Tuesday, April 07, 2026

hugo

  •  hugo new site blog
  • cd blog
  • git submodule add https://github.com/athul/archie.git themes/archie/
  • echo "theme = 'archie'" >> hugo.toml
  • hugo new content content/posts/my-first-post.md
  • hugo server --buildDrafts
  • hugo server -D
  • ssh -L 1313:localhost:1313 user@vps
  • open brower at laptop and access 127.0.0.1:1313

Posted by at No comments:

Monday, April 06, 2026

dovecot configuration

  • authentication mechanism and password scheme
    • link
    • authentication mechanism -> how password is transferred from cilent from server; passwd scheme: how password is stored in server.
  • plain and plaintext
    • auth_mechanisms = plain
    • disable_plaintext_auth = yes
    • plain is one protocol of authentication mechanism, password is plaintext; "disable_plaintext_auth=yes"  means ssl/tls is mandatory.
  •  service
    • service = 一个独立运行的 Dovecot 功能组件
      • service imap-login # IMAP 登录 
      • service imap # IMAP 邮件操作 
      • service pop3-login # POP3 登录 
      • service pop3 # POP3 邮件收取 
      • service auth # 账号密码验证 
      • service lda # 本地邮件投递
    • 只有被 Dovecot 启用的协议 / 功能,对应的 service 才会真正运行
      • /etc/dovecot/dovecot.conf
      • protocols = imap pop3 lmtp
      • 写了 imap → 启动 imap-login + imap, 写了 pop3 → 启动 pop3-login + pop3,没写的协议 → 对应的 service 完全不运行
  • namespace
    • Dovecot 的 Namespace 是「邮件文件夹的分组 / 容器」,用来划分不同来源、不同权限、不同存储位置的邮件目录,让邮件客户端能清晰区分「私人邮箱」「共享文件夹」「公共邮箱」等。
      • 你可以把它理解成电脑里的「文件夹分区」:
      • 一个 Namespace = 一个独立的邮件目录分区
      • 不同 Namespace 可以存放在不同路径、拥有不同权限、使用不同分隔符
    • 同一个名字的 namespace,会自动合并!
      • 10-mail.conf 里的 namespace inbox → 定义基础属性(inbox=yes、type、separator 等)
      • 15-mailboxes.conf 里的 namespace inbox → 定义里面的文件夹(Drafts、Sent、Trash、Junk 等)
      • Dovecot 会把它们合二为一,变成一个完整的 namespace。
namespace inbox {
 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Trash {
    special_use = \Trash
  }

  # For \Sent mailboxes there are two widely used names. We'll mark both of
  # them as \Sent. User typically deletes one of them if duplicates are created.
  mailbox Sent {
    special_use = \Sent
  }

Posted by at No comments:

opensmtp configuration

  •  hostname hongy19.net is used on listen, not key words in configuration file
  • table
    • man page
    • table could be file or db
    • table could be list or mapping
    • credential in a relay context
      • the credentials are a mapping of labels and username:password pairs, format: label1 user:password
      • passwords are not encrypted (smtpctl encrypt subcommand.)
    • table examples
      • table users   file:/etc/smtpd/users
      • table creds   file:/etc/smtpd/creds
      • table domainemail  {hongy19 = hongy19@hongy19.net}
    • relay
      • action "outbound" relay host smtps://smtp2go@mail.smtp2go.com:465 auth <creds> mail-from "@hongy19.net -> doesn't work for smtp2go
      • action "outbound" relay host smtps://smtp2go@mail.smtp2go.com:465 pki hongy19.net auth <creds> mail-from "@hongy19.net"   -> work for smtp2go
      • action "outbound" relay host smtp+tls://smtp2go@mail.smtp2go.com:587 auth <creds> mail-from "@hongy19.net" -> work for smtp2go

Posted by at No comments:

Sunday, April 05, 2026

move dovecot, opensmtpd, nginx from Archlinux to Ubuntu

 i plan to move Archlinux at vultr to Ubuntu at Tencent.

