Get Git into Your Life

It amazes me how much different my git activity changes, when I reduce the risk of unauthorized data exposure to the greater Internet.

Since setting up a reliable local Gitea Server on my private LAN I found that I tend to use Git more than ever. I have been diving into things that I have been more cautious about, because of the risk of leaking secrets and confidential data. Even my activity on GitHub has increased because I can test a project internally before sharing it on GitHub.

I have started playing with Continuous Deployment, Ansible, Hugo and more. I can ‘safely’ work locally, without accidentally exposing private information to the greater internet. (If you are interested in my Home Lab Content, checkout my mini site for more.)

I also switched to my new computer about the same time my activity increased – April 2024 – may be related 🤷.

Aside: Time Gap – If you are curious about the gap between August 2023 to April 2024, shortly after I setup my first Gitea instance on my testing hypervisor (Proxmox VE) the host system started throwing disk errors. So, I stopped using that host. This was my first bare-metal hypervisor, I turned it off and forgot about it. Early 2024 I started playing with XCP-ng on a new host, I deployed a new instance on XCP-ng system. Then when I switched computers and setup a good upgrade/backup scripts for Gitea I started using Gitea more often.

Another interesting thing, I have more repos on Gitea (23 Repos, 5 Orgs) than GitHub (8 Repos, 1 Org).

So if you want to learn Git or start using it for more things, I recommend hosting a local Git Server.

Have thoughts, share them in the comments or yell at me on Twitter @Mad9Scientist.


Popular Git Servers

WordPress… Ah!

I have been using WordPress for years at this point. I deployed my first production WordPress site way back in 2010 (nearly 14 years ago), and yes that site is still alive and running – it’s my company’s website.

Lately I have been playing with a static site generators, Hugo, because I can keep the entire site under version control (git) and it loads faster. I’ve been using Hugo over on my Home Lab mini site. (Imagine that, a site is much faster when it doesn’t need a database and server side processing before sending it to the client /s). I have been trying to document and blog more things lately, but I find myself fighting with WordPress more and more. The Block Editor is neat and has added interesting features to the WordPress ‘platform’. But I find myself even fighting with the ‘blocks’ in the Block Editor. Either the blocks do not have the features one would expect or the settings for the blocks are not intuitive.

Recently while trying to make a page on my company site, I ran into an issue. I wanted to dump some custom HTML into a page for a custom art direction for the page. However, I started to fight with WP injecting random P Tags in my HTML. I’ve known of this feature for years, but I have been able to over come the issue in the past. But this time around no matter how much I tried I couldn’t get the classic editor to render the code correctly. I obviously know I can disable the Auto P feature, but it disables it site wide, which breaks the content on other pages of the site. This is a problem, I either have to go update multiple pages and posts or develop a new work around for the issue.

This is under the light of a site redesign that will “happen soon™”, so I don’t really want to do a lot of work, when I have to do a lot of work for the redesign.

WordPress is a great platform and easy to use, but every year I get closer to nuking my own WordPress Based Sites in favor of plain HTML sites. But the convenience of the back of house (WP Admin) is so nice. Along with the double edge of the WordPress Plugin Repository – even though I try not to use that many plugins. I have been thinking about dropping WordPress for a few years (since the ‘before times’), but the laziness and convenience of WordPress flow is so nice.

I have not decided that I’m going to move away from WordPress at this time.

There is a possibility that I may change this (my personal) site over to a static site, mostly because this site doesn’t need the dynamic features of WordPress or really any CMS. I will most likely re-visit this in the future…

If you have thoughts, share them with me in the comments or on Twitter.

Setup Postfix to Relay Mail for Specific Domains or Users

Mail Relaying
I have been working with my mail server a lot lately and I ran into some problems of getting mail delivered to Outlook.com Mail Accounts (Hotmail.com, Outlook.com, Live.com, etc) but I will discuss that more in another article (In Short two months later and still can’t). I have an user that subscribes to MailRoute.net’s excellent spam filtering service, and they use it with my mail server for inbound filtering. However, because Outlook.com will refuse to deliver messages from my mail server, we decided to use MailRoute’s outbound filtering – not really for the outgoing filter, but for the better deliverability to the Outlook.com Mail Accounts.

So I needed to setup my mail server to relay mail for one domain to another server that is outside of my control and network. My mail server uses Postfix 2.10 for the Mail Transfer Agent (MTA). So this is how you can configure Postfix forward (relay) all mail for one virtual domain to another mail server (smart host) before being sent to its final destination.

Setup Mail Relay on Your Mail Server

You will need to do all of this as root, so either sudo or elevate to a root shell.

