wrapper Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘wrapper’

How to Easily Integrate AI Into Bash on Linux with ollama

Monday, January 12th, 2026

AI is more and more entering the Computer scene and so is also in the realm of Computer / Network management. Many proficient admins already start to get advantage to it.
AI doesn’t need a GUI, or a special cloud dashboard or fancy IDE so for console geeks Sysadmins / System engineers and Dev Ops it can be straightly integrated into the bash / zsh etc. and used to easify a bit your daily sys admin tasks.

If you live in the terminal, the most powerful place to add AI is Bash itself. With a few tools and a couple of lines of shell code, you can turn your terminal into an AI-powered assistant that writes commands, explains errors, and helps automate everyday Linux tasks.

No magic. No bloat. Just Unix philosophy with a brain.

1. AI as a Command-Line Tool

Instead of treating AI like a chatbot, treat it like any other CLI utility:

stdin → prompt
stdout → response
pipes → integration

Hardware Requirements of Ollama Server

2. Minimum VM (It runs, but you’ll hate it)

Only use this to test that things work.

vCPU: 2
RAM: 4 GB
Disk: 20 GB (SSD mandatory)
Storage type: ( HDD / network storage = bad )
Models: phi3, tinyllama

Expect:

Very slow pulls
Long startup times
Laggy responses

a. Recommended VM (Actually usable)

This is the sweet spot for Bash integration and daily CLI use.

vCPU: 4–6 (modern host CPU)
RAM: 8–12 GB
Disk: 30–50 GB local SSD
CPU type: host-passthrough (important!)
NUMA: off (for small VMs)

Models that feel okay:

phi3
mistral
llama3:8b (slow but tolerable)

b. “Feels Good” VM (CPU-only but not painful)

If you want it to feel responsive.

vCPU: 8
RAM: 16 GB
Disk: NVMe-backed storage
CPU flags: AVX2 enabled
Hugepages: optional but nice

Models:

llama3:8b
codellama:7b
mixtral (slow, but usable)

Hypervisor-Specific Advice (Important)

c. KVM / Proxmox (Best choice)

CPU type: host
Enable AES-NI, AVX, AVX2
Use virtio-scsi
Cache: writeback
IO thread: enabled

d. If running VM on VMware platform

Enable Expose hardware-assisted virtualization
Use paravirtual SCSI
Reserve memory if possible

e. VirtualBox (Not recommended)

Poor CPU feature exposure
Weak IO performance

Avoid if you can

f. Local AI With Ollama (Recommended)

If you want privacy, low latency, and no API keys, Ollama is currently the easiest way to run LLMs locally on Linux.

3. Install Ollama

# curl -fsSL https://ollama.com/install.sh | sh

Start the service:

# ollama serve

Pull a model (lightweight and fast):

# ollama pull llama3

Test it:

ollama run llama3 "Explain what the ls command does"

If that works, you’re ready to integrate.

To check whether all is properly setup after installed llama3:

root@haproxy2:~# ollama list
NAME ID SIZE MODIFIED
llama3:latest 365c0bd3c000 4.7 GB About an hour ago

root@haproxy2:~# systemctl status ollama
● ollama.service – Ollama Service
Loaded: loaded (/etc/systemd/system/ollama.service; enabled; preset: enabled)
Active: active (running) since Mon 2026-01-12 16:43:30 EET; 15min ago
Main PID: 37436 (ollama)
Tasks: 16 (limit: 6999)
Memory: 5.0G
CPU: 13min 5.264s
CGroup: /system.slice/ollama.service
├─37436 /usr/local/bin/ollama serve
└─37472 /usr/local/bin/ollama runner –model /usr/share/ollama/.ollama/models/blobs/sha256-6a0746a1ec1aef3e7ec53>

яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: Flash Attention was auto, set to enabled
яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: CPU compute buffer size = 258.50 MiB
яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: graph nodes = 999
яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: graph splits = 1
яну 12 16:45:34 haproxy2 ollama[37436]: time=2026-01-12T16:45:34.959+02:00 level=INFO source=server.go:1376 msg="llama runner>
яну 12 16:45:34 haproxy2 ollama[37436]: time=2026-01-12T16:45:34.989+02:00 level=INFO source=sched.go:517 msg="loaded runners>
яну 12 16:45:35 haproxy2 ollama[37436]: time=2026-01-12T16:45:35.000+02:00 level=INFO source=server.go:1338 msg="waiting for >
яну 12 16:45:35 haproxy2 ollama[37436]: time=2026-01-12T16:45:35.001+02:00 level=INFO source=server.go:1376 msg="llama runner>
яну 12 16:55:58 haproxy2 ollama[37436]: [GIN] 2026/01/12 – 16:55:58 | 200 | 3.669915ms | 127.0.0.1 | HEAD "/"
яну 12 16:55:58 haproxy2 ollama[37436]: [GIN] 2026/01/12 – 16:55:58 | 200 | 42.244006ms | 127.0.0.1 | GET "/api/>
root@haproxy2:~#

4. Turning AI Into a Bash Command

Let’s create a simple AI helper command called ai.

Add this to your ~/.bashrc or ~/.bash_aliases:

ai() {

ollama run llama3 "$*"

}

Reload your shell:

$ source ~/.bashrc

Now you can do things like:

$ ai "Write a bash command to find large files"

$ ai "Explain this error: permission denied"

$ ai "Convert this sed command to awk"

At this point, AI is already a first-class CLI tool.

5. Using AI to Generate Bash Commands

One of the most useful patterns is asking AI to output only shell commands.

Example:

$ ai "Give me a bash command to recursively find .log files larger than 100MB. Output only the command."

Copy, paste, done.

You can even enforce this behavior with a wrapper:

aicmd() {

ollama run llama3 "Output ONLY a valid bash command. No explanation. Task: $*"

}

Now:

$ aicmd "list running processes using more than 1GB RAM"

Danger note: always read commands before running them. AI is smart, not trustworthy.

6. AI for Explaining Commands and Logs

This is where AI shines.

Pipe output directly into it:

$ dmesg | tail -n 50 | ai "Explain what is happening here"

Or errors:

$ make 2>&1 | ai "Explain this error and suggest a fix"

You’ve just built a terminal-native debugger.

7. Smarter Bash History Search

You can even use AI to interpret your intent instead of remembering exact commands:

aih() {

history | ai "From this bash history, find the best command for: $*"

}

Example:

$ aih "compress a directory into tar.gz"

It’s like Ctrl+R, but semantic.

8. Using AI With Shell Scripts

AI can help generate scripts inline:

$ ai "Write a bash script that monitors disk usage and sends a notification when it exceeds 90%"

You’re not replacing scripting skills – you’re accelerating them.

Think of AI as:

a junior sysadmin
a documentation search engine
a rubber duck that talks back

9. Where Ollama Stores Its Data

Depending on how it runs:

System service (most common)

Models live here:

/usr/share/ollama/.ollama/

Inside:

models/

blobs/

User-only install

~/.ollama/

Since you installed as root + systemd, use the first path.

See What’s Taking Space

# du -sh /usr/share/ollama/.ollama/*

Typical output:

models/ → metadata
blobs/ → the big files (GBs)

10. Remove Unused Models (Safe Way)

List models Ollama knows about:

# ollama list

Remove a model properly:

# ollama rm llama3

This removes metadata and unreferenced blobs.

