User Manual - Nic.Nac.Project
Contents
1. OPER 17 Installation of additional packages 17 A A u uns E h rM eco iS Sah span as 17 MAllSySIenm zs dis 18 POSI eo agua RIA i mn Su AREA A ASAS RES 18 Anti Spam SAU VITUS eer odit sn A adios 18 Dovecate Recer vedi dons eec dt atada 19 LAA UA 19 ActiveSync Push S rvI68S ad cuts es cancels ai d rub sates re re Stes N ua asas 21 A anata A sa aaa m bapa ve ADR 21 Homepage dele dan 23 MISQED TD ms 23 Tor and Sano MOS AE 23 A e Eae te vette e a Si sepe eint ETO ERES EAS RE 23 Link a gk m eei Au cotto uq O hu A a l a US 24 Disclaimer Mir ida 24 Date 2015 05 14 Version 1 2 Author Contact private Sebastian Krajenski Im Gehren 24 1 73732 Esslingen Germany Tel 49 162 8741288 SMS possible only for emergencies like server down E Mail postmaster freeshell de Contact business mars solutions GmbH Robert Bosch Str 8 73037 Goeppingen Germany Tel 49 7161 6549250 Mon Fri E Mail sebastian krajenski mars solutions de Business proposals welcome I m a certified RHCE7 LPIC 3 security with 19 years of Linux experience in general Naming The project is called freeshell de like the homepage and main domain name The old name of Nic Nac Project is not in use anymore Server The momentarily used system is a Intel based 64 bit system2. Date 2015 05 14 Version 1 2 Of course there is always a way back In case the zarafa account doesn t fit your needs Just delete your SHOME forward file Now new mail will arrive in your classic Maildir dovecot mailbox again Mail from the zarafa account can be moved back using a mailclient of your choice ActiveSync Push Services In case you use your zarafa account you can configure your mobile devices to sync with it Choose Exchange account and sync contacts tasks calendar and mail with it Servername freeshell de Login and password as always Domain field leave empty Owncloud URL https freeshell de owncloud Your account here is automatically equipped with some local owncloud storage It s usable by browser or the native client By the way I only support the file sharing features All other fancy owncloud features are officially unsupported by me You can also configure your Zarafa Webapp to automatically use your owncloud storage mu C m E d Zarafa Files Files Files Bl m Files 0 i Version 6 0 3 e E Fiename Last modified File information Thursday 01 01 1970 1 00 Filename squirrel jpg B paris po Saturday 14 02 2015 11 45 Filesize 228 2 KB B san francisco jpg Saturday 14 02 2015 11 45 Last modified 14 02 2015 11 45 E documents music Type File jpg Es Open Rename File preview lt Attach to mail W Delete Date 20
3. The first 12 chars are the public identity of your key Just remove anything beyond char 12 Example result after editing psmith ccclksjehdzu Date 2015 05 14 Version 1 2 Two Factor Login forced You d like to be forced to use two ways of authentication when logging into the system Just use the homepage request form and tell me about that I ll then add you to the Force Two Factor Group The login procedure is then the following Login with SSH Public Key must Then you ll see Authenticated with partial success Password Here you now have two possibilities Enter your normal text based password OR hit the yubikey The server side setup of that part by the way looks like this in sshd_config Match Group mfagroup AuthenticationMethods publickey keyboard interactive Date 2015 05 14 Version 1 2 OTP OPIE Auth URL https en wikipedia org wiki OPIE Authentication System And there is also OTP OPIE available here Technically comparable to the yubi variant You generate one time passwords which in this case are typed into the keyboard No special hardware needed opiepasswd c f Now you re asked for a at least 10 digit passphase the output looks like this ID yourlogin OTP key is 499 fr0761 TEN BILE MAID BARE SICK ABE What does that mean 499 is the sequence nu ber fr0761 is the seed so to say the initializing vector for your OTPs Now for the client side You need a piec