  • firewall at Tencent, 
    • no need to convert iptables to ufw since Tencent cloud has firewall
    • "在轻量数据库中,支持配置防火墙规则来控制访问权限,进行网络隔离以增强安全性。如果不配置防火墙规则,则表示不限制访问数据库的来源,未经授权的访问也可连接数据库。如果配置防火墙规则,限制了来源、协议以及端口,例如:配置来源为172.1.4.12、协议为TCP、端口为45,访问策略为允许,则表示仅允许来源为172.1.4.12,来自 TCP 协议且端口号为45的应用访问轻量数据库。"
    • open Tencent firewall port: 80, 443; 25,465,587; 993
    • Tencent not support send smtp email but it is Ok to receive email, see link 
  • letsencrypt;
    • sudo tar -cpzvf letsencrypt_archive.tar.gz -C /etc letsencrypt
      • -C /etc: Change directory to /etc first (so the archive contains letsencrypt/ instead of full /etc/letsencrypt/ path)
    • sudo tar -xzvpf letsencrypt_archive.tar.gz -C /etc
    • sudo apt install certbot python3-certbot-nginx
    • dpkg -L certbot
    • sudo vim /usr/lib/systemd/system/certbot.service
    • add "ExecStartPost=/bin/systemctl reload nginx.service ; /bin/systemctl restart smtpd ; /bin/systemctl restart dovecot" and sudo systemctl daemon-reload
  • nginx
    • sudo apt install nginx
    • sudo scp  vultr:/etc/nginx/nginx.conf .
    • sudo scp  vultr:/etc/nginx/httpasswd .
    • sudo scp  vultr:/etc/nginx/mime.types .
    • sudo scp  vultr:/etc/nginx/ssl/RSA2048.pem .
    • on vultr
      • cd /srv/http
      • sudo rm -rf .local/
      • in pyblog and pymoney: sudo rm -rf __pycache__/ .venv/
      • sudo tar -cpzvf http.tar.gz -C /srv http
    • sudo scp  vultr:/srv/http.tar.gz .
    • sudo tar -xzvpf http.tar.gz -C /sr
  • update DNS record with new IP
  • opensmtpd
    • sudo apt install opensmtpd opensmtpd-extras opensmtpd-filter-dkimsign
    • on vultr
      • sudo chmod o+r myselector.*
    • mkdir /etc/smtpd
    • sudo scp  vultr:/etc/smtpd/smtpd.conf /etc/smtpd
    • sudo ln -s /etc/smtpd/smtpd.conf /etc/smtpd.conf
    • sudo scp  vultr:/etc/smtpd/myselector.* .
    • sudo chown opensmtpd:opensmtpd myselector.*
    • sudo scp  vultr:/etc/smtpd/aliases /etc/smtpd
    • sudo scp  vultr:/etc/smtpd/users /etc/smtpd
    • update smtpd.conf from "enp1s0" to "eth0"
    • sudo scp vultr:/var/mail/hongy19 . ; cd /var/mail/; sudo chown hong19:hongy19 hongy19
    • sudo apt isntall mutt; sudo scp vultr:/home/hongy19/.mutt/* .
    • not possible to send email due to tencent policy.
  • dovecot
    • sudo apt install dovecot-pop3d dovecot-imapd
    • sudo scp  vultr:/etc/dovecot/dovecot.conf .
    • sudo scp  vultr:/etc/dovecot/dh.pem .
    • cd /etc/dovecot/conf.d
    • sudo mv 10-auth.conf 10-auth.conf.orig; sudo scp  vultr:/etc/dovecot/conf.d/10-auth.conf .
    • sudo scp  vultr:/etc/dovecot/conf.d/20-mailbox.conf .; sudo mv 20-mailbox.conf 10-mail.conf
    • sudo scp  vultr:/etc/dovecot/conf.d/30-ssl.conf .;sudo mv 30-ssl.conf 10-ssl.conf
    • sudo scp  vultr:/etc/dovecot/conf.d/40-service.conf .
    • ubuntu dovecot still 2.3.2, not use new configuraiton file
      • dovecot_config_version = 2.4.2
      • auth_allow_cleartext = no
      • passdb_driver=pam
      • mail_driver = mbox
      • mail_path = ~/mail
      • mail_inbox_path = /var/mail/%{user}
      • service_restart_request_count = 1
      • ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
      • ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
      • ssl_server_dh_file = /etc/dovecot/dh.pem
      • service_restart_request_count = 1
      • driver = passwd
    • add  following in  "10-mail.conf" according to link1 and link2
      • namespace inbox {inbox = yes}

  • fail2ban
  • sshguard
  • uwsgi
  • vnstat.service
  • others
    • cd /home/hongy19
    • scp vultr:/home/hongy19/.rtorrent.rc .
    • scp vultr:/home/hongy19/.vimrc .
    • scp  vultr:/home/hongy19/.mailrc .
    • mkdir bin; scp vultr:/home/hongy19/bin/* .

Posted by at No comments:
Subscribe to: Comments (Atom)