Re: questions on iptables

[Piperみかこ]

Thanks John.

The following rules seem to work for me now.

sudo /usr/sbin/iptables -F
sudo /usr/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
sudo /usr/sbin/iptables -A INPUT -p icmp -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -j REJECT --reject-with
icmp-admin-prohibited


are there any problems with my setting above?

Thanks

Re: questions on iptables

[John Conover]

John Conover writes:
> =?UTF-8?B?UGlwZXLjgb/jgYvjgZM=?= writes:
> > 
> > sudo /usr/sbin/iptables -F
> > sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
> > sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT  # my server
> > public IP
> > sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> > sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> > sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP
> >
> 
> iptables -F
> iptables -P INPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p icmp -j ACCEPT
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> iptables -A INPUT -j REJECT --reject-with icmp-admin-prohibited
> iptables -A FORWARD -j REJECT --reject-with icmp-admin-prohibited
> iptables-save > /etc/iptables/rules.v4
> 
> ip6tables -F 
> ip6tables -P INPUT ACCEPT
> ip6tables -P FORWARD ACCEPT
> ip6tables -P OUTPUT ACCEPT
> ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
> ip6tables -A INPUT -i lo -j ACCEPT
> ip6tables -A INPUT -p tcp -—dport 22 -j ACCEPT
> ip6tables -A INPUT -p tcp -—dport 80 -j ACCEPT
> ip6tables -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
> ip6tables -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
> ip6tables-save > /etc/iptables/rules.v6
> 
> And, look in /etc/iptables to make sure, and reboot; then check for
> outbound connections with a browser. (Note how icmp is handled-it is
> required.)
> 

Sorry, cut from my machine docs. The two ipv6 statement should
obviously be:

ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT

Also, if you have root access on another machine, for assurance:

nmap -4 -Pn -sS -v -v IPV4_ADDRESS
nmap -4 -Pn -sU -v -v IPV4_ADDRESS
nmap -6 -Pn -sS -v -v IPV6_ADDRESS
nmap -6 -Pn -sU -v -v IPV6_ADDRESS

will take a lot of time to run, and should only find the two open
ports.

John

--


John Conover, cono...@panix.com, http://www.johncon.com/

Re: questions on iptables

[John Conover]

=?UTF-8?B?UGlwZXLjgb/jgYvjgZM=?= writes:
> 
> sudo /usr/sbin/iptables -F
> sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT  # my server
> public IP
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP
>

iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-admin-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-admin-prohibited
iptables-save > /etc/iptables/rules.v4

ip6tables -F 
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -p tcp -—dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp -—dport 80 -j ACCEPT
ip6tables -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
ip6tables -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
ip6tables-save > /etc/iptables/rules.v6

And, look in /etc/iptables to make sure, and reboot; then check for
outbound connections with a browser. (Note how icmp is handled-it is
required.)

John

-- 

John Conover, cono...@panix.com, http://www.johncon.com/

Re: questions on iptables

[Piperみかこ]

Hello

I have a server box who has public IP in the DC.
My requirements,

1. allow access to ssh and http port on the server from external.
2. allow access to any services from the server to external.

The #1 can be done by my rules already set.
But #2 doesn't work. for instance, when rsync connection to another server
from that box, it won't work (connection timeout).

So how to ?

Thanks

On Sun, Dec 25, 2022 at 10:28 AM jeremy ardley  wrote:

>
> On 25/12/22 10:14, Piperみかこ wrote:
> > Hello,
> >
> > I have setup the following iptables on linux server,
> >
> > sudo /usr/sbin/iptables -F
> > sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
> > sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT  # my server
> > public IP
> > sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> > sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> > sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP
> >
> > These rules work for incoming connections.
> > But if I made a request from this server box to the external server,
> > such as rsync to another remote server, it won't work.
> >
> > So how can I set up the outgoing rules as well?
> >
> > Thanks and happy holidays~
> >
> > Piper
>
>
> It's not quite clear what you are doing. I guess your linux box is in
> your LAN and you have an external server on the internet?
>
> Anyway, it's usual to have a line like this to handle handshaking with
> external systems.
>
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> --
> Jeremy
>
>

Re: questions on iptables

[Dan Ritter]

Piperみかこ wrote: 
> Hello,
> 
> I have setup the following iptables on linux server,
> 
> sudo /usr/sbin/iptables -F
> sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT  # my server
> public IP
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP
> 
> These rules work for incoming connections.
> But if I made a request from this server box to the external server, such
> as rsync to another remote server, it won't work.
> 
> So how can I set up the outgoing rules as well?

At boot time, there are three chains:

INPUT
FORWARD
OUTPUT

each has a policy which determines what happens if no other rule
applies.

FORWARD is only interesting if you are routing packets.

INPUT controls incoming packets.

OUTPUT controls outgoing packets.

You can specify IPs, interfaces, protocols, ports, and a bunch
of other things.

-dsr-

Re: questions on iptables

[jeremy ardley]

On 25/12/22 10:14, Piperみかこ wrote:

Hello,

I have setup the following iptables on linux server,

sudo /usr/sbin/iptables -F
sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT  # my server 
public IP

sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP

These rules work for incoming connections.
But if I made a request from this server box to the external server, 
such as rsync to another remote server, it won't work.


So how can I set up the outgoing rules as well?

Thanks and happy holidays~

Piper



It's not quite clear what you are doing. I guess your linux box is in 
your LAN and you have an external server on the internet?


Anyway, it's usual to have a line like this to handle handshaking with 
external systems.


-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

--
Jeremy

questions on iptables

[Piperみかこ]

Hello,

I have setup the following iptables on linux server,

sudo /usr/sbin/iptables -F
sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT  # my server
public IP
sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP

These rules work for incoming connections.
But if I made a request from this server box to the external server, such
as rsync to another remote server, it won't work.

