Author: Jorge Saldivar

  • Things that will never die…

    PHP, Ubuntu Desktop, and WordPress… and I’m perfectly happy with that.

    Fight me.

  • Edging Ubuntu 24.04 on a Thumb Drive

    Trying out running Ubuntu on my mid-2015 MacBook Pro. Except for some quirks (and some lag, due to…well, the os being mounted from a thumb drive), it’s remarkably enjoyable.

  • Uninstall Chrome on Linux

    1. Open a terminal window.
      • On GNOME, Unity, and Cinnamon environments, press Ctrl + Alt + t.
      • On KDE environments, go to Application Menu System Konsole.
    2. Enter the uninstall command:
      • Debian-based systems: Enter sudo dpkg -r google-chrome-stable.
      • Other systems: Enter sudo rpm -e google-chrome-stable.
    3. When prompted, enter your computer’s password.

    Sauce

    Uninstall Chrome on Linux
  • Code Block Pro adds tags to my posts

    Kind of lame. I don’t like it when plugins add fluff to my content/website. Aside from mentioning it here, I may submit a ticket for this to find out if it’s a bug or feature.

  • UFW Cheatsheet

    Here’s a comprehensive sudo ufw (Uncomplicated Firewall) cheatsheet for managing firewall rules on an Ubuntu server:

    Basic UFW Commands

    • Enable UFW:
      sudo ufw enable
    • Disable UFW:
      sudo ufw disable
    • Check UFW Status:
      sudo ufw status
    • Use sudo ufw status verbose for detailed output.
    • Reset UFW (removes all rules and disables UFW):
      sudo ufw reset

    Allowing Connections

    • Allow a Specific Port:
      sudo ufw allow <port>
    • Example: sudo ufw allow 22 (allows SSH)
    • Allow a Port with a Specific Protocol:
      sudo ufw allow <port>/<protocol>
    • Example: sudo ufw allow 80/tcp (allows HTTP)
    • Allow a Range of Ports:
      sudo ufw allow <start port>:<end port>/protocol
    • Example: sudo ufw allow 1000:2000/tcp
    • Allow Connections from a Specific IP:
      sudo ufw allow from <IP>
    • Example: sudo ufw allow from 192.168.1.100
    • Allow Connections from an IP to a Specific Port:
      sudo ufw allow from <IP> to any port <port>
    • Example: sudo ufw allow from 192.168.1.100 to any port 22
    • Allow Subnet:
      sudo ufw allow from <subnet>
    • Example: sudo ufw allow from 192.168.1.0/24

    Denying Connections

    • Deny a Specific Port:
      sudo ufw deny <port>
    • Example: sudo ufw deny 23 (denies Telnet)
    • Deny a Port with a Specific Protocol:
      sudo ufw deny <port>/<protocol>
    • Example: sudo ufw deny 80/tcp
    • Deny Connections from a Specific IP:
      sudo ufw deny from <IP>
    • Example: sudo ufw deny from 192.168.1.100

    Deleting Rules

    • Delete a Rule by Rule Number:
      sudo ufw status numbered
    • Then use sudo ufw delete <rule number>
    • Delete an Allow Rule:
      sudo ufw delete allow <port>
    • Example: sudo ufw delete allow 22
    • Delete a Deny Rule:
      sudo ufw delete deny <port>
    • Example: sudo ufw delete deny 23

    Advanced UFW Usage

    • Enable UFW Logging:
      sudo ufw logging on
    • off to disable logging.
    • Set Default Policies (Deny Incoming and Allow Outgoing):
      sudo ufw default deny incoming
      sudo ufw default allow outgoing
    • Set Default Policies (Allow Incoming and Deny Outgoing):
      sudo ufw default allow incoming
      sudo ufw default deny outgoing
    • Limit Connections (Rate Limiting):
      sudo ufw limit <port>
    • Example: sudo ufw limit ssh (limits SSH connections to prevent brute force attacks)
    • Allow Specific Service by Name:
      sudo ufw allow <service>
    • Example: sudo ufw allow OpenSSH
    • App Profiles (View Available Profiles):
      sudo ufw app list
    • Allow Application Profile:
      sudo ufw allow <app profile>
    • Example: sudo ufw allow 'Apache Full'

    Checking UFW Status and Rules

    • Check UFW Status:
      sudo ufw status
    • Check UFW Status in Verbose Mode:
      sudo ufw status verbose
    • Check UFW Status with Rule Numbers:
      sudo ufw status numbered

    Other Useful Commands

    • Reload UFW to Apply Changes:
      sudo ufw reload
    • Show Detailed Report:
      sudo ufw show raw
    • This displays the raw iptables rules used by UFW.

    This cheatsheet covers common UFW commands and options, providing a solid reference for managing firewall settings on Ubuntu.

