Posts Tagged ‘rocks’

How to renew self signed QMAIL toaster and QMAIL rocks expired SSL pem certificate

Friday, September 2nd, 2011

qmail_toaster_logo-fix-qmail-rocks-expired-ssl-pem-certificate

One of the QMAIL server installs, I have installed very long time ago. I've been notified by clients, that the certificate of the mail server has expired and therefore I had to quickly renew the certificate.

This qmail installation, SSL certificates were located in /var/qmail/control under the names servercert.key and cervercert.pem

Renewing the certificates with a new self signed ones is pretty straight forward, to renew them I had to issue the following commands:

1. Generate servercert encoded key with 1024 bit encoding

debian:~# cd /var/qmail/control
debian:/var/qmail/control# openssl genrsa -des3 -out servercert.key.enc 1024
Generating RSA private key, 1024 bit long modulus
...........++++++
.........++++++
e is 65537 (0x10001)
Enter pass phrase for servercert.key.enc:
Verifying - Enter pass phrase for servercert.key.enc:

In the Enter pass phrase for servercert.key.enc I typed twice my encoded key password, any password is good, here though using a stronger one is better.

2. Generate the servercert.key file

debian:/var/qmail/control# openssl rsa -in servercert.key.enc -out servercert.key
Enter pass phrase for servercert.key.enc:
writing RSA key

3. Generate the certificate request

debian:/var/qmail/control# openssl req -new -key servercert.key -out servercert.csr
debian:/var/qmail/control# openssl rsa -in servercert.key.enc -out servercert.key
Enter pass phrase for servercert.key.enc:writing RSA key
root@soccerfame:/var/qmail/control# openssl req -new -key servercert.key -out servercert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:My Org
Common Name (eg, YOUR name) []:
Email Address []:admin@adminmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

In the above prompts its necessery to fill in the company name and location, as each of the prompts clearly states.

4. Sign the just generated certificate request

debian:/var/qmail/control# openssl x509 -req -days 9999 -in servercert.csr -signkey servercert.key -out servercert.crt

Notice the option -days 9999 this option instructs the newly generated self signed certificate to be valid for 9999 days which is quite a long time, the reason why the previous generated self signed certificate expired was that it was built for only 365 days

5. Fix the newly generated servercert.pem permissions debian:~# cd /var/qmail/control
debian:/var/qmail/control# chmod 640 servercert.pem
debian:/var/qmail/control# chown vpopmail:vchkpw servercert.pem
debian:/var/qmail/control# cp -f servercert.pem clientcert.pem
debian:/var/qmail/control# chown root:qmail clientcert.pem
debian:/var/qmail/control# chmod 640 clientcert.pem

Finally to load the new certificate, restart of qmail is required:

6. Restart qmail server

debian:/var/qmail/control# qmailctl restart
Restarting qmail:
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.

Test the newly installed certificate

To test the newly installed SSL certificate use the following commands:

debian:~# openssl s_client -crlf -connect localhost:465 -quiet
depth=0 /C=UK/ST=London/L=London/O=My Org/OU=My Company/emailAddress=admin@adminmail.com
verify error:num=18:self signed certificate
verify return:1
...
debian:~# openssl s_client -starttls smtp -crlf -connect localhost:25 -quiet
depth=0 /C=UK/ST=London/L=London/O=My Org/OU=My Company/emailAddress=admin@adminmail.com
verify error:num=18:self signed certificate
verify return:1
250 AUTH LOGIN PLAIN CRAM-MD5
...

If an error is returned like 32943:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:607: this means that SSL variable in the qmail-smtpdssl/run script is set to 0.

To solve this error, change SSL=0 to SSL=1 in /var/qmail/supervise/qmail-smtpdssl/run and do qmailctl restart

The error verify return:1 displayed is perfectly fine and it's more of a warning than an error as it just reports the certificate is self signed.

A Holy Liturgy Tsarevo – Church on a sea rocks

Sunday, August 19th, 2012

Tsarevo sea resort sky view

Its 5th day since I’m in Tsarevo . Its my first time in Tzarevo but hope not my last time. The place is absolutely charming !
There are more than 15 beaches in the region, plenty of beautiful rocks, a little sea port and 2 beautiful Churches – one located on the tiny little city street as well as the second ancient Church located on a sea rocks nearby the sea coast.

Carevo helicopter view

The whole main city (old) part is concentrated near 3 main streets one of which can be considered central. Once one walk the central street you pass by a little park (sea garden – as we call them in bulgaria) located on right. Continuing straight in the main street in the eyesight of the viewer is a strange beautiful looking natural water carved rocks.

Once you walk towards the rocky shore mixed with sand at one’s sight view is a large cross:

Carevo end of Central Street rocks and Christ Cross

Tsarevo is a place for people who like rocky places as there are too many of rocks all around the town.
Most of the beaches here are a mixture of rocks and sand, so probably people who prefer luxurious beaches won’t like it, but for “wild souls” like me it is perfect 🙂

Here is a picture of the central Tsarevo beach.

