
• pydocstyle
• Style Linter
• pylint
• pycodestyle
• Error Linter: 
• pyflake
• pylint
• Complexity Analysis
• mccabe 
• flake8
• flake8 = Pyflakes + pycodestyle + mccabe
• type checker: 
• mypy
• run it on command line
• run it with language server, for example: pylsp
• run it with Jupyter
• nb-mypy: configure it with ipython configuration or run it with command in jupyter
•  jupyter-lsp + pylsp
• Language server
• pyls and pylsp
• prefer to use pylsp instead of pyls, see link for detail.
• difference between different linter tools
• Pylint vs Pyflakes vs Flake8 vs autopep8 vs Bandit vs Prospector vs Pylama vs Pyroma vs Black vs Mypy vs Radon vs mccabe