4. move in sh moves your current mail to into the zarafa mailbox using imapsync in the background In case you just want to look around without migrating for real you can login into e g Zarafa WebApp anyway The account is automatically in existence just unused empty Date 2015 05 14 Version 1 2 Classic IMAP or POP to the zarafa account works as follows Servername zarafa freeshell de Port 995 POP3S TLS Port 993 IMAPS TLS Sending email SMTP with a mailclient of your choice Not different from the normal Dovecot system SMTP is simply the same Servername freeshell de Visit this URL for the groupware web client Zarafa WebApp URL https secure freeshell de Please zoom in with your PDF viewer to see details Calendar Y ou are logged on as Rainer Kienzle purs P T amc EN ES EA ED FS Zarafa Calendar lt E catendar Reminders x s T Tes i Terum Cn ib x M Melee e quos Start time Wednesday 11th February 2015 13 30 a m M T W T FS Search in Calendar 2 Subject Due in A NAAA 9 0 n 2 5 um Tuesqav ies Feb 7 Test 5 days overdue 16 17 18 19 20 21 22 do s aoe jus 23 24 28 26 27 28 Boano N g 00 My Calendars 10 00 Dismiss All Open tem Dismiss Show all folders 00 Click Snooze to be reminded again in Open Shared Calendars 11 5 minutes F 1200 1300 1400 15 00 16 00 1700 18 00 19 00 20 00
5. auth verifier port25 com Disclaimer Misc The terms and conditions as well as the data protection statement are available through the homepage www freeshell de on menu item Contact All documents are updated regularly Please make sure you always use the most recent version Remember this is a shared system Over 2000 people from literally all over the world share the server Please treat persons with respect and use the available resources wisely Date 2015 05 14 Version 1 2
6. 15 05 14 Version 1 2 In case the Files feature in Zarafa WebApp is not automatically enabled here is how to do it Login to Zarafa WebApp https secure freeshell de Please zoom in with your PDF viewer to be able to read the instruction details You are logged on as Rainer Kienzle Settings z B Zarafa P settings General Available plugins EA Mail The following plugins are available in the WebApp Itis possible to select and or deselect different plugins to indicate which plugins should be enabled When any plugin is enabled or disabled the WebApp mustbe reloaded in order for the changes to take effect Files 45 Out of Office Display Name Browser Compatibility Plugin a Y Mail filters Contact Fax m 1 E Calendar Dropbox Attachment Plugin Delegates gt Facebook Events m Eg Send As GA Shortcuts PDF Box Plugin a Personal Inbox Manager of Advanced m Mer SalesForce a oul P Statistics Loagina Ir After that login logoff twice and head back for the Settings Y ou are logged on as Rainer Kienzle Settings sel gz Rd Zarafa gt Settings lt General Enable Disable Files components Va Mail Attach a file from Files o Taes Save received attachments to File Y outot of Enable file browser e ut of Office f Mail filters General Files settings 3 Calendar Server address freeshell de Delegates Server SSL port 443 EZ Send As Path to Files Jownc