So how can I set up the outgoing rules as well?

Thanks and happy holidays~

Piper

Re: retirar e-mail do grupo

[Lucas Castro]

Cara, 
Só sai. 

Em 24 de dezembro de 2022 17:30:21 BRT, Gilberto F da Silva <2458...@gmail.com> 
escreveu:
> Saluton!
>
> O email vai morrer e essa lista não conseguir deixar de ser um
> lixo.
> 
>-- 
>
>Stela dato:2.459.938,353  Loka tempo:2022-12-24 17:29:01 SabatoSlackware 
>15.0 x86_64
>-==-
>O que em geral pedimos a Deus não é que Ele faça Sua vontade, mas 
>sim
>que aprove a nossa.
>On Sat, May 07, 2022 at 08:22:58AM -0300, Paulo wrote:
>>Bom dia,
>>
>>Antigamente vinha na assinatura o unsubscribe.
>>
>>Por que não vem mais?
>>
>>Dá pra colocar novamente?
>>
>>
>>Att,
>>
>>Paulo Correia
>>
>>
>>
>>Em 28/04/2022 14:08, João Maurício Machado de Araujo escreveu:
>>
>>
>>Boa tarde.
>>
>> 
>>
>>Peço ao administrador para retirar meu nome desse grupo.
>>
>> 
>>
>>Não quero mais receber e-mails.
>>
>> 
>>
>>Agradeço antecipadamente a atenção dispensada.
>>
>> 
>>
>>Enviado do Email para Windows
>>
>> 
>>

Re: Problema de espaço cheio na partição raiz /, não consigo liberar mais espaço.

[Gilberto F da Silva]

 Saluton!

 No meu computador quem entope a partição raiz é o
 diretório /tmp.

 Criei um diretório tmp em outra partição, apaguei o /tmp
 e criei um link simbólico para esse tmp novo.


-- 

Stela dato:2.459.938,375  Loka tempo:2022-12-24 18:00:26 SabatoSlackware 
15.0 x86_64
-==-
Quando se exclui de uma situação todas as impossibilidades, o que 
sobrar, por mais improvável que pareça, deverá ser a verdade.
-- Sir Arthur Conan Doyle
On Fri, Oct 07, 2016 at 04:23:16PM +, Luiz Carlos wrote:
>root@ubuntu:/# cd /var/
>root@ubuntu:/var# du -shc
>26G    .
>26G    total
>root@ubuntu:/var#
>
>E agora?
>
>Em 7 de outubro de 2016 16:09, Neto Vieira  escreveu:
>
>
>Amigo, dá o mesmo comando "du -shc " dentro de "/var" agora
>
>-- 
>
>Atenciosamente,
>
>José Vieira da Costa Neto
>Furukawa Data Cabling System
>CompTIA Linux+ | LPIC-1 | NCLA
>MTA | ITIL Foundation | Linux User #565242
>http://www.cafecomlinux.com.br/
>https://www.linkedin.com/in/jvnetobr
>
>   
>Em 07/10/2016 13:06, "Luiz Carlos"  escreveu:
>
>/#  du -shc *
>9,2M    bin
>4,0K    boot
>56M    boot.bak
>12K    dev
>12M    etc
>4,0K    home
>0    initrd.img
>0    initrd.img.old
>875M    lib
>4,0K    lib64
>16K    lost+found
>12K    media
>4,0K    mnt
>1,2G    opt
>4,0K    proc
>2,6M    root
>4,0K    run
>12M    sbin
>4,0K    srv
>4,0K    sys
>24K    tmp
>8,8G    usr
>26G    var
>0    vmlinuz
>0    vmlinuz.old
>37G    total
>root@ubuntu:/#
>
>
>O que eu faço? Quais comandos pra liberar?
>
>Em 7 de outubro de 2016 16:02, Leandro  escreveu:
>
>
>Faltou um espaço ae
>du -shc *
>
>
>Em 07/10/2016 12:56, "Luiz Carlos"  escreveu:
>
>root@ubuntu:/# du -shc*
>du: invalid option -- '*'
>Try 'du --help' for more information.
>
>
>Em 7 de outubro de 2016 15:54, Leandro 
>escreveu:
>
>
>Pelo du -shc* nao te da pistas?
>
>
>Em 07/10/2016 12:49, "Luiz Carlos" 
>escreveu:
>
>Estou com um problema desgraçado aqui!
>
>Tenho debian criptografado, a /home é separada da raiz
>/, porem a partição raiz se encheu sozinha, mesmo
>passando o bleachbit, não limpou nada e fica como
>espaço cheio na partição, fui reiniciar o sistema e não
>consigo entrar mais nele pelo modo gráfico, só consigo
>entrar pela linha de comando, como eu faço pra resolver
>esse problema?
>
>Obs: Agora eu estou na live cd do ubuntu, abri a
>partição LVM criptografada e fiz chroot na raiz,
>digitei os seguintes comandos, mas nada resolveu:
>
>root@ubuntu:/# apt update
>Lendo listas de pacotes... Erro!
>E: Falta directório de listas /var/lib/apt/lists/
>partial. - Acquire (28: Não há espaço disponível no
>dispositivo)
>E: Erro de escrita - write (28: Não há espaço
>disponível no dispositivo)
>E: Erro de E/S ao gravar cache fonte
>E: As listas de pacotes ou os arquivos de estado não
>puderam ser analisados ou abertos.
>root@ubuntu:/# sudo apt-get clean
>E: Falta directório de listas /var/lib/apt/lists/
>partial. - Acquire (28: Não há espaço disponível no
>dispositivo)
>root@ubuntu:/# dpkg --configure -a
>dpkg: unrecoverable fatal error, aborting:
> impossível preencher /var/lib/dpkg/updates/tmp.i com
>enchimento: Não há espaço disponível no dispositivo
>root@ubuntu:/# apt-get install -f
>Lendo listas de pacotes... Erro!
>E: Erro de escrita - write (28: Não há espaço
>disponível no dispositivo)
>E: Erro de E/S ao gravar cache fonte
>E: As listas de pacotes ou os arquivos de estado não
>puderam ser analisados ou abertos.
>root@ubuntu:/#
>
>
>Não sei quais comandos a fazer pra o sistema detectar
>espaço em disco, eu tenho 40 gb na partição raiz, não
>   

Re: Comment masquer l’usage d’un VPN ?

