EKS Stromzähler auslesen (Landis & Gyr E350)

Published on

Ich habe extra einen neuen Stromzähler bestellt, da dieser auch den aktuellen Stromverbrauch auslesen kann. Normalerweise kann das via der optischen Schnittstelle mit der ID 16.7 ausgelesen werden. Dieser scheint bei mir aber deaktiviert zu sein. Jedoch kann man die Spannung und der Strom ausgelesen werden womit auch wieder der aktuelle Stromverbrauch errechnet werden kann. … Continue reading EKS Stromzähler auslesen (Landis & Gyr E350)

Test Sites

Published on

For Stuff like DNSSEC / DANE / DKIM etc… there are test sites: X = righter.ch successfully 0 = Errors X DNSSEC: https://dnssec-debugger.verisignlabs.com/righter.ch O 97% Website Tests: https://en.internet.nl/site/righter.ch/ X 400 Points SSL Report: https://www.ssllabs.com/ssltest/analyze.html?d=righter.ch O DKIM Validaotr http://dkimvalidator.com/ -> needs an email to generate report X MTA-STS https://aykevl.nl/apps/mta-sts/ X DMARC https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3arighter.ch&run=toolpage  

Hardening SSL/TLS

Published on

HTTPS with Apache 2.4.29 /etc/apache2/mods-enabled/ssl.conf SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 #SSLCipherSuite “HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128” SSLCipherSuite “ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256” SSLHonorCipherOrder on SSLProtocol TLSv1.2 SSLUseStapling on SSLStaplingCache shmcb:/tmp/stapling_cache(128000) SSLCompression off SSLOpenSSLConfCmd Curves secp384r1 SSLOpenSSLConfCmd DHParameters “/etc/ssl/private/dhparams_4096.pem” SSLLabs Score A+ (4x … Continue reading Hardening SSL/TLS

Create DKIM for Postfix (and ADSP)

Published on

Install opendkim apt-get install opendkim opendkim-tools Config File /etc/opendkim.conf Syslog yes UMask 007 SOCKET inet:12345@localhost PidFile /var/run/opendkim/opendkim.pid OversignHeaders From TrustAnchorFile /usr/share/dns/root.key UserID opendkim SigningTable refile:/etc/opendkim/signing.table KeyTable /etc/opendkim/key.table SignatureAlgorithm rsa-sha256 Keys erstellen cd /etc/opendkim opendkim-genkey -d righter.ch -b 1048 -r -s 201702 mv 201702* keys chown opendkim:opendkim * chmod -R go-rwx . Insert Key in keytable … Continue reading Create DKIM for Postfix (and ADSP)

use MySQL for Spamassassin prefs

Published on

If you want tou use a MySQL DB for different Spamassassin prefs: Create DB and global Prefs: mysql create database spamassassin; CREATE TABLE userpref ( username varchar(100) NOT NULL default ”, preference varchar(30) NOT NULL default ”, value varchar(100) NOT NULL default ”, prefid int(11) NOT NULL auto_increment, PRIMARY KEY (prefid), KEY username (username) ); … Continue reading use MySQL for Spamassassin prefs

milter-greylist with Postfix on Debian 8

Published on

Install apt-get install milter-greylist Modify Config /etc/milter-greylist/greylist.conf (only changes listed) # For sendmail use the following two lines #socket “/var/run/milter-greylist/milter-greylist.sock” #user “smmsp” # For Postfix uncomment the following two lines and comment out the # sendmail ones above. socket “/var/spool/postfix/milter-greylist/milter-greylist.sock” 660 user “greylist” geoipdb “/usr/share/GeoIP/GeoIP.dat” #racl whitelist default racl greylist default Change Access mkdir /var/spool/postfix/milter-greylist … Continue reading milter-greylist with Postfix on Debian 8

Implement OLE Filter on Debian 8 / Postfix (Mraptor Milter)

Published on

To avoid this stupid OLE Viruses in Office documents, there is a OLE scanner which you can implement in your postfix http://www.decalage.info/en/python/oletools First you need some apts: apt-get install python-milter python-daemonize Then you need to install the OLE tools: pip install -U https://github.com/decalage2/oletools/archive/master.zip chomd +x /usr/local/lib/python2.7/dist-packages/oletools/mraptor_milter.py /usr/local/lib/python2.7/dist-packages/oletools/mraptor_milter.py Paste this in /etc/crontab for autostart at reboot … Continue reading Implement OLE Filter on Debian 8 / Postfix (Mraptor Milter)

Setup SRS on Postfix on Debian 8

Published on

First install postsrsd: apt-get install postsrsd Add this to Postfix main.cf: # PostSRSd settings. sender_canonical_maps = tcp:localhost:10001 sender_canonical_classes = envelope_sender recipient_canonical_maps = tcp:localhost:10002 recipient_canonical_classes= envelope_recipient,header_recipient and reload: postfix reload

Dane based on existing Postfix, Letsencrypt and DNSSEC

Published on

To activate it use following in the postfix main.cf: smtp_tls_security_level=dane smtp_dns_support_level = dnssec smtpd_use_tls=yes Now create the TLSA hash and generate a TLSA DNS Record: printf ‘%s’ $(openssl x509 -in fullchain.pem -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256 -binary | hexdump -ve ‘/1 “%02x”‘) push to DNS: _25._tcp.mail INTLSA 3600 … Continue reading Dane based on existing Postfix, Letsencrypt and DNSSEC