7. 247 40 147 DNS Name ssh freeshell de 94 247 40 152 DNS Name zarafa freeshell de 94 247 40 153 DNS2TCP address see gt censored internet 94 247 40 155 DNS Name secure freeshell de 94 247 40 156 DNS Name freeshell de IPV4 main address IPV6 Assigned 2a01 360 106 2 48 In use 2a01 360 106 2 DNS Name freeshell de IPV6 main IP of the server Connectivity The server is connected by a 100MBit s Link to the internet In case of a D D oS attack the system automatically gets disconnected from the infrastructure Likewise it is automatically connected back when the attack stops Date 2015 05 14 Version 1 2 System identification Certificates DNSSEC The DNS of the main domain freeshell de is secured with DNSSEC I recommend the following URLs to check out the zone URL http dnssec debugger verisignlabs com freeshell de URL https www dnssec validator cz There you ll find a neat Browser Plugin that checks for a couple of things The availability of DNSSEC for that domain key symbol as well as the validity of TLSA entries B hitps freeshell de SO lt At the moment I maintain TLSA entries for the following names services 443 tcp freeshell de 443 tcp www freeshell de 443 tcp secure freeshell de _25 _tcp freeshell de gt postfix is configured DANE compatible here _465 _tcp freeshell de _587 _tcp freeshell de SSH Fingerprint SSH Fingerpr
8. dagkUNz5zihl fLxSedrp2qn5RG9MIDU Ec92x dLZADjwowE8lIpXnOIhEPJSw9JLXZCJ6ZIOtLWVG5Wa5AQOEUpo8pQETIALBXy 70UGN1iAdh3 bC08y 60s4AbPfi1BqsWB92YsKK9Lc6ZrOfrOI1RerpNBfn9uAlKwyvXtPRkEBe7E6ygWkNEqq GxZMzDuAmzRQ8xmSoNch4ArDO9LF2XYHZAEFp1lhEaXQVn 2hPodUGOhgPXcTAIjvcVwbkabtM R qr cAj5ND1sepNw KHN7IHu1gRO7PqnKSmILEH3 BPNBncZzEOTXUGOVpLfFs 2wFLZ1NaP NHX3bW ro01faOkenHRs5ASvzm1SCXLNuo3xTW j VGgG J 33MHU7W600ByaRW3evUXJ2ByHy p3wLScOoF9RfqzgMcXOoIuNHcHemiCVnisELninEAEQEAAYkBHwQYAQIACQUCUpOo8pQIbDAAK CRC5xWnMyOrfxGtGB oDzCiwtySmM9s7T5Ej8bEbpsHrLZdjmmpCeL5oit wyHVgZ6r P95ti 2Pkfg2FWJCBi1C5d OIXBEr iWL5mXNqoddkzO7PnHg6JCO1dliPazoOFmeMNkG56n51IVPyV fkSzX1wm4A2eh1DKJf J1HA m7rizOMmd8y 2LihDa3x8huJeCnQt6bCKwsuRI445lECcvY7bg bP6vLvrloKTZ3pX53 UjGpqi5c xkn7hmecHnCTJeHouVzCm80DZhWwD8HNfog1C7xqr1Lfk1 TofiababVtBnH8GBkv2iWMUM8pb 8hZElNYebLyO44X9zOoRPmUoOYmOj fzr Y jB4awXGEPqa VaYe Date 2015 05 14 Version 1 2 SIMIME Public Key If you prefer s mime this is the right key address sk freeshell de Download URL https freeshell de smime txt Copy Paste variant BEGIN CERTIFICATE MIIErzCCA5egAWIBAgIQZrRVwxe9sOu13VlGowUlKDANBgkqhkiG9wOBAQsFADBd MQswCQYDVQQGEwJCRTEZMBCGA1UEChMQR2xvYmFsU21nbiBudiizYTEzMDEGA1UE AxMqR2xvYmFsU21nbiBQZXJzb25hbFNpZ24gMSBDQSAt IFNIQTIA1NiAtIECyMBAX DTEOMDUZMDEONDMXN1OXDTE3MDUZMDEONDMXN10wO jEYMBYGA1UEAwWPC2tAZnJl ZXNOZWXSLmMRIMR4WHAY JKoZIhvcNAQkBFg9zaOBmcmV1c2hlbGwuZGUwggEiMAOG CSqGSIb3DQEBAQUAA4 I BDwAwggEKAOIBAQDB y Jowokc6u
