pmeerw's blog
gmx.de uses a TLS alert (71) to claim insufficient security. After disabling TLSv1 in postfix, it works (i.e. mail is delivered). Amazing.
postfix/smtpd[3923583]: TLS SNI mail.pmeerw.net from mout.gmx.net[212.227.15.18] not matched, using default chain postfix/smtpd[3923583]: Untrusted TLS connection established from mout.gmx.net[212.227.15.18]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (3072 bits) client-digest SHA256 postfix/smtpd[3923583]: warning: TLS library problem: error:0A00042F:SSL routines::tlsv1 alert insufficient security:../ssl/record/rec_layer_s3.c:916:SSL alert number 71: postfix/smtpd[3923583]: NOQUEUE: lost connection after STARTTLS from mout.gmx.net[212.227.15.18] postfix/smtpd[3923583]: disconnect from mout.gmx.net[212.227.15.18] ehlo=1 starttls=1 commands=2
posted at: 14:49 | path: /configuration | permanent link
It's easy, just run sudo fwupdmgr get-updates followed by sudo fwupdmgr update.
The system needs to be on AC power to perform the update.
posted at: 22:07 | path: /configuration | permanent link
It's possible to just list multiple domains in opendkim.conf which will all get signed with the same key indicated by KeyFile and Selector (as pointed out here).
# Sign for example.com with key in /etc/dkimkeys/dkim.key using # selector 'mail' (e.g. mail._domainkey.example.com) # hacky, multiple domains, all share the same key and the same DNS setup # so we also need mail._domainkey.bla.net and mail._domainkey.blub.org DNS records Domain example.com, bla.net, blub.org KeyFile /etc/dkimkeys/example.com.key Selector mail
A more complex way with individual mappins is described here.
A good way to test the setup is appmaildev.com's DKIM Test.
posted at: 10:10 | path: /configuration | permanent link
Debian unstable recently updates the PostSRSd to 2.0.11-1+b1, breaking stuff:
sender_canonical_maps = socketmap:unix:srs:forward sender_canonical_classes = envelope_sender recipient_canonical_maps = socketmap:unix:srs:reverse recipient_canonical_classes = envelope_recipient, header_recipient
/etc/postsrsd.conf r, /var/spool/postfix/** rwk,
posted at: 11:00 | path: /configuration | permanent link
IKEA has some smart home products: Zigbee light bulbs, a temperature sensor, several remote controller, and -- most importantly -- the Dirigera hub which allows to control the devices via an app or REST API. The hub supports the matter standard and lacks technical documentation (it has USB-C for power supply, an Ethernet plug and expects to local network with WiFi). A Python package, dirigera, is available.
First step is to generate a token (JWT) to enable access to the API, which requires pressing the "Action" button on the hub.
posted at: 18:05 | path: /projects | permanent link