Always try this first.

11. Full Manual Cleanup (Hard Reset)

If things are broken, stuck, or you want a clean slate:

Stop Ollama

# systemctl stop ollama

Delete all local models and cache

# rm -rf /usr/share/ollama/.ollama/models

# rm -rf /usr/share/ollama/.ollama/blobs

(Optional but safe)

# rm -rf /usr/share/ollama/.ollama/tmp

Start Ollama again

# systemctl start ollama

Ollama will recreate everything automatically.

Verify Cleanup Worked

# du -sh /usr/share/ollama/.ollama

# ollama list

You should see:

Very small disk usage
Empty model list

Prevent Disk Bloat (Highly Recommended)

Only pull small models on VMs

Stick to:

phi3
mistral
tinyllama

Remove models you don’t use

# ollama rm modelname

Set a custom data directory (optional)

If /usr is small, move Ollama data:

# systemctl stop ollama

# mkdir -p /opt/ollama-data

# chown -R ollama:ollama /opt/ollama-data

Edit service:

# systemctl edit ollama

Add:

[Service]

Environment=OLLAMA_HOME=/opt/ollama-data

Then:

# systemctl daemon-reload

# systemctl start ollama

Quick “Nuke It” One-Liner (Use With Care)

Deletes everything Ollama-related:

# systemctl stop ollama && rm -rf /usr/share/ollama/.ollama && systemctl start ollama

API-Based Option (Cloud Models)

If you prefer cloud models (OpenAI, Anthropic, etc.), the pattern is identical:

Use curl
Pass prompt
Parse output

Once AI returns text to stdout, Bash doesn’t care where it came from.

12. Best Practices how to use shell AI to not overload machine

Before you go wild:

Don’t auto-execute AI output
Don’t run AI as root
Treat responses as suggestions
Version-control important scripts
Keep prompts specific

AI is powerful — but Linux still assumes you know what you’re doing.

Sum it up

Adding AI to Bash isn’t about replacing skills.
It’s about removing friction.

When AI gets easy to use from the command line it is a great convenience for those who don't want to switch to browser all the time and copy / paste like crazy.
AI as a command-line tool fits perfectly into the Linux console:

composable
scriptable
optional
powerful

Once you’ve used AI from inside your shell for a few hours, going back to browser-based AI chat stuff like querying ChatGPT feels… slow and inefficient.
However keep in mind that ollama is away from perfect and has a lot of downsides and ChatGPT / Grok / DeepSeek often might give you better results, however as ollama is really isolated and non-depend on external sources your private quries will not get into a public AI historic database and you won't be tracked.
So everything has its Pros and Cons. I'm pretty sure that this tool and free AI tools like those will certainly have a good future and will be heavily used by system admins and
programmers in the coming future.
The terminal just got smarter. And it didn’t need a GUI to do it.

Tags: bashrc, brain, buffer size, copy paste, Delete, Edit, find, Flash Attention, Generate Bash Commands, graph, identical, linux?, Output, running processes, Smarter Bash History Search, Start, terminal, time, times, wrapper
Posted in AI on Linux, Automation, Educational, System Administration, Various | No Comments »

Restrict user to Run one remote Server command only via SSH authorized key passwordless authentication on Linux / UNIX / BSD

Monday, April 1st, 2019

ssh-run-restricted-terminal-without-password-on-remote-linux-server-howto

A scenario where you might need to execute remote commands as a user remote located Linux / BSD UNIX server is a common task for system admins nowadays.
Passwordless OpenSSH user server login to be able to run backup / log rotation scipts or a data anlysis is handy when used together with some tiny rsync / scp data copy scripts as a way to synchronize SMTP data between Mail servers / abstract databases (such as Redis) or PostgreSQL etc.

The overall picture is like this, we have 2 servers Unix / BSD / Linux OS Server 1 and Server 2 and both has up and running recent version of OpenSSH service.
Server 1 has to login without password to Server 2 and be able to run only a specific lets say privileged command for the sake of security only this restricted command should be runnable.

Allowing a server (LDAP or Local User account) to authorize without password to a remote server (and being able to execute) multiple set of commands poses a security risk, thus it is a good idea to Restict OpenSSH connection to remote server to be able to run only one single command.

This is luckily possible by by default in any modern OpenSSH (which allows authenticated remote users to be limited to rights for running just single sys admin scripts or a just a set of defined scripts only to remote system, this has been a very good alternative to using a complicated sudo /etc/sudoers rules files which anyways could almost always be compromised relatively easy.

Here is the task lets say a username 'sync' has to be able to run commands on your Linux server Server 1 (with a hostname – remote-server.com) to execute a remote script mysqlbackupper.sh that does a daily Linux MySQL backup via a predefined cronjob scheduled task that is triggered daily.

1. DSA or RSA SSH encryption pros and cons which one to choose?

Note this few interesting tihngs on which one to choose:

DSA (Digital Signature Algorithm) is faster to generate keys where in terms of encryption RSA is faster than
DSA
RSA is faster than DSA in verifying digital signature
DSA is faster than
RSA generating digital signature
In Data Decryption DSA is faster than RSA

Due to fact encryption is faster in RSA and decryption faster in DSA, if performance on client side is targetted a better one to use will be RSA but if it is targetted to offload remote sshd server (lets say it is old hardware or busy machine where you don't want to put extra load on it then DSA is better choice. id_rsa and id_rsa.pub (public and private keys) are used to encrypt and decrypt the ssh (tunnel) session between the client and the server so most people would be curious which one is more secure RSA or DSA encryption.
Though there are some claims that in terms of security they're more or less the same RSA is generally preferred, because encryption can be up to 4096 bits, where DSA has to be exactly 1024 bits (in the opinion of ssh-keygen). 2048 bits is ssh-keygen's default length for RSA keys, and I don't see any particular reason to use shorter ones. (The minimum possible is 768 bits; whether that's "acceptable" is situational and not recommended).

2. Generating the SSH restricted PRIV and .PUB user key pair

The authorized_key added key string value is to be generated earlier by ssh-keygen command with which we generate a key pair files:

id_dsa and id_dsa.pub

id_rsa id_rsa.pub

What kind of files will be generated depends on the type of encryption strength choosen be it DSA or RSA etc. the full list of available ones you can read manual (man ssh-keygen)

$ ssh Remote-Server-1 -v

$ cd /home/postgresqlback

$ ssh-keygen -t dsa

$ ssh-keygen -t rsa

Provide a filename and passphrase, the output files will be id_dsa / id_dsa.or id_rsa / id_rsa.pub pub key-pair and stored in ~/.ssh of username with which the command was run.

3. Set up /home/username/authorized_keys on Server 2

$ ssh Remote-server2 -v

Next you will have to create the authorized_keys file on the remote server wherehy you will be accessing without password and copy the content of id_rsa.pub / id_dsa.pub key to /home/username/authorized_keys (in that case it will be /home/postgresqlback/.ssh/authorized_keys) the postgresqlback was previously created with adduser on Server 2
$ chmod 600 /home/postgreback/authorized_keys

There is no special need to do anything too much special to make the SSH command restriction functionality available but just, the right record in /homeusername/.ssh/authorized_keys or if supposed to be run as root user in /home/postgreback/.ssh/authorized_keys on the server where you want to place the restriction following about a file syntax like OPTIONS-1 KEY_TYPE / OPTIONS-2 KEY_TYPE / OPTIONS-3 KEY_TYPE.

