Using ssmtp with FastMail

#  a config file for sSMTP sendmail.

# The user that gets all mail for userids less than 1000. If blank, address
# rewriting is disabled.
Root=roots-mail@example.com

# the smarthost or relay or ...
Mailhub=smtp.fastmail.com:465

# TLS Config
UseTLS=YES
UseSTARTTLS=NO

RewriteDomain=example.com

# The full hostname
Hostname=example.com

# FastMail credentials
# https://www.fastmail.com/help/clients/apppassword.html
AuthUser=fastmail-username
AuthPass=fastmail-password
AuthMethod=PLAIN

Firewalld Rich Rules

Use Firewalld rich rules to allow unresticted access from a single host or subnet.

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="203.0.113.0/24" accept'

The above will add a rule to the public zone that will allow ipv4 connectivity on all ports from and address in the 203.0.113.0/24 subnet.


Signing GnuPG keys with caff

Background

These are my notes on getting caff configured and working in order to send signed keys after the OhioLinuxFest keysigning. All of this was done on a Fedora 24 Workstation using only the standard repositories. If you're looking for instructions here, your milage will surely vary.

Installation

The pgp-tools package provides caff. It can be easily installed with yum. I also install msmtp in order to send the keys by email once they were signed.

At this point, I also configured msmtp to work with my mail provider.

Configuration

Just running caff will create a default configuration at ~/.caffrc. Edit this file with your specific options. The important changes will be

# change the name
$CONFIG{'owner'} = 'Some User';
# change the email address
$CONFIG{'email'} = 'someone@example.com';
# your keyid
$CONFIG{'keyid'} = [ qw{1234567890ABCDEF} ];

For caff to use msmtp, also add the following configuration

$ENV{'PERL_MAILERS'} = 'sendmail:/usr/bin/msmtp';

Signing keys

At this point, I just ran caff. In the example command below keyid is the key id that will be used for signing and keys.asc is all of the public keys that will be signed.

caff --keys-from-gnupg -u <keyid> -R --key-file keys.asc

Now, caff will display each key (userid) and ask to sign. If signed caff will email an encrypted copy of each signed uid individually.


Creating a custom tuned profile

Background

From the man page "tuned is a dynamic adaptive system tuning daemon that tunes system settings dynamically depending on usage."

Profiles and Configuration files

A list of installed profiles is available using tuned-adm.


Configuring ipmi using ipmitool

Packages and Services

On RHEL7Server the OpenIPMI and ipmitool are necessary to configure and use IPMI.

$ yum install OpenIMPI ipmitool

Networking

$ sudo ipmitool lan set 1 ipsrc static
$ sudo ipmitool lan set 1 ipaddr 203.0.113.45
$ sudo ipmitool lan set 1 netmask 255.255.255.0
$ sudo ipmitool lan set 1 defgw ipsrc 203.0.113.3

User Configuration

Add a new user with Admin rights

$ sudo ipmitool user set name 2 admin
$ sudo ipmitool user set password 2
Password for user 2:
Password for user 2:
$ sudo ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4
$ sudo ipmitool user enable 2

Other Topics

  • Configuration authenication
  • View and clear SEL
  • View hardware status