Adding a raw mail-file to the postfixqueue

Today I had an issue that I needed to resend quarantined emails.
You can simply execute the following command to inject the mails to postfix


sendmail -t < name_of_the_raw_email_file

Source:
Thanks Wietse (Author of Postfix)
http://postfix.1071664.n5.nabble.com/best-way-to-send-quot-raw-quot-email-files-td45960.html

Share

Encrypted offsite backups via rsync

I love rsync to simply send files to other machines for backing up my data.
Unfortunately sometimes you can’t trust the other side. So you would like to encrypt your data..
Rsync (via ssh) is encrypted during transport but not on disk…

I tried several solutions but they all have some issues:

duplicity
It’s nice but doesn’t do what rsync does. It just makes an encrypted initial full-backup and sends increments. It’s also adviced to do a full backup regularly. That’s not nice thing when you have to send >200GB over the internet..

rsyncrypto
Rsyncrypto encrypts files in such a way they are rsync friendly. (Big files don’t completely change when a byte is changed).
Problem with rsyncrypto is that it requires an encrypted copy of all your data. I’ve got a LOT of files, and keeping this copy up to date costs too much time. I need to run rsyncrypto just before rsyncing the data. And my experiences with it is that it was pretty slow. And I even haven’t taken into account the issue that I’m required to store my data on disk 2 times..

Meet encfs

Thanks to a reaction on serverfault ( http://serverfault.com/questions/160014/encrypted-remote-backups-via-rsync )
I’ve found encfs. Which makes it possible to create and mount a virtual filesystem via fuse-fs which shows an encrypted representation of your files..
Exactly what I want…

Install encfs on FreeBSD

It’s required to enable fuse in FreeBSD. This is a kernel module
so add the following line to ‘/boot/loader.conf’

fuse_load="YES"

Next install the port (or package) encfs. (I love ports)

cd /usr/ports/sysutils/fusefs-encfs
make install clean

Creating a Backup

# mount read-only encrypted virtual copy of unencrypted local data:
encfs --reverse --idle=60 -o ro ~/data/ ~/.tmp_encrypted/

rsync -ai  ~/.tmp_encrypted/ name@example.com:backup/

umount ~/.tmp_encrypted/

First time a menu appears. I choose the following options:

  • Configuration mode: x – expert configuration
  • Cipher algorithm: AES
  • Key size: 256
  • Block size: 1024
  • Filename encoding: null*
  • Per-file initialization vectors: No
  • Password: *****

*I don’t have the requirement to encrypt my filenames

Restore

To restore you data..

  • Take your encrypted file(s) Only the one’s you need :D
  • Copy them into an empty folder ~encrypted-stuff
  • Copy your .encfs6.xml key to the same folder

Mount it:

encfs ~encrypted-stuff ~decrypted-stuff

Encfs asks for the password and behold: you can acces your files again in the ~decrypted-stuff folder :D

WARNING

You should backup your plain text .encfs6.xml file (which is on the unencrypted volume).
on a really safe location. It’s your only key to decrypt your data.

Notes

A possible extra safety measure could be to NOT sync the encrypted .encfs6.xml file…
So use –exclude=encfs6.xml

For me the filenames aren’t really sensitive so I don’t encrypt them.
It makes it much more easy to find the correct file in my encrypted data..

Btw a scripting tip could be the following ‘–sdtinpass’ and supply your password:

echo 'PASSWORD' | encfs --reverse --stdinpass --idle=60 -o ro ~/data/ ~/.tmp_encrypted/

If you have suggestions or advise, please drop a line!!

Share

Freebsd ports, installing Perl ./+INSTALL: Permission denied

Don’t you just hate it when installing ports on a live server fail!
Well I do. Today the following happened:

===>  Installing for perl-5.16
===>  Checking if lang/perl5.16 already installed
./+INSTALL: Permission denied
pkg_add: install script returned error status
*** Error code 1

Big panic, couldn’t install perl on my server.

On my server the /tmp drive is mounted with noexec. This script seems to need execute rights in the temporary directory

The work-around I used is the following:

mkdir /usr/tmp
export TMPDIR=/usr/tmp

Finally my make install works again :D

make install 
Share

Ruby on Rails / ChiliProject encoding issues

This week I’ve decided to exchange Redmine for the ChiliProject. The reason for this is the support for Ruby 1.9. My Apache Passenger server runs Ruby 1.9 so for Redmine I needed a seperate webserver.

When I tried to access the “My Account” page I recieved the following error:

ArgumentError (invalid byte sequence in US-ASCII):
  <internal:prelude>:10:in `synchronize'
  passenger (3.0.7) lib/phusion_passenger/rack/request_handler.rb:96:in `process_request'
  passenger (3.0.7) lib/phusion_passenger/abstract_request_handler.rb:513:in `accept_and_process_next_request'
  passenger (3.0.7) lib/phusion_passenger/abstract_request_handler.rb:274:in `main_loop'
  passenger (3.0.7) ...
`handle_spawn_application'
  passenger (3.0.7) lib/phusion_passenger/abstract_server.rb:357:in `server_main_loop'
  passenger (3.0.7) lib/phusion_passenger/abstract_server.rb:206:in `start_synchronously'
  passenger (3.0.7) helper-scripts/passenger-spawn-server:99:in `<main>'

Rendering /data/www/rails/chili/public/500.html (500 Internal Server Error)

Solution

How should I solve this? The chiliproject has an issue related to this: https://www.chiliproject.org/issues/591.

The following Apache configuration fixed the issue: (The sample is on a FreeBSD system)

I added the following code to a file in the /usr/local/apache22/envvars.d/environment.env

export LC_CTYPE="en_US.UTF-8"

Problems I ruled out or fixed

While trying I also made sure the following things were configured:

I made sure the database is UTF-8. I re-created the database
an ran the migrations again.

create database chiliproject character set utf8;

I used the mysql2 connector instead of the mysql connector in database.yml

Share