To authenticate with a key from a remote PC using the sshd service on Server 1 you need to have copied the key to /home/user/.ssh/authorized_keys (with a favourite text editor lets say vim from Server 1 to Server 2 so the file should contains the ssh public keys and users (list) allowed to passwordless login to server.

authorized_keys's data ordering (as mentioned above) is in form:

OPTIONS-1 KEY_TYPE PUBLIC_KEY_STRING COMMENT-1

…
OPTIONS-2 KEY_TYPE PUBLIC_KEY_STRING COMMENT-2

…

OPTIONS-3 KEY_TYPE PUBLIC_KEY_STRING COMMENT-3

…

authorized_keys_file_content

I've placed this example for more clarity the 4 fields of a public key string are marked with 1,2,3,4.

More insight on authorized_keys is on ssh.com authorized_keys documentation

Here is a real time example of a postgresqlbackup.sh that is being executed on a login with the user postgresqlback from Linux Server 1 to Linux Server 2:

command="/usr/sbin/postgresqlbackup.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding KEY_TYPE KEY COMMENT

A shell script command to run on remote server where you want to run it and limit its execution only (below is taken from /home/postgresqlback/.ssh/authorized_keys:

$ tail -n 1 /home/postgresqlback/.ssh/authorized_keys

command="/usr/sbin/postgresqlbackup.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgresqlback@remote-host-name-which-accesses-without-pass

As you see there is the OPTIONS given to OPTIONS-1 command argument

no-port-forwarding,no-x11-forwarding,no-agent-forwarding

the reason for them is as we want to restrict port forwarding and agent-forwarding (No X will be used at all) and we don't want to have SSH local / remote or Dynamic SSH tunneling enabled because of obvious (improve) security reasons.

In case if no interactive terminal will be used by the script as is the case it is also a good idea to put the no-pty next to the OPTIONS string.

no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty

Finally the restricted ssh command to run might look something like:

command="/usr/sbin/postgresqlbackup.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgreback@remote-host-name-which-accesses-without-pass

If you wonder ssh-dss is not ssh-dsa, its actually a naming convention as the Digital Signature Algorithm (DSA) is published in the Digital Signature Standard (DSS) by the NIST in FIPS 186.

3. Testing restricted SSH command user run set-up

From Server-1 (after lets say logging in via ssh to it) issue:

$ ssh -i FILENAME_with_private_auth_key username@Linux-Server2 -v

Here note that the FILENAME_with_private_auth_key (is your earlier generated id_rsa / id_dsa) as
this file will let anyone who have it at hands able to login to Linux-Server2 without any password
authentication prompt you have to make sure this file permissions are good restricted readable only
for its user owner or if run with root by root (chmod 600) might a be very good idea here.

For further executing the script via a simple user ssh to Linux-Server2 you might want to use in your trigger script or cronjob (situated on Linux Serve 1) also the -q (ssh quiet output) cmd argument:

ssh -q -i FILENAME_with_private_auth_key username@Linux-Server2

4. Configuring authorized_keys restricted given command to read / expect (fixed) arguments

Providing $SHELL command passed arguments to the script (on remote Server 2) is possible from Server 1 via given variable like $SHELLARG1,SHELLARG2,SHELLARG3 OPTIONs given below is example authorized_key file record

command="/usr/sbin/postgresqlbackup.sh $SHELLARG1 $SHELLARG2 SHELLARG3",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgresqlback@remote-host-name-which-accesses-without-pass

This will make the remote script understand SHELL variables might contain anything which the remote script postgresqlbackup.sh (on Server 2) will accept as pipeline input from Server 1.
Be aware that passing string arguments with has spaces or special characters inside might be problematic so always try to use a straightforward SHELL variables such as PATH, TEMP, PWD etc.

5. Configuring authorized_keys command user to use dynamicly procuded (arbitrary) arguments

If not only predefined strings should be accepted as arguments but any arbitrary argument should be allowed to be passed to the command there is a special variable
understood by sshd daemon

$SSH_ORIGINAL_COMMAND

The $SSH_ORIGINAL_COMMAND variable used in authorized_keys is a very interesting one and it really puzzled me the first time I've seen it in a Bash Shell script as I couldn't fully grasp the meaning but it turned out to be very simple as it can be used inside /usr/sbin/postgresqlbackup.sh to return any number of passed arguments lets say backup locations directories ( /usr/local /var/log /usr/bin /bin …) to the and that would be red and processed by the script

command="/usr/sbin/postgresqlbackup.sh $SSH_ORIGINAL_COMMAND",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgreback@remote-host-name-which-accesses-without-pass

The later use of it is from Server 1 you just pass the desired arguments

$ ssh foo@bar arg1 arg2 arg3 arg4 arg5

The most basic /usr/bin/run-script.sh wrapper to place on Linux 2 would be something like:

#!/usr/bin/env bash

case "$SSH_ORIGINAL_COMMAND" in
/var/lib/authorized-scripts/*)
$SSH_ORIGINAL_COMMAND
;;
*)
exit 1
;;
esac

But this example is SECURITY UNSAFE as someone might decide to run something like:

ssh -l user your-server /var/lib/authorized-scripts/../../../bin/rm -rf /

!!! AGAIN BE CAUTIOUS AND BE WARNED that without a properly crafted script anyminor error in it might be fatal, for example if the script is running with superuser credentials (root) on remote machine, some local user or a malicious attacker that gets access to the server might decide to run something likea bove's rm -rf /* might destroy your server !!!

Instead for a /usr/sbin/run-script.sh you might Contain something like:

#!/bin/sh

set — $SSH_ORIGINAL_COMMAND
case "$1" in
/var/lib/authorized-scripts/*)
;;
*)
exit 1
esac

command="${1#/var/lib/authorized-scripts/}"
shift
case "$command" in
*/*)
# Simplest is to reject anything with a slash…
exit 1
.*)
# …and anything starting with dot.
# If you need to whitelist subdirectories of /var/lib/authorized-scripts
# then you need much more sophisticated pathname parsing and care.
exit 1
*)
;;
esac

exec "/var/lib/authorized-scripts/$command" "$@"

As you can read above script (wrapper) example allows multiple restricted scripts to be run and would prevent you adding multiple command lines to authorized_keys and I've given this as example taken from StackExchange (Security if only allowing a few vetted commands).

Hope this is useful to some sys admin out there, if you find some other intereteresting use of the command ssh authorized_keys functionality or a script that tightents its use please share.

