All posts by manatails

Setting up a dedicated spamassassin server

Default Spamassassin install from Ubuntu is a little bit misconfigured and is not suitable for remote Anti-Spam service. So I am writing up the config changes I had to make in order to make it work flawlessly.

1. Make a dedicated user for Spamassassin, default config runs Spamassassin as root, then the executable itself would complain about it and fall back to nobody.

sudo adduser spamd --disabled-login

2. Open /etc/default/spamassassin and edit the following line

OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir /home/spamd/ --listen=0.0.0.0 --allowed-ips=(your_server_ip)"

3. Edit /etc/spamassassin/local.cf and Add/Uncomment the following lines to suit your needs

rewrite_header Subject [SPAM]
use_bayes 1

bayes_path /var/spamassassin/bayes_db/bayes
bayes_file_mode 0775

bayes_auto_learn 1

bayes_auto_learn_threshold_nonspam -0.001
bayes_auto_learn_threshold_spam 10.0

4.Make directories for Bayes database and give appropriate permissions

sudo mkdir -p /var/spamassassin/bayes_db
sudo chown -R spamd:spamd /var/spamassassin

5.Start Spamassassin Service

sudo systemctl daemon-reload
sudo systemctl restart spamassassin

Here are some convenient commands to manage your Spamassassin service

Restore Bayes backup data:
sudo -H -u spamd sa-learn –restore spamassassin.backup
Sync Bayes database:
sudo -H -u spamd sa-learn –sync
Learn mail in folder as spam:
sudo -H -u spamd sa-learn –spam –showdots –dir /home/manatails/mail/spam
Learn mail in folder as ham:
sudo -H -u spamd sa-learn –ham –showdots –dir /home/manatails/mail/ham
Print bayes database stats:
sudo -H -u spamd sa-learn –dump magic

In ubuntu logs are stored at /var/log/mail.log

디스코드 한글봇

한글 입력이 지원되지 않는 게임에서 디스코드에 한글 채팅을 할 수 있게 해주는 봇입니다.

카스글옵, 에이펙스 등등 많은 게임에서 한글 키보드가 활성화 되지 않아

매번 알트탭을 눌러서 불편하게 채팅을 치셨나요?

이젠 오버레이 상에서 그대로 하면 됩니다.

한글봇이 영타를 한글로 자동으로 바꾸어 줍니다.

사용예:

봇 홈페이지

https://hangulbot.mananet.net/

한글봇을 초대하시고, 편리하게 한국어로 디스코드를 이용하세요

Setting primary interface in ubuntu

Unlike CentOS, ubuntu doesn’t provide a nice tool to set default routes when there are more than 1 ethernet interfaces are connected at the same time. It is possible to set up a static route with post-up but it is still difficult to do if the DHCP range is dynamic and you can’t accurately determine the proper gateway.

I was able to reliably implement it with the following settings.
Open /etc/network/interfaces file and
Add the following line to all other interfaces that does NOT act as a default gateway.

post-up route del default dev $IFACE

This code, instead of setting a default route, basically removes undesired default routes as the device goes up.

Example configuration when you want to use ens160 as default route:

auto ens172
iface ens172 inet dhcp
post-up route del default dev $IFACE

auto ens192
iface ens192 inet dhcp
post-up route del default dev $IFACE

# The primary network interface
auto ens160
iface ens160 inet dhcp

Converting Killer LAN / WLAN cards to Atheros cards

If you feel frustrated by buggy drivers and softwares of Killer ethernet cards that come with your new gaming laptop or motherboard, it is possible to get rid of them by force replacing the drivers. I experienced continuous disconnection while creating a testnet with this card and it was unacceptable. I honestly have no idea why manufacturers even use this chipset even though people were complaining about this for a long time.

Killer chipsets are basically rebranded versions of existing Atheros chipsets, so  you can simply override the default driver settings to make it function as an Atheros card.

