Blue Flower

Sunday, 05 July 2015 13:06

Installing Fetchmail

Written by

Originally taken from http://www.thedjbway.org/services/fetchmail.html
Modified for Freebsd courtesy of William Olson

fetchmail is a mail retrieval utility written by Eric S. Raymond. It is extremely flexible and configurable for a variety of retrieval and forwarding applications.

Although fetchmail has its own daemon mode, using it with a daemontools setup will provide some advantages. These include:

* consistent control interface through daemontools' svc utility
* reliable, platform-independent daemon start-up and run
* logging with multilog

Lets first install fetchmail:


# cd /usr/ports/mail/fetchmail
# make install clean

Here we also create a directory where fetchmail will reside:


# cd /var/qmail/supervise
# mkdir -m 755 fetchmail
# cd fetchmail
# fetch http://freebsdrocks.net/files/run.fetchmail
# mv run.fetchmail run
# chmod 755 run
# mkdir -m 755 log
# cd log
# fetch http://freebsdrocks.net/files/log-run
# mv log-run run
# chmod 755 run

Now to set the correct ownership on the supervise file so you can write the pid file:


# chown fetchmail:fetchmail /var/qmail/supervise/fetchmail/

If you open up the run file, you will see the INTERVAL which is the amount of seconds to wait before checking messages. Right now it is set to check messages every 5 minutes.

Now lets configure the /usr/local/etc/fetchmailrc

replace pop.server below with the actual name of the pop server
replace the user with the actual username of the host you are checking
replace the pass with the actual password of the host you are checking

The SMTP host is the IP of your qmail server. This is needed so fetchmail doesn't have to auth with qmail.

poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10

Multiple lines/polls can exist. If you're checking multiple email accounts on one server, you can just use something like so:

poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10

Or if you're checking multiple servers:

poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

Lots of different combinations are avilable.


# chown fetchmail:nofiles fetchmailrc
# chmod 600 fetchmailrc

And then create the service:


# ln -s /var/qmail/supervise/fetchmail /service/

After a few seconds run


# svstat /service/fetchmail/ /service/fetchmail/log/

And you should see something like:


/service/fetchmail/: up (pid 50481) 4 seconds
/service/fetchmail/log/: up (pid 50482) 4 seconds

If you want to force fetchmail to check messages, The svc -t /service/fetchmail command will force fetchmail to terminate and restart giving you the same effect.

Sunday, 05 July 2015 13:03

Enabling IPv6 on PFSense

Written by

Download, install, burn the iso then configure pfsense here : http://www.pfsense.org/index.php?option=com_content&task=view&id=58&Itemid=46

Run over to http://tunnelbroker.net/, click register at the bottom and once you're verfied setup an IPv6 tunnel. Once this is done print out the details page then continue on.

Login to pfsense via the console or ssh (if enabled) of pfsense and hit option 8 for the shell. Then create the following 2 scripts

# cd /usr/local/etc/rc.d/
# touch config-ipv6.sh
# chmod 755 config-ipv6.sh
# vi config-ipv6.sh

#
# Start Script
#

#!/bin/sh

IFOUT="gif0"
IFIN=""
WANIP=""

IPv6Router=""
IPv6Server=""
IPv6Client=""

IPv4Server=""
IPv4Client=""

####### Configure the stuff

# Configure the interfaces
ifconfig $IFIN inet6 $IPv6Router prefixlen 64

ifconfig $IFOUT create
ifconfig $IFOUT tunnel $IPv4Client $IPv4Server
ifconfig $IFOUT inet6 $IPv6Client $IPv6Server prefixlen 128
ifconfig $IFOUT up

route add -inet6 default fe80::%$IFOUT
route add -inet6 default $IPv6Server

# Configure IPv6 forwarding
sysctl net.inet6.ip6.forwarding=1

/usr/sbin/rtadvd -d -D -c /etc/rtadvd.conf $IFIN

cat /tmp/rules.debug | sed "/User-defined rules follow/{
p;s/.*/\
pass in quick on $IFIN inet6 from any to any\\
pass out quick on $IFIN inet6 from any to any\\
pass out quick on $IFOUT inet6 from any to any\\
pass quick proto ipv6-icmp from any to any\\
/;}" > /tmp/rules.config-ipv6.txt

# Read the new PF configuration file
pfctl -f /tmp/rules.config-ipv6.txt
pfctl -d; pfctl -e

#
# End Script
#

Leave IFOUT as it is. Don't touch it
IFIN is your LAN adapter
WANIP is your WAN IP

IPv6Router is your Routed 64 ending with a 1
IPv6Server is your Server IPv6 address
IPv6Client is your Client IPv6 address

IPv4Server is the Server IPv4 address
IPv4Client is your WAN IP

There are no other changes to be made

# cd /etc/
# vi /etc/rtadvd.conf

#
# Start Script
#

IFIN:\
:addrs#1:addr="*":prefixlen#64:tc=ether:

#
# End Script
#

IFIN is your LAN adapter
* is your Routed 64 address

Reboot and your pfsense will start handing out ip addresses. Try to ping google using 'ping6 ipv6.google.com'.

