This guide describes how to setup a mail server where Postfix is the SMTP service, and Dovecot provides IMAP and POP services. The users may be virtual and stored in a MySQL table, or real system users, or both. The primary focus for this guide however, is a fast and secure mail server using virtual users. Continue reading
When I need to transfer lots of files or directories between computers, I usually use tar and ssh together. Last time I used it however, I realized that perhaps not everyone knows how to do this.
The procedure is very simple, and a full command could look something like this:
tar -cf – directory/ | ssh my.other.computer tar -xf – -C /destination/
Simple huh? If you want compression, just add z for gzip or j for bzip2 to both tar statements. This could be necessary if you are planning to do this over slow lines.
It all started with FVWM around 10 years ago. It continued on to Afterstep, Windowmaker, Gnome, XFCE and finally KDE. I stayed there for several years, until I tried KDE in Ubuntu Horay or maybe Warty — it was horrible. Since then I have used Gnome and I have really started to like it.
KDE in Ubuntu has never been quite as polished as Gnome, with default media keyboard bindings, suspend buttons working and all those other small things that makes a nice user experience. Well, Feisty Fawn is being released in about a month, so I decided to give KDE another try in Ubuntu.
Using Konqueror instead of Nautilus for file management works fairly well, but I had to change the default settings so that a double-click is required to activate an icon. I also don’t like the way Konqureror handles files – instead of launching images using Gwenview for instance, it shows the image embedded in the Konqureror window.
Using Konqueror for web-browsing is fairly pleasant. It’s snappy and the KHTML rendering is fine most of the time (but not on my website it seems, and Google Reader) and the websites look decent. When having many tabs open, it still seems to be running quite fast which it didn’t when I used KDE the last time.
When dragging files between windows in Nautilus, the cursor will change depending on the action to be performed. In Konqueror, a menu will pop-up and show the available options to the user. This seems to be working everywhere, and even when dragging mail in Kmail.
One big give-a-good-first-impression issue that still seems to be present is that new windows doesn’t always have the correct size from the beginning. It is of course a small matter of dragging the window and thus making it larger, but it doesn’t look very nice if a new user is presented with that. Gnome seems to have done this better, and most windows do have the correct size from start. If you need an example, have a look at the image below.
This is the window presented to the user when double-clicking on an email in Kmail. Not very pleasant, but on to nicer things.
It is possible to use the scroll to change the virtual desktop in KDE. Just hover the mouse over and empty desktop area and scroll — instant switch to another desktop! This would require Beryl in Gnome, which is frankly quite terrible. The same goes for the so called hot corners, which will switch the virtual desktop in KDE if I drag the mouse off-screen to the left or right. Again, this is only found in Beryl and not the standard metacity desktop manager of Gnome.
Switching between deskops in KDE seems to be much smoother than in Gnome. I am not sure if this is due to the usage of QT instead of GTK, or if it is the window manager itself. It is quite noticeable tough.
One of the big problems I have is Kaffeine. While the player itself is quite nice, it is using the xine backend which means that it can’t stream video from an SMB share. This is a major issue for me, and it lead to the point of me having to use Totem from Gnome with the gstreamer backend to make this possible once again. I usually don’t like mixing programs from different environments, but I had no choice on this one.
I don’t want to start a war, but after day one it seems that although Gnome looks nicer, KDE has the better applications. I will continue using KDE for a while and perhaps present a better conclusion from my point of view later on.
The Ubuntu Feisty Fawn update from yesterday gave me an interesting issue when I restarted later on. It could not find my fonts! The following was displayed when trying to start GDM:
could not open default font ‘fixed’
After some digging it seems like the font directories have been moved, so X can no longer find the fonts. To fix this, just open up /etc/X11/xorg.conf and edit the font lines to look like this:
# path to defoma fonts
The old font path was /usr/share/X11/fonts, which at least for me is now empty.
Note: This might not work in Ubuntu 10, and may cause problems. Use at your own risk!
If you are a Ubuntu and a network manager user, you have probably seen the following dialog, and you are probably sick of it too.
Yes, it will pop-up when you have logged in and even when you resume from sleep in Feisty Fawn. How about getting rid of this dialog forever? If you are running Ubuntu Feisty Fawn, you are in luck. Do this:
sudo apt-get install libpam-keyring
The next step is to actually make use of this PAM plug-in. Edit /etc/pam.d/gdm and add the following in the bottom:
Log out and back in, and the Gnome keyring will be opened by your login!
Edit: Changed the includes from the following:
auth optional pam_keyring.so try_first_pass session optional pam_keyring.so
I decided to try the upcoming Ubuntu 7.04 release, The Feisty Fawn. What I immediately noticed was that the new bcm43xx driver only supports the new 4.x release of the drivers. The problem though was that it is not very easy to find. The links in the README file did not work any longer.
