Comments (0)

By Pascal, 24 October 2009 20:10

I am starting to think on how I can program more efficiently. Programming is not something I do often as my “day job” but is secondary to my regular tasks on the job. I often do not program for days so my environment is not installed in an optimized way for programming.

In general I am programming in the evenings or during the weekends, those are the times you are not disturbed by people who phone you, people asking you questions at your desk or other disturbances.  I do not like disturbances much when I programming as I need my full concentration.

Also I like to do my programming under an Linux environment. The things I program need to run under Linux and thus I also like to program under the environment it should actually run under. But moving entirely to Linux is not an option either. For my ‘day job’ I need many tools where there is no, or no sufficient alternative under Linux. Actually some applications are only there for Windows. To make it even worse some web applications only run under Internet Explorer (Booh!)

Nevertheless Linux is getting more and more usable for day to day tasks. Openoffice is an excellent alternative for Word, Firefox is an excellent browser whatever platform it runs on, and for communications like MSN or Skype there are also alternatives for Linux. So Linux is becoming a serious alternative for Windows.

Because I need both Windows as well as Linux I have my laptop setup with a dual boot solutions. When doing my normal job I run windows, when I program I use Ubuntu. For my “day time job” I really need Windows, but when I am programming Ubuntu is all I need.

Except programming on my laptop is bad for me. Because of the smaller keyboard my wrist makes an unnatural movement. So when I have to do a lot of typing I’d rather work on my regular desktop. Where I also have a wrist band to keep my wrist in a normal position.

But during the daytime I may also feel the desire to program but also have my regular job done so a dual boot solution is not the best solution for this. So I started to look for a virtualization solution. I have a dual monitor solution so I probably can run both my “day job” in one screen and when I also want to program run that on the other screen.

For this you can look into VMWare solutions. However the VMWare Server may just be a bit too much overkill, and VMWare player cannot be used to create virtual machines. However via the use of EasyVMX you can create the basic virtual machine, and as you have access to a virtual CD Rom player you can use the VMWare player to install an OS! But more on that in the EasyVMX article.

However if you use Ubuntu with for instance Gnome you may be up for a bad experience within VMWare. Mainly when you want to use the mouse you may run into troubles that may make a virtual Ubuntu solution unusable. Especially when you switch back and forth between Windows and your virtual Ubuntu machine.

There is a solution for this however. From within the VMWare community a patch has been created for VMWare tools, and if you apply this patch and install VMWare tools your Ubuntu desktop is working just fine. No more troubles with controlling the mouse!.

So I am quite happy now, I can now use both windows and Ubuntu “at the same time”. I can do my regular job whenever I need it, and I can program within Ubuntu whenever that is necessary as well. No more need for two personal computers, or a dual boot solution. Nope just virtualization baby

More info about this patch for VMWare tools & Ubuntu you can find in this posting on  the VMWare community site.

Comments (0)

By Pascal, 7 February 2009 15:27

I had some trouble getting Dovecot compiled together with OpenSSL. While normally if you compile stuff it finds it automagicly or you can give your path with something like –with-ssl=/usr/local/ssl/ Dovecot persisted in no SSL support after every configure line.

Building with SSL support ……….. : no

*sigh*

After trying all kinds of flags like CFLAGS SSLFLAGS etc etc I eventually got on the right track. Though not entirely yet because I also got all kinds of errors while compiling which were related to not have the appropriate LDFLAGS (-ldl)

Eventually the following line worked for me:

LDFLAGS=”-ldl -L/usr/local/ssl/lib” CPPFLAGS=”-I /usr/local/ssl/include/” ./configure –prefix=/usr/local/dovecot –with-ssl=openssl

Ofcourse if your openssl is located on another directory replace my directory by that directory.

Please note that this ‘problem’ mainly occured with older versions of dovecot. The latest versions seem to find SSL just fine without the LDFLAGS…

Getting a certificate

If you have real life clients and you don’t want to bug them with popups with certificate “problems” you can always buy a cheap ass certificate from one of the SSL suppliers. Advantage is that your clients already have their CA information in their OSses so it won’t give them popups.

You can already buy a certificate for a lousy $ 19,95 per year. Such a certificate will generally not contain your details like more expensive certificates do. But it is all about encryption anyway. And a cheap certificate will do that just as good as a more expensive one (well expensive ones can give you 256 bit encryption but 128 bit encryption is just fine for this purpose).

If you need to select a type a certificate of the type “Other” or “Apache” will work fine with Dovecot. Be sure however to enter the correct name (the ones you supply to your clients) like pop.mydomain.com otherwise if your clients have a different name configured in their clients they will still get a certificate error.

There are quite nice tools available at openssl for creating a certificate signing request (csr). You’ll need it when requesting your certificate from an official party.
Link: http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz

Unpack these scripts and run:

./new-server-cert.sh pop.mydomain.com

You will get the following response:

Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [MY]:

Now fill in your Country code. For instance NL for The Netherlands

State or Province Name (full name) [Perak]:

Fill in your state or province name. For instance Noord-Holland for The Netherlands

Locality Name (eg, city) [Sitiawan]:

Fill in what city your company resides in. For instance Amsterdam

Organization Name (eg, company) [My Directory Sdn Bhd]:

Fill in your company name. For instance My Corp BV

Organizational Unit Name (eg, section) [Secure Web Server]:

Fill in your Organizational Unit Name. This can be anything you want like “IT Department”

Common Name (eg, www.domain.com) []:

This is the most important question. You should enter the hostname here of your POP / Imap server. Like pop.mydomain.com. This has to be the same name your clients enter in their mail programs like Outlook or Thunderbird as incoming mail server for POP or Imap.

