Postfix Certificate verification failed for gmail-smtp-in.l.google.com issue

If you see this error message in your postfix logs

 postfix/smtp[19417]: certificate verification failed for gmail-smtp-in.l.google.com[74.125.71.26]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

just add the following line in your /etc/postfix/main.cf

    smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

and restart postfix

service postfix restart  or  systemctl restart postfix

 

 

 

Advertisements
Postfix Certificate verification failed for gmail-smtp-in.l.google.com issue

Docker commands

what_is_docker.png

 

Show all running containers

#docker ps

Show all containers(running or stopped)

#docker ps -a

Delete docker container that has been previously used(currently stopped)

# docker rm <image_name>

 

Stops a current running container.

# docker stop <container>

 

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                      NAMES
28c8251dcb0f        tozd/postfix        “/usr/local/sbin/r…”   2 months ago        Up About an hour    25/tcp, 465/tcp, 587/tcp   postfix

ismails-MacBook-Air:~ ismailyenigul$ docker stop 28c8251dcb0f
28c8251dcb0f

Pull container image from repository

# docker pull <imagename>:<tag>

Delete all previously used containers, including running  ones

# docker stop `docker ps -a -q`
# docker rm `docker ps -a -q`

Run container in interactive mode and attach to terminal
-i, –interactive                           Keep STDIN open even if not attached
-t, –tty                                   Allocate a pseudo-TTY

# docker run -it  ubuntu:latest /bin/bash

Forcefully delete container even if he has been running with -f parameter

# docker rmi -f <container>:<tag>

Map host port to container port(map host port 8080 to image port 80)

# docker run -d -p 8080:80 <image>:<tag>

Search docker container on DockerHub

# docker search <keyword>

execute arbitary code on a docker container?

$ docker exec [options] <container> command

List local images

# docker images

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest             6b914bbcb89e        4 weeks ago         182 MB
tozd/postfix   latest              89a0d910cc21        2 months ago        253 MB
mongo            latest              a3bfb96cf65e        3 months ago        402 MB
ubuntu           latest              104bec311bcd        3 months ago        129 MB

List docker networks

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
b4e6fdaaa778        bridge              bridge              local
20cba5897034        host                host                local
274c3bd1077b        none                null                local

View configuration of bridge network

 

$ docker inspect bridge
[
{
“Name”: “bridge”,
“Id”: “b4e6fdaaa7784cba883228af101f842e6e7f994a8623e6699b748fcc0078de29”,
“Created”: “2017-03-29T07:36:01.29631817Z”,
“Scope”: “local”,
“Driver”: “bridge”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: [
{
“Subnet”: “172.17.0.0/16”,
“Gateway”: “172.17.0.1”
}
]
},
“Internal”: false,
“Attachable”: false,
“Containers”: {
“aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752”: {
“Name”: “romantic_easley”,
“EndpointID”: “586993464a0fc7e315538f752def1e75969aa438adec814e76c26384384c777d”,
“MacAddress”: “02:42:ac:11:00:02”,
“IPv4Address”: “172.17.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
            “com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
},
“Labels”: {}
}
]

 

View configuration of an image in json format

# docker inspect <image-name>:<tag>

 

ismails-MacBook-Air:~ ismailyenigul$ docker inspect aeb711c91939
[
{
“Id”: “aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752”,
“Created”: “2017-03-29T08:52:15.909697831Z”,
“Path”: “/usr/local/sbin/runsvdir-start”,
“Args”: [],
“State”: {
“Status”: “running”,
“Running”: true,
“Paused”: false,
“Restarting”: false,
“OOMKilled”: false,
“Dead”: false,
“Pid”: 19651,
“ExitCode”: 0,
“Error”: “”,
“StartedAt”: “2017-03-29T08:52:16.870951366Z”,
“FinishedAt”: “0001-01-01T00:00:00Z”
},
“Image”: “sha256:89a0d910cc2102b464d1025e3510de2d1610f721f2743fa093517d9feea1a3d4”,
“ResolvConfPath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/resolv.conf”,
“HostnamePath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/hostname”,
“HostsPath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/hosts”,
“LogPath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752-json.log”,
“Name”: “/romantic_easley”,
“RestartCount”: 0,
“Driver”: “aufs”,
“MountLabel”: “”,
“ProcessLabel”: “”,
“AppArmorProfile”: “”,
“ExecIDs”: null,
“HostConfig”: {
“Binds”: null,
“ContainerIDFile”: “”,
“LogConfig”: {
“Type”: “json-file”,
“Config”: {}
},
“NetworkMode”: “default”,
“PortBindings”: {},
“RestartPolicy”: {
“Name”: “no”,
“MaximumRetryCount”: 0
},
“AutoRemove”: false,
“VolumeDriver”: “”,
“VolumesFrom”: null,
“CapAdd”: null,
“CapDrop”: null,
“Dns”: [],
“DnsOptions”: [],
“DnsSearch”: [],
“ExtraHosts”: null,
“GroupAdd”: null,
“IpcMode”: “”,
“Cgroup”: “”,
“Links”: null,
“OomScoreAdj”: 0,
“PidMode”: “”,
“Privileged”: false,
“PublishAllPorts”: false,
“ReadonlyRootfs”: false,
“SecurityOpt”: null,
“UTSMode”: “”,
“UsernsMode”: “”,
“ShmSize”: 67108864,
“Runtime”: “runc”,
“ConsoleSize”: [
0,
0
],
“Isolation”: “”,
“CpuShares”: 0,
“Memory”: 0,
“NanoCpus”: 0,
“CgroupParent”: “”,
“BlkioWeight”: 0,
“BlkioWeightDevice”: null,
“BlkioDeviceReadBps”: null,
“BlkioDeviceWriteBps”: null,
“BlkioDeviceReadIOps”: null,
“BlkioDeviceWriteIOps”: null,
“CpuPeriod”: 0,
“CpuQuota”: 0,
“CpuRealtimePeriod”: 0,
“CpuRealtimeRuntime”: 0,
“CpusetCpus”: “”,
“CpusetMems”: “”,
“Devices”: [],
“DiskQuota”: 0,
“KernelMemory”: 0,
“MemoryReservation”: 0,
“MemorySwap”: 0,
“MemorySwappiness”: -1,
“OomKillDisable”: false,
“PidsLimit”: 0,
“Ulimits”: null,
“CpuCount”: 0,
“CpuPercent”: 0,
“IOMaximumIOps”: 0,
“IOMaximumBandwidth”: 0
},
“GraphDriver”: {
“Name”: “aufs”,
“Data”: null
},
“Mounts”: [
{
“Type”: “volume”,
“Name”: “ea583d6e30e3fa2af98023477fbf051603953cfbb4090253b744bc4da283b17c”,
“Source”: “/var/lib/docker/volumes/ea583d6e30e3fa2af98023477fbf051603953cfbb4090253b744bc4da283b17c/_data”,
“Destination”: “/var/spool/postfix”,
“Driver”: “local”,
“Mode”: “”,
“RW”: true,
“Propagation”: “”
},
{
“Type”: “volume”,
“Name”: “c5e967f7a1ee6c34e992575ab4af4f67de60d332adbd5daf2439875c92077658”,
“Source”: “/var/lib/docker/volumes/c5e967f7a1ee6c34e992575ab4af4f67de60d332adbd5daf2439875c92077658/_data”,
“Destination”: “/var/log/postfix”,
“Driver”: “local”,
“Mode”: “”,
“RW”: true,
“Propagation”: “”
}
],
“Config”: {
“Hostname”: “aeb711c91939”,
“Domainname”: “”,
“User”: “”,
“AttachStdin”: false,
“AttachStdout”: false,
“AttachStderr”: false,
“ExposedPorts”: {
“25/tcp”: {},
“465/tcp”: {},
“587/tcp”: {}
},
“Tty”: false,
“OpenStdin”: false,
“StdinOnce”: false,
“Env”: [
“no_proxy=*.local, 169.254/16”,
“PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”,
“DEBIAN_FRONTEND=noninteractive”,
“MAILNAME=mail.example.com”,
“MY_NETWORKS=172.17.0.0/16 127.0.0.0/8”,
“MY_DESTINATION=localhost.localdomain, localhost”,
“ROOT_ALIAS=admin@example.com”
],
“Cmd”: null,
“ArgsEscaped”: true,
“Image”: “tozd/postfix”,
“Volumes”: {
“/var/log/postfix”: {},
“/var/spool/postfix”: {}
},
“WorkingDir”: “”,
“Entrypoint”: [
“/usr/local/sbin/runsvdir-start”
],
“OnBuild”: null,
“Labels”: {}
},
“NetworkSettings”: {
“Bridge”: “”,
“SandboxID”: “803fb774951dd18b58e0de894079829cbfd76116e683d4f10db401640e6a9578”,
“HairpinMode”: false,
“LinkLocalIPv6Address”: “”,
“LinkLocalIPv6PrefixLen”: 0,
“Ports”: {
“25/tcp”: null,
“465/tcp”: null,
“587/tcp”: null
},
“SandboxKey”: “/var/run/docker/netns/803fb774951d”,
“SecondaryIPAddresses”: null,
“SecondaryIPv6Addresses”: null,
“EndpointID”: “586993464a0fc7e315538f752def1e75969aa438adec814e76c26384384c777d”,
“Gateway”: “172.17.0.1”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“IPAddress”: “172.17.0.2”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“MacAddress”: “02:42:ac:11:00:02”,
“Networks”: {
“bridge”: {
“IPAMConfig”: null,
“Links”: null,
“Aliases”: null,
“NetworkID”: “b4e6fdaaa7784cba883228af101f842e6e7f994a8623e6699b748fcc0078de29”,
“EndpointID”: “586993464a0fc7e315538f752def1e75969aa438adec814e76c26384384c777d”,
“Gateway”: “172.17.0.1”,
“IPAddress”: “172.17.0.2”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“MacAddress”: “02:42:ac:11:00:02”
}
}
}
}
]

 

ismail yenigul

Note: will be updated time to time.

Docker commands

Manual SMTP Auth test for Postfix

 

You need to know the base64-encoded version of the userid and password to test your SMTP auth manually. It is faster than configuring  a mail client. Actually this test should work on any smtp server support AUTH PLAIN.  I used postfix here.

The following perl command will generate base64-encoded AUTH parameter for your username ismail@domain.com and password mypassword  (Don’t forget to escape @ with \)

# perl -MMIME::Base64 -e ‘print encode_base64(“\000ismail\@domain.com\000mypassword”)’
AGlzbWFpbEBkb21haW4uY29tAG15cGFzc3dvcmQ=

# telnet postfixserver 25
Trying 188.166.X.X…
Connected to mail.domain.com.
Escape character is ‘^]’.
220 mail.domain.com ESMTP Postfix
ehlo test
250-mail.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AGlzbWFpbEBkb21haW4uY29tAG15cGFzc3dvcmQ=
235 2.7.0 Authentication successful

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Manual SMTP Auth test for Postfix

openresty, proxy_pass and normalized request_uri issue

openresty

 

I would like to give you a brief overview of the nginx reverse proxy problem and solution I have been working on for days. Actually answer was very simple.

I am using openresty(nginx + lua) reverse proxy to map http://server/$user/$server  to a docker instance IP/port by using openresty lua feature.

I used https://openresty.org/en/dynamic-routing-based-on-redis.html this article as a reference for lua queries.

My goal: I had to remove /$user/$server before sending request to proxy_pass parameter.

Here is pseudo nginx configuration:
Location / {
set target ” ;
access_by_lua_block {
some lua code to map url path to docker IP port
ngx.var.target = dockerIP:port
}

rewrite_by_lua_block {
remove /$user/$server
ngx.req.set_uri($modified_uri)

}

include /path/to/proxy.conf ;
pass_proxy $target;

}

Since I am rewriting the request_uri by stripping /pathX parameter, nginx encodes it.

This encoding/normalization breaks my nodejs client request that cause unexpected errors.
The solution: Specify modified uri as a parameter to pass_proxy host.
pass_proxy $host$modified_uri

A quote from http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

A request URI is passed to the server as follows:

  • If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive:
    location /name/ {
        proxy_pass http://127.0.0.1/remote/;
    }
    
  • If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI:
    location /some/path/ {
        proxy_pass http://127.0.0.1;
    }
    
    
    
openresty, proxy_pass and normalized request_uri issue

Assign IPv6 Address to AWS EC-2 Instance

By default instance does not have an IPv6 Address. If you want to associate IPv6 address to your EC-2 instance, you need to associate IPv6 CIDR block to VPC and Subnet of the instance first, then add IPv6 address to the instance.

Here is the step by step procedure to associate an IPv6 address to already running instance:

Go to https://console.aws.amazon.com and click on EC2. Click on your EC-2 then get VPC and Subnet from description details.

vpc-2

  1. Associate IPv6 CIDR block to the VPC of instanceOpen the Amazon VPC console, Select your VPC then choose action, Edit CIDR
    vpcChoose Add IPv6 CIDR. When the IPv6 CIDR block is added, choose Close
    vpc-edit
    Now VPC has IPv6 CIDR.
  2. Associate IPv6 CIDR block to the subnet of instance
    Click on Subnets under Your VPC section on VPC console.
    Select your subnet, choose Subnet Actions, Edit IPv6 CIDRs.subnet-1.pngChoose Add IPv6 CIDR. Specify the hexadecimal pair for the subnet (ie, 00) and confirm record by choosing the tick icon.

    subnet-2

    Then click Close.

  3.  Switch to EC2 console, click on your instance then Choose Action. Networking->Manage IP Addressesinstance-1And Assign an IPv6 Address.
    Click on Assign new IP under IPv6 section and leave empty IP field to create a auto-assign IP.

    That’s all…

ismail yenigul
ismailyenigul@gmail.com

,

Assign IPv6 Address to AWS EC-2 Instance