I have recently uploaded a perl application to CPAN.

Here is a short description, from the application README file

These are the relevant links on CPAN, CPANTester and CPANTS

Add a comment

Posted by Gualtiero Chiaia on 30 January 2013 15:57:00 GMT #

Back to introduction

Finally we can add a layer of antivirus and spam protection to our postfix email server using the best tools available in the open source community: amavis, clamav and spamassasin.

Amavis is the main content filter that postfix is using. Once an email enters in the postfix queue, it is then redirected to the amavis daemon, who is responbile for calling both SpamAssassin and ClamAV to check for spam or virus respectively.

The postfix redirection to the amavis content filter is performed with this line in the postfix configuration file main.cf:

The meaning of this configuration is to tell postfix to create a unix-domain socket called smtp-amavis, with IP loopback address (the same machine) and listening to port 10024. This is the port the amavis-new daemon is already listening to.

With this configuration postfix will redirect all incoming mail to the amavis daemon

This postfix service/daemons are defined in the master.cf file in the following instructions:

  smtp-amavis	unix	-	-	-	-	2 smtp
	-o smtp_data_done_timeout=1200
	-o smtp_send_xforward_command=yes
	-o disable_dns_lookups=yes
	-o max_use=20

  127.0.0.1:10025 inet	n	-	-	-	- smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_delay_reject=no
	-o smtpd_client_restrictions=permit_mynetworks,reject
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,
reject
	-o smtpd_data_restrictions=reject_unauth_pipelining
	-o smtpd_end_of_data_restrictions=
	-o mynetworks=127.0.0.0/8
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000
	-o smtpd_client_connection_count_limit=0
	-o smtpd_client_connection_rate_limit=0
	-o receive_override_options=no_header_body_checks,
no_unknown_recipient_checks

The first group of instructions defines the incoming traffic, on port 10024 where the amavis daemon is listening. The second group of instruction defines the outgoing traffic from amavis that needs to be re-injected in the postfix queue at port 10025.

The -o options attached to the command (last field) in these instructions represent an override to the postfix configuration parameters as defined in main.cf. For example the content_filter parameter is disabled when re-injecting into the postfix queue, to prevent an infinite loop: postfix->amavis->postfix->amavis->...

Add a comment

Posted by Gualtiero Chiaia on 21 January 2013 08:09:00 GMT #

Back to the introduction

Now that postfix is up & running, and that xinet is serving a POP3 daemon on port 110, we will oppen a SSL port (995) for remote checking emails, outside the LAN. The typical desired usage is as follows:

1. Inside the LAN, my desktop computer retrieves email stored on the Pi card by accessing its POP3 service on port 110. This port is closed for outside traffic, so this is a secure and simple way to retrieve emails internally.
2. From outside the LAN, e.g. from my mobile phone, I access my emails using a POP3S (SSL) service, after opening port 995 for traffic and rerouting traffic on this port, from my router to the Pi card.  I use stunnel to wrap the internal POP3 service into a POP3S servive. Please refer to the stunnel documentation.

Hence here are the steps I am taking:

1. Install stunnel4 with apt-get
2. Generate a SSL certificate running:
   sudo openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
   This should give you a self signed cerificate for 365 days. You can change the period of days as you like.
3. Store this certificate in an apprpriate directory, e.g. /etc/stunnel
4. In the same directory create a stunnel configuration file corresponding to the pop3 service. In my case I call it pop3s.conf and the relevant content is as follow:

   client = no
   chroot = /var/lib/stunnel4
   setuid = stunnel4
   setgid = stunnel4
   pid = /stunnel4.pid
   debug = 3
   output = /stunnel.log
   cert = /etc/stunnel/stunnel.pem
   
   [pop3s]
   accept  = 995
   connect = 110
   

5. In order for stunnel4 to be enabled, and to read the configuration files in /etc/stunnel, it is required to change the settings in the main configuration file /etc/default/stunnel4, setting ENABLED=1 (0 is the default).
6. Now by rebooting the system or by restarting stunnel with:
   sudo /etc/init.d/stunnel4 restart
   the stunnel4 daemon should be up and running. This can be tested with
   ps -e | grep stunnel
   which should results in a bunch of process-ids dedicated to this service.
7. Check that there is a listening port at 995 with
   netstat -aln | grep 995
   or telnet into it from another PC on the lan
   telnet raspberrypy 995
8. Finally make sure that the port 995 is open from outside and that your router forward communication through this port to your Pi card. I verify the functioning of my POP3S service from my Android phone using a SSL client on the phone. Typically for the first connection I need to accept the self signed cerificate sent from the Pi card. This is a good sign that is all up & running.

Add a comment

Posted by Gualtiero Chiaia on 18 January 2013 22:31:00 GMT #

Back to the introduction

In this step I am testing a firts version of the email server with postfix (SMTP on port 25) and POP3 server (on port 110) of the Pi card. You also need xinetd to host the pop3 daemon

1. Install (apt-get) the following three packages: postfix, solid-pop3d, xinetd
2. Configure postfix by editing /etc/postfix/main.cf. I have applied to that file all the settings inherited from my existing postfix email server (on my main computer), including filters, blacklists and other. To understand all the configuration required, please refer to the postfix documentation.
3. After installing xinetd, you can add a pop3 service by creating a file pop3 in /etc/xinet.d with this section in it

   service pop3
   {
           id              = pop3
           port            = 110
           socket_type     = stream
           protocol        = tcp
           wait            = no
           user            = root
           server          = /usr/sbin/solid-pop3d
           flags           = IPv4
   }
   

   Then restart xinet
   sudo /etc/init.d/xinet restart
   check that pop3 is available
   chkconfig -l
   and test that port 110 is open on your local network. This can be done from another computer on your LAN by:
   telnet raspberrypi 110
4. Create a new account on your system to receive emails, and, if required, modify the /etc/aliases file to include rerouting from your public email address to this new account: Add an entry in that file like
   x: y
   where x is the first part of my official email address (e.g. x@mydomain.com), and y is my new account login name in the Pi card. Remember to run the newaliases comand to save the changes from this text file
5.  Now your card should have both ports 25 and 110 open, and you can reconfigure your router to open these channels to the outside word and test sending an email from outside and retrieving it back using the POP3 server.
6. Check the mail logs in /var/log to see the communication on port 25 (when an email arrives). These logs are very useful to spot wrong configuration in postfix (when restarting the postfix daemon) and other problems. I am using gnome-system-log

Add a comment

Posted by Gualtiero Chiaia on 17 January 2013 18:34:00 GMT #

Back to the introduction

I have started installing a few utilities in view of preparing an email server on Pi, and figured out a few useful things

1. meld is a graphical diff file for Debian/Gnome. I am planning to use it to compare my working postfix configuration files with the new ones I will be setting up.
2. Instead of using tightvncserver to run a graphical application on Pi, it is easier to connect with a secure shell (ssh) with the -X option (ssh -X). In this way every time I call a gui application from a command line (e.g. gedit or meld), the system will use the graphical X system of the calling client (my desktop) to display a window acting on Pi. This is very helpful when I want to run a graphical editor on the Pi card, without the need of VNC or direct connection (mouse + keyboard) to the card
3. Debian run-levels can be viewed and edited with chkconfig command. The package chkconfig need to be installed (apt-get).
4. A good system log monitor is gnome-system-log, which can be installed with apt-get

Add a comment

Posted by Gualtiero Chiaia on 14 January 2013 22:36:00 GMT #

Back to the introduction

Here are a few tips for the initial configuration of the system:

1. Expand the usable space on the card: assuming you have not done it on the very first boot-up of the system. First check the available disk space by df -h. On my installation the root file system had a total of 1.8G, 1.5G of which were already in use. Not much room to manouver. The solution is to expand the root file system to all the space available on the 4GB card. This can be done at any time by running the raspberry configuration script from a terminal window: raspi-config. From the main menu select expand-rootfs. Now reboot your raspberry and after this operation I have 3.6G (2G free) on my system
2. Remote desktop into your Pi. In my very first booting of the system, I connected my keyboard and mouse directly to Pi, and used the secondary input of my LG screen: in this initial configuration the Pi system was a world on its own. In my second step post, I connected the card through the ethernet port and used a terminal connection (ssh user@raspberrypi) into my pi from my desktop computer. In this step I will illustrate how to set up a remote desktop connection (gui) into pi. A good article detailing some of these steps can also be found here.
   1. Install vnc server on Pi with

      sudo apt-get tightvncserver install

      However, when starting the script tightvncserver, it failed with a missing font error. So I solved the problem by:
   2. remove and reinstall xorg by

      sudo apt-get remove xorg
      sudo apt-get install xorg
      

   3. This time thightvncserver worked fine and returned the session id for the seession to use when connect remotely. On the first run of the script, I also needed to set up a password for this remote connection. This password is needed by the svn client connecting to the server.
   4. I installed a vnc client on my desktop (xfvnc) and connected to Pi usining the sugegsted session id.
   5. I all works fine, but I suggest to avoid a full window session, because it is difficult to find the key combination to kill that window when finished

Add a comment

Posted by Gualtiero Chiaia on 10 January 2013 08:15:00 GMT #

Back to the introduction

Tonight I have turned my Pi on.

This is my setting

1. keyboard/mouse adapter splitter from PS/2 to USB
2. HDMI to DVI video adpter to plug in digital input of my LG monitor
3. HDMI cable
4. 4GB card installed with Wheezy raspbian
5. Ethernet card to modem/router/gateway

All working fine, even if I had to reinstall the linux system on the card. I have changed the default user pi to one of my choice.

Tested the internet connection (web browser): working fine

Tested ssh remote connection from my main desktop over the LAN: working fine

I am very pleased

Add a comment

Posted by Gualtiero Chiaia on 09 January 2013 23:30:00 GMT #

Back to the introduction

Today I have finally received the raspberry pi and its components by mail and I am preparing for the first step: creating an image of the wheezy raspbian distribution to copy on the memory card.

This is the download site, and these are the instructions to follow to prepare the card in a Linux environment.

1. Download the wheezy package from the download site
2. Compare the SHA-1 checksum from the download site with your downloaded file by executing this from command line, after entering the directory containing your downloaded file:

   sha1sum file.zip

   where file.zip is the name of your downloaded file. If the checksums are different you need to start from the beginning.
3.  Unzip the downloaded file by performing

   unzip file.zip

   the result is a file with name file.img
4. Insert the SD memory card purchased in an available slot of yourn PC / laptop (laptop in my case)
5. Check the file systems mounted by performing

   df -h
   

6. Figure out which mount point corresponds to your card, let's say /dev/sdb1, and unmount it by

   umount /dev/sdb1

7. Now you need to copy the image file to your card, using the linux dd command. In my case this is performed by

   dd bs=4M if=2012-12-16-wheezy-raspbian.img of=/dev/sdb

   Be careful of what you type above, and be sure of the output file system (/dev/sdb), since this operation is destructive of whatever found on that output file system path. This process might required to be run as super user (sudo) and does not give any diagnostic. Also remove the partition number at the end of the output device (/dev/sdb and not /dev/sdb1), so that the image affects the entire SD card and not only one partition of it. Be prepared to wait for a few minutes.
8. Before removing the card, from the command line, run sync, to make sure that everything in the write cash is dumped onto the card.
9. You can now remove the card. It is ready to be inserted in your Raspberry Pi

In the next step with will fire-up Pi

Add a comment

Posted by Gualtiero Chiaia on 07 January 2013 21:04:00 GMT #