What steps do I have to take to configure my sendmail server to implement domainkeys properly?
Also what do I have to do on the DNS end?
There are detailed descriptions on the web. For example:
http://www.elandsys.com/resources/sendmail/domainkeys.html
http://www.erikberg.com/notes/milters.html
http://www.technoids.org/dk-milter.html/
I had success with dkfilter.
On the dns side you need to setup 3 TXT entries:
(blank).domain.com value="YOUR-SPF-CODE-HERE"
(get your spf code at openspf.org)
_sldomain.domain.com value="o=~"
yourselector._sldomain.domain.com value="YOUR-PUBLIC-DOMAIN-KEY"
Generate your public domain key like shown in this tutorial:
http://www.howtoforge.com/postfix_dkfilter_domain_keys_implementation
Download dkfilter here:
http://jason.long.name/dkfilter/
Related
I install Shopware 6 on CLI. My shop is reachable over HTTP and HTTPS.
The cli-installer will create a storefront with my given URL like https://demo.shop.
My problem now is that I need the shop to be reachable without TLS too. How can I add another Storefront URL?
I tried to use the command bin/console sales-channel:create:storefront --id=e28bf43c262f4343938a7b8a841ed136 --url=http://demo.shop but this will fail with
6:06:05 CRITICAL [console] Error thrown while running command "sales-channel:create:storefront --id=e28bf43c262f4343938a7b8a841ed136 --url='http://demo.shop'". Message: "Expected command for "sales_channel" to be "Shopware\Core\Framework\DataAbstractionLayer\Write\Command\InsertCommand". (Got: Shopware\Core\Framework\DataAbstractionLayer\Write\Command\UpdateCommand)" ["exception" => Shopware\Core\Framework\DataAbstractionLayer\Write\Command\WriteTypeIntendException^ { …},"command" => "sales-channel:create:storefront --id=e28bf43c262f4343938a7b8a841ed136 --url='http://demo.shop'","message" => "Expected command for "sales_channel" to be "Shopware\Core\Framework\DataAbstractionLayer\Write\Command\InsertCommand". (Got: Shopware\Core\Framework\DataAbstractionLayer\Write\Command\UpdateCommand)"]
How can I solve this?
As the name of the command suggests it is only meant to create new sales channels, not for updating an existing one.
Why not create the additional domain using the administration web-interface?
If you can't access the web-interface for some reason you could change the domain with the command bin/console sales-channel:update:domain instead. This will change the domain for all sales channels unless you provide a specific one to replace. See the help option of the command regarding that.
To actually create additional sales channel domains you may also use the API endpoint, see here or here.
I'd like to setup a Caddy server where the subdomain is static but the domain part is "wildcard", such as "api.*"
From my understanding of Caddy, the wildcard is possible for one part of the full domain (*.domain.com matches bar.domain.com but not foo.bar.domain.com).
Moreover, this configuration would automatically create a SSL certificates (which Caddy does in general, but I'm not sure here) for any new DNS entry that points to my server with a domain starting with "api.*".
The "*" here would be the domain directly, not any subdomain (it would work for api.domain.com, but not for api.foo.domain.com).
Is this something possible using a simple Caddy command (such as api.* { ... }, which I tried without luck), or does it need a more complex implementation?
Thank you for your help!
I found a working solution with the help of the Caddy Community.
Here's the code :
{
on_demand_tls {
ask https://static.site.com/domain/verify
interval 2m
burst 5
}
}
static.site.com {
...
}
:443 {
tls {
on_demand
}
// Your custom config, for instance:
reverse_proxy * ...
}
The nifty part is the tls { on_demand } part for your generic HTTPS, which will create a certificate automatically. But, this can be abused by anyone that points one of their DNS entry to your server.
So to avoid that, the Caddy community highly recommends you to set a on_demand_tls that will query an endpoint, and allow the SSL certificate to be created only if that endpoint returns true.
NOTE: The ask is a GET request that DO NOT FOLLOW redirects! Anything but a 200 status code will be considered a failure, even a 3xx!
The ask url will have the ?domain appended and will allow you to verify that domain against your logic, such as custom value in the domain like "starting by static.*", and verify that the domain exists in your database (for example).
If your URL already contains some query parameter, don't worry, Caddy is clever enough to add them. (https://static.site.com/domain/verify?some=query will become https://static.site.com/domain/verify?some=query&domain={domain}.