9. e 3rd party software dependencies that normally lead to 3 4 months of delay until I m able to upgrade after initial release Please be patient Installation of additional packages In case you miss a package just ask for it using the request form on the homepage I will install almost any package that is available to official channels in respect to the running release https www debian org distrib packages http backports debian org Packages Firewall This system uses a packet filtering iptables firewall All ports from the outside to non standard services are closed In case you need a private port please let me know through the request form on the homepage Date 2015 05 14 Version 1 2 Mailsystem Postfix The MTA on the server is postfix The following services are configured Servername freeshell de Port 25 SMTP sending email Relaying with auth STARTTLS forced Port 587 Submission sending email with auth TLS forced Port 465 SMTPS sending email with auth TLS forced The mailbox format used on the system is Maildir So your email resides in HOME Maildir Domain names You are reachable with the following addresses you freeshell de primary secondary freeshell ch freeshell at nic nac project de More domain names may follow Anti Spam Anti Virus Email on the system is passed through a couple of techniques in and out ips backscatterer org in safe mode
10. e of software to generate the passwords In case of some older Debian you install the package opie client Usage goes like this Terminal 1 ssh you freeshell de Password ENTER Yubikey for ENTER otp md5 497 fr0761 ext Response In another terminal window you prepare your one time password Terminal 2 opiekey 497 fr0761 Now after entering your passphrase you are provided with the OTP for login WALK NEWS NE COAL MUFF BEAD Hint You can generate some OTPs in advance Example opiekey n 10 497 fr0761 generates the next 10 valid OTPs Date 2015 05 14 Version 1 2 limited access censored internet So you are limited in some way regarding your internet connection It s still likely that you can connect anyway Let me show you some alternative ways to get into the system Use an alternative port ssh ssh freeshell de p443 ssh work ham to p443 same IP but more unsuspicous name If your only limitation is not being able to run SSH client software use the browser variant https gateone freeshell de If all else fails use DNS2TCP If you have access to a linux machine install the package dns2tcp With this method the TCP packets for SSH are sent out covered in normal DNS requests Usage Terminal 1 start the tunnel program dns2tcpc z tcp ham to dns ham to 1 12345 r ssh Tunnels SSH through DNS and port forwards freeshell SSH to localhost 12345 Terminal 2 login to free
11. freeshell de FREE SHELLS FOR A FREE WORLD User Manual Table of contents A aan ashata a A Tu a Tat uska aaa pas Qs pasas asus O LQ ma NA 3 Na iaa as 3 IV A Sasa y AAA AAA E TET AA P 3 Deseription of base UA a tdci 4 A dunt E I d Me UE 4 User TOSQUICOS r y Led TOUT E EL E E E Gul Q Sh Raa A dain ts 5 DIS ass 5 Processes ani RAM E ete pte vi a Dp Mud up dae e E n I ee ends ee 5 Account ara RTT T TT PETER 5 Servernamey Network Addresses 5 5 n one tr occ 6 A AAA Les e t A hr M Lt N Seu cA i ose 6 A A uqa a TNS 6 CONTE CU uuu n ataman UN a aes ua bsc Te LR e uU EQ 6 System identification Certifiedt s ooi sesauo o dateepe pube e poire nu t n seges ute dimus 7 DNSSEQ a maa ito ono aet itus i E tM Me as Z SSH FingerpriNt ud q a hi a Su au Qh AQ ug uu DS 7 So LS RIM palle A a a a us Mas yas 8 PP Kearse iine e aane e aE A Aa ea aaea ER EEEa akun a end E e 9 S MIME Publie I 6 6 en oet porri E ua E A E a 10 Authentieatior dnd 360888 senec eyes adr va e ER Eg des e anie esr E oai 11 ett d reo dab dud etd ebbe ets her d Ee ies o acr 11 PASSW ONG Mee Wr Cerco 11 P blie K y uu PN 11 PUG OVC S eua A ase teste CoD etm M ist hM c Ade Rs 12 Two Factor Login Oral ia Ne M A DS 13 OIE TP EE AU s Stk nn tecta i i rte a ht ci utere etel tis 14 limited access eensored tere lt ida 15 SOLE and NS los 17 O
12. h as well as a best estimate regarding the date the data was still intact Date 2015 05 14 Version 1 2 User resources Disk space There are different quotas for you depending on what services we re talking about Linux HOME directory incl Maildir gt 256MB MySQL database gt 256MB Zarafa Groupware mailbox gt 512MB OwnCloud service gt 1024MB Processes and RAM Here is an overview on what resources to expect on the shell ulimit a data seg size kbytes d 256000 file size blocks f unlimited pending signals i 63359 max locked memory kbytes 1 64 max memory size kbytes m 256000 open files n 1024 pipe size 512 bytes p 8 POSIX message queues bytes q 819200 stack size kbytes s 8192 cpu time seconds t 300 max user processes u 50 virtual memory kbytes v 512000 file locks x unlimited Account lock Basically this is covered in the terms and conditions For short Misuse of any kind as well as illegal content will lead to deletion as well as account lock I don t spy into your files but there is a automated process using commercial anti virus software to find virus and trojaned files They get automatically deleted For optimal privacy I recommend you to use TrueCrypt gpg or similar software Date 2015 05 14 Version 1 2 Servername Network addresses IPVA Assigned 94 247 40 144 94 247 40 159 In use 94 247 40 145 Default GW 94
13. help In case of difficulties that are not covered by the manual please leave me a message through the request form on the homepage In case the issue requires that Write me an encrypted email Hint Most login problems derive from fail2ban here The server blocks any attempts to the system from your source IP when a attempted login fails 5 times in a row The block lasts 1 hour This slows down brute force attacks and is in place to protect your account Date 2015 05 14 Version 1 2 Link collection Links to provided freeshell de services HTML5 SSH Client https gateone freeshell de SquirrelMail Webmail https secure freeshell de squirrelmail Roundcube Webmail https freeshell de rc PHPMyadmin https secure freeshell de phpmyadmin Zarafa WebA pp https secure freeshell de Etherpad Textcollaboration https etherpad freeshell de 9002 External useful links Mailserver Crypto check https ssl tools net mailservers Webserver Crypto check https www ssllabs com Tails Privacy Live Distro https tails boum org DANE SMTP Validator https dane sys4 de DNSSEC Zone Analyzer http dnssec debugger verisignlabs com DNSSEC Browser Plugin https www dnssec validator cz Secure E Mail Test Tools http checktls com Meta RBL Check Seite http multirbl valli org Test Mailaddress for various Checks test allaboutspam com Test Mailaddress for various Checks check
14. i9TSqSZ 0S83FKal FXIWuK1iMw4yN3MKiSt3VUke7qgRXbnyMth6wrN9WcvoSs 0 NnpiRBwmj gtuTFOd3 WDlnz Ni8J9JfplbvdPwjyli1YHA2MBU5WmcV3ZQAAruXx jWwSISn2Qy6GlDLszKB cddU1q4y5MhPQUdEayprhmmm11KZCTQK1YJ B3RUABxGUVCCrZ8Jj6vgC 4dbX33 C E9NxhiLewqZY Me5YHfVf 7gL CLuNyo4HNaFTKtnADY9D6XUy qOrzCD1c H O 71EW7HvTR891fBb4980WDjBqgPIV9FiqpzddpXHc1hwk1DVIKQ1se PdAgMBAAG ggGMMI IBiDAOBgNVHQ8BAf 8EBAMCBaAwTAY DVROGBEUWQzBBBgkr BgEEAaAyASgw NDAyBggrBgEFBQcCARYmaHROCHM6Ly93d3cuZ2xvYmFsc21nbi5jb20vcmVwb3Np dG9yeS8wGgYDVRORBBMwEYEPC2tAZn J1ZXNoZWxsLmR1IMAkGA1UdEwQCMAAWHQYD VROLBBYWFAY IKwY BBQUHAWIGCCSGAQUFBwMEMEcGA1UdHwRAMD4wPKA60DiGNmhO dHA6Ly9j cmwuZ2xvYmFsc21nbi5jb20vZ3MvZ3NwZXJzb25hbHNpZ24xc2hhMmcy LmNybDBZBggr BgEFBQCBAQRNME