Setup Ubuntu to send mail via a remote SMTP server

We will configure a server running Ubuntu to send all mail out to a remote email address via an SMTP server. This is a redo of these instructions..

Again, I just copied an instructional as here. Cant be bothered copying it here, but I did all those steps, except I commented out this line:

#smtp_tls_CAfile = /etc/postfix/cacert.pem

Because eh.

I looked at this log and got some useful info: /var/log/mail.log

SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger) 

So I added those lines to my config file.
Then in testing I noticed that yay it actually sent the mail, although it bounced due to the ‘from address’ not being configured properly, so we create this file:
sudo nano /etc/postfix/generic with these contents:

username@hostname name@domain 
@hostname name@domain  
#use 'postmap /etc/postfix/generic' to hash this file 
#then 'service postfix restart'  

Where hostname is the hostname for the machine, and name@domain is the sender address, which usually needs to be valid with the SMTP server – although Google actually allows improper addresses. You could create different instances for different users, i.e one for root perhaps
Then add this line to the config:
smtp_generic_maps = hash:/etc/postfix/generic

Finally:
sudo postmap /etc/postfix/generic
sudo service postfix restart

Done

Spinning Up Ubuntu 16.04 on a VPS instance

  • My VPS provider (Vultr) allows inserting a public key at the time of a new instance creation, so I created a new key using an existing Linux command line:
    ssh-keygen -t rsa
  • Name server hostname (I used these instructions (archive) for hostname)
  • Set reverse DNS in VPS server console equal to FQDN
  • Change SSH port & disable password authentication with
    sudo nano "/etc/ssh/sshd_config"
    then restart ssh
    sudo systemctl restart ssh
  • create non root user, copy .ssh folder from root to their profile, making sure to chown newuser for the authorized_keys file, and add the user to group sudo – sudo addgroup groupname.
  • Add auto security updates.
    sudo apt-get install unattended-upgrades
    sudo dpkg-reconfigure unattended-upgrades
    sudo nano /etc/apt/apt.conf.d/50unattended-upgrades **requires root email for notifications*
  • Set time zone
    sudo dpkg-reconfigure tzdata

OpenVPN Server on Ubuntu 16.04

Following this guide.

NOTE 1: In the part where they edit /etc/openvpn/server.conf

I edited the server directive to read:
server 192.168.155.0 255.255.255.0

then my UFW rules are

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to ens3 (change to the interface you discovered!)
-A POSTROUTING -s 192.168.155.0/24 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Continue reading “OpenVPN Server on Ubuntu 16.04”

Beaumast Part 2

The main challenge installing guy wires onto a tiled roof was how to make anchor points. I went to a local antenna supplier and they told me the usual method is with these long self tapping o-ring bolts. So that’s what I did, it was much easier than I expected.

I used a diamond hole saw from eBay to make 2 holes in the roof tiles, and made use of an existing satellite dish mast for the final mounting point. I used threaded rod to attach a tapped o ring (or whatever you call it) to the satellite mast. Using a wet finger I was able to mold silicon around the anchor bolts in the roof tiles.

Part 1 ->

From my understanding it’s better to be earthed than not… I tried running conduit through this cement path using only an angle grinder and a chisel. This would have taken waay too long. Ended up buying a jack-hammer from gumtree (cheaper than renting). The second earth wire is from a UBNT Ethernet protector in the roof-space. This goes to a separate earth rod a small distance from the mast earth rod.