[Dethegeek]

Un peu de lecture en anglais, provenant de expressvpn :
https://www.expressvpn.com/dns-leak-test

Ton problème vient du fait que quand ton ordinateur veut interroger un
site, il doit convertir le nom de domaine en une adresse IP. On passe par
un serveur dns, qui joue le rôle d'annuaire. Si ton pc est configuré pour
solliciter un dns potentiellement hostile, alors ce dans peut connaître ton
adresse IP et en déduire tous les sites que tu visites (ou services comme
des messageries par exemple).

Le principe est donc d'utiliser un DNS qui n'enregistre rien, de confiance.
C'est le même enjeu que pour un vpn d'ailleurs.



Le sam. 24 déc. 2022 à 21:25, benoit  a écrit :

> Le samedi 24 décembre 2022 à 03:06, Olivier Back my spare <
> backup.my.sp...@gmail.com> a écrit :
> >
> > Une des solutions est d'ajouter une extension pour bloquer le webrtc sur
> > le navigateur.
> >
>
> Bonsoir,
>
> J'ai essayé les 3 premiers de cette liste, mais le problème de fuite de
> DNS persiste.
> https://addons.mozilla.org/fr/firefox/search/?q=webrtc
>
> J'en déduis que la fuite de DNS ne vient pas de webrtc, mais j'y connais
> rien...
>
> J'ai aussi essayé le navigateur librewolf idem.
>
> Pourquoi ce navigateur, n'est-il pas dans les dépôts debian ?
>
> https://packages.debian.org/search?keywords=librewolf=names=all=all
>
> --
> Benoit
>
>

Re: retirar e-mail do grupo

[Gilberto F da Silva]

 Saluton!

 O email vai morrer e essa lista não conseguir deixar de ser um
 lixo.
 
-- 

Stela dato:2.459.938,353  Loka tempo:2022-12-24 17:29:01 SabatoSlackware 
15.0 x86_64
-==-
O que em geral pedimos a Deus não é que Ele faça Sua vontade, mas 
sim
que aprove a nossa.
On Sat, May 07, 2022 at 08:22:58AM -0300, Paulo wrote:
>Bom dia,
>
>Antigamente vinha na assinatura o unsubscribe.
>
>Por que não vem mais?
>
>Dá pra colocar novamente?
>
>
>Att,
>
>Paulo Correia
>
>
>
>Em 28/04/2022 14:08, João Maurício Machado de Araujo escreveu:
>
>
>Boa tarde.
>
> 
>
>Peço ao administrador para retirar meu nome desse grupo.
>
> 
>
>Não quero mais receber e-mails.
>
> 
>
>Agradeço antecipadamente a atenção dispensada.
>
> 
>
>Enviado do Email para Windows
>
> 
>


signature.asc
Description: PGP signature

Re: Retirada do email

[Gilberto F da Silva]

 Saluton!

 Para sair dessa lista é um inferno.

-- 

Stela dato:2.459.938,352  Loka tempo:2022-12-24 17:27:21 SabatoSlackware 
15.0 x86_64
-==-
O fato é que depois de viajar anos, esse Voyager não descobriu 
nenhuma forma de vida inteligente pelaí. O Cosmos, ao que parece, é 
igualzinho  à Terra.
-- Millôr Fernandes
On Sat, Jun 25, 2022 at 07:35:31AM -0300, Paulo wrote:
>Pablo e Pessoal da Lista,
>
>Antigamente o unsubscribe vinha no rodapé, isso ajudava quem se esqueceu que
>auto inscreveu na lista.
>
>Mas ter no header do e-mail também ajuda, o problema é se todos os leitores de
>e-mail suportam isso, rss.
>
>Acredito que o ideal seria vir em ambos, é possível voltar a vir no rodapé do
>e-mail?
>
>
>Att,
>
>Paulo Correia
>
>
>Em 15/05/2022 23:50, Rogerio R. Silva escreveu:
>
>Nada como alguém que realmente entende das coisas!
>
>Abraços Pablo
>
>Rogério
>
>
>Em dom, 15 de mai de 2022 8:32 PM, Pablo Lorenzzoni 
>escreveu:
>
>Olah,
>
>As listas do Debian seguem o padrao. Elas adicionam um email como
>maneira de se desinscrever no cabecalho junto com uma serie de
>informacoes sobre a lista em si. Por exemplo, seu email:
>
>List-Id: 
>List-URL: 
>List-Post: 
>List-Help: subject=help>
>List-Subscribe: ?subject=subscribe>
>List-Unsubscribe: debian-user-portuguese-requ...@lists.debian.org?subject=unsubscribe>
>Precedence: list
>Resent-Sender: debian-user-portuguese-requ...@lists.debian.org
>List-Archive: https://lists.debian.org/msgid-search/
>YoAioZ7Ze3FSQLaS@localhost
>Resent-Date: Sat, 14 May 2022 21:44:29 + (UTC)
>
>Com todos esses cabecalhos, eh soh filtrar as mensagens e em ultimo
>caso mandar direto para a lixeira, trash, /dev/null ou qqer outro lugar
>oferecido pelo seu sistema.
>
>Qualquer leitor de email decente consegue lhe oferecer uma opcao para
>se desinscrever com um clique baseado nessas informacoes. Screenshot do
>meu webmail como ilustracao (e meu webmail eh um lixo):
>
>https://ibb.co/2kF1D3b
>
>Sinceramente, nao sei o que mais o Debian poderia fazer...
>
>[]s
>
>Pablo
>
>
>
> On Sun, 15 May 2022 07:44:01 +1000 Gilberto F da Silva <
>2458...@gmail.com> wrote 
>
> > As listas do Debian são uma porcaria.  Não colocam o nome da lista
> >  no subject, não colocam a url de como se descadastrar e por
> >  default as mensagens são respondidas ao remetente ao invés de serem
> >  respondidas para lista.
> > 
> > --
> > 
> > Stela dato:2.459.714,402  Loka tempo:2022-05-14 18:39:33 Sabato   
>Mageia 8
> > -==-
> > La celo de citado estas provizi sufiĉe da kunteksto por komprenigi
> > vian respondon: do forigu el la citajxo ĉion neutilan kaj lasu nur
>la
> > frazojn al  kiuj vi volas reagi. Aperu unue la citajxo kaj poste la
> > responda frazo. Forigu  el la citajxo ankaŭ la eventualajn
> > subskribojn kaj la aŭtomate aldonitajn  varbajxojn.
> >  --Retiketo
> > On Sat, May 14, 2022 at 07:55:10AM -0400, Nauan Ramos wrote:
> > >Por favor peço ao ADM que retire meu email da lista, obrigado
> >
>
>