It seems that Microsoft has this driver in their software catalog, so head over there and download it. The filename is 12002219.cab. Once you have it downloaded just extract it using cabextract.
Using bcm43xx-fwcutter to get the firmware itself, will enable you to use the bcm43xx driver. You will need to execute this in the directory where you extracted the cab.
sudo bcm43xx-fwcutter -w /lib/firmware bcmwl5.sys
Now if you load the bcm43xx module, you should hopefully be all set.
It seems like the driver caused my computer to crash on occasion, so be warned.
Not only did the driver crash, it didn’t support WPA for some reason, so I needed another approach. The bcm43xx driver just won’t cut it, so after a quick installation of ndiswrapper and setting the ndiswrapper driver all was better.
sudo echo “alias eth1 ndiswrapper” > /etc/modprobe.d/ndiswrapper
Using the same 4.x driver as above, install it using.
$ sudo ndiswrapper -i bcmwl5.inf
installing bcmwl5 …
forcing parameter IBSSGMode from 0 to 2
forcing parameter IBSSGMode from 0 to 2
Run the following to verify that the driver works.
$ sudo ndiswrapper -l
bcmwl5 driver installed, hardware (14E4:4324) present (alternate driver: bcm43xx)
Now just load the ndiswrapper driver and voila, instant access to WPA/WPA2 using network manager.
When you install some operating systems such as Windows or Mac OS X, they will overwrite your master boot record. If you have Linux installed you will be unable to access it, until you restore Grub on the MBR.
The easiest way is to find your Ubuntu or other Linux rescue/live/installation CD and boot it. Pop open a terminal and first find which partition is your root using fdisk.
$ sudo fdisk -l
Device Boot Start End Blocks Id System
/dev/hda1 * 1 2550 20482843+ af Unknown
/dev/hda2 2551 3825 10241437+ 83 Linux
/dev/hda3 3826 3890 522112+ 82 Linux swap / Solaris
/dev/hda4 3891 12161 66436807+ 7 HPFS/NTFS
Here we see that /dev/hda2 is our Linux partition, so we will want to mount it in order to read the Grub configuration.
sudo mount /dev/hda2 /mnt
If your don’t get any errors now your root partition should be mounted under /mnt. You can check for the grub configuration by listing the contents of the directory /mnt/boot/grub.
Now to restore the configuration just write the following.
$ sudo grub-install —-root-directory=/mnt /dev/hda
This will install Grub to MBR and use the configuration files in /mnt/boot/grub. Now just reboot your computer and you will hopefully be greeted with the ever friendly Grub menu once again.
Keeping your data synchronized with an external data storage is essential to keep your documents and other data secure. Rsync is a robust and popular tool for doing exactly this; so what better tool to use as your personal backup solution.
There are of course other tools for doing this such as Unison, which I wrote about earlier. Which tool you prefer to use for backing up your data is a matter of personal preference, as long as you actually use it. This article will not directly use the rsync tool, but instead discuss the GTK front-end, which gives the user access to the most usable functions and settings.
We will start by installing grsync with your favorite package manager. If you are using a Debian based distribution, just execute
apt-get install grsync to get hooked up.
Next, we will initialize a directory with data and a directory to keep the backup. The backup directory should of course be located on an external disk, network drive or something other than the local computer.
$ mkdir -p sync/data sync/backup
$ echo “This is the contents of the first file” > sync/data/one.txt
$ echo “This is also some dummy content” > sync/data/two.txt
The time has now come to start grsync. Start by creating a new session by clicking add and figure out a name to describe your sync pair.
Browse to the source and destination directories to select them. Note that if you are synchronizing to a FAT, NTFS or other type of file-system not supporting Unix permissions, uncheck “preserve permissions”, since those depend on how the partition is mounted, and not the actual permissions.
Before executing the task, it might be wise to run the simulation to see possible problems or just to get reassurance of which files will be copied. When you are ready to start the sync, just press execute and hope for the best.
The files should now hopefully be correctly synchronized to the
sync/backup directory. You might also notice that the actual command to rsync is displayed on the top. This command could be useful if you want to automate this process using cron or something similar.
To conclude, I have to say that Grsync is a very competent and easy to use tool, suitable for both beginners and more advanced users. The GUI looks polished and usable but will still give you detailed information if you want.
The default Ubuntu installation contains the Evolution personal information manager. It does have anti-spam filtering capabilities, but I had some problems getting it to filter any mail at all.
When incoming mail arrives, it does say “checking mail for junk” and when I mark the mail as spam it just says “learning junk” as everything is fine and dandy. The problem is that it just doesn’t do anything and it took a while before I figured out why that happens.
