Setup Ubuntu to send mail via a remote SMTP server

We will configure a server running Ubuntu to send all mail out to a remote email address via an SMTP server. This is a redo of these instructions..

Again, I just copied an instructional as here. Cant be bothered copying it here, but I did all those steps, except I commented out this line:

#smtp_tls_CAfile = /etc/postfix/cacert.pem

Because eh.

I looked at this log and got some useful info: /var/log/mail.log

SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger) 

So I added those lines to my config file.
Then in testing I noticed that yay it actually sent the mail, although it bounced due to the ‘from address’ not being configured properly, so we create this file:
sudo nano /etc/postfix/generic with these contents:

username@hostname name@domain 
@hostname name@domain  
#use 'postmap /etc/postfix/generic' to hash this file 
#then 'service postfix restart'  

Where hostname is the hostname for the machine, and name@domain is the sender address, which usually needs to be valid with the SMTP server – although Google actually allows improper addresses. You could create different instances for different users, i.e one for root perhaps
Then add this line to the config:
smtp_generic_maps = hash:/etc/postfix/generic

Finally:
sudo postmap /etc/postfix/generic
sudo service postfix restart

Done

Spinning Up Ubuntu 16.04 on a VPS instance

  • My VPS provider (Vultr) allows inserting a public key at the time of a new instance creation, so I created a new key using an existing Linux command line:
    ssh-keygen -t rsa
  • Name server hostname (I used these instructions (archive) for hostname)
  • Set reverse DNS in VPS server console equal to FQDN
  • Change SSH port & disable password authentication with
    sudo nano "/etc/ssh/sshd_config"
    then restart ssh
    sudo systemctl restart ssh
  • create non root user, copy .ssh folder from root to their profile, making sure to chown newuser for the authorized_keys file, and add the user to group sudo – sudo addgroup groupname.
  • Add auto security updates.
    sudo apt-get install unattended-upgrades
    sudo dpkg-reconfigure unattended-upgrades
    sudo nano /etc/apt/apt.conf.d/50unattended-upgrades **requires root email for notifications*
  • Set time zone
    sudo dpkg-reconfigure tzdata

OpenVPN Server on Ubuntu 16.04

Following this guide.

NOTE 1: In the part where they edit /etc/openvpn/server.conf

I edited the server directive to read:
server 192.168.155.0 255.255.255.0

then my UFW rules are

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to ens3 (change to the interface you discovered!)
-A POSTROUTING -s 192.168.155.0/24 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Continue reading “OpenVPN Server on Ubuntu 16.04”

Project Secure Backup. Part 6

I moved the project to some acrylic in what is possibly the final stage for the project.While I thought the software reset for the Ethernet chip would suffice for connection problems, it appears this isn’t the case. I’ll try reprogramming the chip with an interrupt reboot for the main program loop, currently the device isn’t sending info to ThingSpeak.

Once the code is running smoothly (for at least a week) I’ll add email notifications. In the future I won’t use this Ethernet chip, there is a similarly priced chip I have which is much more capable.

Continue reading “Project Secure Backup. Part 6”