signature.asc
Description: PGP signature

Re: Comment masquer l’usage d’un VPN ?

[benoit]

Le samedi 24 décembre 2022 à 03:06, Olivier Back my spare 
 a écrit :
> 
> Une des solutions est d'ajouter une extension pour bloquer le webrtc sur
> le navigateur.
> 

Bonsoir,

J'ai essayé les 3 premiers de cette liste, mais le problème de fuite de DNS 
persiste.
https://addons.mozilla.org/fr/firefox/search/?q=webrtc

J'en déduis que la fuite de DNS ne vient pas de webrtc, mais j'y connais rien...

J'ai aussi essayé le navigateur librewolf idem.

Pourquoi ce navigateur, n'est-il pas dans les dépôts debian ?
https://packages.debian.org/search?keywords=librewolf=names=all=all

--
Benoit

Re: apt-get under Kali Linux reports wrong data rate.

[Jeffrey Walton]

On Sat, Dec 24, 2022 at 2:27 PM Mark <196...@protonmail.com> wrote:
>
> I have no idea who to report this issue to.

For Kali issues, see https://www.kali.org/community/

Jeff

Re: apt-get under Kali Linux reports wrong data rate.

[Greg Wooledge]

On Sat, Dec 24, 2022 at 07:08:20PM +, Mark wrote:
> I have no idea who to report this issue to.
> 
> Under latest build of Kali Linux i have noticed the download speed with 
> apt-get commands, it shows K Bits/s and should in fact be K bits/s
> The difference between Bytes & Bits is important.
> 
> N.B small b not capital B!
> KIDS!

What evidence do you have to support this claim?

apt-get shows "B/s" for me, which I'm assuming is Bytes per second.  At
no point does it ever say "Bits", nor would I expect a user-facing
application that works with files to report bits per second.

ii  apt2.2.4amd64commandline package manager

If your derivative hacker-centric OS is doing something different, then
you should report it as a bug to YOUR operating system's support team.
Not to the Debian end user mailing list.

apt-get under Kali Linux reports wrong data rate.

[Mark]

Dear People

I have no idea who to report this issue to.

Under latest build of Kali Linux i have noticed the download speed with apt-get 
commands, it shows K Bits/s and should in fact be K bits/s
The difference between Bytes & Bits is important.

N.B small b not capital B!
KIDS!

Please pass on to Debian & Kali developers this major error in download speeds.

Regards

​Mark Edgar

Sent with [Proton Mail](https://proton.me/) secure email.

Re: Dell CMOS Setup -> System Configuration -> SATA Operation -> RAID On vs AHCI

[David Christensen]

On 12/24/22 02:39, Andrew M.A. Cater wrote:

On Fri, Dec 23, 2022 at 07:29:01PM -0800, David Christensen wrote:

debian-user:

I have a SanDisk Ultra Fit USB 3.0 16 GB flash drive with Debian installed
on it EUFI, GPT, and Secure Boot.  I use it for maintenance/
trouble-shooting on newer computers.


When I boot the flash drive in a Dell Precision 3630 Tower that has Windows
11 Pro installed on the internal NVMe drive, the internal PCIe NVMe drive is
not visible to Linux:



The work-around is to change CMOS Setup -> System Configuration -> SATA
Operation from "RAID On: to "AHCI".



You've been hit by the Dell configuration of Windows on their hardware,
  I suspect. This was noted a couple of years back when people couldn't
install Debian on Dell laptops.

The answer is probably to switch it - to obtain the recovery media you
need to reinstall Windows / just download the .iso, switch it to AHCI
and install Windows like that. I think it's _just_ a Dell funny.



That might be the most pragmatic approach.  The machine is an eBay 
purchase and has a Windows GML effective September 2017. So, there 
should be a Windows 10/11 product key in the motherboard firmware or TPM:


https://www.microsoft.com/en-us/howtotell/hardware-pc-purchase



Andy - who's just done somthing almost identical to a second hand Thinkpad
- putting it back to manufacturer's original installation media to ensure
that I could install it my way.