swSQYIKwYBBQUHMAKGPWhOdHAGLy9z ZUN1cmUu Z2xvYmFsc21nbi5jb20vY2FjZXJOL2dzcGVyc29uYWxzaWwduMXNoYT JnMi5jcnQw HQYDVROOBBYEFPmw200p7NINIKEGzT3zQ LwJIL9MB8GA1UdIWQYMBaAFPA4pqbj nFvJ7ULZbnfYNFdBp20FMAOGCSqGSIb3DQEBCWwUAAAIBAQBpmSlGxcutBHIb28sk XdF911x342jPMIYmsDNVsOXulKe2gVhGngsD9NO9cWrk8zbc0j jVb U3PzopMuc id5m9X8ti2U0AzyjNNm67QXj sN oQxcUIBmGm38xfAC510aqfo0U9AUr6LV1MQd OWHC5 7hfsXgb1Z2q OZeXnNGVnekcOalS5VPlAnikYov87k9VofwATBfRMGTbNZz sdkLl1VWbZAFHYypnxtAiGuuCA4oHBOfV3pnQqalBaGCi5NFObfFouQ0M0867s06pP YPo4eQGL77j0HCSqz7TASAOwW 7zZA5KXIQUQVy1Bv19RcijysAc5IluEdVqd QYy Idzo Date 2015 05 14 Version 1 2 Authentication and access SSH OpenSSH server here accepts connections to freeshell de on the default port TCP 22 for interactive session
15. int freeshell de RSA 0c 39 00 1a 11 4a 1c 09 4d 7c 06 6e 19 15 7a c7 SSH Fingerprint freeshell de ED25519 92 61 df 85 1b 07 1b 6a 04 34 96 be 49 cf 9e f0 Hint In case of untrusted or mobile situations like Internet Cafe hotel etc I deeply recommend to print out the fingerprints on a piece of paper and carry them with you You prevent man in the middle attacks this way Date 2015 05 14 Version 1 2 SSL Fingerprint Certificate Viewer freeshell de i F General Details This certificate has been verified for the following uses SSL Client Certificate SSL Server Certificate Issued To Common Name CN freeshell de Organization O lt Not Part Of Certificate gt Organizational Unit OU Domain Control Validated Serial Number 53 34 72 94 B3 ED 7C C5 5E 3E 27 4B 3F 8E 1E E2 Issued By Common Name CN COMODO RSA Domain Validation Secure Server CA Organization O COMODO CA Limited Organizational Unit OU Not Part Of Certificate Period of Validity Begins On 01 02 2015 Expires On 01 03 2016 Fingerprints SHA 256 Fingerprint 6D 72 BE 48 3D AF B1 67 E5 48 2C D2 81 5E CD 4C 07 19 0B 16 88 2C C9 56 86 D7 71 3A CA 00 8B AD SHA1 Fingerprint 48 11 2F 97 67 B3 2F 1E D1 76 EA 4B 71 F1 F1 56 F9 EB 61 DE Copy Paste variant of the SHA 256 Fingerprint 6D 72 BE 48 3D AF B1 67 E5 48 2C D2 81 5E CD 4C 07 19 0B 16 88 2C C9 56 86 D7 71 3A CA 00 8B AD The webserver also uses certificate pin
16. loud remote php webdav Use Zarafa credentials for v X Plugins authentication ars Use SSL connections v Backend to use Webdav Y Advanced About Quota information After that login logoff twice again Now owncloud storage is usable in your zarafa groupware account as well Have fun Date 2015 05 14 Version 1 2 Homepage PHP Your account automatically provides a directory where you can publish your homepage The URL is as follows http freeshell de yourlogin which by the way gets automatically redirected to https freeshell de yourlogin To put content into it that should be reachable from the outside put it into this directory HOME public_html This is so to say your documentroot Script languages PHP 5 4 xx is installed and available Perl and Python as well MySQL Database In case you also need a mysql database just ask using the request form on the homepage PHPMyAdmin is installed here https secure freeshell de phpmyadmin Tor and anonymous surfing This project supports and promotes anonymous surfing Tor is installed and running in the server It is accessible through the local privoxy proxy servuce as well as with tsocks Set the proxy variables as follows export http proxy http 127 0 0 1 8118 export https proxy http 127 0 0 1 8118 Privoxy of course keeps no log files here Here is an example for tsocks usage tsocks ssh login where_ever com Support and
