Simple Life

Monday, April 06, 2026

dovecot configuration

service

service = 一个独立运行的 Dovecot 功能组件

service imap-login # IMAP 登录
service imap # IMAP 邮件操作
service pop3-login # POP3 登录
service pop3 # POP3 邮件收取
service auth # 账号密码验证
service lda # 本地邮件投递

只有被 Dovecot 启用的协议 / 功能，对应的 service 才会真正运行

# /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
写了 imap → 启动 imap-login + imap, 写了 pop3 → 启动 pop3-login + pop3,没写的协议 → 对应的 service 完全不运行

namespace

Dovecot 的 Namespace 是「邮件文件夹的分组 / 容器」，用来划分不同来源、不同权限、不同存储位置的邮件目录，让邮件客户端能清晰区分「私人邮箱」「共享文件夹」「公共邮箱」等。

你可以把它理解成电脑里的「文件夹分区」：
一个 Namespace = 一个独立的邮件目录分区
不同 Namespace 可以存放在不同路径、拥有不同权限、使用不同分隔符

同一个名字的 namespace，会自动合并！

10-mail.conf 里的 namespace inbox → 定义基础属性（inbox=yes、type、separator 等）
15-mailboxes.conf 里的 namespace inbox → 定义里面的文件夹（Drafts、Sent、Trash、Junk 等）
Dovecot 会把它们合二为一，变成一个完整的 namespace。

namespace inbox {

mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}

# For \Sent mailboxes there are two widely used names. We'll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
special_use = \Sent
}

opensmtp configuration

hostname hongy19.net is used on listen, not key words in configuration file
table

man page
table could be file or db
table could be list or mapping
credential in a relay context

the credentials are a mapping of labels and username:password pairs, format: label1 user:password
passwords are not encrypted (smtpctl encrypt subcommand.)

table examples

table users file:/etc/smtpd/users
table creds file:/etc/smtpd/creds
table domainemail {hongy19 = hongy19@hongy19.net}

relay

action "outbound" relay host smtps://smtp2go@mail.smtp2go.com:465 auth <creds> mail-from "@hongy19.net -> doesn't work for smtp2go
action "outbound" relay host smtps://smtp2go@mail.smtp2go.com:465 pki hongy19.net auth <creds> mail-from "@hongy19.net" -> work for smtp2go
action "outbound" relay host smtp+tls://smtp2go@mail.smtp2go.com:587 auth <creds> mail-from "@hongy19.net" -> work for smtp2go

Sunday, April 05, 2026

move dovecot, opensmtpd, nginx from Archlinux to Ubuntu

i plan to move Archlinux at vultr to Ubuntu at Tencent.

firewall at Tencent,

no need to convert iptables to ufw since Tencent cloud has firewall
"在轻量数据库中，支持配置防火墙规则来控制访问权限，进行网络隔离以增强安全性。如果不配置防火墙规则，则表示不限制访问数据库的来源，未经授权的访问也可连接数据库。如果配置防火墙规则，限制了来源、协议以及端口，例如：配置来源为172.1.4.12、协议为TCP、端口为45，访问策略为允许，则表示仅允许来源为172.1.4.12，来自 TCP 协议且端口号为45的应用访问轻量数据库。"
open Tencent firewall port: 80, 443; 25,465,587; 993
Tencent not support send smtp email but it is Ok to receive email, see link

letsencrypt;

sudo tar -cpzvf letsencrypt_archive.tar.gz -C /etc letsencrypt

-C /etc: Change directory to /etc first (so the archive contains letsencrypt/ instead of full /etc/letsencrypt/ path)

sudo tar -xzvpf letsencrypt_archive.tar.gz -C /etc
sudo apt install certbot python3-certbot-nginx
dpkg -L certbot
sudo vim /usr/lib/systemd/system/certbot.service
add "ExecStartPost=/bin/systemctl reload nginx.service ; /bin/systemctl restart smtpd ; /bin/systemctl restart dovecot" and sudo systemctl daemon-reload