 

1. Open the device manager
2018-11-23 02_07_04-Device Manager

 

2. Right click on the LAN card and choose to update driver software
2018-11-23 02_07_50-NVIDIA GeForce Overlay

3. Browse my computer for drivers
2018-11-23 02_08_11-Update Driver Software - Killer E2400 Gigabit Ethernet Controller

4. Pick from a list on my computer
2018-11-23 02_08_45-Update Driver Software - Killer E2400 Gigabit Ethernet Controller

5. Have driver disk
2018-11-23 02_09_04-Update Driver Software - Killer E2400 Gigabit Ethernet Controller

6. Choose the appropriate inf file for your device. There is a list of compatible drivers at the end of this article
2018-11-23 02_09_43-Device Manager

7. If the inf file contains multiple definitions, choose the appropriate model
2018-11-23 02_10_04-Update Driver Software - Killer E2400 Gigabit Ethernet Controller

8. Ignore the warning and proceed
2018-11-23 02_10_15-Update Driver Warning

9.You have a functional Atheros card now, goodbye retarded Killer drivers
2018-11-18 13_13_00-Device Manager

10. Remove the Killer suite from Add/Remove Programs if you installed them

 

List of compatible drivers:

Killer E2200 – Atheros AR8151
Killer E2400 – Atheros AR8171

Killer Wireless 1535 – Qualcomm QCA61x4A

 

Please tell me if you know any other compatible pairs, I’ll add them to this list.

Adding a startup script as a service in Ubuntu

I write this up because I don’t want to look it up everytime I need it. This will create a simple service that executes a script in Ubuntu systemd.

 

1. Create a file: /etc/systemd/system/service-name.service

[Unit]
Description=Some Description of your service
After=network.target
After=systemd-user-sessions.service
After=network-online.target

[Service]
User=root
Type=simple
ExecStart=/path/to/your/script/start-all.sh
Restart=on-failure
RestartSec=30
StartLimitInterval=350
StartLimitBurst=10

[Install]
WantedBy=multi-user.target

2. Reload systemd

systemctl daemon-reload

3. Make that your script executable with:

chmod u+x /path/to/your/script/start-all.sh

4. Start it:

sudo systemctl start service-name

5. Enable it to run at boot

sudo systemctl enable service-name

tip: #!/bin/sh is necessary at the beginning of the script or startup will fail with error 203

Fix freezing Solaris kernel on boot

During an attempt to install Solaris on a real machine, I found a strange bug that caused Solaris kernel to freeze on the first boot.

This affected all post-skylake systems regardless of drive type so I originally suspected it to be related to the xHCI handoff bug with hackintosh setups, but it was actually something different.

With -v option, the last debug message shown was

root on /ramdisk:a fstype ufs

No other mentions of such bug were found on any solaris forums, but hopefully I found a similar issue on SmartOS, a solaris baed bare-metal OS: https://github.com/joyent/smartos-live/issues/727

For me, disabling both C7 states and Intel SpeedStep in BIOS setup fixed the issue, and Solaris kernel could boot up again like normal.

 

Preventing Windows guests from creating network profiles in Proxmox

Many of my servers run under the Proxmox virtual environment. For servers that doesn’t have a dedicated IP available for its guests I use iptables based NAT network to forward packets as described in my previous article: https://manatails.net/blog/2018/04/running-proxmox-with-nat/

But I came across a problem where Windows guests detect the network as ‘Unknown’ and try to create a new network profile every reboot.

2018-10-08 19_13_51-pve - Proxmox Virtual Environment

Not only it looked bad to have random names ‘Network 18’, but also the network type defaults to public network so any rules in private network get ignored until I manually set the network type to private.

I looked a bit in depth and found that the feature is called ‘Network Location Awareness’ per the original article https://msdn.microsoft.com/en-us/library/aa480195.aspx

From the page:

Digital Subscriber Line (DSL) and cable modems typically act as network address translators (NATs). As a result, their MAC addresses can be used to uniquely qualify the user’s network. NLA uses the MAC address of the user’s DSL or cable modem as the link ID.

Practically, Windows was using the MAC address of the default gateway to diffrentiate the network.

So I had to give the NAT interface a unique MAC address in order to be recognized.

2018-10-08 19_03_50-192.168.27.61 - PuTTY

Add ‘hwaddress ether’ to the interface config and give a random mac address, then windows will consistently identify the network.

2018-10-08 19_16_12-monica.mananet.net_444 - Remote Desktop Connection

Finally open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList then delete all entries in Profiles and Signatures to get rid of previously detected networks and reset the counter.

 

Adding a new disk to Proxmox VE

root@elizabeth:/etc/lvm# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.29.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): g

Created a new GPT disklabel (GUID: DBD738EC-7ED5-4FC0-9474-1018CF3E4F12).

Command (m for help): n
Partition number (1-128, default 1):
First sector (34-500118158, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-500118158, default 500118158):

Created a new partition 1 of type 'Linux filesystem' and of size 238.5 GiB.

Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e
Type of partition 1 is unchanged: Linux filesystem.

Command (m for help): p
Disk /dev/sdb: 238.5 GiB, 256060514304 bytes, 500118192 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: DBD738EC-7ED5-4FC0-9474-1018CF3E4F12

Device Start End Sectors Size Type
/dev/sdb1 2048 500118158 500116111 238.5G Linux filesystem

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

root@elizabeth:/etc/lvm# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created.
root@elizabeth:/etc/lvm# vgcreate ssd2 /dev/sdb1
Volume group "ssd2" successfully created
root@elizabeth:/etc/lvm# lvcreate --type thin-pool -L 100G -n data ssd2
Logical volume "data" created.
root@elizabeth:/etc/lvm# lvextend -l +100%FREE ssd2/data
Size of logical volume ssd2/data changed from 100.00 GiB (25600 extents) to 238.47 GiB (61049 extents).
Logical volume ssd2/data successfully resized.

Then it is possible to add the newly created LVM-Thin volume from the Web interface.

Building userdebug android images for Pixel

Those are the steps I took to build userdebug images for google Pixel on Ubtuntu 16.04. As the original google documentation is so unorganized and difficult to understand I’ve summed up the important parts to get a quick build for any device. I’m quite unsure about the package dependencies and there might be some more packages you need. Let me know if you needed more packages on clean install of Ubuntu.

1. First start with installing necessary packages

sudo apt-get update
sudo apt-get install bc bison build-essential curl flex g++-multilib gcc-multilib git gnupg gperf imagemagick lib32ncurses5-dev lib32readline-dev lib32z1-dev libesd0-dev liblz4-tool libncurses5-dev libsdl1.2-dev libssl-dev libwxgtk3.0-dev libxml2 libxml2-utils lzop pngcrush rsync schedtool squashfs-tools xsltproc zip zlib1g-dev openjdk-8-jdk

2. Building android somehow requires some x86 libraries so install them as well

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386

3. Download repo client and install it somewhere

mkdir ~/bin
PATH=~/bin:$PATH

curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
chmod a+x ~/bin/repo

4. Make source directory and add git information for checkout

mkdir android_dev
cd android_dev

git config --global user.name "Your Name"
git config --global user.email "someaddress@someprovider.com"

5. Download actual source and build environment
Branch names can be found at https://source.android.com/setup/start/build-numbers

repo init -u https://android.googlesource.com/platform/manifest -b android-8.1.0_r28

repo sync

make clobber

6. (OPTIONAL) Download nonfree drivers, if you skip this step vendor.img will not be built.
Matching drivers can be found at https://developers.google.com/android/drivers

wget https://dl.google.com/dl/android/aosp/google_devices-sailfish-opm4.171019.016.b1-839e6b26.tgz
wget https://dl.google.com/dl/android/aosp/qcom-sailfish-opm4.171019.016.b1-3c7f92b3.tgz

tar xvf google_devices-sailfish-opm4.171019.016.b1-839e6b26.tgz
tar xvf qcom-sailfish-opm4.171019.016.b1-3c7f92b3.tgz

./extract-google_devices-sailfish.sh
./extract-qcom-sailfish.sh

7. Prepare build options and make
Available build configurations can be found at https://source.android.com/setup/build/running

source build/envsetup.sh

lunch aosp_sailfish-userdebug

make -j8

Resulting image files can be found at out/target/product/<device_name>

 

Troubleshooting #1. If build fails with “out of heap space” error, execute the commands below and continue make

export JACK_SERVER_VM_ARGUMENTS="-Dfile.encoding=UTF-8 -XX:+TieredCompilation -Xmx4g"
jack-admin kill-server && jack-admin start-server

Running Proxmox with NAT

The default proxmox installation only supports basic NAT function with limited capabilities.

In order to create a working internal network you need to define a new network manually

Add the following entry to /etc/network/interfaces

vmbr0 is the WAN interface, if you use a different interface change it accordingly.


auto vmbr1
iface vmbr1 inet static
address  10.0.0.1
netmask  255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0


post-up echo 1 > /proc/sys/net/ipv4/ip_forward


post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE

 

And add port forwarding rules like this:

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 222 -j DNAT --to 10.0.0.100:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 222 -j DNAT --to 10.0.0.100:22

 

Apply the settings with:
/etc/init.d/networking restart