Tags: authentication, authorized_keys, bash, cd home, command, Configuring, databases, DSA, exit 1, home directory, iddsa.pub, idrsa.pub, options, passwordless, private, public key, restric, RSA, sbin, script, security risks, server login, Set, Shell, ssh, ssh command, ssh-keygen, sshd server, ssh_key, wrapper
Posted in Hacks, Linux, Remote System Administration, System Administration, Various | 1 Comment »

Poderosa a tabbed Terminal Emulator (PuTTY Windows Alternative)

Tuesday, December 6th, 2011

Even though, I rarely use Windows to connect to remote servers using SSH or Telnet protocols in some cases I’m forced to do that (in cases I’m away from my Linux notebook). I’m doing my best to keep away from logging anywhere via SSH using Windows as when using Windows you never know what kind of spyware, malware or Viruses is already on the system, not to mention Microsoft are sniffing a lot if not everything which is typed on the keyboard… Anyways, usually I use Putty as a quick way to access a remote SSH, however pitily PuTTY lacks an embedded functionality for Tabs and each new connection to a server I had to run a new instance of PuTTY. This is okay if you need to access a single server but in some cases where access to multple servers is necessery lacking the tab functionality and starting 10 times putty is really irritating and one forgets what kind of connection is present on which PuTTY instance.

Earlier on, I’ve blogged about the existence of PuTTY Connection Manager PuTTY add-on program which is a PuTTY wrapper which enables PuTTY to be used with Connection Tabs feature, however installing two programs is quite inconvenient, especially if you have to do this every few days (in case if travelling a lot).

Luckily there is another terminal emulator free program for Windows called PodeRoSA which natively supports a tabbed Secure Shell connections.
If you want to get some experience with it check out Poderosa’s website , here is also a screenshot of the program running few ssh encrypted connections in tabs on a Windows host.

Poderosa Windows ssh / telnet tabs terminal emulator screenshot
Another good reason that one might consider using Poderosa instead of PuTTY is the Apache License under which Poderosa is developed. Currently the Apache License is compatible with GPL free software license which makes the program fully free software. The PuTTY license is under BSD and MIT and some other weird custom license not 100% compatible with GPL and hence PuTTY can be considered less free software in terms of freedom.

Tags: apache license, blogged, BSD, connection, custom, everything, existence, feature, few days, free software license, freedom, functionality, good reason, host, instance, keyboard, Linux, linux notebook, Malware, Microsoft, multple, necessery, Putty, reason, screenshot, secure shell, servers, Shell, software, tab, tabs, telnet protocols, terminal, terminal emulator, Viruses, wrapper
Posted in System Administration, Windows | 2 Comments »

KRaptor a Raptor free software (open source) arcade game clone for GNU / Linux

Monday, January 30th, 2012

Kraptor is another Raptor Shadow of Death free software, open source clone arcade game for GNU/Linux, DOS and Windows (98, XP etc.).

KRaptor main menu game screenshot Linux Debian Squeeze

The game is not under active development anymore since 2004. Kraptor features a powerful engine for creating quickly 2D shooter games, so the game should be a good learning curve for people interested into creation of arcade game shooter games.

The game just like Rafkill is built upon DUMB sound engine.
The game intro is quite entertaining 😉 The intro plays one by one the text:

Near Future: Blobalization Imperalizm Corporations Megalomaniacs Money and Power. Slaves of the New Millenium!

KRaptor Bill gates like looking oppressor

After years of oppression, the slaved people of the world have raised against their masters. You, has a mercenary pilot, has been contacted by the popular rebellion to fight against the forces of oppression.

In the morning, you jump into your cockpit and start up the engines. It's time to get airborne and start the attack. Get ready to scramble the scum hired by the masters. Murder for freedom is the only way, you're on a mission, don't defraud us...

Like Rafkill, Kraptor is one man masterpiece created by a free software Argentinean geek known under the Kronoman artistic pseudonim. The game is really incredible for a one man work … a true masterpiece.
The game is licensed under MIT License.

Even though Kraptor is older game than Rafkill, the design is more resembling the original Raptor game. The game music is high quality stereo. Besides that music and fx sound effects are quite awesome. After each level you have a Raptor like weapons "blackmarket", where you can buy new weapons, recharge ship energy, upgrade ship etc.
The blackmarket implementation part of the game is probably the worst moment in the game along with the game menus (in my view).
Talking about graphics Kraptor supports really high number of resolutions ranging from 320×240 to 1280×1024! 640×480 is the standard resolution in which the game is running.

Kraptor raptor like Linux game plasma gun debian screenshot

Something I really like in the game is the number of multiple weapons your ship uses during play. Even if played in Easy mode it is taught.

There are game Saves after each level, so thanksfully you don't have to start again from zero once death.
At the end of each level there is a huge bad BOSS you have to destroy ;).
Kraptor the boss Debian GNU / linux

Installing Kraptor on Debian / Ubuntu and deb derivatives is with:

debian:~# apt-get install kraptor

On most rpm based Linux distributions, you can install the game by converting the deb package to rpm with alien or by building from source from Kraptor's sourceforge page

Its interesting the game name e.g. Kraptor is also a death / grind metal band name, (Maybe Kronoman is metalhead big fan of Kraptor and that's how he came up with the playful name. For all the old school game addicts there is the joystick support. I've tested it with my Genius analogous joystick and it works fine.

The game is lacking .desktop gnome definition and after once installed it only appears through Debian (section) GNOME menus and not in Applications -> Games :

Applications -> Debian -> Games -&act; Action -&t; Kraptor

Just like Rafkill on Debian the game exacutable binary is located in /usr/games/kraptor . Also like with the Rafkill case when launched the game has troubles with choppy sound and music caused by the stupid buggy! pulseaudio

Analogously like with Rafkill's case, the work around to the problematic music en sound is to use a little bash shell script like:

#!/bin/bash pulseaudio -k; /usr/games/kraptor pulseaudio --start;

You can dowload Kraptor fix sound issues wrapper here

To install it on your Debian / Ubuntu and hence make the game sound play good issue with root:

debian:~# cd /usr/bin debian:/usr/bin# wget https://www.pc-freak.net/bshscr/kraptor.wrapper.sh ... debian:/usr/bin:# chmod +x kraptor.wrapper.sh debian:/usr/bin:# mv kraptor.wrapper.sh kraptor

Tags: active development, arcade game, Argentinean, Auto, clone, Corporations, curve, Draft, Engine, freedom, game menus, game music, geek, gnu linux, joystick, Kronoman, learning curve, level, Linux, linux dos, man work, Megalomaniacs, money and power, new millenium, number, oppression, plays one, power, pseudonim, pulseaudio, quality stereo, quot, raptor game, raptor shadow, rpm, scum, shadow, shadow of death, shooter, shooter games, software, software open source, text, time, true masterpiece, Ubuntu, work, wrapper
Posted in Games Linux, Linux, Linux and FreeBSD Desktop | No Comments »

RafKill Raptor Free Software (Open Source) clone for GNU/Linux

Saturday, January 28th, 2012

I've earlier blogged on playing Apogee's Raptor Shadows of Death arcade on GNU / Linux with dosbox

All the old school raptor addicts will be interested to hear Kazzmir (Jon Rafkind) a free software devotee developer has created a small game resembling many aspects of the original Raptor arcade game.
The game is called Rafkill and is aimed to be a sort of Raptor like fork/clone.
Originally the game was also named Raptor like the DOS game, however in year 2006 it was changed to current Rafkill in order to avoid legal issues with Apogee's Raptor.

The game is not anymore in active development, the latest Rafkill release is from January 2007, anyhow even for the 2012 it is pretty entertaining. The sound and music are on a good level for a Linux / BSD shoot'em'up free software game . The graphics are not of a top quality and are too childish, but this is normal, since the game is just one man masterpiece.