The anti-spam dialog looks like the following, and there are no indications that there is something that is not working properly. It doesn’t even mention anything about external tools or anything like that.
The Evolution manual states:
Evolution uses SpamAssassin as the default spam-filtering application. Before you really start using spam-filtering, ensure that SpamAssassin is installed to enable Evolution’s junk mail filtering feature.
Great, so to filter messages I have to enable the universe repository and finally install the spamassassin package. Okay fine, I can manage this, but new users shouldn’t have to worry about these kind of things. Everything must just work, or at least indicate that something needs to be installed.
These small irritations are vital to fix to make Linux as a viable option for normal users. It seems like this bug is reported in Launchpad, so something will hopefully happen in the upcoming release.
One of the biggest deficiencies in a virtual world is that authenticating a person is very hard. In the real world we can rely on our eyes, photo ID and other things. Neither of these things work directly in the digital world.
So, how can we authenticate users? Using PGP to fill this gap is very common, and this is what I will discuss today. PGP has a stormy history, but I will not go into that here, but instead refer you to the PGP Timeline.
What is needed to send secure email, files or other types of messages to people over the internet? We will use the GnuPG package, which should be easily installed in just about any system, including Windows. In a Ubuntu or other Debian based system, just write
apt-get install gnupg and you will be all set.
You should also install seahorse, which is an application for gnome which enables you to easily manage your keys. The application should the be available under Applications -> Accessories -> Encryption keys once you have it installed.
The first task is to create your very own key-pair to enable you to sign your messages and to let others send encrypted messages to you. By choosing Key -> Create new key and then selecting PGP Key, you will be presented with a form where you enter your details. You will then be presented with a password entry for your key, and it is crucial that you select a very long password. It should preferably be longer than 20 characters.
You should create a key which is at least 3072 bits long. This will provide protection for a long time in the future. While you are at it, you might as well use 4096 bits. Note that it will take a while for the key to be generated, so please be patient.
Now that you have your own key-pair, you should first of all export the key by selecting the key and clicking properties. The key must be kept it in a very safe place, such as a safe or in a bank.
You may now select Sync and publish keys in the Remote menu to upload your key to a public key-server, such as pgp.mit.edu. This will enable others to easily get your public key automatically.
If you use your favorite text editor and open
~/.gnupg/gpg.conf and enter the following two lines in the end, GnuPG will try to automatically fetch public key when they are missing:
To actually use GnuPG now, you will have to configure your email client for this. Evolution has built-in support for PGP and support for Mozilla Thunderbird can be added by installing the enigmail extension. Ubuntu users may install the
Note that it is advisable to check Always encrypt to myself. Without this setting, you will not be able to read encrypted messages you send to other people!
You are now ready to send and receive encrypted and signed mail!
But, you say, how does this key identify me as a person? Well, it doesn’t – yet. To do this, you must sign other people’s keys, and have other people sign your key, meaning that they vouch for your identity.
This is normally done face-to-face or in bigger key-signing events. The general principle is that you will bring the fingerprint of your key, and others must then verify that the key is correct. You must also you a valid photo-ID, and here is the key – by showing your photo-ID, you have tied your PGP-key to you as a person. You can get more information on key-signing events by visiting The Keysigning Party HOWTO.
This means that you must be very thorough with the verification procedure, since it is the ground on where the principles behind the PGP trust model rest. If this is not done correctly, the whole encryption is void, since you really don’t know who the person in the other end really is.
So, to sign someones key, just open the properties for that key and select the Trust tab.
Here you should click the top check-box when you have verified the person using photo-ID and checked the fingerprint of the key. Seahorse will automatically synchronize your key with a key-server once you have signed the key. The check-box underneath is where you can select whether to trust the signatures of the person you are signing. If you check this box, you will automatically trust all keys which the person you just verified trusts. Remember that you should not tick this box if you believe that this person does not manage his keys correctly, or has some other reason to distrust his signatures.
Note that all steps mentioned in this article can be done using the command-line tool
gpg. If you want to use this way instead, just read The GNU Privacy Handbook or try
gpg --help for some general information.
I have now just discussed the basics of PGP, but do not feel afraid to explore the possibilities. A good place to start is The GNU Privacy Handbook where you can read more about PGP and more specific GnuPG. If you have decided to try PGP, you are welcome to send me a signed and encrypted test message. My key-ID is
0x98CEC53A and it can be found on most key-servers. To find people using PGP in your neighborhood, log-on to Biglumber and do a quick search.
Privacy is becoming more and more important in the world. I hope that you will try this out and spread it to your friends and family. In the end, we should all hope for a safer, more secure and open society.