nginx

sudo apt install nginx
sudo scp vultr:/etc/nginx/nginx.conf .
sudo scp vultr:/etc/nginx/httpasswd .
sudo scp vultr:/etc/nginx/mime.types .
sudo scp vultr:/etc/nginx/ssl/RSA2048.pem .
on vultr

cd /srv/http
sudo rm -rf .local/
in pyblog and pymoney: sudo rm -rf __pycache__/ .venv/
sudo tar -cpzvf http.tar.gz -C /srv http

sudo scp vultr:/srv/http.tar.gz .
sudo tar -xzvpf http.tar.gz -C /sr

update DNS record with new IP
opensmtpd

sudo apt install opensmtpd opensmtpd-extras opensmtpd-filter-dkimsign
on vultr

sudo chmod o+r myselector.*

mkdir /etc/smtpd
sudo scp vultr:/etc/smtpd/smtpd.conf /etc/smtpd
sudo ln -s /etc/smtpd/smtpd.conf /etc/smtpd.conf
sudo scp vultr:/etc/smtpd/myselector.* .
sudo chown opensmtpd:opensmtpd myselector.*
sudo scp vultr:/etc/smtpd/aliases /etc/smtpd
sudo scp vultr:/etc/smtpd/users /etc/smtpd
update smtpd.conf from "enp1s0" to "eth0"
sudo scp vultr:/var/mail/hongy19 . ; cd /var/mail/; sudo chown hong19:hongy19 hongy19
sudo apt isntall mutt; sudo scp vultr:/home/hongy19/.mutt/* .
not possible to send email due to tencent policy.

dovecot

sudo apt install dovecot-pop3d dovecot-imapd
sudo scp vultr:/etc/dovecot/dovecot.conf .
sudo scp vultr:/etc/dovecot/dh.pem .
cd /etc/dovecot/conf.d
sudo mv 10-auth.conf 10-auth.conf.orig; sudo scp vultr:/etc/dovecot/conf.d/10-auth.conf .
sudo scp vultr:/etc/dovecot/conf.d/20-mailbox.conf .; sudo mv 20-mailbox.conf 10-mail.conf
sudo scp vultr:/etc/dovecot/conf.d/30-ssl.conf .;sudo mv 30-ssl.conf 10-ssl.conf
sudo scp vultr:/etc/dovecot/conf.d/40-service.conf .
ubuntu dovecot still 2.3.2, not use new configuraiton file

dovecot_config_version = 2.4.2
auth_allow_cleartext = no
passdb_driver=pam
mail_driver = mbox
mail_path = ~/mail
mail_inbox_path = /var/mail/%{user}
service_restart_request_count = 1
ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
ssl_server_dh_file = /etc/dovecot/dh.pem
service_restart_request_count = 1
driver = passwd

add following in "10-mail.conf" according to link1 and link2

namespace inbox {inbox = yes}

fail2ban
sshguard
uwsgi
vnstat.service
others

cd /home/hongy19
scp vultr:/home/hongy19/.rtorrent.rc .
scp vultr:/home/hongy19/.vimrc .
scp vultr:/home/hongy19/.mailrc .
mkdir bin; scp vultr:/home/hongy19/bin/* .

Thursday, March 26, 2026

Openclaw installation and configuration

openclaw:

2026.3.24 change plugin interface and many old plugin doesn't work
openclaw update

Weibo official plugin:

get appID and appSecret from 微博小龙虾

dingtalk-connector for 钉钉:

follow guideline.
get useID from 钉钉管理后台
get groupid from "openclaw logs", @ robot at group and get following logs

2026-03-26T11:20:54.327Z warn [DingTalk:__default__] 群聊被拦截: conversationId=cidxxxxxxxxxxxxxxxxxxxxxxxx= 不在 groupAllowFrom 白名单中

pinned version plugin upgrade

backup openclaw.json
openclaw plugins uninstall weibo-openclaw-plugin
remove weibo in openclaw.json
openclaw plugins install @wecode-ai/weibo-openclaw-plugin@2.0.1-beta.1
add weibo in openclaw.json

openclaw cron

openclaw cron add --name "每周记忆整理" --cron "0 7 * * 1" --tz "Asia/Shanghai" --session isolated --message "整理最近 7 天的日志，提炼到长期记忆" --announce --channel weibo --to "1000000009"

openclaw logs

timestamp is UTC by default, openclaw logs --local-time

"weibo": { "enabled": true, "appId": "11111111111", "appSecret": "786aaxxxxxxxxxxxxxxxxxxxxx522" },