    UFW Cheatsheet
  • Website Update

    This website is in a constant state of flux. I updated the home page, archives, and posts layout for a better UI. Thin and min, is my goal.

  • Relay Email via Amazon SES

    Issue

    I’d like to relay all my Ubuntu 22.04 email through Amazon SES.

    FYI

    Use at your own risk. Like seriously, do some research prior to implementing any of this into your own environment. Consider factors like costs, scalability, etc.

    Solution

    To relay all your email through Amazon SES (Simple Email Service) on an Ubuntu 22.04 server, you will need to:

    1. Set up an Amazon SES account and verify your email/domain.
    2. Install and configure Postfix to relay email through SES.
    3. Ensure proper authentication and security configurations.

    Here are the detailed steps:

    1. Set up Amazon SES

    Sign up for AWS and SES

    1. Sign in to AWS: If you don’t already have an AWS account, create one at AWS Sign-Up.
    2. Navigate to SES: Go to the SES dashboard in the AWS Management Console.

    Verify Email/Domain

    1. Verify an Email Address:
      • Go to the SES console.
      • In the left pane, click “Email Addresses”.
      • Click “Verify a New Email Address”.
      • Enter your email address and click “Verify This Email Address”.
      • Check your email and follow the verification link.
    2. Verify a Domain (recommended for sending from multiple addresses):
      • Go to the SES console.
      • In the left pane, click “Domains”.
      • Click “Verify a New Domain”.
      • Enter your domain name.
      • Follow the instructions to add a DNS record to your domain’s DNS settings.

    Obtain SMTP Credentials

    1. Create SMTP Credentials:
      • Go to the SES console.
      • In the left pane, click “SMTP Settings”.
      • Click “Create My SMTP Credentials”.
      • Follow the prompts to create a new IAM user with SES permissions.
      • Download or copy the SMTP credentials (SMTP username and password).

    2. Install and Configure Postfix

    Install Postfix

    Open a terminal on your Ubuntu server and install Postfix:

    sudo apt update
    sudo apt install postfix

    During installation, choose “Internet Site” and set the system mail name to your domain name (e.g., example.com).

    Configure Postfix

    Edit the Postfix configuration file:

    sudo nano /etc/postfix/main.cf

    Add or modify the following lines to configure Postfix to use Amazon SES as a relay host:

    relayhost = [email-smtp.us-east-1.amazonaws.com]:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_tls_security_level = encrypt
    smtp_tls_note_starttls_offer = yes

    Replace email-smtp.us-east-1.amazonaws.com with the correct SES SMTP endpoint for your region. You can find the list of SMTP endpoints in the Amazon SES documentation.

    Create the SASL Password File

    Create and edit the SASL password file:

    sudo nano /etc/postfix/sasl_passwd

    Add the following line, replacing the SMTP endpoint, username, and password with your SES SMTP details:

    [email-smtp.us-east-1.amazonaws.com]:587 YOUR_SES_SMTP_USERNAME:YOUR_SES_SMTP_PASSWORD

    Secure the file permissions:

    sudo chmod 600 /etc/postfix/sasl_passwd
    sudo postmap /etc/postfix/sasl_passwd

    Restart Postfix

    Restart the Postfix service to apply the changes:

    sudo systemctl restart postfix

    3. Ensure Proper Authentication and Security

    SPF and DKIM

    1. SPF: Add an SPF record to your DNS to authorize Amazon SES to send emails on behalf of your domain. Example SPF record:
       v=spf1 include:amazonses.com ~all
    1. DKIM: Enable DKIM in the SES console for your domain to sign your emails. Follow the instructions in the SES console to add the necessary DNS records.

    Testing

    Send a test email to ensure everything is configured correctly:

    echo "Test email body" | mail -s "Test email subject" your-email@example.com

    Check the recipient’s inbox and the /var/log/mail.log file on your server for any errors.

    Summary

    1. Sign up for Amazon SES and verify your email or domain.
    2. Install and configure Postfix to relay through SES.
    3. Ensure SPF and DKIM are properly set up.

    This setup ensures your emails are securely relayed through Amazon SES, leveraging its robust infrastructure.

    Disclaimer

    The information provided in this blog post is for educational and informational purposes only. The steps and instructions are based on personal experience and research, and are intended to help users configure email relaying through Amazon SES on Ubuntu 22.04.

    No Warranty: The author and publisher make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the information, products, services, or related graphics contained in this blog post for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

    Limitation of Liability: In no event will the author or publisher be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this blog post.

    External Links: Through this blog post, you are able to link to other websites which are not under the control of the author. We have no control over the nature, content, and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

    By using the information in this blog post, you agree to the terms of this disclaimer. If you do not agree to these terms, please do not use the information provided.

    Relay Email via Amazon SES