Rafkill is developed in C/C++ programming language, the game music engine it uses is called DUMB (Dynamic Universal Bibliotheque). By the way DUMB library is used for music engine in many Linux arcade games. DUMB allows the Linux game developer to develop his game and play a music files within different game levels in "tracked" formats like mod, s3m, xm etc.

The game is available in compiled form for almost all existent GNU/Linux distributions, as well as one can easily port it as it is open source.

To install Rafkill on Debian, Ubuntu, Xubuntu and Linux Mint en other Debian based distros

root@debian:~# apt-get install rafkill

Installing on Fedora and other rpm based is with yum

debian:~# apt-get install rafkill ...

Once rafkill is installed, in order to start it on Debian the only way is using the rafkill (/usr/bin/rafkill) command. It appears the deb package maintainer did not wrote a gnome launcher file like for example /usr/share/applications/rafkill.desktop
Just to explain for all the GNOME noobs, the .desktop files are a description file GNOME reads in order to understand where exactly to place certain application in the (Gnome Applications, Places, System …) menu panel.

Even though it miss the .desktop, it is launchable via Applications menu under the Debian section e.g. to open it from the GNOME menus you will have to navigate to:

Applications -> Debian -> Games -> Action -> Rafkill

This "shortcut" to launch the game is quite long and hard to remember thus it is handy to directly launch it via xterm:

hipo@debian:~$ rafkill

or by pressing ALT+F2 and typing rafkill :

Starting the game I got some really ugly choppy music / sound issues.
My guess was the fizzling sounds were caused by some bug with the sound portions streamed through pulseaudio sound system.
To test if my presume is correct, stopped pulseaudio and launched rafkill once again:

hipo@debian:~$ pulseaudio -k hipo@debian:~$ rafkill

This way the game was counting on ALSA to process sound en the sound was playing perfectly fine.

I solved this problem through small wrapper shell script. The script did kill pulseaudio before launching rafkill and that way solve gchoppy sound issues, once the game execution is over the script starts pulseaudio again in order to prevent all other applications working with pulseaudio.

Finally, I've placed the executable script in /usr/bin/rafkill :

Here is the script:

#!/bin/bash pulseaudio --kill /usr/games/rafkill pulseaudio --start

You can download rafkill.wrapper.sh here
Or write in root terminal:

debian:~# cd /usr/bin debian:/usr/bin:# wget https://www.pc-freak.net/bshscr/rafkill.wrapper.sh debian:/usr/bin:# mv https://www.pc-freak.net/bshscr/rafkill.wrapper.sh rafkill debian:/usr/bin:# chmod +x rafkill

Interesting in Ubuntu Linux, rafkill music is okay and I suppose the bug is also solved in newer Linux distributions based on Ubuntu. Probably the Debian Squeeze pulseaudio (0.9.21-4) package version has a bug or smth..

After the change the game music will be playing fine and the game experience is cooler. The game is hard to play. Its really nice the game has game Saves, so once you die you don't have to start from level 1.

I've seen rafkill rolling around on freebsd.org ftps under the ubuntu packages pool, which means rafkill could probably be played easily on FreeBSD and other BSDs.

Enjoy the cool game 😉

Tags: active development, arcade game, arcade games, Auto, BSD, c c programming language, c programming language, clone, deb package, Desktop, desktop files, different game, dos game, Draft, Engine, file, form, Free, game developer, game levels, game music, Gnome, hipo, level, Linux, linux distributions, linux game, menu, mod, music engine, Open, open source clone, package, package maintainer, pulseaudio, quot, script, shadows of death, share applications, small game, software, software game, software open source, Ubuntu, Universal, wrapper, year
Posted in Games Linux, Linux, Linux and FreeBSD Desktop | 1 Comment »

Error from park wrapper: mydomain.com is already configured. Sorry, that domain is already setup (remove it from httpd.conf) – How to solve

Monday, July 4th, 2011

If you’re administrating a Cpanel server and you come across an error message while trying to use cpanel’s domain addon menu and you want to fix that you will need to do the following logged in as root over an ssh connection:

1. Remove dns related stuff in /var/named and /var/named/cache cpanel:~# rm -f /var/named/mydomain.com.dbcpanel:~# rm -f /var/named/cache/mydomain.com.db

2. Edit the current used httpd.conf on the server and remove all virtualhost domain definitions

cpanel:~# vim /etc/httpd/conf/httpd.conf # find the mydomain.com Virtualhost definitions and completely remove them

3. Remove any domain occurance in /var/cpanel/users

cpanel:~# cd /var/cpanel/users/ cpanel:/var/cpanel/users# grep -rli 'mydomain.com' * /var/cpanel/users/hipo cpanel:~# vim /var/cpanel/users/hipo # remove in above file any domain related entries

3. Remove anything related to mydomain.com in /etc/userdomains and /etc/localdomains

cpanel:~# vim /etc/userdomains cpanel:~# vim /etc/localdomains # again look inside the two files and remove the occuring entries

4. Edit /etc/named.conf and remove any definitions of mydomain.com

cpanel:~# vim /etc/named.conf # in above file remove DNS configuration for mydomain.com

5. Run /scripts/updateuserdomains

cpanel:~# /scripts/updateuserdomains

6. Delete any valias configurations

cpanel:~# rm -f /etc/valiases/mydomain.com cpanel:~# rm -f /etc/vdomainaliases/mydomain.com cpanel:~# rm -f/etc/vfilters/mydomain.com

7. Remove any occurance of mydomain.com in the user directory which experiences the Error from park wrapper: error

Let’s say the user testuser is experiencing the error, in that case you will have to remove:

cpanel:~# rm -rf /home/testuser/public_html/mydomain.com

8. Restart Cpanel

This step is optional though I think it’s also a good practice as it will at least restart the Cpanel webserver (Apache or Litespeed depending on your conf)

cpanel:~# /etc/init.d/cpanel restart

Now try to add up the domain via the Cpanel domain addon interface, hopefully the issue should be fixed by now. If not you might also check if there is no some record about mydomain.com in the mysql server.
Cheers 😉

Tags: addon, apache, Cheers, com, comcpanel, connection, cpa, dbcpanel, Delete, DNS, domain definitions, error message, file, hipo, init, litespeed, menu, mydomain, occurance, occuring, Restart, rf, rli, root, scripts, ssh, ssh connection, testuser, userdomainscpanel, vim, wrapper
Posted in Linux, System Administration | No Comments »

How to enable Domain Keys (DKIM) in Qmail toaster based mail server install on Debian Linux

Wednesday, May 25th, 2011

Qmail dkim domain keys logo

Recently the Emails sent by one of the Qmail mail servers running on a Debian host started suddenly delivering in Spam folder in both Gmail.com and yahoo.com public mail services.

This is pretty nasty as many of the websites which used the local qmail server to deliver emails concerning subscriptions and other kind of services provided by the websites started ending in Span and thus many of the users who used their Yahoo Mail account and Google Mail – gmail accounts was unable to read emails mailed by the various websites forms and scripts which were sending emails.
You can imagine the negative effect all this “minor” mail issues had on website visitors count and the overall websites functionality.
To come up with some kind of solution to this mail issues, I did quite a lot of research to understand if Yahoo and Google Mail services has some kind of mail server delist form or some reporting service where one can delist a specific mail server as a spammer one or get some kind of help, but unfortunately it seems neither google nor yahoo has any kind of web based way to remove hosts or ip addresses of legit mail servers who has mistakenly been recognized as spam servers.