(And you've reminded me that I probably need to write a blog post on how
to get Debian and Windows dual booting nicely with Bitlocker on Windows)

All the very best, as ever,

Andy Cater



David

Re: Dell CMOS Setup -> System Configuration -> SATA Operation -> RAID On vs AHCI

[David Christensen]

On 12/24/22 01:21, Jeffrey Walton wrote:

On Sat, Dec 24, 2022 at 3:59 AM David Christensen
 wrote:

On 12/23/22 23:16, Jeffrey Walton wrote:

On Fri, Dec 23, 2022 at 10:29 PM David Christensen wrote:

[...]
When I boot the flash drive in a Dell Precision 3630 Tower that has
Windows 11 Pro installed on the internal NVMe drive, the internal PCIe
NVMe drive is not visible to Linux:

[...]
The M.2 2280 NVMe SSD and a slim DVD +/-RW drive are the only storage
devices in the computer.  AFAICT there are no Optane devices.


According to https://www.dell.com/us/dfb/p/precision-3630-workstation/pd,
the machine has Optane.



"Expandable and flexible: Scalable storage featuring SATA, SAS and PCIe 
NVMe SSDs can be configured for up to 28TB delivering top performance 
for complex projects. Plus, Intel® Optane™ Memory massively boosts your 
system’s responsiveness while keeping high capacity storage costs to a 
minimum."



I believe that is marketing speak for "the computer supports Optane 
Memory", not "every machine comes with Optane Memory".




I believe that's the pseudo-RAID you are seeing in the UEFI setup screen.

Maybe you can see the physical drives using raid utilities.



My expectation is that if I install two HDD's in the two lower HDD bays 
and connect them to the two black SATA connectors on the motherboard, I 
should be able to use the motherboard firmware Setup utility to 
configure the drives as non-RAID, RAID0, RAID1, and possibly JBOD.  If I 
install a third drive in the front HDD bay, connect it to the 
motherboard white SATA connector, remove the DVD+/-RW drive, get a 
suitable 2.5" HDD bracket, install a 2.5" HDD, and connect it to the 
motherboard blue SATA connector, I might be able to configure the drives 
as RAID10.



David

Re: xfce install

[Greg Wooledge]

On Sat, Dec 24, 2022 at 12:21:44PM -0500, rhkra...@gmail.com wrote:
> On Saturday, December 24, 2022 09:44:49 AM Nicolas George wrote:
> > Before asking for help about a command-line, type:
> > 
> > unset LC_ALL
> > export LC_MESSAGES=C
> > 
> > … and re-run the command.
> 
> That sounds like good advice, but then the "user" (the person asking for 
> help) 
> needs to know how to restore his system, so instructions should be included 
> to 
> do that.

"Afterward, simply exit from this terminal."  None of these changes are
permanent.

An even simpler set of instructions would be:

1) Open a new terminal, or run a new instance of your shell.

2) export LC_ALL=C

3) Run your comands.  Paste the commands and their results into the body
   of your email.

4) Exit from this shell/terminal.

Re: xfce install

[rhkramer]

On Saturday, December 24, 2022 09:44:49 AM Nicolas George wrote:
> Before asking for help about a command-line, type:
> 
> unset LC_ALL
> export LC_MESSAGES=C
> 
> … and re-run the command.

That sounds like good advice, but then the "user" (the person asking for help) 
needs to know how to restore his system, so instructions should be included to 
do that.  (So if that is put in an FAQ, it should include the instructions to 
save and later restore his original settings.

Presumably before the unset LC-ALL, a command should be run to find out the 
current "LC" settings, save them, and then restore them.


-- 
rhk 

(sig revised 20221206)

If you reply: snip, snip, and snip again; leave attributions; avoid HTML; 
avoid top posting; and keep it "on list".  (Oxford comma (and semi-colon) 
included at no charge.)  If you revise the topic, change the Subject: line.  
If you change the topic, start a new thread.

Writing is often meant for others to read and understand (legal documents 
excepted?) -- make it easier for your reader by various means, including 
liberal use of whitespace (short paragraphs, separated by whitespace / blank 
lines) and minimal use of (obscure?) jargon, abbreviations, acronyms, and 
references.

If someone has already responded to a question, decide whether any response 
you add will be helpful or not ...

A picture is worth a thousand words.  A video (or "audio"): not so much -- 
divide by 10 for each minute of video (or audio) or create a transcript and 
edit it to 10% of the original.

A speaker who uses ahhs, ums, or such may have a real physical or mental 
disability, or may be showing disrespect for his listeners by not properly 
preparing in advance and thinking before speaking.  (Remember Cicero who did 
not have enough time to write a short missive.)  (That speaker might have been 
"trained" to do this by being interrupted often if he pauses.)

A radio (or TV) station which broadcasts speakers with high pitched voices (or 
very low pitched / gravelly voices) (which older people might not be able to 
hear properly) disrespects its listeners.   Likewise if it broadcasts 
extraneous or disturbing sounds (like gunfire or crying), or broadcasts 
speakers using their native language (with or without an overdubbed 
translation).

A person who writes a sig this long probably has issues and disrespects (and 
offends) a large number of readers. ;-)
'

Re: Self hosting solution for Christmas

[Alexander V. Makartsev]

On 24.12.2022 13:03, Andre Rodier wrote:

Hello everyone,

Here my present for Christmas: a new version of HomeBox, the self 
hosted email solution.


Feel free to drop comments, create issues, update the docs, etc.

I released this quickly before going on vacation, so you may find some 
issues. However, this is mostly stable, and the code is easy to modify.


Also, you can now add and remove components individually, with an 
Ansible playbook.


https://github.com/progmaticltd/homebox

...

Merry Christmas,
André

Impressive feature list. Does it use MySQL or PostgreSQL for 
settings\configuration\users storage?
I might give it a spin to take a peek under the hood and see how much of 
it could be customized and tailored for my needs.

And also to compare it to other projects like say iRedMail or MailCow.
Happy holidays!

