Linux Evolution Email broken/fails with Dovecot upgrade to Version 2.3

2019-0320. My Evolution email client stopped stopped working after my server upgraded Dovecot was from version 2.2 to 2.3. I was getting TLS errors in Evolution. The error was “The reported error was “Failed to get capabilities: Error performing TLS handshake: An unexpected TLS packet was received.” I also have Roundcube webmail based email and it continued to work. The fix to the problem was not hard (Thank you Linux Community) however there is not much information on the internet now on solving this problem and thus the reason I felt motivated to write this post and give back to the Linux community.

My server is Debian Sid (Buster/Debian 10). My email is setup using the guide from https://workaround.org/ispmail/stretch.

The solution to the problem is change the ssl configuration in the dovecot file “/etc/dovecot/conf.d/10-ssl.conf”. I also increased the security of the SSL/TLS protocols used. References are: https://wiki2.dovecot.org/Upgrading/2.3 and https://wiki2.dovecot.org/SSL/DovecotConfiguration.

I first needed to create a new Diffie Hellman parameters file that is involved in the TLS key exchange. This file collects entropy from the computer and took roughly an hour on my slow server computer. Enter these commands in the terminal. https://wiki2.dovecot.org/SSL/DovecotConfiguration#SSL_security_settings

cd /etc/dovecot
openssl dhparam 4096 > dh.pem

I removed the following lines in file “/etc/dovecot/conf.d/10-ssl.conf”.

ssl_protocols = !SSLv2 !SSLv3

I added and modified the following lines in file “/etc/dovecot/conf.d/10-ssl.conf”.

ssl_dh =</etc/dovecot/dh.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes

Restart the dovecot service

sudo systemctl restart dovecot

Check that the dovecot service is running

sudo systemctl status dovecot

All done and Evolution email is working.

Nextcloud 14.04 broken with upgrade to php7.3 in Debian testing/sid

Nextcloud 14.04 stopped working on me. I was getting a blank page on my nextcloud website. I found the following error message in my nextcloud logfile:

"Error: Call to undefined function OC\\App\\simplexml_load_file() at \/var\/www\/cc.com\/nextcloud\/lib\/private\/App\/InfoParser.php#64".

It appears the problem was when php was updated from 7.2 to 7.3 however the apache2 webserver was trying to use the older php7.2 module and php7.3 module was not enabled. The solution is to disable the php7.2 and enable php7.3 module for apache2. The following commands are entered into the terminal.

Disable the apache2 module php7.2

sudo a2dismod php7.2

Enable the apache2 module php7.3

sudo a2enmod php7.3

Restart the Apache webserver and show it’s running status

sudo systemctl restart apache2 & sudo systemctl status apache2

I found the following site helpful: https://tecadmin.net/switch-between-multiple-php-version-on-debian/

The server was Debian testing/sid. 2019-0110


For Sale: Cremona SV-150 Premier Student Violin Outfit – 1/2 Size

2018-0828    For Sale: $150

Lightly used and good student level violin. Purchased new through Amazon.com. It is listed for $263 on Amazon Cremona SV-150 Premier Student Violin Outfit – 1/2 Size.

Description from Amazon.com: The Cremona SV-150 1/2 violin outfit is a fine example of an instrument who’s value and quality far surpase its price tag and meet the specific needs of beginning and advancing students. Completeley hand-carved from select solid woods and combined with the new TL-33 Travelite case for durable, yet lightweight protection and a LB-15 Brazilwood bow by J. LaSalle, makes this already perfect outfit one of the best available at this price point!

It is 1/2 size violin for an arm length (neck to palm) of 20 3/8 – 22 1/4. It has upgraded strings and 2 packs of brand new replacement strings.  The case has a broken zipper but still closes with a button flap. Brand new cases range from $30-38.

 

Mythtv update trouble shooting for database username, hostname, and password

My mythtv was failing on an update for “no password” for “root” user. I needed to find out what values the update script was using for the database username, hostname, and password. This link had a script listed to show these values. I will repeat the script below.

Put the following in a file, mark it as executable and run it.  This will print the variables the mythtv-database upgrade script is using.

#!/bin/sh -e
/usr/share/debconf/confmodule
db_get mythtv/mysql_admin_user
admin_username=”$RET”
db_get mythtv/mysql_admin_password
admin_password=”$RET”
db_get mythtv/mysql_host
hostname=”$RET”
if test -z “$hostname”; then
hostname=localhost
fi
db_get mythtv/mysql_mythtv_dbname
database=”$RET”
echo “MythTV database upgrade variables (Debian):”
echo ” Username: $admin_username”
echo ” Password: $admin_password”
echo ” Hostname: $hostname”
echo ” Database: $database”

 

Certbot and Let’s Encrypt errors on creating a certificate

I was having failures creating new certificates in certbot due to a change in their code. I previously ran the following command to create a website certificate for an apache server running on Debian 8 Jessie.