During my efforts to find a solution to the situation I red a lot of posts and forums online as well as Google’s Bulk Sender Guidelines, none if it was too helpful though.

The QMAIL server had a proper:
1. MX Record 2. TXT SPF records 3. PTR Record 4. There are proper correct mail message headers 5. Proper mails charset and encoding 6. The mail server IP is not listed anywhere in any mail blacklists (e.g. www.mxtoolbox.com/blacklists.aspx / spamhaus.org) 7. A correct SMTP greeting which matched the mail server domain name

The only thing which was missing on the mail server (checked against Google’s Bulk Sender Guidelines) was a properly configured DKIM and Domainkeys.

Thus in order to get around the situation I went the way and configured the qmail server to include and send in the mail header also Domain Keys

In this article I will briefly explain step by step how I configured Domain keys (DKIM) signing of my mails:

There are few ways domain keys signing can be implemented with Qmail.

1. By patching qmail binaries to support domain keys signing

I wanted to omit any interventions concerning the well running qmail install so I decided not to go this way.
Plus there are plenty of add-ons for qmail and as I have no time to test them the idea not to temper the existing qmail installation looked wise to me.
2. Use a wrapprer script around qmail-remote that invokes externally domainkeys binaries

This kind of solution was fitting me better and therefore I took this route to enable my qmail DKIM signing.

There are few approaches one can take described online:

Use a perl script wrapper which does does the DKIM signing (http://manuel.mausz.at/coding/qmail-dkim/)

I tried using the qmail-dkim-0.2.pl wrapper script following the exact steps described to be fulfilled to enable my outgoing mails dkim signature, however for some reason after substituting the qmail-remote with qmail-dkim.pl and setting the proper permissions, my outgoing mails failed completely and each mail I sent was returned back by the qmail MAILER-DAEMON

Use a bash shell script wrapper in combination with libdomainkeys‘s with a Mail-DKIM-0.39 .

I gave a try to this approach and thanksfully it worked after a bit of struggle to tune it up.

Here is what exactly I had to do to in order to have the domain keys signing to work using the above described qmail-remote.sh shell script wrapper

1. Install openssl related required debian packages

debian:~# apt-get install openssl libcrypt-openssl-rsa-perl libcrypt-openssl-bignum-perl libmail-dkim-perl ...

2. Create necessery directories and RSA key pairs for DomainKeys

debian:~# mkdir -p /etc/domainkeys/mydomain.com debian:~# cd /etc/domainkeys/mydomain.com debian:/etc/domainkeys/mydomain.com# openssl genrsa -out rsa.private_default 768 debian:/etc/domainkeys/mydomain.com# openssl rsa -in rsa.private_default -out rsa.public_default -pubout -outform PEM debian:/etc/domainkeys/mydomain.com# ln -sf rsa.private_default default debian:/etc/domainkeys/mydomain.com# touch selector debian:/etc/domainkeys/mydomain.com# echo 'default' >> selector

Where mydomain.com is the mail domain I need the DKIM signatures for.

I have written a small shell script which automates the task of adding new domainkeys directories and generating the RSA keys with openssl, you can download my generate_qmail_domainkey_rsa automator script here

3. Set proper permissions and owner to /etc/domainkeys directory

debian:~# chmod -R 0600 /etc/domainkeys debian:~# chown -R qmailr:qmail /etc/domainkeys

4. Generate public domain key for DNS TXT records

debian:/etc/domainkeys/mydomain.com# grep -v ^- rsa.public_default | perl -e 'while(<>){chop;$l.=$_;}print "k=rsa; t=y; p=$l;n";'

“k=rsa; t=y; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMlDcYMrpWP9ouQOlFVtCHcFY
+gxrSQ6SegYeP4eeG7NECT/3jBqDtxANIVhaS9ASkEO4yNisGu4yX/DRclTm
nPWknoDtCDiD7IFEzT37qn1JLzcuknTncmFBFMDRUJq6wIDAQAB;”

The above key is used in next step 5 to set it as a TXT DNS record.

5. Create the DNS records in Name server

With BIND DNS server you need to place a records like:

_domainkey.example.com. IN TXT "k=rsa; t=y; o=-;" default._domainkey.example.com. IN TXT " p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2RkvFHbhqM/bVbb kBtZ1cZUSYcjC4q+PWjd1tFopT+HXXR9Ctx7FZ1guX5fGboiwYmhCYdVroI KRM3I48/YyQoXxtn3iYZ086v8BHaNtkcBMY+68JeEQ3K0WQkbqQXp/tsnLY SQW1yXiEo9CywxVdpwH+OY94HxK4fAbw6V11cwIDAQAB"

! The above p= key specified is the one generated in step 5.

6. Download and compile & install Mail-DKIM-0.39 ‘s perl extension

As of time of writting latest Mail-DKIM is ver. 0.39, however it’s a good idea to check and install the latest available version available on http://www.cpan.org

a) Download Mail-DKIM

debian:~# cd /usr/local/src debian:/usr/local/src# wget https://www.pc-freak.net/files/Mail-DKIM-0.39.tar.gz ... 2011-05-25 15:09:37 (264 KB/s) - `Mail-DKIM-0.39.tar.gz' saved [87375/87375] ... b) Compile & Install Mail-DKIM

debian:/usr/local/src# chown -R hipo:hipo Mail-DKIM-0.39 debian:/usr/local/src# cd Mail-DKIM-0.39

debian:/usr/local/src/Mail-DKIM-0.39# su hipo
debian:/usr/local/src/Mail-DKIM-0.39$ perl Makefile.PL
debian:/usr/local/src/Mail-DKIM-0.39$ make
…
debian:/usr/local/src/Mail-DKIM-0.39$ exit
debian:/usr/local/src/Mail-DKIM-0.39# make install
debian:/usr/local/src/Mail-DKIM-0.39# cd script
debian:/usr/local/src/Mail-DKIM-0.39/script# cp -rpf * /usr/local/bin; cd /usr/local/src

Note that the dkimsign.pl which is in the Mail-DKIM-0.39 is a very important tool used later by the qmail-remote wrapper script. This perl script is copied in the last command issued in above chunk of code.
In the up-command lines I use my unprivileged username hipo to compile, here use any non-root user is appropriate.
For instance it’s possible that the cpan user is used as a compile time user, I was lazy to configure CPAN thus I choose to use my normal unprivileged user.

c) configure rsa domain key paths in dkimsing.pl

Another thing to do here is to make sure the /usr/local/bin/dkimsign.pl which was just recently installed has a correct set location for it’s KeyFile variable.
This vailable is in the script is located online 64, I changed it to include my rsa domain key file, after I changed it, now it looks like so:

KeyFile => "/etc/domainkeys/mydomain.com/default"