--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: xfce install

[Nicolas George]

Greg Wooledge (12022-12-24):
> Neither of these cases matches the OP's error text, so it's entirely
> unclear what command the OP actually ran, or what it did, or failed to do.

It could be a translation back to English. Which brings me to another
piece of advice:

Before asking for help about a command-line, type:

unset LC_ALL
export LC_MESSAGES=C

… and re-run the command.

> However, I agree with the earlier suggestion that the sources.list file
> is the best starting point.

Always when asking for help about anything related to apt, of course,
you are right.

Maybe material for the FAQ?

Regards,

-- 
  Nicolas George


signature.asc
Description: PGP signature

Re: xfce install

[Greg Wooledge]

On Sat, Dec 24, 2022 at 03:11:05PM +0100, Nicolas George wrote:
> steef van duin (12022-12-24):
> > i am wrestling with a fresh 11.6-black-screen installation to get a 
> > xfce-desktop going.
> > 
> > allthough I think I used from the commandline the most appropriate commands
> > by apt i keep gretting the response 'cannot find xfce4'   when i do btw sudo
> > apt-get install xfce4.
> > anhybody a solution for this?
> 
> When you ask for help about a command that failed, you do not make a
> sentence to explain, you copy-paste the command (including the shell
> prompt) and its output.

This is especially true when the quoted error text is *clearly* made up.

unicorn:~$ sudo apt-get install sdfhskdf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package sdfhskdf

unicorn:~$ sdfhskdf
bash: sdfhskdf: command not found

Neither of these cases matches the OP's error text, so it's entirely
unclear what command the OP actually ran, or what it did, or failed to do.

However, I agree with the earlier suggestion that the sources.list file
is the best starting point.

Re: xfce install

[Nicolas George]

steef van duin (12022-12-24):
> i am wrestling with a fresh 11.6-black-screen installation to get a 
> xfce-desktop going.
> 
> allthough I think I used from the commandline the most appropriate commands
> by apt i keep gretting the response 'cannot find xfce4'   when i do btw sudo
> apt-get install xfce4.
> anhybody a solution for this?

When you ask for help about a command that failed, you do not make a
sentence to explain, you copy-paste the command (including the shell
prompt) and its output.

Regards,

-- 
  Nicolas George


signature.asc
Description: PGP signature

Re: xfce install

[Brad Rogers]

On Sat, 24 Dec 2022 14:24:03 +0100
steef van duin  wrote:

Hello steef,

>gretting the response 'cannot find xfce4'   when i 

You don't say what installation medium you used or what method of
installation, but if you used either CD or DVD it might be that you still
have the installation disk(s) set as repository, and not an online repo.
If that's the case, it is possible that xfce may not be available to you.

For a start, check /etc/apt/sources.list and /etc/apt/sources.list.d/*
to find out what repos you're using.  

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
Now would I say something that wasn't true?
Would I Lie To You - Eurythmics


pgpjVc7aoNUN3.pgp
Description: OpenPGP digital signature

Re: xfce install

[Peter Ehlert]

On 12/24/22 05:24, steef van duin wrote:

hi folks
i am wrestling with a fresh 11.6-black-screen installation to get  a 
xfce-desktop going.


allthough I think I used from the commandline the most appropriate 
commands by apt i keep gretting the response 'cannot find xfce4'   
when i do btw sudo apt-get install xfce4.



I do not have Sudo enabled, however when I run as root (su -)

apt install xfce4

works for me


anhybody a solution for this?

kind regarfs and thanks,

steef

groningen

xfce install

[steef van duin]

hi folks
i am wrestling with a fresh 11.6-black-screen installation to get a 
xfce-desktop going.

allthough I think I used from the commandline the most appropriate commands by apt i keep gretting the response 'cannot find xfce4'   when i 
do btw sudo apt-get install xfce4.

anhybody a solution for this?

kind regarfs and thanks,

steef

groningen

SDDM display manager, two monitors out of order

[Teemu Likonen]

I have two monitors side by side and they work nicely on my KDE Plasma
desktop session. However, in SDDM display manager (login screen) the
monitors are in wrong order.

Below is a picture of the two situations. Arrows in the picture show how
the mouse cursor travels from screen to screen. You need a fixed width
font to see my character "art" correctly.

SDDM login screen:
>+-+  +-+
>| |  | |
> ---+---> |  |  ---+-->
>| |  | |
>+-+  +-+

User's KDE Plasma session:
>+-+  +-+
>| |  | |
>|  ---+--+---> |
>| |  | |
>+-+  +-+

It's only SDDM login screen so the problem is small but obviously it
would be nicer if SDDM would have screens in the right order too. I know
that I can add "xrandr" commands in SDDM startup scripts. I also know
that I can psysically connect specific cables to specific monitors and
change user's KDE Plasma session settings istead of SDDM.

But I like my physical monitor hardware in this particular order and I
would prefer the least hackish software configuration. My current best
idea is to edit /etc/sddm.conf with lines something like:

[X11]
DisplayCommand=/root/bin/fix-monitor-order.sh

And the script would execute "xrandr" with my preferred options and
finally run the default setup file /usr/share/sddm/scripts/Xsetup. But
that's not too nice for a desktop system. After all a major Linux
desktop system should handle multiple monitors without such low-level
hackery, right?

-- 
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462


signature.asc
Description: PGP signature

Re: colorscheme in vi

[Max Nikulin]

On 24/12/2022 03:49, Pierre Frenkiel wrote:
if I put in .vimrc "colorscheme white" or any unknown color (qwert for 
example)

I get a message "cannot find colorscheme xxx", but I have  black on white
characters with vim.


I am curious what is the output of
:colorscheme
(without argument) when you do not set colorscheme in init files. Is it 
"default"?



to get rid of the message, I replaced the vi binary by a script where
stderr is redirected to /dev/null


I would say it is quite rude. You may miss a message notifying you that 
you have some typo in a configuration file or even some severe runtime 
error.