"dingtalk-connector": { "enabled": true, "clientId": "dingxxxxxxxxxxxxxxxxxxx", "clientSecret": "CDxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXjA", "dmPolicy": "allowlist", "allowFrom": ["000000000000000000000000000003"], "groupPolicy": "allowlist", "groupAllowFrom": ["cidxxxxxxxxxxxxxxxxxxxxxxxx="], "requireMention": true }

Sunday, December 07, 2025

epub bookmark update

rename sample.epub to sample.zip
unzip sample.zip
update OEBPS/toc.ncx
in the folder which include "OEBPS", "META-INF" and "mimetype". not the folder which include folder sample
zip -D -rX9 sample.epub * -x mimetype

Tuesday, November 18, 2025

Dovecot upgrade from 2.3 to 2.4

see link for detail guideline, Archlinux provide dovecot23 as alternative
add two new configuration, see link

dovecot_config_version = 2.4.2
dovecot_storage_version = 2.4.2

delete empy dict

#dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
#}

change "disable_plaintext_auth = yes" to "auth_allow_cleartext = no", see link
rename userdb and passdb.

passdb authenticated the user.
userdb lookup then retrieves post-login information specific to the authenticated user

userdb passwd {
#driver = passwd
}
passdb pam {
#driver = pam
passdb_driver=pam
}

update mail location, see example on link.

#mail_location = mbox:~/mail:INBOX=/var/mail/%u
#mail_location = mbox:~/mail:INBOX=/var/mail/%{user}

mail_driver = mbox
mail_path = ~/mail
mail_inbox_path = /var/mail/%{user}

update ssl, see linklink.

#ssl_cert = </etc/letsencrypt/live/hongy19.net/fullchain.pem
#ssl_key = </etc/letsencrypt/live/hongy19.net/privkey.pem
#ssl_dh = </etc/dovecot/dh.pem
ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
ssl_server_dh_file = /etc/dovecot/dh.pem

rename "service_count = 1" to "service_restart_request_count = 1", see link.

/var/permission

from link, /var/mail should have correct permissions 2775 root:mail

The first digit "2" represents the setgid (Set Group ID) special permission:

2 = setgid bit enabled
When set on a directory, new files created within inherit the directory's group ownership
This ensures all mail files created in /var/mail automatically belong to the mail group

The s represents the setgid bit. It appears in the group execute position:

Normal group permissions: rwx (read, write, execute)
With setgid: rws (read, write, setgid)
With setgid but no execute: rwS (capital S)

Sunday, July 20, 2025

pdflatex + ctex support Chinese font

Xelatex could support Chinese with ctex + Truetype/OpenType font. you could search web for detail.
latex could support Chinese with ctex + tfm/pk font.
pdflatex need type1 font, so tfm/pk and Truetype/OpenType font doesn't work. But there are three ways to support Chinese for pdflatex

ctex + simsum.ttc

\documentclass[fontset=windows]{ctexart}
zhmetrics provide tfm file for simsun.
zhmetrics provide mapping file to map tfm back to simsun.ttf (Truetype), but not for other Chinese ttf font, see /usr/share/texmf-dist/tex/generic/zhmetrics/zhwinfonts.tex
it embedded Trutype font into pdf.

ctex + CJKutf8 + gbsn.

it embedded type1 font into pdf, you could use "pdffonts" to check.

\documentclass[fontset=none]{ctexart}

\usepackage{CJKutf8}
\begin{document}
\begin{CJK*}{UTF8}{gbsn}
你好，世界！
\end{CJK*}
\end{document}

CJK + gbsn

\documentclass{article}
\usepackage{CJK}
\begin{document}
\begin{CJK}{UTF8}{gbsn}
这是一个CJKutf8的例子，使用的字体是gbsn。
\end{CJK}
\end{document}