Routing-based VPN with StrongSwan (II)

Michael Schwartzkopff, 22.11.2018
This blog is port of the series of texts that describe the setup of the company VPN with IPsec and dynamic routing. You can find the first part about the setup of strongSwan for the IPsec part here.

This second part describes the setup of the dynamic routing of a …

Continue reading

Routing-based VPN with StrongSwan

Michael Schwartzkopff, 17.11.2018
This blog describes the setup of a route-based VPN with strongSwan. Of course there are many tutorials available. The best one, of course, is from the strongswan project itself. But since I want to document the combined setup of IPsec VPN together with BGP dynamic routing I start with the …
Continue reading

LDAPfuse, a simple LDAP-Browser

Dieter Klünter, 10 Apr 2016


Recently I stumbled upon LDAPfuse, a simple LDAP Browser, based on FUSE, filesystem in userspace. I found it quite handy to search a directory tree with simple, terminal based operations. The only requirement is the definition of a mount point.


This is just a browser, that is, viewing entries …

Continue reading

SNMPv3 Informs

In a recent monitoring project we had to set up SNMPv3 informs to be sent from the servers in the data center to our monitoring system. Since I found no really convincing documentation in the net I decided to write something here how to receive SNMPv3 with snmptrapd and how …

Continue reading

Content Blocking mit SIEVE

Ausführbare Dateien im Anhang von E-Mails werden häufig schon vom Mailserver geblockt. Man kann dies aber auch mit der Filtersprache SIEVE erledigen.

Mit einer aktuellen Dovecot-Sieve-Version kann solch ein Filter z.B. so aussehen:

require ["reject","mime","foreverypart"];
foreverypart { if header :mime :param "filename" :matches ["Content-Type", "Content-Disposition"] ["*.com", "*.exe", "*.vbs …
Continue reading

CRON Alternative Cronie

Im Zusammenhang mit der Installation von sSMTP bin ich auf die cron-Alternative cronie gestoßen. Diese hat einige Vorteile bei besonderen Anforderungen.

Cronie ist ein Fork des Standard crondi und ist beispielsweise in Fedora enthalten.

Es existiert auch ein Debian Port. Meine Tests bestätigen, dass dieser auch in Ubuntu 14.04 …

Continue reading

Real Time Performance Monitoring

Real Time Performance Monitoring

Every administrator should know the performance of the servers and services he is responsible for. Only thus he can be sure that the servers offer the performance needed in daily business. Aditionally he can identify bottlenecks faster. Normally the performance of services if measured in actions …

Continue reading

TOTP Time Based One-Time Password Authentication

Dieter Klünter, 09 Nov 2015

There have been recently quite a few publications on One-Time Pasword Authentication. It seems, it is an emerging topic. Michael Schwartzkopff has written a blog entry on MOTP, I myself have written on OTP, now I will discuss TOTP as authentication method for OpenLDAP, using an application on a smart …

Continue reading

Abwehr des Botnets PushDo/Cutwail (EHLO ylmf-pc) mit IPTABLES String Recent SMTP

In letzter Zeit wurden unsere Postfix-Logs von Meldungen mit dem EHLO-String ylmf-pc überschwemmt, verursacht durch das Botnet PushDo/Cutwail .

Im Log sieht das folgendermaßen aus:

mail postfix/postscreen[23406]: PREGREET 14 after 0.3 from [x.x.x.x]:3677: EHLO ylmf-pc\r\n

Das Postscreen-Programm von Postfix wehrt den …

Continue reading