  1. Create a file that will contain the domains that will be processed by another server. I used /etc/postfix/bysender.
  2. Open the file bysender, add the following information:
    @example.com   [outbound.thirdparty.server.com]
    
    • On the left @example.com is the domain that you want to have its messages forwarded (relayed) to the outside server
    • The right [outbound.thirdparty.server.com] is the server that you want to relay messages to, and yes you need the brackets
    • By the way: You could have one particular user’s messages relayed to a different outside mail server by just putting in the entire e-mail address on the left side
  3. Save and Close the bysender file.
  4. Now we need to hash/map the bysender file so that Postfix can use it. Run the following command:
    postmap /etc/postfix/bysender
  5. Now open your Postfix main.cf and insert the following:
    sender_dependent_relayhost_maps = hash:/etc/postfix/bysender
    
    • Update the file path if needed
  6. Now you need to restart Postfix, run the following command:
    service postfix restart 
    • This assumes Ubuntu’s Service Command

Go ahead and test the configuration by sending a test message from the domain and review the headers at the receiving mail account, you should see the mail being sent to your smart host, or in my case MailRoute, before arriving to the servers for the outside mail account.

Side Notes

I found this information via Zimbra Support documentation, I attempted to find this in the official Postfix documentation, but the docs for Postfix are very hard to understand, requires you to have read them all and assumes that you already know most everything about mail and message movement within a system.

Also, I found several articles suggesting to use a transport file with a very similar layout as the bysender file here, but that just caused the mail server and MailRoute to play hot potato with the message (tossing it back and forth). From what I figured is the transport file is used to override DNS entries to direct mail for a particular domain to another server that may not exist in DNS records or is behind a firewall.

I hope that this was informative and helpful to your needs.


Resources

Dovecot Password Creation from PHP

I’m currently working on making a Laravel based management system for my new mail service that I have setup using the Christoph Haas’ ISPmail Tutorial, Ars Technica’ Email Server Tutorial and others. I needed to be able to create Dovecot compatible passwords from my PHP application.

So when it came to the day-to-day management of the system I didn’t want to run SQL commands to manage the user accounts, so I started building a web based management console. When it came to creating the user’s password I ran into a small problem, I couldn’t use the doveadm pw command because the dovecot software is installed on the mail server and while the management console will be installed on my web server – two different machines. I didn’t want to install Dovecot on my web server – for reasons, so I had to find a different way of creating the user’s password. So I looked at my options to create the password in PHP, after after many hours of researching it. I found the solution – which when I found it made me feel like an idiot.

So to help anyone else that may be looking for a way to create dovecot passwords using a more secure password than MD5, via PHP. Below are the different methods of creating a Dovecot supported password in PHP.

Dovecot PHP Snippets

SHA512-CRYPT

$password = "PlainTextPassword";
$salt = substr(sha1(rand()), 0, 16);
$hashedPassword = "{SHA512-CRYPT}" . crypt($password, "$6$$salt");

SHA512 Base64 Encoded

$password = "PlainTextPassword";
$salt = substr(sha1(rand()), 0, 16);
$hashedPassword = "{SHA512.b64}" . base64_encode(hash('sha512', $password, true));

SHA256-CRYPT*

$password = "PlainTextPassword";
$salt = substr(sha1(rand()), 0, 16);
$hashedPassword = "{SHA256-CRYPT}" . crypt($password, "$5$$salt");

SHA256 Base64 Encoded*

$password = "PlainTextPassword";
$salt = substr(sha1(rand()), 0, 16);
$hashedPassword = "{SHA256.b64}" . base64_encode(hash('sha256', $password, true));

SSHA512-CRYPT (Salted)

$password = "PlainTextPassword";
$salt = substr(sha1(rand()), 0, 16);
$hashedPassword = "{SSHA512}" . base64_encode(hash('sha512', $password . $salt, true) . $salt);

SSHA256-CRYPT (Salted)

$password = "PlainTextPassword";
$salt = substr(sha1(rand()), 0, 16);
$hashedPassword = "{SSHA256}" . base64_encode(hash('sha256', $password . $salt, true) . $salt);

* Denote code that should work, but has not been directly tested. All testing involved PHP 7.

Be sure to change the salting to something either with more entropy or another function of your desire.

Be sure to test the outputted hash against your install of Dovecot by running the following command.

doveadm pw -t 'HASHED Password From Function' -p $password 

So, to test the outputted hash for the password “password123”, and assuming the function output was:

{SHA512-CRYPT}$6$24fd51974df4aa22$JiLGcBXH7JLQcRbcAyFV52r4OOVv4PbmX88E7IB22T/lJsg3/oTI.rAGcWizqV8iyYgDQ4fE9oezojT/hBfdF/ 

You would run the following command in your terminal:

doveadm pw -t '{SHA512-CRYPT}$6$24fd51974df4aa22$JiLGcBXH7JLQcRbcAyFV52r4OOVv4PbmX88E7IB22T/lJsg3/oTI.rAGcWizqV8iyYgDQ4fE9oezojT/hBfdF/' -p password123 

Aside: I would use the blowfish encryption scheme, but my server does not support it, so I used the next best thing. Also, I know there are many virtual mail management systems out there (ViMbAdmin), but I’m planning to built certain functionality of this management portal into other services I will offer to clients. I will also open source my management console, after I have clean up the code.