17. ning Modern browsers may know this way if the certificate delivered is the right one This technique relies on trusted first visit of course Technical background info https tools ietf org html draft ietf websec key pinning 21 Implementation hints https developer mozilla org en US docs Web Security Public Key Pinning Date 2015 05 14 Version 1 2 PGP Public Key This is my public key for safe email communication My address sk freeshell de URL http pgp mit edu 11371 pks lookup op get amp search 0xB9C569CCC8EADFCA Long ID B9C569CCC8EADFCA Copy Paste variant BEGIN PGP PUBLIC KEY BLOCK Version SKS 1 1 4 Comment Hostname pgp mit edu mQENBFKaPKUBCACt1CXVZAGV5v0jge 55rksBzq cWURQeJNFbolUo9XgUPiNUH8nVO0z0K8p 2qS2P6vnwdpwArO6JSCSZTA1IdPC6GVOT2Jn8kxCWopcOB5ODWbZxDb7YY9ZpAvAOqDHSi119 6CzSbVTjHsMRiJqZ6a2F 1Y5WANeWMJtWOCtgLhxizb5wJeQSE3IS3LOc KXqI eKbgSpXDFTi cGvxG3rnnXZvvRP9MGP10GQ7MsVsLzIkE6ruTWJz3pi6ZJhw91W4BnOaEzpu5w5CykJXG914 xPfXp5Ocbh4c j 0ZAZO0j pyNNj F 2pdiHKNKe wI3HMqLmximrpcS17qJM5pERHL JECO j ABEB AAGOJVNlYmFzdGlhbiBLcmFqZwW5za2kgPHNrQGZyZWVzaGVsbC5kZT6JATgEEwECACIFAlKa PKUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAO JELnFaczI6t En6wH 1dF2 EVWKC QQTO1n9 4JNimxbr9ECXL2 93BgO0zxUrFxUqhIC6154LqS3Ncc PAdhFGMyr 7RK3DV3deiT GKnvX1vgpd6xMhXniyuMlzDkyIKZCUC5IsrQMf5cBHtENxQEwPn4hje4Az28jKtTaCkPV6ni nN8eM7Qd8R1W QbUmg aqZP7b0MGaJjNAILFFtjx8S7fROJi A7TRXZBXSgZVID1jlWpwZzE Uqq7sBa7sS131Y v5gIf7rapk K6MBakI8
18. policyd spf freeshell de uses hard fail strict in its own DNS entries policyd weightd RBL list checks DKIM check OpenDKIM in safe mode receiving side otherwise mailing lists would break BATV you get automated BATV envelope adresses to your sent mails ESET Antivirus check this commercial AV checks for malware and trojans Hint Maximum element size per mail element is 50MB Date 2015 05 14 Version 1 2 Dovecot Receive mail Dovecot provides your mailbox through POP3 and IMAP on the following ports Servername freeshell de Port 110 POP3 STARTTLS forced Port 143 IMAP STARTTLS forced Port 995 POP3S TLS Port 993 IMAPS TLS On the shell you can run preconfigured mutt or pine to access your mailbox There are also webinterfaces in place URL https secure freeshell de squirrelmail src login php SquirrelMail Type spartanic and functional URL https freeshell de rc RoundCube Type modern and good looking Zarafa Groupware URL http www zarafa com In case you want full collaboration experience and simple email is not enough for you Zarafa is a AGPL3 groupware solution that provides besides basic email services things like Calendaring also via ActiveSync aka Exchange Mailbox see below Tasks Notes Contacts address books Zarafa is in permanent co existence with the normal mail system On the shell you can at any time migrate to Zarafa
19. s With Linux and MacOS I recommend you ssh on the terminal With MS Windows putty is the favoured client http www chiark greenend org uk sgtatham putty download html When you connect from a computer for the first time please always check the fingerprint Password Your first login will be password based After that there are a couple of possible enhancements or variants Public Key You already have a public key identity for SSH type RSA or ED25519 Just fill HOME ssh authorized keys with your public key to login with a keyfile in the future In case you don t have a look here https help ubuntu com community SSH OpenSSH Keys If you additionaly like