Category Archives: Linux

Compile SquirrelMail imapproxy with OpenSSL 1.1.1 and 3.0

Linux,

imapproxy is a application aware (POP3/IMAP) proxy, which enables webmailers such as SquirrelMail or Roundcube to save on roundtrips by using a local low-latency connection to a mail server over a high-latency connection that is being kept open.

SquirrelMail as well as imapproxy is very outdated software and you may not want to use it. However, if you really want, you may want to compile it yourself as shown in the rest of this article.

Continue reading Compile SquirrelMail imapproxy with OpenSSL 1.1.1 and 3.0

Dovecot “get_public_key(INBOX) failed: […] Mailbox attributes not enabled”

Linux, OSS, ,

If you use Dovecot as a IMAP or POP3 server, and you have looked around how to secure and design your setup, you propably came across the mail-crypt plugin for Dovecot. The plugin enables you to store mails in an encrypted manner, basically to do so called “encryption at rest”.

Continue reading Dovecot “get_public_key(INBOX) failed: […] Mailbox attributes not enabled”

Various approaches to extract the cluster state from keepalived VRRP-instances

Linux, , ,

keepalived can be used to switch one or more IPs between one or more server systems. Typically, the underlying protocol for this is VRRP (Virtual Router Redundancy Protocol).

To determine whether localhost is currently in an active (ACTIVE), passive (BACKUP), or dysfunctional (FAULT) state within the server cluster, there are multiple approaches, each with its own pros and cons.

The goal is to provide a brief overview and examine some methods in detail, making it easier for other system administrators facing the same task.

TLDR: See “Part 5 – DBus”

Continue reading Various approaches to extract the cluster state from keepalived VRRP-instances

Set up an rsyslog server with multithreaded TLS encryption using stunnel

Linux

If you run a rsyslog server using the rsyslog imtcp module with OpenSSL or GnuTLS enabled for encrypted communication support, chances are, as your infrastructure and/or log traffic grow, you will find out, that for TLS offloading, rsyslog is only able to use one thread of your multithreaded system. This is by design and until today, the imtcp module, which is also the only module supporting TLS, is not able to utilize multiple CPUs.

The imptcp, also known as plaintext-tcp module however, does support multiple threads, but cannot do any encryption.

In my case, I found that the only viable solution to multithreaded TLS offloading with rsyslog is to wrap stunnel in front of it, like this in /etc/stunnel/rsyslog-server.conf:

Continue reading Set up an rsyslog server with multithreaded TLS encryption using stunnel

Data recovery from defective storage media using ddrescue and photorec

Linux, ,

Recently, I found myself in the situation of having to undergo a large-scale recovery operation on a 15-year-old hard drive with a total runtime of nearly 70,000 hours. The drive had long suffered from numerous defective sectors and reading errors.

The specific hard drive model in question was the SAMSUNG HD501LJ, a contemporary model widely used in systems of that time. It was later replaced by 750GB and 1TB models in the following years before the hard drive division of SAMSUNG was partially acquired by Seagate in 2011.

The task at hand was not an easy one, as it involved:

  1. Safeguarding and reading as many data as possible.
  2. Making existing data available on the file systems.
  3. Locating and making available previously deleted data from the distant past.
  4. If feasible, writing the data onto a new storage medium of equal or greater size to restore the original system.
Continue reading Data recovery from defective storage media using ddrescue and photorec