Central beach Tzarevo picture

Today in morning for the usual Sunday holy liturgy we went to the rock located Church Dormition of Virgin Mary with Galin and his little kid.
The Church history is ancient and originally the most ancient Christian Church that was there is probably from 5th or 6th century as in many other places in Bulgaria. The current Church (stone) building is from 1895 before the liberating war for Bulgaria with Ottoman Turkish.

Dormition of Virgin Mary Church is one of the important “landmarks” of Tsarevo.Though the church is on such a “desert” place it is fully functional; Holy Liturgy is served on each big Church feast and any tourist Christian can go during day hours 09:00 – 20:00 h for short prayer or supplication.

After the Holy Liturgy, I spend some time staring at the sea view from the rock on the back of the Church building. The panorama one get from the rock eminence behind the church is amazing beautiful (purely inspirational) …

Here are some pictures of the Church, I don’t hold copyright over the pictures, so the pictures belong to the respective persons who took them.

Dormition of Virgin Mary (Theotokos) - town Carevo Tsrevo church on Rocks

Tsarevo Rock Church view

Dormition_of_virgin_Mary_long_view_picture

Tsarevo Cliff Church Uspenie Bogorodichno Dormition of Theotokos

Water Dunes Dormition of Theotokos Church on rocks view

1984 Church entrance Tsarevo Church on Sea rocks picture

Church and Bell Tower in Tsarevo town

Manowar in Kavarna

Monday, July 2nd, 2007

Everything actually started in Friday. Friday I was on a Webtech in Varna in the Technical University.This is the second Webtech conference made in Varna. I was on the lectures until dinner. Firstwe went with Nomen, Niki and Dancho to the TU University, and we lost some time searching for theroom after that we found the room where the lectures were going to be. We entered in the endingpart of the first introductionary lecture about webtech. After this there was a lecture forperl Catalyst, which was quite interesting btw after that a lecture for expect (hackman has leaded the lecture).After that we went to drink a coffee and I found out I have lost my wallet. I get mad because I thoughtwell God I try to be good to others to give to the poor etc. etc. and in return I loose 42 lv. I spendthe other part of the day staying alone on a bench outside the university and thinking about the humanexistence, after that I went home very disappointed and angry. Stelio a friend who is has led me to the Orthodox Christianianity. Called and I invited him to be my guest, we had a great time togetherdiscussing the human existence. The next day I wake up early and I was feeling awful, meaninglesslost. Nomen called and said there are on the 2nd day on the lectures of webtech conference againand that my wallet has been found with 42 lv. and my ID card in it. I PRAISED THE LORD! It wasquite a joyful for me. On the next day I decided I would go to the Manowar concert in Kavarnaand I bought the ticket from Amridikon. The concert was interesting as a whole but I realizedI’m not into metal music anymore. After that Nomen came and take me from Kavarna with a car andwe went to Tulenovo’s rocks awaiting the July Morning with some other friends (Sami, Toto, Iasho, Gegi etc.).The rocks were very beautiful and the sea’s view is great. We baked some meet and ate. In the morning, there was a Metal July. (Toto, Sami and Iasho banged there heads on Sepultura’s Roots Bloody Rootsand Territory. After that we made a sort of excursion in the Village of Tulenovo and around it around the rocks.We then moved to Balchik to leave one of the girls with us on the station to take a bus for her working place.And in the end we come back to Dobrich in 10. I was tired as hell. And sleep until 3. I then attended the Orthodox Church st. Georgi to pray to God. Later I bought some vegetables and fruits fromthe open market for my Grandma. And went to her home to give her the products. After that I saw lily on a coffee.And in the late afternood we had a walk with Nomen into the central park. Nomen suggested that it would be cool to drink beer in hishouse and to watch the film (Die Young 3) and that’s exactly what we did. This few days was quite a colorful It’s God behind thisstarting to answer my prayers slowly but surely. Thanks God for giving me all thiswonderful moments :]END—–

Fix 503 AUTH first (#5.5.1) mail receive errors in Qmail

Friday, September 2nd, 2011

I have one qmail rocks install based on Thibbs Qmalrocks tutorial

I had to do some changes, to:
/etc/service/qmail-smtpd/run and /etc/service/qmail-smtpdssl/run init scripts.

After a qmail restart suddenly qmail stopped receiving any mail messages and my sent messages was returned with an error:

Connected to xx.xxx.xx.xx but sender was rejected.
Remote host said: 503 AUTH first (#5.5.1)

After investigating the issue I finally found, that one value I’ve changed in /etc/service/qmail-smtpd/run and /etc/service/qmail-smtpdssl was causing the whole mess:

The problematic variable was:

REQUIRE_AUTH=1

To solve the issue I had to disable the value which it seems, I have enabled by mistake.

Below is a quote from http://qmail.jms1.net which explains what REQUIRE_AUTH shell variable does:

Setting REQUIRE_AUTH=1 will make the service not accept ANY mail unless the client has sent a valid AUTH command. This also prevents incoming mail from being accepted for your own domains, so do not use this setting if the service is accepting “normal” mail from the outside world.
Restarting via qmailctl restart and qmail started receiving messages normal 😉