7. Download and install libdomainkeys

a) Download libdomainkeys
For latest version of libdomainkeys make sure you check on http://domainkeys.sourceforge.net/

debian:/usr/local/src# wget https://www.pc-freak.net/files/libdomainkeys-0.69.tar.gz debian:/usr/local/src# tar -zxvvf libdomainkeys-0.69.tar.gz ... debian:/usr/local/src# chown -R hipo:hipo libdomainkeys-0.69 debian:/usr/local/src# cd libdomainkeys-0.69; su hipo

b) Compile and install libdomainkeys binaries

debian:/usr/local/src/libdomainkeys-0.69$ echo '-lresolv' > dns.lib debian:/usr/local/src/libdomainkeys-0.69$ make clean & & make debian:/usr/local/src/libdomainkeys-0.69$ exit debian:/usr/local/src/libdomainkeys-0.69# cp -rpf dktest dknewkey expected makeheader /usr/local/bin/

There is a note to make here, one of the programs part of libdomainkeys called dnstest is not compiled while doing make for unknown reasons?!
I was not able to compile manually dnstest either using gcc like so:

debian:/usr/local/src/libdomainkeys-0.69$ gcc -o dnstest dnstest.c dnstest.c: In function 'main': dnstest.c:11: warning: incompatible implicit declaration of built-in function 'strle' /tmp/ccH78KZ1.o: In function 'main': dnstest.c:(.text+0x2b): undefined reference to 'dns_text' collect2: ld returned 1 exit status

I have absolutely no clue why it fails o_O, but it doesn’t matter since I figured out that domainkeys header signature is properly set even without dnstest.

Let me mark here that echo ‘-lresolv’ > dns.lib you see in above code chunk is absolutely necessery in order to be able to compile libdomainkeys on Debian based distributions. If the ‘-lresolv > dns.lib’ is omitted the libdomainkeys build fails with error:

gcc -DBIND_8_COMPAT -O2 -o dktest dktest.o -L. -ldomainkeys -lcrypto `cat dns.lib` `cat socket.lib` ./libdomainkeys.a(dns_txt.o): In function `dns_text': dns_txt.c:(.text+0x2d): undefined reference to `__res_query' dns_txt.c:(.text+0xc4): undefined reference to `__dn_expand' dns_txt.c:(.text+0x184): undefined reference to `__dn_expand' collect2: ld returned 1 exit status make: *** [dktest] Error 1

8. Install libdkim (source of the libdkimtest binary later used by qmail-remote wrapper script)

debian:/usr/local/src# su hipo debian:/usr/local/src$ wget https://www.pc-freak.net/files/qmail/libdkim-1.0.19.zip debian:/usr/local/src$ wget https://www.pc-freak.net/files/qmail/libdkim-1.0.19-linux.patch debian:/usr/local/src$ wget https://www.pc-freak.net/files/qmail/libdkim-1.0.19-extra-options.patch debian:/usr/local/src$ unzip libdkim-1.0.19.zip debian:/usr/local/src$ cd libdkim/src debian:/usr/local/src/libdkim/src$ patch -p2 < ../../libdkim-1.0.19-linux.patch debian:/usr/local/src/libdkim/src$ patch -p2 < ../../libdkim-1.0.19-extra-options.patch debian:/usr/local/src/libdkim/src$ make && exit debian:/usr/local/src/libdkim/src# make install

The above install will install libdkimtest binary, used by the wrapper script to do the actual DKIM-Signature, the binary gets installed in /usr/local/bin/libdkimtest.
Here is a link to patched version of libdkim 1.0.19 , to use it instead of patching as described above download the archive untar and do a make clean && make && install

9. Download qmail-remote.wrapper (qmail-remote wrapper shell script) and set it to wrap qmail-remote

a) Copy original qmail-remote to qmail-remote.orig

debian:~# cd /var/qmail/bin debian:/var/qmail/bin# cp -rpf qmail-remote qmail-remote.orig

b) Download qmail-remote.wrapper script

Here is the qmail-remote.sh wrapper script that worked for me
Originally the wrapper script is taken from http://www.memoryhole.net/qmail/, big thanks to Russ Nelson for writting the awesome wrapper script.

debian:~# cd /var/qmail/bin/ debian:/var/qmail/bin# wget https://www.pc-freak.net/files/qmail-remote.wrapper Saving to: `qmail-remote.wrapper'

100%[============================>] 1,164 –.-K/s in 0s

2011-05-25 15:46:54 (142 MB/s) – `qmail-remote.wrapper’ saved [1164/1164]

c) Set proper permissions to the qmail-remote.wrapper script

The permissions of qmail-remote should look like so:

-rwxr-xr-x 1 root qmail 1164 2011-05-25 11:05 /var/qmail/bin/qmail-remote*

To set this permissions I used:

debian:/var/qmail/bin# chmod 755 qmail-remote.wrapper debian:/var/qmail/bin# chown qmailq:qmail qmail-remote.wrapper

d) Create /var/domainkeys directory (necessery for proper qmail remote wrapper script operations)

debian:~# mkdir /var/domainkeys debian:~# chown -R qmailr:qmail /var/domainkeys debian:~# chmod 700 -R /var/domainkeys

e) Substitute original qmail-remote binary with the wrapper script:

debian:~# qmailctl stop Stopping qmail... qmail-send qmail-smtpd debian:/var/qmail/bin# cp -rpf qmail-remote.wrapper qmail-remote debian:/var/qmail/bin# qmailctl start Starting qmail

10. Send test email to @gmail.com or @yahoo.com to test if DKIM-Signature is included in the mail header

I used my installed webmail interface squirrelmail and send a test email to my home mail server and as well as to yahoo.com

The headers of the email looked fine, here is how my DKIM signed mail headers looked like:

From - Thu May 26 15:31:37 2011 X-Account-Key: account11 X-UIDL: 1306413169.97071.pcfreak,S=1244 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys:

Return-Path: <root@mail.mydomain.com> Delivered-To: hipo@www.pc-freak.net Received: (qmail 97068 invoked by uid 1048); 26 May 2011 12:32:49 -0000 Received: from mail.mydomain.com (83.170.100.100) by mail.www.pc-freak.net with SMTP; 26 May 2011 12:32:49 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=mydomain.com;

b=ZnTDdUexnt8fmuHbVNXIC+JDvNLYO1zjzlI3PODe3e1oMS5dRHzVGujrS1
Yk0qqs2oW7DseZg/iHE9KOLZBeInksOnsmLsDBq1Lvzfv2xejikR52LBg6a/uK
ewECJy4jQA4cwMJ/qUxmK8EDwbgj7jqCVB95FK3Z5EdR4HoaqGQ=;

h=Received:Date:Message-ID:From:To:Subject;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=date
:message-id:from:to:subject; s=default; q=
/etc/domainkeys/mydomain.com/default;
bh=G32d6y8oiLehRzcuIWr9s
S+Jy+g=;
b=TPW5VXq3vlOUf1T7lfxQC00MN0kPJxaASE/gq7LbHyV1Gj/Xj+GLF
UN6hYVeKnsoKKeV108JVGcfvfTaLogsxGyS9XzUXKlLtESBj4wr/DAOQy
OcHCj75
bEOOd9nv+RehOYinXGmx0JUZpCNHGndNZ1AEabbVEiX/NQAL7iKDnE
=
Received: (qmail 28771 invoked by uid 0); 26 May 2011 12:31:30 -0000
Date: 26 May 2011 12:31:30 -0000
Message-ID: <20110526123130.28770.qmail@mail.mydomain.com>
From: root@mail.mydomain.com
To: hipo@www.pc-freak.net
Subject: testing 123

baklavavav
tatta

Notice the two lines in the above pasted header:

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=date

This clearly shows that now both Domainkeys and DKIM are being applied to outgoing mail messages 🙂

However to be completely 100% sure the domainkeys and DKIM signing is correct, you should check the online websites which offer a mail domainkey check and DKIM signature check, an example for such a website that I used in order to test that my SSL RSA Domainkeys and DKIM correspond correctly to the ones specified in the DNS server is:
here

The idea for writting this small guide on configuring Domainkeys with Qmail and Linux is seriously inspired by Mariuz’s Blog post dkim wrapper that works using dk Hope this is helpful to somebody, it took me quite a while until I come up with the exact steps of a workable install of Domain Keys, there are so many tutorials and ways to implement this that at a certain point it’s a hell.
Like always with Qmail, even simple things are so complex, the only good thing about qmail is once you make it work well, it works forever … until the next time you will have to spend few days trying to figure it out 😉

I’m very much looking to hear if people followed the tutorial succesfully.

Any feedback concerning the article is mostly welcome!
Cheers!

Tags: briefly, Bulk, charset, com, correct mail, Date, DKIM-Signature, dnstest, domain, Domainkeys, Emails, exit, exitdebian, form, function, Gmail, google, header, help, host, ip addresses, libdkimtest, Linux, lot, mail issues, mail message, mail server, mail servers, mail services, message headers, mx record, mxtoolbox, nameThe, none, ptr, public mail, qmailctl, reporting service, root, script, server domain, server ip, signing, soccerfame, spamhaus, spammer, SPF, test, text, toaster, TXT, website visitors, wget, wrapper, yahoo mail account
Posted in Linux, System Administration | 21 Comments »

How to fix “delivery 1: deferral: Sorry,_message_has_wrong_owner._(#4.3.5)/” qmail mail delivery failure message

Friday, May 20th, 2011

After a failed attempt to enable some wrapper scripts to enable domain keys support in a qmail powered mail server my qmail server suddenly stopped being able to normally send mail.

The exact error message which was logged in /var/log/qmail/current was:

@400000004dd66fcc16a088ac delivery 1: deferral: Sorry,_message_has_wrong_owner._(#4.3.5)/

This qmail messed happened after I substituted /var/qmail/bin/qmail-queue and /var/qmail/bin/qmail-remote with two respective wrapper shell scripts which were calling for the original qmail-queue and qmail-remote binaries under the names qmail-queue.orig and qmail-queue.orig

Restoring back qmail-queue.orig to /var/qmail/bin/qmail-queue and qmail-remote.orig to /var/qmain/bin/qmail-remote and restarting the mail server broke my qmail install.

After a bunch of nerves trying to isolate what is causing the error I found out that by mistake I forgot to copy the qmail-queue and qmail-remote permissions and ownership.

Thus I had to check another qmail working installation’s permissions for both binaries and fix the permissions to be equivalent to the permissions:

debian:~# ls -al /var/qmail/bin/qmail-remote
-rwx–x–x 1 root qmail 50464 2011-05-20 12:56 /var/qmail/bin/qmail-remote*
debian:~# ls -al /var/qmail/bin/qmail-queue
-rws–x–x 1 qmailq qmail 20392 2011-05-20 12:56 /var/qmail/bin/qmail-queue*

The exact chmod and chmod commands I issued to solve the shitty issues were as follows:

First I fixed the qmail-queue and qmail-remote ownership:

debian:~# chown qmailq:qmail /var/qmail/bin/qmail-queue debian:~# chown root:qmail /var/qmail/bin/qmail-remote

Second I set the proper file permissions:

# make the qmail-queue binary suid debian:~# chmod u+s /var/qmail/bin/qmail-queue debian:~# chmod 611 /var/qmail/bin/qmail-queue debian:~# chmod 611 /var/qmail/bin/qmail-remote

Third and last I did a restart of the qmail server and tested it sends properly

debian:~# /usr/bin/qmailctl stop Stopping qmail... qmail-send qmail-smtpd debian:~# /usr/bin/qmailctl start Starting qmail

Finally to test that the qmail server qmail-queue was queing and sending with qmail-remote I used the system mail command like so:

debian:~# mail -s "test email" testuser@www.pc-freak.net asdfafdsdf . Cc:

Afterwards the mail was properly received on my mail account testuser@www.pc-freak.net immediately.

In my /var/log/qmail/current log file all seemed fine:

@400000004dd6702a2eb2b064 starting delivery 1: msg 85281596 to remote testuser@www.pc-freak.net @400000004dd6702a2eb2b834 status: local 0/20 remote 1/20 @400000004dd6702b34cc809c delivery 1: success: 83.228.93.76_accepted_message./Remote_host_said:_250_ok_ 1305899099_qp_65293/ @400000004dd6702b34cc886c status: local 0/20 remote 0/20 @400000004dd6702b34cc8c54 end msg 85281596

The test mail was properly received on my mail account testuser@www.pc-freak.net immediately.

It took me like half an hour to figure out what exactly is wrong with the permissions in situations like this I really wanted to change all my qmail installs with postfix and forget forever I ever used qmail …

Tags: binaries, chmod commands, chown root, email, exact error message, failure, failure message, file, host, installation, log, mail delivery failure, mail server, mistake, msg, nerves, orig, ownership, properlydebian, qmailctl, queue, Remote, root, rws, rwx, Shell, shell scripts, sorry message, status, system, test, testuser, Third, wrapper, wrapper scripts
Posted in Linux, System Administration | No Comments »

Posts Tagged ‘wrapper’

1. AI as a Command-Line Tool

2. Minimum VM (It runs, but you’ll hate it)

a. Recommended VM (Actually usable)

b. “Feels Good” VM (CPU-only but not painful)

c. KVM / Proxmox (Best choice)

d. If running VM on VMware platform

e. VirtualBox (Not recommended)

f. Local AI With Ollama (Recommended)

3. Install Ollama

To check whether all is properly setup after installed llama3:

4. Turning AI Into a Bash Command

5. Using AI to Generate Bash Commands

6. AI for Explaining Commands and Logs

7. Smarter Bash History Search

8. Using AI With Shell Scripts

9. Where Ollama Stores Its Data

System service (most common)

User-only install

See What’s Taking Space

10. Remove Unused Models (Safe Way)

11. Full Manual Cleanup (Hard Reset)

Stop Ollama

Delete all local models and cache

Start Ollama again

Verify Cleanup Worked

Prevent Disk Bloat (Highly Recommended)

Remove models you don’t use

Set a custom data directory (optional)

12. Best Practices how to use shell AI to not overload machine

Sum it up

1. DSA or RSA SSH encryption pros and cons which one to choose?

2. Generating the SSH restricted PRIV and .PUB user key pair

4. Configuring authorized_keys restricted given command to read / expect (fixed) arguments

5. Configuring authorized_keys command user to use dynamicly procuded (arbitrary) arguments

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About

About Myself

Links to Other Places

Links to Other Places

Recent Comments

Tags

Top Post Views

blogtopsites