06 Sep 2015
I heard all the cool kids program with this thing called elixir and phoenix.
And as we all know I'm trying hard to be a cool kid (not really successful). But this is a
topic for an other blog post. So here is a small guide how you get started with phoenix on Fedora.
Install packages
The first step is installing elixir and postgresql which is the default
database back end for phoenix. And then there are other packages needed
like npm to use all these weird js front end tool which are to some extend
integrate in phoenix.
sudo dnf install erlang elixir postgresql-server npm inotify-tools
Prepare psql and enable it
Now we can setup our postgresql server.
sudo postgresql-setup initdb
After the basic setup, we need to edit the pg_hba.conf file
which you should find now in /var/lib/pgsql/data/.
So we need to change ident to md5 on the line where the ADDRESS is 127.0.0.1/32 in /var/lib/pgsql/data/pg_hba.conf.
# TYPE DATABASE USER ADDRESS METHOD
host all all 127.0.0.1/32 md5
After we change the config file we can enable the service at start up and start it.
sudo systemctl enable postgresql
sudo service postgresql start
Set a password for the postgres user. Please remember the password you set, you need it later.
sudo su - postgres
$ psql
postgres=# \password postgres
postgres=# \q
Phoenix
With all this things in place we can install the elixir package manager and phoenix.
Hint: You should check if there is a newer version than 1.0.1!
mix local.hex
mix archive.install https://github.com/phoenixframework/phoenix/releases/download/v1.0.1/phoenix_new-1.0.1.ez
Create a new project is easy.
mix phoenix.new $APPNAME
cd $APPNAME
Now you need your psql user and the password you set and configure it in config/dev.exs.
Installing all the dependencies and create the database.
mix deps.get
mix ecto.create
Start the server
Happy coding!
29 Jul 2015
If you feel the need to put ubuntu on your FreeBSD server,
here is a guide.
It's really simple, the first step is to take ubuntu
Step two put it on your server (for example my FreeBSD server)
Works also on Apple hardware
26 Jul 2015
The simplest way to check if everything work as expected, is to configure
one of your new mail accounts in your mail client and send a mail to the
test service of http://www.mail-tester.com/.
If something not working there is a good chance that you find a hint in your
mail log which you find there -> /var/log/mail.
I used also http://mxtoolbox.com/ which has a few nice
tools to check your DNS setup and SMTP.
Many useful things are stolen and copied from these articles:
Special Thanks to
This is not a part of the three part series:
26 Jul 2015
A mail server where your mail program can't receive your mails is a
bit lame. So this last post describes how you can setup a dovecot to
serve your mails over imap.
The fist step as usual is to install it.
pkg install dovecot2
echo 'dovecot_enable="YES"' >> /etc/rc.conf
I personally use a really simple IMAP configuration if you need more, lets say something like
pop3 support, you should definitely check out the dovecot documentation because
dovecot can almost everything.
But for a simple IMAP server it's just these few lines in your config (/usr/local/etc/dovecot/dovecot.conf).
protocols = imap
ssl = required
ssl_key = </usr/local/openssl/private/mail.domain.tdl.key
ssl_cert = </usr/local/openssl/certs/mail.domain.tdl.crt
mail_location = maildir:~/mbox
listen = *
userdb {
driver = passwd
args = blocking=no
}
passdb {
driver = pam
args =
}
Hint: I use here the same ssl certificat and key as for the OpenSMTPD config.
With the configuration file in place we can start (service dovecot start) and test the service.
For testing I used openssl, like this:
openssl s_client -connect mail.domain.tdl:993
It should print a lot of informations about your certificate and you should be able to login with:
a1 LOGIN yourunixusername yourunixpasswordincleartext
Which should return something like this:
a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ... LIST-STATUS BINARY MOVE] Logged in
This is the last part of a three part series:
26 Jul 2015
DKIM is a technology to validate and protect you against spoofing of your emails.
This is achieved by putting a public key in the DNS records an sign all outgoing mails
with with the private key. So everyone can validate if you authorised to send these mails.
To use this with OpenSMTPD we use dkimproxy which we need to install first.
pkg install dkimproxy
echo 'dkimproxy_out_enable="YES"' >> /etc/rc.conf
And of course we need to configure it:
$ cat /usr/local/etc/dkimproxy_out.conf
# specify what address/port DKIMproxy should listen on
listen 10.0.0.10:10027
# specify what address/port DKIMproxy forwards mail to
relay 10.0.0.10:10028
# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain domain.tdl
# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
# specify location of the private key
keyfile /usr/local/openssl/private/dkim.key
# specify the selector (i.e. the name of the key record put in DNS)
selector dkimselector
The important bits here are the listen and relay ip:port combination. For
the most setups you can use 127.0.0.1 since the DKIM proxy needs only be
accessible on the for your OpenSMTPD server. Of course you need to replace domain.tdl
with your domain but the rest you can more or less just copy.
As you can see there is a key file which we now need to create.
And the public key part of this key goes in our DNS.
openssl genrsa -out /usr/local/openssl/private/dkim.key 1024
openssl rsa -in /usr/local/openssl/private/dkim.key -pubout -out dkim_public.key
And this public key we can now put in our DNS, this should look something like this:
dkimselector._domainkey IN TXT "k=rsa; t=s; p=MIGfMA0GCSqGS...CMaVI02QIDAQAB"
Here is MIGfMA0GCSqGS...CMaVI02QIDAQAB your public key with out the -----BEGIN PUBLIC KEY-----
and -----END PUBLIC KEY----- in one line. An easy way to print your public key without new lines
is this: cat dkim_public.key | tr -d '\n'.
That's everything we need to configure on the DKIMproxy site. We can start the service with
service dkimproxy_out start.
Update OpenSMTPD configuration
We have a running DKIM proxy but it's useless if we don't route our mails through it.
To achieve this we update our smtpd config (/usr/local/etc/mail/smtpd.conf).
In a first step we add a new listen directive. The port here 10028 should match
the one you configured for the relay in the dkimproxy configuration.
listen on lo1 port 10028 tag DKIM_OUT
And we need to replace
accept from local for any relay
with
accept tagged DKIM_OUT for any relay
accept from local for any relay via "smtp://10.0.0.10:10027"
After a OpenSMTPD restart (service smtpd restart) it should tag all mails with a valid DKIM signature.
This is the second part of a three part series: