When I was looking for something new to build I ended up building a DNS over HTTPS server. This way I can use my Pi-hole server wherever I am, without exposing port 53. I let nginx handle the encryption of the HTTPS connection, send the information to dnsdist for translation to DNS, and let Pi-hole […]
Author Archives: MvandeK
Optimizing and securing Zimbra Open Source Edition
The next commands are used to optimize and secure my Zimbra Collaboration 8.8 Open Source Edition (executed as user zimbra in the CLI): zmdhparam set -new 3072 zmprov mcf zimbraMtaSmtpTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsCiphers high zmlocalconfig -e postfix_enable_smtpd_policyd=yes zmprov mcf zimbraMtaEnableSmtpdPolicyd TRUE zmprov mcf +zimbraMtaRestriction “check_policy_service unix:private/policy” zmprov mcf zimbraMtaSmtpTlsSecurityLevel may […]
Backup Zimbra Open Source edition to a NAS with NFS
The most recent open source version of Zimbra Collaboration 8.8 has no official backup module. But with the help of scripting it is still possible to backup a mailbox. The following situation is assumed: Up-to-date Zimbra Collaboration 8.8 A file is available (emailaccounts.txt) containing all email addresses for the backup A NFS server is available […]
Install pi_mqtt_gpio on Raspbian
I want to receive a notification when someone rings the doorbell at my front door. For this I can buy all kinds of expensive (wireless) doorbells, but I want to use the existing wiring. Because I use Home Assistant for all kinds of automation at home, I also want to integrate this into Home Assistant. […]
openssl pkcs12 export to ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’ failed(1)
When you encounter the following error: ** Creating file ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’ERROR: openssl pkcs12 export to ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’ failed(1):unable to load certificates140665143981720:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:805: Do this (when for example having all the certs temporarily stored in /tmp/): chown zimbra:zimbra /tmp/*.crt chmod 666 /tmp/*.crt Source: https://forums.zimbra.org/viewtopic.php?t=60189
AsusWRT: block Google DNS with iptables
By default, every Google device uses the following configured DNS-servers: 8.8.8.8 8.8.4.4 But I don’t want my guests, who can use my WiFi, to let Google phone home and give information about who visits my network. I use iptables to block those DNS-requests. The firewall rejects all the DNS-requests that would be sent to Google. […]
Handige PowerShell commando’s voor mezelf
Het toevoegen van lange DKIM sleutels met dnscmd Probleem met PowerShell: het kan geen strings aan die langer zijn dan 255 tekens. Mijn DKIM-key is langer dan dat, en ondanks allerlei pogingen is het niet gelukt om deze met PowerShell toe te voegen aan de DNS-zone. Gelukkig werkt dnscmd nog wel in PowerShell, dus kan […]
Telfort Glasvezel met ASUS RT-AC68U router
Na twee jaar met de Experiabox v8 te hebben gewerkt in combinatie met een Telfort Glasvezel abonnement, is het tijd om deze te vervangen. Ter vervanging van de Experiabox v8 heb ik de ASUS RT-AC68U aangeschaft. Het belangrijkste is dat internet en IPTV blijven werken. Ik maak geen gebruik van telefonie, waardoor VOIP niet in […]
Quote from the Netflix movie Anon
It’s not that I have something to hide… I have nothing I want you to see. From the movie Anon
Switch from Certbot to acme.sh
I normally use Certbot to issue and install the free Let’s Encrypt certificates. But I haven’t found a, or there is no, convenient way to issue ECC-certificates with Certbot. For that reason I switched from Certbot to acme.sh. With acme.sh I can generate ECC certificates, without having to generate all kinds of extra files before […]