Caddy support https for the ask parameter, and that URL can also be external with no problems at all (no need for localhost or local server configuration).
I met the same problem, and after 1 day's stucking, here is my solution:
Assuming the site name is: site.com, and I want caddy handle these domains for me:
a.dot.site.com
b.dot.site.com
c.dot.site.com
a.eth.site.com
b.eth.site.com
c.eth.site.com
1.make sure you set SSL access available. e.g. via cloudflare:
2.set the A address pointing to your Caddy server's IP.
2.Caddy file should looks like:
# the key is: you have to list all the patterns for your multiple subdomains
*.site.com *.eth.site.com *.dot.site.com {
reverse_proxy 127.0.0.1:4567
log {
output file /var/log/access-wildcard-site.com.log
}
tls {
dns cloudflare <your cloud flare api key>
}
}
I have an application, that's written in Go that uses this function and it keeps failing to resolve a DNS name. I can resolve the DNS name on the server just fine using other applications but not the Go-based one that uses this function.
When in doubt, "Use the source, Luke". Reading dnsclient_unix.go reveals that it iterates over all configured servers.
But mind the note:
// If answer errored for rcodes dnsRcodeSuccess or dnsRcodeNameError,
// it means the response in msg was not useful and trying another
// server probably won't help. Return now in those cases.
// TODO: indicate this in a more obvious way, such as a field on DNSError?
I set up a host for custom FreeBSD ports and I keep it HTTP Basic Auth and the problem associated with it.
You can see my pkg conf below, the question is: How do I add a user name and password to it for HTTP Basic Auth?
I already know username:password#hostname.tld usage but I'm looking for something more like
Header("Authorization", "Basic YWRtaW46YWRtaW4zMjE")
how can I do that ? or you can suggest a better way to keep custom ports away from prying eyes :)
FreeBSD: {
url: "pkg+http://pkg.MyCustomHost.tld/${ABI}/latest",
mirror_type: "srv",
priority: 11,
enabled: yes
}
Thank you.
pkg uses fetch(3) for fetching as documented in the manpage you can use ENVIRONMENT variables like HTTP_AUTH and HTTP_PROXY_AUTH
I'm behind a firewall and lazybones can't reach its repository without a proxy.
I've searched the source and can't seem to find any reference to a proxy that seems to be relevant.
Support was officially added in version 0.8.1 of Lazybones, albeit via a general mechanism to add arbitrary system properties to the application in its configuration file, ~/.lazybones/config.groovy.
You can read about the details in the project README, but in essence, simply add the following to your config.groovy file:
systemProp {
http {
proxyHost = "localhost"
proxyPort = 8181
}
https {
proxyHost = "localhost"
proxyPort = 8181
}
}
You can use the systemProp. prefix to add any system properties to Lazybones, similar to the way it works in Gradle.
Is that what You're looking for? Basically You need to add some properties to gradle.properties file.
I am using Cygwin on Windows and I have modified the last line of
~/.gvm/lazybones/current/bin/lazybones
to say
exec "$JAVACMD" "${JVM_OPTS[#]}" -classpath "$CLASSPATH" "-Dhttp.proxyHost=127.0.0.1" "-Dhttp.proxyPort=8888" "-Dhttp.nonProxyHosts=localhost|127.0.0.1" uk.co.cacoethes.lazybones.LazybonesMain "$#"
Please note the quotes around the options. It works very well with my local Fiddler installation.
I have found no better way to enable proxy support due to the way the script is using eval. Maybe a more experienced shell script programmer can come up with a more elegant solution.
I was able to get out through the proxy setting the environment settings of
Picked up JAVA_TOOL_OPTIONS: -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8080
-Dhttp.nonProxyHosts="lmig.com" -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8080
unfortunately my environment requires authentication so I couldn't provide the complete proxy this way. I first ran "OWASP Zed Attach Proxy (ZAP)" which allowed me to run a proxy on my own machine (at port 8080) which then provided the complete authentication required.
This was able to then run the complete "lazybones list" command which retrieved the contents of the respositories.
Unfortunately I was not able to create an application from those templates becuase bintray required a login (though an anonymous login would do) and couldn't seem to get an additional level of authentication (I received "Unauthorized" from bintray)