to improve the SSH secrecy I recommend this article https stribika github io 2015 01 04 secure secure shell html Hint File transfer to the server is only possible using SFTP or SCP Classic unencrypted FTP is not possible anymore Date 2015 05 14 Version 1 2 Yubikey MEE Tine YUBIKEY URL https www yubico com products Another possibility to login is the Yubikey It s basically a USB Device that emulates a keyboard It generates throw away one time passwords Set it up like this cd HOME mkdir yubico cd yubico cat gt authorized_yubikeys lt activate your yubikey by pressing the sensor gt lt Ctrl D gt Now take a text editor and modify the file according to this schema yourlogin first 12 chars of yubi output
20. shell ssh your freeshell login 2localhost p12345 In case you not only want to login to the shell but like to proxy surf through that connection ssh o CompressionLevel 5 C 4 ND localhost 1080 you localhost p12345 Date 2015 05 14 Version 1 2 Now you got yourself a socks proxy to freeshell Hint You won t get a shell prompt with that command that s normal This is how to setup e g your firefox to use that proxy safely Connection Settings Configure Proxies to Access the Internet O No proxy O Auto detect proxy settings for this network O Use system proxy settings Manual proxy configuration HTTP Proxy Port L use this proxy server for all protocols SSL Proxy Port 0 B ETP Proxy Port 0 B SOCKS Host localhost Port 1080 B O socks v4 9 SOCKS v5 Remote DNS o 4 No Proxy for localhost 127 0 0 1 Example mozilla org net nz 192 168 1 0 24 It s imperative to check the Remote DNS box Otherwise your evil ISPs DNS might get a clue to where you surf This method in general will be really slow because of the DNS2TCP overhead in general Hint Anyway even if you can connect to freeshell without hazzle you are welcome to use the socks proxy technique as well Date 2015 05 14 Version 1 2 Software and services OS The server runs Debian 7 Wheezy 64 Bit version In irrgeluar intervals the distribution gets updated the the latest stable release There ar
21. with the following specs Processor i3 3220T with 2 8 GHz 4 Cores 8 0 GB RAM 2x 500GB WD SATA HDD Date 2015 05 14 Version 1 2 Description of base setup The setup as such is a single server system Regarding the HDDs a software RAID1 is used Both HDD get monitored using smartd Daily tests short test as well as weekly tests long test assure that possible SMART Errors are detected as quickly as possible Nameserver situation of freeshell de NS1 ns1 nic nac project de NS2 ns2 nic nac project de In detail ns1 nic nac project de freeshell de the server itself the MASTER DNS ns2 nic nac project de 50 30 38 228 a vServer in USA exclusively used as SLAVE DNS The old legacy domain nic nac project de itself is served from those nameservers nsa5 schlundtech de nsb5 schlundtech de nsc5 schlundtech de nsd5 schlundtech de A backup MX record doesn t exist at the moment but is planned The hardware and software situation as well as the DNS setup is permanent work in progress There may be regular updates and improvements Backup The system is saved to another data centre on a daily basis using duplicity The data is gpg encrypted The command I m using is duplicity incremental encrypt key lt Key ID gt full if older than 30D v3 file backup 365 restore points are saved at the moment In case you need a restore please always name the exact and absolute pat
Download Pdf Manuals
Related Search