The only issue I have with this is sometimes the tunnel times out and you have to run the script manually. It's a pita but it still workisn. I would put this script in crontab and run it just before the start of the business day just to make sure the tunnel is up or run something like irssi on ipv6. The freenode IPv6 server is ipv6.chat.freenode.net

Sunday, 05 July 2015 13:02

Installing Squid

Written by

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process.

For more information, Please see http://www.squid-cache.org/

Now lets install it!


# cd /usr/ports/www/squid30
# make install clean

make sure that all below are checked:


SQUID_WCCP
SQUID_IDENT
SQUID_ARP_ACL

Now lets copy over the default configuarion file:


# cd /usr/local/etc/squid
# cp squid.conf.default squid.conf

Now edit squid.conf


# vi squid.conf

You can change the port number from the default if you would like, but I left it with port 3128

Edit "#Recommended minimum configuration:"

acl localhost src 127.0.0.0/255.255.255.255

to respective IP and subnet

Further down uncomment:

acl our_networks src 192.168.1.0/24 192.168.2.0/24

again to respective ip and subnet

uncomment:

http_access allow our_networks

save and exit and then run

Run 'squid -z' to create swap directories


# /usr/local/sbin/squid -NCd1 &

after it stops hit control c

type


# squid

if no errors, open your browser and set it to your proxy server and then try to open a webpage.

Wednesday, 08 June 2016 20:23

Setting your locale

Written by

this is for setting your locale in the USA.Run locale -a to get a list of all the available locale settings.

Edit /etc/login.conf and modify/add the following lines:

        :umask=022:\
        :charset=UTF-8:\
        :lang=en_US.UTF-8:

Run

cap_mkdb /etc/login.conf

log completely out and log back in

now run locale and this should pop up:

LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_ALL=

Sunday, 05 July 2015 13:01

Updating and Maintaining Ports and Sources

Written by

If you are going to just be using ports and not updating sources you do not have to install subversion below. To update ports just run the following command the first time:


# portsnap fetch && portsnap extract

to update ports thereafter just run


# portsnap fetch && portsnap update

You can also have ports updated via cron:


/usr/sbin/portsnap cron update

You will want to install subversion to update ports and sources. If you have already installed subversion then skip this step and continue on.


# cd /usr/ports/devel/subversion
# make install clean

Wait until it downloads a few things and then the install will be completed. At this time there are 2 subversion sites to fetch sources and ports from. Please note that if you have extracted sources and ports via sysinstall or cvsup BEFORE going through this walkthrough then they will need to be deleted first and then checked out by subversion. Updating is easy after that.

Deleting the current ports and sources

First lets get rid of the current /usr/src:


# rm -dfr /usr/src
# mkdir /usr/src

A list of the current subversion sites are below.

https://www.freebsd.org/doc/handbook/svn.html#svn-mirrors

Now we need to checkout both ports and sources using the following commands. Replace HOST with the closest mirror to you (See link above). Also on the 2nd line if you are using FreeBSD 9 then the command shown will work fine.


# cd /usr/src
# svn checkout https://svn0.us-east.FreeBSD.org/base/stable/10 /usr/src

Please DO NOT continue until at least the sources are updated via svn

Keeping up to date on your ports and sources is important. Updating sources helps your system keep up with the latest updates when you run you next make buildkernel. This is also helpful when you are upgrading. Upgrades don’t happen quite that often but it is a good idea to update them from time to time.Updating your ports is most important! If you don’t update ports, you are or could be installing an outdated port. I put this is a daily script in my ~user/bin folder called daily.sh. The command you use to update ports is

# cd /usr/ports
# svn checkout https://svn0.us-east.FreeBSD.org/ports/head /usr/ports

One good thing to start with is when you’re running scripts, give them good names so you don’t forget what they have in them. So if you run a script hourly, you can call it hourly.sh and so on. I have a daily script that runs twice a day that runs a bunch of different things:

#!/bin/sh
# Update the time to the MIT Time Server
/usr/sbin/ntpdate time.mit.edu
# updates your headers when you upgrade ClamAV or SpamAssassin
/usr/local/bin/setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
# Update sources
/usr/local/bin/cvsup -g -L 2 /root/stable-supfile
# Update Ports
/usr/local/bin/cvsup -g -L 2 /root/ports-supfile
# Backup /usr/local/etc
/bin/rm /home/wolson/archives/etc.tgz
/usr/bin/tar cvzf /home/wolson/archives/etc.tgz /usr/local/etc

Just read the notes and you should be able to figure out what that script does. That’s my daily.sh script

