Category Archives: OpenBSD

Mutt account passwords

First, to give credit where it’s due, I started here. That said, here’s how I store and access account passwords in mutt on Linux.

## -- Passwords: encrypted by gpg --------------------------------------------------------------

source “/bin/gpg -d ~/.keychain/mutt.password.neopost.gpg 2>/dev/null |”

The source line in gpg tells mutt to decrypt a file at startup. The file .keychain/mutt… contains two mutt configuration lines:

set imap_pass = "<my_email_password>"
set smtp_pass = "<my_email_password>"

I created it as follows:

$ cat <<EOF | gpg -r <my_gpg_id> ~/.keychain/mutt.password.neopost.gpg
set imap_pass = "<my_email_password>"
set smtp_pass = "<my_email_password>"
EOF
$

Gpg knows how to decrypt this file and retrieve the plain text configuration. Note well that I used a “Here” document to create the file. This keeps mail password out of the filesystem. Simple stuff, at mutt startup the first time I use it, gpg-agent asks for my gpg key and unlocks the configuration snippet.

Submission brutes

Brush aside vandals attacking my submission daemon with a little sed:


submission_brutes=$(bzcat /var/log/maillog.0.bz2 | \
cat - /var/log/maillog | \
sed -Ene '/postfix\/submission\/smtpd.*errors after AUTH/s/^.*[^0-9]+(([0-9]+\.){3}[0-9]*).*$/\1/p' | sort -u)
[[ ! -z "${submission_brutes}" ]] && pfctl -t blackhole -T add ${submission_brutes}

Mother of all MiFi wishlist

My Mother of all MiFi wishlist:

  • Runs for 4 ~ 5 hours on rechargable batteries. Preferably 4xAA NiMh cells which I have in abundance.
  • WPA encryption if possible otherwise pre-auth by mac address or live auth via authpf.
  • Automatically connects to my lan using certificate based IPSec.
  • Provides DNS locally.
  • Gui configuration but can be a python TkInter of X11 Gui.
  • 802.11b/g although given my experience last week 802.11n over 5GHz would be nice.
  • SNMP configuration? That’s why I got an enterprise number from IETF.

To Do:

  • Put the Soekris Net4511 on my Kill-a-watt meter to see how much juice it really needs (and how efficient the power supply is.)
  • Figure out how to get USB into the thing. The outside internet will be a Verizon or Sprint network dongle.
  • Get a case and power supply for the 4511
  • Will OpenBSD provide WPA2 authentication?
  • How hard is it going to be to get a USB jack into a 4511 case? (Bill Johnson?)
  • How many people can I connect to it before it’s overloaded?
  • 4521 Case? Automatically has room for batteries.

Old Code does die

I have a very old VA Linux 2200 box that I use a firewall. I recently upgraded it a later version of OpenBSD but it appears that I’ve found a regression in the X Server. This machine uses the Intel 440Gx Chipset with an integrated Cirrus Logic CL GD5480 Video adapter. It looks like the support for the video adapter has fallen out of Xorg 7.2 since the old OpenBSD could drive this box at 1280x1024x16bpp even though the box only has 2M of video RAM (If you do the math, don’t ask me I’m trying to found out how myself).  The new driver can’t do this. I’ve spent a few hours trying to find Doco for the chipset in Xorg but the man page is another one of those “This section needs to be completed things…”

Greylisting via Spamd

Spamd

After far too long I’ve finally setup spamd to greylist inbound mail into vindaloo.com. This is something that I should have done a while ago. Before spamd I used a simple filtering setup for email based on Spam Assassin and using SA’s Bayes filter. It works okay but I was never happy with the performance that it needed from my box. When I first started this I was able to handle all the mail for vindaloo.com on a SparcStation 20 running OpenBSD. That’s not really special since I typically have less than 5 users. Disk space concerns forced me to upgrade to a VA Linux 2200, still running OpenBSD. That’s been very good but I’m now running into the same problems that I’ve had before. If there is any holdup in the mail system then the mail server gets hammered while the MX boxes on the internet offload mail. It’s easy to figure out why this is. I just look at the count of messages in my spam and junkmail folders. Lets see 376 messages in spam and another 246 in junkmail. That’s about 3 days worth of mail. That’s right. Despite Javascript veiling and everything else I do I get over 150 spams per day. Or at least I did until I started running spamd!