Rohan rohan-molloy

Self Hosted Email using a VPS

Step 1: Register a VM

For this example, I'm using Amazon lightsail with Debian.
Ensure port 25 is open in the firewall section
Thus tutorial assumes there is a standard user named 'admin'

Step 2: Set the hostname of the instance

Download a file and verify its hash

Parameters: url sha256 [filename].
If unset, it gets a filename from the URL.
If verification fails, it saves to $filename.invalid

get_remote_file() {
  test -z "$1" -o -z "$2" && (echo "Usage: $0 remote_url content_sha256sum [output_filename]"; return $?);
  local file=$(test -n "$3" && echo $3 || basename $1|tr -dc '[:alnum:]\.\-\_\:\/');
  wget -O $file $1 && (sha256sum -c <(printf "%s\t%s" $2 $file) || mv $file $file.invalid);
  return $? 
}

Generate a passphrase

Example "Shake-No-Material-Activity-873"

These passwords are stronger than one might expect. There are 40 billion 267 million 857 thousand 960 different ways to select four words from the list.

A random number between 0..999 is added at the end, increasing the search complexity by several orders of magnitude

genpassphrase() { echo $(curl -fSsL https://raw.githubusercontent.com/rohan-molloy/generate-hostnames/master/words.txt | shuf -n4 | tr '\n' '-')$(($RANDOM%999)); };

Bash function to read the output of a command into a variable

readcmd() { 
  varname="$1";
  cmdline="${@:2}";
  read $varname < <($cmdline)
};

Grep the word after match

example: "echo 'The quick brown fox' | wordafter quick" will return 'brown'

wordafter() {
  word="$1";
  grep -Po '(?<='$word')\W*\K[^ ]*';
}

	### Prints a CSV of the AS origin of SSH intrusion attempts
	### Format: as_number,bgp_prefix,country_code,rir_name,date_allocated,num_occurrences
	### d7d3db009fd67083faf1276a1b69ebfa097cc5400f202f95551aa94115d7ddcd
	for ip in $(journalctl -u ssh -u sshd --since -${period:-'1day'}\|awk '/Failed/{print $(NF-3)}');
	do dig $(tac -s.<<<"$ip.")origin.asn.cymru.com +short txt; done \
	\| sort --numeric-sort \
	\| uniq --count \
	\| sort --numeric-sort \
	\| sed 's/ \| /,/g' \
	\| tr -d \" \

	# d899b42486eb805b8e432c5758568db487c6bcfc067d6ca7e1292a5a66d66de6 unbound.conf
	server:
	# Listen on tcp 443,853
	interface: 0.0.0.0@853
	interface: 0.0.0.0@443

	# Allow from anywhere
	access-control: 0.0.0.0/0 allow
	access-control: ::0/0 allow

	# Serve requests only for virtual host set in environment variable
	{$CADDYHOST}

	# Bind Virtual Host to address set in environment
	bind {$CADDYBIND}

	# Registration email for automated issuing of Lets Encrypt certs
	tls {$CADDYEMAIL}

	# Define the web server root (using environment variable)

	driver:
	name: proxy
	host: <%= ENV["kitchen_host"] %>
	username: <%= ENV["kitchen_username"] %>
	password: <%= ENV["kitchen_password"] %>
	port: 5985
	transport:
	name: winrm
	elevated: true
	provisioner:

	curl \
	--silent \
	--ssl smtp://$SERVER \
	--mail-from $FROM \
	--mail-rcpt $TO \
	--upload-file /dev/stdin \
	--user $USER:$PASSWORD

Rohan rohan-molloy

Self Hosted Email using a VPS

Step 1: Register a VM

Step 2: Set the hostname of the instance

Download a file and verify its hash

Parameters: url sha256 [filename].If unset, it gets a filename from the URL.If verification fails, it saves to $filename.invalid

Generate a passphrase

Example "Shake-No-Material-Activity-873"

These passwords are stronger than one might expect. There are 40 billion 267 million 857 thousand 960 different ways to select four words from the list.

A random number between 0..999 is added at the end, increasing the search complexity by several orders of magnitude

Bash function to read the output of a command into a variable

Grep the word after match

example: "echo 'The quick brown fox' | wordafter quick" will return 'brown'

Parameters: url sha256 [filename].
If unset, it gets a filename from the URL.
If verification fails, it saves to $filename.invalid