Re: Dell CMOS Setup -> System Configuration -> SATA Operation -> RAID On vs AHCI

[Andrew M.A. Cater]

On Fri, Dec 23, 2022 at 07:29:01PM -0800, David Christensen wrote:
> debian-user:
> 
> I have a SanDisk Ultra Fit USB 3.0 16 GB flash drive with Debian installed
> on it EUFI, GPT, and Secure Boot.  I use it for maintenance/
> trouble-shooting on newer computers.
> 
> 
> When I boot the flash drive in a Dell Precision 3630 Tower that has Windows
> 11 Pro installed on the internal NVMe drive, the internal PCIe NVMe drive is
> not visible to Linux:
> 
> 2022-12-23 19:16:13 root@bullseye ~
> # cat /etc/debian_version ; uname -a
> 11.5
> Linux bullseye 5.10.0-19-amd64 #1 SMP Debian 5.10.149-2 (2022-10-21) x86_64
> GNU/Linux
> 
> 2022-12-23 19:17:48 root@bullseye ~
> # lsblk
> NAME   MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
> sda  8:01 14.9G  0 disk
> |-sda1   8:11  953M  0 part  /boot/efi
> |-sda2   8:21  954M  0 part  /boot
> |-sda3   8:31  954M  0 part
> | `-sda3_crypt 254:10  954M  0 crypt [SWAP]
> `-sda4   8:41 11.2G  0 part
>   `-sda4_crypt 254:00 11.2G  0 crypt /
> sr0 11:01 1024M  0 rom
> 
> 2022-12-23 19:19:24 root@bullseye ~
> # l /dev/n*
> /dev/null  /dev/nvram
> 
> /dev/net:
> ./  ../  tun
> 
> 
> STFW I see that the 'nvme' kernel module must be loaded.  Doing so does not
> resolve the issue:
> 
> 2022-12-23 19:17:51 root@bullseye ~
> # modprobe nvme
> 
> 2022-12-23 19:19:17 root@bullseye ~
> # lsmod | grep nvme
> nvme   49152  0
> nvme_core 131072  1 nvme
> t10_pi 16384  2 sd_mod,nvme_core
> 
> 2022-12-23 19:19:21 root@bullseye ~
> # lsblk
> NAME   MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
> sda  8:01 14.9G  0 disk
> |-sda1   8:11  953M  0 part  /boot/efi
> |-sda2   8:21  954M  0 part  /boot
> |-sda3   8:31  954M  0 part
> | `-sda3_crypt 254:10  954M  0 crypt [SWAP]
> `-sda4   8:41 11.2G  0 part
>   `-sda4_crypt 254:00 11.2G  0 crypt /
> sr0 11:01 1024M  0 rom
> 
> 2022-12-23 18:46:19 root@laalaa ~/laalaa.tracy.holgerdanske.com
> # l /dev/n*
> /dev/null  /dev/nvram
> 
> /dev/net:
> ./  ../  tun
> 
> 
> The work-around is to change CMOS Setup -> System Configuration -> SATA
> Operation from "RAID On: to "AHCI".  The problem is that Windows needs the
> former and it is a hassle to change the CMOS settings back and forth every
> time I want to run Debian.  If I change it to AHCI and forget to change it
> back, Windows breaks.  If and when I make this mistake on a client computer,
> it will be very embarrassing.  I want a portable Debian on a USB flash drive
> or USB SSD to work on newer computers without changing the CMOS settings
> that the factory set for Windows.
> 
> 
> Comments or suggestions?
> 
> 
> David

You've been hit by the Dell configuration of Windows on their hardware,
 I suspect. This was noted a couple of years back when people couldn't
install Debian on Dell laptops.

The answer is probably to switch it - to obtain the recovery media you
need to reinstall Windows / just download the .iso, switch it to AHCI
and install Windows like that. I think it's _just_ a Dell funny.

Andy - who's just done somthing almost identical to a second hand Thinkpad
- putting it back to manufacturer's original installation media to ensure
that I could install it my way.

(And you've reminded me that I probably need to write a blog post on how
to get Debian and Windows dual booting nicely with Bitlocker on Windows)

All the very best, as ever,

Andy Cater

> 

Re: Dell CMOS Setup -> System Configuration -> SATA Operation -> RAID On vs AHCI

[Jeffrey Walton]

On Sat, Dec 24, 2022 at 3:59 AM David Christensen
 wrote:
> On 12/23/22 23:16, Jeffrey Walton wrote:
> > On Fri, Dec 23, 2022 at 10:29 PM David Christensen wrote:
> >> [...]
> >> When I boot the flash drive in a Dell Precision 3630 Tower that has
> >> Windows 11 Pro installed on the internal NVMe drive, the internal PCIe
> >> NVMe drive is not visible to Linux:
> [...]
> The M.2 2280 NVMe SSD and a slim DVD +/-RW drive are the only storage
> devices in the computer.  AFAICT there are no Optane devices.

According to https://www.dell.com/us/dfb/p/precision-3630-workstation/pd,
the machine has Optane. I believe that's the pseudo-RAID you are
seeing in the UEFI setup screen.

Maybe you can see the physical drives using raid utilities.

Jeff

Re: Dell CMOS Setup -> System Configuration -> SATA Operation -> RAID On vs AHCI

[David Christensen]

On 12/23/22 23:16, Jeffrey Walton wrote:

On Fri, Dec 23, 2022 at 10:29 PM David Christensen wrote:


debian-user:

I have a SanDisk Ultra Fit USB 3.0 16 GB flash drive with Debian
installed on it EUFI, GPT, and Secure Boot.  I use it for maintenance/
trouble-shooting on newer computers.