I would definitely recommend running a backup of vpopmail if you have a test or a backup box running. Here is the URL for it:

http://freebsdrocks.net/index.php/13-useful-qmail-utilities/87-how-to-backup-vpopmail-with-rsync-ssh

Maintaining your Ports

It is a good idea to keep your ports system up to date. There really isn’t an easy way to do this via a script so I would recommend you do this kind of thing once a week or so. If you wait a month or two or even more, you’ll have a lot of fun doing a bunch of portupgrades. If you run the following command, it will tell you what needs updating:

# pkg version -vL=

Here is my output:

linux_base-8-8.0_14 < needs updating (port has 8.0_16)
portaudit-0.5.10 < needs updating (port has 0.5.11)

Generally the way we want top do this is via portupgrade. If you haven’t installed it yet, just do:

# cd /usr/ports/ports-mgmt/portupgrade
# make install clean

If I want to upgrade linux_base-8-8.0_14 and all it's upward-recursive and downward recursive dependencies, this is what I would do:

# portupgrade -rR linux_base-8-8.0_14

Warning: I would not run the command below unless it’s on a test box. I WOULD NOT RECOMMEND THIS FOR A PRODUCTION MACHINE!!!

Here's how to upgrade all packages, downwards-recursive AND upwards-recursive, and clean up obsolete shared libraries:

# portupgrade -urRa

That’s basically it to updating and managing ports!

Sunday, 05 July 2015 13:00

Kernel Customization

Written by

This document has been updated 89/3/2016:

There may be two main reasons as to why you would want a custom kernel on your system:

You want to add some functionality to your system such as audio support, or
You may want to remove some unused drivers to conserve memory.

Either way, Making a Custom kernel will help your machine to be a faster box rather than using the GENERIC kernel. At the beginning of the install we updating your System to -STABLE which involved you downloading the src, or some simply put source, which we need for making the custom kernel. If you didn't do that step, here is what you need to do. For those of you who did update to -STABLE, skip to we can then start on the kernel customization:

Since sysinstall no longer works we need to use svnlite to install the sources. If you already have current sources please skip this step.


# cd /usr/src
# svnlite checkout https://svn0.us-east.FreeBSD.org/base/stable/10 /usr/src

This will take a few minutes to updae.

Once this is done we can then start on the kernel customization. Use one of the following commands to go to the proper folder depending if you're running i386 or amd64:


i386 users: # cd /usr/src/sys/i386/conf
amd64 users: # cd /usr/src/sys/amd64/conf

This is where FreeBSD keeps it's kernel configuration files. The generic kernel config is in the file GENERIC. All the possible kernel options can be found in the LINT file. What we will want to do first is copy GENERIC to a new Kernel name. We *NEVER* want to edit the GENERIC file.


# cp GENERIC MYKERNEL

A few notes about editing your new kernel file:

1) Here is an example line from the kernel

device ppbus # Parallel port bus (required)

any line that says (required) means exactly that. Don't comment it out or delete it. So in this example, you can delete everything below that section if you don't have a Printer, TCP/IP over parallel, or a Parallel port interface device.

2) Don't delete any lines. Comment them out with a # in the front.

3) Always change your ident line as follows

Scroll down the line that reads:
ident GENERIC

Change the line to read:
ident MYKERNEL

4) If you're not sure what you have or don't have for devices, you can check this in /var/log/messages (provided it hasn't been forever since your last reboot).

This is a great example. There are a ton of Network Card drivers in the kernel and you really only need one. Lets look in /var/log messages for your Ethernet Card. I'll use my NIC as an example:

fxp0: <Intel 82559 Pro/100 Ethernet> port 0xec00-0xec3f mem 0xdf100000-0xdf100fff,0xdf000000-0xdf0fffff irq 11 at device 9.0 on pci0

so if we edit MYKERNEL and scroll down to the PCI and make sure you keep the following lines in there and delete everything else in the PCI and ISA Network card sections:

device miibus # MII bus support
device fxp # Intel EtherExpress PRO/100B (82557, 82558)

So go ahead and make all the changes from there.

Now we can test your new kernel:

Change to the /usr/src directory.


# cd /usr/src

Compile the kernel.


# make buildkernel KERNCONF=MYKERNEL

If you get some errors you screwed up. Go fix it or copy GENERIC back to MYKERNEL and start over. If not, You can continue

Install the new kernel.


# make installkernel KERNCONF=MYKERNEL

You are done! You should reboot to make the changes effective!

If you do a uname -a after the reboot, you should now see

FreeBSD beast.local x.x-XXXXX FreeBSD 8.X-XXXXX #0: Day Mon XX XX:XX:56 EDT 2010 This email address is being protected from spambots. You need JavaScript enabled to view it.:/usr/obj/usr/src/sys/MYKERNEL i386

Page 20 of 23