# certbot run --verbose --text --apache --rsa-key-size 4096 --email your-email.com --agree-tos -d your-domain-name.com,alternative-domain-name.org,third-domain-name.com

This used to work but now (2018-0226) it doesn’t. Here is the output of error:

Performing the following challenges: 
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Exiting abnormally:
Traceback (most recent call last):
 File "/usr/bin/certbot", line 11, in <module>
 load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()

I found the answer here: https://github.com/certbot/certbot/issues/5405

The following command worked, substitute working values for “your-email.com” and “your-domain-name.com”.

# certbot certonly --standalone --verbose --text --rsa-key-size 4096 --email your-email.com --agree-tos -d your-domain-name.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

This is for the following version of certbot.

# certbot --version
certbot 0.10.2

The end 🙂

Add SSL Certificate to Postfix and Dovecot with Let’s Encrypt

I am running a Debian 8 Jessie email server with postfix and dovecot. I wanted to change from self signed certificates to certificates from Let’s Encrypt. It was easy to do and I wish had not waited so long to change. This blog post, https://www.shivering-isles.com/lets-encrypt-free-trusted-certificates-for-postfix-and-dovecot/ explained it perfectly for me, so there is no need for me to document the commands.

https://letsencrypt.org/

Nextcloud 12 Internal Server Errors after Login

When I upgraded from owncloud 9 to Nextcloud 11, my web interface was broken and I could not login to Nextcloud with the web interface. I was able to sync files to the server. I then upgraded to Nextcloud 12 through the command line interface. I still could not login to the web interface. The cause of the problem was that I moved the location of the webserver files from /var/www/owncloud to /var/www/nextcloud. I made the appropriate changes to my apache “sites-enabled” configuration file to redirect to the new location at /var/www/nextcloud. I was recieving “Internal Server” errors and the web interface was broken and unusable. I fixed the problem by following this thread https://help.nextcloud.com/t/solved-nc12-internal-server-error-after-login/13256 on deleting the data the in the database table oc_filecache. My steps were to:

  1. stop the apache2 webserver
  2. delete everything in “oc_filecache”
  3. restart the webserver

I used phpmyadmin to remove the contents from “oc_filecache”. I think “oc_filecache” contained information pointing to the old location of my files in the owncloud directory instead of the new nextcloud directory. Below are the steps to delete the information in “oc_filecache”.

  1. Login to phpmyadmin.
  2. Select your “nextcloud” database. Your database may have a different name that “nextcloud”
  3. Select the table “oc_filecache” listed on the far left of the page
  4. Select “Operations” from the tab at the top of the page.
  5. Select “Empty the table (TRUNCATE)”
  6. Select “Ok” to confirm you will be deleting the data in “oc_filecache”.
  7. Finished.

Do not order checks from https://www.walmartchecks.com/ with firefox

I tried to order checks from https://www.walmartchecks.com/ twice and never received my order. I called customer service and was told you have order online with internet explorer and firefox was not compatible. Here is the feedback I left them.

“Poor Service. I have tried twice to order checks online and the order looks like it goes through, but then I never received my checks. I called customer service and was told I have to use internet explorer for this website. This is not mentioned any where on the website. What a waste of my time. I use firefox web browser. How about designing your website to support industry standards for web browsing instead of  programming for Internet explorer which is not following w3c standards.”

Here is there Feedback:

Dear Valued Customer,

Thank you for contacting Walmart Check Printing.

I’m sorry that the site is not to your liking.  We are constantly working to improve our site, but at this time, Internet Explorer is still our main platform for the site.  That being said you always have the choice to place the order through a live representative at no extra cost.

Please let us know if we may be of further assistance. We appreciate your business!

Thank You!
e-Servicing Team, Chris
Order Number:  40-
******************************************************
Thank You For Choosing Walmart Check Printing!

I ended up ordering checks from http://www.costcochecks.com/home and their site works with firefox. Their prices are good also.

 

 

Rotate your Rsync Backups with rotate-backups, similar to Time Machine

I use rsync on gnome-ubuntu 15.10 to back up my data to my server running Debian 8. This creates incremental backups similar to Apples Time Machine. The backup runs every 2 hours so this creates more backups than needed at the expense of hard drive space. I used to manually delete the files from the server and would try to save a monthly backup, 8 weekly backups, 30 daily backups, and 2 weeks of every 2 hour backups. This was a time consuming process of manually selecting the files and thus I was not consistent about removing the extra backups. My backup scripts are written in python and I was going to write a script that would delete old backups that were not needed any more. Even better than writing your own script is finding one that has already been written such as https://rotate-backups.readthedocs.org/en/latest/#rotate-backups-simple-command-line-interface-for-backup-rotation. This script will automatically delete your old backups and you can configure it for many backups you want to keep.

This script is well documented and easy to use. I give it my highest recommendation.