When I boot the flash drive in a Dell Precision 3630 Tower that has
Windows 11 Pro installed on the internal NVMe drive, the internal PCIe
NVMe drive is not visible to Linux:



The work-around is to change CMOS Setup -> System Configuration -> SATA
Operation from "RAID On: to "AHCI".  The problem is that Windows needs
the former and it is a hassle to change the CMOS settings back and forth
every time I want to run Debian.  If I change it to AHCI and forget to
change it back, Windows breaks.  If and when I make this mistake on a
client computer, it will be very embarrassing.  I want a portable Debian
on a USB flash drive or USB SSD to work on newer computers without
changing the CMOS settings that the factory set for Windows.

Comments or suggestions?


The NVMe is provisioned to the Intel Optane accelerator. Optane takes
a small but fast NVMe, and combines it with a slow HDD, and makes the
system (kind of) perform like there's one large SSD.

The NVMe drive should not appear as a seperate drive when it is
provisioned for Optane.

I'm running Kubuntu on a Dell XPS 8930 that came preinstalled with
Windoze. It also had the Optane acceleration. I had to disable Optane
to get access to the NVMe. Once Optane was broken I was able to load
the OS on the NVMe, and make the HDD a large storage/scratch drive.

Jeff



The M.2 2280 NVMe SSD and a slim DVD +/-RW drive are the only storage 
devices in the computer.  AFAICT there are no Optane devices.



The SSD says:

PCIe Gen3 x 4 SSD
PC300 NVMe SK hunix 256 GB
M/N: HFS256GD9MND-5510A BA
D P/N 0XHFF7


I am unable to find a web page on skhynix.com for this item; perhaps 
because it is OEM'd to Dell (?).  STFW finds many used items for around 
US$25.



But the CMOS Setup issue is not isolated to this computer nor to this 
NVMe SSD.  I have seen the same issue on Dell Latitude 5400 laptops, for 
example.



I am looking for a way for Debian to see NVMe drives when CMOS Setup -> 
System Configuration -> SATA Operation is set to "RAID On" (which is the 
factory default and what Windows needs).



David

Self hosting solution for Christmas

[Andre Rodier]

Hello everyone,

Here my present for Christmas: a new version of HomeBox, the self hosted email 
solution.

Feel free to drop comments, create issues, update the docs, etc.

I released this quickly before going on vacation, so you may find some issues. 
However, this is mostly stable, and the code is easy to modify.

Also, you can now add and remove components individually, with an Ansible 
playbook.

https://github.com/progmaticltd/homebox

System installation and features

- Custom Debian installer generation with full disk encryption and fully 
automatic installation.
- Unlock the system upon boot by entering the passphrase through SSH.
- Install packages only from Debian stable (Bullseye).
- Automatic letsencrypt certificates generation using Lego and DNS challenge.
- Automatic security updates (optional).
- Centralised authentication with an LDAP users database, SSL certificate, 
password policies, PAM integration.
- AppArmor activated with a profile for all daemons.
- XKCD Random passwords generated and saved into pass (or on file system).
- Can be used at home, on a dedicated or virtual server hosted online.
- Flexible IP address support: IPv4 only, IPv6 only, and IPv4+IPv4 or IPv4+IPv6.
- Embedded DNS server, with CAA, DNSSEC and SSHFP (SSH fingerprint) support.
- Grade A https sites, HSTS implemented by default.
- Automatic configuration of OpenPGP Web Key Directory.
- Automatic firewall rules for inbound, outbound and forwarding traffic, using 
nftables.
- Restricted outbound web sites access to the minimum.
- Automatic update of DNS keys, DNS servers and glue records on Gandi.

Emails

- Postfix configuration and installation, with LDAP lookups, internationalised 
email aliases, fully SSL compliant.
- Generate DKIM keys, SPF and DMARC DNS records. The DKIM keys are generated 
every year.
- Automatic copy of sent emails into the sent folder.
- Automatic creation of the postmaster account and special email addresses 
using RFC 2142 specifications.
- Dovecot configuration, IMAPS, POP3S, Quotas, ManageSieve.
- Simple spam and ham learning by moving emails in and out the Junk folder
- Sieve and vacation scripts.
- Virtual folders for server search: unread messages, conversations view, all messages, 
flagged and messages labelled as "important".
- Email addresses with recipient delimiter included, e.g. 
john.doe+li...@dbcooper.com.
- Optional master user creation, e.g. for families with children or moderated 
communities.
- Server side full text search inside emails, attached documents and files and 
compressed archives, with better results than GMail.
- SOGo webmail with sieve filters management, password change form, Calendar 
and Address book management, GUI to import other account emails.
- Powerful and light antispam system with rspamd and optional access to the web 
interface.
- Antivirus for inbound and outbound emails with clamav (optional).
- Automatic configuration for Thunderbird and Outlook using published XML and 
other clients with special DNS records (RFC 6186).

Calendar and Address book

- Install and configure a CalDAV / CardDAV server, with automatic discovery 
(RFC 6186).
- Groupware functionality in a web interface, with SOGo.
- Recurring events, email alerts, shared address books and calendars.
- Mobile devices compatibility: Android, Apple iOS, BlackBerry 10 and Windows 
mobile through Microsoft ActiveSync.

Other optional features

- Incremental backups, encrypted, on multiple destination (SFTP, S3, Samba 
share or USB drive), with email and Jabber reporting.
- Jabber server, using ejabberd, with LDAP authentication, direct or offline 
file transfer and optional server to server communication.
- Static web site skeleton configuration, with https certificates and A+ 
security grade by default.

Development

- YAML files validation on each commit, using travis-ci.
- End to end integration tests for the majority of components.
- Playbooks to facilitate the installation or removal of development packages.
- Global debug flag to activate the debug mode of all components.
- Fully open source Ansible scripts licensed under GPLv3.

Merry Christmas,
André