Email Address []:

This can be any email address at your organisation.

And there now you’re all done. You now have a pop.mydomain.com.csr file and a pop.mydomain.com.key file. You will need the CSR file for getting your certificate (there probably is some text box you need to paste the contents of this file in). You will need the key file (which contains your private info so keep access to it limited!!) for Dovecot together with the certificate file you will get from your SSL supplier.

Please note that if you buy a more expensive certificate with a full check you need to get the names of your State, City and Company name exactly right. A slight detail may get your certificate request nacked. Like if you live in The Hague you may have to enter the official name for the city (’s Gravanhage) instead of “Den Haag”.

Configuring dovecot

Now you have to configure Dovecot.

ssl_disable = no
ssl_cert_file = /usr/local/ssl/ca/crt/pop.mydomain.com.crt
ssl_key_file = /usr/local/ssl/ca/key/pop.mydomain.com.key

If you want secure POP also these settings are important:

protocols = pop3 pop3s

And:

protocol pop3 {
listen = *:110
ssl_listen = *:995
}

Ofcourse these configurations may vary for your purpose

Comments (0)

By Pascal, 20 August 2008 15:30

Compiling Exim is fairly easy. Basicly all you have to do is edit the Local/Makefile and set it up like this:

# This setting is required for any TLS support (either OpenSSL or GnuTLS)
SUPPORT_TLS=yes

# Uncomment this setting if you are using OpenSSL
TLS_LIBS=-lssl -lcrypto

TLS_LIBS=-L/usr/local/ssl/lib -lssl -lcrypto -ldl

TLS_INCLUDE=-I/usr/local/ssl/include/

Ofcourse your setup may vary if your OpenSSL include / library files are installed somewhere else.

After this you can make ; make install your files and you should be good to go.

Getting a certificate

If you have real life clients and you don’t want to bug them with popups with certificate “problems” you can always buy a cheap ass certificate from one of the SSL suppliers. Advantage is that your clients already have their CA information in their OSses so it won’t give them popups.

You can already buy a certificate from $ 19,95 per year. Such a certificate will generally not contain your details like more expensive certificates do. But it is all about encryption anyway. And a cheap certificate will do that just as good as a more expensive one (well expensive ones can give you 256 bit encryption but 128 bit encryption is just fine for this purpose).

If you need to select a type a certificate of the type “Other” or “Apache” will work fine with Dovecot. Be sure however to enter the correct name (the ones you supply to your clients) like pop.mydomain.com otherwise if your clients have a different name configured in their clients they will still get a certificate error.

There are quite nice tools available at openssl for creating a certificate signing request (csr). You’ll need it when requesting your certificate from an official party.
Link: http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz

Unpack these scripts and run:

./new-server-cert.sh pop.mydomain.com

You will get the following response:

Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [MY]:

Now fill in your Country code. For instance NL for The Netherlands

State or Province Name (full name) [Perak]:

Fill in your state or province name. For instance Noord-Holland for The Netherlands

Locality Name (eg, city) [Sitiawan]:

Fill in what city your company resides in. For instance Amsterdam

Organization Name (eg, company) [My Directory Sdn Bhd]:

Fill in your company name. For instance My Corp BV

Organizational Unit Name (eg, section) [Secure Web Server]:

Fill in your Organizational Unit Name. This can be anything you want like “IT Department”

Common Name (eg, www.domain.com) []:

This is the most important question. You should enter the hostname here of your mail server. Like mail.mydomain.com. This has to be the same name your clients enter in their mail programs like Outlook or Thunderbird as outgoing mail server.

Email Address []:

This can be any email address at your organisation.

And there now you’re all done. You now have a mail.mydomain.com.csr file and a mail.mydomain.com.key file. You will need the CSR file for getting your certificate (there probably is some text box you need to paste the contents of this file in). You will need the key file (which contains your private info so keep access to it limited!!) for Exim together with the certificate file you will get from your SSL supplier.

Please note that if you buy a more expensive certificate with a full check you need to get the names of your State, City and Company name exactly right. A slight detail may get your certificate request nacked. Like if you live in The Hague you may have to enter the official name for the city (’s Gravanhage) instead of “Den Haag”.

Configuring Exim

hostlist auth_relay_hosts = *

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
tls_certificate = /usr/local/ssl/ca/crt/mail.mydomain.crt
tls_privatekey = /usr/local/ssl/ca/key/mail.mydomain.com.key
tls_advertise_hosts = *
tls_on_connect_ports = 465 : 587

Somewhere after your ACL begins (probably somewhere where your also accept hosts that can relay through your server):

accept hosts = +auth_relay_hosts
authenticated = *
control = submission

And finally you need some authentication:

begin authenticators

fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = “${if crypteq {$2} {${lookup mysql {SELECT passwd FROM myusers WHERE user = ‘${sg {$1}{‘}{}}’ AND smtpauth= ‘1′;}}} {1}{0}}”
server_set_id = $1

fixed_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = “${if crypteq {$2} {${lookup mysql {SELECT passwd FROM myusers WHERE user = ‘${sg {$1}{‘}{}}’ AND smtpauth= ‘1′;}}} {1}{0}}”
server_set_id = $2

In this setup you will also need a “hide mysql_servers =” setup for MySQL data. For instance:

hide mysql_servers = “localhost/mydatabasename/mydatabaseuser/mypassword”

Ofcourse these configurations may vary for your purpose